From: Manfred Spraul The actual bug is that you've dropped one L1_CACHE_ALIGN/ALIGN change in kmem_cache_create: This increased the size of the control structure in each slab, which caused cache_grow to place 4112 bytes payload into each page. This overwrote the next page, and caused random crashes. Nasty one - it disappeared after I enabled slab debugging, because that changed the object size. --- 25-akpm/arch/i386/mm/init.c | 6 +++--- 25-akpm/mm/slab.c | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff -puN arch/i386/mm/init.c~slab-alignment-rework-merge-fix arch/i386/mm/init.c --- 25/arch/i386/mm/init.c~slab-alignment-rework-merge-fix 2004-03-14 11:45:48.537478648 -0800 +++ 25-akpm/arch/i386/mm/init.c 2004-03-14 11:45:48.816436240 -0800 @@ -532,10 +532,10 @@ struct kmem_cache_s *pae_pgd_cachep; void __init pgtable_cache_init(void) { /* - * PAE pgds must be 16-byte aligned: + * PAE pgds must be 32-byte aligned: */ - pae_pgd_cachep = kmem_cache_create("pae_pgd", 32, 32, 0, NULL, NULL); - + pae_pgd_cachep = kmem_cache_create("pae_pgd", 32, 32, 0, + NULL, NULL); if (!pae_pgd_cachep) panic("init_pae(): Cannot alloc pae_pgd SLAB cache"); } diff -puN mm/slab.c~slab-alignment-rework-merge-fix mm/slab.c --- 25/mm/slab.c~slab-alignment-rework-merge-fix 2004-03-14 11:45:48.538478496 -0800 +++ 25-akpm/mm/slab.c 2004-03-14 11:45:48.695454632 -0800 @@ -1246,7 +1246,8 @@ next: cachep = NULL; goto opps; } - slab_size = L1_CACHE_ALIGN(cachep->num*sizeof(kmem_bufctl_t)+sizeof(struct slab)); + slab_size = ALIGN(cachep->num*sizeof(kmem_bufctl_t) + + sizeof(struct slab), align); /* * If the slab has been placed off-slab, and we have enough space then _