lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <46338AEB.2070109@imap.cc>
Date:	Sat, 28 Apr 2007 19:56:59 +0200
From:	Tilman Schmidt <tilman@...p.cc>
To:	Andrew Morton <akpm@...ux-foundation.org>
CC:	linux-kernel@...r.kernel.org
Subject: 2.6.21-rc7-mm2 crash: Eeek! page_mapcount(page) went negative! (-1)

With kernel 2.6.21-rc7-mm2, my Dell Optiplex GX110 (P3/933) regularly
crashes during the SuSE 10.1 startup sequence. When booting to RL5,
it panicblinks shortly after the graphical login screen appears.
Booting to RL3, it hangs after the startup message:

Starting Firewall Initialization (phase 2 of 2)

(the last message before "runlevel 3 has been reached") logging this:

[   57.138955] Eeek! page_mapcount(page) went negative! (-1)
[   57.139040]   page pfn = 0
[   57.139053]   page->flags = 400
[   57.139066]   page->count = 1
[   57.139079]   page->mapping = 00000000
[   57.139111]   vma->vm_ops = generic_file_vm_ops+0x0/0x18
[   57.139147]   vma->vm_ops->nopage = 0x0
[   57.139181]   vma->vm_file->f_op->mmap = reiserfs_file_mmap+0x0/0x47
[   57.139220] ------------[ cut here ]------------
[   57.139236] kernel BUG at mm/rmap.c:648!
[   57.139251] invalid opcode: 0000 [#1]
[   57.139264] PREEMPT
[   57.139278] Modules linked in: usbserial snd_rtctimer snd_seq_dummy snd_pcm_oss snd_mixer_oss snd_seq snd_seq_device thermal processor fan button battery ac af_packet usb_gigaset ser_gigaset bas_gigaset gigaset isdn slhc crc_ccitt ip6t_REJECT xt_tcpudp ipt_REJECT xt_state iptable_mangle iptable_nat nf_nat iptable_filter ip6table_mangle nf_conntrack_ipv4 nf_conntrack nfnetlink ip_tables ip6table_filter ip6_tables x_tables ehci_hcd snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm snd_timer snd soundcore snd_page_alloc i2c_i801 uhci_hcd parport_pc lp parport ipv6 nls_iso8859_1 nls_cp437 vfat fat nls_utf8 ntfs dm_mod
[   57.139447] CPU:    0
[   57.139450] EIP:    0060:[<c015dfc0>]    Not tainted VLI
[   57.139453] EFLAGS: 00010282   (2.6.21-rc7-mm2-noinitrd #1)
[   57.139506] EIP is at page_remove_rmap+0xd7/0x106
[   57.139522] eax: 0000004b   ebx: c1000000   ecx: 00000001   edx: 00000002
[   57.139541] esi: c309fde0   edi: b7f24000   ebp: c373ec90   esp: c373ec78
[   57.139559] ds: 007b   es: 007b   fs: 0000  gs: 0000  ss: 0068
[   57.139577] Process getcfg-interfac (pid: 4343, ti=c373e000 task=c18734d0 task.ti=c373e000)
[   57.139586] Stack: c042abb5 00000000 c373ec90 c13f91c0 c1000000 c373dc90 c373ecf0 c0158df4
[   57.139618]        c04f2ac4 00000001 00000000 c309fde0 c373ed10 00005ff1 00000000 00000001
[   57.139647]        b7f62000 c374cb7c c374cb7c c374cb7c c373b344 fffffffe 00000000 c0569c2c
[   57.139677] Call Trace:
[   57.139721]  [<c0158df4>] unmap_vmas+0x2d7/0x4c9
[   57.139748]  [<c015b7dd>] exit_mmap+0x68/0xeb
[   57.139772]  [<c01191b0>] mmput+0x52/0xcb
[   57.139805]  [<c011c368>] exit_mm+0xbb/0xc3
[   57.139832]  [<c011d188>] do_exit+0x1ea/0x73e
[   57.139857]  [<c011d74d>] sys_exit_group+0x0/0x13
[   57.139880]  [<c012524e>] get_signal_to_deliver+0x6cd/0x6f8
[   57.139917]  [<c01036cf>] do_notify_resume+0x91/0x692
[   57.139944]  [<c0103f15>] work_notifysig+0x13/0x1a
[   57.139970]  [<b7f6b7a8>] 0xb7f6b7a8
[   57.139988]  =======================
[   57.140002] INFO: lockdep is turned off.
[   57.140015] Code: c0 74 0d 8b 50 0c b8 e5 ab 42 c0 e8 d7 fa fd ff 8b 46 48 85 c0 74 14 8b 40 10 85 c0 74 0d 8b 50 2c b8 04 ac 42 c0 e8 bc fa fd ff <0f> 0b eb fe 8b 53 10 8b 03 83 e2 01 f7 da c1 e8 1e 83 c2 04 69
[   57.140133] EIP: [<c015dfc0>] page_remove_rmap+0xd7/0x106 SS:ESP 0068:c373ec78
[   57.140191] Fixing recursive fault but reboot is needed!
[   57.140209] BUG: scheduling while atomic: getcfg-interfac/0x00000002/4343
[   57.140225] INFO: lockdep is turned off.
[   57.140247]  [<c0104e80>] dump_trace+0x61/0x1e4
[   57.140275]  [<c010501d>] show_trace_log_lvl+0x1a/0x30
[   57.140298]  [<c0105fe9>] show_trace+0x12/0x14
[   57.140322]  [<c0106000>] dump_stack+0x15/0x17
[   57.140344]  [<c0380849>] schedule+0x6e/0x52c
[   57.140383]  [<c011d08f>] do_exit+0xf1/0x73e
[   57.140407]  [<c010569b>] die+0x1b7/0x1bf
[   57.140429]  [<c0105a66>] do_trap+0x8d/0xa7
[   57.140451]  [<c0105dd2>] do_invalid_op+0x88/0x92
[   57.140474]  [<c03833ba>] error_code+0x6a/0x70
[   57.140500]  [<c015dfc0>] page_remove_rmap+0xd7/0x106
[   57.140525]  [<c0158df4>] unmap_vmas+0x2d7/0x4c9
[   57.140548]  [<c015b7dd>] exit_mmap+0x68/0xeb
[   57.140571]  [<c01191b0>] mmput+0x52/0xcb
[   57.140593]  [<c011c368>] exit_mm+0xbb/0xc3
[   57.140615]  [<c011d188>] do_exit+0x1ea/0x73e
[   57.140638]  [<c011d74d>] sys_exit_group+0x0/0x13
[   57.140661]  [<c012524e>] get_signal_to_deliver+0x6cd/0x6f8
[   57.140686]  [<c01036cf>] do_notify_resume+0x91/0x692
[   57.140708]  [<c0103f15>] work_notifysig+0x13/0x1a
[   57.140731]  [<b7f6b7a8>] 0xb7f6b7a8
[   57.140749]  =======================


followed by a couple of these:

[   87.264940] BUG: sleeping function called from invalid context at mm/slab.c:3054
[   87.265023] in_atomic():1, irqs_disabled():0
[   87.265038] INFO: lockdep is turned off.
[   87.265079]  [<c0104e80>] dump_trace+0x61/0x1e4
[   87.265119]  [<c010501d>] show_trace_log_lvl+0x1a/0x30
[   87.265161]  [<c0105fe9>] show_trace+0x12/0x14
[   87.265187]  [<c0106000>] dump_stack+0x15/0x17
[   87.265210]  [<c01177b3>] __might_sleep+0xc7/0xcd
[   87.265241]  [<c0168548>] __kmalloc_track_caller+0x67/0xe9
[   87.265281]  [<c0156e0b>] __kzalloc+0x13/0x3d
[   87.265312]  [<c0226a6c>] kobject_get_path+0x3b/0x94
[   87.265342]  [<c02b4004>] dev_uevent+0x2d0/0x36a
[   87.265375]  [<c02b36ac>] show_uevent+0x94/0xe4
[   87.265400]  [<c02b34fd>] dev_attr_show+0x1b/0x1f
[   87.265424]  [<c01a7ac0>] sysfs_read_file+0x17f/0x1b0
[   87.265454]  [<c016bbf8>] vfs_read+0xaf/0x138
[   87.265479]  [<c016c476>] sys_read+0x3d/0x61
[   87.265503]  [<c0103dc2>] sysenter_past_esp+0x5f/0x99
[   87.265531]  [<b7fd7410>] 0xb7fd7410
[   87.265568]  =======================

separated by 20 or 40 second pauses, before rebooting spontaneously.

2.6.21-rc7-mm1 crashed too. 2.6.21 runs fine.

Please let me know if you need more information or want me to test
anything.

HTH
T.

-- 
Tilman Schmidt                          E-Mail: tilman@...p.cc
Bonn, Germany
- In theory, there is no difference between theory and practice.
  In practice, there is.


Download attachment "signature.asc" of type "application/pgp-signature" (254 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ