Ubuntu
linux package

Bug #252977
Comment #58

Comment 58 for bug 252977

Revision history for this message

Jason B (jasonb) wrote on 2009-09-09:

#58

I am able to reliably reproduce this issue though it is triggered by a bit of custom code I do not have access to.

What I believe to be relevant details.

The Host: ubuntu 8.04.3 LTS
kernel 2.6.24-24-xen
Xen 3.2

The issue manifests while running under the -xen kernel but does not occur when running under kernel 2.6.24-24-server

[ 27.667553] Eeek! page_mapcount(page) went negative! (-1)
[ 27.667646] page pfn = ffffffffffffffff
[ 27.667728] page->flags = 15d
[ 27.667804] page->count = 9460
[ 27.667882] page->mapping = 00000000000033f2
[ 27.667974] vma->vm_ops = 0x0
[ 27.668054] vma->vm_file->f_op->mmap = xen_mmap_mem+0x0/0x40
[ 27.668145] ------------[ cut here ]------------
[ 27.668226] kernel BUG at
/build/buildd/linux-2.6.24/debian/build/custom-source-xen/mm/rmap.c:631!
[ 27.668325] invalid opcode: 0000 [1] SMP
[ 27.668530] CPU 1
[ 27.668670] Modules linked in: bridge sbs container battery sbshc
dock ac iptable_filter ip_tables x_tables af_packet parport_pc lp
[ 27.672687] Pid: 5320, comm: espd Not tainted 2.6.24-24-xen #1
[ 27.672767] RIP: e030:[<ffffffff8028e7eb>] [<ffffffff8028e7eb>]
page_remove_rmap+0x12b/0x140
[ 27.672927] RSP: e02b:ffff8800ef4e1d88 EFLAGS: 00010292
[ 27.673007] RAX: 0000000000000045 RBX: ffff880002a24fc8 RCX: ffffffffff5f7000
[ 27.673089] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8058ce64
[ 27.673170] RBP: ffff8800f20c1f00 R08: 0000000000000000 R09: ffffffffff5b1760
[ 27.673252] R10: 0000000000000000 R11: ffffffff80359a10 R12: 00007f5855b3d000
[ 27.673333] R13: 0000000000000020 R14: ffff880002a24fc8 R15: 00007f5855b3d000
[ 27.673418] FS: 00007f93434a96e0(0063) GS:ffffffff805c7080(0000)
knlGS:0000000000000000
[ 27.673511] CS: e033 DS: 0000 ES: 0000
[ 27.673591] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 27.673673] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 27.673755] Process espd (pid: 5320, threadinfo ffff8800ef4e0000,
task ffff8800f2b9e040)
[ 27.673850] Stack: 00000000000000c0 ffff8800f166b970
00007f5855b2e000 ffffffff80283e8c
[ 27.674257] ffffffff8061a420 ffff880001ac9438 00007f5855b3cfff
0000000000000000
[ 27.674603] ffff8800ef4e1eb0 00007f5855b3d000 00007f5855b2d000
ffff8800f20c1f00
[ 27.674874] Call Trace:
[ 27.675024] [<ffffffff80283e8c>] unmap_vmas+0x69c/0xb30
[ 27.675112] [<ffffffff80289e08>] unmap_region+0xc8/0x160
[ 27.675196] [<ffffffff8028ad2a>] do_munmap+0x22a/0x2f0
[ 27.675280] [<ffffffff80471f92>] __down_write_nested+0x12/0x100
[ 27.675364] [<ffffffff8028ae3d>] sys_munmap+0x4d/0x80
[ 27.675447] [<ffffffff8020c698>] system_call+0x68/0x6d
[ 27.675529] [<ffffffff8020c630>] system_call+0x0/0x6d
[ 27.675612]
[ 27.675687]
[ 27.675688] Code: 0f 0b eb fe 48 8b 53 10 e9 65 ff ff ff 0f 1f 84
00 00 00 00
[ 27.677170] RIP [<ffffffff8028e7eb>] page_remove_rmap+0x12b/0x140
[ 27.677314] RSP <ffff8800ef4e1d88>
[ 27.677395] ---[ end trace 480ff852f0bf3e83 ]---

I am able to reliably reproduce this issue though it is triggered by a bit of custom code I do not have access to.

What I believe to be relevant details.

The Host: ubuntu 8.04.3 LTS
kernel 2.6.24-24-xen
Xen 3.2

The issue manifests while running under the -xen kernel but does not occur when running under kernel 2.6.24-24-server

[   27.667553] Eeek! page_mapcount(page) went negative! (-1)
[   27.667646]   page pfn = ffffffffffffffff
[   27.667728]   page->flags = 15d
[   27.667804]   page->count = 9460
[   27.667882]   page->mapping = 00000000000033f2
[   27.667974]   vma->vm_ops = 0x0
[   27.668054]   vma->vm_file->f_op->mmap = xen_mmap_mem+0x0/0x40
[   27.668145] ------------[ cut here ]------------
[   27.668226] kernel BUG at
/build/buildd/linux-2.6.24/debian/build/custom-source-xen/mm/rmap.c:631!
[   27.668325] invalid opcode: 0000 [1] SMP
[   27.668530] CPU 1
[   27.668670] Modules linked in: bridge sbs container battery sbshc
dock ac iptable_filter ip_tables x_tables af_packet parport_pc lp
[   27.672687] Pid: 5320, comm: espd Not tainted 2.6.24-24-xen #1
[   27.672767] RIP: e030:[<ffffffff8028e7eb>]  [<ffffffff8028e7eb>]
page_remove_rmap+0x12b/0x140
[   27.672927] RSP: e02b:ffff8800ef4e1d88  EFLAGS: 00010292
[   27.673007] RAX: 0000000000000045 RBX: ffff880002a24fc8 RCX: ffffffffff5f7000
[   27.673089] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8058ce64
[   27.673170] RBP: ffff8800f20c1f00 R08: 0000000000000000 R09: ffffffffff5b1760
[   27.673252] R10: 0000000000000000 R11: ffffffff80359a10 R12: 00007f5855b3d000
[   27.673333] R13: 0000000000000020 R14: ffff880002a24fc8 R15: 00007f5855b3d000
[   27.673418] FS:  00007f93434a96e0(0063) GS:ffffffff805c7080(0000)
knlGS:0000000000000000
[   27.673511] CS:  e033 DS: 0000 ES: 0000
[   27.673591] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   27.673673] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[   27.673755] Process espd (pid: 5320, threadinfo ffff8800ef4e0000,
task ffff8800f2b9e040)
[   27.673850] Stack:  00000000000000c0 ffff8800f166b970
00007f5855b2e000 ffffffff80283e8c
[   27.674257]  ffffffff8061a420 ffff880001ac9438 00007f5855b3cfff
0000000000000000
[   27.674603]  ffff8800ef4e1eb0 00007f5855b3d000 00007f5855b2d000
ffff8800f20c1f00
[   27.674874] Call Trace:
[   27.675024]  [<ffffffff80283e8c>] unmap_vmas+0x69c/0xb30
[   27.675112]  [<ffffffff80289e08>] unmap_region+0xc8/0x160
[   27.675196]  [<ffffffff8028ad2a>] do_munmap+0x22a/0x2f0
[   27.675280]  [<ffffffff80471f92>] __down_write_nested+0x12/0x100
[   27.675364]  [<ffffffff8028ae3d>] sys_munmap+0x4d/0x80
[   27.675447]  [<ffffffff8020c698>] system_call+0x68/0x6d
[   27.675529]  [<ffffffff8020c630>] system_call+0x0/0x6d
[   27.675612]
[   27.675687]
[   27.675688] Code: 0f 0b eb fe 48 8b 53 10 e9 65 ff ff ff 0f 1f 84
00 00 00 00
[   27.677170] RIP  [<ffffffff8028e7eb>] page_remove_rmap+0x12b/0x140
[   27.677314]  RSP <ffff8800ef4e1d88>
[   27.677395] ---[ end trace 480ff852f0bf3e83 ]---

Ubuntulinux package

Comment 58 for bug 252977

Ubuntu
linux package