From mboxrd@z Thu Jan  1 00:00:00 1970
From: Arkadiusz Miskiewicz <arekm@pld-linux.org>
Subject: xen0: eek! page_mapcount(page) went negative! (-1)
Date: Mon, 30 Jan 2006 01:53:10 +0100
Message-ID: <200601300153.10321.arekm@pld-linux.org>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
Return-path: <xen-devel-bounces@lists.xensource.com>
Content-Disposition: inline
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: xen-devel@lists.xensource.com
List-Id: xen-devel@lists.xenproject.org


xen0 kernel running on Dell PowerEdge 1650 with dual PIII 1.2GHz
crashes for me when shutting down.

The xen0 kernel was built about 2h ago from=20

changeset:   19777:3a49386f2f0f
tag:         tip
user:        cl349@firebug.cl.cam.ac.uk
date:        Fri Jan 27 20:19:58 2006 +0100
summary:     Cleanup.

part of grub conf:
kernel /boot/xen-3.gz dom0_mem=3D64000 watchdog com1=3D19200,8n1
module /boot/vmlinuz-2.6.16-rc1-xen0 root=3D/dev/sda1 console=3DttyS0 panic=
=3D60=20
nmi_watchdog=3D1 selinux=3D0 elevator=3Dcfq sync_console
module /boot/initrd-2.6.16-rc1-xen0.gz


Sending all processes the TERM signal..............................[ BUSY
eek! page_mapcount(page) went negative! (-1)
[0;10m] page->flags =3D 414
10m  page->count =3D 1
  page->mapping =3D 00000000
=2D-----------[ cut here ]------------
kernel BUG at <bad filename>:57323!
invalid opcode: 0000 [#1]
SMP
Modules linked in: af_packet bridge ipv6 e1000 dm_mod rtc unix xfs exportfs=
=20
sd_mod qla2300 qla2xxx scsi_transport_fc scsi_d
CPU:    0
EIP:    0061:[<c01595b0>]    Not tainted VLI
EFLAGS: 00010286   (2.6.16-rc1)
EIP is at page_remove_rmap+0x40/0xb0
eax: ffffffff   ebx: c100b180   ecx: fbf46000   edx: 00000000
esi: 00000000   edi: b7fd1000   ebp: c124ef44   esp: c0d1dd80
ds: 007b   es: 007b   ss: 0069
Process xenstored (pid: 2988, threadinfo=3Dc0d1c000 task=3Dc386c570)
Stack: <0>c0326fac 00000000 c124ef44 c0151f40 c100b180 b7fd1000 3f58c067=20
c0d1c000
       3f58c067 c100b180 c41b4080 00000000 ffffffff c41b4040 b7fd2000 c1228=
b7c
       b7fd2000 c0d1de30 c01521b7 c1091460 c3ace43c c1228b7c b7fd1000 b7fd2=
000
Call Trace:
 [<c0151f40>] zap_pte_range+0x1e0/0x380
 [<c01521b7>] unmap_page_range+0xd7/0x140
 [<c0152319>] unmap_vmas+0xf9/0x1f0
 [<c01576f1>] exit_mmap+0x91/0x130
 [<c011d9a8>] mmput+0x38/0xa0
 [<c0122757>] do_exit+0xf7/0x3f0
 [<c0122ad0>] do_group_exit+0x40/0xc0
 [<c012cdc1>] get_signal_to_deliver+0x271/0x330
 [<c0106d13>] do_signal+0x73/0x170
 [<c017c210>] core_sys_select+0x170/0x330
 [<c0115b6c>] do_page_fault+0x1dc/0x660
 [<c017c490>] sys_select+0xc0/0x170
 [<c01665bd>] sys_close+0x6d/0x90
 [<c0106e48>] do_notify_resume+0x38/0x3c
 [<c0107023>] work_notifysig+0x13/0x18
Code: 74 21 8b 43 08 40 78 27 8b 43 08 40 78 1d c7 04 24 10 00 00 00 bb ff =
ff=20
ff ff 89 5c 24 04 e8 e8 05 ff ff 8b 5c 24 08
 <1>Fixing recursive fault but reboot is needed!

Why it doesn't oops like normal kernels do? I have panic=3D60 and I would l=
ike=20
for it to reboot after that time instead of staing in state above.
=2D-=20
Arkadiusz Mi=B6kiewicz                    PLD/Linux Team
http://www.t17.ds.pwr.wroc.pl/~misiek/  http://ftp.pld-linux.org/