BUGs in mm/rmap.c

linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* BUGs in mm/rmap.c
@ 2006-08-17  2:10 Tomas Hruby
  2006-08-17 11:38 ` Matthew Wilcox
  0 siblings, 1 reply; 5+ messages in thread
From: Tomas Hruby @ 2006-08-17  2:10 UTC (permalink / raw)
  To: linux-fsdevel

Hello all,

we are testing our fs project on a 2.6.17.4 kernel that is patched
with
http://marc.theaimsgroup.com/?l=linux-fsdeve,l&m=115080965116016&w=2
patch. We experienced BUGs in mm/rmap.c when creating many files in a
single directory. In the first place, it occured on ext3 with idexed
directories (see the report bellow). At one moment it happed every
time I ran the test. Today something similar happend when playing with
our fs. In both cases there was no swap mounted. It never happend with
swap enabled. Highmem is used on the test machine. The test is as
follows :

1 - mkfs

	in case of ext3 

	mkfs.ext3 -N 1000000 device
	tune2fs -O dir_index device

2 - mount root device
3 - mkdir root/dir
4 - cd root/dir

5 -  for i in `seq 1 500000` ; do touch some_empty_file_$i ; echo $i ; done

Does anybody know whether the patch might be the cause of the problem?
Or what else might be the problem? We appreciate any ideas and suggestion.

		Tomas

EXT3 report
-----------
VM: killing process bash
swap_free: Bad swap file entry 30000000
swap_free: Unused swap file entry 00000010
Eeek! page_mapcount(page) went negative! (-1)
  page->flags = 400
  page->count = 1
  page->mapping = 00000000
------------[ cut here ]------------
kernel BUG at mm/rmap.c:560!
invalid opcode: 0000 [#1]
PREEMPT 
Modules linked in: netconsole snd_mixer_oss 8139cp snd_via82xx snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore ehci_hcd usbcore 8139too mii fan thermal processor rt2500 rtc unix
CPU:    0
EIP:    0060:[<c013dadf>]    Not tainted VLI
EFLAGS: 00010286   (2.6.17.4 #9) 
EIP is at page_remove_rmap+0x64/0x79
eax: ffffffff   ebx: c1000000   ecx: c02ed394   edx: 00000001
esi: 080f5000   edi: e7bc13d4   ebp: 00000000   esp: ed7f8eac
ds: 007b   es: 007b   ss: 0068
Process bash (pid: 3125, threadinfo=ed7f8000 task=f7da5ab0)
Stack: c1000000 c01387b7 c1000000 00000000 00000001 08400000 ede5c080 f717a9dc 
       c03664cc 00000000 ffffffff f717aa2c ede5c080 00002ffe 0b2e9000 00000000 
       ed7f8f1c f51bd698 f717a9dc f7da5ab0 c013aeb4 ed7f8f1c f51bdf94 00000000 
Call Trace:
 <c01387b7> unmap_vmas+0x253/0x44f  <c013aeb4> exit_mmap+0x5a/0xe1
 <c0112e10> mmput+0x20/0x78  <c011618d> exit_mm+0x101/0x107
 <c0117582> do_exit+0x187/0x76b  <c0115762> printk+0x14/0x18
 <c0110407> do_page_fault+0x4ca/0x54a  <c010ff3d> do_page_fault+0x0/0x54a
 <c0103723> error_code+0x4f/0x54 
Code: c4 40 74 03 8b 53 0c 8b 42 04 50 68 69 3d 2b c0 e8 85 7c fd ff ff 73 10 68 80 3d 2b c0 e8 78 7c fd ff 83 c4 10 8b 43 08 40 79 08 <0f> 0b 30 02 15 3d 2b c0 6a ff 6a 10 e8 e0 43 ff ff 59 5b 5b c3 
EIP: [<c013dadf>] page_remove_rmap+0x64/0x79 SS:ESP 0068:ed7f8eac
 <3>BUG: sleeping function called from invalid context at include/linux/rwsem.h:43
in_atomic():1, irqs_disabled():0
 <c011f7b0> blocking_notifier_call_chain+0x11/0x41  <c0115ede> profile_task_exit+0x10/0x14
 <c0117416> do_exit+0x1b/0x76b  <c0103f6d> die+0x1a4/0x25f
 <c0104002> die+0x239/0x25f  <c01047a6> do_invalid_op+0x0/0x9e
 <c0104838> do_invalid_op+0x92/0x9e  <c013dadf> page_remove_rmap+0x64/0x79
 <c0115733> vprintk+0x2cc/0x2e7  <c0115733> vprintk+0x2cc/0x2e7
 <c010365a> common_interrupt+0x1a/0x20  <c011151f> try_to_wake_up+0xfd/0x108
 <c012480f> autoremove_wake_function+0x18/0x3a  <c0103723> error_code+0x4f/0x54
 <c013dadf> page_remove_rmap+0x64/0x79  <c01387b7> unmap_vmas+0x253/0x44f
 <c013aeb4> exit_mmap+0x5a/0xe1  <c0112e10> mmput+0x20/0x78
 <c011618d> exit_mm+0x101/0x107  <c0117582> do_exit+0x187/0x76b
 <c0115762> printk+0x14/0x18  <c0110407> do_page_fault+0x4ca/0x54a
 <c010ff3d> do_page_fault+0x0/0x54a  <c0103723> error_code+0x4f/0x54
Fixing recursive fault but reboot is needed!
BUG: scheduling while atomic: bash/0x00000002/3125
 <c029ba89> schedule+0x43/0x5aa  <c0104160> dump_stack+0x14/0x18
 <c0115762> printk+0x14/0x18  <c01174c9> do_exit+0xce/0x76b
 <c0103f6d> die+0x1a4/0x25f  <c0104002> die+0x239/0x25f
 <c01047a6> do_invalid_op+0x0/0x9e  <c0104838> do_invalid_op+0x92/0x9e
 <c013dadf> page_remove_rmap+0x64/0x79  <c0115733> vprintk+0x2cc/0x2e7
 <c0115733> vprintk+0x2cc/0x2e7  <c010365a> common_interrupt+0x1a/0x20
 <c011151f> try_to_wake_up+0xfd/0x108  <c012480f> autoremove_wake_function+0x18/0x3a
 <c0103723> error_code+0x4f/0x54  <c013dadf> page_remove_rmap+0x64/0x79
 <c01387b7> unmap_vmas+0x253/0x44f  <c013aeb4> exit_mmap+0x5a/0xe1
 <c0112e10> mmput+0x20/0x78  <c011618d> exit_mm+0x101/0x107
 <c0117582> do_exit+0x187/0x76b  <c0115762> printk+0x14/0x18
 <c0110407> do_page_fault+0x4ca/0x54a  <c010ff3d> do_page_fault+0x0/0x54a
 <c0103723> error_code+0x4f/0x54 

 our fs (LFS) report
 -------------------

------------[ cut here ]------------
kernel BUG at mm/rmap.c:71!
invalid opcode: 0000 [#1]
PREEMPT DEBUG_PAGEALLOC
Modules linked in: lfs netconsole snd_mixer_oss 8139cp snd_via82xx snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore ehci_hcd usbcore 8139too mii fan thermal processor rt2500 rtc unix
CPU:    0
EIP:    0060:[<c013f4d1>]    Not tainted VLI
EFLAGS: 00010202   (2.6.17.4 #11) 
EIP is at anon_vma_link+0x59/0xa3
eax: f77ca29c   ebx: f6675478   ecx: f6365954   edx: f636598c
esi: f77ca28c   edi: 000186a1   ebp: f7143ea0   esp: f7143e8c
ds: 007b   es: 007b   ss: 0068
Process bash (pid: 2994, threadinfo=f7143000 task=f7a12ac0)
Stack: 00000001 f77ca28c f6302b48 00000002 f76c20bc f7143f38 c0113ea2 f6302b48 
       f6302b48 f76c20bc 00000058 f7143fbc bfd3e6fc 01200011 00000000 fffffff4 
       f494fac0 f7143000 f494fac0 ecf5ae18 f6302c80 f6302c94 f6302c8c f70f1e18 
Call Trace:
 [<c0103c7f>] show_stack_log_lvl+0x85/0x8f
 [<c0103e09>] show_registers+0x14b/0x1bf
 [<c0103fe2>] die+0x165/0x266
 [<c010415d>] do_trap+0x7a/0x98
 [<c01048a4>] do_invalid_op+0x8a/0x94
 [<c010379f>] error_code+0x4f/0x54
 [<c0113ea2>] copy_process+0xa8e/0x1188
 [<c01147cd>] do_fork+0x94/0x196
 [<c01012d0>] sys_clone+0x21/0x23
 [<c0102d0b>] syscall_call+0x7/0xb
Code: 04 8b 5d 08 89 48 04 89 53 38 89 46 10 8b 43 40 89 45 f0 8b 48 10 c7 45 ec 00 00 00 00 83 e9 38 eb 23 47 81 ff a0 86 01 00 76 08 <0f> 0b 47 00 ca 7d 2b c0 3b 4d 08 b8 01 00 00 00 8d 4b c8 0f 45 
EIP: [<c013f4d1>] anon_vma_link+0x59/0xa3 SS:ESP 0068:f7143e8c
 <3>BUG: sleeping function called from invalid context at include/linux/rwsem.h:43
in_atomic():1, irqs_disabled():0
 [<c0103cbc>] show_trace+0x13/0x15
 [<c01041bc>] dump_stack+0x18/0x1c
 [<c0111950>] __might_sleep+0x87/0x8f
 [<c0120016>] blocking_notifier_call_chain+0x13/0x42
 [<c011654e>] profile_task_exit+0x12/0x17
 [<c0117adc>] do_exit+0x1b/0x76b
 [<c01040bc>] die+0x23f/0x266
 [<c010415d>] do_trap+0x7a/0x98
 [<c01048a4>] do_invalid_op+0x8a/0x94
 [<c010379f>] error_code+0x4f/0x54
 [<c0113ea2>] copy_process+0xa8e/0x1188
 [<c01147cd>] do_fork+0x94/0x196
 [<c01012d0>] sys_clone+0x21/0x23
 [<c0102d0b>] syscall_call+0x7/0xb
note: bash[2994] exited with preempt_count 1
BUG: scheduling while atomic: bash/0x00000001/2994
 [<c0103cbc>] show_trace+0x13/0x15
 [<c01041bc>] dump_stack+0x18/0x1c
 [<c029ff0d>] schedule+0x43/0x5aa
 [<c02a1bd2>] rwsem_down_read_failed+0x138/0x156
 [<c011863c>] .text.lock.exit+0x7/0x67
 [<c0117c48>] do_exit+0x187/0x76b
 [<c01040bc>] die+0x23f/0x266
 [<c010415d>] do_trap+0x7a/0x98
 [<c01048a4>] do_invalid_op+0x8a/0x94
 [<c010379f>] error_code+0x4f/0x54
 [<c0113ea2>] copy_process+0xa8e/0x1188
 [<c01147cd>] do_fork+0x94/0x196
 [<c01012d0>] sys_clone+0x21/0x23
 [<c0102d0b>] syscall_call+0x7/0xb

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: BUGs in mm/rmap.c
  2006-08-17  2:10 BUGs in mm/rmap.c Tomas Hruby
@ 2006-08-17 11:38 ` Matthew Wilcox
  2006-08-17 19:19   ` Tomas Hruby
  0 siblings, 1 reply; 5+ messages in thread
From: Matthew Wilcox @ 2006-08-17 11:38 UTC (permalink / raw)
  To: Tomas Hruby; +Cc: linux-fsdevel

On Thu, Aug 17, 2006 at 04:10:08AM +0200, Tomas Hruby wrote:
> Hello all,
> 
> we are testing our fs project on a 2.6.17.4 kernel that is patched
> with
> http://marc.theaimsgroup.com/?l=linux-fsdeve,l&m=115080965116016&w=2
> patch. We experienced BUGs in mm/rmap.c when creating many files in a

Can you reproduce the problem with ext3 without this patch?

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: BUGs in mm/rmap.c
  2006-08-17 11:38 ` Matthew Wilcox
@ 2006-08-17 19:19   ` Tomas Hruby
  2006-08-17 19:42     ` Matthew Wilcox
  0 siblings, 1 reply; 5+ messages in thread
From: Tomas Hruby @ 2006-08-17 19:19 UTC (permalink / raw)
  To: Matthew Wilcox; +Cc: linux-fsdevel

On Thu, Aug 17, 2006 at 05:38:27AM -0600, Matthew Wilcox wrote:
> On Thu, Aug 17, 2006 at 04:10:08AM +0200, Tomas Hruby wrote:
> > Hello all,
> > 
> > we are testing our fs project on a 2.6.17.4 kernel that is patched
> > with
> > http://marc.theaimsgroup.com/?l=linux-fsdeve,l&m=115080965116016&w=2
> > patch. We experienced BUGs in mm/rmap.c when creating many files in a
> 
> Can you reproduce the problem with ext3 without this patch?

I tried that today again and it crashed with a different error on both
kernels, with and without that patch. Here are the logs :

Patched :


EXT3 FS on hda2, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
slab: Internal list corruption detected in cache 'vm_area_struct'(39), slabp f5c92000(38). Hexdump:

000: 00 01 10 00 00 02 20 00 b8 00 00 00 b8 20 c9 f5
010: 26 00 00 00 00 00 00 00 00 00 00 00 fe ff ff ff
020: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff
030: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff
040: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff
050: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff
060: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff
070: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff
080: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff
090: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff
0a0: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff
0b0: fd ff ff ff fd ff ff ff
------------[ cut here ]------------
kernel BUG at mm/slab.c:2700!
invalid opcode: 0000 [#1]
PREEMPT DEBUG_PAGEALLOC
Modules linked in: netconsole snd_mixer_oss 8139cp snd_via82xx snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore ehci_hcd usbcore 8139too mii fan thermal processor rt2500 rtc unix
CPU:    0
EIP:    0060:[<c0145500>]    Not tainted VLI
EFLAGS: 00010002   (2.6.17.4 #11) 
EIP is at check_slabp+0x84/0x95
eax: 00000001   ebx: 000000b8   ecx: c0379394   edx: 00000001
esi: f5c92000   edi: c18dc780   ebp: da403d78   esp: da403d68
ds: 007b   es: 007b   ss: 0068
Process bash (pid: 14252, threadinfo=da403000 task=f5f4aac0)
Stack: c02b673f f5c92000 c18db838 c18dc780 da403da4 c0146124 00000026 00000010 
       00000009 f5c920b8 f553f0b4 c18cef7c c18dab3c c18dc780 f46f9f2c da403dd0 
       c0145e38 00000000 c18cef38 c18dc780 c18db85c 00000010 c18db838 c18cef38 
Call Trace:
 [<c0103c7f>] show_stack_log_lvl+0x85/0x8f
 [<c0103e09>] show_registers+0x14b/0x1bf
 [<c0103fe2>] die+0x165/0x266
 [<c010415d>] do_trap+0x7a/0x98
 [<c01048a4>] do_invalid_op+0x8a/0x94
 [<c010379f>] error_code+0x4f/0x54
 [<c0146124>] free_block+0x6d/0x14c
 [<c0145e38>] cache_flusharray+0xa8/0x10d
 [<c0145f7f>] kmem_cache_free+0x4b/0x5e
 [<c013bf98>] remove_vma+0x45/0x4e
 [<c013c062>] exit_mmap+0xc1/0xe0
 [<c0113397>] mmput+0x22/0x7c
 [<c0153227>] flush_old_exec+0x582/0x7b4
 [<c016f3fa>] load_elf_binary+0x483/0x1403
 [<c01526fb>] search_binary_handler+0xb8/0x2b1
 [<c0153f60>] do_execve+0x135/0x1b6
 [<c01017cd>] sys_execve+0x2a/0x75
 [<c0102d0b>] syscall_call+0x7/0xb
Code: 58 0f b6 04 33 43 50 68 62 83 2c c0 e8 a9 08 fd ff 58 5a 8b 47 1c 8d 04 85 1c 00 00 00 39 c3 72 ce 68 3f 67 2b c0 e8 8f 08 fd ff <0f> 0b 8c 0a f9 82 2b c0 5b 8d 65 f4 5b 5e 5f c9 c3 55 89 e5 56 
EIP: [<c0145500>] check_slabp+0x84/0x95 SS:ESP 0068:da403d68
 <3>BUG: sleeping function called from invalid context at include/linux/rwsem.h:43
in_atomic():1, irqs_disabled():1
 [<c0103cbc>] show_trace+0x13/0x15
 [<c01041bc>] dump_stack+0x18/0x1c
 [<c0111950>] __might_sleep+0x87/0x8f
 [<c0120016>] blocking_notifier_call_chain+0x13/0x42
 [<c011654e>] profile_task_exit+0x12/0x17
 [<c0117adc>] do_exit+0x1b/0x76b
 [<c01040bc>] die+0x23f/0x266
 [<c010415d>] do_trap+0x7a/0x98
 [<c01048a4>] do_invalid_op+0x8a/0x94
 [<c010379f>] error_code+0x4f/0x54
 [<c0146124>] free_block+0x6d/0x14c
 [<c0145e38>] cache_flusharray+0xa8/0x10d
 [<c0145f7f>] kmem_cache_free+0x4b/0x5e
 [<c013bf98>] remove_vma+0x45/0x4e
 [<c013c062>] exit_mmap+0xc1/0xe0
 [<c0113397>] mmput+0x22/0x7c
 [<c0153227>] flush_old_exec+0x582/0x7b4
 [<c016f3fa>] load_elf_binary+0x483/0x1403
 [<c01526fb>] search_binary_handler+0xb8/0x2b1
 [<c0153f60>] do_execve+0x135/0x1b6
 [<c01017cd>] sys_execve+0x2a/0x75
 [<c0102d0b>] syscall_call+0x7/0xb
note: bash[14252] exited with preempt_count 1
BUG: spinlock cpu recursion on CPU#0, bash/14251
 lock: c18db85c, .magic: dead4ead, .owner: bash/14252, .owner_cpu: 0
 [<c0103cbc>] show_trace+0x13/0x15
 [<c01041bc>] dump_stack+0x18/0x1c
 [<c01c4a1a>] spin_bug+0x7c/0xbc
 [<c01c4b72>] _raw_spin_lock+0x4d/0xe9
 [<c02a1f34>] _spin_lock+0x16/0x1c
 [<c0145dd0>] cache_flusharray+0x40/0x10d
 [<c0145f7f>] kmem_cache_free+0x4b/0x5e
 [<c013bf98>] remove_vma+0x45/0x4e
 [<c013c062>] exit_mmap+0xc1/0xe0
 [<c0113397>] mmput+0x22/0x7c
 [<c0153227>] flush_old_exec+0x582/0x7b4
 [<c016f3fa>] load_elf_binary+0x483/0x1403
 [<c01526fb>] search_binary_handler+0xb8/0x2b1
 [<c0153f60>] do_execve+0x135/0x1b6
 [<c01017cd>] sys_execve+0x2a/0x75
 [<c0102d0b>] syscall_call+0x7/0xb
BUG: spinlock lockup on CPU#0, bash/14251, c18db85c
 [<c0103cbc>] show_trace+0x13/0x15
 [<c01041bc>] dump_stack+0x18/0x1c
 [<c01c4be7>] _raw_spin_lock+0xc2/0xe9
 [<c02a1f34>] _spin_lock+0x16/0x1c
 [<c0145dd0>] cache_flusharray+0x40/0x10d
 [<c0145f7f>] kmem_cache_free+0x4b/0x5e
 [<c013bf98>] remove_vma+0x45/0x4e
 [<c013c062>] exit_mmap+0xc1/0xe0
 [<c0113397>] mmput+0x22/0x7c
 [<c0153227>] flush_old_exec+0x582/0x7b4
 [<c016f3fa>] load_elf_binary+0x483/0x1403
 [<c01526fb>] search_binary_handler+0xb8/0x2b1
 [<c0153f60>] do_execve+0x135/0x1b6
 [<c01017cd>] sys_execve+0x2a/0x75
 [<c0102d0b>] syscall_call+0x7/0xb

 Without patch (I run 3 for loops, each with different file names in
 parallel). First one bash crashed because of a wrong pointer, one
 bash finished and the last one crashed on a BUG in slab too.


netconsole: network logging started
kjournald starting.  Commit interval 5 seconds
EXT3 FS on hda2, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
BUG: unable to handle kernel paging request at virtual address 0000292e
 printing eip:
c01c3163
*pde = 00000000
Oops: 0000 [#1]
PREEMPT 
Modules linked in: netconsole snd_mixer_oss 8139cp snd_via82xx snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore ehci_hcd usbcore 8139too mii fan thermal processor rtc unix
CPU:    0
EIP:    0060:[<c01c3163>]    Not tainted VLI
EFLAGS: 00010213   (2.6.17.4-vanilla #5) 
EIP is at _raw_spin_lock+0x8/0xd9
eax: 00000001   ebx: 0000292a   ecx: f7448040   edx: e28ee000
esi: 0000292a   edi: 0000292a   ebp: 00000000   esp: e28eee80
ds: 007b   es: 007b   ss: 0068
Process bash (pid: 3909, threadinfo=e28ee000 task=f75d0ab0)
Stack: 0000292a 0000292a f73c4954 00000000 c029e7f4 0000292a f73c4954 c013e9d6 
       000000d0 c0113b08 f73c4954 00000000 f73fb4a4 f7448040 c0113b37 f73c4954 
       f73c4954 f73fb4a4 00000058 e28eefbc bfb31cec 01200011 00000000 c1ac2030 
Call Trace:
 <c029e7f4> _spin_lock+0x13/0x16  <c013e9d6> anon_vma_link+0x1f/0xa3
 <c0113b08> copy_process+0xa4a/0x11ae  <c0113b37> copy_process+0xa79/0x11ae
 <c011448a> do_fork+0x90/0x197  <c01c27c7> copy_to_user+0x52/0x6f
 <c01012d8> sys_clone+0x24/0x28  <c0102c8f> syscall_call+0x7/0xb
Code: ff ff ff ff c7 03 01 00 00 00 5b c3 8b 44 24 04 81 38 ed 1e af de 74 0a ba ff dc 2b c0 e9 ba fd ff ff c3 55 57 56 53 8b 7c 24 14 <81> 7f 04 ad 4e ad de 74 0c ba ff dc 2b c0 89 f8 e8 6c fe ff ff 
EIP: [<c01c3163>] _raw_spin_lock+0x8/0xd9 SS:ESP 0068:e28eee80
 <3>BUG: sleeping function called from invalid context at include/linux/rwsem.h:43
in_atomic():1, irqs_disabled():0
 <c011f9ec> blocking_notifier_call_chain+0x11/0x41  <c011611a> profile_task_exit+0x10/0x14
 <c0117652> do_exit+0x1b/0x76b  <c0103f6d> die+0x1a4/0x25f
 <c0104002> die+0x239/0x25f  <c01103fc> do_page_fault+0x45a/0x54a
 <c010ffa2> do_page_fault+0x0/0x54a  <c0103723> error_code+0x4f/0x54
 <c01c3163> _raw_spin_lock+0x8/0xd9  <c029e7f4> _spin_lock+0x13/0x16
 <c013e9d6> anon_vma_link+0x1f/0xa3  <c0113b08> copy_process+0xa4a/0x11ae
 <c0113b37> copy_process+0xa79/0x11ae  <c011448a> do_fork+0x90/0x197
 <c01c27c7> copy_to_user+0x52/0x6f  <c01012d8> sys_clone+0x24/0x28
 <c0102c8f> syscall_call+0x7/0xb 
note: bash[3909] exited with preempt_count 1
BUG: scheduling while atomic: bash/0x00000001/3909
 <c029c831> schedule+0x43/0x5aa  <c0102c8f> syscall_call+0x7/0xb
 <c029e4cf> rwsem_down_read_failed+0x139/0x153  <c0103b6c> show_trace_log_lvl+0xad/0xd7
 <c0118199> .text.lock.exit+0x7/0x66  <c01177be> do_exit+0x187/0x76b
 <c0103f6d> die+0x1a4/0x25f  <c0104002> die+0x239/0x25f
 <c01103fc> do_page_fault+0x45a/0x54a  <c010ffa2> do_page_fault+0x0/0x54a
 <c0103723> error_code+0x4f/0x54  <c01c3163> _raw_spin_lock+0x8/0xd9
 <c029e7f4> _spin_lock+0x13/0x16  <c013e9d6> anon_vma_link+0x1f/0xa3
 <c0113b08> copy_process+0xa4a/0x11ae  <c0113b37> copy_process+0xa79/0x11ae
 <c011448a> do_fork+0x90/0x197  <c01c27c7> copy_to_user+0x52/0x6f
 <c01012d8> sys_clone+0x24/0x28  <c0102c8f> syscall_call+0x7/0xb



slab: double free detected in cache 'inode_cache', objp f6c19414
------------[ cut here ]------------
kernel BUG at mm/slab.c:2455!
invalid opcode: 0000 [#2]
PREEMPT 
Modules linked in: netconsole snd_mixer_oss 8139cp snd_via82xx snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore ehci_hcd usbcore 8139too mii fan thermal processor rtc unix
CPU:    0
EIP:    0060:[<c0145547>]    Not tainted VLI
EFLAGS: 00010096   (2.6.17.4-vanilla #5) 
EIP is at free_block+0xcc/0x153
eax: 00000044   ebx: f6c19020   ecx: 00000000   edx: 00000001
esi: c18dbdb0   edi: c18dc320   ebp: f6c19044   esp: c1913eec
ds: 007b   es: 007b   ss: 0068
Process events/0 (pid: 4, threadinfo=c1913000 task=c1912ab0)
Stack: c02b5718 c02bb179 f6c19414 00000002 00000002 00000001 f6c19414 c18d78a8 
       c18d78a4 00000002 c18d7884 00000000 c014565b 00000000 00000000 c18dc320 
       c18dbdd4 00000000 c18dbdb0 c18dc320 00000000 c0146966 00000000 00000000 
Call Trace:
 <c014565b> drain_array+0x8d/0xbc  <c0146966> cache_reap+0x47/0x155
 <c0121fc7> run_workqueue+0x78/0xb6  <c014691f> cache_reap+0x0/0x155
 <c012240f> worker_thread+0x0/0x111  <c01224ee> worker_thread+0xdf/0x111
 <c0111762> default_wake_function+0x0/0x15  <c0124976> kthread+0x96/0xc3
 <c01248e0> kthread+0x0/0xc3  <c0101005> kernel_thread_helper+0x5/0xb
Code: fd ff e8 29 ec fb ff 83 c4 10 8b 04 24 8d 6c 83 1c 8b 45 00 40 83 f8 fd 77 1c ff 74 24 0c ff 77 44 68 18 57 2b c0 e8 41 04 fd ff <0f> 0b 97 09 f3 52 2b c0 83 c4 0c 8b 43 14 89 da 89 45 00 8b 04 
EIP: [<c0145547>] free_block+0xcc/0x153 SS:ESP 0068:c1913eec
 <3>BUG: sleeping function called from invalid context at include/linux/rwsem.h:43
in_atomic():1, irqs_disabled():1
 <c011f9ec> blocking_notifier_call_chain+0x11/0x41  <c011611a> profile_task_exit+0x10/0x14
 <c0117652> do_exit+0x1b/0x76b  <c0103f6d> die+0x1a4/0x25f
 <c0104002> die+0x239/0x25f  <c01047a6> do_invalid_op+0x0/0x9e
 <c0104838> do_invalid_op+0x92/0x9e  <c0145547> free_block+0xcc/0x153
 <c011538a> release_console_sem+0x19a/0x1a2  <c011595a> vprintk+0x2b9/0x2e7
 <c029e982> _spin_unlock+0x10/0x25  <c0103723> error_code+0x4f/0x54
 <c0145547> free_block+0xcc/0x153  <c014565b> drain_array+0x8d/0xbc
 <c0146966> cache_reap+0x47/0x155  <c0121fc7> run_workqueue+0x78/0xb6
 <c014691f> cache_reap+0x0/0x155  <c012240f> worker_thread+0x0/0x111
 <c01224ee> worker_thread+0xdf/0x111  <c0111762> default_wake_function+0x0/0x15
 <c0124976> kthread+0x96/0xc3  <c01248e0> kthread+0x0/0xc3
 <c0101005> kernel_thread_helper+0x5/0xb 
note: events/0[4] exited with preempt_count 1
BUG: events/0/4, lock held at task exit time!
 [c02f0f40] {cache_chain_mutex}
.. held by:          events/0:    4 [c1912ab0, 110]
... acquired at:               cache_reap+0x11/0x155

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: BUGs in mm/rmap.c
  2006-08-17 19:19   ` Tomas Hruby
@ 2006-08-17 19:42     ` Matthew Wilcox
  2006-08-19 12:32       ` Tomas Hruby
  0 siblings, 1 reply; 5+ messages in thread
From: Matthew Wilcox @ 2006-08-17 19:42 UTC (permalink / raw)
  To: Tomas Hruby; +Cc: linux-fsdevel

On Thu, Aug 17, 2006 at 09:19:32PM +0200, Tomas Hruby wrote:
> I tried that today again and it crashed with a different error on both
> kernels, with and without that patch. Here are the logs :

Could you run memtest86 on this machine?  The errors seem to be memory
corruption, and it's useful to rule out faulty ram before we start
chasing bugs.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: BUGs in mm/rmap.c
  2006-08-17 19:42     ` Matthew Wilcox
@ 2006-08-19 12:32       ` Tomas Hruby
  0 siblings, 0 replies; 5+ messages in thread
From: Tomas Hruby @ 2006-08-19 12:32 UTC (permalink / raw)
  To: Matthew Wilcox; +Cc: Tomas Hruby, linux-fsdevel

On Thu, Aug 17, 2006 at 01:42:25PM -0600, Matthew Wilcox wrote:
> On Thu, Aug 17, 2006 at 09:19:32PM +0200, Tomas Hruby wrote:
> > I tried that today again and it crashed with a different error on both
> > kernels, with and without that patch. Here are the logs :
> 
> Could you run memtest86 on this machine?  The errors seem to be memory
> corruption, and it's useful to rule out faulty ram before we start
> chasing bugs.

I was thinking about this as well. I ran memtest86 several times
and it didn't report any errors. The question is whether it proves
anything or not.

		T.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2006-08-19 12:32 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-08-17  2:10 BUGs in mm/rmap.c Tomas Hruby
2006-08-17 11:38 ` Matthew Wilcox
2006-08-17 19:19   ` Tomas Hruby
2006-08-17 19:42     ` Matthew Wilcox
2006-08-19 12:32       ` Tomas Hruby

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).