Ubuntu
xen-3.2 package

getSystemID results in Kernel Bug in MM

Bug #240418 reported by Torsten Krah on 2008-06-16

Affects		Status	Importance	Assigned to	Milestone
	xen-3.2 (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

Using latest Hardy x64 Distro.
Got some Dell Servers and wanted to read my ServiceTag with getSystemID (which works without using a xen kernel):
Stacktrace is following:

[1121064.995855] Eeek! page_mapcount(page) went negative! (-1)
[1121064.995896] page pfn = ffffffffffffffff
[1121064.995923] page->flags = 4
[1121064.995948] page->count = 0
[1121064.995972] page->mapping = 0000000000000000
[1121064.996022] vma->vm_ops = 0x0
[1121064.996051] vma->vm_file->f_op->mmap = xen_mmap_mem+0x0/0x40
[1121064.996090] ------------[ cut here ]------------
[1121064.996117] kernel BUG at /build/buildd/linux-2.6.24/debian/build/custom-source-xen/mm/rmap.c:631!
[1121064.996168] invalid opcode: 0000 [1] SMP
[1121064.996200] CPU 0
[1121064.996224] Modules linked in: xt_tcpudp xt_physdev mptctl mptbase bridge ipmi_devintf ipmi_si ipmi_msghandler ac sbs container battery dock sbshc video output acpi_cpufreq cpufreq_ondemand cpufreq_stats cpufreq_conservative cpufreq_powersave cpufreq_userspace freq_table iptable_filter ip_tables x_tables parport_pc lp parport loop ipv6 sr_mod usbhid hid cdrom serio_raw dcdbas iTCO_wdt iTCO_vendor_support i5000_edac button pata_acpi ata_generic psmouse pcspkr evdev edac_core shpchp pci_hotplug 8250_pnp 8250 serial_core ext3 jbd mbcache sd_mod sg ehci_hcd floppy ata_piix libata bnx2 uhci_hcd megaraid_sas scsi_mod usbcore dm_mirror dm_snapshot dm_mod thermal processor fan fuse
[1121064.996769] Pid: 25154, comm: getSystemId Not tainted 2.6.24-17-xen #1
[1121064.996801] RIP: e030:[<ffffffff8028e78b>] [<ffffffff8028e78b>] page_remove_rmap+0x12b/0x140
[1121064.996857] RSP: e02b:ffff88034126bd88 EFLAGS: 00010292
[1121064.996887] RAX: 0000000000000047 RBX: ffff880005b7bfc8 RCX: ffffffffff5f7000
[1121064.996934] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8058be64
[1121064.996980] RBP: ffff8803e50c2c60 R08: 0000000000000044 R09: 00000000ffffffff
[1121064.997027] R10: 0000000000000000 R11: 0000000000000000 R12: 00007fef9101d000
[1121064.997074] R13: 0000000000000020 R14: ffff880005b7bfc8 R15: 00007fef9101d000
[1121064.997124] FS: 00007fef9101d6f0(0000) GS:ffffffff805c6000(0000) knlGS:0000000000000000
[1121064.997173] CS: e033 DS: 0000 ES: 0000
[1121064.997200] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[1121064.997247] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[1121064.997294] Process getSystemId (pid: 25154, threadinfo ffff88034126a000, task ffff8803e8396800)
[1121064.997343] Stack: 00000000000000f0 ffff88033a49f070 00007fef9100e000 ffffffff80283bb7
[1121064.997406] ffffffff8061a420 ffff880001c3b438 00007fef9101cfff 0000000000000000
[1121064.997465] ffff88034126beb0 00007fef9101d000 00007fef9100d000 ffff8803e50c2c60
[1121064.997506] Call Trace:
[1121064.997553] [<ffffffff80283bb7>] unmap_vmas+0x687/0xb20
[1121064.997594] [<ffffffff80289b08>] unmap_region+0xc8/0x160
[1121064.997626] [<ffffffff8028aa2a>] do_munmap+0x22a/0x2f0
[1121064.997658] [<ffffffff80470fa2>] __down_write_nested+0x12/0x100
[1121064.997691] [<ffffffff8028ab3d>] sys_munmap+0x4d/0x80
[1121064.997723] [<ffffffff8020c698>] system_call+0x68/0x6d
[1121064.997753] [<ffffffff8020c630>] system_call+0x0/0x6d
[1121064.997784]
[1121064.997805]
[1121064.997805] Code: 0f 0b eb fe 48 8b 53 10 e9 65 ff ff ff 0f 1f 84 00 00 00 00
[1121064.997941] RIP [<ffffffff8028e78b>] page_remove_rmap+0x12b/0x140
[1121064.997974] RSP <ffff88034126bd88>
[1121064.998526] ---[ end trace a312eb7f5d3882ea ]---

Revision history for this message

mikmak (mikmak) wrote on 2008-07-26:

just got the exact same bug on a poweredge 2950 with ubuntu hardy 64 bits while doing getSystemId

Cheers,
Mik

Revision history for this message

Arnd (arnd-arndnet) wrote on 2008-09-30:

Download full text (3.2 KiB)

Same here also poweredge 2950:

[10836.939786] Eeek! page_mapcount(page) went negative! (-1)
[10836.939840] page pfn = ffffffffffffffff
[10836.939867] page->flags = 4
[10836.939891] page->count = 0
[10836.939916] page->mapping = 0000000000000000
[10836.939961] vma->vm_ops = 0x0
[10836.939990] vma->vm_file->f_op->mmap = xen_mmap_mem+0x0/0x40
[10836.940030] ------------[ cut here ]------------
[10836.940059] kernel BUG at /build/buildd/linux-2.6.24/debian/build/custom-source-xen/mm/rmap.c:631!
[10836.940109] invalid opcode: 0000 [1] SMP
[10836.940143] CPU 3
[10836.940169] Modules linked in: dcdbas acpi_cpufreq cpufreq_conservative cpufreq_userspace cpufreq_powersave cpufreq_stats cpufreq_ondemand freq_table ipmi_si ipmi_devintf ipmi_msghandler i2c_dev i2c_core bridge ipv6 video output battery container sbs sbshc dock ac iptable_filter ip_tables x_tables parport_pc lp parport loop af_packet usbhid hid iTCO_wdt iTCO_vendor_support psmouse serio_raw i5000_edac shpchp evdev pcspkr 8250_pnp 8250 serial_core edac_core button pci_hotplug ext3 jbd mbcache sr_mod cdrom ata_generic pata_acpi sd_mod sg qla2xxx ata_piix uhci_hcd scsi_transport_fc ehci_hcd bnx2 libata usbcore megaraid_sas scsi_tgt scsi_mod thermal processor fan fuse
[10836.940670] Pid: 10987, comm: smitest Not tainted 2.6.24-19-xen #1
[10836.940700] RIP: e030:[<ffffffff8028e78b>] [<ffffffff8028e78b>] page_remove_rmap+0x12b/0x140
[10836.940757] RSP: e02b:ffff8803e7751d88 EFLAGS: 00010292
[10836.940787] RAX: 0000000000000045 RBX: ffff880005a10fc8 RCX: ffffffffff5f7000
[10836.940819] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8058be64
[10836.940850] RBP: ffff8803e5f32720 R08: 0000000000000042 R09: 00000000ffffffff
[10836.940882] R10: 0000000000000000 R11: 0000000000000000 R12: 00007fdb23600000
[10836.940915] R13: 0000000000000020 R14: ffff880005a10fc8 R15: 00007fdb23604000
[10836.940949] FS: 00007fdb236046f0(0000) GS:ffffffff805c6180(0000) knlGS:0000000000000000
[10836.940997] CS: e033 DS: 0000 ES: 0000
[10836.941023] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[10836.941056] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[10836.941088] Process smitest (pid: 10987, threadinfo ffff8803e7750000, task ffff8803e526b040)
[10836.941137] Stack: 00000000000000e0 ffff8803e7efefa8 00007fdb235f5000 ffffffff80283bb7
[10836.941203] ffffffff8061a420 ffff880001ae3438 00007fdb23603fff 0000000000000000
[10836.941263] ffff8803e7751eb0 00007fdb23604000 00007fdb235f4000 ffff8803e5f32720
[10836.941304] Call Trace:
[10836.941350] [<ffffffff80283bb7>] unmap_vmas+0x687/0xb20
[10836.941387] [<ffffffff80289b08>] unmap_region+0xc8/0x160
[10836.941419] [<ffffffff8028aa2a>] do_munmap+0x22a/0x2f0
[10836.941450] [<ffffffff80471122>] __down_write_nested+0x12/0x100
[10836.941483] [<ffffffff8028ab3d>] sys_munmap+0x4d/0x80
[10836.941514] [<ffffffff8020c698>] system_call+0x68/0x6d
[10836.941545] [<ffffffff8020c630>] system_call+0x0/0x6d
[10836.941575]
[10836.941597]
[10836.941597] Code: 0f 0b eb fe 48 8b 53 10 e9 65 ff ff ff 0f 1f 84 00 00 00 00
[10836.941742] RIP [<ffffffff8028e78b>] page_remove_rmap+0x12b/0x140
[10836.941776] RSP <ffff8803e...

Same here also poweredge 2950:

[10836.939786] Eeek! page_mapcount(page) went negative! (-1)
[10836.939840]   page pfn = ffffffffffffffff
[10836.939867]   page->flags = 4
[10836.939891]   page->count = 0
[10836.939916]   page->mapping = 0000000000000000
[10836.939961]   vma->vm_ops = 0x0
[10836.939990]   vma->vm_file->f_op->mmap = xen_mmap_mem+0x0/0x40
[10836.940030] ------------[ cut here ]------------
[10836.940059] kernel BUG at /build/buildd/linux-2.6.24/debian/build/custom-source-xen/mm/rmap.c:631!
[10836.940109] invalid opcode: 0000 [1] SMP 
[10836.940143] CPU 3 
[10836.940169] Modules linked in: dcdbas acpi_cpufreq cpufreq_conservative cpufreq_userspace cpufreq_powersave cpufreq_stats cpufreq_ondemand freq_table ipmi_si ipmi_devintf ipmi_msghandler i2c_dev i2c_core bridge ipv6 video output battery container sbs sbshc dock ac iptable_filter ip_tables x_tables parport_pc lp parport loop af_packet usbhid hid iTCO_wdt iTCO_vendor_support psmouse serio_raw i5000_edac shpchp evdev pcspkr 8250_pnp 8250 serial_core edac_core button pci_hotplug ext3 jbd mbcache sr_mod cdrom ata_generic pata_acpi sd_mod sg qla2xxx ata_piix uhci_hcd scsi_transport_fc ehci_hcd bnx2 libata usbcore megaraid_sas scsi_tgt scsi_mod thermal processor fan fuse
[10836.940670] Pid: 10987, comm: smitest Not tainted 2.6.24-19-xen #1
[10836.940700] RIP: e030:[<ffffffff8028e78b>]  [<ffffffff8028e78b>] page_remove_rmap+0x12b/0x140
[10836.940757] RSP: e02b:ffff8803e7751d88  EFLAGS: 00010292
[10836.940787] RAX: 0000000000000045 RBX: ffff880005a10fc8 RCX: ffffffffff5f7000
[10836.940819] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8058be64
[10836.940850] RBP: ffff8803e5f32720 R08: 0000000000000042 R09: 00000000ffffffff
[10836.940882] R10: 0000000000000000 R11: 0000000000000000 R12: 00007fdb23600000
[10836.940915] R13: 0000000000000020 R14: ffff880005a10fc8 R15: 00007fdb23604000
[10836.940949] FS:  00007fdb236046f0(0000) GS:ffffffff805c6180(0000) knlGS:0000000000000000
[10836.940997] CS:  e033 DS: 0000 ES: 0000
[10836.941023] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[10836.941056] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[10836.941088] Process smitest (pid: 10987, threadinfo ffff8803e7750000, task ffff8803e526b040)
[10836.941137] Stack:  00000000000000e0 ffff8803e7efefa8 00007fdb235f5000 ffffffff80283bb7
[10836.941203]  ffffffff8061a420 ffff880001ae3438 00007fdb23603fff 0000000000000000
[10836.941263]  ffff8803e7751eb0 00007fdb23604000 00007fdb235f4000 ffff8803e5f32720
[10836.941304] Call Trace:
[10836.941350]  [<ffffffff80283bb7>] unmap_vmas+0x687/0xb20
[10836.941387]  [<ffffffff80289b08>] unmap_region+0xc8/0x160
[10836.941419]  [<ffffffff8028aa2a>] do_munmap+0x22a/0x2f0
[10836.941450]  [<ffffffff80471122>] __down_write_nested+0x12/0x100
[10836.941483]  [<ffffffff8028ab3d>] sys_munmap+0x4d/0x80
[10836.941514]  [<ffffffff8020c698>] system_call+0x68/0x6d
[10836.941545]  [<ffffffff8020c630>] system_call+0x0/0x6d
[10836.941575] 
[10836.941597] 
[10836.941597] Code: 0f 0b eb fe 48 8b 53 10 e9 65 ff ff ff 0f 1f 84 00 00 00 00 
[10836.941742] RIP  [<ffffffff8028e78b>] page_remove_rmap+0x12b/0x140
[10836.941776]  RSP <ffff8803e7751d88>
[10836.942410] ---[ end trace 7661131973aa5235 ]---

Revision history for this message

Bruce Edge (bruce-edge) wrote on 2008-10-17:

Same thing with a Dell precision m6300 laptop running 8.04 64 bit xen 3.2 kernel

Revision history for this message

elventear (elventear) wrote on 2009-04-07:

Download full text (3.4 KiB)

Anybody having this problem still?

I just had this error on my dom0 kernel log, but I don't know what triggered it. And this is an HP server.

[ 7734.861807] Eeek! page_mapcount(page) went negative! (-1)
[ 7734.861872] page pfn = ffffffffffffffff
[ 7734.861918] page->flags = 4
[ 7734.861960] page->count = ffffffff
[ 7734.862004] page->mapping = 0000000000000000
[ 7734.862070] vma->vm_ops = 0x0
[ 7734.862117] vma->vm_file->f_op->mmap = xen_mmap_mem+0x0/0x40
[ 7734.862181] ------------[ cut here ]------------
[ 7734.862230] kernel BUG at /build/buildd/linux-2.6.24/debian/build/custom-source-xen/mm/rmap.c:631!
[ 7734.862320] invalid opcode: 0000 [1] SMP
[ 7734.862373] CPU 2
[ 7734.862415] Modules linked in: af_packet xt_physdev iptable_filter ip_tables x_tables deflate zlib_deflate twofish twofish_common camellia serpent blowfish des_generic cbc ecb blkcipher aes_generic aes_x86_64 xcbc sha256_generic sha1_generic crypto_null af_key nls_cp437 isofs ebtable_broute bridge ebtable_nat ebtable_filter ebtables parport_pc lp parport loop ipv6 pcspkr shpchp pci_hotplug button iTCO_wdt iTCO_vendor_support 8250_pnp 8250 serial_core evdev ext3 jbd mbcache sr_mod cdrom ata_generic usbhid hid ata_piix sg sd_mod pata_acpi ehci_hcd libata uhci_hcd usbcore tg3 mptsas mptscsih mptbase scsi_transport_sas scsi_mod raid10 raid456 async_xor async_memcpy async_tx xor raid1 raid0 multipath linear md_mod dm_mirror dm_snapshot dm_mod thermal processor fan fuse
[ 7734.863234] Pid: 9833, comm: hwinfo Not tainted 2.6.24-23-xen #1
[ 7734.863286] RIP: e030:[<ffffffff8028e98b>] [<ffffffff8028e98b>] page_remove_rmap+0x12b/0x140
[ 7734.863380] RSP: e02b:ffff8800c37d5d88 EFLAGS: 00010292
[ 7734.863430] RAX: 0000000000000045 RBX: ffff880002c54fc8 RCX: ffffffffff5f7000
[ 7734.863487] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8058ce64
[ 7734.863543] RBP: ffff8800f205f678 R08: 0000000000000042 R09: 00000000ffffffff
[ 7734.863599] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffbac000000
[ 7734.863656] R13: 0000000000000020 R14: ffff880002c54fc8 R15: 00007ffbac033000
[ 7734.863714] FS: 00007ffbac0e06e0(0000) GS:ffffffff805c7100(0000) knlGS:0000000000000000
[ 7734.863801] CS: e033 DS: 0000 ES: 0000
[ 7734.863846] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 7734.863903] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 7734.863959] Process hwinfo (pid: 9833, threadinfo ffff8800c37d4000, task ffff8800f2175040)
[ 7734.864046] Stack: 00000000000000c0 ffff8800bec71f98 00007ffbabff3000 ffffffff80283d87
[ 7734.864148] ffffffff8061a420 ffff880001cf2438 00007ffbac032fff 0000000000000000
[ 7734.864246] ffff8800c37d5eb0 00007ffbac033000 00007ffbabff3000 ffff8800f205f678
[ 7734.864312] Call Trace:
[ 7734.864393] [<ffffffff80283d87>] unmap_vmas+0x687/0xb20
[ 7734.864485] [<ffffffff80289d08>] unmap_region+0xc8/0x160
[ 7734.864549] [<ffffffff8028ac2a>] do_munmap+0x22a/0x2f0
[ 7734.864607] [<ffffffff80471862>] __down_write_nested+0x12/0x100
[ 7734.864671] [<ffffffff8028ad3d>] sys_munmap+0x4d/0x80
[ 7734.864730] [<ffffffff8020c698>] system_call+0x68/0x6d
[ 7734.864788] [<ffffffff8020c630>] system_call+0x0/0x...

Anybody having this problem still?

I just had this error on my dom0 kernel log, but I don't know what triggered it. And this is an HP server.

[ 7734.861807] Eeek! page_mapcount(page) went negative! (-1)
[ 7734.861872]   page pfn = ffffffffffffffff
[ 7734.861918]   page->flags = 4
[ 7734.861960]   page->count = ffffffff
[ 7734.862004]   page->mapping = 0000000000000000
[ 7734.862070]   vma->vm_ops = 0x0
[ 7734.862117]   vma->vm_file->f_op->mmap = xen_mmap_mem+0x0/0x40
[ 7734.862181] ------------[ cut here ]------------
[ 7734.862230] kernel BUG at /build/buildd/linux-2.6.24/debian/build/custom-source-xen/mm/rmap.c:631!
[ 7734.862320] invalid opcode: 0000 [1] SMP 
[ 7734.862373] CPU 2 
[ 7734.862415] Modules linked in: af_packet xt_physdev iptable_filter ip_tables x_tables deflate zlib_deflate twofish twofish_common camellia serpent blowfish des_generic cbc ecb blkcipher aes_generic aes_x86_64 xcbc sha256_generic sha1_generic crypto_null af_key nls_cp437 isofs ebtable_broute bridge ebtable_nat ebtable_filter ebtables parport_pc lp parport loop ipv6 pcspkr shpchp pci_hotplug button iTCO_wdt iTCO_vendor_support 8250_pnp 8250 serial_core evdev ext3 jbd mbcache sr_mod cdrom ata_generic usbhid hid ata_piix sg sd_mod pata_acpi ehci_hcd libata uhci_hcd usbcore tg3 mptsas mptscsih mptbase scsi_transport_sas scsi_mod raid10 raid456 async_xor async_memcpy async_tx xor raid1 raid0 multipath linear md_mod dm_mirror dm_snapshot dm_mod thermal processor fan fuse
[ 7734.863234] Pid: 9833, comm: hwinfo Not tainted 2.6.24-23-xen #1
[ 7734.863286] RIP: e030:[<ffffffff8028e98b>]  [<ffffffff8028e98b>] page_remove_rmap+0x12b/0x140
[ 7734.863380] RSP: e02b:ffff8800c37d5d88  EFLAGS: 00010292
[ 7734.863430] RAX: 0000000000000045 RBX: ffff880002c54fc8 RCX: ffffffffff5f7000
[ 7734.863487] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8058ce64
[ 7734.863543] RBP: ffff8800f205f678 R08: 0000000000000042 R09: 00000000ffffffff
[ 7734.863599] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffbac000000
[ 7734.863656] R13: 0000000000000020 R14: ffff880002c54fc8 R15: 00007ffbac033000
[ 7734.863714] FS:  00007ffbac0e06e0(0000) GS:ffffffff805c7100(0000) knlGS:0000000000000000
[ 7734.863801] CS:  e033 DS: 0000 ES: 0000
[ 7734.863846] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 7734.863903] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 7734.863959] Process hwinfo (pid: 9833, threadinfo ffff8800c37d4000, task ffff8800f2175040)
[ 7734.864046] Stack:  00000000000000c0 ffff8800bec71f98 00007ffbabff3000 ffffffff80283d87
[ 7734.864148]  ffffffff8061a420 ffff880001cf2438 00007ffbac032fff 0000000000000000
[ 7734.864246]  ffff8800c37d5eb0 00007ffbac033000 00007ffbabff3000 ffff8800f205f678
[ 7734.864312] Call Trace:
[ 7734.864393]  [<ffffffff80283d87>] unmap_vmas+0x687/0xb20
[ 7734.864485]  [<ffffffff80289d08>] unmap_region+0xc8/0x160
[ 7734.864549]  [<ffffffff8028ac2a>] do_munmap+0x22a/0x2f0
[ 7734.864607]  [<ffffffff80471862>] __down_write_nested+0x12/0x100
[ 7734.864671]  [<ffffffff8028ad3d>] sys_munmap+0x4d/0x80
[ 7734.864730]  [<ffffffff8020c698>] system_call+0x68/0x6d
[ 7734.864788]  [<ffffffff8020c630>] system_call+0x0/0x6d
[ 7734.864849] 
[ 7734.864886] 
[ 7734.864887] Code: 0f 0b eb fe 48 8b 53 10 e9 65 ff ff ff 0f 1f 84 00 00 00 00 
[ 7734.865095] RIP  [<ffffffff8028e98b>] page_remove_rmap+0x12b/0x140
[ 7734.865151]  RSP <ffff8800c37d5d88>
[ 7734.865820] ---[ end trace 7f378db783039b52 ]---

Revision history for this message

Jason B (jasonb) wrote on 2009-09-09:

I am experiencing this exact problem at the moment. It is a different application triggering the issue but works perfectly under a non-xen enabled kernel. Are there any updates?

Revision history for this message

Thomas Hotz (thotz-deactivatedaccount) wrote on 2013-03-21:

Marking as confirmed.

Changed in xen-3.2 (Ubuntu):
status:	New → Confirmed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuxen-3.2 package

getSystemID results in Kernel Bug in MM

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
xen-3.2 package