[new 2.6.21-rc6 crash] BUG: unable to handle kernel paging request at virtual address 6b6b6ceb

From: Ingo Molnar
Date: Thu Apr 12 2007 - 05:57:34 EST

Next message: jjohansen: "[AppArmor 18/41] call lsm hook before unhashing dentry in vfs_rmdir()"
Previous message: jjohansen: "[AppArmor 17/41] Pass struct vfsmount to the inode_rmdir LSM hook"
Next in thread: Chris Rankin: "Re: [new 2.6.21-rc6 crash] BUG: unable to handle kernel paging request at virtual address 6b6b6ceb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

i just got the crash below (with slab debug enabled) on -rc6-git4. I
never saw this one before, and as you can see from the recompile count,
i've rebuilt this tree a fair number of times - and the config didnt
change much.

I promptly re-tried the same bzImage but the crash did not reoccur.

So we've got a memory corruptor of some sort in v2.6.21-to-be. I'm 100%
sure that i never saw this under any v2.6.20 variant or on any prior
kernel. The crash site corresponds to a module-refcount dec:

(gdb) list *0x00000000c013c1f4
0xc013c1f4 is in module_put (kernel/module.c:801).
796
797 void module_put(struct module *module)
798 {
799 if (module) {
800 unsigned int cpu = get_cpu();
801 local_dec(&module->ref[cpu].count);
802 /* Maybe they're waiting for us to drop reference? */
803 if (unlikely(!module_is_live(module)))
804 wake_up_process(module->waiter);
805 put_cpu();
(gdb)

NOTE: i'm still using a bzImage kernel, so there are no true modules in
the kernel. (This also makes it pretty likely that this is not a build
artifact either.)

(config and full bootlog attached.)

Ingo

---------------------->
BUG: unable to handle kernel paging request at virtual address 6b6b6ceb
printing eip:
c013c1f5
*pde = 0203000c
Oops: 0002 [#1]
SMP
Modules linked in:
CPU: 0
EIP: 0060:[<c013c1f5>] Not tainted VLI
EFLAGS: 00010256 (2.6.21-rc6 #273)
EIP is at module_put+0x19/0x2d
eax: 6b6b6ceb ebx: f72fee2c ecx: c03c9b36 edx: 6b6b6b6b
esi: f7428f54 edi: 6b6b6b6b ebp: f737bf38 esp: f737bf38
ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0068
Process udev (pid: 1768, ti=f737a000 task=f7488000 task.ti=f737a000)
Stack: f737bf50 c019e832 f749092c 00000010 f72feda4 f746487c f737bf78 c0167c7f
00000000 00000000 f72f6ba4 c2928d48 f72feda4 f746487c f7be81d4 00000000
f737bf80 c0167d3b f737bf98 c01658b2 00000003 00000003 f7be81d4 f7be8254
Call Trace:
[<c0104c44>] show_trace_log_lvl+0x19/0x2e
[<c0104cf4>] show_stack_log_lvl+0x9b/0xa3
[<c0104fdd>] show_registers+0x1c8/0x29a
[<c01052d0>] die+0x119/0x1f0
[<c03cd075>] do_page_fault+0x4e3/0x5b8
[<c03cb7a4>] error_code+0x7c/0x84
[<c019e832>] sysfs_release+0x55/0x76
[<c0167c7f>] __fput+0xb9/0x15e
[<c0167d3b>] fput+0x17/0x19
[<c01658b2>] filp_close+0x52/0x5a
[<c01660a3>] sys_close+0x76/0xad
[<c0103dc0>] syscall_call+0x7/0xb
=======================
Code: 0a 00 89 f8 e8 90 f3 0a 00 5e 5f 89 d8 5b 5e 5f c9 c3 55 85 c0 89 c2 89 e5 74 22 64 a1 04 00 00 00 c1 e0 07 8d 84 10 80 01 00 00 <ff> 08 83 3a 02 75 0b 8b 82 88 11 00 00 e8 63 eb fd ff c9 c3 55
EIP: [<c013c1f5>] module_put+0x19/0x2d SS:ESP 0068:f737bf38

Attachment: .config.crash.bz2
Description: BZip2 compressed data

Attachment: crash.log.bz2
Description: BZip2 compressed data

Next message: jjohansen: "[AppArmor 18/41] call lsm hook before unhashing dentry in vfs_rmdir()"
Previous message: jjohansen: "[AppArmor 17/41] Pass struct vfsmount to the inode_rmdir LSM hook"
Next in thread: Chris Rankin: "Re: [new 2.6.21-rc6 crash] BUG: unable to handle kernel paging request at virtual address 6b6b6ceb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]