Bug 7066
Summary: | __free_pages+0xc/0x34 | ||
---|---|---|---|
Product: | Memory Management | Reporter: | Don Harter (harterc1) |
Component: | Page Allocator | Assignee: | Andrew Morton (akpm) |
Status: | CLOSED PATCH_ALREADY_AVAILABLE | ||
Severity: | normal | CC: | bunk, tiwai, torvalds |
Priority: | P2 | ||
Hardware: | i386 | ||
OS: | Linux | ||
Kernel Version: | linux-2.6.17.11 | Subsystem: | |
Regression: | --- | Bisected commit-id: | |
Attachments: |
System map
lspci -vvv my .config file 2 new crashes in a log strace of mount command bootup and log of the crash system map for the smp kernel compile my smp .config file Remove superfluous lock from rtc.c Fix ABBA deadlock in rtc and sound timer crash dump system map for the patched kernel another crash- syslog |
Description
Don Harter
2006-08-28 10:03:58 UTC
root:~>/usr/src/linux-2.6.17.11/scripts/ver_linux If some fields are empty or look unusual you may have an old version. Compare to the current minimal requirements in Documentation/Changes. Linux c-69-137-115-121 2.6.17.11-default #1 Mon Aug 28 01:21:52 CDT 2006 i686 athlon i386 GNU/Linux Gnu C 4.1.0 Gnu make 3.80 binutils 2.16.91.0.5 util-linux 2.12r mount 2.12r module-init-tools 3.2.2 e2fsprogs 1.38 jfsutils 1.1.10 reiserfsprogs 3.6.19 xfsprogs 2.7.11 quota-tools 3.13. PPP 2.4.3 isdn4k-utils 3.9 nfs-utils 1.0.7 Linux C Library > libc.2.4 Dynamic linker (ldd) 2.4 Linux C++ Library 6.0.8 Procps 3.2.6 Net-tools 1.60 Kbd 1.12 Sh-utils 5.93 udev 085 Modules Loaded nls_iso8859_1 nls_cp437 vfat fat ipt_LOG xt_limit xt_pkttype af_packet edd snd_pcm_oss snd_mixer_oss snd_seq snd_seq_device ip6t_REJECT xt_tcpudp ipt_REJECT xt_state iptable_mangle iptable_nat ip_nat iptable_filter ip6table_mangle ip_conntrack nfnetlink ip_tables ip6table_filter ip6_tables x_tables ipv6 loop dm_mod snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd ehci_hcd soundcore snd_page_alloc ohci_hcd usbcore i2c_nforce2 i2c_core ide_cd cdrom ohci1394 ieee1394 forcedeth ext3 jbd processor sg sata_nv libata amd74xx sd_mod scsi_mod ide_disk ide_core root:~> root:~>cat /proc/cpuinfo processor : 0 vendor_id : AuthenticAMD cpu family : 15 model : 43 model name : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ stepping : 1 cpu MHz : 2009.490 cache size : 512 KB fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 1 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt lm 3dnowext 3dnow up pni lahf_lm cmp_legacy ts fid vid ttp bogomips : 4022.72 root:~>cat /proc/ioports 0000-001f : dma1 0020-0021 : pic1 0040-0043 : timer0 0050-0053 : timer1 0060-006f : keyboard 0070-0077 : rtc 0080-008f : dma page reg 00a0-00a1 : pic2 00c0-00df : dma2 00f0-00ff : fpu 0170-0177 : ide1 01f0-01f7 : ide0 0376-0376 : ide1 03c0-03df : vga+ 03f6-03f6 : ide0 0970-0977 : 0000:00:07.0 0970-0977 : sata_nv 09f0-09f7 : 0000:00:07.0 09f0-09f7 : sata_nv 0b70-0b73 : 0000:00:07.0 0b70-0b73 : sata_nv 0bf0-0bf3 : 0000:00:07.0 0bf0-0bf3 : sata_nv 1c00-1c3f : 0000:00:01.1 1c00-1c07 : nForce2_smbus 1c40-1c7f : 0000:00:01.1 1c40-1c47 : nForce2_smbus 7000-7fff : PCI Bus #05 8000-8fff : PCI Bus #04 9000-9fff : PCI Bus #03 a000-afff : PCI Bus #02 b000-bfff : PCI Bus #01 b400-b407 : 0000:01:0a.0 b800-b807 : 0000:01:0a.0 bc00-bc1f : 0000:01:0a.0 bc00-bc07 : serial bc08-bc0f : serial c800-c807 : 0000:00:0a.0 c800-c807 : forcedeth cc00-cc0f : 0000:00:07.0 cc00-cc0f : sata_nv e000-e00f : 0000:00:06.0 e000-e007 : ide0 e008-e00f : ide1 ec00-ecff : 0000:00:04.0 ec00-ecff : NVidia CK804 f000-f0ff : 0000:00:04.0 f000-f0ff : NVidia CK804 fc00-fc1f : 0000:00:01.1 root:~>cat /proc/iomem 00000000-0009efff : System RAM 00000000-00000000 : Crash kernel 0009f000-0009ffff : reserved 000a0000-000bffff : Video RAM area 000c0000-000cedff : Video ROM 000f0000-000fffff : System ROM 00100000-7fedffff : System RAM 00100000-00289fbf : Kernel code 00289fc0-0037cd6f : Kernel data 7fee0000-7fee2fff : ACPI Non-volatile Storage 7fee3000-7feeffff : ACPI Tables 7fef0000-7fefffff : reserved d0000000-dfffffff : PCI Bus #05 d0000000-dfffffff : 0000:05:00.0 e0000000-efffffff : reserved fa000000-fcffffff : PCI Bus #05 fa000000-faffffff : 0000:05:00.0 fb000000-fbffffff : 0000:05:00.0 fc000000-fc01ffff : 0000:05:00.0 fd800000-fd8fffff : PCI Bus #04 fd900000-fd9fffff : PCI Bus #04 fda00000-fdafffff : PCI Bus #03 fdb00000-fdbfffff : PCI Bus #03 fdc00000-fdcfffff : PCI Bus #02 fdd00000-fddfffff : PCI Bus #02 fde00000-fdefffff : PCI Bus #01 fdef8000-fdefbfff : 0000:01:06.0 fdeff000-fdeff7ff : 0000:01:06.0 fdeff000-fdeff7ff : ohci1394 fdf00000-fdffffff : PCI Bus #01 fe02a000-fe02afff : 0000:00:0a.0 fe02a000-fe02afff : forcedeth fe02b000-fe02bfff : 0000:00:07.0 fe02b000-fe02bfff : sata_nv fe02d000-fe02dfff : 0000:00:04.0 fe02d000-fe02dfff : NVidia CK804 fe02f000-fe02ffff : 0000:00:02.0 fe02f000-fe02ffff : ohci_hcd feb00000-feb000ff : 0000:00:02.1 feb00000-feb000ff : ehci_hcd fec00000-ffffffff : reserved root:~> Created attachment 8887 [details]
System map
Created attachment 8888 [details]
lspci -vvv
root:~>cat /proc/scsi/scsi Attached devices: Host: scsi0 Channel: 00 Id: 00 Lun: 00 Vendor: ATA Model: ST3160812AS Rev: 3.AA Type: Direct-Access ANSI SCSI revision: 05 Host: scsi1 Channel: 00 Id: 00 Lun: 00 Vendor: ATA Model: ST3160812AS Rev: 3.AA Type: Direct-Access ANSI SCSI revision: 05 root:~> Begin forwarded message: Date: Mon, 28 Aug 2006 12:59:12 -0700 (PDT) From: Linus Torvalds <torvalds@osdl.org> To: Andrew Morton <akpm@osdl.org> Subject: Re: Fw: [Bug 7066] New: __free_pages+0xc/0x34 On Mon, 28 Aug 2006, Andrew Morton wrote: > > This is another in the ongoing once-a-month dribble of weird crashes coming > out of the poll() code. This time it looks like a free of a freed page. > > There's enough noise coming out of that area to make me think we have some > subtle bug in there. Or maybe it's just that random driver > lifetime-management bugs will sometimes manifest in a way which makes it > look like the poll() code is to blame, dunno. I really don't think the poll/select code is to blame - all the memory management there is really really simple, and it's all totally thread- private, so there aren't even any race conditions or locking issues. The "memory management" is a poll_wqueues entry allocated on the thread kernel stack, and a simple linked list of pages. I suspect things show up in the poll() code not because the poll code itself is buggy, but because when you run X, poll() is one of the most common system calls, and of the common system calls it's the only one that does any real amount of page allocation (ie the other ones are gettimeofday() and things like sendmsg()/recvmsg(), and the former one obviously doesn't do any allocations at all, and the latter ones hide all their allocations through the slab layer). In other words, if something corrupts the free-page list, poll() just ends up being the most likely thing to ever notice. The part that may give more of a clue is the second oops, which gets a page fault on this part: #ifdef CONFIG_DEBUG_SLAB_LEAK { struct slab *slabp; unsigned objnr; slabp = page_get_slab(virt_to_page(objp)); objnr = (unsigned)(objp - slabp->s_mem) / cachep->buffer_size; slab_bufctl(slabp)[objnr] = BUFCTL_ACTIVE; } #endif where if I read the oops right, it's the "objp - slabp->s_mem" that crashes because "slabp" is 0x00200200, ie the list poisoning thing. But slabp was gotten through "page_get_slab()", which in turn is page->lru.prev. And notice how we did NOT trigger the BUG_ON(!PageSlab(page)); in page_get_slab(). That looks strange and interesting. Somebody seems to have done a list_del(&page->lru.prev) on a page that is still marked as being a slab page. And yeah, I bet it's related to the first oops somehow, but the thing is, that code-sequence should have _nothing_ to do with slab pages. And besides, if that sequence does a list_del(), I'd have expected it to do so _after_ it does the put_page_testzero() anyway (but I didn't go check). Linus Don, can you confirm whether you can reproduce this bug at will or not? Has it happened only once, or can you basically depend on it happening under certain loads? Linus I had been having problems with earlier kernel versions and which were tainted. I decided to try at that time the latest kernel version linux-2.6.17.1 which was tainted. I got more crashes on tainted linux-2.6.17.1 than I did on tainted linux-2.6.16.21-0.13. I have not been using untainted linux-2.6.17.11 very long. I just compiled it this morning. It seems to be more stable than tainted linux-2.6.17.1 so far. I had problems with clock not keeping the correct time in smp tainted versions of suse linux-2.6.16.21-0.13. So I switched to an default non smp config. With this untainted kernel that I have submitted my bug report on, my screensaver does not change. Today I did a bios upgrade for my motherboard and that might fix some problems. I am jsut waiting for the next crash on this kernel. I have a serial cable to another linux box and it will hopefully capture it. If it is like tainted linux-2.6.17.1, I shouldn't have to wait very long. Created attachment 8891 [details]
my .config file
It has been over 12 hours and this hasn't crashed. It seems to be more stable. I suspect that those smp changes made in earlier versions may have caused that. I am expecting lightning storms and need to shut down my computer. I will see if I can crash this system using my kmid suse bug like the other kernels. That may be an audio driver issue though. If I compile a smp version and it crashes, would that apply to this bug report or should I submit a separate one? Yes I can crash it with kmid. I am not sure if it is related to this bug though. Here is what I captured: BUG: spinlock recursion on CPU#0, kmid/10249 lock: c0342198, .magic: dead4ead, .owner: kmid/10249, .owner_cpu: 0 BUG: spinlock lockup on CPU#0, kmid/10249, c0342198 †‚??!•? I am back from vacation. I have been running on this kernel for over 3 days now and it hasn't crashed. I will try to load it more or try a smp version on this dual core processor. Created attachment 8979 [details]
2 new crashes in a log
I was just reading an email in thunderbird when it crashed. I was interacting
with the mail window.
On Sat, 9 Sep 2006, bugme-daemon@bugzilla.kernel.org wrote: > > I was just reading an email in thunderbird when it crashed. I was interacting > with the mail window. Looks like the "sock->ops->sendmsg()" function pointer was corrupted (with a value of something like 0xa951937b, which doesn't look like any obvious string or other poisoning value, so there's no hint there). The "sock->ops" values should normally be pointers to a compile-time static structure, so I suspect the "sock" structure itself got corrupted somehow. Which points to more slab corruption. Which makes this very hard to debug, since the corruption could have happened at any point. Don, do you have slab debugging turned on in your tree? If you don't, turning it on might help us. It's "CONFIG_DEBUG_SLAB". Linus I have built an smp version. I chose these options among others: CONFIG_FUTEX=y CONFIG_EPOLL=y CONFIG_SHMEM=y CONFIG_SLAB=y # CONFIG_TINY_SHMEM is not set CONFIG_BASE_SMALL=0 # CONFIG_SLOB is not set CONFIG_OBSOLETE_INTERMODULE=m If you would rather me use a non-smp version let me know. I have had more crashes though with smp kernels. Others with my same motherboard have said that they do not have the problems that I have had. Could the problem be my add in cards or the drivers which others may not have? I have built and am using a smp version. It hasn't crashed yet. However my clock on the kde panel is running fast. I had attached my kernel config file and I see that for the crash reports the slab debug option was set. Created attachment 9028 [details]
strace of mount command
Not sure if this is related, but I cannot mount my other file system as a ext3
type. When I issue the command it either locks up the terminal and does not
respond or segmentation faults. I have attached an strace of where it just
locks up. If I issue the same command as "ext2", it works.
This crashed using smp kernel. I was running the following command "cp -R --preserve -f -x -t /mnt /" I had a same size partition mounted on /mnt and was backing up my current partition. I will attach the boot up log and the information below. I will then attach my system.map for the snmp kernel. CPU: 1 EIP: 0060:[<c02974ba>] Not tainted VLI EFLAGS: 00010086 (2.6.17.11-smp #1) EIP is at schedule+0x88a/0xa9e eax: c241ce00 ebx: 00000001 ecx: 39393909 edx: c241ce00 esi: f68de9f0 edi: 00000000 ebp: d9777da0 esp: d9777d38 ds: 007b es: 007b ss: 0068 Process pdflush (pid: 3966, threadinfo=d9776000 task=dfe13560) Stack: e5592810 dfb16420 9775360d 00000190 d9777d5c 0000000a dfe13668 dfe13560 df41da90 c241d760 97942cf2 00000190 001ef6e5 00000001 00000000 00000002 f68c0bc4 0000000c 00000001 00000000 dfab0d74 00000000 d9777d98 c241d760 Call Trace: <c0104d2a> show_stack_log_lvl+0x85/0x8f <c0104ea7> show_registers+0x13b/0x1af <c0105090> die+0x175/0x285 <c029a248> do_page_fault+0x428/0x58e <c010485b> error_code+0x4f/0x54 <c0297884> io_schedule+0x26/0x30 <c0161d97> sync_buffer+0x33/0x37 <c0297fa0> __wait_on_bit+0x36/0x5d <c0298030> out_of_line_wait_on_bit+0x69/0x71 <c0161cef> __wait_on_buffer+0x1f/0x25 <c0162df5> __bread+0x92/0xa8 <c019b931> ext2_get_inode+0x94/0xef <c019b9c5> ext2_update_inode+0x39/0x2b5 <c019bc49> ext2_write_inode+0x8/0xa <c017df89> __writeback_single_inode+0x1ba/0x310 <c017e367> sync_sb_inodes+0x1a2/0x268 <c017e8a6> writeback_inodes+0x8e/0xe0 <c0149111> background_writeout+0x5e/0x87 <c0149763> pdflush+0xf2/0x189 <c0130520> kthread+0xa3/0xd0 <c0102005> kernel_thread_helper+0x5/0xb Code: 8b 58 10 b8 80 28 3d c0 74 7f f0 0f b3 9e 78 01 00 00 89 c2 03 14 9d 80 ef 39 c0 c7 42 04 01 00 00 00 03 04 9d 80 ef 39 c0 89 08 <f0> 0f ab 99 78 01 00 00 8b 41 24 05 00 00 00 40 0f 22 d8 8b 81 EIP: [<c02974ba>] schedule+0x88a/0xa9e SS:ESP 0068:d9777d38 <0>BUG: spinlock recursion on CPU#1, pdflush/3966 BUG: spinlock lockup on CPU#0, swapper/0, c241d760 BUG: spinlock lockup on CPU#1, pdflush/3966, c0346ec0 BUG: spinlock lockup on CPU#0, swapper/0, c0346ec0 BUG: spinlock lockup on CPU#1, pdflush/3966, c0346ec0 BUG: spinlock lockup on CPU#0, swapper/0, c0346ec0 BUG: spinlock lockup on CPU#1, pdflush/3966, c0346ec0 BUG: spinlock lockup on CPU#0, swapper/0, c0346ec0 BUG: spinlock lockup on CPU#1, pdflush/3966, c0346ec0 BUG: spinlock lockup on CPU#0, swapper/0, c0346ec0 BUG: spinlock lockup on CPU#1, pdflush/3966, c0346ec0 BUG: spinlock lockup on CPU#0, swapper/0, c0346ec0 BUG: spinlock lockup on CPU#1, pdflush/3966, c0346ec0 BUG: spinlock lockup on CPU#0, swapper/0, c0346ec0 BUG: spinlock lockup on CPU#1, pdflush/3966, c0346ec0 BUG: spinlock lockup on CPU#0, swapper/0, c0346ec0 BUG: spinlock lockup on CPU#1, pdflush/3966, c0346ec0 BUG: spinlock lockup on CPU#0, swapper/0, c0346ec0 BUG: spinlock lockup on CPU#1, pdflush/3966, c0346ec0 BUG: spinlock lockup on CPU#0, swapper/0, c0346ec0 BUG: spinlock lockup on CPU#1, pdflush/3966, c0346ec0 Created attachment 9033 [details]
bootup and log of the crash
Created attachment 9034 [details]
system map for the smp kernel compile
Created attachment 9035 [details]
my smp .config file
On Sun, 17 Sep 2006, bugme-daemon@bugzilla.kernel.org wrote: > > EIP: 0060:[<c02974ba>] Not tainted VLI > EIP is at schedule+0x88a/0xa9e > eax: c241ce00 ebx: 00000001 ecx: 39393909 edx: c241ce00 > esi: f68de9f0 edi: 00000000 ebp: d9777da0 esp: d9777d38 > Code: 8b 58 10 b8 80 28 3d c0 74 7f f0 0f b3 9e 78 01 00 00 89 c2 03 14 9d 80 ef > 39 c0 c7 42 04 01 00 00 00 03 04 9d 80 ef 39 c0 89 08 <f0> 0f ab 99 78 01 00 00 > 8b 41 24 05 00 00 00 40 0f 22 d8 8b 81 That would be at the instruction sequence lock bts %ebx,%ds:0x178(%ecx) mov 0x24(%ecx),%eax add $0x40000000,%eax mov %eax,%cr3 which is the TLB invalidate, where "ecx" is 39393909, which looks like the string "\t999". It _should_ be this code (from switch_mm() in asm-i386/mmu_context.h): cpu_set(cpu, next->cpu_vm_mask); /* Re-load page tables */ load_cr3(next->pgd); so it's "next->cpu_vm_mask" that is corrupt. Linus I crashed this smp kernel again. I just ran the command dd if=/dev/sda2 of=/dev/sdb2. Here is what happened. BUG: spinlock lockup on CPU#0, klogd/2530, c241d760 I was planning on trying the latest kernel but needed to run this command first. My main partition is almost full. I ran this same dd command with 2.6.18 and it did not crash. 2.6.18 still has a bug with kmid. this may be a different bug and may be kmids fault ======================================================= [ INFO: possible circular locking dependency detected ] ------------------------------------------------------- kmid/4918 is trying to acquire lock: (&timer->lock){++..}, at: [<f89cee75>] snd_timer_interrupt+0x21/0x241 [snd_timer] but task is already holding lock: (rtc_task_lock){+...}, at: [<c02275f6>] rtc_interrupt+0x96/0xe3 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (rtc_task_lock){+...}: [<c0136cde>] lock_acquire+0x60/0x80 [<c02b07cf>] _spin_lock_irqsave+0x22/0x32 [<c0227175>] rtc_control+0x2e/0x66 [<f8b1c087>] rtctimer_start+0x45/0x5a [snd_rtctimer] [<f89ce0e7>] snd_timer_start1+0x67/0x78 [snd_timer] [<f89cec7f>] snd_timer_start+0x54/0x82 [snd_timer] [<f8ad0d2c>] snd_seq_timer_start+0x33/0x4a [snd_seq] [<f8acfcdb>] snd_seq_control_queue+0xb6/0x13e [snd_seq] [<f8ad10d2>] event_input_timer+0xe/0x10 [snd_seq] [<f8acce4e>] snd_seq_deliver_single_event+0xdd/0x1cc [snd_seq] [<f8acd0b3>] snd_seq_deliver_event+0x176/0x184 [snd_seq] [<f8acd4e9>] snd_seq_dispatch_event+0x10f/0x127 [snd_seq] [<f8acf6ef>] snd_seq_check_queue+0x9d/0xd6 [snd_seq] [<f8acf9b0>] snd_seq_enqueue_event+0xce/0xdf [snd_seq] [<f8acd173>] snd_seq_client_enqueue_event+0xb2/0xdc [snd_seq] [<f8ace80e>] snd_seq_write+0x129/0x16c [snd_seq] [<c01694d3>] vfs_write+0xab/0x157 [<c0169b16>] sys_write+0x3b/0x60 [<c0103db9>] sysenter_past_esp+0x56/0x8d -> #0 (&timer->lock){++..}: [<c0136cde>] lock_acquire+0x60/0x80 [<c02b07cf>] _spin_lock_irqsave+0x22/0x32 [<f89cee75>] snd_timer_interrupt+0x21/0x241 [snd_timer] [<f8b1c0f0>] rtctimer_interrupt+0xd/0x11 [snd_rtctimer] [<c0227605>] rtc_interrupt+0xa5/0xe3 [<c014b428>] handle_IRQ_event+0x20/0x4d [<c014b4e9>] __do_IRQ+0x94/0xef [<c010627d>] do_IRQ+0x71/0x84 [<c01048d9>] common_interrupt+0x25/0x2c other info that might help us debug this: 1 lock held by kmid/4918: #0: (rtc_task_lock){+...}, at: [<c02275f6>] rtc_interrupt+0x96/0xe3 stack backtrace: [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c013604c>] print_circular_bug_tail+0x59/0x64 [<c0136882>] __lock_acquire+0x82b/0x9b6 [<c0136cde>] lock_acquire+0x60/0x80 [<c02b07cf>] _spin_lock_irqsave+0x22/0x32 [<f89cee75>] snd_timer_interrupt+0x21/0x241 [snd_timer] [<f8b1c0f0>] rtctimer_interrupt+0xd/0x11 [snd_rtctimer] [<c0227605>] rtc_interrupt+0xa5/0xe3 [<c014b428>] handle_IRQ_event+0x20/0x4d [<c014b4e9>] __do_IRQ+0x94/0xef [<c010627d>] do_IRQ+0x71/0x84 [<c01048d9>] common_interrupt+0x25/0x2c DWARF2 unwinder stuck at common_interrupt+0x25/0x2c Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c013604c>] print_circular_bug_tail+0x59/0x64 [<c0136882>] __lock_acquire+0x82b/0x9b6 [<c0136cde>] lock_acquire+0x60/0x80 [<c02b07cf>] _spin_lock_irqsave+0x22/0x32 [<f89cee75>] snd_timer_interrupt+0x21/0x241 [snd_timer] [<f8b1c0f0>] rtctimer_interrupt+0xd/0x11 [snd_rtctimer] [<c0227605>] rtc_interrupt+0xa5/0xe3 [<c014b428>] handle_IRQ_event+0x20/0x4d [<c014b4e9>] __do_IRQ+0x94/0xef [<c010627d>] do_IRQ+0x71/0x84 [<c01048d9>] common_interrupt+0x25/0x2c BUG: spinlock lockup on CPU#0, kmid/4947, c0321338 [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c01d82d4>] _raw_spin_lock+0xc2/0xe8 [<c02b07d6>] _spin_lock_irqsave+0x29/0x32 [<c0227175>] rtc_control+0x2e/0x66 [<f8b1c03e>] rtctimer_stop+0x3e/0x42 [snd_rtctimer] [<f89ceb71>] _snd_timer_stop+0xd0/0x137 [snd_timer] [<f89cebe7>] snd_timer_pause+0xf/0x11 [snd_timer] [<f8ad0a19>] snd_seq_timer_stop+0x20/0x26 [snd_seq] [<f8ad0d0f>] snd_seq_timer_start+0x16/0x4a [snd_seq] [<f8acfcdb>] snd_seq_control_queue+0xb6/0x13e [snd_seq] [<f8ad10d2>] event_input_timer+0xe/0x10 [snd_seq] [<f8acce4e>] snd_seq_deliver_single_event+0xdd/0x1cc [snd_seq] [<f8acd0b3>] snd_seq_deliver_event+0x176/0x184 [snd_seq] [<f8acd119>] snd_seq_client_enqueue_event+0x58/0xdc [snd_seq] [<f8ace80e>] snd_seq_write+0x129/0x16c [snd_seq] [<c01694d3>] vfs_write+0xab/0x157 [<c0169b16>] sys_write+0x3b/0x60 [<c0103db9>] sysenter_past_esp+0x56/0x8d DWARF2 unwinder stuck at sysenter_past_esp+0x56/0x8d Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c01d82d4>] _raw_spin_lock+0xc2/0xe8 [<c02b07d6>] _spin_lock_irqsave+0x29/0x32 [<c0227175>] rtc_control+0x2e/0x66 [<f8b1c03e>] rtctimer_stop+0x3e/0x42 [snd_rtctimer] [<f89ceb71>] _snd_timer_stop+0xd0/0x137 [snd_timer] [<f89cebe7>] snd_timer_pause+0xf/0x11 [snd_timer] [<f8ad0a19>] snd_seq_timer_stop+0x20/0x26 [snd_seq] [<f8ad0d0f>] snd_seq_timer_start+0x16/0x4a [snd_seq] [<f8acfcdb>] snd_seq_control_queue+0xb6/0x13e [snd_seq] [<f8ad10d2>] event_input_timer+0xe/0x10 [snd_seq] [<f8acce4e>] snd_seq_deliver_single_event+0xdd/0x1cc [snd_seq] [<f8acd0b3>] snd_seq_deliver_event+0x176/0x184 [snd_seq] [<f8acd119>] snd_seq_client_enqueue_event+0x58/0xdc [snd_seq] [<f8ace80e>] snd_seq_write+0x129/0x16c [snd_seq] [<c01694d3>] vfs_write+0xab/0x157 [<c0169b16>] sys_write+0x3b/0x60 [<c0103db9>] sysenter_past_esp+0x56/0x8d BUG: spinlock lockup on CPU#1, kmid/4918, dfbb263c [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c01d82d4>] _raw_spin_lock+0xc2/0xe8 [<c02b07d6>] _spin_lock_irqsave+0x29/0x32 [<f89cee75>] snd_timer_interrupt+0x21/0x241 [snd_timer] [<f8b1c0f0>] rtctimer_interrupt+0xd/0x11 [snd_rtctimer] [<c0227605>] rtc_interrupt+0xa5/0xe3 [<c014b428>] handle_IRQ_event+0x20/0x4d [<c014b4e9>] __do_IRQ+0x94/0xef [<c010627d>] do_IRQ+0x71/0x84 [<c01048d9>] common_interrupt+0x25/0x2c DWARF2 unwinder stuck at common_interrupt+0x25/0x2c Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c01d82d4>] _raw_spin_lock+0xc2/0xe8 [<c02b07d6>] _spin_lock_irqsave+0x29/0x32 [<f89cee75>] snd_timer_interrupt+0x21/0x241 [snd_timer] [<f8b1c0f0>] rtctimer_interrupt+0xd/0x11 [snd_rtctimer] [<c0227605>] rtc_interrupt+0xa5/0xe3 [<c014b428>] handle_IRQ_event+0x20/0x4d [<c014b4e9>] __do_IRQ+0x94/0xef [<c010627d>] do_IRQ+0x71/0x84 [<c01048d9>] common_interrupt+0x25/0x2c A simple workaround for lockdep of rtctimer is to disable CONFIG_SND_RTCTIMER, or pass seq_default_timer_device=0 to snd-seq module. This will use a system timer instead of RTC. But, of course, this AB<->BA lock must be fixed. I'll check it now... A simple solution is to remove the superfluous spinlock in rtc.c. Since snd-rtctimer is the only user of this rtc in-kernel-control stuff and it has own lock from the caller side (this triggered lockdep BUG), we can simply remove rtc_task_lock in rtc.c. I'll attach the patch. Don, could you check whether kmid works with it? Created attachment 9126 [details]
Remove superfluous lock from rtc.c
[ Peter Zijlistra added to Cc just because he's touched that area too lately. Peter, you probably don't care, but it's a independent problem to the one that has been getting tracked throught http://bugzilla.kernel.org/show_bug.cgi?id=7066 and I thought I'd at least mention it to you ] On Fri, 29 Sep 2006, Takashi Iwai wrote: > > A simple solution is to remove the superfluous spinlock in rtc.c. > Since snd-rtctimer is the only user of this rtc in-kernel-control stuff and it > has own lock from the caller side (this triggered lockdep BUG), we can simply > remove rtc_task_lock in rtc.c. > > I'll attach the patch. Don, could you check whether kmid works with it? I worry about this a bit - it sounds to me that the lock _should_ be in the rtc layer, and maybe it's the other lock that should be removed? But you're the one who added that RTC lock in the first place, so ... (Well, it's attributed to Jaroslav, but in the log-message he says it came from you - this was before sign-offs, and before git). Who else really has worked on this thing? It seems a bit broken that there's this interface in the RTC code that is apparently only used by the sound subsystem, and seems to be badly designed anyway (and where you can apparently even disable the use of it). This all makes me go "Hmm, that can't be very good.." Linus We can unlock temporarily in timer->lock in sound/core/rtctimer.c, too. But the double-lock of rtc_task_lock might still happen due to a code path like rtc_interrupt -> sound -> rtc_control(). Your concern is right. There is one little non-safe case by the complete removal of rtc_task_lock. We have no protection for rtc_callback instance being used in rtc_interrupt(). So, a safer option is to remove the lock in rtc_control(). This is just for sanity-check and plays no real role. This should suffice for avoiding the AB/BA lock. The new patch is attached again. And, yes, the interface design is my bad, indeed. It was written to be generic, but so far the sound is the only user. (RTC was the only usable major fine-timer-source on PC at that time :) It can get rid when we use more finer timer-subsystem... Created attachment 9127 [details]
Fix ABBA deadlock in rtc and sound timer
Created attachment 9129 [details]
crash dump
This generates debug information with the patch but does not lock up the
computer.
I tried and could not lock it up by moving the left volume bar up and down. I
don't hear any sound even after playing with a mixer and an alsa mixer. I can
play mp3s with mpg321.
Created attachment 9130 [details]
system map for the patched kernel
Since I have tried his patch my KDE clock is keeping the correct time. Before it would not keep the correct time even with ntp. I can also set my keyboard to repeat keys now. Before I had to turn that off. Created attachment 9147 [details]
another crash- syslog
Here is data from another crash. I found out my console log on the other
computer was not turned on so this is from syslog on the crashed machine.
Oct 9 19:19:56 c-69-137-114-21 kernel: ============================================= Oct 9 19:19:56 c-69-137-114-21 kernel: [ INFO: possible recursive locking detected ] Oct 9 19:19:56 c-69-137-114-21 kernel: --------------------------------------------- Oct 9 19:19:56 c-69-137-114-21 kernel: java_vm/11309 is trying to acquire lock: Oct 9 19:19:56 c-69-137-114-21 kernel: (slock-AF_INET6){-+..}, at: [<c0257c3f>] sk_clone+0xb6/0x27e Oct 9 19:19:56 c-69-137-114-21 kernel: Oct 9 19:19:56 c-69-137-114-21 kernel: but task is already holding lock: Oct 9 19:19:56 c-69-137-114-21 kernel: (slock-AF_INET6){-+..}, at: [<f8f00d7d>] tcp_v6_rcv+0x318/0x717 [ipv6] Oct 9 19:19:56 c-69-137-114-21 kernel: Oct 9 19:19:56 c-69-137-114-21 kernel: other info that might help us debug this: Oct 9 19:19:56 c-69-137-114-21 kernel: 1 lock held by java_vm/11309: Oct 9 19:19:56 c-69-137-114-21 kernel: #0: (slock-AF_INET6){-+..}, at: [<f8f00d7d>] tcp_v6_rcv+0x318/0x717 [ipv6] Oct 9 19:19:56 c-69-137-114-21 kernel: ct 9 19:19:56 c-69-137-114-21 kernel: Oct 9 19:19:56 c-69-137-114-21 kernel: stack backtrace: Oct 9 19:19:56 c-69-137-114-21 kernel: [<c0104eda>] show_trace_log_lvl+0x58/0x16a Oct 9 19:19:56 c-69-137-114-21 kernel: [<c01054d7>] show_trace+0xd/0x10 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c01055f6>] dump_stack+0x19/0x1b Oct 9 19:19:56 c-69-137-114-21 kernel: [<c01367ea>] __lock_acquire+0x793/0x9b6 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c0136cde>] lock_acquire+0x60/0x80 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c02b0473>] _spin_lock+0x19/0x28 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c0257c3f>] sk_clone+0xb6/0x27e Oct 9 19:19:56 c-69-137-114-21 kernel: [<c027ef35>] inet_csk_clone+0xd/0x5e Oct 9 19:19:56 c-69-137-114-21 kernel: [<c028f7fd>] tcp_create_openreq_child+0x1b/0x382 Oct 9 19:19:56 c-69-137-114-21 kernel: [<f8eff9fa>] tcp_v6_syn_recv_sock+0x248/0x575 [ipv6] Oct 9 19:19:56 c-69-137-114-21 kernel: [<c028fd34>] tcp_check_req+0x1d0/0x2e4 Oct 9 19:19:56 c-69-137-114-21 kernel: [<f8efed23>] tcp_v6_do_rcv+0x142/0x356 [ipv6] Oct 9 19:19:56 c-69-137-114-21 kernel: [<f8f0112a>] tcp_v6_rcv+0x6c5/0x717 [ipv6] Oct 9 19:19:56 c-69-137-114-21 kernel: [<f8ee7a03>] ip6_input+0x1c3/0x296 [ipv6] Oct 9 19:19:56 c-69-137-114-21 kernel: [<f8ee7f73>] ipv6_rcv+0x1d2/0x21f [ipv6] Oct 9 19:19:56 c-69-137-114-21 kernel: [<c025dbd8>] netif_receive_skb+0x2c6/0x34a Oct 9 19:19:56 c-69-137-114-21 kernel: [<c025f572>] process_backlog+0x99/0x114 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c025f76f>] net_rx_action+0x9d/0x162 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c01245e0>] __do_softirq+0x78/0xf2 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c0124698>] do_softirq+0x3e/0x56 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c012494a>] local_bh_enable_ip+0xa3/0xc9 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c02b0411>] _spin_unlock_bh+0x25/0x28 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c02569fb>] release_sock+0xb0/0xb8 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c0297dd8>] inet_stream_connect+0x129/0x21c Oct 9 19:19:56 c-69-137-114-21 kernel: [<c025593a>] sys_connect+0x67/0x84 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c0255fac>] sys_socketcall+0x8c/0x186 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c0103db9>] sysenter_past_esp+0x56/0x8d Oct 9 19:19:56 c-69-137-114-21 kernel: DWARF2 unwinder stuck at sysenter_past_esp+0x56/0x8d Oct 9 19:19:56 c-69-137-114-21 kernel: Leftover inexact backtrace: Oct 9 19:19:56 c-69-137-114-21 kernel: [<c01054d7>] show_trace+0xd/0x10 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c01055f6>] dump_stack+0x19/0x1b Oct 9 19:19:56 c-69-137-114-21 kernel: [<c01367ea>] __lock_acquire+0x793/0x9b6 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c0136cde>] lock_acquire+0x60/0x80 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c02b0473>] _spin_lock+0x19/0x28 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c0257c3f>] sk_clone+0xb6/0x27e Oct 9 19:19:56 c-69-137-114-21 kernel: [<c027ef35>] inet_csk_clone+0xd/0x5e Oct 9 19:19:56 c-69-137-114-21 kernel: [<c028f7fd>] tcp_create_openreq_child+0x1b/0x382 Oct 9 19:19:56 c-69-137-114-21 kernel: [<f8eff9fa>] tcp_v6_syn_recv_sock+0x248/0x575 [ipv6] Oct 9 19:19:56 c-69-137-114-21 kernel: [<c028fd34>] tcp_check_req+0x1d0/0x2e4 Oct 9 19:19:56 c-69-137-114-21 kernel: [<f8efed23>] tcp_v6_do_rcv+0x142/0x356 [ipv6] Oct 9 19:19:56 c-69-137-114-21 kernel: [<f8f0112a>] tcp_v6_rcv+0x6c5/0x717 [ipv6] Oct 9 19:19:56 c-69-137-114-21 kernel: [<f8ee7a03>] ip6_input+0x1c3/0x296 [ipv6] Oct 9 19:19:56 c-69-137-114-21 kernel: [<f8ee7f73>] ipv6_rcv+0x1d2/0x21f [ipv6] Oct 9 19:19:56 c-69-137-114-21 kernel: [<c025dbd8>] netif_receive_skb+0x2c6/0x34a Oct 9 19:19:56 c-69-137-114-21 kernel: [<c025f572>] process_backlog+0x99/0x114 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c025f76f>] net_rx_action+0x9d/0x162 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c01245e0>] __do_softirq+0x78/0xf2 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c0124698>] do_softirq+0x3e/0x56 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c012494a>] local_bh_enable_ip+0xa3/0xc9 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c02b0411>] _spin_unlock_bh+0x25/0x28 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c02569fb>] release_sock+0xb0/0xb8 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c0297dd8>] inet_stream_connect+0x129/0x21c Oct 9 19:19:56 c-69-137-114-21 kernel: [<c025593a>] sys_connect+0x67/0x84 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c0255fac>] sys_socketcall+0x8c/0x186 Oct 9 19:19:56 c-69-137-114-21 kernel: [<c0103db9>] sysenter_past_esp+0x56/0x8d Oct 9 19:19:56 c-69-137-114-21 kernel: kobject vcs10: registering. parent: vc, set: class_obj Oct 9 19:19:56 c-69-137-114-21 kernel: kobject_uevent Oct 9 19:19:56 c-69-137-114-21 kernel: fill_kobj_path: path = '/class/vc/vcs10' Oct 9 19:19:56 c-69-137-114-21 kernel: kobject vcsa10: registering. parent: vc, set: class_obj Oct 9 19:19:56 c-69-137-114-21 kernel: kobject_uevent Oct 9 19:19:56 c-69-137-114-21 kernel: fill_kobj_path: path = '/class/vc/vcsa10' Oct 9 19:31:00 c-69-137-114-21 syslog-ng[2601]: STATS: dropped 0 Oct 9 20:31:00 c-69-137-114-21 syslog-ng[2601]: STATS: dropped 0 I am not sure when this error was made. Perhaps in an older kernel or maybe not. fsck 1.38 (30-Jun-2005) [/bin/fsck.ext3 (1) -- /] fsck.ext3 -a /dev/sda1 /dev/sda1 has gone 60 days without being checked, check forced. /dev/sda1: Duplicate or bad block in use! /dev/sda1: Multiply-claimed block(s) in inode 9601216: 16777225 /dev/sda1: (There are 1 inodes containing multiply-claimed blocks.) I have been having problems compiling a src rpm. My system has been up for several days. It fails do to a segmentation fault. When I change to that directory and rerun the command manualy, it compiles OK without errors. I just did a memtest overnight and it passed with 0 errors. Then I noticed these messages in the log. ============================================= [ INFO: possible recursive locking detected ] --------------------------------------------- java_vm/6897 is trying to acquire lock: (slock-AF_INET6){-+..}, at: [<c0257c3f>] sk_clone+0xb6/0x27e but task is already holding lock: (slock-AF_INET6){-+..}, at: [<f8f1ad7d>] tcp_v6_rcv+0x318/0x717 [ipv6] other info that might help us debug this: 1 lock held by java_vm/6897: #0: (slock-AF_INET6){-+..}, at: [<f8f1ad7d>] tcp_v6_rcv+0x318/0x717 [ipv6] stack backtrace: [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c01367ea>] __lock_acquire+0x793/0x9b6 [<c0136cde>] lock_acquire+0x60/0x80 [<c02b0473>] _spin_lock+0x19/0x28 [<c0257c3f>] sk_clone+0xb6/0x27e [<c027ef35>] inet_csk_clone+0xd/0x5e [<c028f7fd>] tcp_create_openreq_child+0x1b/0x382 [<f8f199fa>] tcp_v6_syn_recv_sock+0x248/0x575 [ipv6] [<c028fd34>] tcp_check_req+0x1d0/0x2e4 [<f8f18d23>] tcp_v6_do_rcv+0x142/0x356 [ipv6] [<f8f1b12a>] tcp_v6_rcv+0x6c5/0x717 [ipv6] [<f8f01a03>] ip6_input+0x1c3/0x296 [ipv6] [<f8f01f73>] ipv6_rcv+0x1d2/0x21f [ipv6] [<c025dbd8>] netif_receive_skb+0x2c6/0x34a [<c025f572>] process_backlog+0x99/0x114 [<c025f76f>] net_rx_action+0x9d/0x162 [<c01245e0>] __do_softirq+0x78/0xf2 [<c0124698>] do_softirq+0x3e/0x56 [<c012494a>] local_bh_enable_ip+0xa3/0xc9 [<c02b0411>] _spin_unlock_bh+0x25/0x28 [<c02569fb>] release_sock+0xb0/0xb8 [<c0297dd8>] inet_stream_connect+0x129/0x21c [<c025593a>] sys_connect+0x67/0x84 [<c0255fac>] sys_socketcall+0x8c/0x186 [<c0103db9>] sysenter_past_esp+0x56/0x8d DWARF2 unwinder stuck at sysenter_past_esp+0x56/0x8d Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c01367ea>] __lock_acquire+0x793/0x9b6 [<c0136cde>] lock_acquire+0x60/0x80 [<c02b0473>] _spin_lock+0x19/0x28 [<c0257c3f>] sk_clone+0xb6/0x27e [<c027ef35>] inet_csk_clone+0xd/0x5e [<c028f7fd>] tcp_create_openreq_child+0x1b/0x382 [<f8f199fa>] tcp_v6_syn_recv_sock+0x248/0x575 [ipv6] [<c028fd34>] tcp_check_req+0x1d0/0x2e4 [<f8f18d23>] tcp_v6_do_rcv+0x142/0x356 [ipv6] [<f8f1b12a>] tcp_v6_rcv+0x6c5/0x717 [ipv6] [<f8f01a03>] ip6_input+0x1c3/0x296 [ipv6] [<f8f01f73>] ipv6_rcv+0x1d2/0x21f [ipv6] [<c025dbd8>] netif_receive_skb+0x2c6/0x34a [<c025f572>] process_backlog+0x99/0x114 [<c025f76f>] net_rx_action+0x9d/0x162 [<c01245e0>] __do_softirq+0x78/0xf2 [<c0124698>] do_softirq+0x3e/0x56 [<c012494a>] local_bh_enable_ip+0xa3/0xc9 [<c02b0411>] _spin_unlock_bh+0x25/0x28 [<c02569fb>] release_sock+0xb0/0xb8 [<c0297dd8>] inet_stream_connect+0x129/0x21c [<c025593a>] sys_connect+0x67/0x84 [<c0255fac>] sys_socketcall+0x8c/0x186 [<c0103db9>] sysenter_past_esp+0x56/0x8d SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:50:8d:db:39:3d:00:01:5c:22:76:02:08:00 SRC=60.11.125.41 DST=69.137.114.21 LEN=928 TOS=0x00 PREC=0x20 TTL=43 ID=0 DF PROTO=UDP SPT=57695 DPT=1026 LEN=908 SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:50:8d:db:39:3d:00:01:5c:22:76:02:08:00 SRC=60.11.125.41 DST=69.137.114.21 LEN=928 TOS=0x00 PREC=0x20 TTL=43 ID=0 DF PROTO=UDP SPT=57695 DPT=1027 LEN=908 kobject_uevent fill_kobj_path: path = '/class/vc/vcs7' kobject vcs7: cleaning up kobject_uevent fill_kobj_path: path = '/class/vc/vcsa7' kobject vcsa7: cleaning up INIT: Switching to runINIT: kobject_uevent Sending processefill_kobj_path: path = '/class/vc/vcs3' s the TERM signal kobject vcs3: cleaning up kobject_uevent fill_kobj_path: path = '/class/vc/vcsa3' kobject vcsa3: cleaning up kobject_uevent fill_kobj_path: path = '/class/vc/vcs2' kobject vcs2: cleaning up kobject_uevent fill_kobj_path: path = '/class/vc/vcsa2' kobject vcsa2: cleaning up kobject_uevent fill_kobj_path: path = '/class/vc/vcs5' kobject vcs5: cleaning up kobject_uevent fill_kobj_path: path = '/class/vc/vcsa5' kobject vcsa5: cleaning up kobject_uevent fill_kobj_path: path = '/class/vc/vcs6' kobject vcs6: cleaning up kobject_uevent fill_kobj_path: path = '/class/vc/vcsa6' kobject vcsa6: cleaning up kobject_uevent fill_kobj_path: path = '/class/vc/vcs4' kobject vcs4: cleaning up kobject_uevent fill_kobj_path: path = '/class/vc/vcsa4' kobject vcsa4: cleaning up This latest crash was caused by just untaring a large source file: Oops: 0002 [#1] SMP Modules linked in: ipt_LOG xt_limit xt_pkttype af_packet cpufreq_ondemand cpufreq_userspace cpufreq_powersave powernow_k8 freq_table edd snd_pcm_oss snd_mixer_oss snd_seq snd_seq_device asus_acpi button battery ac ip6t_REJECT xt_tcpudp ipt_REJECT xt_state iptable_mangle iptable_nat ip_nat iptable_filter ip6table_mangle ip_conntrack nfnetlink ip_tables ip6table_filter ip6_tables x_tables ipv6 loop dm_mod snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd soundcore snd_page_alloc i2c_nforce2 ehci_hcd ohci_hcd i2c_core usbcore ohci1394 ieee1394 ide_cd cdrom forcedeth ext3 jbd fan thermal processor sg sata_nv libata amd74xx sd_mod scsi_mod ide_disk ide_core CPU: 1 EIP: 0060:[<c017e0e0>] Not tainted VLI EFLAGS: 00010206 (2.6.18-smp #2) EIP is at prune_one_dentry+0x23/0x79 eax: 00207400 ebx: d7f4f07c ecx: d7f4f0a4 edx: c2aa2fb4 esi: d7f4f07c edi: d7f4f084 ebp: dfad7ee8 esp: dfad7ee0 ds: 007b es: 007b ss: 0068 Process kswapd0 (pid: 213, ti=dfad6000 task=dff0cae0 task.ti=dfad6000) Stack: dfa769d0 d7f4f07c dfad7f04 c017e2ff 00000000 00000053 00027678 dfff2404 000000a8 dfad7f0c c017e34f dfad7f3c c0154b5a 01d8da00 00000000 01d8da00 0006d934 000000d0 00000180 00000000 00000060 c030ea80 c0312200 dfad7fc8 Call Trace: [<c017e2ff>] prune_dcache+0xfc/0x133 [<c017e34f>] shrink_dcache_memory+0x19/0x31 [<c0154b5a>] shrink_slab+0xd0/0x137 [<c0154f33>] kswapd+0x2d2/0x3a8 [<c01310d7>] kthread+0xc3/0xf0 [<c0102005>] kernel_thread_helper+0x5/0xb DWARF2 unwinder stuck at kernel_thread_helper+0x5/0xb Leftover inexact backtrace: [<c0105076>] show_stack_log_lvl+0x8a/0x95 [<c01051ad>] show_registers+0x12c/0x199 [<c010539b>] die+0x181/0x284 [<c02b190b>] do_page_fault+0x3e5/0x4ad [<c0104a71>] error_code+0x39/0x40 [<c017e2ff>] prune_dcache+0xfc/0x133 [<c017e34f>] shrink_dcache_memory+0x19/0x31 [<c0154b5a>] shrink_slab+0xd0/0x137 [<c0154f33>] kswapd+0x2d2/0x3a8 [<c01310d7>] kthread+0xc3/0xf0 [<c0102005>] kernel_thread_helper+0x5/0xb Code: fe ff ff 89 d8 5b 5d c3 55 89 e5 56 53 89 c3 8b 40 04 a8 10 75 1f 83 c8 10 89 43 04 8d 4b 28 8b 43 28 8b 51 04 85 c0 89 02 74 03 <89> 50 04 c7 41 04 00 02 20 00 8d 4b 48 8b 53 48 8b 41 04 89 42 EIP: [<c017e0e0>] prune_one_dentry+0x23/0x79 SS:ESP 0068:dfad7ee0 <4>SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:50:8d:db:39:3d:00:01:5c:22:76:02:08:00 SRC=221.208.208.94 DST=69.137.114.21 LEN=485 TOS=0x00 PREC=0x20 TTL=43 ID=0 DF PROTO=UDP SPT=53530 DPT=1027 LEN=465 BUG: soft lockup detected on CPU#0! [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 DWARF2 unwinder stuck at apic_timer_interrupt+0x2a/0x30 Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 [<c02b047a>] _spin_lock+0x20/0x28 [<c017dcd3>] d_instantiate+0x24/0x8a [<f88bb7fc>] ext3_add_nondir+0x2e/0x42 [ext3] [<f88bbd2d>] ext3_create+0xa8/0xdc [ext3] [<c0175603>] vfs_create+0xce/0x13e [<c01780cc>] open_namei+0x16b/0x630 [<c0167b0c>] do_filp_open+0x1f/0x35 [<c0167b62>] do_sys_open+0x40/0xb5 [<c0167c03>] sys_open+0x16/0x18 [<c0103db9>] sysenter_past_esp+0x56/0x8d BUG: soft lockup detected on CPU#1! [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 DWARF2 unwinder stuck at apic_timer_interrupt+0x2a/0x30 Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 [<c02b047a>] _spin_lock+0x20/0x28 [<c01c9409>] _atomic_dec_and_lock+0x2d/0x4c [<c017df95>] dput+0x34/0x139 [<c0174957>] path_release+0xd/0x23 [<c0171765>] vfs_stat_fd+0x36/0x40 [<c01717f1>] vfs_stat+0x11/0x13 [<c0171807>] sys_stat64+0x14/0x28 [<c0103db9>] sysenter_past_esp+0x56/0x8d BUG: soft lockup detected on CPU#0! [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 DWARF2 unwinder stuck at apic_timer_interrupt+0x2a/0x30 Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 [<c01ccee0>] __delay+0x9/0xb [<c01d828c>] _raw_spin_lock+0x7a/0xe8 [<c02b047a>] _spin_lock+0x20/0x28 [<c017dcd3>] d_instantiate+0x24/0x8a [<f88bb7fc>] ext3_add_nondir+0x2e/0x42 [ext3] [<f88bbd2d>] ext3_create+0xa8/0xdc [ext3] [<c0175603>] vfs_create+0xce/0x13e [<c01780cc>] open_namei+0x16b/0x630 [<c0167b0c>] do_filp_open+0x1f/0x35 [<c0167b62>] do_sys_open+0x40/0xb5 [<c0167c03>] sys_open+0x16/0x18 [<c0103db9>] sysenter_past_esp+0x56/0x8d BUG: soft lockup detected on CPU#1! [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 DWARF2 unwinder stuck at apic_timer_interrupt+0x2a/0x30 Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 [<c02b047a>] _spin_lock+0x20/0x28 [<c01c9409>] _atomic_dec_and_lock+0x2d/0x4c [<c017df95>] dput+0x34/0x139 [<c0174957>] path_release+0xd/0x23 [<c0171765>] vfs_stat_fd+0x36/0x40 [<c01717f1>] vfs_stat+0x11/0x13 [<c0171807>] sys_stat64+0x14/0x28 [<c0103db9>] sysenter_past_esp+0x56/0x8d BUG: soft lockup detected on CPU#0! [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 DWARF2 unwinder stuck at apic_timer_interrupt+0x2a/0x30 Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 [<c02b047a>] _spin_lock+0x20/0x28 [<c017dcd3>] d_instantiate+0x24/0x8a [<f88bb7fc>] ext3_add_nondir+0x2e/0x42 [ext3] [<f88bbd2d>] ext3_create+0xa8/0xdc [ext3] [<c0175603>] vfs_create+0xce/0x13e [<c01780cc>] open_namei+0x16b/0x630 [<c0167b0c>] do_filp_open+0x1f/0x35 [<c0167b62>] do_sys_open+0x40/0xb5 [<c0167c03>] sys_open+0x16/0x18 [<c0103db9>] sysenter_past_esp+0x56/0x8d BUG: soft lockup detected on CPU#1! [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 DWARF2 unwinder stuck at apic_timer_interrupt+0x2a/0x30 Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 [<c02b047a>] _spin_lock+0x20/0x28 [<c01c9409>] _atomic_dec_and_lock+0x2d/0x4c [<c017df95>] dput+0x34/0x139 [<c0174957>] path_release+0xd/0x23 [<c0171765>] vfs_stat_fd+0x36/0x40 [<c01717f1>] vfs_stat+0x11/0x13 [<c0171807>] sys_stat64+0x14/0x28 [<c0103db9>] sysenter_past_esp+0x56/0x8d BUG: soft lockup detected on CPU#0! [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 DWARF2 unwinder stuck at apic_timer_interrupt+0x2a/0x30 Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 [<c02b047a>] _spin_lock+0x20/0x28 [<c017dcd3>] d_instantiate+0x24/0x8a [<f88bb7fc>] ext3_add_nondir+0x2e/0x42 [ext3] [<f88bbd2d>] ext3_create+0xa8/0xdc [ext3] [<c0175603>] vfs_create+0xce/0x13e [<c01780cc>] open_namei+0x16b/0x630 [<c0167b0c>] do_filp_open+0x1f/0x35 [<c0167b62>] do_sys_open+0x40/0xb5 [<c0167c03>] sys_open+0x16/0x18 [<c0103db9>] sysenter_past_esp+0x56/0x8d BUG: soft lockup detected on CPU#1! [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 DWARF2 unwinder stuck at apic_timer_interrupt+0x2a/0x30 Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 [<c02b047a>] _spin_lock+0x20/0x28 [<c01c9409>] _atomic_dec_and_lock+0x2d/0x4c [<c017df95>] dput+0x34/0x139 [<c0174957>] path_release+0xd/0x23 [<c0171765>] vfs_stat_fd+0x36/0x40 [<c01717f1>] vfs_stat+0x11/0x13 [<c0171807>] sys_stat64+0x14/0x28 [<c0103db9>] sysenter_past_esp+0x56/0x8d BUG: soft lockup detected on CPU#0! [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 DWARF2 unwinder stuck at apic_timer_interrupt+0x2a/0x30 Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 [<c01ccee0>] __delay+0x9/0xb [<c01d828c>] _raw_spin_lock+0x7a/0xe8 [<c02b047a>] _spin_lock+0x20/0x28 [<c017dcd3>] d_instantiate+0x24/0x8a [<f88bb7fc>] ext3_add_nondir+0x2e/0x42 [ext3] [<f88bbd2d>] ext3_create+0xa8/0xdc [ext3] [<c0175603>] vfs_create+0xce/0x13e [<c01780cc>] open_namei+0x16b/0x630 [<c0167b0c>] do_filp_open+0x1f/0x35 [<c0167b62>] do_sys_open+0x40/0xb5 [<c0167c03>] sys_open+0x16/0x18 [<c0103db9>] sysenter_past_esp+0x56/0x8d BUG: soft lockup detected on CPU#1! [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 DWARF2 unwinder stuck at apic_timer_interrupt+0x2a/0x30 Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 [<c02b047a>] _spin_lock+0x20/0x28 [<c01c9409>] _atomic_dec_and_lock+0x2d/0x4c [<c017df95>] dput+0x34/0x139 [<c0174957>] path_release+0xd/0x23 [<c0171765>] vfs_stat_fd+0x36/0x40 [<c01717f1>] vfs_stat+0x11/0x13 [<c0171807>] sys_stat64+0x14/0x28 [<c0103db9>] sysenter_past_esp+0x56/0x8d BUG: soft lockup detected on CPU#0! [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 DWARF2 unwinder stuck at apic_timer_interrupt+0x2a/0x30 Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 [<c02b047a>] _spin_lock+0x20/0x28 [<c017dcd3>] d_instantiate+0x24/0x8a [<f88bb7fc>] ext3_add_nondir+0x2e/0x42 [ext3] [<f88bbd2d>] ext3_create+0xa8/0xdc [ext3] [<c0175603>] vfs_create+0xce/0x13e [<c01780cc>] open_namei+0x16b/0x630 [<c0167b0c>] do_filp_open+0x1f/0x35 [<c0167b62>] do_sys_open+0x40/0xb5 [<c0167c03>] sys_open+0x16/0x18 [<c0103db9>] sysenter_past_esp+0x56/0x8d BUG: soft lockup detected on CPU#1! [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 DWARF2 unwinder stuck at apic_timer_interrupt+0x2a/0x30 Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 [<c02b047a>] _spin_lock+0x20/0x28 [<c01c9409>] _atomic_dec_and_lock+0x2d/0x4c [<c017df95>] dput+0x34/0x139 [<c0174957>] path_release+0xd/0x23 [<c0171765>] vfs_stat_fd+0x36/0x40 [<c01717f1>] vfs_stat+0x11/0x13 [<c0171807>] sys_stat64+0x14/0x28 [<c0103db9>] sysenter_past_esp+0x56/0x8d BUG: soft lockup detected on CPU#0! [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 DWARF2 unwinder stuck at apic_timer_interrupt+0x2a/0x30 Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 [<c01d828c>] _raw_spin_lock+0x7a/0xe8 [<c02b047a>] _spin_lock+0x20/0x28 [<c017dcd3>] d_instantiate+0x24/0x8a [<f88bb7fc>] ext3_add_nondir+0x2e/0x42 [ext3] [<f88bbd2d>] ext3_create+0xa8/0xdc [ext3] [<c0175603>] vfs_create+0xce/0x13e [<c01780cc>] open_namei+0x16b/0x630 [<c0167b0c>] do_filp_open+0x1f/0x35 [<c0167b62>] do_sys_open+0x40/0xb5 [<c0167c03>] sys_open+0x16/0x18 [<c0103db9>] sysenter_past_esp+0x56/0x8d BUG: soft lockup detected on CPU#1! [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 DWARF2 unwinder stuck at apic_timer_interrupt+0x2a/0x30 Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 [<c02b047a>] _spin_lock+0x20/0x28 [<c01c9409>] _atomic_dec_and_lock+0x2d/0x4c [<c017df95>] dput+0x34/0x139 [<c0174957>] path_release+0xd/0x23 [<c0171765>] vfs_stat_fd+0x36/0x40 [<c01717f1>] vfs_stat+0x11/0x13 [<c0171807>] sys_stat64+0x14/0x28 [<c0103db9>] sysenter_past_esp+0x56/0x8d BUG: soft lockup detected on CPU#0! [<c0104eda>] show_trace_log_lvl+0x58/0x16a [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 DWARF2 unwinder stuck at apic_timer_interrupt+0x2a/0x30 Leftover inexact backtrace: [<c01054d7>] show_trace+0xd/0x10 [<c01055f6>] dump_stack+0x19/0x1b [<c014b1b7>] softlockup_tick+0xa5/0xb9 [<c0128467>] run_local_timers+0x12/0x14 [<c01287e6>] update_process_times+0x3c/0x61 [<c0113a78>] smp_apic_timer_interrupt+0x6d/0x75 [<c010499a>] apic_timer_interrupt+0x2a/0x30 [<c02b047a>] _spin_lock+0x20/0x28 [<c017dcd3>] d_instantiate+0x24/0x8a [<f88bb7fc>] ext3_add_nondir+0x2e/0x42 [ext3] [<f88bbd2d>] ext3_create+0xa8/0xdc [ext3] [<c0175603>] vfs_create+0xce/0x13e [<c01780cc>] open_namei+0x16b/0x630 [<c0167b0c>] do_filp_open+0x1f/0x35 [<c0167b62>] do_sys_open+0x40/0xb5 [<c0167c03>] sys_open+0x16/0x18 [<c0103db9>] sysenter_past_esp+0x56/0x8d On Sat, 28 Oct 2006, bugme-daemon@bugzilla.kernel.org wrote: > > This latest crash was caused by just untaring a large source file: > > EIP: 0060:[<c017e0e0>] Not tainted VLI > EFLAGS: 00010206 (2.6.18-smp #2) > EIP is at prune_one_dentry+0x23/0x79 > eax: 00207400 ebx: d7f4f07c ecx: d7f4f0a4 edx: c2aa2fb4 > esi: d7f4f07c edi: d7f4f084 ebp: dfad7ee8 esp: dfad7ee0 > ds: 007b es: 007b ss: 0068 > Process kswapd0 (pid: 213, ti=dfad6000 task=dff0cae0 task.ti=dfad6000) > Stack: dfa769d0 d7f4f07c dfad7f04 c017e2ff 00000000 00000053 00027678 dfff2404 > 000000a8 dfad7f0c c017e34f dfad7f3c c0154b5a 01d8da00 00000000 01d8da00 > 0006d934 000000d0 00000180 00000000 00000060 c030ea80 c0312200 dfad7fc8 > Code: ... c0 89 02 74 03 <89> 50 04 c7 41 04 ... That's this sequence: test %eax,%eax mov %eax,(%edx) je over *** mov %edx,0x4(%eax) *** over: movl $0x200200,0x4(%ecx) lea 0x48(%ebx),%ecx .. where the starred instruction oopses because %eax is 00207400. That sequence is "hlist_del_rcu()" from __d_drop() at the very top of the function. The value for %eax is somewhat interesting. It's 0x00200200 + 0x7200, and while I don't see how the 0x7200 got there, it's still close enough to 0x00200200 that it's intriguing. And 0x00200200 is obviously the magic number to poison the list entries. Anyway, the value of %eax at that point comes from "dentry->d_hash.next", so the dentry hash-list has clearly gotten corrupted. It _looks_ like the same dentry has gotten unhashed twice, but we actually have code to protect against that in __d_drop: if (!(dentry->d_flags & DCACHE_UNHASHED)) { dentry->d_flags |= DCACHE_UNHASHED; hlist_del_rcu(&dentry->d_hash); } but it's still intriguing. (This all should run under "dcache_lock" _and_ the dentry->d_lock, so there's no race on the DCACHE_UNHASHED thing either). Very strange. Linus drh:/boot>md5sum vmlinuz-2.6.18-smp 583308f23f63ecf72dc80d37c825857e vmlinuz-2.6.18-smp drh:/boot>md5sum initrd-2.6.18-smp d1cda47c9e9d23c128c09f0bc48f3f20 initrd-2.6.18-smp drh:/boot/grub>for name in `ls`; do md5sum $name; done f3317bc6b36d7f44282ad8e020b3e2f9 default 089d43a54adbc29b7d2c5308e9cd8439 e2fs_stage1_5 a99945c26d8455ee9787bfc937491699 fat_stage1_5 12f49f1bdedaaa6f24eab8aa06078bbc ffs_stage1_5 453f03aa3c0363e877abadd7f52b4fc3 iso9660_stage1_5 ffed452493ddc3466ab40a3ad7de4f91 jfs_stage1_5 4481893f2403b21d93ae213982d3bddb minix_stage1_5 45c5163d47e8dcdea74ae5a8271d622b reiserfs_stage1_5 addcae72a6ed5918e733d6f5a31862d5 stage1 9f66f479e64fe8eed2528be43295af00 stage2 bbb6e9daaa91fe2f178118454d56fc4c ufs2_stage1_5 20feb267048c8e8fd426f79ccfa42ca5 vstafs_stage1_5 08c1dc8ce7aeb110aff9b85ee27ea2f9 xfs_stage1_5 I am running linux-2.6.18.3 now. Recently I have done some heavy processing and it did not crash. I noticed this message in the log which may be a clue as to what might have/be causing the problem. Nov 28 06:16:40 c-69-137-114-21 kernel: [165129.452000] eth0: too many iterations (6) in nv_nic_irq. I have seen this message in other areas of the log. This bug does not seem to appear in linux-2.6.18.3. I have not had a crash yet with this kernel version. I turned off my other computer with the serial console log, because of a lack of crashes. I did notice an abnormality today, but it may not be a kernel problem. When I ran grub-install on /dev/hda I got an error message for dev/fd0 even though there were no references to /dev/fd0. /dev/fd0 was in the map though. So if you want to close this you may. If I find additional problems, I will open another bug report. Thanks! |