Bug 125211

Summary: kernel BUG at mm/shmem.c:614! while starting gdm
Product: [Fedora] Fedora Reporter: Ralf Ertzinger <redhat-bugzilla>
Component: kernelAssignee: Arjan van de Ven <arjanv>
Status: CLOSED RAWHIDE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: rlrevell
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-06-09 10:13:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ralf Ertzinger 2004-06-03 16:34:25 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
While starting gdm, the kernel throws the following BUG:

kernel BUG at mm/shmem.c:614!
invalid operand: 0000 [#1]
Modules linked in: binfmt_misc ipv6 parport_pc lp parport 3c59x sunrpc
snd_ens1371 snd_rawmidi snd_seq_device snd_pcm snd_page_alloc
snd_timer snd_ac97_codec snd soundcore gameport dm_mod joydev uhci_hcd
ext3 jbd aic7xxx sd_mod scsi_mod
CPU:    0
EIP:    0060:[<021399da>]    Not tainted
EFLAGS: 00013202   (2.6.6-1.411) 
 EIP is at shmem_delete_inode+0x7f/0x95
 eax: 1b81a154   ebx: 1b81a0bc   ecx: 1b81a0bc   edx: 00000000
 esi: 1b81a0bc   edi: 1b81a060   ebp: 21fee668   esp: 1bc09dd8
 ds: 007b   es: 007b   ss: 0068
 Process X (pid: 1702, threadinfo=1bc09000 task=1bc6b790)
 Stack: 1b81a0bc 0213995b 1b81a0bc 1925678c 0215315a 1b81a0bc 1b81a0bc
021532db 
Jun  3 18:19:37 nausicaa gdm[1691]: gdm_slave_xioerror_handler: Fatal
X error - Restarting :0
        1925678c 0215135b 1c5d6380 21f6f2e0 02140f3f 1bee5468 00000000
023715d0 
        00000000 0217b093 1bee5468 0217ba52 00000100 00000000 00008691
00000000 
 Call Trace:
  [<0213995b>] shmem_delete_inode+0x0/0x95
  [<0215315a>] generic_delete_inode+0x98/0xe1
  [<021532db>] iput+0x58/0x5a
  [<0215135b>] dput+0x122/0x13a
  [<02140f3f>] __fput+0xb3/0xd1
  [<0217b093>] shm_destroy+0x43/0x5e
  [<0217ba52>] sys_shmctl+0x589/0x735
  [<0214ddd1>] filldir64+0x108/0x12e
  [<0212a8fd>] __generic_file_aio_read+0x157/0x171
  [<02133f6f>] zap_pte_range+0x6e/0x238
  [<02134172>] zap_pmd_range+0x39/0x54
  [<021341c9>] unmap_page_range+0x3c/0x57
  [<021342d5>] unmap_vmas+0xf1/0x1ae
  [<0217b133>] shm_close+0x85/0x96
  [<02137096>] unmap_vma+0x4a/0x60
  [<021370ba>] unmap_vma_list+0xe/0x17
  [<02137395>] do_munmap+0xfd/0x107
  [<0210aaee>] sys_ipc+0x191/0x1a7
  [<02137395>] do_munmap+0xfd/0x107
 
 Code: 0f 0b 66 02 f9 3b 29 02 ff 45 0c 89 f0 5b 5e 5f 5d e9 70 8d 

gdm fails to start.

Version-Release number of selected component (if applicable):
kernel-2.6.6-1.411

How reproducible:
Always

Steps to Reproduce:
1. start gdm
2.
3.
    

Actual Results:  gdm fails, throwing kernel BUG

Expected Results:  login screen

Additional info:

Comment 1 Lee Revell 2004-06-03 22:43:04 UTC
Same problem with startx from the command line.  I got a different
call trace, here it is:

kernel BUG at mm/shmem.c:614!
invalid operand: 0000 [#1]
Modules linked in: ipv6 autofs4 e100 mii floppy sg microcode dm_mod
ext3 jbd Bus
Logic sd_mod scsi_mod
CPU:    0
EIP:    0060:[<021399da>]    Not tainted
EFLAGS: 00013202   (2.6.6-1.411)
EIP is at shmem_delete_inode+0x7f/0x95
eax: 19dfd2d4   ebx: 19dfd23c   ecx: 19dfd23c   edx: 00000000
esi: 19dfd23c   edi: 19dfd1e0   ebp: 19fee5c8   esp: 12cccdd8
ds: 007b   es: 007b   ss: 0068
Process X (pid: 2095, threadinfo=12ccc000 task=12eb2d10)
Stack: 19dfd23c 0213995b 19dfd23c 10abc17c 0215315a 19dfd23c 19dfd23c
021532db
       10abc17c 0215135b 12ea4e20 19f782e0 02140f3f 1423b868 00000000
023715d0
       00000000 0217b093 1423b868 0217ba52 00000100 00000000 00003b8c
00000000
Call Trace:
 [<0213995b>] shmem_delete_inode+0x0/0x95
 [<0215315a>] generic_delete_inode+0x98/0xe1
 [<021532db>] iput+0x58/0x5a
 [<0215135b>] dput+0x122/0x13a
 [<02140f3f>] __fput+0xb3/0xd1
 [<0217b093>] shm_destroy+0x43/0x5e
 [<0217ba52>] sys_shmctl+0x589/0x735
 [<02163cd9>] proc_alloc_inode+0x3d/0x5e
 [<02152579>] alloc_inode+0xf9/0x17c
 [<02163c7f>] proc_read_inode+0xc/0x29
 [<02133f6f>] zap_pte_range+0x6e/0x238
 [<02134172>] zap_pmd_range+0x39/0x54
 [<021341c9>] unmap_page_range+0x3c/0x57
 [<021342d5>] unmap_vmas+0xf1/0x1ae
 [<0217b133>] shm_close+0x85/0x96
 [<02137096>] unmap_vma+0x4a/0x60
 [<021370ba>] unmap_vma_list+0xe/0x17
 [<02137395>] do_munmap+0xfd/0x107
 [<0210aaee>] sys_ipc+0x191/0x1a7
 [<02137395>] do_munmap+0xfd/0x107

Code: 0f 0b 66 02 f9 3b 29 02 ff 45 0c 89 f0 5b 5e 5f 5d e9 70 8d



Comment 2 Arjan van de Ven 2004-06-09 10:13:57 UTC
fixed in rawhide