I was running a Perl script that hasn't given me any trouble before or since. It segfaulted and I got the following kernel oops message. kernel-2.6.20-1.2952.fc6 --- Oops: 0002 [#1] SMP CPU: 0 EIP: 0060:[<ee86a321>] Not tainted VLI EFLAGS: 00210202 (2.6.20-1.2952.fc6 #1) EIP is at journal_grab_journal_head+0x26/0x3e [jbd] eax: 33206698 ebx: c0007be0 ecx: 00000000 edx: c0007be0 esi: 000280d2 edi: c1427db8 ebp: c0704c80 esp: c48bad28 ds: 007b es: 007b ss: 0068 Process perl (pid: 3695, ti=c48ba000 task=d1ecb330 task.ti=c48ba000) Stack: ee865ef7 00000027 00200246 e8c25898 edd45614 c1215890 ed79c000 c0007be0 ee92b502 000280d2 00000001 c0704c80 c0458428 c1427db8 ca748ed4 c045d9ba c48bae4c 00000144 c48baea0 00000009 00000000 00000000 00000020 00000005 Call Trace: [<ee865ef7>] journal_try_to_free_buffers+0x5e/0x13e [jbd] [<ee92b502>] ext3_releasepage+0x0/0x7b [ext3] [<c0458428>] try_to_release_page+0x30/0x42 [<c045d9ba>] shrink_inactive_list+0x44f/0x6c9 [<c045d0b9>] isolate_lru_pages+0x64/0x7d [<c045d406>] shrink_active_list+0x334/0x33c [<c045dcf1>] shrink_zone+0xbd/0xe2 [<c045e632>] try_to_free_pages+0x140/0x22e [<c045a93c>] __alloc_pages+0x1a8/0x2aa [<c04ed250>] copy_from_user+0x3a/0x66 [<c04614f7>] __handle_mm_fault+0x3e2/0x8ba [<c05b7bab>] sys_setsockopt+0x6d/0xa7 [<c0621eda>] do_page_fault+0x216/0x4da [<c0621cc4>] do_page_fault+0x0/0x4da [<c062092c>] error_code+0x7c/0x84 ======================= Code: 1c 5b 5e 5f c3 89 c2 eb 0b f3 90 8b 02 a9 00 00 20 00 75 f5 90 0f ba 2a 15 19 c0 85 c0 75 ec 8b 02 31 c9 f6 c4 40 74 06 8b 4a 24 <ff> 41 04 8b 02 a9 00 00 20 00 75 04 0f 0b eb fe 90 0f ba 32 15 EIP: [<ee86a321>] journal_grab_journal_head+0x26/0x3e [jbd] SS:ESP 0068:c48bad28
the first few lines of the oops message are missing
The above was all that was printed on my terminals, but the below was also in /var/log/messages: BUG: unable to handle kernel NULL pointer dereference at virtual address 00000004 printing eip: ee86a321 *pde = 24312067
struct journal_head *journal_grab_journal_head(struct buffer_head *bh) { struct journal_head *jh = NULL; jbd_lock_bh_journal_head(bh); if (buffer_jbd(bh)) { jh = bh2jh(bh); jh==0 =====> jh->b_jcount++; } jbd_unlock_bh_journal_head(bh); return jh; } Please run fsck on the filesystem.
As it happens, I just finished doing that, and there were some problems which have now been fixed.
So, an oops caused by corrupt ext3 filesystem, apparently. cc: added for esandeen...
do you still have the output from e2fsck? Some indication of what was wrong would be helpful.
Guess I should look at locking around when we set/clear buffer_jbd and when bh_private is set/cleared... if (buffer_jbd(bh)) { jh = bh2jh(bh); jh==0 =====> jh->b_jcount++; if buffer_jbd() is true then BH_JBD is set and bh_private should be set as well, which is what bh2jh uses... hmm.
Sorry, I don't have e2fsck output because I ran it in single-user mode with the filesystem (which is the root partition) unmounted.
(This is a mass-update to all current FC6 kernel bugs in NEW state) Hello, I'm reviewing this bug list as part of the kernel bug triage project, an attempt to isolate current bugs in the Fedora kernel. http://fedoraproject.org/wiki/KernelBugTriage I am CC'ing myself to this bug, however this version of Fedora is no longer maintained. Please attempt to reproduce this bug with a current version of Fedora (presently Fedora 8). If the bug no longer exists, please close the bug or I'll do so in a few days if there is no further information lodged. Thanks for using Fedora!
Unfortunately, no, I don't have the fsck output.
Per the previous comment in this bug, I am closing it as INSUFFICIENT_DATA, since no information has been lodged for over 30 days. Please re-open this bug or file a new one if you can provide the requested data, and thanks for filing the original report!