Re: kernel BUG at mm/rmap.c:480 in 2.6.10-rc3-bk7

From: Hugh Dickins
Date: Tue Dec 14 2004 - 18:43:01 EST


On Tue, 14 Dec 2004, Greg KH wrote:
>
> So I finally try to get dri working on my laptop and I get the following
> kernel bug when killing X (the program gish was running at the time):
>
> kernel BUG at mm/rmap.c:480!
> EIP is at page_remove_rmap+0x32/0x40
> Process gish (pid: 10864, threadinfo=c8aea000 task=c7c2c040)
> [<c0141495>] zap_pte_range+0x135/0x290
>...
> [<c0145f41>] exit_mmap+0x71/0x140
> [<c01163c4>] mmput+0x24/0x80
> [<c011a756>] do_exit+0x146/0x370
>...

It's my BUG_ON(page_mapcount(page) < 0).

We've had about one report per month, over the last six months.
But this is the first citing "gish"; sometimes it's been "cc1".

I've given it a lot of thought, but I'm still mystified. The last
report turned out to be attributable to bad memory; but this BUG_ON
is too persistent and specific to be put down to that in all cases.

One case that's easy to explain: if it was preceded (perhaps hours
earlier) by a "Bad page state" message and stacktrace, referring to
the same page (in ecx, edx, ebp in your dump), which showed non-zero
mapcount, then this is an after-effect of bad_page resetting mapcount.
And the real problem was probably a double free, which bad_page noted,
but carried on regardless. Worth checking your logs for, let us know,
but there have been several reports where that's definitely not so.

I presume this was just a one-off? If you can repeat it from time to
time, I'll try to devise some printk'ing to shed more light. You might
wonder why I haven't got such a patch already prepared: precisely
because I'm mystified and have no hypothesis worth testing out.

In the meantime, any similar or related traces,
please do send me to scan for commonalities.

Thanks!
Hugh

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/