Re: Eeek! page_mapcount(page) went negative! (-1)

From: Nick Piggin
Date: Sat Jul 01 2006 - 13:40:53 EST


Daniel Drake wrote:
A user at http://bugs.gentoo.org/138366 reported a one-off crash on x86 with 2.6.16.19. Here's hoping it might be useful to somebody:

Eeek! page_mapcount(page) went negative! (-1)
page->flags = 8001003c

They are PG_s referenced|uptodate|dirty|lru|mappedtodisk

So it is a regular pagecache page. Even though X is involved,
I'd be surprised if there is a kernel bug there, but it does
look like more than a simple single-bit flip.


page->count = 1
page->mapping = f6ad2418

If it is a pagecache page, page->mapping != NULL should add 1
to page->count. Then there should be another reference taken
for this mapping, and not decremented until after page_remove_rmap.

So both page_mapcount is wrong (was 0, should be at least 1) and
either page_count is wrong (was 1, should be at least 2).

If the page was truncated, dirty, mappedtodisk, and ->mapping
should have been cleared AFAIKS.

Oh. I see Arjan's pointed out it is using the nvidia driver (how
did he figure that out?). That couldn't be helping. If the
reporter can reproduce without any binary modules loaded, and
after surviving memtest overnight, it would be very interesting.

Thanks

--
SUSE Labs, Novell Inc.
Send instant messages to your online friends http://au.messenger.yahoo.com -
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/