Re: kernel BUG at mm/rmap.c:480 in 2.6.10-rc3-bk7

[Nick Piggin]

On Tue, 2004-12-14 at 23:26 +0000, Hugh Dickins wrote:
> On Tue, 14 Dec 2004, Greg KH wrote:
> > 
> > So I finally try to get dri working on my laptop and I get the following
> > kernel bug when killing X (the program gish was running at the time):
> > 
> > kernel BUG at mm/rmap.c:480!
> > EIP is at page_remove_rmap+0x32/0x40
> > Process gish (pid: 10864, threadinfo=c8aea000 task=c7c2c040)
> >  [<c0141495>] zap_pte_range+0x135/0x290
> >...
> >  [<c0145f41>] exit_mmap+0x71/0x140
> >  [<c01163c4>] mmput+0x24/0x80
> >  [<c011a756>] do_exit+0x146/0x370
> >...
> 
> It's my BUG_ON(page_mapcount(page) < 0).
> 
> We've had about one report per month, over the last six months.
> But this is the first citing "gish"; sometimes it's been "cc1".
> 
> I've given it a lot of thought, but I'm still mystified.  The last
> report turned out to be attributable to bad memory; but this BUG_ON
> is too persistent and specific to be put down to that in all cases.
> 
> One case that's easy to explain: if it was preceded (perhaps hours
> earlier) by a "Bad page state" message and stacktrace, referring to
> the same page (in ecx, edx, ebp in your dump), which showed non-zero
> mapcount, then this is an after-effect of bad_page resetting mapcount.
> And the real problem was probably a double free, which bad_page noted,
> but carried on regardless.  Worth checking your logs for, let us know,
> but there have been several reports where that's definitely not so.
> 


"EIP:    0060:[<c0147d72>]    Not tainted VLI"
                              ^^^^^^^^^^^

Just FYI, that kernel should be tainting on bad_page...


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/