Bug 200028

Summary: kernel BUG at mm/rmap.c:560!
Product: [Fedora] Fedora Reporter: XVilka <xvilka>
Component: kernelAssignee: Dave Jones <davej>
Status: CLOSED CANTFIX QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: pfrields, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-07-26 02:43:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description XVilka 2006-07-24 21:35:46 UTC 
Description of problem:
 it happens once...

Version-Release number of selected component (if applicable):
Linux 2.6.17-1.2139_FC5 #1 Fri Jun 23 12:40:16 EDT 2006 i686 athlon i386 GNU/Linux

How reproducible:
dont know

Kernel messages:

Eeek! page_mapcount(page) went negative! (-1)
  page->flags = 80000014
  page->count = 0
  page->mapping = 00000000
------------[ cut here ]------------
kernel BUG at mm/rmap.c:560!
invalid opcode: 0000 [#1]
last sysfs file: /class/net/lo/ifindex
Modules linked in: xt_limit xt_tcpudp iptable_mangle ipt_LOG ipt_MASQUERADE
ip_nat ipt_TOS ipt_REJECT ip_conntrack_irc ip_conntrack_ftp xt_state
ip_conntrack nfnetlink iptable_filter ip_tables x_tables ppp_deflate
zlib_deflate ppp_async crc_ccitt ppp_generic slhc ipv6 ppdev twofish dm_crypt
autofs4 hidp rfcomm l2cap bluetooth sunrpc loop dm_multipath video button
battery ac lp parport_pc parport snd_ca0106 snd_rawmidi snd_ac97_codec
snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss
snd_mixer_oss snd_pcm ehci_hcd ohci_hcd snd_timer snd nvidia(U) soundcore
snd_ac97_bus sg floppy snd_page_alloc forcedeth i2c_nforce2 i2c_core dm_snapshot
dm_zero dm_mirror dm_mod ext3 jbd sata_nv libata sd_mod scsi_mod
CPU:    0
EIP:    0060:[<c04503ac>]    Tainted: P      VLI
EFLAGS: 00010286   (2.6.17-1.2139_FC5 #1)
EIP is at page_remove_rmap+0x75/0x91
eax: ffffffff   ebx: c11725a0   ecx: ffffffff   edx: d12f7aa0
esi: 08737000   edi: c91a4cdc   ebp: 00000020   esp: c6d66de8
ds: 007b   es: 007b   ss: 0068
Process mrtg (pid: 13585, threadinfo=c6d66000 task=d12f7aa0)
Stack: c0623047 00000000 c11725a0 c044a749 00000000 e7ddb85c c6d66e5c 000c8ea2
       00000000 00000001 08800000 c89db084 de619700 c076731c fffffe95 ffffffff
       de619754 c89db084 08da5000 00000000 c6d66e5c e0c1de8c de619700 0000000b
Call Trace:
 <c044a749> unmap_vmas+0x285/0x490  <c044d0dc> exit_mmap+0x5f/0xd5
 <c0419fb1> mmput+0x26/0xce  <c041d46d> exit_mm+0x10f/0x11f
 <c041e9a5> do_exit+0x1c2/0x768  <c041efb8> sys_exit_group+0x0/0xd
 <c042609a> get_signal_to_deliver+0x3a8/0x3d0  <c0602553> do_page_fault+0x0/0x5ad
 <c04023df> do_notify_resume+0x74/0x5f6  <c04d4672> _atomic_dec_and_lock+0x22/0x2c
 <c04d4672> _atomic_dec_and_lock+0x22/0x2c  <c047518e> mntput_no_expire+0x11/0x6d
 <c0602a8c> do_page_fault+0x539/0x5ad  <c0405939> do_syscall_trace+0x5b/0x16d
 <c0602553> do_page_fault+0x0/0x5ad  <c0402d42> work_notifysig+0x13/0x19
Code: 42 04 c7 04 24 30 30 62 c0 89 44 24 04 e8 30 c6 fc ff 8b 43 10 c7 04 24 47
30 62 c0 89 44 24 04 e8 1d c6 fc ff 8b 43 08 40 79 08 <0f> 0b 30 02 dc 2f 62 c0
59 83 ca ff 5b b8 10 00 00 00 5b e9 41
EIP: [<c04503ac>] page_remove_rmap+0x75/0x91 SS:ESP 0068:c6d66de8
 <3>BUG: sleeping function called from invalid context at include/linux/rwsem.h:43
in_atomic():1, irqs_disabled():0
 <c0426d8d> blocking_notifier_call_chain+0x18/0x49  <c041e7fc> do_exit+0x19/0x768
 <c05290e7> do_unblank_screen+0x2a/0x127  <c04042c0> die+0x27b/0x2a0
 <c04048a5> do_invalid_op+0x0/0xab  <c0404947> do_invalid_op+0xa2/0xab
 <c04503ac> page_remove_rmap+0x75/0x91  <f887fc21>
do_get_write_access+0x4e8/0x502 [jbd]
 <c0405047> do_IRQ+0x75/0x80  <c04b0fa6> avc_has_perm+0x4e/0x58
 <c04036f2> common_interrupt+0x1a/0x20  <c0443833> free_pages_bulk+0x141/0x2fd
 <c04037df> error_code+0x4f/0x54  <c04503ac> page_remove_rmap+0x75/0x91
 <c044a749> unmap_vmas+0x285/0x490  <c044d0dc> exit_mmap+0x5f/0xd5
 <c0419fb1> mmput+0x26/0xce  <c041d46d> exit_mm+0x10f/0x11f
 <c041e9a5> do_exit+0x1c2/0x768  <c041efb8> sys_exit_group+0x0/0xd
 <c042609a> get_signal_to_deliver+0x3a8/0x3d0  <c0602553> do_page_fault+0x0/0x5ad
 <c04023df> do_notify_resume+0x74/0x5f6  <c04d4672> _atomic_dec_and_lock+0x22/0x2c
 <c04d4672> _atomic_dec_and_lock+0x22/0x2c  <c047518e> mntput_no_expire+0x11/0x6d
 <c0602a8c> do_page_fault+0x539/0x5ad  <c0405939> do_syscall_trace+0x5b/0x16d
 <c0602553> do_page_fault+0x0/0x5ad  <c0402d42> work_notifysig+0x13/0x19
Fixing recursive fault but reboot is needed!
BUG: scheduling while atomic: mrtg/0x00000001/13585
 <c05ff3d1> schedule+0x43/0x582  <c041c9e2> printk+0x1f/0xaf
 <c041e8c0> do_exit+0xdd/0x768  <c05290e7> do_unblank_screen+0x2a/0x127
 <c04042c0> die+0x27b/0x2a0  <c04048a5> do_invalid_op+0x0/0xab
 <c0404947> do_invalid_op+0xa2/0xab  <c04503ac> page_remove_rmap+0x75/0x91
 <f887fc21> do_get_write_access+0x4e8/0x502 [jbd]  <c0405047> do_IRQ+0x75/0x80
 <c04b0fa6> avc_has_perm+0x4e/0x58  <c04036f2> common_interrupt+0x1a/0x20
 <c0443833> free_pages_bulk+0x141/0x2fd  <c04037df> error_code+0x4f/0x54
 <c04503ac> page_remove_rmap+0x75/0x91  <c044a749> unmap_vmas+0x285/0x490
 <c044d0dc> exit_mmap+0x5f/0xd5  <c0419fb1> mmput+0x26/0xce
 <c041d46d> exit_mm+0x10f/0x11f  <c041e9a5> do_exit+0x1c2/0x768
 <c041efb8> sys_exit_group+0x0/0xd  <c042609a> get_signal_to_deliver+0x3a8/0x3d0
 <c0602553> do_page_fault+0x0/0x5ad  <c04023df> do_notify_resume+0x74/0x5f6
 <c04d4672> _atomic_dec_and_lock+0x22/0x2c  <c04d4672>
_atomic_dec_and_lock+0x22/0x2c
 <c047518e> mntput_no_expire+0x11/0x6d  <c0602a8c> do_page_fault+0x539/0x5ad
 <c0405939> do_syscall_trace+0x5b/0x16d  <c0602553> do_page_fault+0x0/0x5ad
 <c0402d42> work_notifysig+0x13/0x19
Bad page state in process 'syslogd'
page:c11725a0 flags:0x80000014 mapping:00000000 mapcount:-1 count:0 (Tainted: P
    )
Trying to fix it up, but a reboot is needed
Backtrace:
 <c04436c8> bad_page+0x69/0x93  <c044405e> get_page_from_freelist+0x2b4/0x3d7
 <c04441ee> __alloc_pages+0x6d/0x29c  <c044adec> __pte_alloc+0xf/0x6a
 <c044bde3> copy_page_range+0xeb/0x39d  <c0450c92> anon_vma_link+0x1d/0xe8
 <c041ab89> copy_process+0xb18/0x1198  <c0468de7> may_open+0x54/0x208
 <c041b496> do_fork+0xa1/0x1ab  <c0405a04> do_syscall_trace+0x126/0x16d
 <c04011dd> sys_clone+0x36/0x3b  <c0402cb3> syscall_call+0x7/0xb
Comment 1 Dave Jones 2006-07-26 02:43:52 UTC 
nvidia bug, has been reported over and over.