Bug 182086 - page mapcount going negative.
page mapcount going negative.
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
x86_64 Linux
medium Severity high
: ---
: ---
Assigned To: Dave Jones
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2006-02-20 06:17 EST by Piotr Gackiewicz
Modified: 2015-01-04 17:25 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-11-24 18:14:44 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Piotr Gackiewicz 2006-02-20 06:17:52 EST
Description of problem:
Platform: Dual opteron, Tyan 
After upgrade to 2.6.15-1.1830_FC4smp and finally 2.6.15-1.1831_FC4smp
server started crashing, even several times per day.

Version-Release number of selected component (if applicable):
kernel 2.6.15-1.1830_FC4smp

Additional info:
It seems that the bug was hit by "EnableMMAP" in apache, but I'm not sure.
I have disabled apache's MMAP feature for now.

Here's netconsole log:
Feb 20 11:48:33 someserver  printk: 1 messages suppressed. 
Feb 20 11:48:33 someserver kernel: printk: 1 messages suppressed. 
Feb 20 11:48:42 someserver  Eeek! page_mapcount(page) went negative! (-1) 
Feb 20 11:48:42 someserver    page->flags = 400 
Feb 20 11:48:42 someserver    page->count = 1 
Feb 20 11:48:42 someserver    page->mapping = 0000000000000000 
Feb 20 11:48:42 someserver  ----------- [cut here ] --------- [please bite here
] --------- 
Feb 20 11:48:42 someserver  Kernel BUG at mm/rmap.c:493 
Feb 20 11:48:42 someserver  invalid operand: 0000 [1] SMP  
Feb 20 11:48:42 someserver  last sysfs file:
Feb 20 11:48:42 someserver  CPU 0  
Feb 20 11:48:42 someserver  Modules linked in: ipt_comment netconsole netdump
loop nfsd exportfs lockd nfs_acl ipv6 w83627hf eeprom lm85
 w83781d hwmon_vid hwmon i2c_isa i2c_amd756 sunrpc pcmcia yenta_socket
rsrc_nonstatic pcmcia_core ip_conntrack_ftp iptable_mangle ipt_owner i
t_LOG ipt_limit ipt_state iptable_filter iptable_nat ip_nat ip_conntrack
nfnetlink ip_tables video button battery ac i2o_config ohci_hcd i2c_
md8111 i2c_core hw_random eepro100 e100 mii tg3 ext3 jbd dm_mod i2o_block
i2o_core sata_sil libata sd_mod scsi_mod 
Feb 20 11:48:42 someserver  Pid: 10267, comm: httpd Not tainted
2.6.15-1.1831_FC4smp #1 
Feb 20 11:48:42 someserver  RIP: 0010:[<ffffffff8017dd87>]
Feb 20 11:48:42 someserver  RSP: 0018:ffff810073613db8  EFLAGS: 00010286 
Feb 20 11:48:42 someserver  RAX: 00000000ffffffff RBX: ffff810001000000 RCX:
Feb 20 11:48:42 someserver  RDX: 0000000000000000 RSI: 0000000000000246 RDI:
Feb 20 11:48:42 someserver  RBP: 00002aaab2c72000 R08: 00000000005a0004 R09:
Feb 20 11:48:42 someserver  R10: 0000000000000000 R11: 0000000000000000 R12:
Feb 20 11:48:42 someserver  R13: 00002aaab2e00000 R14: ffff810001000000 R15:
Feb 20 11:48:42 someserver  FS:  00002aaaac9ebfc0(0000)
GS:ffffffff8059b000(0000) knlGS:00000000f7eb16c0 
Feb 20 11:48:42 someserver  CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b 
Feb 20 11:48:42 someserver  CR2: 00002aaac3cc0830 CR3: 0000000000101000 CR4:
Feb 20 11:48:42 someserver  Process httpd (pid: 10267, threadinfo
ffff810073612000, task ffff810068b067a0) 
Feb 20 11:48:42 someserver  Stack: 0000000000000000 ffffffff801767c0
0000000000000000 ffff810073613eb8  
Feb 20 11:48:42 someserver         ffffffffffffffff 0000000000000000
ffff810064fa0250 ffff810073613ec0  
Feb 20 11:48:42 someserver         000000000016006d 0000000100000001  
Feb 20 11:48:42 someserver  Call Trace:<ffffffff801767c0>{unmap_vmas+1071}
Feb 20 11:48:42 someserver         <ffffffff80139f66>{mmput+37}
Feb 20 11:48:42 someserver         <ffffffff8013fcc1>{sys_exit_group+0}
Feb 20 11:48:42 someserver                                                     
Feb 20 11:48:42 someserver
Comment 1 Dave Jones 2006-02-20 20:40:19 EST
This bug has been around for a while. We've not got an answer for why this
happens yet.  It has upstream puzzled too.
Comment 2 Dave Jones 2006-09-16 22:19:01 EDT
[This comment added as part of a mass-update to all open FC4 kernel bugs]

FC4 has now transitioned to the Fedora legacy project, which will continue to
release security related updates for the kernel.  As this bug is not security
related, it is unlikely to be fixed in an update for FC4, and has been migrated
to FC5.

Please retest with Fedora Core 5.

Thank you.
Comment 3 Dave Jones 2006-10-16 17:26:15 EDT
A new kernel update has been released (Version: 2.6.18-1.2200.fc5)
based upon a new upstream kernel release.

Please retest against this new kernel, as a large number of patches
go into each upstream release, possibly including changes that
may address this problem.

This bug has been placed in NEEDINFO state.
Due to the large volume of inactive bugs in bugzilla, if this bug is
still in this state in two weeks time, it will be closed.

Should this bug still be relevant after this period, the reporter
can reopen the bug at any time. Any other users on the Cc: list
of this bug can request that the bug be reopened by adding a
comment to the bug.

In the last few updates, some users upgrading from FC4->FC5
have reported that installing a kernel update has left their
systems unbootable. If you have been affected by this problem
please check you only have one version of device-mapper & lvm2
installed.  See bug 207474 for further details.

If this bug is a problem preventing you from installing the
release this version is filed against, please see bug 169613.

If this bug has been fixed, but you are now experiencing a different
problem, please file a separate bug for the new problem.

Thank you.
Comment 4 Dave Jones 2006-11-24 18:14:44 EST
This bug has been mass-closed along with all other bugs that
have been in NEEDINFO state for several months.

Due to the large volume of inactive bugs in bugzilla, this
is the only method we have of cleaning out stale bug reports
where the reporter has disappeared.

If you can reproduce this bug after installing all the
current updates, please reopen this bug.

If you are not the reporter, you can add a comment requesting
it be reopened, and someone will get to it asap.

Thank you.

Note You need to log in before you can comment on or make changes to this bug.