Your message dated Wed, 3 Mar 2010 22:28:56 +0100 with message-id <[email protected]> and subject line Re: linux-image-2.6.26-1-486: kernel BUG at mm/mmap.c:2075 has caused the Debian Bug report #529567, regarding linux-image-2.6.26-1-486: kernel BUG at mm/mmap.c:2075 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 529567: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529567 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: linux-2.6 Version: 2.6.26-13lenny2 I got the following BUG in my logs. This is on a system with very little memory. kernel: [4205017.800545] sed[4196]: segfault at 13b0f4 ip b7e7c013 sp bfe7eb70 error 4 in libc-2.7.so[b7e21000+138000] kernel: [4205017.801686] ------------[ cut here ]------------ kernel: [4205017.801780] kernel BUG at mm/mmap.c:2075! kernel: [4205017.801852] invalid opcode: 0000 [#1] kernel: [4205017.801923] Modules linked in: apm ip6t_REJECT ip6table_filter ip6_tables iptable_nat nf_nat ipt_REJECT xt_tcpudpipt_LOG xt_limit nf_conntrack_ipv4 xt_state nf_conntrack iptable_filter ip_tables x_tables 3c509 ipv6 parport_pc parport snd_pcm snd_timer snd soundcore snd_page_alloc evdev psmouse pcspkr ext3 jbd mbcache ide_cd_mod cdrom ide_disk ata_generic libata scsi_mod dock piix ide_pci_generic ide_core floppy thermal_sys kernel: [4205017.802631] kernel: [4205017.802696] Pid: 4196, comm: sed Not tainted (2.6.26-1-486 #1) kernel: [4205017.802796] EIP: 0060:[<c0157dde>] EFLAGS: 00010202 CPU: 0 kernel: [4205017.802920] EIP is at exit_mmap+0xae/0xb8 kernel: [4205017.802920] EAX: 00000000 EBX: c0e0de84 ECX: c1409da0 EDX: c18fc56c kernel: [4205017.802920] ESI: c1e49220 EDI: 00000000 EBP: c0e0df10 ESP: c0e0de80 kernel: [4205017.802920] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 kernel: [4205017.802920] Process sed (pid: 4196, ti=c0e0c000 task=c1fb3640 task.ti=c0e0c000) kernel: [4205017.802920] Stack: 00000048 c03c9008 c1e49220 c1fb3640 c1d3ab6c c0119e4b 0000000b c011e052 kernel: [4205017.802920] 00000001 c0e0dea4 c0e0dea4 c0122a3f 0000000b 0000000b c1d3ab6c c0e0df10 kernel: [4205017.802920] c011e471 000000dc c0124b9f c0e0dfb8 c0e0df90 c1d3aaa0 c1cdfc20 b7f5aff4 kernel: [4205017.802920] Call Trace: kernel: [4205017.802920] [<c0119e4b>] mmput+0x1b/0x67 kernel: [4205017.802920] [<c011e052>] do_exit+0x1c7/0x594 kernel: [4205017.802920] [<c0122a3f>] recalc_sigpending+0xa/0x29 kernel: [4205017.802920] [<c011e471>] do_group_exit+0x52/0x78 kernel: [4205017.802920] [<c0124b9f>] get_signal_to_deliver+0x2d0/0x2e9 kernel: [4205017.802920] [<c011388e>] do_page_fault+0x0/0x5ea kernel: [4205017.802920] [<c0102f08>] do_notify_resume+0x7b/0x61b kernel: [4205017.802920] [<c014e89d>] free_hot_cold_page+0xfe/0x118 kernel: [4205017.802920] [<c0116c02>] __dequeue_entity+0x1f/0x71 kernel: [4205017.802920] [<c01028ef>] __switch_to+0x84/0xf7 kernel: [4205017.802920] [<c02a5dce>] schedule+0x338/0x351 kernel: [4205017.802920] [<c011388e>] do_page_fault+0x0/0x5ea kernel: [4205017.802920] [<c0103890>] work_notifysig+0x13/0x23 kernel: [4205017.802920] ======================= kernel: [4205017.802920] Code: 8b 00 8b 15 00 e0 33 c0 3b 82 f0 00 00 00 75 11 e8 5c af fb ff 90 eb 09 89 f8 e8 1b ff ff ff 89 c7 85 ff 75 f3 83 7e 78 00 74 04 <0f> 0b eb fe 58 5a 5b 5e 5f c3 55 57 89 c7 56 89 ce 53 83 ec 04 kernel: [4205017.802920] EIP: [<c0157dde>] exit_mmap+0xae/0xb8 SS:ESP 0068:c0e0de80 kernel: [4205017.807853] ---[ end trace 90ff29e315afb858 ]--- Line 2075 is a BUG_ON in exit_mmap(): BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT); After looking at the commit log for mmap.c, I suspect that the BUG may have been caused by the following issue fixed in later kernels (but please check if I'm correct or not): commit dcd4a049b9751828c516c59709f3fdf50436df85 Author: Johannes Weiner <[email protected]> Date: Tue Jan 6 14:40:31 2009 -0800 mm: check for no mmaps in exit_mmap() When dup_mmap() ooms we can end up with mm->mmap == NULL. The error path does mmput() and unmap_vmas() gets a NULL vma which it dereferences. In exit_mmap() there is nothing to do at all for this case, we can cancel the callpath right there. This patch was also included in a 2.6.27 stable update.
--- End Message ---
--- Begin Message ---Version: 2.6.29-1 Hi Frans, > mm: check for no mmaps in exit_mmap() > > When dup_mmap() ooms we can end up with mm->mmap == NULL. The error > path does mmput() and unmap_vmas() gets a NULL vma which it > dereferences. > > In exit_mmap() there is nothing to do at all for this case, we can > cancel the callpath right there. > > This patch was also included in a 2.6.27 stable update. Marking as fixed in 2.6.29, where the patch was merged. As for Lenny; is this error reproducible on your system with low memory, so that we can test it (e.g. by exhausting system memory)? I've tried to put a virtual machine under memory pressure, but couldn't trigger the error in my limited testing. Cheers, Moritz
--- End Message ---
