Package: linux-2.6
Version: 2.6.26-13lenny2
I got the following BUG in my logs. This is on a system with very
little memory.
kernel: [4205017.800545] sed[4196]: segfault at 13b0f4 ip b7e7c013 sp bfe7eb70
error 4 in libc-2.7.so[b7e21000+138000]
kernel: [4205017.801686] ------------[ cut here ]------------
kernel: [4205017.801780] kernel BUG at mm/mmap.c:2075!
kernel: [4205017.801852] invalid opcode: 0000 [#1]
kernel: [4205017.801923] Modules linked in: apm ip6t_REJECT ip6table_filter
ip6_tables iptable_nat nf_nat ipt_REJECT
xt_tcpudpipt_LOG xt_limit nf_conntrack_ipv4 xt_state nf_conntrack
iptable_filter ip_tables x_tables 3c509 ipv6 parport_pc
parport snd_pcm snd_timer snd soundcore snd_page_alloc evdev psmouse pcspkr
ext3 jbd mbcache ide_cd_mod cdrom ide_disk
ata_generic libata scsi_mod dock piix ide_pci_generic ide_core floppy
thermal_sys
kernel: [4205017.802631]
kernel: [4205017.802696] Pid: 4196, comm: sed Not tainted (2.6.26-1-486 #1)
kernel: [4205017.802796] EIP: 0060:[<c0157dde>] EFLAGS: 00010202 CPU: 0
kernel: [4205017.802920] EIP is at exit_mmap+0xae/0xb8
kernel: [4205017.802920] EAX: 00000000 EBX: c0e0de84 ECX: c1409da0 EDX: c18fc56c
kernel: [4205017.802920] ESI: c1e49220 EDI: 00000000 EBP: c0e0df10 ESP: c0e0de80
kernel: [4205017.802920] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
kernel: [4205017.802920] Process sed (pid: 4196, ti=c0e0c000 task=c1fb3640
task.ti=c0e0c000)
kernel: [4205017.802920] Stack: 00000048 c03c9008 c1e49220 c1fb3640 c1d3ab6c
c0119e4b 0000000b c011e052
kernel: [4205017.802920] 00000001 c0e0dea4 c0e0dea4 c0122a3f 0000000b
0000000b c1d3ab6c c0e0df10
kernel: [4205017.802920] c011e471 000000dc c0124b9f c0e0dfb8 c0e0df90
c1d3aaa0 c1cdfc20 b7f5aff4
kernel: [4205017.802920] Call Trace:
kernel: [4205017.802920] [<c0119e4b>] mmput+0x1b/0x67
kernel: [4205017.802920] [<c011e052>] do_exit+0x1c7/0x594
kernel: [4205017.802920] [<c0122a3f>] recalc_sigpending+0xa/0x29
kernel: [4205017.802920] [<c011e471>] do_group_exit+0x52/0x78
kernel: [4205017.802920] [<c0124b9f>] get_signal_to_deliver+0x2d0/0x2e9
kernel: [4205017.802920] [<c011388e>] do_page_fault+0x0/0x5ea
kernel: [4205017.802920] [<c0102f08>] do_notify_resume+0x7b/0x61b
kernel: [4205017.802920] [<c014e89d>] free_hot_cold_page+0xfe/0x118
kernel: [4205017.802920] [<c0116c02>] __dequeue_entity+0x1f/0x71
kernel: [4205017.802920] [<c01028ef>] __switch_to+0x84/0xf7
kernel: [4205017.802920] [<c02a5dce>] schedule+0x338/0x351
kernel: [4205017.802920] [<c011388e>] do_page_fault+0x0/0x5ea
kernel: [4205017.802920] [<c0103890>] work_notifysig+0x13/0x23
kernel: [4205017.802920] =======================
kernel: [4205017.802920] Code: 8b 00 8b 15 00 e0 33 c0 3b 82 f0 00 00 00 75 11
e8 5c af fb ff 90 eb 09 89 f8 e8 1b ff ff
ff 89 c7 85 ff 75 f3 83 7e 78 00 74 04 <0f> 0b eb fe 58 5a 5b 5e 5f c3 55 57 89
c7 56 89 ce 53 83 ec 04
kernel: [4205017.802920] EIP: [<c0157dde>] exit_mmap+0xae/0xb8 SS:ESP
0068:c0e0de80
kernel: [4205017.807853] ---[ end trace 90ff29e315afb858 ]---
Line 2075 is a BUG_ON in exit_mmap():
BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT);
After looking at the commit log for mmap.c, I suspect that the BUG may
have been caused by the following issue fixed in later kernels (but please
check if I'm correct or not):
commit dcd4a049b9751828c516c59709f3fdf50436df85
Author: Johannes Weiner <han...@cmpxchg.org>
Date: Tue Jan 6 14:40:31 2009 -0800
mm: check for no mmaps in exit_mmap()
When dup_mmap() ooms we can end up with mm->mmap == NULL. The error
path does mmput() and unmap_vmas() gets a NULL vma which it
dereferences.
In exit_mmap() there is nothing to do at all for this case, we can
cancel the callpath right there.
This patch was also included in a 2.6.27 stable update.
--
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
