I am able to reliably reproduce this issue though it is triggered by a bit of custom code I do not have access to.
What I believe to be relevant details. The Host: ubuntu 8.04.3 LTS kernel 2.6.24-24-xen Xen 3.2 The issue manifests while running under the -xen kernel but does not occur when running under kernel 2.6.24-24-server [ 27.667553] Eeek! page_mapcount(page) went negative! (-1) [ 27.667646] page pfn = ffffffffffffffff [ 27.667728] page->flags = 15d [ 27.667804] page->count = 9460 [ 27.667882] page->mapping = 00000000000033f2 [ 27.667974] vma->vm_ops = 0x0 [ 27.668054] vma->vm_file->f_op->mmap = xen_mmap_mem+0x0/0x40 [ 27.668145] ------------[ cut here ]------------ [ 27.668226] kernel BUG at /build/buildd/linux-2.6.24/debian/build/custom-source-xen/mm/rmap.c:631! [ 27.668325] invalid opcode: 0000 [1] SMP [ 27.668530] CPU 1 [ 27.668670] Modules linked in: bridge sbs container battery sbshc dock ac iptable_filter ip_tables x_tables af_packet parport_pc lp [ 27.672687] Pid: 5320, comm: espd Not tainted 2.6.24-24-xen #1 [ 27.672767] RIP: e030:[<ffffffff8028e7eb>] [<ffffffff8028e7eb>] page_remove_rmap+0x12b/0x140 [ 27.672927] RSP: e02b:ffff8800ef4e1d88 EFLAGS: 00010292 [ 27.673007] RAX: 0000000000000045 RBX: ffff880002a24fc8 RCX: ffffffffff5f7000 [ 27.673089] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8058ce64 [ 27.673170] RBP: ffff8800f20c1f00 R08: 0000000000000000 R09: ffffffffff5b1760 [ 27.673252] R10: 0000000000000000 R11: ffffffff80359a10 R12: 00007f5855b3d000 [ 27.673333] R13: 0000000000000020 R14: ffff880002a24fc8 R15: 00007f5855b3d000 [ 27.673418] FS: 00007f93434a96e0(0063) GS:ffffffff805c7080(0000) knlGS:0000000000000000 [ 27.673511] CS: e033 DS: 0000 ES: 0000 [ 27.673591] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.673673] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 27.673755] Process espd (pid: 5320, threadinfo ffff8800ef4e0000, task ffff8800f2b9e040) [ 27.673850] Stack: 00000000000000c0 ffff8800f166b970 00007f5855b2e000 ffffffff80283e8c [ 27.674257] ffffffff8061a420 ffff880001ac9438 00007f5855b3cfff 0000000000000000 [ 27.674603] ffff8800ef4e1eb0 00007f5855b3d000 00007f5855b2d000 ffff8800f20c1f00 [ 27.674874] Call Trace: [ 27.675024] [<ffffffff80283e8c>] unmap_vmas+0x69c/0xb30 [ 27.675112] [<ffffffff80289e08>] unmap_region+0xc8/0x160 [ 27.675196] [<ffffffff8028ad2a>] do_munmap+0x22a/0x2f0 [ 27.675280] [<ffffffff80471f92>] __down_write_nested+0x12/0x100 [ 27.675364] [<ffffffff8028ae3d>] sys_munmap+0x4d/0x80 [ 27.675447] [<ffffffff8020c698>] system_call+0x68/0x6d [ 27.675529] [<ffffffff8020c630>] system_call+0x0/0x6d [ 27.675612] [ 27.675687] [ 27.675688] Code: 0f 0b eb fe 48 8b 53 10 e9 65 ff ff ff 0f 1f 84 00 00 00 00 [ 27.677170] RIP [<ffffffff8028e7eb>] page_remove_rmap+0x12b/0x140 [ 27.677314] RSP <ffff8800ef4e1d88> [ 27.677395] ---[ end trace 480ff852f0bf3e83 ]--- -- Hardy and Intrepid freeze with kernel error: "Eeek! page_mapcount(page) went negative! (-1)" https://bugs.launchpad.net/bugs/252977 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
