Bug#529567: marked as done (linux-image-2.6.26-1-486: kernel BUG at mm/mmap.c:2075)
Your message dated Wed, 3 Mar 2010 22:28:56 +0100
with message-id <20100303212856.GC28682@inutil.org>
and subject line Re: linux-image-2.6.26-1-486: kernel BUG at mm/mmap.c:2075
has caused the Debian Bug report #529567,
regarding linux-image-2.6.26-1-486: kernel BUG at mm/mmap.c:2075
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
529567: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529567
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian BTS Submit <submit@bugs.debian.org>
- Subject: linux-image-2.6.26-1-486: kernel BUG at mm/mmap.c:2075
- From: Frans Pop <elendil@planet.nl>
- Date: Wed, 20 May 2009 09:12:46 +0200
- Message-id: <200905200912.47201.elendil@planet.nl>
Package: linux-2.6
Version: 2.6.26-13lenny2
I got the following BUG in my logs. This is on a system with very
little memory.
kernel: [4205017.800545] sed[4196]: segfault at 13b0f4 ip b7e7c013 sp bfe7eb70 error 4 in libc-2.7.so[b7e21000+138000]
kernel: [4205017.801686] ------------[ cut here ]------------
kernel: [4205017.801780] kernel BUG at mm/mmap.c:2075!
kernel: [4205017.801852] invalid opcode: 0000 [#1]
kernel: [4205017.801923] Modules linked in: apm ip6t_REJECT ip6table_filter ip6_tables iptable_nat nf_nat ipt_REJECT
xt_tcpudpipt_LOG xt_limit nf_conntrack_ipv4 xt_state nf_conntrack iptable_filter ip_tables x_tables 3c509 ipv6 parport_pc
parport snd_pcm snd_timer snd soundcore snd_page_alloc evdev psmouse pcspkr ext3 jbd mbcache ide_cd_mod cdrom ide_disk
ata_generic libata scsi_mod dock piix ide_pci_generic ide_core floppy thermal_sys
kernel: [4205017.802631]
kernel: [4205017.802696] Pid: 4196, comm: sed Not tainted (2.6.26-1-486 #1)
kernel: [4205017.802796] EIP: 0060:[<c0157dde>] EFLAGS: 00010202 CPU: 0
kernel: [4205017.802920] EIP is at exit_mmap+0xae/0xb8
kernel: [4205017.802920] EAX: 00000000 EBX: c0e0de84 ECX: c1409da0 EDX: c18fc56c
kernel: [4205017.802920] ESI: c1e49220 EDI: 00000000 EBP: c0e0df10 ESP: c0e0de80
kernel: [4205017.802920] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
kernel: [4205017.802920] Process sed (pid: 4196, ti=c0e0c000 task=c1fb3640 task.ti=c0e0c000)
kernel: [4205017.802920] Stack: 00000048 c03c9008 c1e49220 c1fb3640 c1d3ab6c c0119e4b 0000000b c011e052
kernel: [4205017.802920] 00000001 c0e0dea4 c0e0dea4 c0122a3f 0000000b 0000000b c1d3ab6c c0e0df10
kernel: [4205017.802920] c011e471 000000dc c0124b9f c0e0dfb8 c0e0df90 c1d3aaa0 c1cdfc20 b7f5aff4
kernel: [4205017.802920] Call Trace:
kernel: [4205017.802920] [<c0119e4b>] mmput+0x1b/0x67
kernel: [4205017.802920] [<c011e052>] do_exit+0x1c7/0x594
kernel: [4205017.802920] [<c0122a3f>] recalc_sigpending+0xa/0x29
kernel: [4205017.802920] [<c011e471>] do_group_exit+0x52/0x78
kernel: [4205017.802920] [<c0124b9f>] get_signal_to_deliver+0x2d0/0x2e9
kernel: [4205017.802920] [<c011388e>] do_page_fault+0x0/0x5ea
kernel: [4205017.802920] [<c0102f08>] do_notify_resume+0x7b/0x61b
kernel: [4205017.802920] [<c014e89d>] free_hot_cold_page+0xfe/0x118
kernel: [4205017.802920] [<c0116c02>] __dequeue_entity+0x1f/0x71
kernel: [4205017.802920] [<c01028ef>] __switch_to+0x84/0xf7
kernel: [4205017.802920] [<c02a5dce>] schedule+0x338/0x351
kernel: [4205017.802920] [<c011388e>] do_page_fault+0x0/0x5ea
kernel: [4205017.802920] [<c0103890>] work_notifysig+0x13/0x23
kernel: [4205017.802920] =======================
kernel: [4205017.802920] Code: 8b 00 8b 15 00 e0 33 c0 3b 82 f0 00 00 00 75 11 e8 5c af fb ff 90 eb 09 89 f8 e8 1b ff ff
ff 89 c7 85 ff 75 f3 83 7e 78 00 74 04 <0f> 0b eb fe 58 5a 5b 5e 5f c3 55 57 89 c7 56 89 ce 53 83 ec 04
kernel: [4205017.802920] EIP: [<c0157dde>] exit_mmap+0xae/0xb8 SS:ESP 0068:c0e0de80
kernel: [4205017.807853] ---[ end trace 90ff29e315afb858 ]---
Line 2075 is a BUG_ON in exit_mmap():
BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT);
After looking at the commit log for mmap.c, I suspect that the BUG may
have been caused by the following issue fixed in later kernels (but please
check if I'm correct or not):
commit dcd4a049b9751828c516c59709f3fdf50436df85
Author: Johannes Weiner <hannes@cmpxchg.org>
Date: Tue Jan 6 14:40:31 2009 -0800
mm: check for no mmaps in exit_mmap()
When dup_mmap() ooms we can end up with mm->mmap == NULL. The error
path does mmput() and unmap_vmas() gets a NULL vma which it
dereferences.
In exit_mmap() there is nothing to do at all for this case, we can
cancel the callpath right there.
This patch was also included in a 2.6.27 stable update.
--- End Message ---
--- Begin Message ---
- To: Frans Pop <elendil@planet.nl>
- Cc: 529567-done@bugs.debian.org
- Subject: Re: linux-image-2.6.26-1-486: kernel BUG at mm/mmap.c:2075
- From: Moritz Muehlenhoff <jmm@inutil.org>
- Date: Wed, 3 Mar 2010 22:28:56 +0100
- Message-id: <20100303212856.GC28682@inutil.org>
- In-reply-to: <200905200912.47201.elendil@planet.nl>
- References: <200905200912.47201.elendil@planet.nl>
Version: 2.6.29-1
Hi Frans,
> mm: check for no mmaps in exit_mmap()
>
> When dup_mmap() ooms we can end up with mm->mmap == NULL. The error
> path does mmput() and unmap_vmas() gets a NULL vma which it
> dereferences.
>
> In exit_mmap() there is nothing to do at all for this case, we can
> cancel the callpath right there.
>
> This patch was also included in a 2.6.27 stable update.
Marking as fixed in 2.6.29, where the patch was merged.
As for Lenny; is this error reproducible on your system with low memory,
so that we can test it (e.g. by exhausting system memory)? I've tried
to put a virtual machine under memory pressure, but couldn't trigger the
error in my limited testing.
Cheers,
Moritz
--- End Message ---
Reply to: