Debian Bug report logs -
#495611
user-mode-linux: page_mapcount(page) went negative!
Reported by: Graham Cobb <g+debian@cobb.uk.net>
Date: Mon, 18 Aug 2008 23:09:01 UTC
Severity: normal
Found in version user-mode-linux/2.6.24-1um-1
Fixed in version 4.0-1um-0.1+rm
Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>:
Bug#495611; Package user-mode-linux.
(full text, mbox, link).
Acknowledgement sent to Graham Cobb <g+debian@cobb.uk.net>:
New Bug report received and forwarded. Copy sent to User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: user-mode-linux
Version: 2.6.24-1um-1
Severity: normal
I use Debian lenny guest environment in UML to automatically build software
for the Nokia Maemo environment.
The overnight all work fine using UML 2.6.24-1um-1. However, UML
2.6.25-1um-2 and UML 2.6.26-1um-2 both crash, early in each build, with
the kernel panic shown below. I can easily reproduce this with my automated
build system although I have not yet found another stress test (even doing a
kernel build in the guest environment) which reproduces it.
The crash details are:
Eeek! page_mapcount(page) went negative! (-1)
page pfn = 2cc
page->flags = 400
page->count = 1
page->mapping = 00000000
vma->vm_ops = 0x83accc8
vma->vm_ops->fault = special_mapping_fault+0x0/0x60
BUG: failure at mm/rmap.c:669/page_remove_rmap()!
Kernel panic - not syncing: BUG!
EIP: 0073:[<080a407a>] CPU: 0 Not tainted ESP: 007b:bf9ec8fc EFLAGS: 00000246
Not tainted
EAX: ffffffda EBX: 00008000 ECX: 001b6000 EDX: 00000005
ESI: 00000812 EDI: 00000004 EBP: 00000000 DS: 007b ES: 007b
277ebd38: [<0809ec74>] notifier_call_chain+0x34/0x70
277ebd5c: [<08311f2a>] panic+0x71/0xff
277ebd78: [<080cb4e1>] page_remove_rmap+0x151/0x160
277ebd90: [<080c3f99>] unmap_vmas+0x2c9/0x600
277ebda4: [<08060fd3>] flush_tlb_page+0x113/0x1f0
277ebdf8: [<080c7895>] unmap_region+0xa5/0x150
277ebe2c: [<080c8a98>] do_munmap+0x1d8/0x290
277ebe58: [<080c9544>] mmap_region+0xd4/0x590
277ebe90: [<080c7230>] arch_get_unmapped_area+0x0/0x160
277ebeb8: [<080b4870>] generic_file_mmap+0x0/0x60
277ebec4: [<080c9c1a>] do_mmap_pgoff+0x21a/0x300
277ebf00: [<08060846>] sys_mmap2+0x76/0xe0
277ebf30: [<080627aa>] handle_syscall+0x8a/0xc0
277ebf4c: [<080607d0>] sys_mmap2+0x0/0xe0
277ebf78: [<080789ca>] userspace+0x48a/0x510
277ebf90: [<08075675>] os_set_thread_area+0x25/0x50
277ebfec: [<0805f72d>] fork_handler+0x5d/0x70
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core)
Locale: LANG=en_IE@euro, LC_CTYPE=en_IE@euro (charmap=ISO-8859-15) (ignored: LC_ALL set to en_IE@euro)
Shell: /bin/sh linked to /bin/bash
Versions of packages user-mode-linux depends on:
ii uml-utilities 20070815-1.1 User-mode Linux (utility programs)
user-mode-linux recommends no packages.
Versions of packages user-mode-linux suggests:
ii konsole [x-terminal- 4:3.5.9.dfsg.1-2+b1 X terminal emulator for KDE
pn linux-patch-skas <none> (no description available)
pn rootstrap <none> (no description available)
ii rxvt [x-terminal-emu 1:2.6.4-14 VT102 terminal emulator for the X
pn slirp <none> (no description available)
pn user-mode-linux-doc <none> (no description available)
ii xterm [x-terminal-em 235-1 X terminal emulator
-- no debconf information
Information forwarded to debian-bugs-dist@lists.debian.org, User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>:
Bug#495611; Package user-mode-linux.
(full text, mbox, link).
Acknowledgement sent to Graham Cobb <g+debian@cobb.uk.net>:
Extra info received and forwarded to list. Copy sent to User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>.
(full text, mbox, link).
Message #10 received at 495611@bugs.debian.org (full text, mbox, reply):
After reading bug 491911 I tried rebuilding UML using kernel snapshot 2.6.26
3~snapshot.12089. The identical problem still occurs.
Graham
Information forwarded to debian-bugs-dist@lists.debian.org, User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>:
Bug#495611; Package user-mode-linux.
(full text, mbox, link).
Acknowledgement sent to Mattia Dongili <malattia@linux.it>:
Extra info received and forwarded to list. Copy sent to User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>.
(full text, mbox, link).
Message #15 received at 495611@bugs.debian.org (full text, mbox, reply):
On Tue, Aug 19, 2008 at 10:10:29AM +0100, Graham Cobb wrote:
> After reading bug 491911 I tried rebuilding UML using kernel snapshot 2.6.26
> 3~snapshot.12089. The identical problem still occurs.
thanks for testing it.
I didn't see any specific development in the static link area so I'm not
really surprised the error still happens.
Let me forward this to the uml mailing list.
--
mattia
:wq!
Information forwarded to debian-bugs-dist@lists.debian.org, User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>:
Bug#495611; Package user-mode-linux.
(full text, mbox, link).
Acknowledgement sent to Mattia Dongili <malattia@linux.it>:
Extra info received and forwarded to list. Copy sent to User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>.
(full text, mbox, link).
Message #20 received at 495611@bugs.debian.org (full text, mbox, reply):
On Tue, Aug 19, 2008 at 08:37:13PM +0900, Mattia Dongili wrote:
> On Tue, Aug 19, 2008 at 10:10:29AM +0100, Graham Cobb wrote:
> > After reading bug 491911 I tried rebuilding UML using kernel snapshot 2.6.26
> > 3~snapshot.12089. The identical problem still occurs.
>
> thanks for testing it.
> I didn't see any specific development in the static link area so I'm not
> really surprised the error still happens.
gah sorry... wrong bug :)
--
mattia
:wq!
Information forwarded to debian-bugs-dist@lists.debian.org, User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>:
Bug#495611; Package user-mode-linux.
(full text, mbox, link).
Acknowledgement sent to Mattia Dongili <malattia@linux.it>:
Extra info received and forwarded to list. Copy sent to User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>.
(full text, mbox, link).
Message #25 received at 495611@bugs.debian.org (full text, mbox, reply):
Hello again Jeff,
one more bug report on 2.6.26.2. It looks like .25 is affected as well
are both suffering from it.
On Tue, Aug 19, 2008 at 12:05:09AM +0100, Graham Cobb wrote:
> Package: user-mode-linux
> Version: 2.6.24-1um-1
> Severity: normal
>
> I use Debian lenny guest environment in UML to automatically build software
> for the Nokia Maemo environment.
>
> The overnight all work fine using UML 2.6.24-1um-1. However, UML
> 2.6.25-1um-2 and UML 2.6.26-1um-2 both crash, early in each build, with
> the kernel panic shown below. I can easily reproduce this with my automated
> build system although I have not yet found another stress test (even doing a
> kernel build in the guest environment) which reproduces it.
>
> The crash details are:
>
> Eeek! page_mapcount(page) went negative! (-1)
> page pfn = 2cc
> page->flags = 400
> page->count = 1
> page->mapping = 00000000
> vma->vm_ops = 0x83accc8
> vma->vm_ops->fault = special_mapping_fault+0x0/0x60
> BUG: failure at mm/rmap.c:669/page_remove_rmap()!
> Kernel panic - not syncing: BUG!
>
> EIP: 0073:[<080a407a>] CPU: 0 Not tainted ESP: 007b:bf9ec8fc EFLAGS: 00000246
> Not tainted
> EAX: ffffffda EBX: 00008000 ECX: 001b6000 EDX: 00000005
> ESI: 00000812 EDI: 00000004 EBP: 00000000 DS: 007b ES: 007b
> 277ebd38: [<0809ec74>] notifier_call_chain+0x34/0x70
> 277ebd5c: [<08311f2a>] panic+0x71/0xff
> 277ebd78: [<080cb4e1>] page_remove_rmap+0x151/0x160
> 277ebd90: [<080c3f99>] unmap_vmas+0x2c9/0x600
> 277ebda4: [<08060fd3>] flush_tlb_page+0x113/0x1f0
> 277ebdf8: [<080c7895>] unmap_region+0xa5/0x150
> 277ebe2c: [<080c8a98>] do_munmap+0x1d8/0x290
> 277ebe58: [<080c9544>] mmap_region+0xd4/0x590
> 277ebe90: [<080c7230>] arch_get_unmapped_area+0x0/0x160
> 277ebeb8: [<080b4870>] generic_file_mmap+0x0/0x60
> 277ebec4: [<080c9c1a>] do_mmap_pgoff+0x21a/0x300
> 277ebf00: [<08060846>] sys_mmap2+0x76/0xe0
> 277ebf30: [<080627aa>] handle_syscall+0x8a/0xc0
> 277ebf4c: [<080607d0>] sys_mmap2+0x0/0xe0
> 277ebf78: [<080789ca>] userspace+0x48a/0x510
> 277ebf90: [<08075675>] os_set_thread_area+0x25/0x50
> 277ebfec: [<0805f72d>] fork_handler+0x5d/0x70
>
>
> -- System Information:
> Debian Release: lenny/sid
> APT prefers testing
> APT policy: (900, 'testing')
> Architecture: i386 (i686)
>
> Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core)
> Locale: LANG=en_IE@euro, LC_CTYPE=en_IE@euro (charmap=ISO-8859-15) (ignored: LC_ALL set to en_IE@euro)
> Shell: /bin/sh linked to /bin/bash
>
> Versions of packages user-mode-linux depends on:
> ii uml-utilities 20070815-1.1 User-mode Linux (utility programs)
>
> user-mode-linux recommends no packages.
>
> Versions of packages user-mode-linux suggests:
> ii konsole [x-terminal- 4:3.5.9.dfsg.1-2+b1 X terminal emulator for KDE
> pn linux-patch-skas <none> (no description available)
> pn rootstrap <none> (no description available)
> ii rxvt [x-terminal-emu 1:2.6.4-14 VT102 terminal emulator for the X
> pn slirp <none> (no description available)
> pn user-mode-linux-doc <none> (no description available)
> ii xterm [x-terminal-em 235-1 X terminal emulator
>
> -- no debconf information
>
>
>
> _______________________________________________
> Pkg-uml-pkgs mailing list
> Pkg-uml-pkgs@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-uml-pkgs
>
--
mattia
:wq!
Information forwarded to debian-bugs-dist@lists.debian.org, User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>:
Bug#495611; Package user-mode-linux.
(full text, mbox, link).
Acknowledgement sent to Jeff Dike <jdike@addtoit.com>:
Extra info received and forwarded to list. Copy sent to User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>.
(full text, mbox, link).
Message #30 received at 495611@bugs.debian.org (full text, mbox, reply):
On Tue, Aug 19, 2008 at 09:01:55PM +0900, Mattia Dongili wrote:
> one more bug report on 2.6.26.2. It looks like .25 is affected as well
> are both suffering from it.
Sigh, I was hoping that this wasn't seen on anything later than 2.6.24.
Any chance it can be bisected? Since this is an overnight test, it
would take a week or two, probably.
Jeff
--
Work email - jdike at linux dot intel dot com
Information forwarded to debian-bugs-dist@lists.debian.org, User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>:
Bug#495611; Package user-mode-linux.
(full text, mbox, link).
Acknowledgement sent to Graham Cobb <g+debian@cobb.uk.net>:
Extra info received and forwarded to list. Copy sent to User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>.
(full text, mbox, link).
Message #35 received at 495611@bugs.debian.org (full text, mbox, reply):
The bisection is complete. It took longer than I expected as many of the
versions git-bisect wanted to test would not build UML without tracking down
some additional patches.
The bug seems to have been introduced with git commit
3963333fe6767f15141ab2dc3b933721c636c212 (uml: cover stubs with a VMA).
Note the bisection didn't quite complete: the previous commit (git commit
42a2b54ce8c7b9d4f418995a7950e7e2e15e52ce (uml: clean up TASK_SIZE usage))
also causes a panic but it is different from the one reported in this bug and
occurs immediately init is started so I presume it is not the same problem.
The version before these two commits works.
With hindsight I suppose I could have guessed that would be the commit: the
crash seemed to be when unmapping a VMA. If my reading of the page flags is
correct the problem is that the page has the PG_reserved flag set, so what is
it doing in the VMA which is being unmapped?
Let me know if you want me to run some more tests, for example if you want to
add some printk's in the code to understand more about what is going on.
Information forwarded to debian-bugs-dist@lists.debian.org, User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>:
Bug#495611; Package user-mode-linux.
(full text, mbox, link).
Acknowledgement sent to Jeff Dike <jdike@addtoit.com>:
Extra info received and forwarded to list. Copy sent to User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>.
(full text, mbox, link).
Message #40 received at 495611@bugs.debian.org (full text, mbox, reply):
On Wed, Sep 03, 2008 at 12:01:19AM +0100, Graham Cobb wrote:
> The bisection is complete. It took longer than I expected as many of the
> versions git-bisect wanted to test would not build UML without tracking down
> some additional patches.
>
> The bug seems to have been introduced with git commit
> 3963333fe6767f15141ab2dc3b933721c636c212 (uml: cover stubs with a VMA).
Excellent, the backtrace now makes a bit of sense. It looks like the
VMAs at the top of the address space are being overmapped by a call to
mmap. The question is why does it look like there's a big enough hole
there, when it ends up unmapping the stubs in order to make room for
the mmap.
> With hindsight I suppose I could have guessed that would be the commit: the
> crash seemed to be when unmapping a VMA. If my reading of the page flags is
> correct the problem is that the page has the PG_reserved flag set, so what is
> it doing in the VMA which is being unmapped?
A page of kernel code is mapped into the process. This page (and all
other pages containing kernel text) is marked reserved during boot.
> Let me know if you want me to run some more tests, for example if you want to
> add some printk's in the code to understand more about what is going on.
I'm going to need some more information. I'll get back to you with a
patch...
Jeff
--
Work email - jdike at linux dot intel dot com
Reply sent
to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility.
(Mon, 25 Jan 2016 22:06:44 GMT) (full text, mbox, link).
Notification sent
to Graham Cobb <g+debian@cobb.uk.net>:
Bug acknowledged by developer.
(Mon, 25 Jan 2016 22:06:44 GMT) (full text, mbox, link).
Message #45 received at 495611-done@bugs.debian.org (full text, mbox, reply):
Version: 4.0-1um-0.1+rm
Dear submitter,
as the package user-mode-linux has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/812501
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 23 Feb 2016 07:27:09 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Aug 28 02:19:25 2018;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.