On Wed, Apr 24, 2019 at 09:20:12PM +0300, Aaro Koskinen wrote: > [33617.740799] BUG: Bad page state in process cc1plus pfn:3df51 > [33617.746545] page:81023764 count:0 mapcount:-64768 mapping:00000000 index:0x1 > [33617.753577] flags: 0x40000000() > [33617.756716] raw: 40000000 00000100 00000200 00000000 00000001 00000000 ffff02ff 00000000 > [33617.742940] raw: 00000000 > [33617.745548] page dumped because: nonzero mapcount When a page is freed, it's not supposed to be mapped to userspace any more, so mapcount should be 0. In your case, it's either -64768, which is a massive underflow, or it's 0xffff02ff which is a nonsensical combination of flags. Or a user is putting their own information into that field (as, eg, slab does). Or it's become corrupted for some reason unknown to me. > [33617.760052] Call Trace: > [33617.740656] [<80019c7c>] show_stack+0x8c/0x130 > [33617.745092] [<8009cf78>] bad_page+0x138/0x140 > [33617.749437] [<8009d764>] free_pcppages_bulk+0x15c/0x4dc > [33617.754652] [<8009eca8>] free_unref_page_list+0x130/0x168 > [33617.760041] [<800a7b90>] release_pages+0x98/0x404 > [33617.742894] [<800cea78>] tlb_flush_mmu_free+0x54/0x60 > [33617.747934] [<800c5874>] unmap_page_range+0x574/0x864 > [33617.752972] [<800c5cf8>] unmap_vmas+0x70/0x78 > [33617.757319] [<800cc690>] exit_mmap+0x110/0x1b8 Given this stack trace, the page was mapped into userspace, so something's gone terribly wrong. My money is on corruption; I haven't seen anyone report anything like this before.
