From: Nick Piggin <nickpiggin@yahoo.com.au>
To: Andrew Morton <akpm@linux-foundation.org>,
Rik van Riel <riel@redhat.com>
Cc: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>,
linux-kernel@vger.kernel.org, kernel-testers@vger.kernel.org,
linux-mm@kvack.org, Nick Piggin <npiggin@suse.de>,
Andy Whitcroft <apw@shadowen.org>
Subject: Re: [BUG] 2.6.26-rc5-mm3 kernel BUG at mm/filemap.c:575!
Date: Thu, 12 Jun 2008 21:38:59 +1000 [thread overview]
Message-ID: <200806122138.59969.nickpiggin@yahoo.com.au> (raw)
In-Reply-To: <20080612015746.172c4b56.akpm@linux-foundation.org>
On Thursday 12 June 2008 18:57, Andrew Morton wrote:
> On Thu, 12 Jun 2008 14:14:21 +0530 Kamalesh Babulal
<kamalesh@linux.vnet.ibm.com> wrote:
> > Hi Andrew,
> >
> > 2.6.26-rc5-mm3 kernel panics while booting up on the x86_64
> > machine. Sorry the console is bit overwritten for the first few lines.
> >
> > ------------[ cut here ]------------
> > ot fs
> > no fstab.kernel BUG at mm/filemap.c:575!
> > sys, mounting ininvalid opcode: 0000 [1] ternal defaultsSMP
> > Switching to ne
> > w root and runnilast sysfs file: /sys/block/dm-3/removable
> > ng init.
> > unmounCPU 3 ting old /dev
> > u
> > nmounting old /pModules linked in:roc
> > unmounting
> > old /sys
> > Pid: 1, comm: init Not tainted 2.6.26-rc5-mm3-autotest #1
> > RIP: 0010:[<ffffffff80268155>] [<ffffffff80268155>] unlock_page+0xf/0x26
> > RSP: 0018:ffff81003f9e1dc8 EFLAGS: 00010246
> > RAX: 0000000000000000 RBX: ffffe20000f63080 RCX: 0000000000000036
> > RDX: 0000000000000000 RSI: ffffe20000f63080 RDI: ffffe20000f63080
> > RBP: 0000000000000000 R08: ffff81003f9a5727 R09: ffffc10000200200
> > R10: ffffc10000100100 R11: 000000000000000e R12: 0000000000000000
> > R13: 0000000000000000 R14: ffff81003f47aed8 R15: 0000000000000000
> > FS: 000000000066d870(0063) GS:ffff81003f99fa80(0000)
> > knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> > CR2: 000000000065afa0 CR3: 000000003d580000 CR4: 00000000000006e0
> > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> > DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> > Process init (pid: 1, threadinfo ffff81003f9e0000, task ffff81003f9d8000)
> > Stack: ffffe20000f63080 ffffffff80270d9c 0000000000000000
> > ffffffffffffffff 000000000000000e 0000000000000000 ffffe20000f63080
> > ffffe20000f630c0 ffffe20000f63100 ffffe20000f63140 ffffe20000f63180
> > ffffe20000f631c0 Call Trace:
> > [<ffffffff80270d9c>] truncate_inode_pages_range+0xc5/0x305
> > [<ffffffff802a7177>] generic_delete_inode+0xc9/0x133
> > [<ffffffff8029e3cd>] do_unlinkat+0xf0/0x160
> > [<ffffffff8020bd0b>] system_call_after_swapgs+0x7b/0x80
> >
> >
> > Code: 00 00 48 85 c0 74 0b 48 8b 40 10 48 85 c0 74 02 ff d0 e8 75 ec 32
> > 00 41 5b 31 c0 c3 53 48 89 fb f0 0f ba 37 00 19 c0 85 c0 75 04 <0f> 0b eb
> > fe e8 56 f5 ff ff 48 89 de 48 89 c7 31 d2 5b e9 47 be RIP
> > [<ffffffff80268155>] unlock_page+0xf/0x26
> > RSP <ffff81003f9e1dc8>
> > ---[ end trace 27b1d01b03af7c12 ]---
>
> Another unlock of an unlocked page. Presumably when reclaim hadn't
> done anything yet.
>
> Don't know, sorry. Strange.
Looks like something lockless pagecache *could* be connected with, but
I have never seen such a bug.
Hmm...
@@ -104,6 +105,7 @@ truncate_complete_page(struct address_sp
cancel_dirty_page(page, PAGE_CACHE_SIZE);
remove_from_page_cache(page);
+ clear_page_mlock(page);
ClearPageUptodate(page);
ClearPageMappedToDisk(page);
page_cache_release(page); /* pagecache ref */
...
+static inline void clear_page_mlock(struct page *page)
+{
+ if (unlikely(TestClearPageMlocked(page)))
+ __clear_page_mlock(page);
+}
...
+void __clear_page_mlock(struct page *page)
+{
+ VM_BUG_ON(!PageLocked(page)); /* for LRU isolate/putback */
+
+ dec_zone_page_state(page, NR_MLOCK);
+ count_vm_event(NORECL_PGCLEARED);
+ if (!isolate_lru_page(page)) {
+ putback_lru_page(page);
+ } else {
+ /*
+ * Page not on the LRU yet. Flush all pagevecs and retry.
+ */
+ lru_add_drain_all();
+ if (!isolate_lru_page(page))
+ putback_lru_page(page);
+ else if (PageUnevictable(page))
+ count_vm_event(NORECL_PGSTRANDED);
+ }
+}
...
+int putback_lru_page(struct page *page)
+{
+ int lru;
+ int ret = 1;
+ int was_unevictable;
+
+ VM_BUG_ON(!PageLocked(page));
+ VM_BUG_ON(PageLRU(page));
+
+ lru = !!TestClearPageActive(page);
+ was_unevictable = TestClearPageUnevictable(page); /* for
page_evictable() */
+
+ if (unlikely(!page->mapping)) {
+ /*
+ * page truncated. drop lock as put_page() will
+ * free the page.
+ */
+ VM_BUG_ON(page_count(page) != 1);
+ unlock_page(page);
^^^^^^^^^^^^^^^^^^
This is a rather wild thing to be doing. It's a really bad idea
to drop a lock that's taken several function calls distant and
across different files...
This is most likely where the locking is getting screwed up, but
even if it was cobbled together to work, it just makes the
locking scheme very hard to follow and verify.
I don't have any suggestions yet, as I still haven't been able
to review the patchset properly (and probably won't for the next
week or so). But please rethink the locking.
Thanks,
Nick
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2008-06-12 11:38 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-12 5:59 2.6.26-rc5-mm3 Andrew Morton
2008-06-12 7:58 ` 2.6.26-rc5-mm3: kernel BUG at mm/vmscan.c:510 Alexey Dobriyan
2008-06-12 8:22 ` Andrew Morton
2008-06-12 8:23 ` Alexey Dobriyan
2008-06-12 8:44 ` [BUG] 2.6.26-rc5-mm3 kernel BUG at mm/filemap.c:575! Kamalesh Babulal
2008-06-12 8:57 ` Andrew Morton
2008-06-12 11:20 ` KAMEZAWA Hiroyuki
2008-06-13 1:44 ` [PATCH] fix double unlock_page() in " KAMEZAWA Hiroyuki
2008-06-13 2:13 ` Andrew Morton
2008-06-13 15:30 ` Lee Schermerhorn
2008-06-15 3:59 ` Kamalesh Babulal
2008-06-16 14:49 ` Lee Schermerhorn
2008-06-17 2:32 ` KAMEZAWA Hiroyuki
2008-06-17 15:26 ` Lee Schermerhorn
2008-06-13 4:34 ` Valdis.Kletnieks
2008-06-14 13:32 ` Kamalesh Babulal
2008-06-12 11:38 ` Nick Piggin [this message]
2008-06-13 0:25 ` [BUG] " KAMEZAWA Hiroyuki
2008-06-13 4:18 ` Valdis.Kletnieks
2008-06-13 7:16 ` Andrew Morton
2008-06-12 23:32 ` 2.6.26-rc5-mm3 Byron Bradley
2008-06-12 23:55 ` 2.6.26-rc5-mm3 Daniel Walker
2008-06-13 0:04 ` 2.6.26-rc5-mm3 Byron Bradley
2008-06-18 17:55 ` 2.6.26-rc5-mm3 Daniel Walker
2008-06-19 9:13 ` 2.6.26-rc5-mm3 Ingo Molnar
2008-06-19 14:39 ` 2.6.26-rc5-mm3 Daniel Walker
2008-06-17 7:35 ` [PATCH][RFC] fix kernel BUG at mm/migrate.c:719! in 2.6.26-rc5-mm3 Daisuke Nishimura
2008-06-17 7:47 ` [Bad page] trying to free locked page? (Re: [PATCH][RFC] fix kernel BUG at mm/migrate.c:719! in 2.6.26-rc5-mm3) Daisuke Nishimura
2008-06-17 9:03 ` KAMEZAWA Hiroyuki
2008-06-17 9:14 ` KOSAKI Motohiro
2008-06-17 9:15 ` Daisuke Nishimura
2008-06-17 18:29 ` Lee Schermerhorn
2008-06-17 20:00 ` [PATCH] unevictable mlocked pages: initialize mm member of munlock mm_walk structure Lee Schermerhorn
2008-06-18 3:33 ` KOSAKI Motohiro
2008-06-18 2:40 ` [Bad page] trying to free locked page? (Re: [PATCH][RFC] fix kernel BUG at mm/migrate.c:719! in 2.6.26-rc5-mm3) Daisuke Nishimura
2008-06-17 15:34 ` KOSAKI Motohiro
2008-06-18 2:32 ` Daisuke Nishimura
2008-06-18 10:20 ` KOSAKI Motohiro
2008-06-18 9:40 ` [Experimental][PATCH] putback_lru_page rework KAMEZAWA Hiroyuki
2008-06-18 11:36 ` KOSAKI Motohiro
2008-06-18 11:55 ` KAMEZAWA Hiroyuki
2008-06-19 8:00 ` Daisuke Nishimura
2008-06-19 8:24 ` KAMEZAWA Hiroyuki
2008-06-18 14:50 ` Daisuke Nishimura
2008-06-18 18:21 ` Lee Schermerhorn
2008-06-19 0:22 ` KAMEZAWA Hiroyuki
2008-06-19 14:45 ` Lee Schermerhorn
2008-06-20 0:47 ` KAMEZAWA Hiroyuki
2008-06-20 1:13 ` KAMEZAWA Hiroyuki
2008-06-20 17:10 ` Lee Schermerhorn
2008-06-20 20:41 ` Lee Schermerhorn
2008-06-21 8:56 ` KOSAKI Motohiro
2008-06-23 0:30 ` KAMEZAWA Hiroyuki
2008-06-21 8:41 ` KOSAKI Motohiro
2008-06-21 8:39 ` KOSAKI Motohiro
2008-06-19 15:32 ` kamezawa.hiroyu
2008-06-20 16:24 ` Lee Schermerhorn
2008-06-17 15:33 ` [PATCH][RFC] fix kernel BUG at mm/migrate.c:719! in 2.6.26-rc5-mm3 KOSAKI Motohiro
2008-06-18 1:54 ` Daisuke Nishimura
2008-06-18 4:41 ` Daisuke Nishimura
2008-06-18 4:59 ` KAMEZAWA Hiroyuki
2008-06-18 7:54 ` [PATCH][-mm] remove redundant page->mapping check KOSAKI Motohiro
2008-06-17 17:46 ` [PATCH][RFC] fix kernel BUG at mm/migrate.c:719! in 2.6.26-rc5-mm3 Lee Schermerhorn
2008-06-17 18:33 ` Hugh Dickins
2008-06-17 19:28 ` Lee Schermerhorn
2008-06-18 5:19 ` Nick Piggin
2008-06-18 2:59 ` Daisuke Nishimura
2008-06-18 1:13 ` KAMEZAWA Hiroyuki
2008-06-18 1:26 ` Daisuke Nishimura
2008-06-18 1:54 ` [PATCH] migration_entry_wait fix KAMEZAWA Hiroyuki
2008-06-18 5:26 ` KOSAKI Motohiro
2008-06-18 5:35 ` Nick Piggin
2008-06-18 6:04 ` KAMEZAWA Hiroyuki
2008-06-18 6:42 ` Nick Piggin
2008-06-18 6:52 ` KAMEZAWA Hiroyuki
2008-06-18 7:29 ` [PATCH -mm][BUGFIX] migration_entry_wait fix. v2 KAMEZAWA Hiroyuki
2008-06-18 7:26 ` KOSAKI Motohiro
2008-06-18 7:40 ` Nick Piggin
2008-06-19 6:59 ` [BUG][PATCH -mm] avoid BUG() in __stop_machine_run() Hidehiro Kawai
2008-06-19 10:12 ` Rusty Russell
2008-06-19 15:51 ` Jeremy Fitzhardinge
2008-06-20 13:21 ` Ingo Molnar
2008-06-23 3:55 ` Rusty Russell
2008-06-23 21:01 ` Ingo Molnar
2008-06-19 16:27 ` 2.6.26-rc5-mm3: BUG large value for HugePages_Rsvd Jon Tollefson
2008-06-19 17:16 ` Andy Whitcroft
2008-06-20 3:18 ` Jon Tollefson
2008-06-20 19:17 ` [RFC] hugetlb reservations -- MAP_PRIVATE fixes for split vmas Andy Whitcroft
2008-06-20 19:17 ` [PATCH 1/2] hugetlb reservations: move region tracking earlier Andy Whitcroft
2008-06-20 19:17 ` [PATCH 2/2] hugetlb reservations: fix hugetlb MAP_PRIVATE reservations across vma splits Andy Whitcroft
2008-06-23 7:33 ` Mel Gorman
2008-06-23 8:00 ` Mel Gorman
2008-06-23 9:53 ` Andy Whitcroft
2008-06-23 16:04 ` [RFC] hugetlb reservations -- MAP_PRIVATE fixes for split vmas Jon Tollefson
2008-06-23 17:35 ` [RFC] hugetlb reservations -- MAP_PRIVATE fixes for split vmas V2 Andy Whitcroft
2008-06-23 17:35 ` [PATCH 1/2] hugetlb reservations: move region tracking earlier Andy Whitcroft
2008-06-23 23:05 ` Mel Gorman
2008-06-23 17:35 ` [PATCH 2/2] hugetlb reservations: fix hugetlb MAP_PRIVATE reservations across vma splits V2 Andy Whitcroft
2008-06-23 23:08 ` Mel Gorman
2008-06-25 21:22 ` [RFC] hugetlb reservations -- MAP_PRIVATE fixes for split vmas V2 Jon Tollefson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200806122138.59969.nickpiggin@yahoo.com.au \
--to=nickpiggin@yahoo.com.au \
--cc=akpm@linux-foundation.org \
--cc=apw@shadowen.org \
--cc=kamalesh@linux.vnet.ibm.com \
--cc=kernel-testers@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=npiggin@suse.de \
--cc=riel@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox