On Thu, Oct 22, 2015 at 10:21:36AM +0900, Minchan Kim wrote: > Hello Hugh, > > On Wed, Oct 21, 2015 at 05:59:59PM -0700, Hugh Dickins wrote: > > On Thu, 22 Oct 2015, Minchan Kim wrote: > > > > > > I added the code to check it and queued it again but I had another oops > > > in this time but symptom is related to anon_vma, too. > > > (kernel is based on recent mmotm + unconditional mkdirty for bug fix) > > > It seems page_get_anon_vma returns NULL since the page was not page_mapped > > > at that time but second check of page_mapped right before try_to_unmap seems > > > to be true. > > > > > > Adding 4191228k swap on /dev/vda5. Priority:-1 extents:1 across:4191228k FS > > > Adding 4191228k swap on /dev/vda5. Priority:-1 extents:1 across:4191228k FS > > > page:ffffea0001cfbfc0 count:3 mapcount:1 mapping:ffff88007f1b5f51 index:0x600000aff > > > flags: 0x4000000000048019(locked|uptodate|dirty|swapcache|swapbacked) > > > page dumped because: VM_BUG_ON_PAGE(PageAnon(page) && !PageKsm(page) && !anon_vma) > > > > That's interesting, that's one I added in my page migration series. > > Let me think on it, but it could well relate to the one you got before. > > I will roll back to mm/madv_free-v4.3-rc5-mmotm-2015-10-15-15-20 > instead of next-20151021 to remove noise from your migration cleanup > series and will test it again. > If it is fixed, I will test again with your migration patchset, then. I tested mmotm-2015-10-15-15-20 with test program I attach for a long time. Therefore, there is no patchset from Hugh's migration patch in there. And I added below debug code with request from Kirill to all test kernels. diff --git a/mm/rmap.c b/mm/rmap.c index ddfb9be72366..1c23b70b1f57 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -513,6 +513,13 @@ struct anon_vma *page_lock_anon_vma_read(struct page *page) anon_vma = (struct anon_vma *) (anon_mapping - PAGE_MAPPING_ANON); root_anon_vma = READ_ONCE(anon_vma->root); + + if (root_anon_vma == NULL) { + printk("anon_vma %p refcount %d\n", anon_vma, + atomic_read(&anon_vma->refcount)); + VM_BUG_ON_PAGE(1, page); + } + if (down_read_trylock(&root_anon_vma->rwsem)) { /* * If the page is still mapped, then this anon_vma is still 1. mmotm-2015-10-15-15-20 + kirill's pte_mkdirty 1st trial: Adding 4191228k swap on /dev/vda5. Priority:-1 extents:1 across:4191228k FS Adding 4191228k swap on /dev/vda5. Priority:-1 extents:1 across:4191228k FS BUG: Bad rss-counter state mm:ffff88007f1ed780 idx:1 val:488 BUG: Bad rss-counter state mm:ffff88007f1ed780 idx:2 val:24 2nd trial: Adding 4191228k swap on /dev/vda5. Priority:-1 extents:1 across:4191228k FS BUG: Bad rss-counter state mm:ffff8800a5cca680 idx:1 val:512 Adding 4191228k swap on /dev/vda5. Priority:-1 extents:1 across:4191228k FS 2. mmotm-2015-10-15-15-20-no-madvise_free, IOW it means git head for 54bad5da4834 arm64: add pmd_[dirty|mkclean] for THP. 1st trial: Adding 4191228k swap on /dev/vda5. Priority:-1 extents:1 across:4191228k FS BUG: Bad rss-counter state mm:ffff88007f4c2d80 idx:1 val:511 BUG: Bad rss-counter state mm:ffff88007f4c2d80 idx:2 val:1 2nd trial: Adding 4191228k swap on /dev/vda5. Priority:-1 extents:1 across:4191228k FS Adding 4191228k swap on /dev/vda5. Priority:-1 extents:1 across:4191228k FS anon_vma ffff880000089aa0 refcount 0 page:ffffea0001a2ea40 count:3 mapcount:1 mapping:ffff880000089aa1 index:0x6000047a9 I tested it with KVM which guest system has 12 core and 3G memory. In mmotm-2015-10-15-15-20-no-madvise_free, I tweaked test program does madvise_dontneed intead of madvise_free via below patch For the testing, gcc -o oops oops.c ./memcg_test.sh I will be off from now on so please understand late response but I hope my test program will reproduce it in your machine. diff --git a/oops.c b/oops.c index e50330a..c8298f8 100644 --- a/oops.c +++ b/oops.c @@ -8,7 +8,7 @@ #include #include -#define MADV_FREE 5 +#define MADV_FREE 4 int pid;