On 12/24/2015 08:12 PM, Dan Williams wrote:
> On Thu, Dec 24, 2015 at 5:10 PM, Sasha Levin <sasha.levin@oracle.com> wrote:
>> > On 12/24/2015 06:51 AM, Kirill A. Shutemov wrote:
>>> >> This patch fixes regression caused by patch
>>> >>  "mm, dax: dax-pmd vs thp-pmd vs hugetlbfs-pmd"
>>> >>
>>> >> The patch makes pmd_trans_huge() check and "page = pmd_page(*pmd)" after
>>> >> __split_huge_pmd_locked(). It can never succeed, since the pmd already
>>> >> points to a page table. As result the page is never get munlocked.
>>> >>
>>> >> It causes crashes like this:
>>> >>  http://lkml.kernel.org/r/5661FBB6.6050307@oracle.com
>> >
>> > So this patch didn't fix the issue for me. I've sent Kirill the trace
>> > off-list, but it's essentially the same thing.
> Can you send me the trace as well, and the reproducer?

I don't have a simple reproducer, it reproduces rather quickly when running
under trinity within a KVM guest running a kernel I've attached the config
for.

Here's the trace:

[ 2885.040719] BUG: Bad page state in process kswapd0  pfn:ba000
[ 2885.040734] page:ffffea0002e80000 count:0 mapcount:0 mapping:          (null) index:0x800
[ 2885.040745] flags: 0x9fffff80144008(uptodate|head|swapbacked|mlocked)
[ 2885.040747] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 2885.040749] bad because of flags: 0x100000(mlocked)
[ 2885.040774] Modules linked in:
[ 2885.040798] CPU: 0 PID: 3740 Comm: kswapd0 Not tainted 4.4.0-rc5-next-20151221-sasha-00026-g627e275-d
irty #2758
[ 2885.040821]  0000000000000000 00000000b542da6d ffff8800c9c4f538 ffffffffa3045a14
[ 2885.040825]  0000000041b58ab3 ffffffffae666b8b ffffffffa3045969 ffff880559cc06fd
[ 2885.040853]  ffffea0002e80000 00000000b542da6d ffff8800c9c4f538 0000000000100000
[ 2885.040854] Call Trace:
[ 2885.041027]  [<ffffffffa3045a14>] dump_stack+0xab/0x117
[ 2885.041034]  [<ffffffffa3045969>] ? _atomic_dec_and_lock+0xc9/0xc9
[ 2885.041067]  [<ffffffffa16258b5>] bad_page+0x295/0x350
[ 2885.041160]  [<ffffffffa1627c69>] free_pages_prepare+0x489/0x1650
[ 2885.041193]  [<ffffffffa162fd13>] __free_pages_ok+0x43/0x230
[ 2885.041197]  [<ffffffffa162ff92>] free_compound_page+0x92/0xa0
[ 2885.041207]  [<ffffffffa1777af7>] free_transhuge_page+0x87/0x90
[ 2885.041215]  [<ffffffffa164c4fc>] __put_compound_page+0xac/0xc0
[ 2885.041232]  [<ffffffffa164c5ae>] __put_page+0x9e/0xb0
[ 2885.041236]  [<ffffffffa177655b>] deferred_split_scan+0x7ab/0x7d0
[ 2885.041277]  [<ffffffffa16582df>] shrink_slab+0x4af/0x660
[ 2885.041298]  [<ffffffffa1665b4d>] shrink_zone+0x6bd/0xbf0
[ 2885.041320]  [<ffffffffa1668582>] balance_pgdat+0x7f2/0xc00
[ 2885.041398]  [<ffffffffa1669243>] kswapd+0x8b3/0xa10
[ 2885.041437]  [<ffffffffa13bf8ce>] kthread+0x31e/0x330
[ 2885.041453]  [<ffffffffabe1ad0f>] ret_from_fork+0x3f/0x70


Thanks,
Sasha