Hi, On Wed, 17 Feb 2016, Kirill A. Shutemov wrote: > On Tue, Feb 16, 2016 at 05:24:44PM +0100, Gerald Schaefer wrote: > > On Mon, 15 Feb 2016 23:35:26 +0200 > > "Kirill A. Shutemov" wrote: > > > > > Is there any chance that I'll be able to trigger the bug using QEMU? > > > Does anybody have an QEMU image I can use? > > > > > > > I have no image, but trying to reproduce this under virtualization may > > help to trigger this also on other architectures. After ruling out IPI > > vs. fast_gup I do not really see why this should be arch-specific, and > > it wouldn't be the first time that we hit subtle races first on s390, due > > to our virtualized environment (my test case is make -j20 with 10 CPUs and > > 4GB of memory, no swap). > > Could you post your kernel config? Attached. > It would be nice also to check if disabling split_huge_page() would make > any difference: > > diff --git a/mm/huge_memory.c b/mm/huge_memory.c > index a75081ca31cf..26d2b7b21021 100644 > --- a/mm/huge_memory.c > +++ b/mm/huge_memory.c > @@ -3364,6 +3364,8 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) > bool mlocked; > unsigned long flags; > > + return -EBUSY; > + > VM_BUG_ON_PAGE(is_huge_zero_page(page), page); > VM_BUG_ON_PAGE(!PageAnon(page), page); > VM_BUG_ON_PAGE(!PageLocked(page), page); > -- 65c23c6 + this patch also oopsed: c 1707.903808! ODEBUG: active_state not available (active state 0) object type: rcu_head hint: (null) c 1707.903852! ------------c cut here !------------ c 1707.903854! WARNING: at lib/debugobjects.c:263 c 1707.903856! Modules linked in: bridge stp llc btrfs mlx4_ib mlx4_en ib_sa vxl an ib_mad ip6_udp_tunnel ib_core udp_tunnel ptp pps_core ib_addr xor raid6_pq gh ash_s390 mlx4_core prng ecb aes_s390 des_s390 des_generic sha512_s390 dm_mod sha 256_s390 genwqe_card sha1_s390 sha_common crc_itu_t scm_block eadm_sch vhost_net tun vhost macvtap macvlan kvm autofs4 c 1707.903892! CPU: 4 PID: 25215 Comm: git Not tainted 4.5.0-rc4-00037-g65c23c6- dirty #273 c 1707.903894! task: 0000000006a60000 ti: 0000000063b04000 task.ti: 0000000063b0 4000 c 1707.903896! Krnl PSW : 0404c00180000000 0000000000486ce0 (debug_print_object+ 0xb0/0xd0) c 1707.903905! R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 EA: 3 Krnl GPRS: 0000000001a361c7 0000000006a60000 0000000000000060 0000000000000101 c 1707.903908! 0000000000486cdc 0000000000000000 000000000088cbdc 000 0000001b53848 c 1707.903910! 0700000000000001 0000000000000000 0000000001b53850 000 00000008bb820 c 1707.903912! 0000000000a8d710 00000000dcdd3d38 0000000000486cdc 000 00000dcdd3c38 c 1707.903920! Krnl Code: 0000000000486cd0: c0200021a496 larl %%r2,8bb 5fc 0000000000486cd6: c0e5ffee03a1 brasl %%r14,247418 #0000000000486cdc: a7f40001 brc 15,486cde >0000000000486ce0: c41d002f488e lrl %%r1,a6fdfc 0000000000486ce6: e340f0e80004 lg %%r4,232(%%r15) 0000000000486cec: a71a0001 ahi %%r1,1 0000000000486cf0: eb6ff0a80004 lmg %%r6,%%r15,168(%%r15) 0000000000486cf6: c41f002f4883 strl %%r1,a6fdfc c 1707.903960! Call Trace: c 1707.903962! (c<0000000000486cdc>! debug_print_object+0xac/0xd0) c 1707.903964! c<0000000000488094>! debug_object_active_state+0x164/0x178 c 1707.903969! c<00000000001b991c>! rcu_process_callbacks+0x564/0x9e8 c 1707.903973! c<000000000013d3ee>! __do_softirq+0x256/0x568 c 1707.903975! c<000000000013da3a>! irq_exit+0x7a/0xd8 c 1707.903979! c<000000000010c87e>! do_IRQ+0x86/0xc0 c 1707.903984! c<00000000006fa3f2>! ext_int_handler+0x11e/0x124 c 1707.903987! c<0000000000199bfe>! lock_release+0x5ce/0x670 c 1707.903989! (c<0000000000199be0>! lock_release+0x5b0/0x670) c 1707.903993! c<00000000002dffa2>! getname_flags+0x82/0x218 c 1707.903994! c<00000000002e04e8>! user_path_at_empty+0x40/0x68 c 1707.903998! c<00000000002d44a4>! vfs_fstatat+0x6c/0xc8 c 1707.903999! c<00000000002d4894>! SyS_newlstat+0x2c/0x48 c 1707.904002! c<00000000006f9cce>! system_call+0xd6/0x258 c 1707.904003! c<000003ffb45f1124>! 0x3ffb45f1124 c 1707.904005! 1 lock held by git/25215: c 1707.904006! #0: (&obj_hashci!.lock){-.-.-.}, at: c<0000000000487fdc>! debug _object_active_state+0xac/0x178 c 1707.904012! Last Breaking-Event-Address: c 1707.904014! c<0000000000486cdc>! debug_print_object+0xac/0xd0 c 1707.904016! ---c end trace 8ce68dc422e8321c !--- c 1707.904018! ODEBUG: deactivate not available (active state 0) object type: rc u_head hint: (null) c 1707.904026! ------------c cut here !------------ c 1707.904027! WARNING: at lib/debugobjects.c:263 c 1707.904028! Modules linked in: bridge stp llc btrfs mlx4_ib mlx4_en ib_sa vxl an ib_mad ip6_udp_tunnel ib_core udp_tunnel ptp pps_core ib_addr xor raid6_pq gh ash_s390 mlx4_core prng ecb aes_s390 des_s390 des_generic sha512_s390 dm_mod sha 256_s390 genwqe_card sha1_s390 sha_common crc_itu_t scm_block eadm_sch vhost_net tun vhost macvtap macvlan kvm autofs4 c 1707.904055! CPU: 4 PID: 25215 Comm: git Tainted: G W 4.5.0-rc4-0 0037-g65c23c6-dirty #273 c 1707.904057! task: 0000000006a60000 ti: 0000000063b04000 task.ti: 0000000063b0 4000 c 1707.904058! Krnl PSW : 0404c00180000000 0000000000486ce0 (debug_print_object+ 0xb0/0xd0) c 1707.904062! R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 EA: 3 Krnl GPRS: 0000000001a361c7 0000000006a60000 000000000000005e 0000000000000101 c 1707.904066! 0000000000486cdc 0000000000000000 000000000088cbdc 000 000000000000a c 1707.904068! 0000000091cdb020 07000000dcdd3c68 0000000001b53850 000 00000008979ea c 1707.904069! 0000000000a8d710 00000000dcdd3d48 0000000000486cdc 000 00000dcdd3c48 c 1707.904074! Krnl Code: 0000000000486cd0: c0200021a496 larl %%r2,8bb 5fc 0000000000486cd6: c0e5ffee03a1 brasl %%r14,247418 #0000000000486cdc: a7f40001 brc 15,486cde >0000000000486ce0: c41d002f488e lrl %%r1,a6fdfc 0000000000486ce6: e340f0e80004 lg %%r4,232(%%r15) 0000000000486cec: a71a0001 ahi %%r1,1 0000000000486cf0: eb6ff0a80004 lmg %%r6,%%r15,168(%%r15) 0000000000486cf6: c41f002f4883 strl %%r1,a6fdfc c 1707.904088! Call Trace: c 1707.904090! (c<0000000000486cdc>! debug_print_object+0xac/0xd0) c 1707.904092! c<0000000000487a38>! debug_object_deactivate+0x170/0x188 c 1707.904094! c<00000000001b992e>! rcu_process_callbacks+0x576/0x9e8 c 1707.904096! c<000000000013d3ee>! __do_softirq+0x256/0x568 c 1707.904098! c<000000000013da3a>! irq_exit+0x7a/0xd8 c 1707.904100! c<000000000010c87e>! do_IRQ+0x86/0xc0 c 1707.904102! c<00000000006fa3f2>! ext_int_handler+0x11e/0x124 c 1707.904104! c<0000000000199bfe>! lock_release+0x5ce/0x670 c 1707.904106! (c<0000000000199be0>! lock_release+0x5b0/0x670) c 1707.904108! c<00000000002dffa2>! getname_flags+0x82/0x218 c 1707.904109! c<00000000002e04e8>! user_path_at_empty+0x40/0x68 c 1707.904111! c<00000000002d44a4>! vfs_fstatat+0x6c/0xc8 c 1707.904113! c<00000000002d4894>! SyS_newlstat+0x2c/0x48 c 1707.904115! c<00000000006f9cce>! system_call+0xd6/0x258 c 1707.904117! c<000003ffb45f1124>! 0x3ffb45f1124 c 1707.904118! 1 lock held by git/25215: c 1707.904119! #0: (&obj_hashci!.lock){-.-.-.}, at: c<000000000048796c>! debug _object_deactivate+0xa4/0x188 c 1707.904124! Last Breaking-Event-Address: c 1707.904126! c<0000000000486cdc>! debug_print_object+0xac/0xd0 c 1707.904128! ---c end trace 8ce68dc422e8321d !--- c 1707.904150! ------------c cut here !------------ c 1707.904152! Kernel BUG at 0000000008cf8002 cverbose debug info unavailable! c 1707.904197! illegal operation: 0001 ilc:1 c#1! PREEMPT SMP DEBUG_PAGEALLOC c 1707.904203! Modules linked in: bridge stp llc btrfs mlx4_ib mlx4_en ib_sa vxl an ib_mad ip6_udp_tunnel ib_core udp_tunnel ptp pps_core ib_addr xor raid6_pq gh ash_s390 mlx4_core prng ecb aes_s390 des_s390 des_generic sha512_s390 dm_mod sha 256_s390 genwqe_card sha1_s390 sha_common crc_itu_t scm_block eadm_sch vhost_net tun vhost macvtap macvlan kvm autofs4 c 1707.904240! CPU: 4 PID: 25215 Comm: git Tainted: G W 4.5.0-rc4-0 0037-g65c23c6-dirty #273 c 1707.904242! task: 0000000006a60000 ti: 0000000063b04000 task.ti: 0000000063b0 4000 c 1707.904244! Krnl PSW : 0704d00180000000 0000000008cf8002 (0x8cf8002) c 1707.904248! R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 EA: 3 Krnl GPRS: 0000000000000000 0000000008cf8000 0000000091cdb020 0000000091cdb020 c 1707.904252! 00000000001b9964 0000000000000000 0000000000000000 000 000000000000a c 1707.904254! 0000000000000000 0000000008cf8000 0000000000000004 000 00000034d6802 c 1707.904256! 00000000dec0f600 00000000007063d8 00000000001b99ae 000 00000dcdd3d18 c 1707.904263! Krnl Code: 0000000008cf7ff6: 5a5a5a5a a %%r5,265 0(%%r10,%%r5) 0000000008cf7ffa: 5a5a5a5a a %%r5,2650(%%r10,%%r5) #0000000008cf7ffe: 5a5a0000 a %%r5,0(%%r10,%%r0) >0000000008cf8002: 0000 unknown 0000000008cf8004: 0000 unknown 0000000008cf8006: 0020 unknown 0000000008cf8008: 0000 unknown 0000000008cf800a: 0000 unknown c 1707.904277! Call Trace: c 1707.904279! (c<00000000001b9964>! rcu_process_callbacks+0x5ac/0x9e8) c 1707.904282! c<000000000013d3ee>! __do_softirq+0x256/0x568 c 1707.904284! c<000000000013da3a>! irq_exit+0x7a/0xd8 c 1707.904286! c<000000000010c87e>! do_IRQ+0x86/0xc0 c 1707.904289! c<00000000006fa3f2>! ext_int_handler+0x11e/0x124 c 1707.904291! c<0000000000199bfe>! lock_release+0x5ce/0x670 c 1707.904293! (c<0000000000199be0>! lock_release+0x5b0/0x670) c 1707.904295! c<00000000002dffa2>! getname_flags+0x82/0x218 c 1707.904297! c<00000000002e04e8>! user_path_at_empty+0x40/0x68 c 1707.904299! c<00000000002d44a4>! vfs_fstatat+0x6c/0xc8 c 1707.904301! c<00000000002d4894>! SyS_newlstat+0x2c/0x48 c 1707.904303! c<00000000006f9cce>! system_call+0xd6/0x258 c 1707.904305! c<000003ffb45f1124>! 0x3ffb45f1124 c 1707.904307! INFO: lockdep is turned off. c 1707.904308! Last Breaking-Event-Address: c 1707.904310! c<00000000001b99ac>! rcu_process_callbacks+0x5f4/0x9e8 c 1707.904314! c 1707.904315! Kernel panic - not syncing: Fatal exception in interrupt