Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752580AbdDHNkR (ORCPT <rfc822;w@1wt.eu>);
        Sat, 8 Apr 2017 09:40:17 -0400
Received: from szxga03-in.huawei.com ([45.249.212.189]:5411 "EHLO
        dggrg03-dlp.huawei.com" rhost-flags-OK-FAIL-OK-FAIL)
        by vger.kernel.org with ESMTP id S1751480AbdDHNkJ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 8 Apr 2017 09:40:09 -0400
Message-ID: <58E8E81E.6090304@huawei.com>
Date: Sat, 8 Apr 2017 21:39:42 +0800
From: zhong jiang <zhongjiang@huawei.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Michal Hocko <mhocko@suse.com>, Johannes Weiner <hannes@cmpxchg.org>,
        <vdavydov.dev@gmail.com>,
        "mgorman@techsingularity.net" <mgorman@techsingularity.net>,
        Vlastimil Babka <vbabka@suse.cz>
CC: Linux Memory Management List <linux-mm@kvack.org>,
        LKML <linux-kernel@vger.kernel.org>
Subject: NULL pointer dereference in the kernel 3.10
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.177.29.68]
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0),
        refid=str=0001.0A0B0203.58E8E82F.0098,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0,
        ip=0.0.0.0,
        so=2014-11-16 11:51:01,
        dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: b6462696edc8328d2e92097bb14a984f
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1800
Lines: 59

when runing the stabile docker cases in the vm.   The following issue will come up.

#40 [ffff8801b57ffb30] async_page_fault at ffffffff8165c9f8
    [exception RIP: down_read_trylock+5]
    RIP: ffffffff810aca65  RSP: ffff8801b57ffbe8  RFLAGS: 00010202
    RAX: 0000000000000000  RBX: ffff88018ae858c1  RCX: 0000000000000000
    RDX: 0000000000000000  RSI: 0000000000000000  RDI: 0000000000000008
    RBP: ffff8801b57ffc10   R8: ffffea0006903de0   R9: ffff8800b3c61810
    R10: 00000000000022cb  R11: 0000000000000000  R12: ffff88018ae858c0
    R13: ffffea0006903dc0  R14: 0000000000000008  R15: ffffea0006903dc0
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0000
#41 [ffff8801b57ffbe8] page_lock_anon_vma_read at ffffffff811b241c
#42 [ffff8801b57ffc18] page_referenced at ffffffff811b26a7
#43 [ffff8801b57ffc90] shrink_active_list at ffffffff8118d634
#44 [ffff8801b57ffd48] balance_pgdat at ffffffff8118f088
#45 [ffff8801b57ffe20] kswapd at ffffffff8118f633
#46 [ffff8801b57ffec8] kthread at ffffffff810a795f
#47 [ffff8801b57fff50] ret_from_fork at ffffffff81665398
crash> struct page.mapping ffffea0006903dc0
  mapping = 0xffff88018ae858c1
crash> struct anon_vma 0xffff88018ae858c0
struct anon_vma {
  root = 0x0,
  rwsem = {
    count = 0,
    wait_lock = {
      raw_lock = {
        {
          head_tail = 1,
          tickets = {
            head = 1,
            tail = 0
          }
        }
      }
    },
    wait_list = {
      next = 0x0,
      prev = 0x0
    }
  },
  refcount = {
    counter = 0
  },
  rb_root = {
    rb_node = 0x0
  }
}

This maks me wonder,  the anon_vma do not come from slab structure.
and the content is abnormal. IMO,  At least anon_vma->root will not NULL.
The issue can be reproduced every other week.

Any comments will be appreciated.

Thanks
zhongjiang