Re: kernel BUG at mm/page-writeback.c:2241 [ BUG_ON(PageWriteback(page); ]

From: Qian Cai
Date: Fri Oct 30 2020 - 08:08:24 EST


On Thu, 2020-10-22 at 18:12 +0100, Matthew Wilcox wrote:
> On Thu, Oct 22, 2020 at 11:35:26AM -0400, Qian Cai wrote:
> > On Thu, 2020-10-22 at 01:49 +0100, Matthew Wilcox wrote:
> > > On Wed, Oct 21, 2020 at 08:30:18PM -0400, Qian Cai wrote:
> > > > Today's linux-next starts to trigger this wondering if anyone has any
> > > > clue.
> > >
> > > I've seen that occasionally too. I changed that BUG_ON to VM_BUG_ON_PAGE
> > > to try to get a clue about it. Good to know it's not the THP patches
> > > since they aren't in linux-next.
> > >
> > > I don't understand how it can happen. We have the page locked, and then
> > > we
> > > do:
> > >
> > > if (PageWriteback(page)) {
> > > if (wbc->sync_mode != WB_SYNC_NONE)
> > > wait_on_page_writeback(page);
> > > else
> > > goto continue_unlock;
> > > }
> > >
> > > VM_BUG_ON_PAGE(PageWriteback(page), page);
> > >
> > > Nobody should be able to put this page under writeback while we have it
> > > locked ... right? The page can be redirtied by the code that's supposed
> > > to be writing it back, but I don't see how anyone can make PageWriteback
> > > true while we're holding the page lock.
> >
> > It happened again on today's linux-next:
> >
> > [ 7613.579890][T55770] page:00000000a4b35e02 refcount:3 mapcount:0
> > mapping:00000000457ceb87 index:0x3e pfn:0x1cef4e
> > [ 7613.590594][T55770] aops:xfs_address_space_operations ino:805d85a dentry
> > name:"doio.f1.55762"
> > [ 7613.599192][T55770] flags:
> > 0xbfffc0000000bf(locked|waiters|referenced|uptodate|dirty|lru|active)
> > [ 7613.608596][T55770] raw: 00bfffc0000000bf ffffea0005027d48
> > ffff88810eaec030 ffff888231f3a6a8
> > [ 7613.617101][T55770] raw: 000000000000003e 0000000000000000
> > 00000003ffffffff ffff888143724000
> > [ 7613.625590][T55770] page dumped because:
> > VM_BUG_ON_PAGE(PageWriteback(page))
> > [ 7613.632695][T55770] page->mem_cgroup:ffff888143724000
>
> Seems like it reproduces for you pretty quickly. I have no luck ;-(
>
> Can you add this?

It turns out I had no luck for the last a few days. I'll keep running and report
back if it triggers again.

>
> +++ b/mm/page-writeback.c
> @@ -2774,6 +2774,7 @@ int __test_set_page_writeback(struct page *page, bool
> keep_write)
> struct address_space *mapping = page_mapping(page);
> int ret, access_ret;
>
> + VM_BUG_ON_PAGE(!PageLocked(page), page);
> lock_page_memcg(page);
> if (mapping && mapping_use_writeback_tags(mapping)) {
> XA_STATE(xas, &mapping->i_pages, page_index(page));
>
> This is the only place (afaict) that sets PageWriteback, so that will
> tell us whether someone is setting Writeback without holding the lock,
> or whether we're suffering from a spurious wakeup.
>