On Tue, Sep 08, 2020 at 12:50:44PM -0400, Qian Cai wrote: > > No, you're talking nonsense. We must not free @mm when > > 'current->active_mm == mm', never. > > Yes, you are right. It still trigger this below on powerpc with today's > linux-next by fuzzing for a while (saw a few times on recent linux-next before > as well but so far mostly reproducible on powerpc here). Any idea? If you can reliably reproduce this, the next thing is to trace mm_count and figure out where it goes side-ways. I suppose we're looking for an 'extra' decrement. Mark tried this for a while but gave up because he couldn't reliably reproduce.
