On 05/13/2014 06:20 PM, Hugh Dickins wrote: > I haven't delved into the perf_even_mmap d_path (fs/dcache.c:2947) one, > but the Sys_mremap one on file->f_op->f_unmapped_area sounds like what > we have here: struct file has been freed. > > I believe Al is innocent: I point a quivering finger at... Kirill. > > Just guessing, but we know how fond trinity is of remap_file_pages(), > and comparing old and new emulations shows that interesting > > struct file *file = get_file(vma->vm_file); > addr = mmap_region(...); > fput(file); > > in mm/fremap.c's old emulation, but no get_file() and fput() around > the do_mmap_pgoff() in mm/mmap.c's new emulation. > > Before it puts in the new, do_mmap_pgoff() might unmap the last reference > to vma->vm_file, so emulation needs to take its own reference. I'm not > sure how that plays out nowadays with Al's deferred fput, but it does > look suspicious to me. I've tested it by reverting the remap_file_pages() patch, and the problem seems to have disappeared. Then, I've added it back again, wrapping the do_mmap_pgoff() call with get_file() and fput(), and the problem is still gone. Seems like that was the issue all along. I'll send a patch... Thanks, Sasha -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>