On Mon, May 11, 2015 at 04:59:27PM +0800, yalin wang wrote: > i am confused about your analysis , > for the race stack: > > CPU0 CPU1 > > ---- ---- > > do_wp_page shrink_active_list > > lock_page page_referenced > > PageAnon->yes, so skip trylock_page > > page_move_anon_rmap > > page->mapping = anon_vma > > rmap_walk > > PageAnon->no > > rmap_walk_file > > BUG > > page->mapping += PAGE_MAPPING_ANON > > the page should must change from PageAnon() to !PageAnon() when crash happened. > but page_move_anon_rmap() is doing change a page from !PageAnon() > (swapcache page) to PageAnon() , A swapcache page is not necessarily !PageAnon. In do_wp_page() old_page *is* PageAnon. It may or may not be on the swapcache though, which does not really matter. > how does this race condition crash happened ? It never happened. It might theoretically happen due to a compiler "optimization" I described above. Thanks, Vladimir -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>