On Mon, Nov 30, 2015 at 09:24:56AM -0500, Sasha Levin wrote: > Hi all, > > I've hit the following while fuzzing with trinity on the latest -next kernel: > > > [ 850.305385] page:ffffea001a5a0f00 count:0 mapcount:1 mapping:dead000000000400 index:0x1ffffffffff > [ 850.306773] flags: 0x2fffff80000000() > [ 850.307175] page dumped because: VM_BUG_ON_PAGE(1 && PageTail(page)) > [ 850.308027] page_owner info is not active (free page?) Could you check this completely untested patch: diff --git a/mm/mlock.c b/mm/mlock.c index af421d8bd6da..9197b6721a1e 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -393,6 +393,13 @@ static unsigned long __munlock_pagevec_fill(struct pagevec *pvec, if (!page || page_zone_id(page) != zoneid) break; + /* + * Do not use pagevec for PTE-mapped THP, + * munlock_vma_pages_range() will handle them. + */ + if (PageTransCompound(page)) + break; + get_page(page); /* * Increase the address that will be returned *before* the -- Kirill A. Shutemov -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>