Open liyi-ibm opened 5 years ago
According to Nick, this patch can fix this oops: https://github.com/liyi-ibm/linux/commit/856c18cbbb4e6d7f3db4afe9d5ecd88064f8ae61
The page table fragment refcount bug is an underflow of the count. What that means is that the page table page will be freed before the last user of it goes away.
What your crash message here shows is that when the last user frees the page table page, it is in a bad state and it is actually a "slab" page. So what has happened is that it got allocated for something else in the meantime.
Then we get another crash in the slab allocator, and that is explained by the page table freeing code overwriting the page that slab subsystem was using.
Basically one page becomes used by two different subsystems due to the refcount bug (page table and slab), and we can see warnings happen in each of those subsystems caused by activity from the other.
This kernel oops also happens in 4.14.49-5 kernel: