From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD75FC54E4A for ; Fri, 8 Mar 2024 15:11:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 20CEA6B039C; Fri, 8 Mar 2024 10:11:41 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 1BD4F6B039D; Fri, 8 Mar 2024 10:11:41 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 085A86B039E; Fri, 8 Mar 2024 10:11:41 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id E8AEC6B039C for ; Fri, 8 Mar 2024 10:11:40 -0500 (EST) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id B6861A083F for ; Fri, 8 Mar 2024 15:11:40 +0000 (UTC) X-FDA: 81874211160.22.84208CF Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf28.hostedemail.com (Postfix) with ESMTP id D5A23C001F for ; Fri, 8 Mar 2024 15:11:38 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=YeVFoni8; dmarc=none; spf=none (imf28.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1709910699; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=h2ks7u4+hREZ7ZLREnPUhCSxA3020d4IhzHnaLNyKPY=; b=eMfF41geyCXLxaRtKIXqTcxgB2WrimkcVfCuju8H+WrVraG60gJWSZnfqlMLfIm3QFKOa+ XUQxizdAQkI6EauNx4IUCSBaiywKHEo82teBA/gFeQQJY/Io/EAZouBqRnM8LWe8cy4eJ/ TGl1lx58O/gLKWUjOpZmGXaGmFS/XrQ= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=YeVFoni8; dmarc=none; spf=none (imf28.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1709910699; a=rsa-sha256; cv=none; b=hJ63DkOmAN+aa30/cVBTX5CSWoU6J9NP66fagC6oIKS36Cwhkg86J6qKCcsIS4AgAUt5gJ rDToPvep6yoq+mbY4cwyB8A0jG3puIYAUbHPxTiEjD3vRktuOtsvk5Wmr04W+KjtYNgpwC AXi087D5EQ0aOFGenjnjul3MFTXkSeU= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=h2ks7u4+hREZ7ZLREnPUhCSxA3020d4IhzHnaLNyKPY=; b=YeVFoni87Oc8vxIN4W7ukWka31 ZIUKZBwZo/OAC6dmaSjwe+7IYmYWS37sikCh/SqP25KMGY+hF7Z2Nnb0WhK/KBVh8Z5KYqEwq3Vyh kYV4BgGWQXykMPbh/4rT+i02DgX3tNcVyabbzJi03Rwpgq+XWYB14o8T6he7EHKgdP3gVA2N/DYxP 3P6TRr8htwJ+9iRcJiLWWRXNHtXtueRTVQbSp8lozoOVn8QXImStJsDhibXa+4TRL/UDf+Rk5ZJ/F MvFoOaCgC3WyqWeIGGl587ELBNluNeNT8RK0+WMrsff7mnXHEtNyR2+KjpnebCMNxE1CSwMe5I5G8 5HIYzY6A==; Received: from willy by casper.infradead.org with local (Exim 4.97.1 #2 (Red Hat Linux)) id 1ribsl-0000000Bk43-2HYk; Fri, 08 Mar 2024 15:11:35 +0000 Date: Fri, 8 Mar 2024 15:11:35 +0000 From: Matthew Wilcox To: Ryan Roberts Cc: Zi Yan , Andrew Morton , linux-mm@kvack.org, Yang Shi , Huang Ying Subject: Re: [PATCH v3 10/18] mm: Allow non-hugetlb large folios to be batch processed Message-ID: References: <85cc26ed-6386-4d6b-b680-1e5fba07843f@arm.com> <36bdda72-2731-440e-ad15-39b845401f50@arm.com> <03CE3A00-917C-48CC-8E1C-6A98713C817C@nvidia.com> <7415b36c-b5d3-4655-92e1-b303104bf4a9@arm.com> <644c2f60-dbb0-4fdb-8505-96f8101b2399@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <644c2f60-dbb0-4fdb-8505-96f8101b2399@arm.com> X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: D5A23C001F X-Stat-Signature: g367jb9e7irhqde6bd6rju16bewx11fp X-Rspam-User: X-HE-Tag: 1709910698-111964 X-HE-Meta: U2FsdGVkX19E2ssuhVa+Rk+Qn5OKgIpuTpNj3CE83fEg+3jf6nxMjTiLRlGo6siUPo1yVHSzE8aTYMa2+CJBxWcEGTTJjD68NnkJ4BC8HHHGlEcj3mkDmfNVgP1J10MXmRZugXZUBP4Q1pQyCXGNmbpmGE13VGVLBbgf2FCWSz3YlP9Ky31AZj2qnRbTaaD/0J9xnDWC6QbFm/Dw8VD9PIkGerWDOHqsHAuB0/ja5Rof4xFoz2u/KZS4z9t55TQkIFI96ndkY7zC0G+Zgdqa2BNoPH/p7QQq4BvfJ2S/4M5V1eqeU4hdq/GzXeLONV0j408WmoCBkUpHp8boOyVqigqjkhZ8U+IPsCNDSvvcHG0Rt0XD6UKCjTOEQ2sfNDkEGK43g3VvJ4XonCtjpu16KWEFKykL2RVDSn8neM0iBqsxY5UR0z6ISBohei2ckq1ZwgUTGwuZ/ZEibSqBB2SOBnhgMFjsC1b7yQUc+2ahtclAW/7MetFv1ArcCN5ulpXvxpHwS3Gw4ooGujcjgsoOH9YpGDPB5V7gDNT2HsatXS0h1WY0EthdnC7pYnxU3WkhLHf1eZ5BTqBrenkpd6/upme2Si7jciGlWLRQucPEiltio6UAtSp6OTPVKWvwJQjoOHjuRSVC7CMFOzospUA4xF2QUwWrGMn1maBHttpgImm74rVzEl50WDkX83mASAFqZXiXoydURv2y43d5Gv+/dwmzN7oOUac3psfIvV59N1IXSjpbt+Ok4zSj5E5wn58DPRNlZqosKmmRI90kAk840a1stPbDu2VU+KEEg1MAMpHGFIWF04+twebyZQzNSkvbJ3Y8PpcwiNVq8Sm5sloexg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Mar 08, 2024 at 02:21:30PM +0000, Ryan Roberts wrote: > > [ 247.788985] BUG: Bad page state in process usemem pfn:ae58c2 > > [ 247.789617] page: refcount:0 mapcount:0 mapping:00000000dc16b680 index:0x1 > > pfn:0xae58c2 > > [ 247.790129] aops:0x0 ino:dead000000000122 > > [ 247.790394] flags: 0xbfffc0000000000(node=0|zone=2|lastcpupid=0xffff) > > [ 247.790821] page_type: 0xffffffff() > > [ 247.791052] raw: 0bfffc0000000000 0000000000000000 fffffc002a963090 > > fffffc002a963090 > > [ 247.791546] raw: 0000000000000001 0000000000000000 00000000ffffffff > > 0000000000000000 > > [ 247.792258] page dumped because: non-NULL mapping > > [ 247.792567] Modules linked in: > > [ 247.792772] CPU: 0 PID: 2052 Comm: usemem Not tainted > > 6.8.0-rc5-00456-g52fd6cd3bee5 #30 > > [ 247.793300] Hardware name: linux,dummy-virt (DT) > > [ 247.793680] Call trace: > > [ 247.793894] dump_backtrace+0x9c/0x100 > > [ 247.794200] show_stack+0x20/0x38 > > [ 247.794460] dump_stack_lvl+0x90/0xb0 > > [ 247.794726] dump_stack+0x18/0x28 > > [ 247.794964] bad_page+0x88/0x128 > > [ 247.795196] get_page_from_freelist+0xdc4/0x1280 > > [ 247.795520] __alloc_pages+0xe8/0x1038 ... > > My sense is that the first deferred split issue is now fully resolved once the > > extra code above is reinserted, but we still have a second problem. Thoughts? That seems likely ;-( It doesn't fit the same pattern as the ones we've been looking at. > bisect lands back on the same patch it always does; "mm: Allow non-hugetlb large > folios to be batch processed". Without this change, I can't reproduce the above > oops. > > With that change present, if I "re-narrow" the window as you suggested, I also > can't reproduce the problem. Ah, a pre-existing condition ;-( > As far as I can tell, mapping is zeroed when the page is freed, and the same > page checks are run at at that point too. So mapping must be written to while > the page is in the buddy? Perhaps something thinks its still a tail page during > split, but the buddy thinks its been freed? I'll stare at those codepaths; see if I can see anything. > Also the mapping value 00000000dc16b680 is not a valid kernel address, I don't > think. So surprised that get_kernel_nofault(host, &mapping->host) works. Ah, you've been caught by hashed kernel pointers. You can tell because the top 32 bits are 0. The real pointer is fffffc002a963090 (see the raw dump). Actually, I have a clue! The third and fourth word have the same value. That's indicative of an empty list_head. And if this were LRU, that would be the second and third word. And the PFN is congruent to 2 modulo 4. So this is the second tail page, and that's an empty deferred_list. So how do we init a list_head after a folio gets freed?