Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp838107ybk; Wed, 13 May 2020 14:38:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyDQ5cad0zwjq2niXO/8H6NNQ6SZB6iIPi4zUavNZiqVIO8LCDTM9xO91LI8/Kf3CF9BEMf X-Received: by 2002:a17:906:b4e:: with SMTP id v14mr975283ejg.302.1589405880871; Wed, 13 May 2020 14:38:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589405880; cv=none; d=google.com; s=arc-20160816; b=mN3xqjvXgiPnv0cxUMj8IQsV5ytZIlcDtK239p22J8wdqJdiaPt6bdVmhmUaWxZxzf fF+aWJlMLTBjCs88b8MAgv9d434Ah1ZZ75jo6KzgBueDbUTb0K+PowICMEB2NBk+ZkDn nl+ms/4QwZxRlqguoa68fLmLmlqJ6uRDUa+yjrspqRYJ53u0l+iLu1givT3Kmf+a74aY Un+Q+TPJMlIKaqZ8xweVe4/KLM5RCS3r77gdXEoAStyZXieyJkwIZhUfdlNZLJIQMGD4 X6fZaVns3K4xFxPqsgPel/aOBtnsbZAp5f7C9B2bqRza3KjbjDGKwOq6Y3GBN/wiSW5w OAWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=4HyZlGeZk403RoJRMDiUrjfu5vpYtd5aq9PwuC+RueY=; b=LafRuzuuQSpuXU/1xL+di0/Ly/1EhxC2h7rnIK1ZcWRKmI5aWNLCqWLe0Sn/yD9acl +aAD4LgPLGQngUNkmZY+pamNeCaBssowxNMc5rohvihrewmK2FjoV1NrKNCW1FxqgzaY LWkqRzqdJYfAl6gqdFVJhOfyzf4/WunPNf1hD2W7Ju0eHroxXfxc0iIv93IWQlM3dFWI Gqd+/+nmO60Xjic6ZlEWykD9z640YGWUepDQmln7b2t2X/akGoBCpfRZtR3V763bCdIU VovcX0fvFGUdkx1h6bWW1NEe4fcGn2oae/MTkLCjza9HoIWBBVxxaHddqWFB6Sey6h/S M3Rw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v5si487226edy.511.2020.05.13.14.37.37; Wed, 13 May 2020 14:38:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729220AbgEMVfb (ORCPT + 99 others); Wed, 13 May 2020 17:35:31 -0400 Received: from mx2.suse.de ([195.135.220.15]:34796 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728711AbgEMVfb (ORCPT ); Wed, 13 May 2020 17:35:31 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id B85F9AC22; Wed, 13 May 2020 21:35:31 +0000 (UTC) Subject: Re: [PATCH] mm/compaction: avoid VM_BUG_ON(PageSlab()) in page_mapcount() To: Konstantin Khlebnikov , Andrew Morton Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, Minchan Kim , David Rientjes , Mel Gorman References: <158937872515.474360.5066096871639561424.stgit@buzz> <20200513113256.44ac9ce4c51a7ec1a5c5ba40@linux-foundation.org> <9420f90c-e423-475c-4b79-8287b76149d9@yandex-team.ru> From: Vlastimil Babka Message-ID: <88698909-22b8-79fa-c11f-3931c41cb20b@suse.cz> Date: Wed, 13 May 2020 23:35:26 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: <9420f90c-e423-475c-4b79-8287b76149d9@yandex-team.ru> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/13/20 9:28 PM, Konstantin Khlebnikov wrote: > On 13/05/2020 21.32, Andrew Morton wrote: >> On Wed, 13 May 2020 17:05:25 +0300 Konstantin Khlebnikov wrote: >> >>> Function isolate_migratepages_block() runs some checks out of lru_lock >>> when choose pages for migration. After checking PageLRU() it checks extra >>> page references by comparing page_count() and page_mapcount(). Between >>> these two checks page could be removed from lru, freed and taken by slab. >>> >>> As a result this race triggers VM_BUG_ON(PageSlab()) in page_mapcount(). >>> Race window is tiny. For certain workload this happens around once a year. >>> >>> >>> page:ffffea0105ca9380 count:1 mapcount:0 mapping:ffff88ff7712c180 index:0x0 compound_mapcount: 0 >>> flags: 0x500000000008100(slab|head) >>> raw: 0500000000008100 dead000000000100 dead000000000200 ffff88ff7712c180 >>> raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 >>> page dumped because: VM_BUG_ON_PAGE(PageSlab(page)) >>> ------------[ cut here ]------------ >>> kernel BUG at ./include/linux/mm.h:628! >>> invalid opcode: 0000 [#1] SMP NOPTI >>> CPU: 77 PID: 504 Comm: kcompactd1 Tainted: G W 4.19.109-27 #1 >>> Hardware name: Yandex T175-N41-Y3N/MY81-EX0-Y3N, BIOS R05 06/20/2019 >>> RIP: 0010:isolate_migratepages_block+0x986/0x9b0 >>> >>> >>> To fix just opencode page_mapcount() in racy check for 0-order case and >>> recheck carefully under lru_lock when page cannot escape from lru. >>> >>> Also add checking extra references for file pages and swap cache. >> >> It sounds like a cc:stable is appropriate? > > Yep, but probably I'm missing something. > > It seems bug is there for a long time and nobody seen it. > Am I the only one using COONFIG_DEBUG_VM=y everywhere? =) Unless things changed, Fedora kernels had it enabled, AFAIK