Received: by 2002:a25:2c96:0:0:0:0:0 with SMTP id s144csp865253ybs; Mon, 25 May 2020 00:47:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy0xJRZVxeUWMPprcyUFDRDx1EEMhWCwhtmUtEAyfEJu8v6fWNTVag+sLtaJfJBESIeHI3n X-Received: by 2002:aa7:d84b:: with SMTP id f11mr14243435eds.288.1590392834117; Mon, 25 May 2020 00:47:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590392834; cv=none; d=google.com; s=arc-20160816; b=ctMujgbawEZBoR3znfLdHB8XOP8pN9vn4PYFOHuYjrxd750fbCJF8qMwarhrpi5BIL 16XyGid5dbJF/qgRSFnSEVf2C2Aq9pU9oxWI+yuSKlU4gx4SeRlGaZYj0LcvMD8SmPur kmPaFJC65xEK+e+M6z01riLhLVTAxVUnaYEuigtpMEu477iGnfPIVqwri77l3t9bYNnM sZegK5vfuPUYGNE21YRdgct5OvS5qHDa1Nh7JWZ0pNvlBP3EDiTJAvhfcEtQErCp7Pxv yHSURLJYtQOdcKouBRZ8ATQjah9lqLwwtHSRwFg/8uPLPCTxuCisSzp/PXokbqF5g/DC aALw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=q5xVQ3CtvRS0WFPuYq7X1hxh8DvpmLU73LNtBsCCghA=; b=MJQDHSuGA1/M7fkmHM+9RAWVXxSR4kRB6gvQ5g79shh/yQTSm8i8xpok5RVui5njhL hYoMn9RnWyqOI2rd6C7mXmZpRlP89OxjZ9sNzIdbPCBQuCK+QxIO5+2HZ94XqGcWTqA5 RB9UbAFe0N/xjOqJmIH9RzFjuvR2/GLGUApluooPde0rpJjzJv2vQesrl+e5rHJlgXVz zGlDxAlzJyibg2NAjQevyU7jtRwHh2eulQUYG1DYAmFxFcFA5TqmemlbYUA71pEOA0XV vuJfJ7g48vjsFsN+miSXGOzoeUAU5heymkDnbuuBOeltFlx7z+1hdbnAsvBLaMlDxdXT QTkg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q2si1022497edn.40.2020.05.25.00.46.51; Mon, 25 May 2020 00:47:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389168AbgEYHop (ORCPT + 99 others); Mon, 25 May 2020 03:44:45 -0400 Received: from mx2.suse.de ([195.135.220.15]:37814 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389105AbgEYHop (ORCPT ); Mon, 25 May 2020 03:44:45 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id A8230AC9F; Mon, 25 May 2020 07:44:46 +0000 (UTC) Subject: Re: [PATCH v2] mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() To: Konstantin Khlebnikov , linux-kernel@vger.kernel.org, linux-mm@kvack.org, Andrew Morton Cc: Hugh Dickins , David Rientjes , "Kirill A. Shutemov" References: <159032779896.957378.7852761411265662220.stgit@buzz> From: Vlastimil Babka Message-ID: <4cd36ad8-c5f8-9222-20cf-3b5719d18b98@suse.cz> Date: Mon, 25 May 2020 09:44:43 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 In-Reply-To: <159032779896.957378.7852761411265662220.stgit@buzz> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/24/20 3:43 PM, Konstantin Khlebnikov wrote: > Replace superfluous VM_BUG_ON() with comment about correct usage. > > Technically reverts commit 1d148e218a0d0566b1c06f2f45f1436d53b049b2 > ("mm: add VM_BUG_ON_PAGE() to page_mapcount()"), but context have changed. > > Function isolate_migratepages_block() runs some checks out of lru_lock > when choose pages for migration. After checking PageLRU() it checks extra > page references by comparing page_count() and page_mapcount(). Between > these two checks page could be removed from lru, freed and taken by slab. > > As a result this race triggers VM_BUG_ON(PageSlab()) in page_mapcount(). > Race window is tiny. For certain workload this happens around once a year. > > > page:ffffea0105ca9380 count:1 mapcount:0 mapping:ffff88ff7712c180 index:0x0 compound_mapcount: 0 > flags: 0x500000000008100(slab|head) > raw: 0500000000008100 dead000000000100 dead000000000200 ffff88ff7712c180 > raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 > page dumped because: VM_BUG_ON_PAGE(PageSlab(page)) > ------------[ cut here ]------------ > kernel BUG at ./include/linux/mm.h:628! > invalid opcode: 0000 [#1] SMP NOPTI > CPU: 77 PID: 504 Comm: kcompactd1 Tainted: G W 4.19.109-27 #1 > Hardware name: Yandex T175-N41-Y3N/MY81-EX0-Y3N, BIOS R05 06/20/2019 > RIP: 0010:isolate_migratepages_block+0x986/0x9b0 > > > Code in isolate_migratepages_block() was added in commit 119d6d59dcc0 > ("mm, compaction: avoid isolating pinned pages") before adding VM_BUG_ON > into page_mapcount(). > > This race has been predicted in 2015 by Vlastimil Babka (see link below). Huh, looks like I made that prediction only half year after that patch has been posted. Now if only I remembered why... I hope it was just a code inspection while chasing something else. I most likely didn't actually see the bug happen, as we don't compile with DEBUG_VM. > Signed-off-by: Konstantin Khlebnikov > Fixes: 1d148e218a0d ("mm: add VM_BUG_ON_PAGE() to page_mapcount()") > Link: https://lore.kernel.org/lkml/557710E1.6060103@suse.cz/ > Link: https://lore.kernel.org/linux-mm/158937872515.474360.5066096871639561424.stgit@buzz/T/ (v1) With Hugh's wording tweaks, Acked-by: Vlastimil Babka Thanks.