From: "John Hsu (許永翰)" <John.Hsu@mediatek.com>
To: "Liam.Howlett@Oracle.com" <Liam.Howlett@Oracle.com>
Cc: "Andrew Yang (楊智強)" <Andrew.Yang@mediatek.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Qun-wei Lin (林群崴)" <Qun-wei.Lin@mediatek.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"Chinwen Chang (張錦文)" <chinwen.chang@mediatek.com>,
"Casper Li (李中榮)" <casper.li@mediatek.com>,
"Kuan-Ying Lee (李冠穎)" <Kuan-Ying.Lee@mediatek.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"yuzhao@google.com" <yuzhao@google.com>,
"maple-tree@lists.infradead.org" <maple-tree@lists.infradead.org>
Subject: Re: [BUG] trigger BUG_ON in mas_store_prealloc when low memory
Date: Wed, 14 Jun 2023 07:06:00 +0000 [thread overview]
Message-ID: <3b14df2fc2a7f18fe12f87a27574b7d40f2899ba.camel@mediatek.com> (raw)
In-Reply-To: <20230613141114.bwbnqsdazqbmyj3u@revolver>
[-- Attachment #1: Type: text/plain, Size: 4210 bytes --]
Hi Liam, thanks for your reply.
version 6.1 or 6.1.x? Which exact version (git id or version number)
Our environment is kernel-6.1.25-mainline-android14-5-gdea04bf2c398d.
This BUG_ON() is necessary since this function should _never_ run out of
memory; this function does not return an error code. mas_preallocate()
should have gotten you the memory necessary (or returned an -ENOMEM)
prior to the call to mas_store_prealloc(), so this is probably an
internal tree problem.
There is a tree operation being performed here. mprotect is merging a
vma by the looks of the call stack. Why do you think no tree operation
is necessary?
As you mentioned, mas_preallocate() should allocate enough node, but there is such functions mas_node_count() in mas_store_prealloc().
In mas_node_count() checks whether the *mas* has enough nodes, and allocate memory for node if there was no enough nodes in mas.
I think that if mas_preallocate() allocate enough node, why we check the node count and allocate nodes if there was no enough nodes in mas in mas_node_count()?
We have seen that there may be some maple_tree operations in merge_vma...
Moreover, would maple_tree provides an API for assigning user's gfp flag for allocating node?
In rb_tree, we allocate vma_area_struct (rb_node is in this struct.) with GFP_KERNEL, and maple_tree allocate node with GFP_NOWAIT and __GFP_NOWARN.
Allocation will not wait for reclaiming and compacting when there is no enough available memory.
Is there any concern for this design?
I see this is arm64. Do you have a reproducer? If you don't have a
reproducer, I can try stress-ng on amr64 to simulate your workload using
mprotect, but I need to know the exact kernel version as this issue may
have been fixed in a later stable release.
It is offen occur under low memory condiction. Maybe you can try stress-ng on arm64 under high memory stress(e.g. reserved lots of memory).
BRs,
John Hsu
internal tree problem.On Tue, 2023-06-13 at 10:11 -0400, Liam R. Howlett wrote:
External email : Please do not click links or open attachments until you have verified the sender or the content.
* John Hsu (許永翰) <John.Hsu@mediatek.com> [230609 04:37]:
> Hi reviewers and author liam.howlett@oracle.com,
> Kindly ping.
>
Hello!
Thanks for reporting this issue.
> We met BUG_ON in mas_store_prealloc with kernel-6.1 stress testing
> environment.
version 6.1 or 6.1.x? Which exact version (git id or version number)
> According to coredump, BUG_ON is triggered by mas->node with error
> number -ENOMEM(0xffffffffffffffd2).
> There are some mas_node_count functions in mas_wr_store_entry, and it
> seems that mas->node may be set to error node with -ENOMEM if there was
> no enough memory spcace for maple tree operations.
> We think that return -ENOMEM instead of directly triggering BUG_ON when
> memory is not available is suitable,
This BUG_ON() is necessary since this function should _never_ run out of
memory; this function does not return an error code. mas_preallocate()
should have gotten you the memory necessary (or returned an -ENOMEM)
prior to the call to mas_store_prealloc(), so this is probably an
internal tree problem.
>because in reality the tree
> operation shouldn't be performed in this situation.
There is a tree operation being performed here. mprotect is merging a
vma by the looks of the call stack. Why do you think no tree operation
is necessary?
>
> following are the backtrace:
> mas_store_prealloc+0x23c/0x484
> vma_mas_store+0xe4/0x2d0
> __vma_adjust+0xab0/0x1470
> vma_merge+0x5b8/0x5d4
> mprotect_fixup+0x1f4/0x478
> __arm64_sys_mprotect+0x6b0/0x8f0
> invoke_syscall+0x84/0x264
> el0_svc_common+0x118/0x1f0
> do_el0_svc+0x5c/0x184
> el0_svc+0x38/0x98
I see this is arm64. Do you have a reproducer? If you don't have a
reproducer, I can try stress-ng on amr64 to simulate your workload using
mprotect, but I need to know the exact kernel version as this issue may
have been fixed in a later stable release.
Thanks,
Liam
[-- Attachment #2: Type: text/html, Size: 6841 bytes --]
next prev parent reply other threads:[~2023-06-14 7:06 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-09 8:37 [BUG] trigger BUG_ON in mas_store_prealloc when low memory John Hsu (許永翰)
2023-06-13 14:11 ` Liam R. Howlett
2023-06-14 7:06 ` John Hsu (許永翰) [this message]
2023-06-14 15:58 ` Liam R. Howlett
2023-06-16 9:18 ` John Hsu (許永翰)
2023-07-06 18:54 ` Liam R. Howlett
2023-07-10 12:49 ` John Hsu (許永翰)
2023-07-10 14:24 ` Liam R. Howlett
2023-07-13 3:25 ` John Hsu (許永翰)
2023-07-13 3:29 ` John Hsu (許永翰)
2023-07-19 18:51 ` Liam R. Howlett
2023-07-19 19:22 ` Liam R. Howlett
2023-08-07 9:54 ` John Hsu (許永翰)
2023-08-08 20:00 ` Liam R. Howlett
-- strict thread matches above, loose matches on Subject: below --
2023-06-01 9:27 John Hsu (許永翰)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3b14df2fc2a7f18fe12f87a27574b7d40f2899ba.camel@mediatek.com \
--to=john.hsu@mediatek.com \
--cc=Andrew.Yang@mediatek.com \
--cc=Kuan-Ying.Lee@mediatek.com \
--cc=Liam.Howlett@Oracle.com \
--cc=Qun-wei.Lin@mediatek.com \
--cc=akpm@linux-foundation.org \
--cc=casper.li@mediatek.com \
--cc=chinwen.chang@mediatek.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=maple-tree@lists.infradead.org \
--cc=yuzhao@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.