From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 272E4C71155 for ; Wed, 2 Dec 2020 08:50:05 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id A5519206E3 for ; Wed, 2 Dec 2020 08:50:04 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A5519206E3 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 1DAB78D0002; Wed, 2 Dec 2020 03:50:04 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 18C488D0001; Wed, 2 Dec 2020 03:50:04 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 054728D0002; Wed, 2 Dec 2020 03:50:03 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0117.hostedemail.com [216.40.44.117]) by kanga.kvack.org (Postfix) with ESMTP id E37AC8D0001 for ; Wed, 2 Dec 2020 03:50:03 -0500 (EST) Received: from smtpin24.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id A590E181AEF1F for ; Wed, 2 Dec 2020 08:50:03 +0000 (UTC) X-FDA: 77547719886.24.smoke44_510d3d8273b1 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin24.hostedemail.com (Postfix) with ESMTP id 74A041A4A0 for ; Wed, 2 Dec 2020 08:50:03 +0000 (UTC) X-HE-Tag: smoke44_510d3d8273b1 X-Filterd-Recvd-Size: 6887 Received: from mail-ej1-f50.google.com (mail-ej1-f50.google.com [209.85.218.50]) by imf15.hostedemail.com (Postfix) with ESMTP for ; Wed, 2 Dec 2020 08:50:02 +0000 (UTC) Received: by mail-ej1-f50.google.com with SMTP id jx16so2453004ejb.10 for ; Wed, 02 Dec 2020 00:50:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lGQxU4smDX12ciBTdGM0u5QnLY7pZDLRsh2d6WxdLj4=; b=iR1FDnQLqeGi9h3b4ydgVKH+wqFxdW3ToSn0JbeVWoBc9csAWHNmVQGElBwr1oLvpz asmJiulvDDNswro3F7DGewO0s6QqElhrUhY4bCwqMbkcXc8xhK8dykM4qrpsVVfefac3 afaC5haErcVCGTkM5YYzvUR6myyhwbho7qd4IE6XS03zJFNfU/9G+r2TFPMYyQyx3nvD 9Zx+o7ie1lJ9+fWPNDMBGFwpeOqpq0S1uQ8xVXNIWGBa8I00YjYe45yJQ0mXbh1p6I10 jcUnce/DjcatGjJirhK5cswDAbDle8Fi/sLe+J4RBNdehhrnCokv3oI8vBJe+Wk6mQr1 fa6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lGQxU4smDX12ciBTdGM0u5QnLY7pZDLRsh2d6WxdLj4=; b=bwJG6OOhD0iZyYxTCPE9zKs6PFvoQmFy2Snqzp5J76QaHodCUklrht5lRuGDn3JQn9 52TIxlshwPJL0UE34f8rrUILKTR3Bnuc08PFjVTAsh5uSPXsNTYl9TjYyO2xL9mNh2ha +qO/ffUoAN9a4LBYk8KmhoBkS1/uIo7QmqZF8ZN0uI1KJ7czl5RY5D08P9YRo3Z686lo OLhzPKj5fu4j8FnaJE/YivQWkADWzS4bhi4trhN56dJ6gENVXl5wNDkN4WSDOKnr3Jb4 fQfrelBL3/olqCohxr4boy7O4v/KNQBcaZF+6vLWSY5CSCUKoYfcliGeROygjyIa4rVl dDhA== X-Gm-Message-State: AOAM5334DAw1YGRxmLCSJNcAYZox2Tdah9kkYE7MdNHRMpOd6+2JgKAp D8TlGqZYyO24D5U4cJeJUwhROcwOEVUpcKFhCve2fw== X-Google-Smtp-Source: ABdhPJwhZcZHLPK/OTQxaZiCfcGmM8ZvtDS5GjOo3YE6HIDLyrPWM6ofYoH4ZaI5fu462fSc4leThNOXk1bFo/2g54g= X-Received: by 2002:a17:906:edb2:: with SMTP id sa18mr1273603ejb.264.1606899001140; Wed, 02 Dec 2020 00:50:01 -0800 (PST) MIME-Version: 1.0 References: <20201201022412.GG4327@casper.infradead.org> <20201201204900.GC11935@casper.infradead.org> <20201202034308.GD11935@casper.infradead.org> In-Reply-To: From: Dan Williams Date: Wed, 2 Dec 2020 00:49:57 -0800 Message-ID: Subject: Re: mapcount corruption regression To: Matthew Wilcox Cc: "Shutemov, Kirill" , Linux Kernel Mailing List , Linux MM , linux-nvdimm , Vlastimil Babka , Yi Zhang , Toshi Kani Content-Type: text/plain; charset="UTF-8" X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Dec 1, 2020 at 9:07 PM Dan Williams wrote: > > On Tue, Dec 1, 2020 at 7:43 PM Matthew Wilcox wrote: > > > > On Tue, Dec 01, 2020 at 06:28:45PM -0800, Dan Williams wrote: > > > On Tue, Dec 1, 2020 at 12:49 PM Matthew Wilcox wrote: > > > > > > > > On Tue, Dec 01, 2020 at 12:42:39PM -0800, Dan Williams wrote: > > > > > On Mon, Nov 30, 2020 at 6:24 PM Matthew Wilcox wrote: > > > > > > > > > > > > On Mon, Nov 30, 2020 at 05:20:25PM -0800, Dan Williams wrote: > > > > > > > Kirill, Willy, compound page experts, > > > > > > > > > > > > > > I am seeking some debug ideas about the following splat: > > > > > > > > > > > > > > BUG: Bad page state in process lt-pmem-ns pfn:121a12 > > > > > > > page:0000000051ef73f7 refcount:0 mapcount:-1024 > > > > > > > mapping:0000000000000000 index:0x0 pfn:0x121a12 > > > > > > > > > > > > Mapcount of -1024 is the signature of: > > > > > > > > > > > > #define PG_guard 0x00000400 > > > > > > > > > > Oh, thanks for that. I overlooked how mapcount is overloaded. Although > > > > > in v5.10-rc4 that value is: > > > > > > > > > > #define PG_table 0x00000400 > > > > > > > > Ah, I was looking at -next, where Roman renumbered it. > > > > > > > > I know UML had a problem where it was not clearing PG_table, but you > > > > seem to be running on bare metal. SuperH did too, but again, you're > > > > not using SuperH. > > > > > > > > > > > > > > > > (the bits are inverted, so this turns into 0xfffffbff which is reported > > > > > > as -1024) > > > > > > > > > > > > I assume you have debug_pagealloc enabled? > > > > > > > > > > Added it, but no extra spew. I'll dig a bit more on how PG_table is > > > > > not being cleared in this case. > > > > > > > > I only asked about debug_pagealloc because that sets PG_guard. Since > > > > the problem is actually PG_table, it's not relevant. > > > > > > As a shot in the dark I reverted: > > > > > > b2b29d6d0119 mm: account PMD tables like PTE tables > > > > > > ...and the test passed. > > > > That's not really surprising ... you're still freeing PMD tables without > > calling the destructor, which means that you're leaking ptlocks on > > configs that can't embed the ptlock in the struct page. > > Ok, so potentially this new tracking is highlighting a long standing > bug that was previously silent. That would explain the ambiguous > bisect results. > > > I suppose it shows that you're leaking a PMD table rather than a PTE > > table, so that might help track it down. Checking for PG_table in > > free_unref_page() and calling show_stack() will probably help more. > > Will do. Thanks for the pointers Willy this fix below tests ok and looks correct to me given the history: diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index dfd82f51ba66..7ed99314dcdf 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -829,6 +829,7 @@ int pud_free_pmd_page(pud_t *pud, unsigned long addr) } free_page((unsigned long)pmd_sv); + pgtable_pmd_page_dtor(virt_to_page(pmd)); free_page((unsigned long)pmd); return 1; In 2013 Kirill noticed that he missed a pmd page table free site: c283610e44ec x86, mm: do not leak page->ptl for pmd page tables In 2018 Toshi added a new pmd page table free site without the destructor: 28ee90fe6048 x86/mm: implement free pmd/pte page interfaces In 2020 Willy adds PG_table accounting that flags the missing pgtable_pmd_page_dtor() Yi, I would appreciate a confirmation that the fix works for you.