archive mirror
 help / color / mirror / Atom feed
From: Peter Xu <>
To: Nick Bowler <>
	Andrew Morton <>
Subject: Re: PROBLEM: sparc64 random crashes starting w/ Linux 6.1 (regression)
Date: Sun, 29 Jan 2023 17:14:27 -0500	[thread overview]
Message-ID: <Y9bvwz4FIOQ+D8c4@x1n> (raw)
In-Reply-To: <>

On Sat, Jan 28, 2023 at 09:17:31PM -0500, Nick Bowler wrote:
> Hi,

Hi, Nick,

> Starting with Linux 6.1.y, my sparc64 (Sun Ultra 60) system is very
> unstable, with userspace processes randomly crashing with all kinds of
> different weird errors.  The same problem occurs on 6.2-rc5.  Linux
> 6.0.y is OK.
> Usually, it manifests with ssh connections just suddenly dropping out
> like this:
>   malloc(): unaligned tcache chunk detected
>   Connection to alectrona closed.
> but other kinds of failures (random segfaults, bus errors, etc.) are
> seen too.
> I have not ever seen the kernel itself oops or anything like that, there
> are no abnormal kernel log messages of any kind; except for the normal
> ones that get printed when processes segfault, like this one:
>   [  563.085851] zsh[2073]: segfault at 10 ip 00000000f7a7c09c (rpc
> 00000000f7a7c0a0) sp 00000000ff8f5e08 error 1 in
> I was able to reproduce this fairly reliably by using GNU ddrescue to
> dump a disk from the dvd drive -- things usually go awry after a minute
> or two.  So I was able to bisect to this commit:
>   2e3468778dbe3ec389a10c21a703bb8e5be5cfbc is the first bad commit
>   commit 2e3468778dbe3ec389a10c21a703bb8e5be5cfbc
>   Author: Peter Xu <>
>   Date:   Thu Aug 11 12:13:29 2022 -0400
>       mm: remember young/dirty bit for page migrations
> This does not revert cleanly on master, but I ran my test on the
> immediately preceding commit (0ccf7f168e17: "mm/thp: carry over dirty
> bit when thp splits on pmd") extra times and I am unable to get this
> one to crash, so reasonably confident in this bisection result...

There's a similar report previously but interestingly it was exactly
reported against commit 0ccf7f168e17, which was the one you reported all

It's probably because for some reason the thp split didn't really happen in
your system (maybe thp disabled?) or it should break too. It also means
624a2c94f5b7a didn't really fix all the issues.  So I assumed that's the
only issue we had after verified with 624a2c94f5b7a on two existing
reproducers and we assumed all issues fixed.

However then with this report I looked into the whole set and I did notice
the page migration code actually has similar problem.  Sorry I should have
noticed this even earlier.  So very likely the previous two reports came
from environment where page migration is either rare or not enabled.  And
now I suspect your system has page migration enabled.

Could you try below patch to see whether it fixes your problem?  It should
cover the last piece of possible issue with dirty bit on sparc after that
patchset.  It's based on latest master branch (commit ab072681eabe1ce0).

diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index abe6cfd92ffa..f15ea5b389f6 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -3272,15 +3272,17 @@ void remove_migration_pmd(struct page_vma_mapped_walk *pvmw, struct page *new)
        pmde = mk_huge_pmd(new, READ_ONCE(vma->vm_page_prot));
        if (pmd_swp_soft_dirty(*pvmw->pmd))
                pmde = pmd_mksoft_dirty(pmde);
-       if (is_writable_migration_entry(entry))
-               pmde = maybe_pmd_mkwrite(pmde, vma);
        if (pmd_swp_uffd_wp(*pvmw->pmd))
-               pmde = pmd_wrprotect(pmd_mkuffd_wp(pmde));
+               pmde = pmd_mkuffd_wp(pmde);
        if (!is_migration_entry_young(entry))
                pmde = pmd_mkold(pmde);
        /* NOTE: this may contain setting soft-dirty on some archs */
        if (PageDirty(new) && is_migration_entry_dirty(entry))
                pmde = pmd_mkdirty(pmde);
+       if (is_writable_migration_entry(entry))
+               pmde = maybe_pmd_mkwrite(pmde, vma);
+       else
+               pmde = pmd_wrprotect(pmde);
        if (PageAnon(new)) {
                rmap_t rmap_flags = RMAP_COMPOUND;
diff --git a/mm/migrate.c b/mm/migrate.c
index a4d3fc65085f..cc5455614e01 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -224,6 +224,8 @@ static bool remove_migration_pte(struct folio *folio,
                        pte = maybe_mkwrite(pte, vma);
                else if (pte_swp_uffd_wp(*pvmw.pte))
                        pte = pte_mkuffd_wp(pte);
+               else
+                       pte = pte_wrprotect(pte);
                if (folio_test_anon(folio) && !is_readable_migration_entry(entry))
                        rmap_flags |= RMAP_EXCLUSIVE;


Peter Xu

  reply	other threads:[~2023-01-29 22:15 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-29  2:17 PROBLEM: sparc64 random crashes starting w/ Linux 6.1 (regression) Nick Bowler
2023-01-29 22:14 ` Peter Xu [this message]
2023-01-30  1:36   ` Nick Bowler
2023-01-31  1:46   ` Nick Bowler
2023-02-15 14:49     ` Linux regression tracking (Thorsten Leemhuis)
2023-02-15 15:21       ` Peter Xu
2023-02-16  5:32         ` Nick Bowler
2023-02-16 15:33           ` Peter Xu
2023-01-30  9:37 ` Linux kernel regression tracking (#adding)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y9bvwz4FIOQ+D8c4@x1n \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).