From: Zi Yan <ziy@nvidia.com>
To: Alexander Gordeev <agordeev@linux.ibm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org,
"Matthew Wilcox (Oracle)" <willy@infradead.org>,
Yang Shi <shy828301@gmail.com>,
Ryan Roberts <ryan.roberts@arm.com>,
Barry Song <21cnbao@gmail.com>,
David Hildenbrand <david@redhat.com>,
Lance Yang <ioworker0@gmail.com>,
linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org
Subject: Re: [PATCH v5] mm/rmap: do not add fully unmapped large folio to deferred split list
Date: Wed, 01 May 2024 09:38:24 -0400 [thread overview]
Message-ID: <5FAD7FB6-4AC0-4427-B56E-4942A95DB68C@nvidia.com> (raw)
In-Reply-To: <ZjJCdodEf4CBa1N7@li-008a6a4c-3549-11b2-a85c-c5cc2836eea2.ibm.com>
[-- Attachment #1: Type: text/plain, Size: 6060 bytes --]
On 1 May 2024, at 9:24, Alexander Gordeev wrote:
> On Fri, Apr 26, 2024 at 03:02:53PM -0400, Zi Yan wrote:
>
> Hi Zi,
>
> It increasingly looks like this commit is crashing on s390 since
> 2024-04-30 in linux-next. If I do not miss something - since it
> was included in mm-everything.
>
>> @@ -1553,9 +1558,10 @@ static __always_inline void __folio_remove_rmap(struct folio *folio,
>> * page of the folio is unmapped and at least one page
>> * is still mapped.
>> */
>> - if (folio_test_large(folio) && folio_test_anon(folio))
>> - if (level == RMAP_LEVEL_PTE || nr < nr_pmdmapped)
>> - deferred_split_folio(folio);
>> + if (folio_test_anon(folio) &&
>> + list_empty(&folio->_deferred_list) &&
>
> An attempt to reference folio->_deferred_list causes the crash below.
So if you remove this line, the crash no longer happens? It looks strange to
me that referencing a anonymous folio's _deferred_list would cause a crash.
Hmm, unless the folio is order-0.
Can you try the patch below and see if it fixes the crash? It moves partially_mapped
ahead to exclude order-0 folios.
diff --git a/mm/rmap.c b/mm/rmap.c
index 087a79f1f611..2d27c92bb6d5 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -1557,9 +1557,8 @@ static __always_inline void __folio_remove_rmap(struct folio *folio,
* page of the folio is unmapped and at least one page
* is still mapped.
*/
- if (folio_test_anon(folio) &&
- list_empty(&folio->_deferred_list) &&
- partially_mapped)
+ if (folio_test_anon(folio) && partially_mapped &&
+ list_empty(&folio->_deferred_list))
deferred_split_folio(folio);
}
>
>> + partially_mapped)
>> + deferred_split_folio(folio);
>> }
>>
>> /*
>
> [ 507.227423] Unable to handle kernel pointer dereference in virtual kernel address space
> [ 507.227432] Failing address: 000001d689000000 TEID: 000001d689000803
> [ 507.227435] Fault in home space mode while using kernel ASCE.
> [ 507.227439] AS:0000000180788007 R3:00000001fe2cc007 S:0000000000000020
> [ 507.227492] Oops: 0010 ilc:3 [#1] SMP
> [ 507.227497] Modules linked in: vmur(E) kvm(E) algif_hash(E) af_alg(E) binfmt_misc(E) nft_fib_inet(E) nft_fib_ipv4(E) nft_fib_ipv6(E) nft_fib(E) nft_reject_inet(E) nf_reject_ipv4(E) nf_reject_ipv6(E) nft_reject(E) nft_ct(E) nft_chain_nat(E) nf_nat(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) ip_set(E) nf_tables(E) nfnetlink(E) dm_service_time(E) s390_trng(E) vfio_ccw(E) mdev(E) vfio_iommu_type1(E) vfio(E) sch_fq_codel(E) loop(E) configfs(E) lcs(E) ctcm(E) fsm(E) zfcp(E) scsi_transport_fc(E) ghash_s390(E) prng(E) chacha_s390(E) libchacha(E) aes_s390(E) des_s390(E) libdes(E) sha3_512_s390(E) sha3_256_s390(E) sha512_s390(E) sha256_s390(E) sha1_s390(E) sha_common(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) pkey(E) zcrypt(E) rng_core(E) dm_multipath(E) autofs4(E)
> [ 507.227546] Unloaded tainted modules: dcssblk(E):2 [last unloaded: dcssblk(E)]
> [ 507.230569] CPU: 0 PID: 36783 Comm: pahole Tainted: G E 6.9.0-20240430.rc6.git237.d04466706db5.300.fc39.s390x+next #1
> [ 507.230574] Hardware name: IBM 3931 A01 703 (z/VM 7.3.0)
> [ 507.230576] Krnl PSW : 0704f00180000000 0000025e1092a430 (folio_remove_rmap_ptes+0xe0/0x140)
> [ 507.230588] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:3 PM:0 RI:0 EA:3
> [ 507.230592] Krnl GPRS: ffffffffffffe377 0000000000000000 0000025e122075b8 0000000000000000
> [ 507.230595] ffffffffffffffff 0000025d8f613288 8800000000000000 00000157a38b8700
> [ 507.230598] 000000023fffe13f 0000000000000000 000001579ccd75c0 000001d688ffff80
> [ 507.230602] 000003ffb9cacf98 000001d688ffff80 0000025e1092a428 000001de11fab878
> [ 507.230610] Krnl Code: 0000025e1092a422: c0e500039f47 brasl %r14,0000025e1099e2b0
> [ 507.230610] 0000025e1092a428: 9101b01f tm 31(%r11),1
> [ 507.230610] #0000025e1092a42c: a784ffb9 brc 8,0000025e1092a39e
> [ 507.230610] >0000025e1092a430: e340b0900004 lg %r4,144(%r11)
> [ 507.230610] 0000025e1092a436: 4150b090 la %r5,144(%r11)
> [ 507.230610] 0000025e1092a43a: ec45ffb26064 cgrj %r4,%r5,6,0000025e1092a39e
> [ 507.230610] 0000025e1092a440: a7910001 tmll %r9,1
> [ 507.230610] 0000025e1092a444: a784ffad brc 8,0000025e1092a39e
> [ 507.230672] Call Trace:
> [ 507.230678] [<0000025e1092a430>] folio_remove_rmap_ptes+0xe0/0x140
> [ 507.230682] ([<0000025e1092a428>] folio_remove_rmap_ptes+0xd8/0x140)
> [ 507.230685] [<0000025e1090d76a>] zap_present_ptes.isra.0+0x222/0x918
> [ 507.230689] [<0000025e1090e008>] zap_pte_range+0x1a8/0x4e8
> [ 507.230692] [<0000025e1090e58c>] zap_p4d_range+0x244/0x480
> [ 507.230695] [<0000025e1090eb22>] unmap_page_range+0xea/0x2c0
> [ 507.230698] [<0000025e1090ed92>] unmap_single_vma.isra.0+0x9a/0xf0
> [ 507.230701] [<0000025e1090ee9e>] unmap_vmas+0xb6/0x1a0
> [ 507.230705] [<0000025e1091e0d4>] exit_mmap+0xc4/0x3d0
> [ 507.230709] [<0000025e10675c64>] __mmput+0x54/0x150
> [ 507.230714] [<0000025e1067f3ba>] exit_mm+0xca/0x138
> [ 507.230717] [<0000025e1067f690>] do_exit+0x268/0x520
> [ 507.230721] [<0000025e1067fb38>] do_group_exit+0x40/0xb8
> [ 507.230725] [<0000025e1067fc0e>] __s390x_sys_exit_group+0x2e/0x30
> [ 507.230729] [<0000025e1136ba4e>] __do_syscall+0x216/0x2d0
> [ 507.230736] [<0000025e1137c848>] system_call+0x70/0x98
> [ 507.230780] Last Breaking-Event-Address:
> [ 507.230783] [<0000025e1099e32a>] __lruvec_stat_mod_folio+0x7a/0xb0
> [ 507.230789] Kernel panic - not syncing: Fatal exception: panic_on_oops
> 00: HCPGIR450W CP entered; disabled wait PSW 00020001 80000000 0000025E 10630B56
>
> Thanks!
--
Best Regards,
Yan, Zi
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 854 bytes --]
next prev parent reply other threads:[~2024-05-01 13:38 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-26 19:02 [PATCH v5] mm/rmap: do not add fully unmapped large folio to deferred split list Zi Yan
2024-04-26 19:08 ` David Hildenbrand
2024-04-26 19:20 ` Zi Yan
2024-04-26 20:15 ` David Hildenbrand
2024-04-26 20:22 ` Zi Yan
2024-04-27 4:06 ` Lance Yang
2024-04-27 6:51 ` David Hildenbrand
2024-04-27 9:32 ` Barry Song
2024-04-26 20:42 ` Yang Shi
2024-04-27 4:09 ` Lance Yang
2024-05-01 13:24 ` Alexander Gordeev
2024-05-01 13:38 ` Zi Yan [this message]
2024-05-01 15:54 ` David Hildenbrand
2024-05-02 13:18 ` Alexander Gordeev
2024-05-02 13:20 ` Zi Yan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5FAD7FB6-4AC0-4427-B56E-4942A95DB68C@nvidia.com \
--to=ziy@nvidia.com \
--cc=21cnbao@gmail.com \
--cc=agordeev@linux.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=david@redhat.com \
--cc=ioworker0@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-s390@vger.kernel.org \
--cc=ryan.roberts@arm.com \
--cc=shy828301@gmail.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.