On Wed, Feb 9, 2022 at 3:03 AM ci_notify@linaro.org wrote:
[TCWG CI] Regression caused by linux: fs-proc-task_mmuc-dont-read-mapcount-for-migration-entry-v4: commit 78cff485ae775daa8345bd7c9e332be914f64bde Author: Yang Shi shy828301@gmail.com
fs-proc-task_mmuc-dont-read-mapcount-for-migration-entry-v4Results regressed to # reset_artifacts: -10 # build_abe binutils: -9 # build_abe stage1: -5 # build_abe qemu: -2 # linux_n_obj: 20123 # First few build errors in logs: # 00:02:22 fs/proc/task_mmu.c:1444:14: error: unused variable ‘migration’ [-Werror=unused-variable] # 00:02:22 make[2]: *** [fs/proc/task_mmu.o] Error 1 # 00:03:01 make[1]: *** [fs/proc] Error 2 # 00:27:08 make: *** [fs] Error 2
Thanks for catching this. It seems this has been fixed in linux-next. The declaration of "migration" has been moved under "#ifdef CONFIG_TRANSPARENT_HUGEPAGE"
from # reset_artifacts: -10 # build_abe binutils: -9 # build_abe stage1: -5 # build_abe qemu: -2 # linux_n_obj: 20211 # linux build successful: all
THIS IS THE END OF INTERESTING STUFF. BELOW ARE LINKS TO BUILDS, REPRODUCTION INSTRUCTIONS, AND THE RAW COMMIT.
This commit has regressed these CI configurations:
- tcwg_kernel/gnu-release-arm-next-allyesconfig
First_bad build: https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-release-arm-next-allyes... Last_good build: https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-release-arm-next-allyes... Baseline build: https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-release-arm-next-allyes... Even more details: https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-release-arm-next-allyes...
Reproduce builds:
<cut> mkdir investigate-linux-78cff485ae775daa8345bd7c9e332be914f64bde cd investigate-linux-78cff485ae775daa8345bd7c9e332be914f64bde
# Fetch scripts git clone https://git.linaro.org/toolchain/jenkins-scripts
# Fetch manifests and test.sh script mkdir -p artifacts/manifests curl -o artifacts/manifests/build-baseline.sh https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-release-arm-next-allyes... --fail curl -o artifacts/manifests/build-parameters.sh https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-release-arm-next-allyes... --fail curl -o artifacts/test.sh https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-release-arm-next-allyes... --fail chmod +x artifacts/test.sh
# Reproduce the baseline build (build all pre-requisites) ./jenkins-scripts/tcwg_kernel-build.sh @@ artifacts/manifests/build-baseline.sh
# Save baseline build state (which is then restored in artifacts/test.sh) mkdir -p ./bisect rsync -a --del --delete-excluded --exclude /bisect/ --exclude /artifacts/ --exclude /linux/ ./ ./bisect/baseline/
cd linux
# Reproduce first_bad build git checkout --detach 78cff485ae775daa8345bd7c9e332be914f64bde ../artifacts/test.sh
# Reproduce last_good build git checkout --detach f0d65ae174ab9ff010bc134805d66606cb74bfa5 ../artifacts/test.sh
cd ..
</cut>
Full commit (up to 1000 lines):
<cut> commit 78cff485ae775daa8345bd7c9e332be914f64bde Author: Yang Shi <shy828301@gmail.com> Date: Fri Feb 4 17:34:03 2022 +1100
fs-proc-task_mmuc-dont-read-mapcount-for-migration-entry-v4 v4: * s/Treated/Treat per David * Collected acked-by tag from David v3: * Fixed the fix tag, the one used by v2 was not accurate * Added comment about the risk calling page_mapcount() per David * Fix pagemap Link: https://lkml.kernel.org/r/20220203182641.824731-1-shy828301@gmail.com Fixes: e9b61f19858a ("thp: reintroduce split_huge_page()") Signed-off-by: Yang Shi <shy828301@gmail.com> Reported-by: syzbot+1f52b3a18d5633fa7f82@syzkaller.appspotmail.com Acked-by: David Hildenbrand <david@redhat.com> Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> Cc: Jann Horn <jannh@google.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
fs/proc/task_mmu.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 2bb567014d77..bc2f46033231 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -469,9 +469,12 @@ static void smaps_account(struct mem_size_stats *mss, struct page *page, * If any subpage of the compound page mapped with PTE it would elevate * page_count(). *
* Treated regular migration entries as mapcount == 1 without reading* mapcount since calling page_mapcount() for migration entries is* racy against THP splitting.
* The page_mapcount() is called to get a snapshot of the mapcount.* Without holding the page lock this snapshot can be slightly wrong as* we cannot always read the mapcount atomically. It is not safe to* call page_mapcount() even with PTL held if the page is not mapped,* especially for migration entries. Treat regular migration entries* as mapcount == 1. */ if ((page_count(page) == 1) || migration) { smaps_page_accumulate(mss, page, size, size << PSS_SHIFT, dirty,@@ -1393,6 +1396,7 @@ static pagemap_entry_t pte_to_pagemap_entry(struct pagemapread *pm, { u64 frame = 0, flags = 0; struct page *page = NULL;
bool migration = false; if (pte_present(pte)) { if (pm->show_pfn)@@ -1414,13 +1418,14 @@ static pagemap_entry_t pte_to_pagemap_entry(struct pagemapread *pm, frame = swp_type(entry) | (swp_offset(entry) << MAX_SWAPFILES_SHIFT); flags |= PM_SWAP;
migration = is_migration_entry(entry); if (is_pfn_swap_entry(entry)) page = pfn_swap_entry_to_page(entry); } if (page && !PageAnon(page)) flags |= PM_FILE;
if (page && page_mapcount(page) == 1)
if (page && !migration && page_mapcount(page) == 1) flags |= PM_MMAP_EXCLUSIVE; if (vma->vm_flags & VM_SOFTDIRTY) flags |= PM_SOFT_DIRTY;@@ -1436,6 +1441,7 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, spinlock_t *ptl; pte_t *pte, *orig_pte; int err = 0;
bool migration = false;#ifdef CONFIG_TRANSPARENT_HUGEPAGE ptl = pmd_trans_huge_lock(pmdp, vma); @@ -1476,11 +1482,12 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, if (pmd_swp_uffd_wp(pmd)) flags |= PM_UFFD_WP; VM_BUG_ON(!is_pmd_migration_entry(pmd));
migration = is_migration_entry(entry); page = pfn_swap_entry_to_page(entry); }#endif
if (page && page_mapcount(page) == 1)
if (page && !migration && page_mapcount(page) == 1) flags |= PM_MMAP_EXCLUSIVE; for (; addr != end; addr += PAGE_SIZE) {</cut>