From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
To: Mike Rapoport <rppt@kernel.org>
Cc: linux-mm@kvack.org, Alexander Potapenko <glider@google.com>,
Marco Elver <elver@google.com>,
Dmitry Vyukov <dvyukov@google.com>
Subject: Re: [PATCH] mm: Fix memblock_free_late() when using deferred struct page
Date: Tue, 10 Feb 2026 17:17:08 +1100 [thread overview]
Message-ID: <5a44609fe992624573a3ca0a293888bd623e2a06.camel@kernel.crashing.org> (raw)
In-Reply-To: <e5d5a1105d90ee1e7fe7eafaed2ed03bbad0c46b.camel@kernel.crashing.org>
So ... that was a backport to 6.12.68 and my original patch is crashing
the same way ! (it was working last week interestingly enough,
something else got backported that gets in the way maybe ?).
I'm going to have to go back to digging :-(
I suspect the pages aren't reserved. I swear this was working :-)
Cheers,
Ben.
[ 0.033998] RETBleed: WARNING: Spectre v2 mitigation leaves CPU vulnerable to RETBleed attacks, data leaks possible!
[ 0.043386] BUG: unable to handle page fault for address: ffffe49c80307388
[ 0.043386] #PF: supervisor read access in kernel mode
[ 0.043386] #PF: error_code(0x0000) - not-present page
[ 0.043386] PGD 1024067 P4D 1024067 PUD 0
[ 0.043386] Oops: Oops: 0000 [#1] PREEMPT SMP PTI
[ 0.043386] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.68-92.123.amzn2023.x86_64 #1
[ 0.043386] Hardware name: Amazon EC2 t3.nano/, BIOS 1.0 10/16/2017
[ 0.043386] RIP: 0010:__list_del_entry_valid_or_report+0x32/0xb0
[ 0.043386] Code: 89 fe 48 85 d2 74 3e 48 85 c9 74 47 48 b8 00 01 00 00 00 00 ad de 48 39 c2 74 46 48 b8 22 01 00 00 00 00 ad de 48 39 c1 74 45 <4c> 8b 01 49 39 f8 75 4e 4c 8b 4a 08 4d 39 c1 75 56 b8 01 00 00 00
[ 0.043386] RSP: 0000:ffffffffb3c03da0 EFLAGS: 00010006
[ 0.043386] RAX: dead000000000122 RBX: fffff44480600300 RCX: ffffe49c80307388
[ 0.043386] RDX: ffffe49c804e5288 RSI: fffff44480600308 RDI: fffff44480600308
[ 0.043386] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000002
[ 0.043386] R10: 0000000000000000 R11: 0000000000000200 R12: ffff8cf21b8cbc80
[ 0.043386] R13: 0000000000000000 R14: 000000000001800d R15: fffff44480600340
[ 0.043386] FS: 0000000000000000(0000) GS:ffff8cf21aa00000(0000) knlGS:0000000000000000
[ 0.043386] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.043386] CR2: ffffe49c80307388 CR3: 0000000006c34001 CR4: 00000000007706f0
[ 0.043386] PKRU: 55555554
[ 0.043386] Call Trace:
[ 0.043386] <TASK>
[ 0.043386] __free_one_page+0x170/0x520
[ 0.043386] free_one_page+0x4c/0x80
[ 0.043386] memblock_free_late+0x72/0xd0
[ 0.043386] efi_free_boot_services+0x11f/0x2e0
[ 0.043386] __efi_enter_virtual_mode+0x181/0x210
[ 0.043386] efi_enter_virtual_mode+0xcd/0x110
[ 0.043386] start_kernel+0x393/0x500
[ 0.043386] x86_64_start_reservations+0x14/0x30
[ 0.043386] x86_64_start_kernel+0x77/0x80
[ 0.043386] common_startup_64+0x13e/0x141
[ 0.043386] </TASK>
[ 0.043386] Modules linked in:
[ 0.043386] CR2: ffffe49c80307388
[ 0.043386] ---[ end trace 0000000000000000 ]---
[ 0.043386] RIP: 0010:__list_del_entry_valid_or_report+0x32/0xb0
[ 0.043386] Code: 89 fe 48 85 d2 74 3e 48 85 c9 74 47 48 b8 00 01 00 00 00 00 ad de 48 39 c2 74 46 48 b8 22 01 00 00 00 00 ad de 48 39 c1 74 45 <4c> 8b 01 49 39 f8 75 4e 4c 8b 4a 08 4d 39 c1 75 56 b8 01 00 00 00
[ 0.043386] RSP: 0000:ffffffffb3c03da0 EFLAGS: 00010006
[ 0.043386] RAX: dead000000000122 RBX: fffff44480600300 RCX: ffffe49c80307388
[ 0.043386] RDX: ffffe49c804e5288 RSI: fffff44480600308 RDI: fffff44480600308
[ 0.043386] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000002
[ 0.043386] R10: 0000000000000000 R11: 0000000000000200 R12: ffff8cf21b8cbc80
[ 0.043386] R13: 0000000000000000 R14: 000000000001800d R15: fffff44480600340
[ 0.043386] FS: 0000000000000000(0000) GS:ffff8cf21aa00000(0000) knlGS:0000000000000000
[ 0.043386] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.043386] CR2: ffffe49c80307388 CR3: 0000000006c34001 CR4: 00000000007706f0
[ 0.043386] PKRU: 55555554
[ 0.043386] Kernel panic - not syncing: Fatal exception
[ 0.043386] ---[ end Kernel panic - not syncing: Fatal exception ]---
[ 0.033998] RETBleed: WARNING: Spectre v2 mitigation leaves CPU vulnerable to RETBleed attacks, data leaks possible!
[ 0.043386] BUG: unable to handle page fault for address: ffffe49c80307388
[ 0.043386] #PF: supervisor read access in kernel mode
[ 0.043386] #PF: error_code(0x0000) - not-present page
[ 0.043386] PGD 1024067 P4D 1024067 PUD 0
[ 0.043386] Oops: Oops: 0000 [#1] PREEMPT SMP PTI
[ 0.043386] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.68-92.123.amzn2023.x86_64 #1
[ 0.043386] Hardware name: Amazon EC2 t3.nano/, BIOS 1.0 10/16/2017
[ 0.043386] RIP: 0010:__list_del_entry_valid_or_report+0x32/0xb0
[ 0.043386] Code: 89 fe 48 85 d2 74 3e 48 85 c9 74 47 48 b8 00 01 00 00 00 00 ad de 48 39 c2 74 46 48 b8 22 01 00 00 00 00 ad de 48 39 c1 74 45 <4c> 8b 01 49 39 f8 75 4e 4c 8b 4a 08 4d 39 c1 75 56 b8 01 00 00 00
[ 0.043386] RSP: 0000:ffffffffb3c03da0 EFLAGS: 00010006
[ 0.043386] RAX: dead000000000122 RBX: fffff44480600300 RCX: ffffe49c80307388
[ 0.043386] RDX: ffffe49c804e5288 RSI: fffff44480600308 RDI: fffff44480600308
[ 0.043386] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000002
[ 0.043386] R10: 0000000000000000 R11: 0000000000000200 R12: ffff8cf21b8cbc80
[ 0.043386] R13: 0000000000000000 R14: 000000000001800d R15: fffff44480600340
[ 0.043386] FS: 0000000000000000(0000) GS:ffff8cf21aa00000(0000) knlGS:0000000000000000
[ 0.043386] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.043386] CR2: ffffe49c80307388 CR3: 0000000006c34001 CR4: 00000000007706f0
[ 0.043386] PKRU: 55555554
[ 0.043386] Call Trace:
[ 0.043386] <TASK>
[ 0.043386] __free_one_page+0x170/0x520
[ 0.043386] free_one_page+0x4c/0x80
[ 0.043386] memblock_free_late+0x72/0xd0
[ 0.043386] efi_free_boot_services+0x11f/0x2e0
[ 0.043386] __efi_enter_virtual_mode+0x181/0x210
[ 0.043386] efi_enter_virtual_mode+0xcd/0x110
[ 0.043386] start_kernel+0x393/0x500
[ 0.043386] x86_64_start_reservations+0x14/0x30
[ 0.043386] x86_64_start_kernel+0x77/0x80
[ 0.043386] common_startup_64+0x13e/0x141
[ 0.043386] </TASK>
[ 0.043386] Modules linked in:
[ 0.043386] CR2: ffffe49c80307388
[ 0.043386] ---[ end trace 0000000000000000 ]---
[ 0.043386] RIP: 0010:__list_del_entry_valid_or_report+0x32/0xb0
[ 0.043386] Code: 89 fe 48 85 d2 74 3e 48 85 c9 74 47 48 b8 00 01 00 00 00 00 ad de 48 39 c2 74 46 48 b8 22 01 00 00 00 00 ad de 48 39 c1 74 45 <4c> 8b 01 49 39 f8 75 4e 4c 8b 4a 08 4d 39 c1 75 56 b8 01 00 00 00
[ 0.043386] RSP: 0000:ffffffffb3c03da0 EFLAGS: 00010006
[ 0.043386] RAX: dead000000000122 RBX: fffff44480600300 RCX: ffffe49c80307388
[ 0.043386] RDX: ffffe49c804e5288 RSI: fffff44480600308 RDI: fffff44480600308
[ 0.043386] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000002
[ 0.043386] R10: 0000000000000000 R11: 0000000000000200 R12: ffff8cf21b8cbc80
[ 0.043386] R13: 0000000000000000 R14: 000000000001800d R15: fffff44480600340
[ 0.043386] FS: 0000000000000000(0000) GS:ffff8cf21aa00000(0000) knlGS:0000000000000000
[ 0.043386] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.043386] CR2: ffffe49c80307388 CR3: 0000000006c34001 CR4: 00000000007706f0
[ 0.043386] PKRU: 55555554
[ 0.043386] Kernel panic - not syncing: Fatal exception
[ 0.043386] ---[ end Kernel panic - not syncing: Fatal exception ]---
On Tue, 2026-02-10 at 13:10 +1100, Benjamin Herrenschmidt wrote:
> On Tue, 2026-02-10 at 12:04 +1100, Benjamin Herrenschmidt wrote:
> > On Fri, 2026-02-06 at 12:33 +0200, Mike Rapoport wrote:
> > >
> > > So it essentially becomes "oneliner" :)
> > >
> > > diff --git a/mm/memblock.c b/mm/memblock.c
> > > index e76255e4ff36..6e984bcdf6cd 100644
> > > --- a/mm/memblock.c
> > > +++ b/mm/memblock.c
> > > @@ -1770,10 +1770,8 @@ void __init memblock_free_late(phys_addr_t
> > > base, phys_addr_t size)
> > > cursor = PFN_UP(base);
> > > end = PFN_DOWN(base + size);
> > >
> > > - for (; cursor < end; cursor++) {
> > > - memblock_free_pages(pfn_to_page(cursor), cursor,
> > > 0);
> > > - totalram_pages_inc();
> > > - }
> > > + for (; cursor < end; cursor++)
> > > + free_reserved_page(pfn_to_page(cursor));
> > > }
> >
> > Nice and sweet :-)
> >
> > I'll spin that & test it and send a v2. Thanks !
>
> Tadaaa ! Looks like I'll need to dig deeper... Busy with something
> else
> today but I'll get back to this asap.
>
> [ 0.076840] BUG: unable to handle page fault for address:
> ffffce1a005a0788
> [ 0.078226] #PF: supervisor read access in kernel mode
> [ 0.078226] #PF: error_code(0x0000) - not-present page
> [ 0.078226] PGD 0 P4D 0
> [ 0.078226] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI
> [ 0.078226] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted
> 6.12.68-92.123.amzn2023.x86_64 #1
> [ 0.078226] Hardware name: Amazon EC2 t3a.nano/, BIOS 1.0
> 10/16/2017
> [ 0.078226] RIP: 0010:__list_del_entry_valid_or_report+0x32/0xb0
> [ 0.078226] Code: 89 fe 48 85 d2 74 3e 48 85 c9 74 47 48 b8 00 01
> 00 00 00 00 ad de 48 39 c2 74 46 48 b8 22 01 00 00 00 00 ad de 48 39
> c1 74 45 <4c> 8b 01 49 39 f8 75 4e 4c 8b 4a 08 4d 39 c1 75 56 b8 01
> 00 00 00
> [ 0.078226] RSP: 0000:ffffffff9ac03cc0 EFLAGS: 00010006
> [ 0.078226] RAX: dead000000000122 RBX: fffff56600459c80 RCX:
> ffffce1a005a0788
> [ 0.078226] RDX: ffffce1a005e3e08 RSI: fffff56600459c88 RDI:
> fffff56600459c88
> [ 0.078226] RBP: 0000000000000000 R08: ffffffffffffffc0 R09:
> 0000000000000000
> [ 0.078226] R10: 000000000000001c R11: 0000000000000200 R12:
> ffff8ca75bacbc80
> [ 0.078226] R13: 0000000000000000 R14: 0000000000011673 R15:
> fffff56600459cc0
> [ 0.078226] FS: 0000000000000000(0000) GS:ffff8ca752c00000(0000)
> knlGS:0000000000000000
> [ 0.078226] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 0.078226] CR2: ffffce1a005a0788 CR3: 0000000006c34000 CR4:
> 00000000003506f0
> [ 0.078226] Call Trace:
> [ 0.078226] <TASK>
> [ 0.078226] __free_one_page+0x170/0x520
> [ 0.078226] free_pcppages_bulk+0x151/0x1e0
> [ 0.078226] free_unref_page_commit+0x263/0x320
> [ 0.078226] free_unref_page+0x2c8/0x5b0
> [ 0.078226] ? srso_return_thunk+0x5/0x5f
> [ 0.078226] free_reserved_page+0x1c/0x30
> [ 0.078226] memblock_free_late+0x6c/0xc0
> [ 0.078226] efi_free_boot_services+0x11f/0x2e0
> [ 0.078226] __efi_enter_virtual_mode+0x181/0x210
> [ 0.078226] efi_enter_virtual_mode+0xcd/0x110
> [ 0.078226] start_kernel+0x393/0x500
> [ 0.078226] x86_64_start_reservations+0x14/0x30
> [ 0.078226] x86_64_start_kernel+0x77/0x80
> [ 0.078226] common_startup_64+0x13e/0x141
> [ 0.078226] </TASK>
> [ 0.078226] Modules linked in:
> [ 0.078226] CR2: ffffce1a005a0788
> [ 0.078226] ---[ end trace 0000000000000000 ]---
> [ 0.078226] RIP: 0010:__list_del_entry_valid_or_report+0x32/0xb0
> [ 0.078226] Code: 89 fe 48 85 d2 74 3e 48 85 c9 74 47 48 b8 00 01
> 00 00 00 00 ad de 48 39 c2 74 46 48 b8 22 01 00 00 00 00 ad de 48 39
> c1 74 45 <4c> 8b 01 49 39 f8 75 4e 4c 8b 4a 08 4d 39 c1 75 56 b8 01
> 00 00 00
> [ 0.078226] RSP: 0000:ffffffff9ac03cc0 EFLAGS: 00010006
> [ 0.078226] RAX: dead000000000122 RBX: fffff56600459c80 RCX:
> ffffce1a005a0788
> [ 0.078226] RDX: ffffce1a005e3e08 RSI: fffff56600459c88 RDI:
> fffff56600459c88
> [ 0.078226] RBP: 0000000000000000 R08: ffffffffffffffc0 R09:
> 0000000000000000
> [ 0.078226] R10: 000000000000001c R11: 0000000000000200 R12:
> ffff8ca75bacbc80
> [ 0.078226] R13: 0000000000000000 R14: 0000000000011673 R15:
> fffff56600459cc0
> [ 0.078226] FS: 0000000000000000(0000) GS:ffff8ca752c00000(0000)
> knlGS:0000000000000000
> [ 0.078226] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 0.078226] CR2: ffffce1a005a0788 CR3: 0000000006c34000 CR4:
> 00000000003506f0
> [ 0.078226] Kernel panic - not syncing: Fatal exception
> [ 0.078226] ---[ end Kernel panic - not syncing: Fatal exception
> ]---
>
next prev parent reply other threads:[~2026-02-10 6:17 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-03 8:02 Benjamin Herrenschmidt
2026-02-03 18:40 ` Mike Rapoport
2026-02-03 19:53 ` Benjamin Herrenschmidt
2026-02-04 7:39 ` Mike Rapoport
2026-02-04 9:02 ` Benjamin Herrenschmidt
2026-02-06 10:33 ` Mike Rapoport
2026-02-10 1:04 ` Benjamin Herrenschmidt
2026-02-10 2:10 ` Benjamin Herrenschmidt
2026-02-10 6:17 ` Benjamin Herrenschmidt [this message]
2026-02-10 8:34 ` Benjamin Herrenschmidt
2026-02-10 14:32 ` Mike Rapoport
2026-02-10 23:23 ` Benjamin Herrenschmidt
2026-02-11 5:20 ` Mike Rapoport
2026-02-16 5:34 ` Benjamin Herrenschmidt
2026-02-16 6:51 ` Benjamin Herrenschmidt
2026-02-16 4:53 ` Benjamin Herrenschmidt
2026-02-16 15:28 ` Mike Rapoport
2026-02-16 10:36 ` Alexander Potapenko
2026-02-17 8:28 ` [PATCH v2] " Benjamin Herrenschmidt
2026-02-17 12:32 ` Mike Rapoport
2026-02-17 22:00 ` Benjamin Herrenschmidt
2026-02-17 21:47 ` Benjamin Herrenschmidt
2026-02-18 0:15 ` Benjamin Herrenschmidt
2026-02-18 8:05 ` Mike Rapoport
2026-02-19 2:48 ` Benjamin Herrenschmidt
2026-02-19 10:16 ` Mike Rapoport
2026-02-19 22:46 ` Benjamin Herrenschmidt
2026-02-20 4:57 ` Benjamin Herrenschmidt
2026-02-20 9:09 ` Mike Rapoport
2026-02-20 9:00 ` Mike Rapoport
2026-02-20 5:12 ` Benjamin Herrenschmidt
2026-02-20 5:15 ` Benjamin Herrenschmidt
2026-02-20 5:47 ` Benjamin Herrenschmidt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5a44609fe992624573a3ca0a293888bd623e2a06.camel@kernel.crashing.org \
--to=benh@kernel.crashing.org \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=glider@google.com \
--cc=linux-mm@kvack.org \
--cc=rppt@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox