From: Chris Mason <clm@meta.com>
To: Vlastimil Babka <vbabka@suse.cz>, Rik van Riel <riel@surriel.com>
Cc: Pekka Enberg <penberg@kernel.org>,
Christoph Lameter <cl@linux.com>,
Andrew Morton <akpm@linux-foundation.org>,
kernel-team@meta.com, linux-mm@kvack.org,
linux-kernel@vger.kernel.org,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
David Rientjes <rientjes@google.com>,
kasan-dev <kasan-dev@googlegroups.com>,
Jann Horn <jannh@google.com>
Subject: Re: [PATCH] mm,slub: do not call do_slab_free for kfence object
Date: Tue, 30 Jul 2024 08:03:36 -0400 [thread overview]
Message-ID: <7a347d75-4df0-4591-b040-a832d3860a30@meta.com> (raw)
In-Reply-To: <0d6e8252-de39-4414-b4e7-b6c22a427b0d@suse.cz>
On 7/30/24 6:01 AM, Vlastimil Babka wrote:
> On 7/29/24 8:46 PM, Chris Mason wrote:
>>
>>
>> On 7/29/24 2:19 PM, Rik van Riel wrote:
>>> Reported-by: Chris Mason <clm@meta.com>
>>> Fixes: 782f8906f805 ("mm/slub: free KFENCE objects in slab_free_hook()")
>>> Cc: stable@kernel.org
>>> Signed-off-by: Rik van Riel <riel@surriel.com>
>>
>> We found this after bisecting a slab corruption down to the kfence
>> patch, and with this patch applied we're no longer falling over. So
>> thanks Rik!
>
> Indeed thanks and sorry for the trouble! Given that
> __kmem_cache_free_bulk is currently only used to unwind a
> kmem_cache_bulk_alloc() that runs out of memory in the middle of the
> operation, I'm surprised you saw this happen reliably enough to bisect it.
>
The repro was just forcing two sequential OOMs during iperf load on top
of mlx5 ethernet:
Test machine:
- iperf -s -V
Load generator:
- iperf -c test_machine -P 10 -w 1k -l 1k -V --time 900
Test machine:
- hog all memory until OOM
- Do it one more time
Since we didn't have memory corruptions on other nics, I was pretty sure
the bisect had gone wrong when all the remaining commits were in MM.
Nothing against our friends in networking, but MM bugs are usually
easier to fix, so I was pretty happy after confirming kfence as the cause.
> Added to slab/for-6.11-rc1/fixes
Thanks!
-chris
prev parent reply other threads:[~2024-07-30 12:04 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-29 18:19 Rik van Riel
2024-07-29 18:46 ` Chris Mason
2024-07-30 10:01 ` Vlastimil Babka
2024-07-30 12:03 ` Chris Mason [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7a347d75-4df0-4591-b040-a832d3860a30@meta.com \
--to=clm@meta.com \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=jannh@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=kernel-team@meta.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=penberg@kernel.org \
--cc=riel@surriel.com \
--cc=rientjes@google.com \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox