Re: mm: Regression with v7.0-rc1 on RISC-V

[Zi Yan]

On 24 Feb 2026, at 20:58, Kefeng Wang wrote:

> On 2026/2/25 1:29, Zi Yan wrote:
>> On 24 Feb 2026, at 12:17, Zi Yan wrote:
>
> ...
>
>>>>>
>>>>> Thinking again without my computer at hand … isn‘t the call completely optimized out without CONFIG_DEBUG_VM?
>>>>>
>>>>>
>>>>>
>>>>> At least that’s what I remember.
>>>>
>>>> Right. Without CONFIG_DEBUG_VM=y, VM_WARN_ON(!put_page_testzero(pfn_to_page(pfn)))
>>>> and is_check_pages_enabled(), which leads to free_page_is_bad()’s
>>>> “page dumped because: nonzero _refcount”, are disabled.
>>>>
>>>> It seems to me that someone else bump the page refcount between
>>>> VM_WARN_ON(!put_page_testzero(pfn_to_page(pfn))) and free_page_is_bad().
>>>>
>>>
>>> Merging Ron’s reply from another thread[1]:
>>>
>>> “Something strange is going on. I enabled CONFIG_DEBUG_VM by itself and
>>> the issue went away. Let me try CONFIG_DEBUG_PAGE_REF.”
>>>
>>> Looks like something is racy, since it is reproducible reliably.
>>>
>>> [1] https://lore.kernel.org/all/30dd1efc-9bd9-4664-999e-610d181600f9@xxxxxxxx/
>>
>> VM_WARN_ON() is BUILD_BUG_ON_INVALID() when CONFIG_DEBUG_VM is off. Only
>> the validity of the expression is checked and no code is generated.
>> So that put_page_testzero() becomes a NOP.
>
> Indeed...
>
>>
>> Hi Ron,
>>
>> Can you check if the patch below fix the issue without CONFIG_DEBUG_VM?
>>
>> diff --git a/mm/cma.c b/mm/cma.c
>> index 94b5da468a7d..96be62eb3713 100644
>> --- a/mm/cma.c
>> +++ b/mm/cma.c
>> @@ -1020,8 +1020,11 @@ bool cma_release(struct cma *cma, const struct page *pages,
>>   		return false;
>>
>>   	pfn = page_to_pfn(pages);
>> -	for (i = 0; i < count; i++, pfn++)
>> -		VM_WARN_ON(!put_page_testzero(pfn_to_page(pfn)));
>> +	for (i = 0; i < count; i++, pfn++) {
>> +		int __maybe_unused ret = put_page_testzero(pfn_to_page(pfn));
>> +
>> +		VM_WARN_ON(!ret);
>> +	}
>
> Maybe we only warn once by adding back the original check?
>
> diff --git a/mm/cma.c b/mm/cma.c
> index 94b5da468a7d..a73a22d34232 100644
> --- a/mm/cma.c
> +++ b/mm/cma.c
> @@ -1014,14 +1014,17 @@ bool cma_release(struct cma *cma, const struct page *pages,
>  {
>         struct cma_memrange *cmr;
>         unsigned long i, pfn;
> +       int ret = 0;
>
>         cmr = find_cma_memrange(cma, pages, count);
>         if (!cmr)
>                 return false;
>
>         pfn = page_to_pfn(pages);
> -       for (i = 0; i < count; i++, pfn++)
> -               VM_WARN_ON(!put_page_testzero(pfn_to_page(pfn)));
> +       for (i = 0; i < count; i++, pfn++) {
> +               ret + = put_page_testzero(pfn_to_page(pfn));
> +
> +       WARN(ret != 0, "%lu pages are still in use!\n", ret);
>
>         __cma_release_frozen(cma, cmr, pages, count);

Sounds like a better solution. Let me use this as v2 fix.

Thanks.

>
>
>
>>
>>   	__cma_release_frozen(cma, cmr, pages, count);
>>
>>
>>
>> Best Regards,
>> Yan, Zi
>>


Best Regards,
Yan, Zi