From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5108BC2BD09 for ; Wed, 3 Jul 2024 16:22:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D945F6B009A; Wed, 3 Jul 2024 12:22:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D43C36B009B; Wed, 3 Jul 2024 12:22:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B98206B009C; Wed, 3 Jul 2024 12:22:44 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 9225C6B009A for ; Wed, 3 Jul 2024 12:22:44 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 48B891C2091 for ; Wed, 3 Jul 2024 16:22:44 +0000 (UTC) X-FDA: 82298959848.25.AD8202E Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2069.outbound.protection.outlook.com [40.107.100.69]) by imf04.hostedemail.com (Postfix) with ESMTP id 74A3540014 for ; Wed, 3 Jul 2024 16:22:41 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=Nvidia.com header.s=selector2 header.b=YEmfNO12; spf=pass (imf04.hostedemail.com: domain of ziy@nvidia.com designates 40.107.100.69 as permitted sender) smtp.mailfrom=ziy@nvidia.com; dmarc=pass (policy=reject) header.from=nvidia.com; arc=pass ("microsoft.com:s=arcselector9901:i=1") ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1720023750; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=UX6O6nCt9P6sGYPjwjEgHsDcEYs1a2c2sOt5DqN2Ypk=; b=Uo8St5Bk6niWVowYZO3M4/O3+b4/F8buYKX0BCWJxgx4UdMhheYXzsVBnMPYwdZoL+VQH4 i7HPVEu3AHUMGhW433OeZscSw+D+MqhW3dwdYr8/8v9XqzBOauaFKqpHt5p5nJK2cXVZHw 7yNax5W+bS2ltLRY8AG+t97JWJer0o4= ARC-Authentication-Results: i=2; imf04.hostedemail.com; dkim=pass header.d=Nvidia.com header.s=selector2 header.b=YEmfNO12; spf=pass (imf04.hostedemail.com: domain of ziy@nvidia.com designates 40.107.100.69 as permitted sender) smtp.mailfrom=ziy@nvidia.com; dmarc=pass (policy=reject) header.from=nvidia.com; arc=pass ("microsoft.com:s=arcselector9901:i=1") ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1720023750; a=rsa-sha256; cv=pass; b=2RGu+ZZnkh2tu8bcN1F9fcvQzAD3vkO5jync39uKrMd0A5SyUIpo1B0RZkBPTg5WA3i6/R 5yDHJfMfvODYHDfrY8hHVBz0TJa9H+MRRLsiwgjq9JdwBRLwVKl/D/ixfSMXpY2N87CRXm V1JJA01Y0OpK+twLNoVoR4YXKrgoGzQ= ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YcLcwZQ4iKfWD17U1xUgnwkPl7hntYjmqKQnDAiCCtrcs9RxMWmeoKr8mf6xVYcPSsRxby3S63LMr/GMn3bTrgzn7NpCG5kgGm6FWdlOyyS6Obes+X6IBgwAwflESNtr83b2E0HRqERRqy5JNzdqeIk+ZpzQWIBBdiaQHLM/dgMSLHXDK55m8qaP1Sp0qDVFVJ4KtvEYfya+DU2BQmS4O1+kDzNDR4LJprcVK0RLgi6rvNUfl1pv3DLqMPd0yMgqpYkD6t2VGUI4BggMchK6CZQ+rnSdFnX4ArkNwHaE2QG+CLOFi05GPmaWVOr0nMXlMZo2XoiSZyzG6AUdrurZkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UX6O6nCt9P6sGYPjwjEgHsDcEYs1a2c2sOt5DqN2Ypk=; b=lIvabCLhIbE+1B8B3kcosdvESNmAXvGLlxYrs8yQexkR1tM+5NIWXAthQtvwtCuxdK/8kN4ge9GVibzMATBfGW/R4S/V1pL3ItC/BFfQLFIO9X9h6mJqYVs+zsnpPx6le8GQB99mXVei+hnadhROHtU1Q56wBd/31DAHgjKth1/+0D2MOB7HZdcEhyihi7RmWO/XxdqnuUtOtSqHKSsPJtnsabYs2s24XPY+ENkJb9O3DhskFRWzznvdBtoU2jFQnXmuzjzcVmtRiOG2skGWhV3DxVrtNhVg/Y+m6QhuF0VxksI8IuBXDfDjgW1l11gOdRRv+mUfDpkZxtv1sypDaA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UX6O6nCt9P6sGYPjwjEgHsDcEYs1a2c2sOt5DqN2Ypk=; b=YEmfNO12pS05iqdujCUtwqnwYbCWc3+P52LOZ7G7Bcg9H8WYWprkP5i2MEzZLbHfxYgJMRT3OEtYMlSUCNNLUACNHc+kBVbN308yxIiXpuZ/VHNTYpEouFFmlXCF0FG/eqTaxdrp1Aw2rRjFS175/SpFbc1khT5ca/9JGz21Fi7CTjVxZNlJOcPRArPcsQoMGaFa6QiCJx9apqplMGZ6WUvOeFBWaISwCjVRx7SnYz82Py5nRtSU2Ab05pYxM7XnK71wAD1+JuGHGKH1M7BNVnh9oYi6wGTEXh5EfSp98IA4EeQnnjCKe714VAbSZWUE0tYCt8dltTiKEfVW0OhxhQ== Received: from DS7PR12MB5744.namprd12.prod.outlook.com (2603:10b6:8:73::18) by MN0PR12MB6247.namprd12.prod.outlook.com (2603:10b6:208:3c1::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7719.33; Wed, 3 Jul 2024 16:22:36 +0000 Received: from DS7PR12MB5744.namprd12.prod.outlook.com ([fe80::f018:13a9:e165:6b7e]) by DS7PR12MB5744.namprd12.prod.outlook.com ([fe80::f018:13a9:e165:6b7e%4]) with mapi id 15.20.7741.017; Wed, 3 Jul 2024 16:22:36 +0000 From: Zi Yan To: David Hildenbrand Cc: Hugh Dickins , Andrew Morton , Baolin Wang , Nhat Pham , Yang Shi , Barry Song , Kefeng Wang , Matthew Wilcox , linux-kernel@vger.kernel.org, linux-mm@kvack.org Subject: Re: [PATCH hotfix] mm: fix crashes from deferred split racing folio migration Date: Wed, 03 Jul 2024 12:22:34 -0400 X-Mailer: MailMate (1.14r6038) Message-ID: <36AAFFE2-2506-449A-943E-B7DF13CFA25A@nvidia.com> In-Reply-To: References: <29c83d1a-11ca-b6c9-f92e-6ccb322af510@google.com> Content-Type: multipart/signed; boundary="=_MailMate_DDA456D2-3C9F-4A58-915C-478A93673919_="; micalg=pgp-sha512; protocol="application/pgp-signature" X-ClientProxiedBy: MN2PR22CA0020.namprd22.prod.outlook.com (2603:10b6:208:238::25) To DS7PR12MB5744.namprd12.prod.outlook.com (2603:10b6:8:73::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS7PR12MB5744:EE_|MN0PR12MB6247:EE_ X-MS-Office365-Filtering-Correlation-Id: bfc991f8-23b2-487c-5471-08dc9b7c59bc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|7416014|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?cn/bCUzEqJ3bUTWnN3icYkiFSMqWqjbWom6OMBVhpCCHD9CMhlPzIhmTr510?= =?us-ascii?Q?hvnGHpGWbJunpBByV/TMkJJre4RpEQfz4TuAV6QkuoBBQWuPDQuCtnss703m?= =?us-ascii?Q?voUGMoxOocpZlv7H3T5Kvd0cTWytlGLz9nr+Mk+MKfZk+SsimqIUVjUIZe7X?= =?us-ascii?Q?l06WMgzt/T0CnsVy+3FkubgzuPn0643Qok3pFXTsTm+lgo7dH35eymgWiNux?= =?us-ascii?Q?zFs1QqgpNdIOFa9NP3QghxwgXiIIBMdQTJWnc+J/e+c8mZ/YKfy1pOC4ngEF?= =?us-ascii?Q?yQAsStIt0vd4CAdOM5A0cQKlypKKkijYlhQQwz3xWnyHnm99JKYfQ4aYP2AE?= =?us-ascii?Q?es6vZzrOSpzGKiFheYvHM9jOXrOd9M3NsgzHiaKD6LK3RUu2rF2YezCDgzaV?= =?us-ascii?Q?6p59nUzo7S+6BaI9dsK9TchttP6yYDYROaHIPd5f/rGZuRtzrgFxQ6xGtAu9?= =?us-ascii?Q?rFjIsvUJLaw75jSGT3MLj9943z0+1ul7AKPARx+ory/A32Q6cVtaJDruWQz9?= =?us-ascii?Q?rwYhpVO4Q7RLwJ+m7CYUQQRf8mUAsGRvwlAIt/Q82BJEKPqoU+h5vkFIAUTM?= =?us-ascii?Q?2btWP9IJkpNJU7KZqXR03XX6MyIue/m/RgO1Rzjd9middYzCdQF2J6QuX0u4?= =?us-ascii?Q?iX3RGoz56+izIekwxSDMxpkC7wRMbnDYv5L3E5VGrucUmSNGWjTkw5Z6TapI?= =?us-ascii?Q?pQmQMj0rij41GiJqU3PZKL56gskH4gaHHsISVqHtD10q0KSUo77BWccjXz7z?= =?us-ascii?Q?dfv08e5r8YVj9BW+SMdLXhr5QjuKcm/LAGgt+wKllIPl02zK/efbvlwx7oBE?= =?us-ascii?Q?7QsHIh8B1ExMLu6K2CIQiRrApm8GxhXVpx5SciZnYHHN9AXoT3t+UvErV4E0?= =?us-ascii?Q?04g38pMeLPdP9sCcAcf+WhOlQ1u5Ecnz6w1MfTAajA9LX9/PLna0aVQw3ZW+?= =?us-ascii?Q?lXIRE7O4pdp5FT5SsAKbHfOsP0a2SiWlaENPaxngDbB3bMO1KjJiFS8rPNWj?= =?us-ascii?Q?bW6LSKEW9kc3LWZ6XnZVhknEXyQcnfP6OiLadfI9hnpjLOZpzytgm1yofX9I?= =?us-ascii?Q?PtHw0niqbo+ls7T8zYr2oF0vCZ4X2XkB0FasAdM/+znBv6ZtzIkTkGWC1kDB?= =?us-ascii?Q?a1kfunhUDkgfceWH8XVrg7hzXVjAH7ww34TuzqYBlhiT7NPBTPaEMQ7vaMpK?= =?us-ascii?Q?GcCXsjGE4xxGoZyw2B/g9f5IYNu4gjc9vpoZv29b8eQ2PTI47la7V2SN7E1v?= =?us-ascii?Q?ffH+Rj6k9lx7hWwNYQ/3os9/dqCuz+kKez/1QBhxrJg8A2rABwkahIkt2zg/?= =?us-ascii?Q?bCyXX/zBOyc6XuzOrXgGW/ErJdvXa5pQRtqTGx/B7sc/7ifM5KKwh0CAvmSo?= =?us-ascii?Q?SWR/0GM=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS7PR12MB5744.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(7416014)(1800799024);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?hlk4KPFpdmpEnnb3AG/gk/Mg/6hNHSIkjeWxg8zokTK/ssFFRQn3QLqAxIxu?= =?us-ascii?Q?fn/mTOQDXTcyqlYrG/SWtmukZ2yJAxhUVGvCEZJLkK/CDdvJTsEpIf6GGtX9?= =?us-ascii?Q?de5d/f4VraQ/VVs+21o4nc5G/Cbm5Ix6beuBp3mH91r6XFHsxyrGLPcCKhwd?= =?us-ascii?Q?0S/o0siZ9Nnk9Tkd+Jp+2VqmeCvIvS4jljqQAJXxHlyesAPpVXkFEx7+VWkR?= =?us-ascii?Q?LgFzP2XgpmgdGFwYQKB/AfHUlTUjeZU5PJGX9K3wq5IghWi45CzC5U0v/pk2?= =?us-ascii?Q?+kCM4OhVntVGpGLNrGOP7cxipRWNRXd/qHQY/Vqzqo8YIbQxGWpwgyfzDoEm?= =?us-ascii?Q?eYXuIt/GIqCA3pScTZddvre7/bo9/emRlcR5u3JAbQ6aVA/bZG1pT8UDDGP3?= =?us-ascii?Q?TfdBQX33zRAxNRHS8OCmp1iJnO4MQ4sFwpfdegtGTwkKD6hXHxdN5ekOuR0y?= =?us-ascii?Q?9XcdPn2DAaOX40WpX5Dvb8Q3FmSVNJ3wClKnL9T3uCtDLLXH5Z3wvciJkxoS?= =?us-ascii?Q?VhU8C2qrW0HNwMPLMDPvdsM1mXbtxk0XK5Eawidf5lNtjkCN0N5ijXiT959X?= =?us-ascii?Q?dBCclsdtLVXLesMIZyVxAuazpdDUxbj3bd6iYoVFLpq0g1+jNvRbnrmFpqe5?= =?us-ascii?Q?7k2dOwOhKQlLqxze0sHa2KawITohbzJiKlEofH2sJwwOPIieiHd+wP+2vQnM?= =?us-ascii?Q?EBP9fuwjaorA3m89iP5qGj3dKOKp+5odhvZ+dbc88RBmj66vokhtfBhiA0rk?= =?us-ascii?Q?GQc9BDmgflFOPdgvkbIerckUxRYxN02VtDrw+tdFtwh4b8W450XTY6K8odUJ?= =?us-ascii?Q?mfnkyqbPQZ/YoJ087UwlfHD6iBDa2JdkIQR6IrgOaoA5U4aDUp2hwlbTxEbp?= =?us-ascii?Q?RSv7mzuIGlGDgGaToMdMc5A2K6ew2PX9XkucSnLWzXyRobIBNPhedxEURjnZ?= =?us-ascii?Q?6DC1OToVO7vBbk0AQGLzKl8bh92Vlj9INAPsM3fR6mVOqBz6PCtQEg9oTFVp?= =?us-ascii?Q?eeG2IA/guk6evxbUCihIxUXdjSc1raVjWyzni+pTyCXIUXotjbLsBm6PA60q?= =?us-ascii?Q?3payuSVtxaOecocDmh3qb2vQtNw/VONX2vr9fO65hQEb4fiNm/LJPDV3I2XS?= =?us-ascii?Q?gLm96T1PNokypP9tPNk780jAakomWh1RQjZuUegdEHc3ZMtb8bFkEaOTfsaN?= =?us-ascii?Q?hF9tjKNWJILdbMqiQzUCCeIF2Emo8oFmAZ1LbKT1Lsxbi4lYqEIscUdmKM0v?= =?us-ascii?Q?jLtsSyf0Sox8qEYMlEZNdcvNTk2TxFUN/itcGmLgCRrwA6rULx6OwGuvD5bX?= =?us-ascii?Q?P2QU7Dxgsryl2ePtn/HgLf3Asg+2AQFBxvJKNaa/Wt+d8fQz9kXtj14ifKwc?= =?us-ascii?Q?rCBHGEld6HOTgMxN2lgvXJYiJ9YcpClH1YQPSTyAX0wLfDN9qWlpxkqGbigI?= =?us-ascii?Q?g6bYbzgj1cURv0pO8+4ld2KzjW4zdktameGGPIRx1bd3NW9r4kvDv8Bynryz?= =?us-ascii?Q?LqYdM96gH9VlxRijQo8swM0jnG+WQfzG4FcjBxbqRQ0plgSd3TfxgKBugfHF?= =?us-ascii?Q?7k6SQt/Z3QlN7WikQ9k=3D?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: bfc991f8-23b2-487c-5471-08dc9b7c59bc X-MS-Exchange-CrossTenant-AuthSource: DS7PR12MB5744.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jul 2024 16:22:36.6118 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: RGeQOZa0V6tRiE44hGvE+pMCbkX4dJJ6qyPb4O9DYCXmDiXdJE8W7K83RG9tshKX X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR12MB6247 X-Rspam-User: X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 74A3540014 X-Stat-Signature: 8awxseuxdd1fnct9a5d6pjiun1sxpaor X-HE-Tag: 1720023761-215181 X-HE-Meta: U2FsdGVkX19KnH2y+pmRLC6VKpT7oXKee37Aqlpgav5cPURSCigdmRPaqmdY/We60OeVv95LRD9uh147umkNvz0sU201XY490pqhm9wlnNvfkARr+p/5jYfmzoEsiIyHcinfUQhkgxIhN7GEKPLE7aSL5NHR0cDeFDmYEHNj+gBTzZywDr21q5VybkoS6fBvPRxTrjpGum/hVGj7lYtofDXRoAtBLHXJLig3RnXoZJH7FLheXjKnsXb5kUkDRibE9M/nUWzOMYxzXrKAavWeQN7SByDFAISCm/UPeBvg46YLWhQkjoJsWkLvLA/Cb11FWDGGTyVFOaLYo+IebwgVcQElwITJpZu+YVGTv7bxQ0LKpPY62XVIKDUZfSFosYIHYeakoEruZg5DqPPb4piQwh89oJfL4td7NXMeuiPWyFK60KAVNfJHrrn2GIB2thiPY2Ziy0ud7DqH6z63WgEfqyrLa9xRlovtPP3KmA1uWtDH7RY/IKby4bo6z5XqIeeijDTcRVgntKNSDUsjSBhmsYXJA1xZU9Yjsi84aPpJLMX3vNAg4GqG7WFeg8GOydG/Xpd2T5xFDYOHk8p6+AOjYGQZnGKi8gH/XxHunaSAU3216RfBlx/87Hp8fpQ/C7uB7bbcP+c3pNYqic0QqdHw2d43FT8yqT66Dpkpo+5fxRdq5Cu5Fe5oPlfI58tzZIFUhoPh89BMVQTQwAdqkvS4Oqy2+RzKnEjw302PfFnvbSiLbptK7efe4OrqtabaPLDvrAM3NusvlcnW+MseWrRZQ/ZYahxtNwLgr0crjUIipDizhTwAG663RXyUfNqFhmXdyJvQSL4F28+ixh9YrPVfMcNacPARxMROVl6wl8royyilECRlU/7zkbjlrup/BhbNTWaurFkuaiz4EJ1Sg3F5J8AZq4YAurcarKZIBKTij6sLKRKevsbE9qgtqO81A4v31B9y2qKEKttULUs2KOB ERfBX681 jAQ2YPDQ+D6FjMVRbsEIxwjYPaTJ+/gTp43TNEd1B2TGyJZ0HV7xY+5BQkGol9eUFpYmL58d+Mw+lgqlY/Eil9CYLssZJqZpevrIXa8H808PO0HpqX2Rj5VGnxfCLkV+gPpGX6eBnH8OgGm+xd4MOTdcy+gBON25FzPRfXgeJL9v1t/r/M5Fr0LiN0vesirGs5ybJBqs44dLacXrXV+1MnFBZS/rBeynqZTb7GIGRoh/byZeFY6oW7A4Dl0wmeEq3CAKZf6286yUE69kk9yvn7/AB22MAYPV9zVwN5j9v+ibUvloxdDWkKKiBtf/MhdwBpFEbDNoM31+z/PTZHwoBkGZrJNNksBsyAk06bF7AWYBYNaBxqqCFEbfjlM0esA7/BCGgEt88vRj7AOlCs70rjMkdddCRieomUiUI9ZnXLrZD5dlkW8xbUEAFBgKsoHQk4IdC/w6zTVjNxagrN6uLlX39i58R9jpLOonGPqXUYLr5cFvzLSyUti4Gg8mJmUWArp7t X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: --=_MailMate_DDA456D2-3C9F-4A58-915C-478A93673919_= Content-Type: text/plain On 3 Jul 2024, at 12:21, David Hildenbrand wrote: > On 03.07.24 16:30, Zi Yan wrote: >> On 2 Jul 2024, at 3:40, Hugh Dickins wrote: >> >>> Even on 6.10-rc6, I've been seeing elusive "Bad page state"s (often on >>> flags when freeing, yet the flags shown are not bad: PG_locked had been >>> set and cleared??), and VM_BUG_ON_PAGE(page_ref_count(page) == 0)s from >>> deferred_split_scan()'s folio_put(), and a variety of other BUG and WARN >>> symptoms implying double free by deferred split and large folio migration. >>> >>> 6.7 commit 9bcef5973e31 ("mm: memcg: fix split queue list crash when large >>> folio migration") was right to fix the memcg-dependent locking broken in >>> 85ce2c517ade ("memcontrol: only transfer the memcg data for migration"), >>> but missed a subtlety of deferred_split_scan(): it moves folios to its own >>> local list to work on them without split_queue_lock, during which time >>> folio->_deferred_list is not empty, but even the "right" lock does nothing >>> to secure the folio and the list it is on. >>> >>> Fortunately, deferred_split_scan() is careful to use folio_try_get(): so >>> folio_migrate_mapping() can avoid the race by folio_undo_large_rmappable() >>> while the old folio's reference count is temporarily frozen to 0 - adding >>> such a freeze in the !mapping case too (originally, folio lock and >>> unmapping and no swap cache left an anon folio unreachable, so no freezing >>> was needed there: but the deferred split queue offers a way to reach it). >>> >>> Fixes: 9bcef5973e31 ("mm: memcg: fix split queue list crash when large folio migration") >>> Signed-off-by: Hugh Dickins >>> Cc: stable@vger.kernel.org >>> --- >>> This patch against 6.10-rc6: Kefeng has commits in the mm-tree which >>> which will need adjustment to go over this, but we can both check the >>> result. I have wondered whether just reverting 85ce2c517ade and its >>> subsequent fixups would be better: but that would be a bigger job, >>> and probably not the right choice. >>> >>> mm/memcontrol.c | 11 ----------- >>> mm/migrate.c | 13 +++++++++++++ >>> 2 files changed, 13 insertions(+), 11 deletions(-) >>> >>> diff --git a/mm/memcontrol.c b/mm/memcontrol.c >>> index 71fe2a95b8bd..8f2f1bb18c9c 100644 >>> --- a/mm/memcontrol.c >>> +++ b/mm/memcontrol.c >>> @@ -7823,17 +7823,6 @@ void mem_cgroup_migrate(struct folio *old, struct folio *new) >>> >>> /* Transfer the charge and the css ref */ >>> commit_charge(new, memcg); >>> - /* >>> - * If the old folio is a large folio and is in the split queue, it needs >>> - * to be removed from the split queue now, in case getting an incorrect >>> - * split queue in destroy_large_folio() after the memcg of the old folio >>> - * is cleared. >>> - * >>> - * In addition, the old folio is about to be freed after migration, so >>> - * removing from the split queue a bit earlier seems reasonable. >>> - */ >>> - if (folio_test_large(old) && folio_test_large_rmappable(old)) >>> - folio_undo_large_rmappable(old); >>> old->memcg_data = 0; >>> } >>> >>> diff --git a/mm/migrate.c b/mm/migrate.c >>> index 20cb9f5f7446..a8c6f466e33a 100644 >>> --- a/mm/migrate.c >>> +++ b/mm/migrate.c >>> @@ -415,6 +415,15 @@ int folio_migrate_mapping(struct address_space *mapping, >>> if (folio_ref_count(folio) != expected_count) >>> return -EAGAIN; >>> >>> + /* Take off deferred split queue while frozen and memcg set */ >>> + if (folio_test_large(folio) && >>> + folio_test_large_rmappable(folio)) { >>> + if (!folio_ref_freeze(folio, expected_count)) >>> + return -EAGAIN; >>> + folio_undo_large_rmappable(folio); >>> + folio_ref_unfreeze(folio, expected_count); >>> + } >>> + >> >> I wonder if the patch below would make the code look better by using >> the same freeze/unfreeze pattern like file-backed path. After >> reading the emails between you and Baolin and checking the code, >> I think the patch looks good to me. Feel free to add >> Reviewed-by: Zi Yan >> >> BTW, this subtlety is very error prone, as Matthew, Ryan, and I all >> encountered errors because of this[1][2]. Matthew has a good summary >> of the subtlety: >> >> "the (undocumented) logic in deferred_split_scan() that a folio >> with a positive refcount will not be removed from the list." >> >> [1] https://lore.kernel.org/linux-mm/Ze9EFdFLXQEUVtKl@casper.infradead.org/ >> [2] https://lore.kernel.org/linux-mm/Ze_P6xagdTbcu1Kz@casper.infradead.org/ >> >> diff --git a/mm/migrate.c b/mm/migrate.c >> index a8c6f466e33a..afcc0653dcb7 100644 >> --- a/mm/migrate.c >> +++ b/mm/migrate.c >> @@ -412,17 +412,15 @@ int folio_migrate_mapping(struct address_space *mapping, >> >> if (!mapping) { >> /* Anonymous page without mapping */ >> - if (folio_ref_count(folio) != expected_count) >> + if (!folio_ref_freeze(folio, expected_count)) >> return -EAGAIN; >> >> /* Take off deferred split queue while frozen and memcg set */ >> if (folio_test_large(folio) && >> - folio_test_large_rmappable(folio)) { >> - if (!folio_ref_freeze(folio, expected_count)) >> - return -EAGAIN; >> + folio_test_large_rmappable(folio)) >> folio_undo_large_rmappable(folio); >> - folio_ref_unfreeze(folio, expected_count); >> - } >> + >> + folio_ref_unfreeze(folio, expected_count); >> > > The downside is freezing order-0, where we don't need to freeze, right? Right. I missed that part. Forget about my change above. Thanks. -- Best Regards, Yan, Zi --=_MailMate_DDA456D2-3C9F-4A58-915C-478A93673919_= Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEE6rR4j8RuQ2XmaZol4n+egRQHKFQFAmaFesoPHHppeUBudmlk aWEuY29tAAoJEOJ/noEUByhUNqYP/izm+o5lFCCDQCb1/xHiNr+ZS/v3dXIyL8jN oUOLOoz/nyctpdPwW5lPRHvVaV9D8vmNPgEZ7r/thQmEmae82Gbuz8SQnTEq+OJS Txz6iBC60Zefjx4Ok6nVW344DZp6PjPV5e0G+/8x2VvlSI+PZos+zzXZPoW/3kxZ RP70dOUhtH6xve1jGlkPJTkBB1mz4ko0vRKQrDJxEVjLTUT0h2z1uabEikoEVuOX o/99YYl4sb2sgpVffW75Bya9SMQ2KzoTVXoDAzfkHbvXZWVRRNhFrIPUgkdIx77z M97ebHBrNilrIhcL18IIzXW8irlwOwuHiqLoLycLp2ljq/hGXTAPBg5q3DVWGxkS 9Q6xOcV58t/iZf+0PyWy7fqtf70u5gNVtfKYf0RoSoHY89hg1oAhn4C1stfSSNCt tbOBD+bJ6vDwDYwKImOGvFKaCJ063MjKsGiUgXh2xle3dNtz/T9Y/T+Tbpl96uCd 7yQpJ5FELLI+0ekBjc2y3bq4Sc7cUKBavIlSo6Zx8iWXotcXgL27IgzBaZL1k/Ih RFl17tPaqtXI4dMYylV9QM3aRfne2uKryig5semgpARI7UX2O2EktnFLjuVCKxbr B+/rtGBoFXfGsAOLn9n33/dg7WCgcnvZaU7IuwgwBXBXfGjiMG/Rwss06yK7B0MV Mokc1hFV =lFAL -----END PGP SIGNATURE----- --=_MailMate_DDA456D2-3C9F-4A58-915C-478A93673919_=--