From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1D9A7C433F5
	for <linux-mm@archiver.kernel.org>; Wed, 22 Dec 2021 01:43:04 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 72CDB6B0072; Tue, 21 Dec 2021 20:43:04 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 6DD836B0073; Tue, 21 Dec 2021 20:43:04 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 5A2BF6B0074; Tue, 21 Dec 2021 20:43:04 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0053.hostedemail.com [216.40.44.53])
	by kanga.kvack.org (Postfix) with ESMTP id 4ABE76B0072
	for <linux-mm@kvack.org>; Tue, 21 Dec 2021 20:43:04 -0500 (EST)
Received: from smtpin18.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay01.hostedemail.com (Postfix) with ESMTP id F0DB018105258
	for <linux-mm@kvack.org>; Wed, 22 Dec 2021 01:43:03 +0000 (UTC)
X-FDA: 78943731846.18.6C0B518
Received: from mail-ed1-f46.google.com (mail-ed1-f46.google.com [209.85.208.46])
	by imf17.hostedemail.com (Postfix) with ESMTP id 861544001B
	for <linux-mm@kvack.org>; Wed, 22 Dec 2021 01:42:52 +0000 (UTC)
Received: by mail-ed1-f46.google.com with SMTP id o20so2158301eds.10
        for <linux-mm@kvack.org>; Tue, 21 Dec 2021 17:43:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=L5HXUbtpZbhWm0eIO9n7xuZrUAU7FSVNXrbbO8GknXU=;
        b=NEUc48d3pV7T70Mad+r745216ViF/UiBsPRrOZNfCbAdiJ4i/IB4EmQsKSiWlusBzR
         ByTc90tR/Tef2isGxSHzHRw+MjpcAxMpfftrADlO2ruYhS72E/xX/lV31Evh/RDkNhdS
         QyWtZQYduwKOSlbHSrtcj93Z7cE+AmqTr1/lOMAK8N7/vD9o/NC4vt6k4vohMyPlAGXy
         OboBUDZ3h13j5KdIBKLvUviyFXW8XeKcFsTTL2vRTlKSfSN1gFgps/YB01o5/a/RXf4D
         KKnst8LvdQcFFjWPd/GujX0jRjn/DTSzoaBO94/bqb1SBQc8tHz8Qs7fzkuDCHZFvwvI
         OdRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=L5HXUbtpZbhWm0eIO9n7xuZrUAU7FSVNXrbbO8GknXU=;
        b=4Ara82ulwuvFW6d7Hnt/PaN2PlyjjP61Iwaxh3ToUy8VcCOBafKJMlz/FvgxQYuIRU
         aa7ZKIJPgaTkexNAgfHwtMoY69r9PLXGjpiwWZXEM2lFW/3HOCMEq19ZutGtINWWgQI9
         OVoyTnWvFaPiz8TCEcKlHUn67QSYhT7jRtL9SeP6Udb9d2/4BmvFYcYXkUQwv36Scg1e
         dFCyMMLDadC/8gA79dR6rdNmK/V7PwHga9M0VnTFoUHtq4RuG4B/rwjyXEviEUxsT/JM
         wqCXNQYdE3UMlNJVBZ2spURNfNrzc5kaGttOwQAG1fznQ9WYlbzzWK8Y+dFFJPRBXigu
         /5Xw==
X-Gm-Message-State: AOAM533rZkuoyyxZt/JeyBfFoIcjb8cZ3CCOBI2Pd67yXZMshZpDacL3
	9sgmb7PhKb0dDXjymLLbGPQGXJXGJEsW5ggt3Oo=
X-Google-Smtp-Source: ABdhPJz0jGbJWhu/e5N5szknK6r9Io4+lI7/ZYYX7hLb/2bNH22rQV3x82NofTbJBi8j7He29LcP0XrciJe5eM9g6s0=
X-Received: by 2002:a17:907:3d88:: with SMTP id he8mr766963ejc.239.1640137382153;
 Tue, 21 Dec 2021 17:43:02 -0800 (PST)
MIME-Version: 1.0
References: <00000000000017977605c395a751@google.com> <0000000000009411bb05d3ab468f@google.com>
 <CAHbLzkoU_giAFiOyhHZvxLT9Vie2-8TmQv_XLDpRxbec5r5weg@mail.gmail.com>
 <YcIfj3nfuL0kzkFO@casper.infradead.org> <CAHbLzkqYhtYNRs83DP-Cgti8-4kZn-iXHTdkesK+=U3d3N0U+w@mail.gmail.com>
In-Reply-To: <CAHbLzkqYhtYNRs83DP-Cgti8-4kZn-iXHTdkesK+=U3d3N0U+w@mail.gmail.com>
From: Yang Shi <shy828301@gmail.com>
Date: Tue, 21 Dec 2021 17:42:50 -0800
Message-ID: <CAHbLzkpj8tKykWfOUkffsnc7SXn395e67HVH+ys7cQ19aw-fPg@mail.gmail.com>
Subject: Re: [syzbot] kernel BUG in __page_mapcount
To: Matthew Wilcox <willy@infradead.org>
Cc: syzbot <syzbot+1f52b3a18d5633fa7f82@syzkaller.appspotmail.com>, 
	Andrew Morton <akpm@linux-foundation.org>, Alistair Popple <apopple@nvidia.com>, 
	chinwen.chang@mediatek.com, fgheet255t@gmail.com, 
	Jann Horn <jannh@google.com>, Konstantin Khlebnikov <khlebnikov@yandex-team.ru>, 
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>, 
	"Kirill A. Shutemov" <kirill@shutemov.name>, 
	Linux FS-devel Mailing List <linux-fsdevel@vger.kernel.org>, 
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>, Linux MM <linux-mm@kvack.org>, 
	Peter Xu <peterx@redhat.com>, Peter Zijlstra <peterz@infradead.org>, 
	syzkaller-bugs@googlegroups.com, tonymarislogistics@yandex.com, 
	Vlastimil Babka <vbabka@suse.cz>, Zi Yan <ziy@nvidia.com>
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Server: rspam08
X-Rspamd-Queue-Id: 861544001B
X-Stat-Signature: ayjjgj3bwq6oznguuauea13uhkcr19md
Authentication-Results: imf17.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=NEUc48d3;
	spf=pass (imf17.hostedemail.com: domain of shy828301@gmail.com designates 209.85.208.46 as permitted sender) smtp.mailfrom=shy828301@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
X-HE-Tag: 1640137372-427129
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Tue, Dec 21, 2021 at 11:07 AM Yang Shi <shy828301@gmail.com> wrote:
>
> On Tue, Dec 21, 2021 at 10:40 AM Matthew Wilcox <willy@infradead.org> wrote:
> >
> > On Tue, Dec 21, 2021 at 10:24:27AM -0800, Yang Shi wrote:
> > > It seems the THP is split during smaps walk. The reproducer does call
> > > MADV_FREE on partial THP which may split the huge page.
> > >
> > > The below fix (untested) should be able to fix it.
> >
> > Did you read the rest of the thread on this?  If the page is being
> > migrated, we should still account it ... also, you've changed the
>
> Yes, the being migrated pages may be skipped. We should be able to add
> a new flag to smaps_account() to indicate this is a migration entry
> then don't elevate the page count.

It seems not that straightforward. THP split converts PTEs to
migration entries too. So we can't tell if it is real migration or
just in the middle of THP split.

We just need to serialize against THP split for PTE mapped subpages.
So in real life workload it might be ok to skip accounting migration
pages? Typically the migration is a transient state, so the under
accounting should be transient too. Or account migration pages
separately, just like swap entries?

I may revisit this after the holiday. If you have any better ideas,
please feel free to propose.

>
> > refcount, so this:
> >
> >         if (page_count(page) == 1) {
> >                 smaps_page_accumulate(mss, page, size, size << PSS_SHIFT, dirty,
> >                         locked, true);
> >                 return;
> >         }
> >
> > will never trigger.
>
> The get_page_unless_zero() is called after this block.