Re: [PATCH] mm/swap_cgroup: fix kernel BUG in swap_cgroup_record

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: Johannes Weiner <hannes@cmpxchg.org>
To: Deepanshu Kartikey <kartikey406@gmail.com>
Cc: mhocko@kernel.org, roman.gushchin@linux.dev,
	shakeel.butt@linux.dev, muchun.song@linux.dev,
	akpm@linux-foundation.org, cgroups@vger.kernel.org,
	linux-mm@kvack.org,
	syzbot+d97580a8cceb9b03c13e@syzkaller.appspotmail.com,
	Kairui Song <ryncsn@gmail.com>
Subject: Re: [PATCH] mm/swap_cgroup: fix kernel BUG in swap_cgroup_record
Date: Mon, 12 Jan 2026 10:27:07 -0500	[thread overview]
Message-ID: <aWUSyzHcaDwEg6_c@cmpxchg.org> (raw)
In-Reply-To: <20260110064613.606532-1-kartikey406@gmail.com>

On Sat, Jan 10, 2026 at 12:16:13PM +0530, Deepanshu Kartikey wrote:
> When using MADV_PAGEOUT, pages can remain in swapcache with their swap
> entries assigned. If MADV_PAGEOUT is called again on these pages,

This doesn't add up to me - maybe I'm missing something.

memcg1_swapout() is called at the very end of reclaim, from
__remove_mapping(), which *removes the folio from swapcache*. At this
point the folio is exclusive to *that* thread - there are no more
present ptes that another madvise could even be acting on.

How could we reach here twice for the same swap entry?

It seems more likely that we're missing a swapin notification, fail to
clear the swap entry from the cgroup records, and then trip up when
the entry is recycled to a totally different page down the line. No?

next prev parent reply	other threads:[~2026-01-12 15:27 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-10  6:46 Deepanshu Kartikey
2026-01-10 23:29 ` Andrew Morton
2026-01-12 13:57 ` Michal Hocko
2026-01-12 15:27 ` Johannes Weiner [this message]
2026-01-12 16:16   ` Kairui Song

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aWUSyzHcaDwEg6_c@cmpxchg.org \
    --to=hannes@cmpxchg.org \
    --cc=akpm@linux-foundation.org \
    --cc=cgroups@vger.kernel.org \
    --cc=kartikey406@gmail.com \
    --cc=linux-mm@kvack.org \
    --cc=mhocko@kernel.org \
    --cc=muchun.song@linux.dev \
    --cc=roman.gushchin@linux.dev \
    --cc=ryncsn@gmail.com \
    --cc=shakeel.butt@linux.dev \
    --cc=syzbot+d97580a8cceb9b03c13e@syzkaller.appspotmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox