From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1FC72C433FE for ; Tue, 21 Dec 2021 18:40:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 402DD6B0074; Tue, 21 Dec 2021 13:40:30 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 3B1F36B007E; Tue, 21 Dec 2021 13:40:30 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 279F36B0080; Tue, 21 Dec 2021 13:40:30 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0030.hostedemail.com [216.40.44.30]) by kanga.kvack.org (Postfix) with ESMTP id 1A55C6B0074 for ; Tue, 21 Dec 2021 13:40:30 -0500 (EST) Received: from smtpin09.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id D137182499B9 for ; Tue, 21 Dec 2021 18:40:29 +0000 (UTC) X-FDA: 78942666978.09.F33E16E Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf29.hostedemail.com (Postfix) with ESMTP id B9A8D120008 for ; Tue, 21 Dec 2021 18:40:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=IohrmZmNU3Hl56vOk9dfj8ea6Zz8qMj/ReZu4s25uUo=; b=hRMP29RPHdi28VGviekLkzmWh4 shpCgk95knF0M5RALNqOEJKYvvPUnmgWGXmjOVOqo1pvKNvXdotnDNIExTk/h77OtZjVWAQKW/qkm R+YWMjerPJlaOqxqpJoWzSecSJW83CmdbWgKfORTu8mpuY6HzbgDrzw5Wr3R/LF7JwIjcUhRlYIAF PJKRIsGADeUXf5Y/1Au9vWH+YD4K06bl3nHpsB4/Lo+RsdmpQCkLJY90CvUugZH1VUdAUUWUiq1/K E4gP4tfBGq9RLmgXNa7vrAVybtpAEbP5A67uJTOjykV7Xol0H11Ll6p6nFeNFHDGiO/Npq3l1ubw0 G4Nj4heA==; Received: from willy by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1mzk3b-002ivi-Tc; Tue, 21 Dec 2021 18:40:15 +0000 Date: Tue, 21 Dec 2021 18:40:15 +0000 From: Matthew Wilcox To: Yang Shi Cc: syzbot , Andrew Morton , Alistair Popple , chinwen.chang@mediatek.com, fgheet255t@gmail.com, Jann Horn , Konstantin Khlebnikov , "Kirill A. Shutemov" , "Kirill A. Shutemov" , Linux FS-devel Mailing List , Linux Kernel Mailing List , Linux MM , Peter Xu , Peter Zijlstra , syzkaller-bugs@googlegroups.com, tonymarislogistics@yandex.com, Vlastimil Babka , walken@google.com, Zi Yan Subject: Re: [syzbot] kernel BUG in __page_mapcount Message-ID: References: <00000000000017977605c395a751@google.com> <0000000000009411bb05d3ab468f@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: B9A8D120008 X-Stat-Signature: 45t6u4m1behxg8pumaw3ffn9mi4dmczf Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=hRMP29RP; dmarc=none; spf=none (imf29.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org X-Rspamd-Server: rspam02 X-HE-Tag: 1640112025-845561 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Dec 21, 2021 at 10:24:27AM -0800, Yang Shi wrote: > It seems the THP is split during smaps walk. The reproducer does call > MADV_FREE on partial THP which may split the huge page. > > The below fix (untested) should be able to fix it. Did you read the rest of the thread on this? If the page is being migrated, we should still account it ... also, you've changed the refcount, so this: if (page_count(page) == 1) { smaps_page_accumulate(mss, page, size, size << PSS_SHIFT, dirty, locked, true); return; } will never trigger.