From: Andrew Morton <akpm@linux-foundation.org>
To: "zhaoyang.huang" <zhaoyang.huang@unisoc.com>
Cc: David Hildenbrand <david@kernel.org>, Zi Yan <ziy@nvidia.com>,
Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
Barry Song <baohua@kernel.org>,
Baolin Wang <baolin.wang@linux.alibaba.com>,
Lance Yang <lance.yang@linux.dev>,
"Liam R . Howlett" <Liam.Howlett@oracle.com>,
Nico Pache <npache@redhat.com>,
Ryan Roberts <ryan.roberts@arm.com>, Dev Jain <dev.jain@arm.com>,
<linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>,
Zhaoyang Huang <huangzhaoyang@gmail.com>, <steve.kang@unisoc.com>
Subject: Re: [RFC PATCH] mm/huge_memory: do not add dropped split tail folios to LRU
Date: Wed, 10 Jun 2026 13:30:02 -0700 [thread overview]
Message-ID: <20260610133002.4ded8d8cdc8e23e434fedf1a@linux-foundation.org> (raw)
In-Reply-To: <20260610120535.2370844-1-zhaoyang.huang@unisoc.com>
On Wed, 10 Jun 2026 20:05:35 +0800 "zhaoyang.huang" <zhaoyang.huang@unisoc.com> wrote:
> From: Zhaoyang Huang <zhaoyang.huang@unisoc.com>
>
> The kernel panics are keeping to be reported especially when the f2fs
> partition get almost full. By investigation, we find that the reason is
> one f2fs page got freed to buddy without being deleted from LRU and the
> root cause is the race happened in [2] which is enrolled by this commit.
> We solve this issue by reverting a f2fs commit 9609dd704725 ("f2fs: remove
> non-uptodate folio from the page cache in move_data_block").
>
> There are 3 race processes in this scenario, please find below for their
> main activities. However, by further investigation over the code, I
> think there is a common race window for the truncated folios between
> split_folio_to_order and folio_isolate_lru, where the folios lost the
> refcount on page cache and remains the transient one of the split
> caller, under which the folio could enter free path and compete with the
> isolation process. This commit would like to suggest to have the folios
> beyond EOF stay out of LRU.
>
> Truncate:
> The changed code in move_data_block() lets the GC path evict the tail-end
> folio from the page cache through folio_end_dropbehind(). Once
> folio_unmap_invalidate() removes the folio from mapping->i_pages, the
> page-cache references for all pages in the folio are dropped. The folio
> is then kept alive only by temporary external references, which allows a
> later split to operate on a folio whose subpages are no longer protected
> by page-cache references.
>
> Split:
> After the page-cache references are gone, split_folio_to_order() can
> split the big folio into individual pages and put the resulting subpages
> back on the LRU. For tail pages beyond EOF, split removes them from the
> page cache and drops their page-cache references. A tail page can then
> remain on the LRU with PG_lru set while holding only the split caller's
> temporary reference. When free_folio_and_swap_cache() drops that final
> reference, the page enters the final folio_put() release path.
>
> Isolate:
> In parallel, folio_isolate_lru() can observe the same tail page with a
> non-zero refcount and PG_lru set. It clears PG_lru before taking its own
> reference. If this races with the final folio_put() from the split path,
> __folio_put() sees PG_lru already cleared and skips lruvec_del_folio().
> The page is then freed back to the allocator while its lru links are
> still present in the LRU list. A later LRU operation on a neighboring
> page detects the stale link and reports list corruption.
Thanks. Sashiko AI review might have found some problems with folio
flags:
https://sashiko.dev/#/patchset/20260610120535.2370844-1-zhaoyang.huang@unisoc.com
next prev parent reply other threads:[~2026-06-10 20:30 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-10 12:05 [RFC PATCH] mm/huge_memory: do not add dropped split tail folios to LRU zhaoyang.huang
2026-06-10 12:50 ` David Hildenbrand (Arm)
2026-06-10 14:38 ` Zi Yan
2026-06-10 17:25 ` Zi Yan
2026-06-10 18:44 ` Zi Yan
2026-06-11 1:19 ` Zhaoyang Huang
2026-06-11 1:49 ` Zi Yan
2026-06-11 1:39 ` Zhaoyang Huang
2026-06-11 1:56 ` Zi Yan
2026-06-11 2:39 ` Zhaoyang Huang
2026-06-11 3:06 ` Zi Yan
2026-06-11 7:45 ` Zhaoyang Huang
2026-06-10 20:30 ` Andrew Morton [this message]
2026-06-10 20:36 ` Zi Yan
2026-06-11 7:33 ` [syzbot ci] " syzbot ci
2026-06-11 9:30 ` [RFC PATCH] " Lorenzo Stoakes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260610133002.4ded8d8cdc8e23e434fedf1a@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=Liam.Howlett@oracle.com \
--cc=baohua@kernel.org \
--cc=baolin.wang@linux.alibaba.com \
--cc=david@kernel.org \
--cc=dev.jain@arm.com \
--cc=huangzhaoyang@gmail.com \
--cc=lance.yang@linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=npache@redhat.com \
--cc=ryan.roberts@arm.com \
--cc=steve.kang@unisoc.com \
--cc=zhaoyang.huang@unisoc.com \
--cc=ziy@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox