On Fri, Mar 29, 2024 at 01:49:05PM +0800, Zhaoyang Huang wrote: > On Thu, Mar 28, 2024 at 10:12 PM Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote: > key steps in brief: > Thread_truncate get folio to its local fbatch by find_get_entry in step 2 > The refcnt is deducted to 1 which is not as expect as from alloc_pages > but from thread_truncate's local fbatch in step 7 > Thread_reclaim succeed to isolate the folio by the wrong refcnt(not > the value but meaning) in step 8 > Thread_truncate hit the VM_BUG_ON in step 9 > > all steps: > Thread_readahead: > 0. folio = filemap_alloc_folio(gfp_mask, 0); > (folio has refcount 1) > 1. ret = filemap_add_folio(mapping, folio, index + i, gfp_mask); > (folio has refcount 2) > 2. thread_truncate hold one refcnt and add this folio to fbatch_truncate > (folio has refcount 3(alloc, page cache, fbatch_truncate), PG_lru) > 3. Then we call read_pages() > First we call ->readahead() which for some reason stops early. > 4. Then we call readahead_folio() which calls folio_put() > (folio has refcount 2) > 5. Then we call folio_get() > (folio has refcount 3) > 6. Then we call filemap_remove_folio() > (folio has refcount 2) > 7. Then we call folio_unlock() > Then we call folio_put() > (folio has refcount 1(fbatch_truncate)) > 8. thread_reclaim call shrink_inactive_list->isolate_lru_folios > shrink_inactive_list > isolate_lru_folios > if (!folio_test_lru(folio)) > if (!folio_try_get(folio)) > if (!folio_test_clear_lru(folio)) > list_move(folio, dst) > (folio has refcount 2) > > 8.1. thread_reclaim call shrink_folio_list->__remove_mapping > shrink_folio_list() > __remove_mapping() > (refcount = 2) > if (!folio_ref_freeze(2)) //true > list_add(folio, free_folios); > (folio has refcount 0) > > 9. thread_truncate will hit the refcnt VM_BUG_ON(refcnt == 0) in > folio_put_testzero But now you're talking about something _entirely different_ that isn't the bug you hit. isolate_lru_folios is not isolate_lru_folio. I am disinclined to pick through this example to find out why you're wrong again. I'm also disinclined to continue this correspondance. We're not making any progress here.
