On Thu, 18 Apr 2024 10:20:00 +0800 Miaohe Lin <linmiaohe@xxxxxxxxxx> wrote:
> Below panic occurs when I did memory failure test:
>
> BUG: unable to handle page fault for address: dead000000000108
>
> ...
>
> The root cause is that list_del() is used to remove folio from list when
> dissolve_free_hugetlb_folio(). But list_move() might be used to reenqueue
> hugetlb folio when free_huge_folio() leading to above panic. Fix this
> issue by using list_del_init() to remove folio.
>
> ...
>
> --- a/mm/hugetlb.c
> +++ b/mm/hugetlb.c
> @@ -1642,7 +1642,7 @@ static void __remove_hugetlb_folio(struct hstate *h, struct folio *folio,
> if (hstate_is_gigantic(h) && !gigantic_page_runtime_supported())
> return;
>
> - list_del(&folio->lru);
> + list_del_init(&folio->lru);
>
> if (folio_test_hugetlb_freed(folio)) {
> h->free_huge_pages--;
We should cc:stable and find a Fixes:. This appears to predate
6eb4e88a6d27022ea8aff424d47a0a5dfc9fcb34, after which I got lost.
