Page might become thp, huge page or being splited after compound head
is fetched but before page refcnt is bumped. So hpage might be a tail
page leading to VM_BUG_ON_PAGE(PageTail(page)) in PageTransHuge().
Fixes: 415c64c1453a ("mm/memory-failure: split thp earlier in memory error handling")
Signed-off-by: Miaohe Lin <[email protected]>
---
mm/memory-failure.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index 0f93175ed862..76d88d27cdbe 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -2179,8 +2179,6 @@ int memory_failure(unsigned long pfn, int flags)
goto unlock_mutex;
}
- hpage = compound_head(p);
-
/*
* We need/can do nothing about count=0 pages.
* 1) it's a free page, and therefore in safe hand:
@@ -2219,6 +2217,7 @@ int memory_failure(unsigned long pfn, int flags)
}
}
+ hpage = compound_head(p);
if (PageTransHuge(hpage)) {
/*
* The flag must be set after the refcount is bumped
--
2.33.0
On Sat, Jul 08, 2023 at 04:57:43PM +0800, Miaohe Lin wrote:
> Page might become thp, huge page or being splited after compound head
> is fetched but before page refcnt is bumped. So hpage might be a tail
> page leading to VM_BUG_ON_PAGE(PageTail(page)) in PageTransHuge().
>
> Fixes: 415c64c1453a ("mm/memory-failure: split thp earlier in memory error handling")
> Signed-off-by: Miaohe Lin <[email protected]>
Acked-by: Naoya Horiguchi <[email protected]>