Bug 215571
Summary: | list_del corruption | ||
---|---|---|---|
Product: | Memory Management | Reporter: | Kai Lüke (kailueke) |
Component: | Other | Assignee: | Andrew Morton (akpm) |
Status: | NEW --- | ||
Severity: | normal | CC: | carnil, kailueke |
Priority: | P1 | ||
Hardware: | All | ||
OS: | Linux | ||
Kernel Version: | 5.15.3 | Subsystem: | |
Regression: | No | Bisected commit-id: |
Description
Kai Lüke
2022-02-05 20:21:30 UTC
I have a similar trace on a 5.15.18 arm64 device where two call stacks were logged before the system crashed completely, hinting on a memory corruption issue. Feb 03 23:12:55 mobian kernel: BUG: Bad page state in process phoc pfn:484e8 Feb 03 23:12:55 mobian kernel: page:000000007c736488 refcount:0 mapcount:0 mapping:000000009ed099b8 index:0x0 pfn:0x484e8 Feb 03 23:12:55 mobian kernel: aops:0xffffff80024b5018 with invalid host inode 0000003d414bf870 Feb 03 23:12:55 mobian kernel: flags: 0x0(zone=0) Feb 03 23:12:55 mobian kernel: raw: 0000000000000000 dead000000000100 dead000000000122 ffffff8001ada200 Feb 03 23:12:55 mobian kernel: raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 Feb 03 23:12:55 mobian kernel: page dumped because: non-NULL mapping Feb 03 23:12:55 mobian kernel: Modules linked in: i2c_dev(E) cpufreq_powersave(E) rfcomm(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_seq_device(E) qmi_wwan(E) option(E) usb_wwan(E) cdc_wdm(E) usbnet(E) usbserial(E) mii(E) algif_hash(E) algif_skcipher(E) af_alg(E) overlay(E) bnep(E) lz4(E) lz4_compress(E) zram(E) zsmalloc(E) usb_f_ecm(E) u_ether(E) libcomposite(E) st_magn_spi(E) hci_uart(E) st_sensors_spi(E) btrtl(E) btbcm(E) regmap_spi(E) bluetooth(E) ext4(E) st_magn_i2c(E) joydev(E) sha512_generic(E) st_magn(E) st_sensors_i2c(E) axp20x_adc(E) stk3310(E) st_sensors(E) mbcache(E) jbd2(E) axp20x_battery(E) sha512_arm64(E) axp20x_pek(E) inv_mpu6050_i2c(E) inv_mpu6050(E) industrialio_triggered_buffer(E) gpio_vibra(E) drbg(E) kfifo_buf(E) ansi_cprng(E) ecdh_generic(E) ecc(E) crc16(E) snd_soc_hdmi_codec(E) sun50i_codec_analog(E) ecb(E) sun6i_csi(E) sun8i_adda_pr_regmap(E) 8723cs(CE) des_generic(E) sun8i_di(E) libdes(E) sun8i_codec(E) cbc(E) sun4i_i2s(E) sunxi_cedrus(CE) sun8i_rotate(E) sun8i_ce(E) Feb 03 23:12:55 mobian kernel: snd_soc_simple_card(E) v4l2_mem2mem(E) snd_soc_simple_card_utils(E) snd_soc_simple_amplifier(E) snd_soc_bt_sco(E) crypto_engine(E) snd_soc_ec25(E) snd_soc_core(E) rng_core(E) leds_sgm3140(E) ov5640(E) gc2145(E) snd_pcm_dmaengine(E) v4l2_flash_led_class(E) v4l2_fwnode(E) videobuf2_dma_contig(E) videobuf2_memops(E) snd_pcm(E) videobuf2_v4l2(E) videobuf2_common(E) v4l2_async(E) videodev(E) snd_timer(E) mc(E) snd(E) soundcore(E) leds_gpio(E) cfg80211(E) rfkill(E) tcp_bbr(E) sch_fq(E) pkcs8_key_parser(E) ledtrig_pattern(E) fuse(E) configfs(E) binfmt_misc(E) ip_tables(E) x_tables(E) autofs4(E) btrfs(E) xor(E) xor_neon(E) zstd_compress(E) raid6_pq(E) crc32c_generic(E) libcrc32c(E) dm_crypt(E) dm_mod(E) dw_hdmi_i2s_audio(E) dw_hdmi_cec(E) aes_ce_blk(E) crypto_simd(E) cryptd(E) ghash_ce(E) gf128mul(E) sha2_ce(E) sha1_ce(E) axp20x_usb_power(E) industrialio(E) kb151(E) crc8(E) matrix_keymap(E) goodix(E) sunxi(E) phy_generic(E) sun4i_lradc_keys(E) musb_hdrc(E) udc_core(E) arm_scpi(E) Feb 03 23:12:55 mobian kernel: evdev(E) i2c_gpio(E) Feb 03 23:12:55 mobian kernel: CPU: 3 PID: 964 Comm: phoc Tainted: G C E 5.15-sunxi64 #1 Feb 03 23:12:55 mobian kernel: Hardware name: Pine64 PinePhone (1.2) (DT) Feb 03 23:12:55 mobian kernel: Call trace: Feb 03 23:12:55 mobian kernel: dump_backtrace+0x0/0x1c0 Feb 03 23:12:55 mobian kernel: show_stack+0x1c/0x24 Feb 03 23:12:55 mobian kernel: dump_stack_lvl+0x64/0x7c Feb 03 23:12:55 mobian kernel: dump_stack+0x14/0x2c Feb 03 23:12:55 mobian kernel: bad_page+0xe8/0x110 Feb 03 23:12:55 mobian kernel: check_free_page_bad+0x80/0x90 Feb 03 23:12:55 mobian kernel: free_pcppages_bulk+0x340/0x3b0 Feb 03 23:12:55 mobian kernel: free_unref_page_commit.constprop.0+0x148/0x170 Feb 03 23:12:55 mobian kernel: free_unref_page_list+0x1b4/0x27c Feb 03 23:12:55 mobian kernel: release_pages+0x1e4/0x470 Feb 03 23:12:55 mobian kernel: __pagevec_release+0x2c/0x74 Feb 03 23:12:55 mobian kernel: shmem_undo_range+0x2a0/0x644 Feb 03 23:12:55 mobian kernel: shmem_evict_inode+0x134/0x2f4 Feb 03 23:12:55 mobian kernel: evict+0xdc/0x1b0 Feb 03 23:12:55 mobian kernel: iput+0x160/0x240 Feb 03 23:12:55 mobian kernel: dentry_unlink_inode+0xe4/0x140 Feb 03 23:12:55 mobian kernel: __dentry_kill+0xec/0x1ec Feb 03 23:12:55 mobian kernel: dput+0x394/0x3f0 Feb 03 23:12:55 mobian kernel: __fput+0xc4/0x22c Feb 03 23:12:55 mobian kernel: ____fput+0x14/0x1c Feb 03 23:12:55 mobian kernel: task_work_run+0xb8/0x120 Feb 03 23:12:55 mobian kernel: do_notify_resume+0x6c8/0x14f0 Feb 03 23:12:55 mobian kernel: el0_svc+0x3c/0x50 Feb 03 23:12:55 mobian kernel: el0t_64_sync_handler+0x9c/0x120 Feb 03 23:12:55 mobian kernel: el0t_64_sync+0x15c/0x160 Feb 03 23:12:55 mobian kernel: Disabling lock debugging due to kernel taint Feb 03 23:13:34 mobian kernel: anx7688 0-0028: BC 1.2 result: SDP Feb 03 23:16:01 mobian kernel: PM: suspend entry (deep) Feb 03 23:16:02 mobian kernel: Filesystems sync: 0.206 seconds Feb 03 23:20:39 mobian kernel: Freezing user space processes ... (elapsed 0.008 seconds) done. Feb 03 23:20:39 mobian kernel: OOM killer disabled. Feb 03 23:20:39 mobian kernel: Freezing remaining freezable tasks ... (elapsed 0.002 seconds) done. Feb 03 23:20:39 mobian kernel: printk: Suspending console(s) (use no_console_suspend to debug) Feb 03 23:20:39 mobian kernel: Disabling non-boot CPUs ... Feb 03 23:20:39 mobian kernel: psci: CPU1 killed (polled 0 ms) Feb 03 23:20:39 mobian kernel: psci: CPU2 killed (polled 4 ms) Feb 03 23:20:39 mobian kernel: psci: CPU3 killed (polled 4 ms) Feb 03 23:20:39 mobian kernel: Enabling non-boot CPUs ... Feb 03 23:20:39 mobian kernel: Detected VIPT I-cache on CPU1 Feb 03 23:20:39 mobian kernel: arch_timer: CPU1: Trapping CNTVCT access Feb 03 23:20:39 mobian kernel: CPU1: Booted secondary processor 0x0000000001 [0x410fd034] Feb 03 23:20:39 mobian kernel: CPU1 is up Feb 03 23:20:39 mobian kernel: Detected VIPT I-cache on CPU2 Feb 03 23:20:39 mobian kernel: arch_timer: CPU2: Trapping CNTVCT access Feb 03 23:20:39 mobian kernel: CPU2: Booted secondary processor 0x0000000002 [0x410fd034] Feb 03 23:20:39 mobian kernel: CPU2 is up Feb 03 23:20:39 mobian kernel: Detected VIPT I-cache on CPU3 Feb 03 23:20:39 mobian kernel: arch_timer: CPU3: Trapping CNTVCT access Feb 03 23:20:39 mobian kernel: CPU3: Booted secondary processor 0x0000000003 [0x410fd034] Feb 03 23:20:39 mobian kernel: CPU3 is up Feb 03 23:20:39 mobian kernel: sunxi-rsb 1f03400.rsb: RSB running at 4000000 Hz Feb 03 23:20:39 mobian kernel: kb151 2-0015: Failed to read scan data: -13 Feb 03 23:20:39 mobian kernel: OOM killer enabled. Feb 03 23:20:39 mobian kernel: Restarting tasks ... done. Feb 03 23:20:39 mobian kernel: PM: suspend exit Feb 03 23:20:39 mobian kernel: Bluetooth: hci0: RTL: examining hci_ver=07 hci_rev=000b lmp_ver=07 lmp_subver=8703 Feb 03 23:20:39 mobian kernel: Bluetooth: hci0: RTL: chip_type status=0 type=5 Feb 03 23:20:39 mobian kernel: Bluetooth: hci0: RTL: rom_version status=0 version=1 Feb 03 23:20:39 mobian kernel: Bluetooth: hci0: RTL: loading rtl_bt/rtl8723cs_xx_fw.bin Feb 03 23:20:39 mobian kernel: Bluetooth: hci0: RTL: loading rtl_bt/rtl8723cs_xx_config.bin Feb 03 23:20:40 mobian kernel: Bluetooth: hci0: RTL: cfg_sz 63, total sz 19427 Feb 03 23:20:40 mobian kernel: Bluetooth: hci0: RTL: fw version 0xaa5ca4dc Feb 03 23:20:40 mobian kernel: sun8i-ce 1c15000.crypto: Fallback for ecb-aes-sun8i-ce is ecb-aes-ce Feb 03 23:20:57 mobian kernel: ------------[ cut here ]------------ Feb 03 23:20:57 mobian kernel: virt_to_cache: Object is not a Slab page! Feb 03 23:20:57 mobian kernel: WARNING: CPU: 2 PID: 81 at mm/slab.h:413 kmem_cache_free+0x268/0x2bc Feb 03 23:20:58 mobian kernel: Modules linked in: i2c_dev(E) cpufreq_powersave(E) rfcomm(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_seq_device(E) qmi_wwan(E) option(E) usb_wwan(E) cdc_wdm(E) usbnet(E) usbserial(E) mii(E) algif_hash(E) algif_skcipher(E) af_alg(E) overlay(E) bnep(E) lz4(E) lz4_compress(E) zram(E) zsmalloc(E) usb_f_ecm(E) u_ether(E) libcomposite(E) st_magn_spi(E) hci_uart(E) st_sensors_spi(E) btrtl(E) btbcm(E) regmap_spi(E) bluetooth(E) ext4(E) st_magn_i2c(E) joydev(E) sha512_generic(E) st_magn(E) st_sensors_i2c(E) axp20x_adc(E) stk3310(E) st_sensors(E) mbcache(E) jbd2(E) axp20x_battery(E) sha512_arm64(E) axp20x_pek(E) inv_mpu6050_i2c(E) inv_mpu6050(E) industrialio_triggered_buffer(E) gpio_vibra(E) drbg(E) kfifo_buf(E) ansi_cprng(E) ecdh_generic(E) ecc(E) crc16(E) snd_soc_hdmi_codec(E) sun50i_codec_analog(E) ecb(E) sun6i_csi(E) sun8i_adda_pr_regmap(E) 8723cs(CE) des_generic(E) sun8i_di(E) libdes(E) sun8i_codec(E) cbc(E) sun4i_i2s(E) sunxi_cedrus(CE) sun8i_rotate(E) sun8i_ce(E) Feb 03 23:20:58 mobian kernel: snd_soc_simple_card(E) v4l2_mem2mem(E) snd_soc_simple_card_utils(E) snd_soc_simple_amplifier(E) snd_soc_bt_sco(E) crypto_engine(E) snd_soc_ec25(E) snd_soc_core(E) rng_core(E) leds_sgm3140(E) ov5640(E) gc2145(E) snd_pcm_dmaengine(E) v4l2_flash_led_class(E) v4l2_fwnode(E) videobuf2_dma_contig(E) videobuf2_memops(E) snd_pcm(E) videobuf2_v4l2(E) videobuf2_common(E) v4l2_async(E) videodev(E) snd_timer(E) mc(E) snd(E) soundcore(E) leds_gpio(E) cfg80211(E) rfkill(E) tcp_bbr(E) sch_fq(E) pkcs8_key_parser(E) ledtrig_pattern(E) fuse(E) configfs(E) binfmt_misc(E) ip_tables(E) x_tables(E) autofs4(E) btrfs(E) xor(E) xor_neon(E) zstd_compress(E) raid6_pq(E) crc32c_generic(E) libcrc32c(E) dm_crypt(E) dm_mod(E) dw_hdmi_i2s_audio(E) dw_hdmi_cec(E) aes_ce_blk(E) crypto_simd(E) cryptd(E) ghash_ce(E) gf128mul(E) sha2_ce(E) sha1_ce(E) axp20x_usb_power(E) industrialio(E) kb151(E) crc8(E) matrix_keymap(E) goodix(E) sunxi(E) phy_generic(E) sun4i_lradc_keys(E) musb_hdrc(E) udc_core(E) arm_scpi(E) Feb 03 23:20:58 mobian kernel: evdev(E) i2c_gpio(E) Feb 03 23:20:58 mobian kernel: CPU: 2 PID: 81 Comm: kswapd0 Tainted: G B C E 5.15-sunxi64 #1 Feb 03 23:20:58 mobian kernel: Hardware name: Pine64 PinePhone (1.2) (DT) Feb 03 23:20:58 mobian kernel: pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) Feb 03 23:20:58 mobian kernel: pc : kmem_cache_free+0x268/0x2bc Feb 03 23:20:58 mobian kernel: lr : kmem_cache_free+0x268/0x2bc Feb 03 23:20:58 mobian kernel: sp : ffffffc011ebb900 Feb 03 23:20:58 mobian kernel: x29: ffffffc011ebb900 x28: ffffff809c95af50 x27: ffffff80027b2000 Feb 03 23:20:58 mobian kernel: x26: ffffff809c95af30 x25: ffffff809c95af70 x24: ffffff809c95b168 Feb 03 23:20:58 mobian kernel: x23: ffffff80021bb900 x22: ffffff809c95af78 x21: ffffff80084e8990 Feb 03 23:20:58 mobian kernel: x20: 0000000000000008 x19: fffffffe00213a00 x18: ffffffffffffffff Feb 03 23:20:58 mobian kernel: x17: 00000000000008e0 x16: 0000000080808081 x15: ffffffc091ebb617 Feb 03 23:20:58 mobian kernel: x14: 0000000000000000 x13: 2165676170206261 x12: 6c53206120746f6e Feb 03 23:20:58 mobian kernel: x11: ffffffc0111eea50 x10: 00000000fffff000 x9 : ffffffc0101d06fc Feb 03 23:20:58 mobian kernel: x8 : 00000000ffffefff x7 : ffffffc0111eea50 x6 : 0000000000000001 Feb 03 23:20:58 mobian kernel: x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 Feb 03 23:20:58 mobian kernel: x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffffff80021bb900 Feb 03 23:20:58 mobian kernel: Call trace: Feb 03 23:20:58 mobian kernel: kmem_cache_free+0x268/0x2bc Feb 03 23:20:58 mobian kernel: free_extent_map+0x98/0xe0 [btrfs] Feb 03 23:20:58 mobian kernel: btrfs_evict_inode+0xec/0x4c0 [btrfs] Feb 03 23:20:58 mobian kernel: evict+0xdc/0x1b0 Feb 03 23:20:58 mobian kernel: dispose_list+0x5c/0x80 Feb 03 23:20:58 mobian kernel: prune_icache_sb+0x60/0x8c Feb 03 23:20:58 mobian kernel: super_cache_scan+0x14c/0x1a4 Feb 03 23:20:58 mobian kernel: do_shrink_slab+0x17c/0x3b0 Feb 03 23:20:58 mobian kernel: shrink_slab+0x210/0x2d0 Feb 03 23:20:58 mobian kernel: shrink_node+0x43c/0x6e4 Feb 03 23:20:58 mobian kernel: balance_pgdat+0x280/0x680 Feb 03 23:20:58 mobian kernel: kswapd+0x1e0/0x400 Feb 03 23:20:58 mobian kernel: kthread+0x124/0x130 Feb 03 23:20:58 mobian kernel: ret_from_fork+0x10/0x20 Feb 03 23:20:58 mobian kernel: ---[ end trace 467884490b2afd99 ]--- Feb 03 23:24:47 mobian kernel: PM: suspend entry (deep) … final call trace not caught as it is only on the serial console |