196877 – zswap z3fold BUG: list_add double add

Bug 196877 - zswap z3fold BUG: list_add double add

Summary: zswap z3fold BUG: list_add double add

Status:	NEW

Alias:	None

Product:	Memory Management
Classification:	Unclassified
Component:	Page Allocator (show other bugs)
Hardware:	x86-64 Linux

Importance:	P1 normal
Assignee:	Andrew Morton

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-09-08 23:35 UTC by MushiMushy
Modified:	2019-07-08 04:24 UTC (History)
CC List:	4 users (show)

See Also:
Kernel Version:	4.12.10
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Suggested fix (1.47 KB, patch) 2017-09-20 08:52 UTC, Vitaly	Details \| Diff
Bug fixed (1.92 KB, patch) 2017-11-29 16:07 UTC, Evgeniy	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Description MushiMushy 2017-09-08 23:35:11 UTC

This occurs about every 24 hours:

[36537.498380] list_add double add: new=ffff9534afca0000, prev=ffff953671cad900, next=ffff9534afca0000.
[36537.507545] ------------[ cut here ]------------
[36537.512167] kernel BUG at lib/list_debug.c:31!
[36537.516642] invalid opcode: 0000 [#1] PREEMPT SMP
[36537.521352] Modules linked in: loop udp_diag tcp_diag inet_diag cfg80211 br_netfilter bridge stp llc tun ip6table_raw ip6table_nat nf_nat_ipv6 ip6t_rpfilter ip6table_mangle ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables iptable_raw ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat xt_HL xt_pkttype ipt_rpfilter xt_connmark xt_mark iptable_mangle ipt_REJECT nf_reject_ipv4 xt_comment xt_tcpudp xt_NFLOG xt_limit nf_conntrack_ipv4 nf_defrag_ipv4 xt_multiport xt_set xt_addrtype xt_conntrack nf_conntrack libcrc32c crc32c_generic xt_owner iptable_filter ip_set_hash_ip ip_set lz4 lz4_compress ext4 crc16 jbd2 fscrypto mbcache jc42 msr nfnetlink_log nfnetlink camellia_generic camellia_aesni_avx_x86_64 ablk_helper camellia_x86_64 lrw gf128mul xts intel_rapl
[36537.592577]  x86_pkg_temp_thermal intel_powerclamp amdkfd coretemp eeepc_wmi amd_iommu_v2 kvm_intel asus_wmi sparse_keymap iTCO_wdt kvm amdgpu iTCO_vendor_support rfkill irqbypass ppdev e1000e ttm intel_cstate tpm_infineon snd_hda_codec_realtek ptp intel_rapl_perf drm_kms_helper snd_hda_codec_hdmi pcspkr snd_hda_codec_generic i2c_i801 lpc_ich pps_core drm snd_hda_intel mousedev input_leds evdev syscopyarea joydev snd_hda_codec led_class sysfillrect sysimgblt snd_hda_core mac_hid mei_me fb_sys_fops snd_hwdep mei snd_pcm i2c_algo_bit battery parport_pc tpm_tis parport tpm_tis_core video wmi button thermal fan tpm shpchp ie31200_edac sch_fq_codel snd_hrtimer snd_seq_dummy snd_seq snd_seq_device snd_timer snd soundcore ip_tables x_tables btrfs xor raid6_pq dm_crypt algif_skcipher af_alg dm_mod dax sd_mod
[36537.663535]  hid_generic usbhid hid crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel pcbc ahci libahci mpt3sas raid_class aesni_intel libata scsi_transport_sas xhci_pci ehci_pci aes_x86_64 crypto_simd ehci_hcd xhci_hcd glue_helper cryptd usbcore scsi_mod usb_common serio
[36537.688776] CPU: 6 PID: 81 Comm: kswapd0 Not tainted 4.12.10 #1
[36537.695143] Hardware name: System manufacturer System Product Name/MRB, BIOS 7222 01/10/2013
[36537.703862] task: ffff953694b68e80 task.stack: ffffb45a41104000
[36537.709794] RIP: 0010:__list_add_valid+0x66/0x70
[36537.714427] RSP: 0018:ffffb45a41107940 EFLAGS: 00010286
[36537.719661] RAX: 0000000000000058 RBX: fffffb1480bf2820 RCX: 0000000000000000
[36537.726812] RDX: 0000000000000000 RSI: ffff95369ed8dcc8 RDI: ffff95369ed8dcc8
[36537.733956] RBP: ffffb45a41107940 R08: 00000000000004af R09: 0000000000000007
[36537.741095] R10: fffffb1482d8d600 R11: ffffffffa7ea91ed R12: ffff9534afca0010
[36537.748248] R13: ffff953671cad858 R14: 00000000ffffffef R15: ffff9534afca0000
[36537.755407] FS:  0000000000000000(0000) GS:ffff95369ed80000(0000) knlGS:0000000000000000
[36537.763519] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[36537.769290] CR2: 0000000077b7e000 CR3: 000000015fc09000 CR4: 00000000001426e0
[36537.776449] Call Trace:
[36537.778899]  z3fold_zpool_shrink+0x30b/0x4a0
[36537.783168]  zpool_shrink+0x16/0x20
[36537.786668]  zswap_frontswap_store+0x241/0x460
[36537.791106]  __frontswap_store+0x6d/0xf0
[36537.795025]  swap_writepage+0x49/0x90
[36537.798701]  pageout.isra.47+0xf2/0x2e0
[36537.802565]  shrink_page_list+0x8e8/0xaa0
[36537.806577]  shrink_inactive_list+0x1ba/0x4b0
[36537.810937]  shrink_node_memcg+0x354/0x720
[36537.815046]  shrink_node+0xf7/0x2f0
[36537.818571]  ? shrink_node+0xf7/0x2f0
[36537.822230]  kswapd+0x2bd/0x770
[36537.825412]  kthread+0x125/0x140
[36537.828651]  ? mem_cgroup_shrink_node+0x1b0/0x1b0
[36537.833360]  ? kthread_create_on_node+0x70/0x70
[36537.837904]  ret_from_fork+0x25/0x30
[36537.841479] Code: 0f 0b 48 89 c1 4c 89 c6 48 c7 c7 98 41 97 a7 e8 64 ea df ff 0f 0b 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 e8 41 97 a7 e8 4d ea df ff <0f> 0b 0f 1f 84 00 00 00 00 00 55 48 8b 07 48 b9 00 01 00 00 00
[36537.860350] RIP: __list_add_valid+0x66/0x70 RSP: ffffb45a41107940
[36537.866474] ---[ end trace d469167aaa35446d ]---

Comment 1 Vitaly 2017-09-20 08:52:15 UTC

Created attachment 258523 [details]
Suggested fix

Could you please apply this patch and see if it helps? Thanks!

Comment 2 MushiMushy 2017-09-20 21:22:21 UTC

Thank you. I'll be using this patch and report later what happens or doesn't.

Comment 3 MushiMushy 2017-09-22 15:27:03 UTC

Didn't help unfortunately. :(
I can usually trigger the bug by using command
  stress --vm-keep -m N --vm-bytes 512m
and trying out different values for N. It seems to crash soon if it does.
My kernel is however not so vanilla anymore and I have been using patches from
  https://github.com/copperhead/linux-hardened
and
  https://ck-hack.blogspot.lu.


[  857.575435] list_add double add: new=ffff996fdfb2a000, prev=ffff9970045fe438, next=ffff996fdfb2a000.
[  857.584573] ------------[ cut here ]------------
[  857.589189] kernel BUG at lib/list_debug.c:31!
[  857.593634] invalid opcode: 0000 [#1] PREEMPT SMP
[  857.598335] Modules linked in: cfg80211 br_netfilter bridge stp llc ext4 crc16 jbd2 fscrypto mbcache tun ip6table_raw ip6table_nat nf_nat_ipv6 ip6t_rpfilter ip6table_mangle ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables iptable_ra
w ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat xt_HL xt_pkttype ipt_rpfilter xt_connmark xt_mark iptable_mangle ipt_REJECT nf_reject_ipv4 xt_comment xt_tcpudp xt_NFLOG xt_limit nf_conntrack_ipv4 nf_defrag_ipv4 xt_multiport xt_set xt_addrtype xt_conn
track xt_owner camellia_generic iptable_filter ip_set_hash_ip ip_set camellia_aesni_avx_x86_64 ablk_helper camellia_x86_64 lrw gf128mul xts nf_conntrack libcrc32c crc32c_generic msr nfnetlink_log nfnetlink lz4 lz4_compress nct6775 hwmon_vid jc42 amdkfd intel_rapl
[  857.668672]  amd_iommu_v2 x86_pkg_temp_thermal snd_hda_codec_hdmi intel_powerclamp coretemp amdgpu kvm_intel snd_hda_codec_realtek eeepc_wmi kvm snd_hda_codec_generic asus_wmi sparse_keymap ttm iTCO_wdt iTCO_vendor_support ppdev snd_hda_intel rfkill irqbypass intel_csta
te drm_kms_helper intel_rapl_perf pcspkr i2c_i801 snd_hda_codec tpm_infineon evdev input_leds drm joydev mousedev led_class snd_hda_core e1000e lpc_ich mac_hid mei_me snd_hwdep syscopyarea ptp sysfillrect mei snd_pcm sysimgblt fb_sys_fops pps_core i2c_algo_bit parport_pc b
attery parport tpm_tis video tpm_tis_core thermal fan shpchp tpm wmi button ie31200_edac sch_fq_codel snd_hrtimer snd_seq_dummy snd_seq snd_seq_device snd_timer snd soundcore usbip_host usbip_core ip_tables x_tables btrfs xor raid6_pq dm_crypt algif_skcipher af_alg
[  857.739191]  dm_mod dax sd_mod hid_generic usbhid hid xhci_pci crct10dif_pclmul ehci_pci crc32_pclmul xhci_hcd crc32c_intel ahci ehci_hcd ghash_clmulni_intel pcbc libahci usbcore aesni_intel mpt3sas libata aes_x86_64 crypto_simd glue_helper cryptd raid_class scsi_transp
ort_sas usb_common serio
[  857.765138] CPU: 1 PID: 8261 Comm: stress Tainted: G        W       4.12.14 #1
[  857.772780] Hardware name: System manufacturer System Product Name/MRB, BIOS 7222 01/10/2013
[  857.781464] task: ffff996fef401980 task.stack: ffffaac1cb484000
[  857.787378] RIP: 0010:__list_add_valid+0x66/0x70
[  857.791995] RSP: 0000:ffffaac1cb487448 EFLAGS: 00010286
[  857.797212] RAX: 0000000000000058 RBX: ffff996fdfb2a000 RCX: 0000000000000000
[  857.804336] RDX: 0000000000000000 RSI: ffff99709ec4dc28 RDI: ffff99709ec4dc28
[  857.811460] RBP: ffffaac1cb487448 R08: 0000000000000525 R09: 000000000000000a
[  857.818582] R10: ffffaac1cb487338 R11: ffffffffaeeab5ed R12: fffff88ac57ecaa0
[  857.825706] R13: 0000000000000000 R14: ffff996fdfb2a010 R15: ffff9970045fe060
[  857.832830] FS:  000065505c27c740(0000) GS:ffff99709ec40000(0000) knlGS:0000000000000000
[  857.840907] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  857.846644] CR2: 0000655040678010 CR3: 00000001f2665000 CR4: 00000000001406e0
[  857.853768] Call Trace:
[  857.856216]  z3fold_zpool_shrink+0x286/0x480
[  857.860484]  zpool_shrink+0x16/0x20
[  857.863969]  zswap_frontswap_store+0x241/0x460
[  857.868406]  __frontswap_store+0x6d/0xf0
[  857.872325]  swap_writepage+0x49/0x90
[  857.875990]  pageout.isra.47+0xf2/0x2e0
[  857.879829]  shrink_page_list+0x8e8/0xaa0
[  857.883842]  shrink_inactive_list+0x1ba/0x4b0
[  857.888200]  shrink_node_memcg+0x354/0x720
[  857.892290]  ? super_cache_count+0x67/0xd0
[  857.896382]  ? shrink_slab.part.44+0x264/0x3f0
[  857.900828]  shrink_node+0xf7/0x2f0
[  857.904318]  ? shrink_node+0xf7/0x2f0
[  857.907976]  do_try_to_free_pages+0xd7/0x350
[  857.912240]  try_to_free_pages+0xf6/0x1e0
[  857.916245]  __alloc_pages_slowpath+0x3d4/0xd60
[  857.920778]  __alloc_pages_nodemask+0x214/0x230
[  857.925309]  alloc_pages_vma+0xa0/0x270
[  857.929139]  __read_swap_cache_async+0x157/0x210
[  857.933750]  read_swap_cache_async+0x26/0x60
[  857.938013]  swapin_readahead+0x121/0x1f0
[  857.942018]  ? pagecache_get_page+0x2c/0x1f0
[  857.946283]  do_swap_page+0x21b/0x6d0
[  857.949947]  ? do_swap_page+0x21b/0x6d0
[  857.953777]  __handle_mm_fault+0x600/0xce0
[  857.957868]  handle_mm_fault+0xb7/0x250
[  857.961699]  __do_page_fault+0x24d/0x510
[  857.965615]  do_page_fault+0x22/0x30
[  857.969187]  page_fault+0x28/0x30
[  857.972497] RIP: 0033:0x402b96
[  857.975547] RSP: 002b:000070a223a78240 EFLAGS: 00010202
[  857.980764] RAX: 0000000003f64000 RBX: 000065503b992010 RCX: 000065505ba83dd3
[  857.987887] RDX: 0000000020000000 RSI: 000065503b992010 RDI: 0000000000000000
[  857.995011] RBP: 0000000020000000 R08: 000065503f8f7010 R09: 0000000000000000
[  858.002134] R10: 000065503f8f6010 R11: 0000000000000246 R12: ffffffffffffffff
[  858.009258] R13: 0000000000000002 R14: fffffffffffff000 R15: 0000000000001000
[  858.016382] Code: 0f 0b 48 89 c1 4c 89 c6 48 c7 c7 68 61 97 ae e8 44 fd df ff 0f 0b 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 b8 61 97 ae e8 2d fd df ff <0f> 0b 0f 1f 84 00 00 00 00 00 55 48 8b 07 48 b9 00 01 00 00 00
[  858.035233] RIP: __list_add_valid+0x66/0x70 RSP: ffffaac1cb487448
[  858.041320] ---[ end trace 320cca3fcca4509c ]---

Comment 4 Evgeniy 2017-11-29 16:07:20 UTC

Created attachment 260933 [details]
Bug fixed

Comment 5 roman 2018-03-07 13:18:25 UTC

[RESOLVED] [WORKSFORME]

Comment 6 Carlo B 2019-07-08 04:24:46 UTC

Thank you!! Im using this patch and it work perfectly fine!

Castro B,
http://datingsitegratis.be

Note You need to log in before you can comment on or make changes to this bug.