fbdev: defio: fix the pagelist corruption

Commit Message

Chuansheng Liu March 17, 2022, 5:46 a.m. UTC

Easily hit the below list corruption:
==
list_add corruption. prev->next should be next (ffffffffc0ceb090), but
was ffffec604507edc8. (prev=ffffec604507edc8).
WARNING: CPU: 65 PID: 3959 at lib/list_debug.c:26
__list_add_valid+0x53/0x80
CPU: 65 PID: 3959 Comm: fbdev Tainted: G     U
RIP: 0010:__list_add_valid+0x53/0x80
Call Trace:
 <TASK>
 fb_deferred_io_mkwrite+0xea/0x150
 do_page_mkwrite+0x57/0xc0
 do_wp_page+0x278/0x2f0
 __handle_mm_fault+0xdc2/0x1590
 handle_mm_fault+0xdd/0x2c0
 do_user_addr_fault+0x1d3/0x650
 exc_page_fault+0x77/0x180
 ? asm_exc_page_fault+0x8/0x30
 asm_exc_page_fault+0x1e/0x30
RIP: 0033:0x7fd98fc8fad1
==

Figure out the race happens when one process is adding &page->lru into
the pagelist tail in fb_deferred_io_mkwrite(), another process is
re-initializing the same &page->lru in fb_deferred_io_fault(), which is
not protected by the lock.

This fix is to init all the page lists one time during initialization,
it not only fixes the list corruption, but also avoids INIT_LIST_HEAD()
redundantly.

Fixes: 105a940416fc ("fbdev/defio: Early-out if page is already
enlisted")
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>
---
 drivers/video/fbdev/core/fb_defio.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

Comments

Geert Uytterhoeven March 17, 2022, 7:47 a.m. UTC | #1

Hi Chuansheng,

On Thu, Mar 17, 2022 at 7:17 AM Chuansheng Liu <chuansheng.liu@intel.com> wrote:
> Easily hit the below list corruption:
> ==
> list_add corruption. prev->next should be next (ffffffffc0ceb090), but
> was ffffec604507edc8. (prev=ffffec604507edc8).
> WARNING: CPU: 65 PID: 3959 at lib/list_debug.c:26
> __list_add_valid+0x53/0x80
> CPU: 65 PID: 3959 Comm: fbdev Tainted: G     U
> RIP: 0010:__list_add_valid+0x53/0x80
> Call Trace:
>  <TASK>
>  fb_deferred_io_mkwrite+0xea/0x150
>  do_page_mkwrite+0x57/0xc0
>  do_wp_page+0x278/0x2f0
>  __handle_mm_fault+0xdc2/0x1590
>  handle_mm_fault+0xdd/0x2c0
>  do_user_addr_fault+0x1d3/0x650
>  exc_page_fault+0x77/0x180
>  ? asm_exc_page_fault+0x8/0x30
>  asm_exc_page_fault+0x1e/0x30
> RIP: 0033:0x7fd98fc8fad1
> ==
>
> Figure out the race happens when one process is adding &page->lru into
> the pagelist tail in fb_deferred_io_mkwrite(), another process is
> re-initializing the same &page->lru in fb_deferred_io_fault(), which is
> not protected by the lock.
>
> This fix is to init all the page lists one time during initialization,
> it not only fixes the list corruption, but also avoids INIT_LIST_HEAD()
> redundantly.
>
> Fixes: 105a940416fc ("fbdev/defio: Early-out if page is already
> enlisted")
> Cc: Thomas Zimmermann <tzimmermann@suse.de>
> Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>

Thanks for your patch!

> --- a/drivers/video/fbdev/core/fb_defio.c
> +++ b/drivers/video/fbdev/core/fb_defio.c
> @@ -220,6 +219,8 @@ static void fb_deferred_io_work(struct work_struct *work)
>  void fb_deferred_io_init(struct fb_info *info)
>  {
>         struct fb_deferred_io *fbdefio = info->fbdefio;
> +       struct page *page;
> +       int i;

unsigned int i;

>         BUG_ON(!fbdefio);
>         mutex_init(&fbdefio->lock);
> @@ -227,6 +228,12 @@ void fb_deferred_io_init(struct fb_info *info)
>         INIT_LIST_HEAD(&fbdefio->pagelist);
>         if (fbdefio->delay == 0) /* set a default of 1 s */
>                 fbdefio->delay = HZ;
> +
> +       /* initialize all the page lists one time */
> +       for (i = 0; i < info->fix.smem_len; i += PAGE_SIZE) {
> +               page = fb_deferred_io_page(info, i);
> +               INIT_LIST_HEAD(&page->lru);
> +       }
>  }
>  EXPORT_SYMBOL_GPL(fb_deferred_io_init);

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Javier Martinez Canillas March 17, 2022, 11:24 a.m. UTC | #2

Hello Chuansheng,

On 3/17/22 06:46, Chuansheng Liu wrote:
> Easily hit the below list corruption:
> ==
> list_add corruption. prev->next should be next (ffffffffc0ceb090), but
> was ffffec604507edc8. (prev=ffffec604507edc8).
> WARNING: CPU: 65 PID: 3959 at lib/list_debug.c:26
> __list_add_valid+0x53/0x80
> CPU: 65 PID: 3959 Comm: fbdev Tainted: G     U
> RIP: 0010:__list_add_valid+0x53/0x80
> Call Trace:
>  <TASK>
>  fb_deferred_io_mkwrite+0xea/0x150
>  do_page_mkwrite+0x57/0xc0
>  do_wp_page+0x278/0x2f0
>  __handle_mm_fault+0xdc2/0x1590
>  handle_mm_fault+0xdd/0x2c0
>  do_user_addr_fault+0x1d3/0x650
>  exc_page_fault+0x77/0x180
>  ? asm_exc_page_fault+0x8/0x30
>  asm_exc_page_fault+0x1e/0x30
> RIP: 0033:0x7fd98fc8fad1
> ==
> 
> Figure out the race happens when one process is adding &page->lru into
> the pagelist tail in fb_deferred_io_mkwrite(), another process is
> re-initializing the same &page->lru in fb_deferred_io_fault(), which is
> not protected by the lock.
> 
> This fix is to init all the page lists one time during initialization,
> it not only fixes the list corruption, but also avoids INIT_LIST_HEAD()
> redundantly.
> 
> Fixes: 105a940416fc ("fbdev/defio: Early-out if page is already
> enlisted")
> Cc: Thomas Zimmermann <tzimmermann@suse.de>
> Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>
> ---

This makes sense to me. If you address Geert comment and post a v2,
feel free to add:

Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>

Thomas Zimmermann March 17, 2022, 1:34 p.m. UTC | #3

Hi

Am 17.03.22 um 06:46 schrieb Chuansheng Liu:
> Easily hit the below list corruption:
> ==
> list_add corruption. prev->next should be next (ffffffffc0ceb090), but
> was ffffec604507edc8. (prev=ffffec604507edc8).
> WARNING: CPU: 65 PID: 3959 at lib/list_debug.c:26
> __list_add_valid+0x53/0x80
> CPU: 65 PID: 3959 Comm: fbdev Tainted: G     U
> RIP: 0010:__list_add_valid+0x53/0x80
> Call Trace:
>   <TASK>
>   fb_deferred_io_mkwrite+0xea/0x150
>   do_page_mkwrite+0x57/0xc0
>   do_wp_page+0x278/0x2f0
>   __handle_mm_fault+0xdc2/0x1590
>   handle_mm_fault+0xdd/0x2c0
>   do_user_addr_fault+0x1d3/0x650
>   exc_page_fault+0x77/0x180
>   ? asm_exc_page_fault+0x8/0x30
>   asm_exc_page_fault+0x1e/0x30
> RIP: 0033:0x7fd98fc8fad1
> ==
> 
> Figure out the race happens when one process is adding &page->lru into
> the pagelist tail in fb_deferred_io_mkwrite(), another process is
> re-initializing the same &page->lru in fb_deferred_io_fault(), which is
> not protected by the lock.
> 
> This fix is to init all the page lists one time during initialization,
> it not only fixes the list corruption, but also avoids INIT_LIST_HEAD()
> redundantly.
> 
> Fixes: 105a940416fc ("fbdev/defio: Early-out if page is already
> enlisted")
> Cc: Thomas Zimmermann <tzimmermann@suse.de>
> Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>

If you fix Geert's comment, feel free to add

Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de>

Best regards
Thomas

> ---
>   drivers/video/fbdev/core/fb_defio.c | 9 ++++++++-
>   1 file changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/video/fbdev/core/fb_defio.c b/drivers/video/fbdev/core/fb_defio.c
> index 98b0f23bf5e2..eafb66ca4f28 100644
> --- a/drivers/video/fbdev/core/fb_defio.c
> +++ b/drivers/video/fbdev/core/fb_defio.c
> @@ -59,7 +59,6 @@ static vm_fault_t fb_deferred_io_fault(struct vm_fault *vmf)
>   		printk(KERN_ERR "no mapping available\n");
>   
>   	BUG_ON(!page->mapping);
> -	INIT_LIST_HEAD(&page->lru);
>   	page->index = vmf->pgoff;
>   
>   	vmf->page = page;
> @@ -220,6 +219,8 @@ static void fb_deferred_io_work(struct work_struct *work)
>   void fb_deferred_io_init(struct fb_info *info)
>   {
>   	struct fb_deferred_io *fbdefio = info->fbdefio;
> +	struct page *page;
> +	int i;
>   
>   	BUG_ON(!fbdefio);
>   	mutex_init(&fbdefio->lock);
> @@ -227,6 +228,12 @@ void fb_deferred_io_init(struct fb_info *info)
>   	INIT_LIST_HEAD(&fbdefio->pagelist);
>   	if (fbdefio->delay == 0) /* set a default of 1 s */
>   		fbdefio->delay = HZ;
> +
> +	/* initialize all the page lists one time */
> +	for (i = 0; i < info->fix.smem_len; i += PAGE_SIZE) {
> +		page = fb_deferred_io_page(info, i);
> +		INIT_LIST_HEAD(&page->lru);
> +	}
>   }
>   EXPORT_SYMBOL_GPL(fb_deferred_io_init);
>

Paul Menzel March 26, 2022, 8:11 a.m. UTC | #4

Dear Chuansheng,


Am 17.03.22 um 06:46 schrieb Chuansheng Liu:
> Easily hit the below list corruption:
> ==
> list_add corruption. prev->next should be next (ffffffffc0ceb090), but
> was ffffec604507edc8. (prev=ffffec604507edc8).
> WARNING: CPU: 65 PID: 3959 at lib/list_debug.c:26
> __list_add_valid+0x53/0x80
> CPU: 65 PID: 3959 Comm: fbdev Tainted: G     U
> RIP: 0010:__list_add_valid+0x53/0x80
> Call Trace:
>   <TASK>
>   fb_deferred_io_mkwrite+0xea/0x150
>   do_page_mkwrite+0x57/0xc0
>   do_wp_page+0x278/0x2f0
>   __handle_mm_fault+0xdc2/0x1590
>   handle_mm_fault+0xdd/0x2c0
>   do_user_addr_fault+0x1d3/0x650
>   exc_page_fault+0x77/0x180
>   ? asm_exc_page_fault+0x8/0x30
>   asm_exc_page_fault+0x1e/0x30
> RIP: 0033:0x7fd98fc8fad1
> ==
> 
> Figure out the race happens when one process is adding &page->lru into
> the pagelist tail in fb_deferred_io_mkwrite(), another process is
> re-initializing the same &page->lru in fb_deferred_io_fault(), which is
> not protected by the lock.
> 
> This fix is to init all the page lists one time during initialization,
> it not only fixes the list corruption, but also avoids INIT_LIST_HEAD()
> redundantly.
> 
> Fixes: 105a940416fc ("fbdev/defio: Early-out if page is already
> enlisted")
> Cc: Thomas Zimmermann <tzimmermann@suse.de>
> Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>
> ---
>   drivers/video/fbdev/core/fb_defio.c | 9 ++++++++-
>   1 file changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/video/fbdev/core/fb_defio.c b/drivers/video/fbdev/core/fb_defio.c
> index 98b0f23bf5e2..eafb66ca4f28 100644
> --- a/drivers/video/fbdev/core/fb_defio.c
> +++ b/drivers/video/fbdev/core/fb_defio.c
> @@ -59,7 +59,6 @@ static vm_fault_t fb_deferred_io_fault(struct vm_fault *vmf)
>   		printk(KERN_ERR "no mapping available\n");
>   
>   	BUG_ON(!page->mapping);
> -	INIT_LIST_HEAD(&page->lru);
>   	page->index = vmf->pgoff;
>   
>   	vmf->page = page;
> @@ -220,6 +219,8 @@ static void fb_deferred_io_work(struct work_struct *work)
>   void fb_deferred_io_init(struct fb_info *info)
>   {
>   	struct fb_deferred_io *fbdefio = info->fbdefio;
> +	struct page *page;
> +	int i;
>   
>   	BUG_ON(!fbdefio);
>   	mutex_init(&fbdefio->lock);
> @@ -227,6 +228,12 @@ void fb_deferred_io_init(struct fb_info *info)
>   	INIT_LIST_HEAD(&fbdefio->pagelist);
>   	if (fbdefio->delay == 0) /* set a default of 1 s */
>   		fbdefio->delay = HZ;
> +
> +	/* initialize all the page lists one time */
> +	for (i = 0; i < info->fix.smem_len; i += PAGE_SIZE) {
> +		page = fb_deferred_io_page(info, i);
> +		INIT_LIST_HEAD(&page->lru);
> +	}
>   }
>   EXPORT_SYMBOL_GPL(fb_deferred_io_init);
>   
Applying your patch on top of current Linus’ master branch, tty0 is 
unusable and looks frozen. Sometimes network card still works, sometimes 
not.

     $ git log --oneline -nodecorate -2
     1b351a77ed33 (HEAD -> linus) fbdev: defio: fix the pagelist corruption
     52d543b5497c (origin/master, origin/HEAD) Merge tag 
'for-linus-5.17-1' of https://github.com/cminyard/linux-ipmi

```
[    5.256996] raw: 0000000000000000 0000000000000000 00000000ffffffff 
0000000000000000
[    5.269582] page dumped because: VM_BUG_ON_PAGE(compound && 
compound_order(page) != order)
[    5.279507] ------------[ cut here ]------------
[    5.286406] kernel BUG at mm/page_alloc.c:1326!
[    5.291814] invalid opcode: 0000 [#1] PREEMPT SMP
[    5.296350] CPU: 0 PID: 167 Comm: systemd-udevd Not tainted 
5.17.0-10753-g1b351a77ed33 #300
[    5.304670] Hardware name: ASUS F2A85-M_PRO/F2A85-M_PRO, BIOS 
4.16-337-gb87986e67b 03/25/2022
[    5.313163] RIP: 0010:free_pcp_prepare+0x295/0x400
[    5.317930] Code: 00 01 00 75 0b 48 8b 45 08 45 31 ff a8 01 74 4b 48 
8b 45 00 a9 00 00 01 00 75 22 48 c7 c6 68 30 11 96 48 89 ef e8 cb 29 fd 
ff <0f> 0b 48 89 ef 41 83 c6 01 e8 bd f5 ff ff e9 2e fe ff ff 0f 1f 44
[    5.336650] RSP: 0018:ffffa6634062f9c0 EFLAGS: 00010246
[    5.341849] RAX: 000000000000004e RBX: ffffe4be80000000 RCX: 
0000000000000000
[    5.348957] RDX: 0000000000000000 RSI: ffffffff96136a37 RDI: 
00000000ffffffff
[    5.356063] RBP: ffffe4be840c0000 R08: 0000000000000000 R09: 
00000000ffffdfff
[    5.363170] R10: ffffa6634062f7f0 R11: ffffffff9652c4a8 R12: 
0000000000000000
[    5.370277] R13: 0000000000000009 R14: ffff91fd02ebc640 R15: 
ffffe4be840c0000
[    5.377384] FS:  0000000000000000(0000) GS:ffff91fd7b400000(0063) 
knlGS:00000000f7eea800
[    5.385443] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[    5.391164] CR2: 00000000f6f0e840 CR3: 0000000106b60000 CR4: 
00000000000406f0
[    5.398272] Call Trace:
[    5.400697]  <TASK>
[    5.402778]  free_unref_page+0x1b/0xf0
[    5.406505]  __vunmap+0x216/0x2c0
[    5.409798]  drm_fbdev_cleanup+0x5f/0xb0
[    5.413698]  drm_fbdev_fb_destroy+0x15/0x30
[    5.417857]  unregister_framebuffer+0x2c/0x40
[    5.422191]  drm_client_dev_unregister+0x69/0xe0
[    5.422962] usb usb4: New USB device found, idVendor=1d6b, 
idProduct=0003, bcdDevice= 5.17
[    5.426784]  drm_dev_unregister+0x2e/0x80
[    5.439005]  drm_dev_unplug+0x21/0x40
[    5.442645]  simpledrm_remove+0x11/0x20
[    5.446458]  platform_remove+0x1f/0x40
[    5.450185]  __device_release_driver+0x17a/0x250
[    5.454779]  device_release_driver+0x24/0x30
[    5.459024]  bus_remove_device+0xd8/0x140
[    5.463012]  device_del+0x18b/0x3f0
[    5.466478]  ? idr_alloc_cyclic+0x50/0xb0
[    5.470466]  platform_device_del.part.0+0x13/0x70
[    5.475146]  platform_device_unregister+0x1c/0x30
[    5.479824]  drm_aperture_detach_drivers+0xa1/0xd0
[    5.484593]  drm_aperture_remove_conflicting_pci_framebuffers+0x3f/0x60
[    5.491179]  radeon_pci_probe+0x54/0xf0 [radeon]
[    5.495773]  local_pci_probe+0x45/0x80
[    5.499499]  ? pci_match_device+0xd7/0x130
[    5.503572]  pci_device_probe+0xc2/0x1e0
[    5.507474]  really_probe+0x1f5/0x3d0
[    5.511112]  __driver_probe_device+0xfe/0x180
[    5.515446]  driver_probe_device+0x1e/0x90
[    5.519518]  __driver_attach+0xc0/0x1c0
[    5.523332]  ? __device_attach_driver+0xe0/0xe0
[    5.527839]  ? __device_attach_driver+0xe0/0xe0
[    5.532346]  bus_for_each_dev+0x78/0xc0
[    5.536159]  bus_add_driver+0x149/0x1e0
[    5.539973]  driver_register+0x8f/0xe0
[    5.543699]  ? 0xffffffffc0741000
[    5.546992]  do_one_initcall+0x44/0x200
[    5.550806]  ? kmem_cache_alloc_trace+0x170/0x2c0
[    5.555487]  do_init_module+0x4c/0x240
[    5.559213]  __do_sys_finit_module+0xb4/0x120
[    5.563547]  __do_fast_syscall_32+0x6b/0xe0
[    5.567706]  do_fast_syscall_32+0x2f/0x70
[    5.571693]  entry_SYSCALL_compat_after_hwframe+0x45/0x4d
[    5.577067] RIP: 0023:0xf7efa549
[    5.580273] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 
07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 cd 0f 05 cd 
80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[    5.582805] usb usb4: New USB device strings: Mfr=3, Product=2, 
SerialNumber=1
[    5.598992] RSP: 002b:00000000ff831c0c EFLAGS: 00200296 ORIG_RAX: 
000000000000015e
[    5.598996] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 
00000000f7ed9e09
[    5.598998] RDX: 0000000000000000 RSI: 0000000056a5c940 RDI: 
0000000056a5c4c0
[    5.598999] RBP: 0000000000000000 R08: 0000000000000000 R09: 
0000000000000000
[    5.635047] R10: 0000000000000000 R11: 0000000000000000 R12: 
0000000000000000
[    5.642154] R13: 0000000000000000 R14: 0000000000000000 R15: 
0000000000000000
[    5.649264]  </TASK>
[    5.651427] Modules linked in: crct10dif_pclmul crc32_pclmul 
crc32c_intel ghash_clmulni_intel snd_hda_codec_realtek 
snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi radeon(+) r8169 
xhci_pci(+) realtek snd_hda_intel drm_ttm_helper snd_intel_dspcfg 
k10temp snd_hda_codec ttm snd_hda_core xhci_hcd snd_pcm sg ohci_hcd 
ehci_pci(+) snd_timer drm_dp_helper snd ehci_hcd soundcore i2c_piix4 
acpi_cpufreq coreboot_table fuse ipv6 autofs4
[    5.690975] r8169 0000:04:00.0 enp4s0: renamed from eth0
[    5.691589] ---[ end trace 0000000000000000 ]---
[    5.704791] RIP: 0010:free_pcp_prepare+0x295/0x400
[    5.709784] Code: 00 01 00 75 0b 48 8b 45 08 45 31 ff a8 01 74 4b 48 
8b 45 00 a9 00 00 01 00 75 22 48 c7 c6 68 30 11 96 48 89 ef e8 cb 29 fd 
ff <0f> 0b 48 89 ef 41 83 c6 01 e8 bd f5 ff ff e9 2e fe ff ff 0f 1f 44
[    5.731535] RSP: 0018:ffffa6634062f9c0 EFLAGS: 00010246
[    5.752988] usb usb4: Product: xHCI Host Controller
[    5.758571] usb usb4: Manufacturer: Linux 5.17.0-10753-g1b351a77ed33 
xhci-hcd
[    5.767096] usb usb4: SerialNumber: 0000:03:00.0
[    5.772213] hub 4-0:1.0: USB hub found
[    5.782383] hub 4-0:1.0: 2 ports detected
[    5.799251] RAX: 000000000000004e RBX: ffffe4be80000000 RCX: 
0000000000000000
[    5.810470] RDX: 0000000000000000 RSI: ffffffff96136a37 RDI: 
00000000ffffffff
[    5.817561] RBP: ffffe4be840c0000 R08: 0000000000000000 R09: 
00000000ffffdfff
[    5.824680] R10: ffffa6634062f7f0 R11: ffffffff9652c4a8 R12: 
0000000000000000
[    5.831739] R13: 0000000000000009 R14: ffff91fd02ebc640 R15: 
ffffe4be840c0000
[    5.839445] FS:  0000000000000000(0000) GS:ffff91fd7b500000(0063) 
knlGS:00000000f7eea800
[    5.847905] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[    5.854025] CR2: 000000005664d26c CR3: 0000000106b60000 CR4: 
00000000000406e0
```


Kind regards,

Paul


PS: For some reason, the lore.kernel.org lists most messages twice [1].

PPS: I am actually wanted to analyze the new regression, and thought 
your patch might help, but made it worse. ;-) (The log excerpt is from 
Linux master.)

```
[    1.738965] BUG: Bad page state in process systemd-udevd  pfn:103003
[    1.738974] fbcon: Taking over console
[    1.740459] page:00000000c3b5c591 refcount:0 mapcount:0 mapping:0000000
000000000 index:0x3 pfn:0x103003
[    1.740466] head:000000009b49a8e9 order:9 compound_mapcount:0 compound_
pincount:0
[    1.740468] flags: 0x2fffc000010000(head|node=0|zone=2|lastcpupid=0x3ff
f)
[    1.740473] raw: 002fffc000000000 fffff139840c0001 fffff139840c00c8 000
0000000000000
[    1.740475] raw: 0000000000000000 0000000000000000 00000000ffffffff 000
0000000000000
[    1.740477] head: 002fffc000010000 0000000000000000 dead000000000122 00
00000000000000
[    1.740479] head: 0000000000000000 0000000000000000 00000000ffffffff 00
00000000000000
[    1.740480] page dumped because: corrupted mapping in tail page
```

I am going to do that in another thread.

[1]: 
https://lore.kernel.org/all/20220317054602.28846-1-chuansheng.liu@intel.com/
[    0.000000] Linux version 5.17.0-10753-g1b351a77ed33 (root@45e877da5b3e) (gcc (Debian 11.2.0-12) 11.2.0, GNU ld (GNU Binutils for Debian) 2.37) #300 SMP PREEMPT_DYNAMIC Sat Mar 26 07:14:22 UTC 2022
[    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-5.17.0-10753-g1b351a77ed33 root=/dev/sda3 rw noisapnp cryptomgr.notests ipv6.disable_ipv6=1 selinux=0 console=ttyS0,115200n8 console=tty0 earlyprintk=serial,ttyS0,115200,keep
[    0.000000] random: get_random_u32 called from bsp_init_amd+0x142/0x210 with crng_init=0
[    0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
[    0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
[    0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
[    0.000000] x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
[    0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format.
[    0.000000] signal: max sigframe size: 1776
[    0.000000] BIOS-provided physical RAM map:
[    0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
[    0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
[    0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
[    0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000005fe44fff] usable
[    0.000000] BIOS-e820: [mem 0x000000005fe45000-0x000000007fffffff] reserved
[    0.000000] BIOS-e820: [mem 0x00000000f8000000-0x00000000fbffffff] reserved
[    0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000017effffff] usable
[    0.000000] printk: console [earlyser0] enabled
[    0.000000] NX (Execute Disable) protection: active
[    0.000000] SMBIOS 3.0.0 present.
[    0.000000] DMI: ASUS F2A85-M_PRO/F2A85-M_PRO, BIOS 4.16-337-gb87986e67b 03/25/2022
[    0.000000] tsc: Fast TSC calibration using PIT
[    0.000000] tsc: Detected 3900.428 MHz processor
[    0.000580] last_pfn = 0x17f000 max_arch_pfn = 0x400000000
[    0.006021] x86/PAT: Configuration [0-7]: WB  WC  UC- UC  WB  WP  UC- WT
Memory KASLR using RDTSC...
[    0.015488] last_pfn = 0x5fe45 max_arch_pfn = 0x400000000
[    0.024652] Using GB pages for direct mapping
[    0.028951] ACPI: Early table checksum verification disabled
[    0.034469] ACPI: RSDP 0x00000000000F6250 000024 (v02 COREv4)
[    0.040186] ACPI: XSDT 0x000000005FE4B0E0 000074 (v01 COREv4 COREBOOT 00000000 CORE 20200925)
[    0.048681] ACPI: FACP 0x000000005FE4CBC0 000114 (v06 COREv4 COREBOOT 00000000 CORE 20200925)
[    0.057174] ACPI: DSDT 0x000000005FE4B280 00193A (v02 COREv4 COREBOOT 00010001 INTL 20200925)
[    0.065665] ACPI: FACS 0x000000005FE4B240 000040
[    0.070258] ACPI: FACS 0x000000005FE4B240 000040
[    0.074852] ACPI: SSDT 0x000000005FE4CCE0 00008A (v02 COREv4 COREBOOT 0000002A CORE 20200925)
[    0.083344] ACPI: MCFG 0x000000005FE4CD70 00003C (v01 COREv4 COREBOOT 00000000 CORE 20200925)
[    0.091838] ACPI: APIC 0x000000005FE4CDB0 000062 (v03 COREv4 COREBOOT 00000000 CORE 20200925)
[    0.100330] ACPI: HPET 0x000000005FE4CE20 000038 (v01 COREv4 COREBOOT 00000000 CORE 20200925)
[    0.108823] ACPI: HEST 0x000000005FE4CE60 0001D0 (v01 COREv4 COREBOOT 00000000 CORE 20200925)
[    0.117317] ACPI: IVRS 0x000000005FE4D030 000070 (v02 AMD    AMDIOMMU 00000001 AMD  00000000)
[    0.125809] ACPI: SSDT 0x000000005FE4D0A0 00051F (v02 AMD    ALIB     00000001 MSFT 04000000)
[    0.134302] ACPI: SSDT 0x000000005FE4D5C0 0006B2 (v01 AMD    POWERNOW 00000001 AMD  00000001)
[    0.142795] ACPI: VFCT 0x000000005FE4DC80 00F269 (v01 COREv4 COREBOOT 00000000 CORE 20200925)
[    0.151288] ACPI: Reserving FACP table memory at [mem 0x5fe4cbc0-0x5fe4ccd3]
[    0.158308] ACPI: Reserving DSDT table memory at [mem 0x5fe4b280-0x5fe4cbb9]
[    0.165327] ACPI: Reserving FACS table memory at [mem 0x5fe4b240-0x5fe4b27f]
[    0.172346] ACPI: Reserving FACS table memory at [mem 0x5fe4b240-0x5fe4b27f]
[    0.179367] ACPI: Reserving SSDT table memory at [mem 0x5fe4cce0-0x5fe4cd69]
[    0.186387] ACPI: Reserving MCFG table memory at [mem 0x5fe4cd70-0x5fe4cdab]
[    0.193406] ACPI: Reserving APIC table memory at [mem 0x5fe4cdb0-0x5fe4ce11]
[    0.200425] ACPI: Reserving HPET table memory at [mem 0x5fe4ce20-0x5fe4ce57]
[    0.207445] ACPI: Reserving HEST table memory at [mem 0x5fe4ce60-0x5fe4d02f]
[    0.214465] ACPI: Reserving IVRS table memory at [mem 0x5fe4d030-0x5fe4d09f]
[    0.221486] ACPI: Reserving SSDT table memory at [mem 0x5fe4d0a0-0x5fe4d5be]
[    0.228504] ACPI: Reserving SSDT table memory at [mem 0x5fe4d5c0-0x5fe4dc71]
[    0.235524] ACPI: Reserving VFCT table memory at [mem 0x5fe4dc80-0x5fe5cee8]
[    0.242602] No NUMA configuration found
[    0.246357] Faking a node at [mem 0x0000000000000000-0x000000017effffff]
[    0.253034] NODE_DATA(0) allocated [mem 0x17efe9000-0x17effffff]
[    0.271189] Zone ranges:
[    0.273553]   DMA      [mem 0x0000000000001000-0x0000000000ffffff]
[    0.279705]   DMA32    [mem 0x0000000001000000-0x00000000ffffffff]
[    0.285858]   Normal   [mem 0x0000000100000000-0x000000017effffff]
[    0.292012]   Device   empty
[    0.294871] Movable zone start for each node
[    0.299119] Early memory node ranges
[    0.302671]   node   0: [mem 0x0000000000001000-0x000000000009efff]
[    0.308911]   node   0: [mem 0x0000000000100000-0x000000005fe44fff]
[    0.315151]   node   0: [mem 0x0000000100000000-0x000000017effffff]
[    0.321392] Initmem setup node 0 [mem 0x0000000000001000-0x000000017effffff]
[    0.328416] On node 0, zone DMA: 1 pages in unavailable ranges
[    0.328474] On node 0, zone DMA: 97 pages in unavailable ranges
[    0.346777] On node 0, zone Normal: 443 pages in unavailable ranges
[    0.352584] On node 0, zone Normal: 4096 pages in unavailable ranges
[    0.358881] ACPI: PM-Timer IO Port: 0x818
[    0.369077] ACPI: LAPIC_NMI (acpi_id[0xff] high edge lint[0x1])
[    0.374972] IOAPIC[0]: apic_id 4, version 33, address 0xfec00000, GSI 0-23
[    0.381812] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
[    0.388138] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 low level)
[    0.394640] ACPI: Using ACPI (MADT) for SMP configuration information
[    0.401052] ACPI: HPET id: 0x10228210 base: 0xfed00000
[    0.406169] smpboot: Allowing 2 CPUs, 0 hotplug CPUs
[    0.411116] [mem 0x80000000-0xf7ffffff] available for PCI devices
[    0.417172] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1910969940391419 ns
[    0.431060] setup_percpu: NR_CPUS:64 nr_cpumask_bits:64 nr_cpu_ids:2 nr_node_ids:1
[    0.438908] percpu: Embedded 54 pages/cpu s183400 r8192 d29592 u1048576
[    0.445393] Fallback order for Node 0: 0
[    0.449332] Built 1 zonelists, mobility grouping on.  Total pages: 898443
[    0.456090] Policy zone: Normal
[    0.459212] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-5.17.0-10753-g1b351a77ed33 root=/dev/sda3 rw noisapnp cryptomgr.notests ipv6.disable_ipv6=1 selinux=0 console=ttyS0,115200n8 console=tty0 earlyprintk=serial,ttyS0,115200,keep
[    0.479848] Unknown kernel command line parameters "noisapnp BOOT_IMAGE=/boot/vmlinuz-5.17.0-10753-g1b351a77ed33", will be passed to user space.
[    0.493453] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes, linear)
[    0.501587] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes, linear)
[    0.509173] mem auto-init: stack:off, heap alloc:off, heap free:off
[    0.556020] Memory: 3485344K/3651468K available (12295K kernel code, 2336K rwdata, 4356K rodata, 1700K init, 6416K bss, 165864K reserved, 0K cma-reserved)
[    0.570107] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
[    0.576493] ftrace: allocating 37283 entries in 146 pages
[    0.589275] ftrace: allocated 146 pages with 3 groups
[    0.594264] Dynamic Preempt: full
[    0.597515] rcu: Preemptible hierarchical RCU implementation.
[    0.603159] rcu:     RCU restricting CPUs from NR_CPUS=64 to nr_cpu_ids=2.
[    0.609746]  Trampoline variant of Tasks RCU enabled.
[    0.614771]  Rude variant of Tasks RCU enabled.
[    0.619277]  Tracing variant of Tasks RCU enabled.
[    0.624045] rcu: RCU calculated value of scheduler-enlistment delay is 100 jiffies.
[    0.631670] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2
[    0.647866] NR_IRQS: 4352, nr_irqs: 440, preallocated irqs: 16
[    0.653976] Console: colour dummy device 80x25
[    0.658385] printk: console [tty0] enabled
[    0.662357] ACPI: Core revision 20211217
[    0.666439] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 133484873504 ns
[    0.675398] APIC: Switch to symmetric I/O mode setup
[    0.715476] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1
[    0.725394] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x7071df51672, max_idle_ns: 881591059844 ns
[    0.735736] Calibrating delay loop (skipped), value calculated using timer frequency.. 7800.85 BogoMIPS (lpj=3900428)
[    0.736732] pid_max: default: 32768 minimum: 301
[    0.737847] LSM: Security Framework initializing
[    0.738879] Mount-cache hash table entries: 8192 (order: 4, 65536 bytes, linear)
[    0.739748] Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes, linear)
Poking KASLR using RDTSC...
[    0.743962] Last level iTLB entries: 4KB 512, 2MB 1024, 4MB 512
[    0.744732] Last level dTLB entries: 4KB 1024, 2MB 1024, 4MB 512, 1GB 0
[    0.745735] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
[    0.746733] Spectre V2 : Mitigation: Retpolines
[    0.747731] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
[    0.748733] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier
[    0.749732] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl
[    0.752431] Freeing SMP alternatives memory: 32K
[    0.855021] smpboot: CPU0: AMD A6-6400K APU with Radeon(tm) HD Graphics (family: 0x15, model: 0x13, stepping: 0x1)
[    0.856050] cblist_init_generic: Setting adjustable number of callback queues.
[    0.856732] cblist_init_generic: Setting shift to 1 and lim to 1.
[    0.857774] cblist_init_generic: Setting shift to 1 and lim to 1.
[    0.858770] cblist_init_generic: Setting shift to 1 and lim to 1.
[    0.859767] Performance Events: Fam15h core perfctr, AMD PMU driver.
[    0.860733] ... version:                0
[    0.861732] ... bit width:              48
[    0.862732] ... generic registers:      6
[    0.863734] ... value mask:             0000ffffffffffff
[    0.864732] ... max period:             00007fffffffffff
[    0.865732] ... fixed-purpose events:   0
[    0.866732] ... event mask:             000000000000003f
[    0.868807] rcu: Hierarchical SRCU implementation.
[    0.871503] NMI watchdog: Enabled. Permanently consumes one hw-PMU counter.
[    0.871847] smp: Bringing up secondary CPUs ...
[    0.872973] x86: Booting SMP configuration:
[    0.873738] .... node  #0, CPUs:      #1
[    0.874825] smp: Brought up 1 node, 2 CPUs
[    0.876733] smpboot: Max logical packages: 1
[    0.877732] smpboot: Total of 2 processors activated (15601.71 BogoMIPS)
[    0.879796] devtmpfs: initialized
[    0.882911] x86/mm: Memory block size: 128MB
[    0.889932] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1911260446275000 ns
[    0.890756] futex hash table entries: 512 (order: 3, 32768 bytes, linear)
[    0.891892] pinctrl core: initialized pinctrl subsystem
[    0.892866] PM: RTC time: 07:21:51, date: 2022-03-26
[    0.894889] NET: Registered PF_NETLINK/PF_ROUTE protocol family
[    0.897084] audit: initializing netlink subsys (disabled)
[    0.897779] audit: type=2000 audit(1648279311.172:1): state=initialized audit_enabled=0 res=1
[    0.898726] thermal_sys: Registered thermal governor 'fair_share'
[    0.898734] thermal_sys: Registered thermal governor 'bang_bang'
[    0.904733] thermal_sys: Registered thermal governor 'step_wise'
[    0.910732] thermal_sys: Registered thermal governor 'user_space'
[    0.916769] cpuidle: using governor menu
[    0.919089] PCI: MMCONFIG for domain 0000 [bus 00-3f] at [mem 0xf8000000-0xfbffffff] (base 0xf8000000)
[    0.919739] PCI: MMCONFIG at [mem 0xf8000000-0xfbffffff] reserved in E820
[    0.920761] PCI: Using configuration type 1 for base access
[    0.928318] kprobes: kprobe jump-optimization is enabled. All kprobes are optimized if possible.
[    0.929132] HugeTLB registered 1.00 GiB page size, pre-allocated 0 pages
[    0.929734] HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages
[    0.931774] cryptd: max_cpu_qlen set to 1000
[    0.935922] fbcon: Taking over console
[    0.936776] ACPI: Added _OSI(Module Device)
[    0.937732] ACPI: Added _OSI(Processor Device)
[    0.938732] ACPI: Added _OSI(3.0 _SCP Extensions)
[    0.939736] ACPI: Added _OSI(Processor Aggregator Device)
[    0.940738] ACPI: Added _OSI(Linux-Dell-Video)
[    0.941736] ACPI: Added _OSI(Linux-Lenovo-NV-HDMI-Audio)
[    0.942738] ACPI: Added _OSI(Linux-HPI-Hybrid-Graphics)
[    0.963518] ACPI: 4 ACPI AML tables successfully acquired and loaded
[    0.973647] ACPI: Interpreter enabled
[    0.976829] ACPI: PM: (supports S0 S1 S3 S5)
[    0.977735] ACPI: Using IOAPIC for interrupt routing
[    0.978846] HEST: Table parsing has been initialized.
[    0.979781] GHES: Failed to enable APEI firmware first mode.
[    0.980734] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
[    0.983272] ACPI: Enabled 8 GPEs in block 00 to 1F
[    1.000204] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
[    1.000777] acpi PNP0A03:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI HPX-Type3]
[    1.002027] acpi PNP0A03:00: _OSC: OS now controls [PME AER PCIeCapability LTR]
[    1.008781] acpi PNP0A03:00: [Firmware Info]: MMCONFIG for domain 0000 [bus 00-3f] only partially covers this bridge
[    1.019946] acpi PNP0A03:00: host bridge window expanded to [io  0x0000-0x0cf7 window]; [io  0x03b0-0x03df window] ignored
[    1.031280] PCI host bridge to bus 0000:00
[    1.035735] pci_bus 0000:00: root bus resource [io  0x0000-0x0cf7 window]
[    1.041735] pci_bus 0000:00: root bus resource [io  0x0d00-0xffff window]
[    1.048734] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000dffff]
[    1.055734] pci_bus 0000:00: root bus resource [mem 0x80000000-0xffffffff]
[    1.062735] pci_bus 0000:00: root bus resource [bus 00-ff]
[    1.067769] pci 0000:00:00.0: [1022:1410] type 00 class 0x060000
[    1.074087] pci 0000:00:00.2: [1022:1419] type 00 class 0x080600
[    1.079897] pci 0000:00:01.0: [1002:9996] type 00 class 0x030000
[    1.085738] pci 0000:00:01.0: reg 0x10: [mem 0xe0000000-0xefffffff pref]
[    1.092735] pci 0000:00:01.0: reg 0x14: [io  0x1000-0x10ff]
[    1.098736] pci 0000:00:01.0: reg 0x18: [mem 0xf0180000-0xf01bffff]
[    1.104747] pci 0000:00:01.0: enabling Extended Tags
[    1.109749] pci 0000:00:01.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff]
[    1.117750] pci 0000:00:01.0: supports D1 D2
[    1.121881] pci 0000:00:01.1: [1002:9902] type 00 class 0x040300
[    1.127752] pci 0000:00:01.1: reg 0x10: [mem 0xf01c0000-0xf01c3fff]
[    1.134752] pci 0000:00:01.1: enabling Extended Tags
[    1.139764] pci 0000:00:01.1: supports D1 D2
[    1.143890] pci 0000:00:11.0: [1022:7801] type 00 class 0x010601
[    1.149743] pci 0000:00:11.0: reg 0x10: [io  0x1410-0x1417]
[    1.154738] pci 0000:00:11.0: reg 0x14: [io  0x1420-0x1423]
[    1.160738] pci 0000:00:11.0: reg 0x18: [io  0x1418-0x141f]
[    1.165739] pci 0000:00:11.0: reg 0x1c: [io  0x1424-0x1427]
[    1.171738] pci 0000:00:11.0: reg 0x20: [io  0x1400-0x140f]
[    1.176738] pci 0000:00:11.0: reg 0x24: [mem 0xf01cc000-0xf01cc7ff]
[    1.183973] pci 0000:00:12.0: [1022:7807] type 00 class 0x0c0310
[    1.189751] pci 0000:00:12.0: reg 0x10: [mem 0xf01c8000-0xf01c8fff]
[    1.191799] pci 0000:00:12.2: [1022:7808] type 00 class 0x0c0320
[    1.192744] pci 0000:00:12.2: reg 0x10: [mem 0xf01cd000-0xf01cd0ff]
[    1.193804] pci 0000:00:12.2: supports D1 D2
[    1.194732] pci 0000:00:12.2: PME# supported from D0 D1 D2 D3hot
[    1.196076] pci 0000:00:13.0: [1022:7807] type 00 class 0x0c0310
[    1.196743] pci 0000:00:13.0: reg 0x10: [mem 0xf01c9000-0xf01c9fff]
[    1.198892] pci 0000:00:13.2: [1022:7808] type 00 class 0x0c0320
[    1.200747] pci 0000:00:13.2: reg 0x10: [mem 0xf01ce000-0xf01ce0ff]
[    1.201802] pci 0000:00:13.2: supports D1 D2
[    1.202732] pci 0000:00:13.2: PME# supported from D0 D1 D2 D3hot
[    1.204070] pci 0000:00:14.0: [1022:780b] type 00 class 0x0c0500
[    1.205745] pci 0000:00:14.2: [1022:780d] type 00 class 0x040300
[    1.206747] pci 0000:00:14.2: reg 0x10: [mem 0xf01c4000-0xf01c7fff 64bit]
[    1.207793] pci 0000:00:14.2: PME# supported from D0 D3hot D3cold
[    1.209753] pci 0000:00:14.3: [1022:780e] type 00 class 0x060100
[    1.211969] pci 0000:00:14.4: [1022:780f] type 01 class 0x060401
[    1.213107] pci 0000:00:14.5: [1022:7809] type 00 class 0x0c0310
[    1.213743] pci 0000:00:14.5: reg 0x10: [mem 0xf01ca000-0xf01cafff]
[    1.215120] pci 0000:00:15.0: [1022:43a0] type 01 class 0x060400
[    1.215758] pci 0000:00:15.0: enabling Extended Tags
[    1.216780] pci 0000:00:15.0: supports D1 D2
[    1.219088] pci 0000:00:15.1: [1022:43a1] type 01 class 0x060400
[    1.219762] pci 0000:00:15.1: enabling Extended Tags
[    1.220780] pci 0000:00:15.1: supports D1 D2
[    1.222160] pci 0000:00:15.2: [1022:43a2] type 01 class 0x060400
[    1.222758] pci 0000:00:15.2: enabling Extended Tags
[    1.223779] pci 0000:00:15.2: supports D1 D2
[    1.224889] pci 0000:00:16.0: [1022:7807] type 00 class 0x0c0310
[    1.225743] pci 0000:00:16.0: reg 0x10: [mem 0xf01cb000-0xf01cbfff]
[    1.227122] pci 0000:00:16.2: [1022:7808] type 00 class 0x0c0320
[    1.227743] pci 0000:00:16.2: reg 0x10: [mem 0xf01cf000-0xf01cf0ff]
[    1.228803] pci 0000:00:16.2: supports D1 D2
[    1.229732] pci 0000:00:16.2: PME# supported from D0 D1 D2 D3hot
[    1.231837] pci 0000:00:18.0: [1022:1400] type 00 class 0x060000
[    1.233810] pci 0000:00:18.1: [1022:1401] type 00 class 0x060000
[    1.235795] pci 0000:00:18.2: [1022:1402] type 00 class 0x060000
[    1.237786] pci 0000:00:18.3: [1022:1403] type 00 class 0x060000
[    1.239955] pci 0000:00:18.4: [1022:1404] type 00 class 0x060000
[    1.240871] pci 0000:00:18.5: [1022:1405] type 00 class 0x060000
[    1.241882] pci_bus 0000:01: extended config space not accessible
[    1.242836] pci 0000:00:14.4: PCI bridge to [bus 01] (subtractive decode)
[    1.243741] pci 0000:00:14.4:   bridge window [io  0x0000-0x0cf7 window] (subtractive decode)
[    1.244734] pci 0000:00:14.4:   bridge window [io  0x0d00-0xffff window] (subtractive decode)
[    1.245734] pci 0000:00:14.4:   bridge window [mem 0x000a0000-0x000dffff] (subtractive decode)
[    1.246735] pci 0000:00:14.4:   bridge window [mem 0x80000000-0xffffffff] (subtractive decode)
[    1.247822] pci 0000:00:15.0: PCI bridge to [bus 02]
[    1.249820] pci 0000:03:00.0: [1b21:1042] type 00 class 0x0c0330
[    1.250766] pci 0000:03:00.0: reg 0x10: [mem 0xf0000000-0xf0007fff 64bit]
[    1.251922] pci 0000:03:00.0: PME# supported from D3hot D3cold
[    1.252773] pci 0000:03:00.0: 2.000 Gb/s available PCIe bandwidth, limited by 2.5 GT/s PCIe x1 link at 0000:00:15.1 (capable of 4.000 Gb/s with 5.0 GT/s PCIe x1 link)
[    1.256797] pci 0000:00:15.1: PCI bridge to [bus 03]
[    1.257744] pci 0000:00:15.1:   bridge window [mem 0xf0000000-0xf00fffff]
[    1.258762] pci 0000:00:15.2: bridge configuration invalid ([bus 00-00]), reconfiguring
[    1.259899] pci 0000:04:00.0: [10ec:8168] type 00 class 0x020000
[    1.260751] pci 0000:04:00.0: reg 0x10: [io  0x0000-0x00ff]
[    1.261751] pci 0000:04:00.0: reg 0x18: [mem 0x00000000-0x00000fff 64bit pref]
[    1.262744] pci 0000:04:00.0: reg 0x20: [mem 0x00000000-0x00003fff 64bit pref]
[    1.263849] pci 0000:04:00.0: supports D1 D2
[    1.264732] pci 0000:04:00.0: PME# supported from D0 D1 D2 D3hot D3cold
[    1.268803] pci 0000:00:15.2: PCI bridge to [bus 04-ff]
[    1.269743] pci 0000:00:15.2:   bridge window [io  0x0000-0x0fff]
[    1.270738] pci 0000:00:15.2:   bridge window [mem 0x00000000-0x000fffff]
[    1.271735] pci 0000:00:15.2:   bridge window [mem 0x00000000-0x000fffff 64bit pref]
[    1.272733] pci_bus 0000:04: busn_res: [bus 04-ff] end is updated to 04
[    1.275186] ACPI: PCI: Interrupt link INTA configured for IRQ 0
[    1.275997] ACPI: PCI: Interrupt link INTB configured for IRQ 0
[    1.276993] ACPI: PCI: Interrupt link INTC configured for IRQ 0
[    1.277992] ACPI: PCI: Interrupt link INTD configured for IRQ 0
[    1.278994] ACPI: PCI: Interrupt link INTE configured for IRQ 0
[    1.279991] ACPI: PCI: Interrupt link INTF configured for IRQ 0
[    1.280989] ACPI: PCI: Interrupt link INTG configured for IRQ 0
[    1.281998] ACPI: PCI: Interrupt link INTH configured for IRQ 0
[    1.283250] iommu: Default domain type: Translated
[    1.283732] iommu: DMA domain TLB invalidation policy: lazy mode
[    1.285185] SCSI subsystem initialized
[    1.285863] ACPI: bus type USB registered
[    1.289803] usbcore: registered new interface driver usbfs
[    1.295769] usbcore: registered new interface driver hub
[    1.300755] usbcore: registered new device driver usb
[    1.306838] PCI: Using ACPI for IRQ routing
[    1.309164] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0
[    1.313742] hpet0: 3 comparators, 32-bit 14.318180 MHz counter
[    1.321802] clocksource: Switched to clocksource tsc-early
[    1.371845] VFS: Disk quotas dquot_6.6.0
[    1.375658] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[    1.382687] pnp: PnP ACPI init
[    1.386173] system 00:00: [mem 0xfec10002-0xfec11001] has been reserved
[    1.393352] pnp: PnP ACPI: found 2 devices
[    1.407960] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns
[    1.416884] NET: Registered PF_INET protocol family
[    1.421743] IP idents hash table entries: 65536 (order: 7, 524288 bytes, linear)
[    1.430490] tcp_listen_portaddr_hash hash table entries: 2048 (order: 3, 32768 bytes, linear)
[    1.438863] TCP established hash table entries: 32768 (order: 6, 262144 bytes, linear)
[    1.446789] TCP bind hash table entries: 32768 (order: 7, 524288 bytes, linear)
[    1.454106] TCP: Hash tables configured (established 32768 bind 32768)
[    1.460581] UDP hash table entries: 2048 (order: 4, 65536 bytes, linear)
[    1.467198] UDP-Lite hash table entries: 2048 (order: 4, 65536 bytes, linear)
[    1.474419] NET: Registered PF_UNIX/PF_LOCAL protocol family
[    1.479958] pci 0000:00:15.2: BAR 15: assigned [mem 0x80000000-0x800fffff 64bit pref]
[    1.487717] pci 0000:00:15.2: BAR 13: assigned [io  0x2000-0x2fff]
[    1.493873] pci 0000:00:14.4: PCI bridge to [bus 01]
[    1.498818] pci 0000:00:15.0: PCI bridge to [bus 02]
[    1.503756] pci 0000:00:15.1: PCI bridge to [bus 03]
[    1.508690] pci 0000:00:15.1:   bridge window [mem 0xf0000000-0xf00fffff]
[    1.515459] pci 0000:04:00.0: BAR 4: assigned [mem 0x80000000-0x80003fff 64bit pref]
[    1.523173] pci 0000:04:00.0: BAR 2: assigned [mem 0x80004000-0x80004fff 64bit pref]
[    1.530884] pci 0000:04:00.0: BAR 0: assigned [io  0x2000-0x20ff]
[    1.536945] pci 0000:00:15.2: PCI bridge to [bus 04]
[    1.541881] pci 0000:00:15.2:   bridge window [io  0x2000-0x2fff]
[    1.547951] pci 0000:00:15.2:   bridge window [mem 0x80000000-0x800fffff 64bit pref]
[    1.555665] pci_bus 0000:00: resource 4 [io  0x0000-0x0cf7 window]
[    1.561813] pci_bus 0000:00: resource 5 [io  0x0d00-0xffff window]
[    1.567973] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000dffff]
[    1.574209] pci_bus 0000:00: resource 7 [mem 0x80000000-0xffffffff]
[    1.580448] pci_bus 0000:01: resource 4 [io  0x0000-0x0cf7 window]
[    1.586600] pci_bus 0000:01: resource 5 [io  0x0d00-0xffff window]
[    1.592751] pci_bus 0000:01: resource 6 [mem 0x000a0000-0x000dffff]
[    1.598992] pci_bus 0000:01: resource 7 [mem 0x80000000-0xffffffff]
[    1.605232] pci_bus 0000:03: resource 1 [mem 0xf0000000-0xf00fffff]
[    1.611472] pci_bus 0000:04: resource 0 [io  0x2000-0x2fff]
[    1.617018] pci_bus 0000:04: resource 2 [mem 0x80000000-0x800fffff 64bit pref]
[    1.624411] pci 0000:00:01.1: D0 power state depends on 0000:00:01.0
[    1.632275] pci 0000:00:12.2: PME# does not work under D3, disabling it
[    1.640391] pci 0000:00:13.2: PME# does not work under D3, disabling it
[    1.649255] pci 0000:00:16.2: PME# does not work under D3, disabling it
[    1.656376] PCI: CLS 64 bytes, default 64
[    1.660232] pci 0000:00:00.2: AMD-Vi: Applying erratum 746 workaround
[    1.667187] pci 0000:00:01.0: Adding to iommu group 0
[    1.672100] pci 0000:00:01.1: Adding to iommu group 0
[    1.677144] pci 0000:00:11.0: Adding to iommu group 1
[    1.682175] pci 0000:00:12.0: Adding to iommu group 2
[    1.687182] pci 0000:00:12.2: Adding to iommu group 2
[    1.692229] pci 0000:00:13.0: Adding to iommu group 3
[    1.697229] pci 0000:00:13.2: Adding to iommu group 3
[    1.702287] pci 0000:00:14.0: Adding to iommu group 4
[    1.707284] pci 0000:00:14.2: Adding to iommu group 4
[    1.712313] pci 0000:00:14.3: Adding to iommu group 4
[    1.717354] pci 0000:00:14.4: Adding to iommu group 5
[    1.722381] pci 0000:00:14.5: Adding to iommu group 6
[    1.727417] pci 0000:00:15.0: Adding to iommu group 7
[    1.732415] pci 0000:00:15.1: Adding to iommu group 7
[    1.737440] pci 0000:00:15.2: Adding to iommu group 7
[    1.742494] pci 0000:00:16.0: Adding to iommu group 8
[    1.747495] pci 0000:00:16.2: Adding to iommu group 8
[    1.752568] pci 0000:00:18.0: Adding to iommu group 9
[    1.757592] pci 0000:00:18.1: Adding to iommu group 9
[    1.762589] pci 0000:00:18.2: Adding to iommu group 9
[    1.767602] pci 0000:00:18.3: Adding to iommu group 9
[    1.772628] pci 0000:00:18.4: Adding to iommu group 9
[    1.777655] pci 0000:00:18.5: Adding to iommu group 9
[    1.782676] pci 0000:03:00.0: Adding to iommu group 7
[    1.787700] pci 0000:04:00.0: Adding to iommu group 7
[    1.798965] pci 0000:00:00.2: AMD-Vi: Found IOMMU cap 0x40
[    1.804285] AMD-Vi: Extended features (0x800000853): PreF PPR GT IA
[    1.810519] AMD-Vi: Interrupt remapping enabled
[    1.815289] software IO TLB: tearing down default memory pool
[    1.822761] LVT offset 0 assigned for vector 0x400
[    1.827420] perf: AMD IBS detected (0x000000ff)
[    1.831898] amd_uncore: 4  amd_nb counters detected
[    1.838510] workingset: timestamp_bits=37 max_order=20 bucket_order=0
[    1.853300] zbud: loaded
[    1.857675] NET: Registered PF_ALG protocol family
[    1.862300] Key type asymmetric registered
[    1.866366] Asymmetric key parser 'x509' registered
[    1.871616] alg: self-tests disabled
[    1.875113] alg: self-tests for CTR-KDF (hmac(sha256)) passed
[    1.880803] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 251)
[    1.888175] io scheduler mq-deadline registered
[    1.892635] io scheduler kyber registered
[    1.897985] pcieport 0000:00:15.0: PME: Signaling with IRQ 25
[    1.903914] pcieport 0000:00:15.1: PME: Signaling with IRQ 26
[    1.909613] pcieport 0000:00:15.2: enabling device (0000 -> 0003)
[    1.916124] pcieport 0000:00:15.2: PME: Signaling with IRQ 27
[    1.922195] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[    1.930071] ACPI: button: Power Button [PWRF]
[    1.934387] ACPI: \_SB_.P000: Found 2 idle states
[    1.939241] ACPI: \_SB_.P001: Found 2 idle states
[    1.946058] thermal LNXTHERM:00: registered as thermal_zone0
[    1.951548] ACPI: thermal: Thermal Zone [TZ00] (14 C)
[    1.956855] Serial: 8250/16550 driver, 32 ports, IRQ sharing disabled
[    1.963263] serial8250: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[    1.975793] Non-volatile memory driver v1.3
[    1.979890] AMD-Vi: AMD IOMMUv2 loaded and initialized
[    1.984960] ACPI: bus type drm_connector registered
[    1.990876] ahci 0000:00:11.0: AHCI 0001.0300 32 slots 8 ports 6 Gbps 0x40 impl SATA mode
[    1.998881] ahci 0000:00:11.0: flags: 64bit ncq sntf ilck led clo pio
[    2.008225] scsi host0: ahci
[    2.011524] scsi host1: ahci
[    2.014675] scsi host2: ahci
[    2.017851] scsi host3: ahci
[    2.021012] scsi host4: ahci
[    2.024163] scsi host5: ahci
[    2.027319] scsi host6: ahci
[    2.030470] scsi host7: ahci
[    2.033435] ata1: DUMMY
[    2.035715] ata2: DUMMY
[    2.038140] ata3: DUMMY
[    2.040566] ata4: DUMMY
[    2.042994] ata5: DUMMY
[    2.045420] ata6: DUMMY
[    2.047848] ata7: SATA max UDMA/133 abar m2048@0xf01cc000 port 0xf01cc400 irq 19
[    2.055212] ata8: DUMMY
[    2.058300] i8042: PNP: No PS/2 controller found.
[    2.062833] i8042: Probing ports directly.
[    2.069266] serio: i8042 KBD port at 0x60,0x64 irq 1
[    2.074149] serio: i8042 AUX port at 0x60,0x64 irq 12
[    2.079306] mousedev: PS/2 mouse device common for all mice
[    2.084831] rtc_cmos 00:01: RTC can wake from S4
[    2.089314] ata7: SATA link up 6.0 Gbps (SStatus 133 SControl 300)
[    2.092537] rtc_cmos 00:01: registered as rtc0
[    2.099899] rtc_cmos 00:01: setting system clock to 2022-03-26T07:21:53 UTC (1648279313)
[    2.100351] ata7.00: ATA-9: SanDisk SDSSDP064G, 2.0.0, max UDMA/133
[    2.108420] rtc_cmos 00:01: alarms up to one day, y3k, 114 bytes nvram, hpet irqs
[    2.114174] ata7.00: 125045424 sectors, multi 1: LBA48 NCQ (depth 32)
[    2.122522] device-mapper: uevent: version 1.0.3
[    2.128480] ata7.00: configured for UDMA/133
[    2.134230] device-mapper: ioctl: 4.46.0-ioctl (2022-02-22) initialised: dm-devel@redhat.com
[    2.138474] scsi 6:0:0:0: Direct-Access     ATA      SanDisk SDSSDP06 0    PQ: 0 ANSI: 5
[    2.151796] [drm] Initialized simpledrm 1.0.0 20200625 for simple-framebuffer.0 on minor 0
[    2.160232] sd 6:0:0:0: [sda] 125045424 512-byte logical blocks: (64.0 GB/59.6 GiB)
[    2.169260] sd 6:0:0:0: [sda] Write Protect is off
[    2.169291] sd 6:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[    2.171394]  sda: sda1 sda2 sda3
[    2.172742] sd 6:0:0:0: [sda] Attached SCSI disk
[    2.175319] Console: switching to colour frame buffer device 160x64
[    2.209174] simple-framebuffer simple-framebuffer.0: [drm] fb0: simpledrmdrmfb frame buffer device
[    2.218168] hid: raw HID events driver (C) Jiri Kosina
[    2.223329] usbcore: registered new interface driver usbhid
[    2.228751] usbhid: USB HID core driver
[    2.232686] Initializing XFRM netlink socket
[    2.236865] NET: Registered PF_PACKET protocol family
[    2.241856] x86/pm: family 0x15 cpu detected, MSR saving is needed during suspending.
[    2.250080] microcode: CPU0: patch_level=0x0600111f
[    2.254811] microcode: CPU1: patch_level=0x0600111f
[    2.259766] microcode: Microcode Update Driver: v2.2.
[    2.259772] IPI shorthand broadcast: enabled
[    2.269020] AVX version of gcm_enc/dec engaged.
[    2.273473] AES CTR mode by8 optimization enabled
[    2.278572] sched_clock: Marking stable (2206697152, 71847787)->(2982716542, -704171603)
[    2.286945] registered taskstats version 1
[    2.291176] zswap: loaded using pool lzo/zbud
[    2.295642] kmemleak: Kernel memory leak detector initialized (mem pool available: 15686)
[    2.295643] kmemleak: Automatic memory scanning thread started
[    2.309473] debug_vm_pgtable: [debug_vm_pgtable         ]: Validating architecture page table helpers
[    2.322436] Key type encrypted registered
[    2.328862] PM:   Magic number: 14:498:370
[    2.343191] EXT4-fs (sda3): mounted filesystem with ordered data mode. Quota mode: none.
[    2.351281] VFS: Mounted root (ext4 filesystem) on device 8:3.
[    2.359035] devtmpfs: mounted
[    2.365586] Freeing unused kernel image (initmem) memory: 1700K
[    2.377082] Write protecting the kernel read-only data: 20480k
[    2.383420] Freeing unused kernel image (text/rodata gap) memory: 2040K
[    2.390478] Freeing unused kernel image (rodata/data gap) memory: 1788K
[    2.435403] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[    2.441697] rodata_test: all tests were successful
[    2.446457] Run /sbin/init as init process
[    2.493871] random: fast init done
[    2.613753] tsc: Refined TSC clocksource calibration: 3900.223 MHz
[    2.619787] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x70705a6472c, max_idle_ns: 881590586812 ns
[    2.629760] clocksource: Switched to clocksource tsc
[    2.629884] systemd[1]: Inserted module 'autofs4'
[    2.656655] NET: Registered PF_INET6 protocol family
[    2.664239] Segment Routing with IPv6
[    2.669173] In-situ OAM (IOAM) with IPv6
[    2.693969] systemd[1]: systemd 250.4-1 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS -OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[    2.741962] systemd[1]: Detected architecture x86-64.
[    2.757159] systemd[1]: Hostname set to <kodi>.
[    2.943635] systemd[1]: Queued start job for default target Graphical Interface.
[    2.955148] random: systemd: uninitialized urandom read (16 bytes read)
[    2.966884] systemd[1]: Created slice Slice /system/getty.
[    2.976397] random: systemd: uninitialized urandom read (16 bytes read)
[    2.988019] systemd[1]: Created slice Slice /system/modprobe.
[    2.997622] random: systemd: uninitialized urandom read (16 bytes read)
[    3.008156] systemd[1]: Created slice User and Session Slice.
[    3.018056] systemd[1]: Started Dispatch Password Requests to Console Directory Watch.
[    3.029845] systemd[1]: Started Forward Password Requests to Wall Directory Watch.
[    3.043172] systemd[1]: Set up automount Arbitrary Executable File Formats File System Automount Point.
[    3.056153] systemd[1]: Reached target Local Encrypted Volumes.
[    3.065870] systemd[1]: Reached target Local Integrity Protected Volumes.
[    3.076538] systemd[1]: Reached target Path Units.
[    3.085289] systemd[1]: Reached target Remote File Systems.
[    3.094533] systemd[1]: Reached target Slice Units.
[    3.103663] systemd[1]: Reached target Swaps.
[    3.112360] systemd[1]: Reached target Local Verity Protected Volumes.
[    3.123358] systemd[1]: Listening on fsck to fsckd communication Socket.
[    3.134286] systemd[1]: Listening on initctl Compatibility Named Pipe.
[    3.145793] systemd[1]: Listening on Journal Audit Socket.
[    3.156155] systemd[1]: Listening on Journal Socket (/dev/log).
[    3.166600] systemd[1]: Listening on Journal Socket.
[    3.175915] systemd[1]: Listening on Network Service Netlink Socket.
[    3.188065] systemd[1]: Listening on udev Control Socket.
[    3.197963] systemd[1]: Listening on udev Kernel Socket.
[    3.212376] systemd[1]: Mounting Huge Pages File System...
[    3.227654] systemd[1]: Mounting POSIX Message Queue File System...
[    3.245168] systemd[1]: Mounting Kernel Debug File System...
[    3.262190] systemd[1]: Mounting Kernel Trace File System...
[    3.278993] systemd[1]: Starting Create List of Static Device Nodes...
[    3.296927] systemd[1]: Starting Load Kernel Module configfs...
[    3.313845] systemd[1]: Starting Load Kernel Module drm...
[    3.328940] systemd[1]: Starting Load Kernel Module fuse...
[    3.341538] systemd[1]: File System Check on Root Device was skipped because of a failed condition check (ConditionPathIsReadWrite=!/).
[    3.357262] systemd[1]: Reached target Local File Systems.
[    3.369657] systemd[1]: Load AppArmor profiles was skipped because of a failed condition check (ConditionSecurity=apparmor).
[    3.382698] fuse: init (API version 7.36)
[    3.390523] systemd[1]: Set Up Additional Binary Formats was skipped because all trigger condition checks failed.
[    3.406935] systemd[1]: Starting Journal Service...
[    3.421570] systemd[1]: Platform Persistent Storage Archival was skipped because of a failed condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
[    3.441220] systemd[1]: Starting Load/Save Random Seed...
[    3.462949] systemd[1]: Repartition Root Disk was skipped because all trigger condition checks failed.
[    3.479726] systemd[1]: Starting Apply Kernel Variables...
[    3.515787] systemd[1]: Starting Create System Users...
[    3.545008] systemd[1]: Starting Coldplug All udev Devices...
[    3.579551] systemd[1]: Mounted Huge Pages File System.
[    3.604932] systemd[1]: Mounted POSIX Message Queue File System.
[    3.630663] systemd[1]: Mounted Kernel Debug File System.
[    3.654502] systemd[1]: Started Journal Service.
[    3.767044] systemd-journald[135]: Received client request to flush runtime journal.
[    4.112749] random: crng init done
[    4.112752] random: 7 urandom warning(s) missed due to ratelimiting
[    4.182218] acpi_cpufreq: overriding BIOS provided _PSD data
[    4.415113] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[    4.427993] piix4_smbus 0000:00:14.0: SMBus Host Controller at 0xb00, revision 0
[    4.456244] piix4_smbus 0000:00:14.0: Using register 0x2e for SMBus port selection
[    4.469318] piix4_smbus 0000:00:14.0: Auxiliary SMBus Host Controller at 0xb20
[    4.497419] ehci-pci: EHCI PCI platform driver
[    4.524481] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[    4.537220] sd 6:0:0:0: Attached scsi generic sg0 type 0
[    4.593399] ehci-pci 0000:00:12.2: EHCI Host Controller
[    4.607088] ehci-pci 0000:00:12.2: new USB bus registered, assigned bus number 1
[    4.618617] ehci-pci 0000:00:12.2: applying AMD SB700/SB800/Hudson-2/3 EHCI dummy qh workaround
[    4.650440] ehci-pci 0000:00:12.2: debug port 1
[    4.655138] ehci-pci 0000:00:12.2: irq 17, io mem 0xf01cd000
[    4.663657] r8169 0000:04:00.0: enabling device (0000 -> 0003)
[    4.669836] ehci-pci 0000:00:12.2: USB 2.0 started, EHCI 1.00
[    4.677473] snd_hda_intel 0000:00:01.1: Force to non-snoop mode
[    4.697470] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 5.17
[    4.709404] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    4.721316] r8169 0000:04:00.0 eth0: RTL8168f/8111f, 08:60:6e:74:7a:51, XID 480, IRQ 28
[    4.732012] r8169 0000:04:00.0 eth0: jumbo features [frames: 9194 bytes, tx checksumming: ko]
[    4.749683] usb usb1: Product: EHCI Host Controller
[    4.754987] usb usb1: Manufacturer: Linux 5.17.0-10753-g1b351a77ed33 ehci_hcd
[    4.768128] input: HDA ATI HDMI HDMI/DP,pcm=3 as /devices/pci0000:00/0000:00:01.1/sound/card0/input1
[    4.780373] snd_hda_codec_realtek hdaudioC1D0: ALC892: SKU not ready 0x00000100
[    4.789555] input: HDA ATI HDMI HDMI/DP,pcm=7 as /devices/pci0000:00/0000:00:01.1/sound/card0/input2
[    4.800117] snd_hda_codec_realtek hdaudioC1D0: autoconfig for ALC892: line_outs=4 (0x14/0x16/0x15/0x17/0x0) type:line
[    4.812869] snd_hda_codec_realtek hdaudioC1D0:    speaker_outs=0 (0x0/0x0/0x0/0x0/0x0)
[    4.822890] snd_hda_codec_realtek hdaudioC1D0:    hp_outs=1 (0x1b/0x0/0x0/0x0/0x0)
[    4.832708] snd_hda_codec_realtek hdaudioC1D0:    mono: mono_out=0x0
[    4.839468] snd_hda_codec_realtek hdaudioC1D0:    dig-out=0x1e/0x0
[    4.847119] snd_hda_codec_realtek hdaudioC1D0:    inputs:
[    4.854013] snd_hda_codec_realtek hdaudioC1D0:      Rear Mic=0x18
[    4.861823] snd_hda_codec_realtek hdaudioC1D0:      Front Mic=0x19
[    4.869012] snd_hda_codec_realtek hdaudioC1D0:      Line=0x1a
[    4.876398] snd_hda_codec_realtek hdaudioC1D0:      CD=0x1c
[    4.882989] usb usb1: SerialNumber: 0000:00:12.2
[    4.895133] hub 1-0:1.0: USB hub found
[    4.899120] hub 1-0:1.0: 5 ports detected
[    4.924683] input: HD-Audio Generic Rear Mic as /devices/pci0000:00/0000:00:14.2/sound/card1/input3
[    4.941274] input: HD-Audio Generic Front Mic as /devices/pci0000:00/0000:00:14.2/sound/card1/input4
[    4.958898] xhci_hcd 0000:03:00.0: xHCI Host Controller
[    4.959343] input: HD-Audio Generic Line as /devices/pci0000:00/0000:00:14.2/sound/card1/input5
[    4.965669] xhci_hcd 0000:03:00.0: new USB bus registered, assigned bus number 2
[    4.990991] input: HD-Audio Generic Line Out Front as /devices/pci0000:00/0000:00:14.2/sound/card1/input6
[    5.000899] input: HD-Audio Generic Line Out Surround as /devices/pci0000:00/0000:00:14.2/sound/card1/input7
[    5.012985] input: HD-Audio Generic Line Out CLFE as /devices/pci0000:00/0000:00:14.2/sound/card1/input8
[    5.026076] input: HD-Audio Generic Line Out Side as /devices/pci0000:00/0000:00:14.2/sound/card1/input9
[    5.037967] input: HD-Audio Generic Front Headphone as /devices/pci0000:00/0000:00:14.2/sound/card1/input10
[    5.048428] xhci_hcd 0000:03:00.0: hcc params 0x0200f180 hci version 0x96 quirks 0x0000000000080000
[    5.066990] usb usb2: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 5.17
[    5.077403] [drm] radeon kernel modesetting enabled.
[    5.082371] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    5.089932] usb usb2: Product: xHCI Host Controller
[    5.094975] usb usb2: Manufacturer: Linux 5.17.0-10753-g1b351a77ed33 xhci-hcd
[    5.102256] usb usb2: SerialNumber: 0000:03:00.0
[    5.108893] Console: switching to colour dummy device 80x25
[    5.121355] hub 2-0:1.0: USB hub found
[    5.125181] hub 2-0:1.0: 2 ports detected
[    5.131232] ehci-pci 0000:00:13.2: EHCI Host Controller
[    5.133289] xhci_hcd 0000:03:00.0: xHCI Host Controller
[    5.144669] ehci-pci 0000:00:13.2: new USB bus registered, assigned bus number 3
[    5.153043] page:00000000ac362866 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103000
[    5.169781] xhci_hcd 0000:03:00.0: new USB bus registered, assigned bus number 4
[    5.177118] head:00000000ac362866 order:0 compound_mapcount:-6977 compound_pincount:0
[    5.185195] xhci_hcd 0000:03:00.0: Host supports USB 3.0 SuperSpeed
[    5.191856] flags: 0x2fffc000010000(head|node=0|zone=2|lastcpupid=0x3fff)
[    5.198541] ehci-pci 0000:00:13.2: applying AMD SB700/SB800/Hudson-2/3 EHCI dummy qh workaround
[    5.207435] ehci-pci 0000:00:13.2: debug port 1
[    5.233827] ehci-pci 0000:00:13.2: irq 17, io mem 0xf01ce000
[    5.240193] raw: 002fffc000010000 ffffe4be840c0008 ffffe4be840c0008 0000000000000000
[    5.246216] usb usb4: We don't know the algorithms for LPM for this host, disabling LPM.
[    5.256996] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[    5.269582] page dumped because: VM_BUG_ON_PAGE(compound && compound_order(page) != order)
[    5.279507] ------------[ cut here ]------------
[    5.286406] kernel BUG at mm/page_alloc.c:1326!
[    5.291814] invalid opcode: 0000 [#1] PREEMPT SMP
[    5.296350] CPU: 0 PID: 167 Comm: systemd-udevd Not tainted 5.17.0-10753-g1b351a77ed33 #300
[    5.304670] Hardware name: ASUS F2A85-M_PRO/F2A85-M_PRO, BIOS 4.16-337-gb87986e67b 03/25/2022
[    5.313163] RIP: 0010:free_pcp_prepare+0x295/0x400
[    5.317930] Code: 00 01 00 75 0b 48 8b 45 08 45 31 ff a8 01 74 4b 48 8b 45 00 a9 00 00 01 00 75 22 48 c7 c6 68 30 11 96 48 89 ef e8 cb 29 fd ff <0f> 0b 48 89 ef 41 83 c6 01 e8 bd f5 ff ff e9 2e fe ff ff 0f 1f 44
[    5.336650] RSP: 0018:ffffa6634062f9c0 EFLAGS: 00010246
[    5.341849] RAX: 000000000000004e RBX: ffffe4be80000000 RCX: 0000000000000000
[    5.348957] RDX: 0000000000000000 RSI: ffffffff96136a37 RDI: 00000000ffffffff
[    5.356063] RBP: ffffe4be840c0000 R08: 0000000000000000 R09: 00000000ffffdfff
[    5.363170] R10: ffffa6634062f7f0 R11: ffffffff9652c4a8 R12: 0000000000000000
[    5.370277] R13: 0000000000000009 R14: ffff91fd02ebc640 R15: ffffe4be840c0000
[    5.377384] FS:  0000000000000000(0000) GS:ffff91fd7b400000(0063) knlGS:00000000f7eea800
[    5.385443] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[    5.391164] CR2: 00000000f6f0e840 CR3: 0000000106b60000 CR4: 00000000000406f0
[    5.398272] Call Trace:
[    5.400697]  <TASK>
[    5.402778]  free_unref_page+0x1b/0xf0
[    5.406505]  __vunmap+0x216/0x2c0
[    5.409798]  drm_fbdev_cleanup+0x5f/0xb0
[    5.413698]  drm_fbdev_fb_destroy+0x15/0x30
[    5.417857]  unregister_framebuffer+0x2c/0x40
[    5.422191]  drm_client_dev_unregister+0x69/0xe0
[    5.422962] usb usb4: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 5.17
[    5.426784]  drm_dev_unregister+0x2e/0x80
[    5.439005]  drm_dev_unplug+0x21/0x40
[    5.442645]  simpledrm_remove+0x11/0x20
[    5.446458]  platform_remove+0x1f/0x40
[    5.450185]  __device_release_driver+0x17a/0x250
[    5.454779]  device_release_driver+0x24/0x30
[    5.459024]  bus_remove_device+0xd8/0x140
[    5.463012]  device_del+0x18b/0x3f0
[    5.466478]  ? idr_alloc_cyclic+0x50/0xb0
[    5.470466]  platform_device_del.part.0+0x13/0x70
[    5.475146]  platform_device_unregister+0x1c/0x30
[    5.479824]  drm_aperture_detach_drivers+0xa1/0xd0
[    5.484593]  drm_aperture_remove_conflicting_pci_framebuffers+0x3f/0x60
[    5.491179]  radeon_pci_probe+0x54/0xf0 [radeon]
[    5.495773]  local_pci_probe+0x45/0x80
[    5.499499]  ? pci_match_device+0xd7/0x130
[    5.503572]  pci_device_probe+0xc2/0x1e0
[    5.507474]  really_probe+0x1f5/0x3d0
[    5.511112]  __driver_probe_device+0xfe/0x180
[    5.515446]  driver_probe_device+0x1e/0x90
[    5.519518]  __driver_attach+0xc0/0x1c0
[    5.523332]  ? __device_attach_driver+0xe0/0xe0
[    5.527839]  ? __device_attach_driver+0xe0/0xe0
[    5.532346]  bus_for_each_dev+0x78/0xc0
[    5.536159]  bus_add_driver+0x149/0x1e0
[    5.539973]  driver_register+0x8f/0xe0
[    5.543699]  ? 0xffffffffc0741000
[    5.546992]  do_one_initcall+0x44/0x200
[    5.550806]  ? kmem_cache_alloc_trace+0x170/0x2c0
[    5.555487]  do_init_module+0x4c/0x240
[    5.559213]  __do_sys_finit_module+0xb4/0x120
[    5.563547]  __do_fast_syscall_32+0x6b/0xe0
[    5.567706]  do_fast_syscall_32+0x2f/0x70
[    5.571693]  entry_SYSCALL_compat_after_hwframe+0x45/0x4d
[    5.577067] RIP: 0023:0xf7efa549
[    5.580273] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 cd 0f 05 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[    5.582805] usb usb4: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    5.598992] RSP: 002b:00000000ff831c0c EFLAGS: 00200296 ORIG_RAX: 000000000000015e
[    5.598996] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 00000000f7ed9e09
[    5.598998] RDX: 0000000000000000 RSI: 0000000056a5c940 RDI: 0000000056a5c4c0
[    5.598999] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[    5.635047] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[    5.642154] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[    5.649264]  </TASK>
[    5.651427] Modules linked in: crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi radeon(+) r8169 xhci_pci(+) realtek snd_hda_intel drm_ttm_helper snd_intel_dspcfg k10temp snd_hda_codec ttm snd_hda_core xhci_hcd snd_pcm sg ohci_hcd ehci_pci(+) snd_timer drm_dp_helper snd ehci_hcd soundcore i2c_piix4 acpi_cpufreq coreboot_table fuse ipv6 autofs4
[    5.690975] r8169 0000:04:00.0 enp4s0: renamed from eth0
[    5.691589] ---[ end trace 0000000000000000 ]---
[    5.704791] RIP: 0010:free_pcp_prepare+0x295/0x400
[    5.709784] Code: 00 01 00 75 0b 48 8b 45 08 45 31 ff a8 01 74 4b 48 8b 45 00 a9 00 00 01 00 75 22 48 c7 c6 68 30 11 96 48 89 ef e8 cb 29 fd ff <0f> 0b 48 89 ef 41 83 c6 01 e8 bd f5 ff ff e9 2e fe ff ff 0f 1f 44
[    5.731535] RSP: 0018:ffffa6634062f9c0 EFLAGS: 00010246
[    5.752988] usb usb4: Product: xHCI Host Controller
[    5.758571] usb usb4: Manufacturer: Linux 5.17.0-10753-g1b351a77ed33 xhci-hcd
[    5.767096] usb usb4: SerialNumber: 0000:03:00.0
[    5.772213] hub 4-0:1.0: USB hub found
[    5.782383] hub 4-0:1.0: 2 ports detected
[    5.799251] RAX: 000000000000004e RBX: ffffe4be80000000 RCX: 0000000000000000
[    5.810470] RDX: 0000000000000000 RSI: ffffffff96136a37 RDI: 00000000ffffffff
[    5.817561] RBP: ffffe4be840c0000 R08: 0000000000000000 R09: 00000000ffffdfff
[    5.824680] R10: ffffa6634062f7f0 R11: ffffffff9652c4a8 R12: 0000000000000000
[    5.831739] R13: 0000000000000009 R14: ffff91fd02ebc640 R15: ffffe4be840c0000
[    5.839445] FS:  0000000000000000(0000) GS:ffff91fd7b500000(0063) knlGS:00000000f7eea800
[    5.847905] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[    5.854025] CR2: 000000005664d26c CR3: 0000000106b60000 CR4: 00000000000406e0
[    5.889718] r8169 0000:04:00.0: Direct firmware load for rtl_nic/rtl8168f-1.fw failed with error -2
[    5.907000] r8169 0000:04:00.0: Unable to load firmware rtl_nic/rtl8168f-1.fw (-2)
[    5.917465] RTL8211E Gigabit Ethernet r8169-0-400:00: attached PHY driver (mii_bus:phy_addr=r8169-0-400:00, irq=MAC)
[    5.956742] r8169 0000:04:00.0 enp4s0: Link is Down
[    6.108822] ehci-pci 0000:00:13.2: USB 2.0 started, EHCI 1.00
[    6.114950] usb usb3: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 5.17
[    6.123049] usb usb3: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    6.130245] usb usb3: Product: EHCI Host Controller
[    6.135099] usb usb3: Manufacturer: Linux 5.17.0-10753-g1b351a77ed33 ehci_hcd
[    6.142205] usb usb3: SerialNumber: 0000:00:13.2
[    6.147701] hub 3-0:1.0: USB hub found
[    6.151375] hub 3-0:1.0: 5 ports detected
[    6.158196] ehci-pci 0000:00:16.2: EHCI Host Controller
[    6.163293] ehci-pci 0000:00:16.2: new USB bus registered, assigned bus number 5
[    6.170659] ehci-pci 0000:00:16.2: applying AMD SB700/SB800/Hudson-2/3 EHCI dummy qh workaround
[    6.180068] ehci-pci 0000:00:16.2: debug port 1
[    6.184615] ehci-pci 0000:00:16.2: irq 17, io mem 0xf01cf000
[    6.868773] ehci-pci 0000:00:16.2: USB 2.0 started, EHCI 1.00
[    6.875840] usb usb5: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 5.17
[    6.886391] usb usb5: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    6.893880] usb usb5: Product: EHCI Host Controller
[    6.898922] usb usb5: Manufacturer: Linux 5.17.0-10753-g1b351a77ed33 ehci_hcd
[    6.906081] usb usb5: SerialNumber: 0000:00:16.2
[    6.911908] hub 5-0:1.0: USB hub found
[    6.915546] hub 5-0:1.0: 4 ports detected
[    6.922665] ohci-pci: OHCI PCI platform driver
[    6.933142] ohci-pci 0000:00:12.0: OHCI PCI host controller
[    6.943533] ohci-pci 0000:00:12.0: new USB bus registered, assigned bus number 6
[    6.951503] ohci-pci 0000:00:12.0: irq 18, io mem 0xf01c8000
[    7.013126] usb usb6: New USB device found, idVendor=1d6b, idProduct=0001, bcdDevice= 5.17
[    7.021236] usb usb6: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    7.028474] usb usb6: Product: OHCI PCI host controller
[    7.033651] usb usb6: Manufacturer: Linux 5.17.0-10753-g1b351a77ed33 ohci_hcd
[    7.040748] usb usb6: SerialNumber: 0000:00:12.0
[    7.046162] hub 6-0:1.0: USB hub found
[    7.049818] hub 6-0:1.0: 5 ports detected
[    7.055717] ohci-pci 0000:00:13.0: OHCI PCI host controller
[    7.061186] ohci-pci 0000:00:13.0: new USB bus registered, assigned bus number 7
[    7.068605] ohci-pci 0000:00:13.0: irq 18, io mem 0xf01c9000
[    7.130027] usb usb7: New USB device found, idVendor=1d6b, idProduct=0001, bcdDevice= 5.17
[    7.138129] usb usb7: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    7.145518] usb usb7: Product: OHCI PCI host controller
[    7.150592] usb usb7: Manufacturer: Linux 5.17.0-10753-g1b351a77ed33 ohci_hcd
[    7.157698] usb usb7: SerialNumber: 0000:00:13.0
[    7.163087] hub 7-0:1.0: USB hub found
[    7.166792] hub 7-0:1.0: 5 ports detected
[    7.173069] ohci-pci 0000:00:14.5: OHCI PCI host controller
[    7.178650] ohci-pci 0000:00:14.5: new USB bus registered, assigned bus number 8
[    7.186032] ohci-pci 0000:00:14.5: irq 18, io mem 0xf01ca000
[    7.247120] usb usb8: New USB device found, idVendor=1d6b, idProduct=0001, bcdDevice= 5.17
[    7.255223] usb usb8: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    7.262419] usb usb8: Product: OHCI PCI host controller
[    7.267618] usb usb8: Manufacturer: Linux 5.17.0-10753-g1b351a77ed33 ohci_hcd
[    7.274721] usb usb8: SerialNumber: 0000:00:14.5
[    7.279791] hub 8-0:1.0: USB hub found
[    7.283414] hub 8-0:1.0: 2 ports detected
[    7.288526] ohci-pci 0000:00:16.0: OHCI PCI host controller
[    7.294013] ohci-pci 0000:00:16.0: new USB bus registered, assigned bus number 9
[    7.301408] ohci-pci 0000:00:16.0: irq 18, io mem 0xf01cb000
[    7.363112] usb usb9: New USB device found, idVendor=1d6b, idProduct=0001, bcdDevice= 5.17
[    7.371214] usb usb9: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    7.378408] usb usb9: Product: OHCI PCI host controller
[    7.383604] usb usb9: Manufacturer: Linux 5.17.0-10753-g1b351a77ed33 ohci_hcd
[    7.390709] usb usb9: SerialNumber: 0000:00:16.0
[    7.395307] usb 6-1: new low-speed USB device number 2 using ohci-pci
[    7.399695] hub 9-0:1.0: USB hub found
[    7.405624] hub 9-0:1.0: 4 ports detected
[    7.566965] usb 6-1: New USB device found, idVendor=046d, idProduct=c016, bcdDevice= 3.40
[    7.575032] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[    7.582107] usb 6-1: Product: Optical USB Mouse
[    7.586603] usb 6-1: Manufacturer: Logitech
[    7.598064] input: Logitech Optical USB Mouse as /devices/pci0000:00/0000:00:12.0/usb6/6-1/6-1:1.0/0003:046D:C016.0001/input/input11
[    7.611165] hid-generic 0003:046D:C016.0001: input,hidraw0: USB HID v1.10 Mouse [Logitech Optical USB Mouse] on usb-0000:00:12.0-1/input0
[    8.181822] usb 6-2: new low-speed USB device number 3 using ohci-pci
[    8.353968] usb 6-2: New USB device found, idVendor=413c, idProduct=2106, bcdDevice= 1.01
[    8.362013] usb 6-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[    8.369107] usb 6-2: Product: Dell QuietKey Keyboard
[    8.374039] usb 6-2: Manufacturer: DELL
[    8.387196] input: DELL Dell QuietKey Keyboard as /devices/pci0000:00/0000:00:12.0/usb6/6-2/6-2:1.0/0003:413C:2106.0002/input/input12
[    8.422074] r8169 0000:04:00.0 enp4s0: Link is Up - 1Gbps/Full - flow control rx/tx
[    8.429589] IPv6: ADDRCONF(NETDEV_CHANGE): enp4s0: link becomes ready
[    8.453506] hid-generic 0003:413C:2106.0002: input,hidraw1: USB HID v1.10 Keyboard [DELL Dell QuietKey Keyboard] on usb-0000:00:12.0-2/input0

Chuansheng Liu March 28, 2022, 12:58 a.m. UTC | #5

Hi Paul,

> -----Original Message-----
> From: dri-devel <dri-devel-bounces@lists.freedesktop.org> On Behalf Of Paul
> Menzel
> Sent: Saturday, March 26, 2022 4:11 PM
> To: Liu, Chuansheng <chuansheng.liu@intel.com>
> Cc: linux-fbdev@vger.kernel.org; deller@gmx.de; dri-
> devel@lists.freedesktop.org; tzimmermann@suse.de; jayalk@intworks.biz
> Subject: Re: [PATCH] fbdev: defio: fix the pagelist corruption
> 
> Dear Chuansheng,
> 
> 
> Am 17.03.22 um 06:46 schrieb Chuansheng Liu:
> > Easily hit the below list corruption:
> > ==
> > list_add corruption. prev->next should be next (ffffffffc0ceb090), but
> > was ffffec604507edc8. (prev=ffffec604507edc8).
> > WARNING: CPU: 65 PID: 3959 at lib/list_debug.c:26
> > __list_add_valid+0x53/0x80
> > CPU: 65 PID: 3959 Comm: fbdev Tainted: G     U
> > RIP: 0010:__list_add_valid+0x53/0x80
> > Call Trace:
> >   <TASK>
> >   fb_deferred_io_mkwrite+0xea/0x150
> >   do_page_mkwrite+0x57/0xc0
> >   do_wp_page+0x278/0x2f0
> >   __handle_mm_fault+0xdc2/0x1590
> >   handle_mm_fault+0xdd/0x2c0
> >   do_user_addr_fault+0x1d3/0x650
> >   exc_page_fault+0x77/0x180
> >   ? asm_exc_page_fault+0x8/0x30
> >   asm_exc_page_fault+0x1e/0x30
> > RIP: 0033:0x7fd98fc8fad1
> > ==
> >
> > Figure out the race happens when one process is adding &page->lru into
> > the pagelist tail in fb_deferred_io_mkwrite(), another process is
> > re-initializing the same &page->lru in fb_deferred_io_fault(), which is
> > not protected by the lock.
> >
> > This fix is to init all the page lists one time during initialization,
> > it not only fixes the list corruption, but also avoids INIT_LIST_HEAD()
> > redundantly.
> >
> > Fixes: 105a940416fc ("fbdev/defio: Early-out if page is already
> > enlisted")
> > Cc: Thomas Zimmermann <tzimmermann@suse.de>
> > Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>
> > ---
> >   drivers/video/fbdev/core/fb_defio.c | 9 ++++++++-
> >   1 file changed, 8 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/video/fbdev/core/fb_defio.c
> b/drivers/video/fbdev/core/fb_defio.c
> > index 98b0f23bf5e2..eafb66ca4f28 100644
> > --- a/drivers/video/fbdev/core/fb_defio.c
> > +++ b/drivers/video/fbdev/core/fb_defio.c
> > @@ -59,7 +59,6 @@ static vm_fault_t fb_deferred_io_fault(struct vm_fault
> *vmf)
> >   		printk(KERN_ERR "no mapping available\n");
> >
> >   	BUG_ON(!page->mapping);
> > -	INIT_LIST_HEAD(&page->lru);
> >   	page->index = vmf->pgoff;
> >
> >   	vmf->page = page;
> > @@ -220,6 +219,8 @@ static void fb_deferred_io_work(struct work_struct
> *work)
> >   void fb_deferred_io_init(struct fb_info *info)
> >   {
> >   	struct fb_deferred_io *fbdefio = info->fbdefio;
> > +	struct page *page;
> > +	int i;
> >
> >   	BUG_ON(!fbdefio);
> >   	mutex_init(&fbdefio->lock);
> > @@ -227,6 +228,12 @@ void fb_deferred_io_init(struct fb_info *info)
> >   	INIT_LIST_HEAD(&fbdefio->pagelist);
> >   	if (fbdefio->delay == 0) /* set a default of 1 s */
> >   		fbdefio->delay = HZ;
> > +
> > +	/* initialize all the page lists one time */
> > +	for (i = 0; i < info->fix.smem_len; i += PAGE_SIZE) {
> > +		page = fb_deferred_io_page(info, i);
> > +		INIT_LIST_HEAD(&page->lru);
> > +	}
> >   }
> >   EXPORT_SYMBOL_GPL(fb_deferred_io_init);
> >
> Applying your patch on top of current Linus’ master branch, tty0 is
> unusable and looks frozen. Sometimes network card still works, sometimes
> not.

I don't see how the patch would cause below BUG call stack, need some time to
debug. Just few comments:
1. Will the system work well without this patch?
2. When you are sure the patch causes the regression you saw, please get free to submit
one reverted patch, thanks : )

> 
>      $ git log --oneline -nodecorate -2
>      1b351a77ed33 (HEAD -> linus) fbdev: defio: fix the pagelist corruption
>      52d543b5497c (origin/master, origin/HEAD) Merge tag
> 'for-linus-5.17-1' of https://github.com/cminyard/linux-ipmi
> 
> ```
> [    5.256996] raw: 0000000000000000 0000000000000000 00000000ffffffff
> 0000000000000000
> [    5.269582] page dumped because: VM_BUG_ON_PAGE(compound &&
> compound_order(page) != order)
> [    5.279507] ------------[ cut here ]------------
> [    5.286406] kernel BUG at mm/page_alloc.c:1326!
> [    5.291814] invalid opcode: 0000 [#1] PREEMPT SMP
> [    5.296350] CPU: 0 PID: 167 Comm: systemd-udevd Not tainted
> 5.17.0-10753-g1b351a77ed33 #300
> [    5.304670] Hardware name: ASUS F2A85-M_PRO/F2A85-M_PRO, BIOS
> 4.16-337-gb87986e67b 03/25/2022
> [    5.313163] RIP: 0010:free_pcp_prepare+0x295/0x400
> [    5.317930] Code: 00 01 00 75 0b 48 8b 45 08 45 31 ff a8 01 74 4b 48
> 8b 45 00 a9 00 00 01 00 75 22 48 c7 c6 68 30 11 96 48 89 ef e8 cb 29 fd
> ff <0f> 0b 48 89 ef 41 83 c6 01 e8 bd f5 ff ff e9 2e fe ff ff 0f 1f 44
> [    5.336650] RSP: 0018:ffffa6634062f9c0 EFLAGS: 00010246
> [    5.341849] RAX: 000000000000004e RBX: ffffe4be80000000 RCX:
> 0000000000000000
> [    5.348957] RDX: 0000000000000000 RSI: ffffffff96136a37 RDI:
> 00000000ffffffff
> [    5.356063] RBP: ffffe4be840c0000 R08: 0000000000000000 R09:
> 00000000ffffdfff
> [    5.363170] R10: ffffa6634062f7f0 R11: ffffffff9652c4a8 R12:
> 0000000000000000
> [    5.370277] R13: 0000000000000009 R14: ffff91fd02ebc640 R15:
> ffffe4be840c0000
> [    5.377384] FS:  0000000000000000(0000) GS:ffff91fd7b400000(0063)
> knlGS:00000000f7eea800
> [    5.385443] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
> [    5.391164] CR2: 00000000f6f0e840 CR3: 0000000106b60000 CR4:
> 00000000000406f0
> [    5.398272] Call Trace:
> [    5.400697]  <TASK>
> [    5.402778]  free_unref_page+0x1b/0xf0
> [    5.406505]  __vunmap+0x216/0x2c0
> [    5.409798]  drm_fbdev_cleanup+0x5f/0xb0
> [    5.413698]  drm_fbdev_fb_destroy+0x15/0x30
> [    5.417857]  unregister_framebuffer+0x2c/0x40
> [    5.422191]  drm_client_dev_unregister+0x69/0xe0
> [    5.422962] usb usb4: New USB device found, idVendor=1d6b,
> idProduct=0003, bcdDevice= 5.17
> [    5.426784]  drm_dev_unregister+0x2e/0x80
> [    5.439005]  drm_dev_unplug+0x21/0x40
> [    5.442645]  simpledrm_remove+0x11/0x20
> [    5.446458]  platform_remove+0x1f/0x40
> [    5.450185]  __device_release_driver+0x17a/0x250
> [    5.454779]  device_release_driver+0x24/0x30
> [    5.459024]  bus_remove_device+0xd8/0x140
> [    5.463012]  device_del+0x18b/0x3f0
> [    5.466478]  ? idr_alloc_cyclic+0x50/0xb0
> [    5.470466]  platform_device_del.part.0+0x13/0x70
> [    5.475146]  platform_device_unregister+0x1c/0x30
> [    5.479824]  drm_aperture_detach_drivers+0xa1/0xd0
> [    5.484593]  drm_aperture_remove_conflicting_pci_framebuffers+0x3f/0x60
> [    5.491179]  radeon_pci_probe+0x54/0xf0 [radeon]
> [    5.495773]  local_pci_probe+0x45/0x80
> [    5.499499]  ? pci_match_device+0xd7/0x130
> [    5.503572]  pci_device_probe+0xc2/0x1e0
> [    5.507474]  really_probe+0x1f5/0x3d0
> [    5.511112]  __driver_probe_device+0xfe/0x180
> [    5.515446]  driver_probe_device+0x1e/0x90
> [    5.519518]  __driver_attach+0xc0/0x1c0
> [    5.523332]  ? __device_attach_driver+0xe0/0xe0
> [    5.527839]  ? __device_attach_driver+0xe0/0xe0
> [    5.532346]  bus_for_each_dev+0x78/0xc0
> [    5.536159]  bus_add_driver+0x149/0x1e0
> [    5.539973]  driver_register+0x8f/0xe0
> [    5.543699]  ? 0xffffffffc0741000
> [    5.546992]  do_one_initcall+0x44/0x200
> [    5.550806]  ? kmem_cache_alloc_trace+0x170/0x2c0
> [    5.555487]  do_init_module+0x4c/0x240
> [    5.559213]  __do_sys_finit_module+0xb4/0x120
> [    5.563547]  __do_fast_syscall_32+0x6b/0xe0
> [    5.567706]  do_fast_syscall_32+0x2f/0x70
> [    5.571693]  entry_SYSCALL_compat_after_hwframe+0x45/0x4d
> [    5.577067] RIP: 0023:0xf7efa549
> [    5.580273] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10
> 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 cd 0f 05 cd
> 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
> [    5.582805] usb usb4: New USB device strings: Mfr=3, Product=2,
> SerialNumber=1
> [    5.598992] RSP: 002b:00000000ff831c0c EFLAGS: 00200296 ORIG_RAX:
> 000000000000015e
> [    5.598996] RAX: ffffffffffffffda RBX: 0000000000000011 RCX:
> 00000000f7ed9e09
> [    5.598998] RDX: 0000000000000000 RSI: 0000000056a5c940 RDI:
> 0000000056a5c4c0
> [    5.598999] RBP: 0000000000000000 R08: 0000000000000000 R09:
> 0000000000000000
> [    5.635047] R10: 0000000000000000 R11: 0000000000000000 R12:
> 0000000000000000
> [    5.642154] R13: 0000000000000000 R14: 0000000000000000 R15:
> 0000000000000000
> [    5.649264]  </TASK>
> [    5.651427] Modules linked in: crct10dif_pclmul crc32_pclmul
> crc32c_intel ghash_clmulni_intel snd_hda_codec_realtek
> snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi radeon(+) r8169
> xhci_pci(+) realtek snd_hda_intel drm_ttm_helper snd_intel_dspcfg
> k10temp snd_hda_codec ttm snd_hda_core xhci_hcd snd_pcm sg ohci_hcd
> ehci_pci(+) snd_timer drm_dp_helper snd ehci_hcd soundcore i2c_piix4
> acpi_cpufreq coreboot_table fuse ipv6 autofs4
> [    5.690975] r8169 0000:04:00.0 enp4s0: renamed from eth0
> [    5.691589] ---[ end trace 0000000000000000 ]---
> [    5.704791] RIP: 0010:free_pcp_prepare+0x295/0x400
> [    5.709784] Code: 00 01 00 75 0b 48 8b 45 08 45 31 ff a8 01 74 4b 48
> 8b 45 00 a9 00 00 01 00 75 22 48 c7 c6 68 30 11 96 48 89 ef e8 cb 29 fd
> ff <0f> 0b 48 89 ef 41 83 c6 01 e8 bd f5 ff ff e9 2e fe ff ff 0f 1f 44
> [    5.731535] RSP: 0018:ffffa6634062f9c0 EFLAGS: 00010246
> [    5.752988] usb usb4: Product: xHCI Host Controller
> [    5.758571] usb usb4: Manufacturer: Linux 5.17.0-10753-g1b351a77ed33
> xhci-hcd
> [    5.767096] usb usb4: SerialNumber: 0000:03:00.0
> [    5.772213] hub 4-0:1.0: USB hub found
> [    5.782383] hub 4-0:1.0: 2 ports detected
> [    5.799251] RAX: 000000000000004e RBX: ffffe4be80000000 RCX:
> 0000000000000000
> [    5.810470] RDX: 0000000000000000 RSI: ffffffff96136a37 RDI:
> 00000000ffffffff
> [    5.817561] RBP: ffffe4be840c0000 R08: 0000000000000000 R09:
> 00000000ffffdfff
> [    5.824680] R10: ffffa6634062f7f0 R11: ffffffff9652c4a8 R12:
> 0000000000000000
> [    5.831739] R13: 0000000000000009 R14: ffff91fd02ebc640 R15:
> ffffe4be840c0000
> [    5.839445] FS:  0000000000000000(0000) GS:ffff91fd7b500000(0063)
> knlGS:00000000f7eea800
> [    5.847905] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
> [    5.854025] CR2: 000000005664d26c CR3: 0000000106b60000 CR4:
> 00000000000406e0
> ```
> 
> 
> Kind regards,
> 
> Paul
> 
> 
> PS: For some reason, the lore.kernel.org lists most messages twice [1].
> 
> PPS: I am actually wanted to analyze the new regression, and thought
> your patch might help, but made it worse. ;-) (The log excerpt is from
> Linux master.)
> 
> ```
> [    1.738965] BUG: Bad page state in process systemd-udevd  pfn:103003
> [    1.738974] fbcon: Taking over console
> [    1.740459] page:00000000c3b5c591 refcount:0 mapcount:0
> mapping:0000000
> 000000000 index:0x3 pfn:0x103003
> [    1.740466] head:000000009b49a8e9 order:9 compound_mapcount:0
> compound_
> pincount:0
> [    1.740468] flags: 0x2fffc000010000(head|node=0|zone=2|lastcpupid=0x3ff
> f)
> [    1.740473] raw: 002fffc000000000 fffff139840c0001 fffff139840c00c8 000
> 0000000000000
> [    1.740475] raw: 0000000000000000 0000000000000000 00000000ffffffff 000
> 0000000000000
> [    1.740477] head: 002fffc000010000 0000000000000000 dead000000000122
> 00
> 00000000000000
> [    1.740479] head: 0000000000000000 0000000000000000 00000000ffffffff 00
> 00000000000000
> [    1.740480] page dumped because: corrupted mapping in tail page
> ```
> 
> I am going to do that in another thread.
> 
> [1]:
> https://lore.kernel.org/all/20220317054602.28846-1-
> chuansheng.liu@intel.com/

Paul Menzel March 28, 2022, 6:15 a.m. UTC | #6

Dear Chuansheng,


Am 28.03.22 um 02:58 schrieb Liu, Chuansheng:

>> -----Original Message-----

>> Sent: Saturday, March 26, 2022 4:11 PM

>> Am 17.03.22 um 06:46 schrieb Chuansheng Liu:
>>> Easily hit the below list corruption:
>>> ==
>>> list_add corruption. prev->next should be next (ffffffffc0ceb090), but
>>> was ffffec604507edc8. (prev=ffffec604507edc8).
>>> WARNING: CPU: 65 PID: 3959 at lib/list_debug.c:26
>>> __list_add_valid+0x53/0x80
>>> CPU: 65 PID: 3959 Comm: fbdev Tainted: G     U
>>> RIP: 0010:__list_add_valid+0x53/0x80
>>> Call Trace:
>>>    <TASK>
>>>    fb_deferred_io_mkwrite+0xea/0x150
>>>    do_page_mkwrite+0x57/0xc0
>>>    do_wp_page+0x278/0x2f0
>>>    __handle_mm_fault+0xdc2/0x1590
>>>    handle_mm_fault+0xdd/0x2c0
>>>    do_user_addr_fault+0x1d3/0x650
>>>    exc_page_fault+0x77/0x180
>>>    ? asm_exc_page_fault+0x8/0x30
>>>    asm_exc_page_fault+0x1e/0x30
>>> RIP: 0033:0x7fd98fc8fad1
>>> ==
>>>
>>> Figure out the race happens when one process is adding &page->lru into
>>> the pagelist tail in fb_deferred_io_mkwrite(), another process is
>>> re-initializing the same &page->lru in fb_deferred_io_fault(), which is
>>> not protected by the lock.
>>>
>>> This fix is to init all the page lists one time during initialization,
>>> it not only fixes the list corruption, but also avoids INIT_LIST_HEAD()
>>> redundantly.
>>>
>>> Fixes: 105a940416fc ("fbdev/defio: Early-out if page is already enlisted")
>>> Cc: Thomas Zimmermann <tzimmermann@suse.de>
>>> Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>
>>> ---
>>>    drivers/video/fbdev/core/fb_defio.c | 9 ++++++++-
>>>    1 file changed, 8 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/video/fbdev/core/fb_defio.c b/drivers/video/fbdev/core/fb_defio.c
>>> index 98b0f23bf5e2..eafb66ca4f28 100644
>>> --- a/drivers/video/fbdev/core/fb_defio.c
>>> +++ b/drivers/video/fbdev/core/fb_defio.c
>>> @@ -59,7 +59,6 @@ static vm_fault_t fb_deferred_io_fault(struct vm_fault *vmf)
>>>    		printk(KERN_ERR "no mapping available\n");
>>>
>>>    	BUG_ON(!page->mapping);
>>> -	INIT_LIST_HEAD(&page->lru);
>>>    	page->index = vmf->pgoff;
>>>
>>>    	vmf->page = page;
>>> @@ -220,6 +219,8 @@ static void fb_deferred_io_work(struct work_struct *work)
>>>    void fb_deferred_io_init(struct fb_info *info)
>>>    {
>>>    	struct fb_deferred_io *fbdefio = info->fbdefio;
>>> +	struct page *page;
>>> +	int i;
>>>
>>>    	BUG_ON(!fbdefio);
>>>    	mutex_init(&fbdefio->lock);
>>> @@ -227,6 +228,12 @@ void fb_deferred_io_init(struct fb_info *info)
>>>    	INIT_LIST_HEAD(&fbdefio->pagelist);
>>>    	if (fbdefio->delay == 0) /* set a default of 1 s */
>>>    		fbdefio->delay = HZ;
>>> +
>>> +	/* initialize all the page lists one time */
>>> +	for (i = 0; i < info->fix.smem_len; i += PAGE_SIZE) {
>>> +		page = fb_deferred_io_page(info, i);
>>> +		INIT_LIST_HEAD(&page->lru);
>>> +	}
>>>    }
>>>    EXPORT_SYMBOL_GPL(fb_deferred_io_init);
>>>
>> Applying your patch on top of current Linus’ master branch, tty0 is
>> unusable and looks frozen. Sometimes network card still works, sometimes
>> not.
> 
> I don't see how the patch would cause below BUG call stack, need some time to
> debug. Just few comments:
> 1. Will the system work well without this patch?

Yes, the framebuffer works well without the patch.

> 2. When you are sure the patch causes the regression you saw, please get free to submit
> one reverted patch, thanks : )

I think you for patch wasn’t submitted yet – at least not pulled by Linus.

>>       $ git log --oneline -nodecorate -2
>>       1b351a77ed33 (HEAD -> linus) fbdev: defio: fix the pagelist corruption
>>       52d543b5497c (origin/master, origin/HEAD) Merge tag 'for-linus-5.17-1' of https://github.com/cminyard/linux-ipmi
>>
>> ```
>> [    5.256996] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
>> [    5.269582] page dumped because: VM_BUG_ON_PAGE(compound && compound_order(page) != order)
>> [    5.279507] ------------[ cut here ]------------
>> [    5.286406] kernel BUG at mm/page_alloc.c:1326!
>> [    5.291814] invalid opcode: 0000 [#1] PREEMPT SMP
>> [    5.296350] CPU: 0 PID: 167 Comm: systemd-udevd Not tainted 5.17.0-10753-g1b351a77ed33 #300
>> [    5.304670] Hardware name: ASUS F2A85-M_PRO/F2A85-M_PRO, BIOS 4.16-337-gb87986e67b 03/25/2022
>> [    5.313163] RIP: 0010:free_pcp_prepare+0x295/0x400
>> [    5.317930] Code: 00 01 00 75 0b 48 8b 45 08 45 31 ff a8 01 74 4b 48 8b 45 00 a9 00 00 01 00 75 22 48 c7 c6 68 30 11 96 48 89 ef e8 cb 29 fd ff <0f> 0b 48 89 ef 41 83 c6 01 e8 bd f5 ff ff e9 2e fe ff ff 0f 1f 44
>> [    5.336650] RSP: 0018:ffffa6634062f9c0 EFLAGS: 00010246
>> [    5.341849] RAX: 000000000000004e RBX: ffffe4be80000000 RCX: 0000000000000000
>> [    5.348957] RDX: 0000000000000000 RSI: ffffffff96136a37 RDI: 00000000ffffffff
>> [    5.356063] RBP: ffffe4be840c0000 R08: 0000000000000000 R09: 00000000ffffdfff
>> [    5.363170] R10: ffffa6634062f7f0 R11: ffffffff9652c4a8 R12: 0000000000000000
>> [    5.370277] R13: 0000000000000009 R14: ffff91fd02ebc640 R15: ffffe4be840c0000
>> [    5.377384] FS:  0000000000000000(0000) GS:ffff91fd7b400000(0063) knlGS:00000000f7eea800
>> [    5.385443] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
>> [    5.391164] CR2: 00000000f6f0e840 CR3: 0000000106b60000 CR4: 00000000000406f0
>> [    5.398272] Call Trace:
>> [    5.400697]  <TASK>
>> [    5.402778]  free_unref_page+0x1b/0xf0
>> [    5.406505]  __vunmap+0x216/0x2c0
>> [    5.409798]  drm_fbdev_cleanup+0x5f/0xb0
>> [    5.413698]  drm_fbdev_fb_destroy+0x15/0x30
>> [    5.417857]  unregister_framebuffer+0x2c/0x40
>> [    5.422191]  drm_client_dev_unregister+0x69/0xe0
>> [    5.422962] usb usb4: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 5.17
>> [    5.426784]  drm_dev_unregister+0x2e/0x80
>> [    5.439005]  drm_dev_unplug+0x21/0x40
>> [    5.442645]  simpledrm_remove+0x11/0x20
>> [    5.446458]  platform_remove+0x1f/0x40
>> [    5.450185]  __device_release_driver+0x17a/0x250
>> [    5.454779]  device_release_driver+0x24/0x30
>> [    5.459024]  bus_remove_device+0xd8/0x140
>> [    5.463012]  device_del+0x18b/0x3f0
>> [    5.466478]  ? idr_alloc_cyclic+0x50/0xb0
>> [    5.470466]  platform_device_del.part.0+0x13/0x70
>> [    5.475146]  platform_device_unregister+0x1c/0x30
>> [    5.479824]  drm_aperture_detach_drivers+0xa1/0xd0
>> [    5.484593]  drm_aperture_remove_conflicting_pci_framebuffers+0x3f/0x60
>> [    5.491179]  radeon_pci_probe+0x54/0xf0 [radeon]
>> [    5.495773]  local_pci_probe+0x45/0x80
>> [    5.499499]  ? pci_match_device+0xd7/0x130
>> [    5.503572]  pci_device_probe+0xc2/0x1e0
>> [    5.507474]  really_probe+0x1f5/0x3d0
>> [    5.511112]  __driver_probe_device+0xfe/0x180
>> [    5.515446]  driver_probe_device+0x1e/0x90
>> [    5.519518]  __driver_attach+0xc0/0x1c0
>> [    5.523332]  ? __device_attach_driver+0xe0/0xe0
>> [    5.527839]  ? __device_attach_driver+0xe0/0xe0
>> [    5.532346]  bus_for_each_dev+0x78/0xc0
>> [    5.536159]  bus_add_driver+0x149/0x1e0
>> [    5.539973]  driver_register+0x8f/0xe0
>> [    5.543699]  ? 0xffffffffc0741000
>> [    5.546992]  do_one_initcall+0x44/0x200
>> [    5.550806]  ? kmem_cache_alloc_trace+0x170/0x2c0
>> [    5.555487]  do_init_module+0x4c/0x240
>> [    5.559213]  __do_sys_finit_module+0xb4/0x120
>> [    5.563547]  __do_fast_syscall_32+0x6b/0xe0
>> [    5.567706]  do_fast_syscall_32+0x2f/0x70
>> [    5.571693]  entry_SYSCALL_compat_after_hwframe+0x45/0x4d
>> [    5.577067] RIP: 0023:0xf7efa549
>> [    5.580273] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 cd 0f 05 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
>> [    5.582805] usb usb4: New USB device strings: Mfr=3, Product=2, SerialNumber=1
>> [    5.598992] RSP: 002b:00000000ff831c0c EFLAGS: 00200296 ORIG_RAX: 000000000000015e
>> [    5.598996] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 00000000f7ed9e09
>> [    5.598998] RDX: 0000000000000000 RSI: 0000000056a5c940 RDI: 0000000056a5c4c0
>> [    5.598999] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
>> [    5.635047] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
>> [    5.642154] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
>> [    5.649264]  </TASK>
>> [    5.651427] Modules linked in: crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi radeon(+) r8169 xhci_pci(+) realtek snd_hda_intel drm_ttm_helper snd_intel_dspcfg k10temp snd_hda_codec ttm snd_hda_core xhci_hcd snd_pcm sg ohci_hcd ehci_pci(+) snd_timer drm_dp_helper snd ehci_hcd soundcore i2c_piix4 acpi_cpufreq coreboot_table fuse ipv6 autofs4
>> [    5.690975] r8169 0000:04:00.0 enp4s0: renamed from eth0
>> [    5.691589] ---[ end trace 0000000000000000 ]---
>> [    5.704791] RIP: 0010:free_pcp_prepare+0x295/0x400
>> [    5.709784] Code: 00 01 00 75 0b 48 8b 45 08 45 31 ff a8 01 74 4b 48 8b 45 00 a9 00 00 01 00 75 22 48 c7 c6 68 30 11 96 48 89 ef e8 cb 29 fd ff <0f> 0b 48 89 ef 41 83 c6 01 e8 bd f5 ff ff e9 2e fe ff ff 0f 1f 44
>> [    5.731535] RSP: 0018:ffffa6634062f9c0 EFLAGS: 00010246
>> [    5.752988] usb usb4: Product: xHCI Host Controller
>> [    5.758571] usb usb4: Manufacturer: Linux 5.17.0-10753-g1b351a77ed33 xhci-hcd
>> [    5.767096] usb usb4: SerialNumber: 0000:03:00.0
>> [    5.772213] hub 4-0:1.0: USB hub found
>> [    5.782383] hub 4-0:1.0: 2 ports detected
>> [    5.799251] RAX: 000000000000004e RBX: ffffe4be80000000 RCX: 0000000000000000
>> [    5.810470] RDX: 0000000000000000 RSI: ffffffff96136a37 RDI: 00000000ffffffff
>> [    5.817561] RBP: ffffe4be840c0000 R08: 0000000000000000 R09: 00000000ffffdfff
>> [    5.824680] R10: ffffa6634062f7f0 R11: ffffffff9652c4a8 R12: 0000000000000000
>> [    5.831739] R13: 0000000000000009 R14: ffff91fd02ebc640 R15: ffffe4be840c0000
>> [    5.839445] FS:  0000000000000000(0000) GS:ffff91fd7b500000(0063) knlGS:00000000f7eea800
>> [    5.847905] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
>> [    5.854025] CR2: 000000005664d26c CR3: 0000000106b60000 CR4: 00000000000406e0
>> ```

>> PS: For some reason, the lore.kernel.org lists most messages twice [1].
>>
>> PPS: I am actually wanted to analyze the new regression, and thought
>> your patch might help, but made it worse. ;-) (The log excerpt is from
>> Linux master.)
>>
>> ```
>> [    1.738965] BUG: Bad page state in process systemd-udevd  pfn:103003
>> [    1.738974] fbcon: Taking over console
>> [    1.740459] page:00000000c3b5c591 refcount:0 mapcount:0 mapping:0000000 000000000 index:0x3 pfn:0x103003
>> [    1.740466] head:000000009b49a8e9 order:9 compound_mapcount:0 compound_pincount:0
>> [    1.740468] flags: 0x2fffc000010000(head|node=0|zone=2|lastcpupid=0x3ff f)
>> [    1.740473] raw: 002fffc000000000 fffff139840c0001 fffff139840c00c8 000 0000000000000
>> [    1.740475] raw: 0000000000000000 0000000000000000 00000000ffffffff 000 0000000000000
>> [    1.740477] head: 002fffc000010000 0000000000000000 dead000000000122 00 00000000000000
>> [    1.740479] head: 0000000000000000 0000000000000000 00000000ffffffff 00 00000000000000
>> [    1.740480] page dumped because: corrupted mapping in tail page
>> ```
>>
>> I am going to do that in another thread.

This is [2].


Kind regards,

Paul


>> [1]: https://lore.kernel.org/all/20220317054602.28846-1-chuansheng.liu@intel.com/
[2]: 
https://lore.kernel.org/bpf/7edcd673-decf-7b4e-1f6e-f2e0e26f757a@molgen.mpg.de/

Chuansheng Liu March 28, 2022, 11:58 p.m. UTC | #7

Hi Paul,

> -----Original Message-----
> From: dri-devel <dri-devel-bounces@lists.freedesktop.org> On Behalf Of Paul
> Menzel
> Sent: Monday, March 28, 2022 2:15 PM
> To: Liu, Chuansheng <chuansheng.liu@intel.com>
> Cc: tzimmermann@suse.de; linux-fbdev@vger.kernel.org; deller@gmx.de; dri-
> devel@lists.freedesktop.org; jayalk@intworks.biz
> Subject: Re: [PATCH] fbdev: defio: fix the pagelist corruption
> 
> Dear Chuansheng,
> 
> 
> Am 28.03.22 um 02:58 schrieb Liu, Chuansheng:
> 
> >> -----Original Message-----
> 
> >> Sent: Saturday, March 26, 2022 4:11 PM
> 
> >> Am 17.03.22 um 06:46 schrieb Chuansheng Liu:
> >>> Easily hit the below list corruption:
> >>> ==
> >>> list_add corruption. prev->next should be next (ffffffffc0ceb090), but
> >>> was ffffec604507edc8. (prev=ffffec604507edc8).
> >>> WARNING: CPU: 65 PID: 3959 at lib/list_debug.c:26
> >>> __list_add_valid+0x53/0x80
> >>> CPU: 65 PID: 3959 Comm: fbdev Tainted: G     U
> >>> RIP: 0010:__list_add_valid+0x53/0x80
> >>> Call Trace:
> >>>    <TASK>
> >>>    fb_deferred_io_mkwrite+0xea/0x150
> >>>    do_page_mkwrite+0x57/0xc0
> >>>    do_wp_page+0x278/0x2f0
> >>>    __handle_mm_fault+0xdc2/0x1590
> >>>    handle_mm_fault+0xdd/0x2c0
> >>>    do_user_addr_fault+0x1d3/0x650
> >>>    exc_page_fault+0x77/0x180
> >>>    ? asm_exc_page_fault+0x8/0x30
> >>>    asm_exc_page_fault+0x1e/0x30
> >>> RIP: 0033:0x7fd98fc8fad1
> >>> ==
> >>>
> >>> Figure out the race happens when one process is adding &page->lru into
> >>> the pagelist tail in fb_deferred_io_mkwrite(), another process is
> >>> re-initializing the same &page->lru in fb_deferred_io_fault(), which is
> >>> not protected by the lock.
> >>>
> >>> This fix is to init all the page lists one time during initialization,
> >>> it not only fixes the list corruption, but also avoids INIT_LIST_HEAD()
> >>> redundantly.
> >>>
> >>> Fixes: 105a940416fc ("fbdev/defio: Early-out if page is already enlisted")
> >>> Cc: Thomas Zimmermann <tzimmermann@suse.de>
> >>> Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>
> >>> ---
> >>>    drivers/video/fbdev/core/fb_defio.c | 9 ++++++++-
> >>>    1 file changed, 8 insertions(+), 1 deletion(-)
> >>>
> >>> diff --git a/drivers/video/fbdev/core/fb_defio.c
> b/drivers/video/fbdev/core/fb_defio.c
> >>> index 98b0f23bf5e2..eafb66ca4f28 100644
> >>> --- a/drivers/video/fbdev/core/fb_defio.c
> >>> +++ b/drivers/video/fbdev/core/fb_defio.c
> >>> @@ -59,7 +59,6 @@ static vm_fault_t fb_deferred_io_fault(struct vm_fault
> *vmf)
> >>>    		printk(KERN_ERR "no mapping available\n");
> >>>
> >>>    	BUG_ON(!page->mapping);
> >>> -	INIT_LIST_HEAD(&page->lru);
> >>>    	page->index = vmf->pgoff;
> >>>
> >>>    	vmf->page = page;
> >>> @@ -220,6 +219,8 @@ static void fb_deferred_io_work(struct work_struct
> *work)
> >>>    void fb_deferred_io_init(struct fb_info *info)
> >>>    {
> >>>    	struct fb_deferred_io *fbdefio = info->fbdefio;
> >>> +	struct page *page;
> >>> +	int i;
> >>>
> >>>    	BUG_ON(!fbdefio);
> >>>    	mutex_init(&fbdefio->lock);
> >>> @@ -227,6 +228,12 @@ void fb_deferred_io_init(struct fb_info *info)
> >>>    	INIT_LIST_HEAD(&fbdefio->pagelist);
> >>>    	if (fbdefio->delay == 0) /* set a default of 1 s */
> >>>    		fbdefio->delay = HZ;
> >>> +
> >>> +	/* initialize all the page lists one time */
> >>> +	for (i = 0; i < info->fix.smem_len; i += PAGE_SIZE) {
> >>> +		page = fb_deferred_io_page(info, i);
> >>> +		INIT_LIST_HEAD(&page->lru);
> >>> +	}
> >>>    }
> >>>    EXPORT_SYMBOL_GPL(fb_deferred_io_init);
> >>>
> >> Applying your patch on top of current Linus’ master branch, tty0 is
> >> unusable and looks frozen. Sometimes network card still works, sometimes
> >> not.
> >
> > I don't see how the patch would cause below BUG call stack, need some time
> to
> > debug. Just few comments:
> > 1. Will the system work well without this patch?
> 
> Yes, the framebuffer works well without the patch.
> 
> > 2. When you are sure the patch causes the regression you saw, please get free
> to submit
> > one reverted patch, thanks : )
> 
> I think you for patch wasn’t submitted yet – at least not pulled by Linus.
The patch has been in drm-tip, could you have a try with the latest drm-tip to see if the
Framebuffer works well, in that case, we could revert it in drm-tip then.

Best Regards
Chuansheng

Paul Menzel March 30, 2022, 4:46 p.m. UTC | #8

[Cc: -jayalk@intworks.biz as it bounces]

Dear Chuansheng,


Am 29.03.22 um 01:58 schrieb Liu, Chuansheng:

>> -----Original Message-----
>> From: Paul Menzel
>> Sent: Monday, March 28, 2022 2:15 PM

>> Am 28.03.22 um 02:58 schrieb Liu, Chuansheng:
>>
>>>> -----Original Message-----
>>
>>>> Sent: Saturday, March 26, 2022 4:11 PM
>>
>>>> Am 17.03.22 um 06:46 schrieb Chuansheng Liu:
>>>>> Easily hit the below list corruption:
>>>>> ==
>>>>> list_add corruption. prev->next should be next (ffffffffc0ceb090), but
>>>>> was ffffec604507edc8. (prev=ffffec604507edc8).
>>>>> WARNING: CPU: 65 PID: 3959 at lib/list_debug.c:26
>>>>> __list_add_valid+0x53/0x80
>>>>> CPU: 65 PID: 3959 Comm: fbdev Tainted: G     U
>>>>> RIP: 0010:__list_add_valid+0x53/0x80
>>>>> Call Trace:
>>>>>     <TASK>
>>>>>     fb_deferred_io_mkwrite+0xea/0x150
>>>>>     do_page_mkwrite+0x57/0xc0
>>>>>     do_wp_page+0x278/0x2f0
>>>>>     __handle_mm_fault+0xdc2/0x1590
>>>>>     handle_mm_fault+0xdd/0x2c0
>>>>>     do_user_addr_fault+0x1d3/0x650
>>>>>     exc_page_fault+0x77/0x180
>>>>>     ? asm_exc_page_fault+0x8/0x30
>>>>>     asm_exc_page_fault+0x1e/0x30
>>>>> RIP: 0033:0x7fd98fc8fad1
>>>>> ==
>>>>>
>>>>> Figure out the race happens when one process is adding &page->lru into
>>>>> the pagelist tail in fb_deferred_io_mkwrite(), another process is
>>>>> re-initializing the same &page->lru in fb_deferred_io_fault(), which is
>>>>> not protected by the lock.
>>>>>
>>>>> This fix is to init all the page lists one time during initialization,
>>>>> it not only fixes the list corruption, but also avoids INIT_LIST_HEAD()
>>>>> redundantly.
>>>>>
>>>>> Fixes: 105a940416fc ("fbdev/defio: Early-out if page is already enlisted")
>>>>> Cc: Thomas Zimmermann <tzimmermann@suse.de>
>>>>> Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>
>>>>> ---
>>>>>     drivers/video/fbdev/core/fb_defio.c | 9 ++++++++-
>>>>>     1 file changed, 8 insertions(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/drivers/video/fbdev/core/fb_defio.c
>> b/drivers/video/fbdev/core/fb_defio.c
>>>>> index 98b0f23bf5e2..eafb66ca4f28 100644
>>>>> --- a/drivers/video/fbdev/core/fb_defio.c
>>>>> +++ b/drivers/video/fbdev/core/fb_defio.c
>>>>> @@ -59,7 +59,6 @@ static vm_fault_t fb_deferred_io_fault(struct vm_fault *vmf)
>>>>>     		printk(KERN_ERR "no mapping available\n");
>>>>>
>>>>>     	BUG_ON(!page->mapping);
>>>>> -	INIT_LIST_HEAD(&page->lru);
>>>>>     	page->index = vmf->pgoff;
>>>>>
>>>>>     	vmf->page = page;
>>>>> @@ -220,6 +219,8 @@ static void fb_deferred_io_work(struct work_struct *work)
>>>>>     void fb_deferred_io_init(struct fb_info *info)
>>>>>     {
>>>>>     	struct fb_deferred_io *fbdefio = info->fbdefio;
>>>>> +	struct page *page;
>>>>> +	int i;
>>>>>
>>>>>     	BUG_ON(!fbdefio);
>>>>>     	mutex_init(&fbdefio->lock);
>>>>> @@ -227,6 +228,12 @@ void fb_deferred_io_init(struct fb_info *info)
>>>>>     	INIT_LIST_HEAD(&fbdefio->pagelist);
>>>>>     	if (fbdefio->delay == 0) /* set a default of 1 s */
>>>>>     		fbdefio->delay = HZ;
>>>>> +
>>>>> +	/* initialize all the page lists one time */
>>>>> +	for (i = 0; i < info->fix.smem_len; i += PAGE_SIZE) {
>>>>> +		page = fb_deferred_io_page(info, i);
>>>>> +		INIT_LIST_HEAD(&page->lru);
>>>>> +	}
>>>>>     }
>>>>>     EXPORT_SYMBOL_GPL(fb_deferred_io_init);
>>>>>
>>>> Applying your patch on top of current Linus’ master branch, tty0 is
>>>> unusable and looks frozen. Sometimes network card still works, sometimes
>>>> not.
>>>
>>> I don't see how the patch would cause below BUG call stack, need some time to
>>> debug. Just few comments:
>>> 1. Will the system work well without this patch?
>>
>> Yes, the framebuffer works well without the patch.
>>
>>> 2. When you are sure the patch causes the regression you saw, please get free
>> to submit one reverted patch, thanks : )
>>
>> I think you for patch wasn’t submitted yet – at least not pulled by Linus.
> The patch has been in drm-tip, could you have a try with the latest drm-tip to see if the
> Framebuffer works well, in that case, we could revert it in drm-tip then.

With drm-tip (drm-tip: 2022y-03m-29d-13h-14m-35s UTC integration 
manifest) everything works fine. (I had to disable amdgpu driver, as it 
failed to build.) Is anyone able to explain that?


Kind regards,

Paul

Chuansheng Liu March 31, 2022, 12:06 a.m. UTC | #9

Hi Paul,


> -----Original Message-----
> From: Paul Menzel <pmenzel@molgen.mpg.de>
> Sent: Thursday, March 31, 2022 12:47 AM
> To: Liu, Chuansheng <chuansheng.liu@intel.com>
> Cc: tzimmermann@suse.de; linux-fbdev@vger.kernel.org; deller@gmx.de; dri-
> devel@lists.freedesktop.org
> Subject: Re: [PATCH] fbdev: defio: fix the pagelist corruption
> 
> [Cc: -jayalk@intworks.biz as it bounces]
> 
> Dear Chuansheng,
> 
> 
> Am 29.03.22 um 01:58 schrieb Liu, Chuansheng:
> 
> >> -----Original Message-----
> >> From: Paul Menzel
> >> Sent: Monday, March 28, 2022 2:15 PM
> 
> >> Am 28.03.22 um 02:58 schrieb Liu, Chuansheng:
> >>
> >>>> -----Original Message-----
> >>
> >>>> Sent: Saturday, March 26, 2022 4:11 PM
> >>
> >>>> Am 17.03.22 um 06:46 schrieb Chuansheng Liu:
> >>>>> Easily hit the below list corruption:
> >>>>> ==
> >>>>> list_add corruption. prev->next should be next (ffffffffc0ceb090), but
> >>>>> was ffffec604507edc8. (prev=ffffec604507edc8).
> >>>>> WARNING: CPU: 65 PID: 3959 at lib/list_debug.c:26
> >>>>> __list_add_valid+0x53/0x80
> >>>>> CPU: 65 PID: 3959 Comm: fbdev Tainted: G     U
> >>>>> RIP: 0010:__list_add_valid+0x53/0x80
> >>>>> Call Trace:
> >>>>>     <TASK>
> >>>>>     fb_deferred_io_mkwrite+0xea/0x150
> >>>>>     do_page_mkwrite+0x57/0xc0
> >>>>>     do_wp_page+0x278/0x2f0
> >>>>>     __handle_mm_fault+0xdc2/0x1590
> >>>>>     handle_mm_fault+0xdd/0x2c0
> >>>>>     do_user_addr_fault+0x1d3/0x650
> >>>>>     exc_page_fault+0x77/0x180
> >>>>>     ? asm_exc_page_fault+0x8/0x30
> >>>>>     asm_exc_page_fault+0x1e/0x30
> >>>>> RIP: 0033:0x7fd98fc8fad1
> >>>>> ==
> >>>>>
> >>>>> Figure out the race happens when one process is adding &page->lru into
> >>>>> the pagelist tail in fb_deferred_io_mkwrite(), another process is
> >>>>> re-initializing the same &page->lru in fb_deferred_io_fault(), which is
> >>>>> not protected by the lock.
> >>>>>
> >>>>> This fix is to init all the page lists one time during initialization,
> >>>>> it not only fixes the list corruption, but also avoids INIT_LIST_HEAD()
> >>>>> redundantly.
> >>>>>
> >>>>> Fixes: 105a940416fc ("fbdev/defio: Early-out if page is already enlisted")
> >>>>> Cc: Thomas Zimmermann <tzimmermann@suse.de>
> >>>>> Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>
> >>>>> ---
> >>>>>     drivers/video/fbdev/core/fb_defio.c | 9 ++++++++-
> >>>>>     1 file changed, 8 insertions(+), 1 deletion(-)
> >>>>>
> >>>>> diff --git a/drivers/video/fbdev/core/fb_defio.c
> >> b/drivers/video/fbdev/core/fb_defio.c
> >>>>> index 98b0f23bf5e2..eafb66ca4f28 100644
> >>>>> --- a/drivers/video/fbdev/core/fb_defio.c
> >>>>> +++ b/drivers/video/fbdev/core/fb_defio.c
> >>>>> @@ -59,7 +59,6 @@ static vm_fault_t fb_deferred_io_fault(struct
> vm_fault *vmf)
> >>>>>     		printk(KERN_ERR "no mapping available\n");
> >>>>>
> >>>>>     	BUG_ON(!page->mapping);
> >>>>> -	INIT_LIST_HEAD(&page->lru);
> >>>>>     	page->index = vmf->pgoff;
> >>>>>
> >>>>>     	vmf->page = page;
> >>>>> @@ -220,6 +219,8 @@ static void fb_deferred_io_work(struct
> work_struct *work)
> >>>>>     void fb_deferred_io_init(struct fb_info *info)
> >>>>>     {
> >>>>>     	struct fb_deferred_io *fbdefio = info->fbdefio;
> >>>>> +	struct page *page;
> >>>>> +	int i;
> >>>>>
> >>>>>     	BUG_ON(!fbdefio);
> >>>>>     	mutex_init(&fbdefio->lock);
> >>>>> @@ -227,6 +228,12 @@ void fb_deferred_io_init(struct fb_info *info)
> >>>>>     	INIT_LIST_HEAD(&fbdefio->pagelist);
> >>>>>     	if (fbdefio->delay == 0) /* set a default of 1 s */
> >>>>>     		fbdefio->delay = HZ;
> >>>>> +
> >>>>> +	/* initialize all the page lists one time */
> >>>>> +	for (i = 0; i < info->fix.smem_len; i += PAGE_SIZE) {
> >>>>> +		page = fb_deferred_io_page(info, i);
> >>>>> +		INIT_LIST_HEAD(&page->lru);
> >>>>> +	}
> >>>>>     }
> >>>>>     EXPORT_SYMBOL_GPL(fb_deferred_io_init);
> >>>>>
> >>>> Applying your patch on top of current Linus’ master branch, tty0 is
> >>>> unusable and looks frozen. Sometimes network card still works, sometimes
> >>>> not.
> >>>
> >>> I don't see how the patch would cause below BUG call stack, need some
> time to
> >>> debug. Just few comments:
> >>> 1. Will the system work well without this patch?
> >>
> >> Yes, the framebuffer works well without the patch.
> >>
> >>> 2. When you are sure the patch causes the regression you saw, please get
> free
> >> to submit one reverted patch, thanks : )
> >>
> >> I think you for patch wasn’t submitted yet – at least not pulled by Linus.
> > The patch has been in drm-tip, could you have a try with the latest drm-tip to
> see if the
> > Framebuffer works well, in that case, we could revert it in drm-tip then.
> 
> With drm-tip (drm-tip: 2022y-03m-29d-13h-14m-35s UTC integration
> manifest) everything works fine. (I had to disable amdgpu driver, as it
> failed to build.) Is anyone able to explain that?

My patch is for fixing another patch which is in the drm-tip at least, so I assume
applying my patch into Linus tree directly is not completely proper.
That's my intention of asking your help for retesting drm-tip.

You mean everything working fine means another issue you hit is also gone?

Best Regards
Chuansheng

Paul Menzel March 31, 2022, 8:21 a.m. UTC | #10

Dear Chuansheng,


Am 31.03.22 um 02:06 schrieb Liu, Chuansheng:

>> -----Original Message-----
>> From: Paul Menzel <pmenzel@molgen.mpg.de>
>> Sent: Thursday, March 31, 2022 12:47 AM

[…]

>> Am 29.03.22 um 01:58 schrieb Liu, Chuansheng:
>>
>>>> -----Original Message-----
>>>> From: Paul Menzel
>>>> Sent: Monday, March 28, 2022 2:15 PM
>>
>>>> Am 28.03.22 um 02:58 schrieb Liu, Chuansheng:
>>>>
>>>>>> -----Original Message-----
>>>>
>>>>>> Sent: Saturday, March 26, 2022 4:11 PM
>>>>
>>>>>> Am 17.03.22 um 06:46 schrieb Chuansheng Liu:
>>>>>>> Easily hit the below list corruption:
>>>>>>> ==
>>>>>>> list_add corruption. prev->next should be next (ffffffffc0ceb090), but
>>>>>>> was ffffec604507edc8. (prev=ffffec604507edc8).
>>>>>>> WARNING: CPU: 65 PID: 3959 at lib/list_debug.c:26
>>>>>>> __list_add_valid+0x53/0x80
>>>>>>> CPU: 65 PID: 3959 Comm: fbdev Tainted: G     U
>>>>>>> RIP: 0010:__list_add_valid+0x53/0x80
>>>>>>> Call Trace:
>>>>>>>      <TASK>
>>>>>>>      fb_deferred_io_mkwrite+0xea/0x150
>>>>>>>      do_page_mkwrite+0x57/0xc0
>>>>>>>      do_wp_page+0x278/0x2f0
>>>>>>>      __handle_mm_fault+0xdc2/0x1590
>>>>>>>      handle_mm_fault+0xdd/0x2c0
>>>>>>>      do_user_addr_fault+0x1d3/0x650
>>>>>>>      exc_page_fault+0x77/0x180
>>>>>>>      ? asm_exc_page_fault+0x8/0x30
>>>>>>>      asm_exc_page_fault+0x1e/0x30
>>>>>>> RIP: 0033:0x7fd98fc8fad1
>>>>>>> ==
>>>>>>>
>>>>>>> Figure out the race happens when one process is adding &page->lru into
>>>>>>> the pagelist tail in fb_deferred_io_mkwrite(), another process is
>>>>>>> re-initializing the same &page->lru in fb_deferred_io_fault(), which is
>>>>>>> not protected by the lock.
>>>>>>>
>>>>>>> This fix is to init all the page lists one time during initialization,
>>>>>>> it not only fixes the list corruption, but also avoids INIT_LIST_HEAD()
>>>>>>> redundantly.
>>>>>>>
>>>>>>> Fixes: 105a940416fc ("fbdev/defio: Early-out if page is already enlisted")
>>>>>>> Cc: Thomas Zimmermann <tzimmermann@suse.de>
>>>>>>> Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>
>>>>>>> ---
>>>>>>>      drivers/video/fbdev/core/fb_defio.c | 9 ++++++++-
>>>>>>>      1 file changed, 8 insertions(+), 1 deletion(-)
>>>>>>>
>>>>>>> diff --git a/drivers/video/fbdev/core/fb_defio.c b/drivers/video/fbdev/core/fb_defio.c
>>>>>>> index 98b0f23bf5e2..eafb66ca4f28 100644
>>>>>>> --- a/drivers/video/fbdev/core/fb_defio.c
>>>>>>> +++ b/drivers/video/fbdev/core/fb_defio.c
>>>>>>> @@ -59,7 +59,6 @@ static vm_fault_t fb_deferred_io_fault(struct vm_fault *vmf)
>>>>>>>      		printk(KERN_ERR "no mapping available\n");
>>>>>>>
>>>>>>>      	BUG_ON(!page->mapping);
>>>>>>> -	INIT_LIST_HEAD(&page->lru);
>>>>>>>      	page->index = vmf->pgoff;
>>>>>>>
>>>>>>>      	vmf->page = page;
>>>>>>> @@ -220,6 +219,8 @@ static void fb_deferred_io_work(struct work_struct *work)
>>>>>>>      void fb_deferred_io_init(struct fb_info *info)
>>>>>>>      {
>>>>>>>      	struct fb_deferred_io *fbdefio = info->fbdefio;
>>>>>>> +	struct page *page;
>>>>>>> +	int i;
>>>>>>>
>>>>>>>      	BUG_ON(!fbdefio);
>>>>>>>      	mutex_init(&fbdefio->lock);
>>>>>>> @@ -227,6 +228,12 @@ void fb_deferred_io_init(struct fb_info *info)
>>>>>>>      	INIT_LIST_HEAD(&fbdefio->pagelist);
>>>>>>>      	if (fbdefio->delay == 0) /* set a default of 1 s */
>>>>>>>      		fbdefio->delay = HZ;
>>>>>>> +
>>>>>>> +	/* initialize all the page lists one time */
>>>>>>> +	for (i = 0; i < info->fix.smem_len; i += PAGE_SIZE) {
>>>>>>> +		page = fb_deferred_io_page(info, i);
>>>>>>> +		INIT_LIST_HEAD(&page->lru);
>>>>>>> +	}
>>>>>>>      }
>>>>>>>      EXPORT_SYMBOL_GPL(fb_deferred_io_init);
>>>>>>>
>>>>>> Applying your patch on top of current Linus’ master branch, tty0 is
>>>>>> unusable and looks frozen. Sometimes network card still works, sometimes
>>>>>> not.
>>>>>
>>>>> I don't see how the patch would cause below BUG call stack, need some time to
>>>>> debug. Just few comments:
>>>>> 1. Will the system work well without this patch?
>>>>
>>>> Yes, the framebuffer works well without the patch.
>>>>
>>>>> 2. When you are sure the patch causes the regression you saw, please get free
>>>> to submit one reverted patch, thanks : )
>>>>
>>>> I think you for patch wasn’t submitted yet – at least not pulled by Linus.
>>> The patch has been in drm-tip, could you have a try with the latest drm-tip to see
>>> if the Framebuffer works well, in that case, we could revert it in drm-tip then.
>>
>> With drm-tip (drm-tip: 2022y-03m-29d-13h-14m-35s UTC integration
>> manifest) everything works fine. (I had to disable amdgpu driver, as it
>> failed to build.) Is anyone able to explain that?
> 
> My patch is for fixing another patch which is in the drm-tip at least,

The referenced commit 105a940416fc in the Fixes tag is also in Linus’ 
master branch.

> so I assume applying my patch into Linus tree directly is not
> completely proper. That's my intention of asking your help for
> retesting drm-tip.
If there were such a relation, that would need to be documented in the 
commit message.

> You mean everything working fine means another issue you hit is also
> gone?
No, I just mean the hang when applying your patch.

Anyway, after figuring out, that drm-tip, is actually not behind Linus’ 
master branch, I tried to figure out the differences, and it turns out 
it’s also related to commit fac54e2bfb5b (x86/Kconfig: Select 
HAVE_ARCH_HUGE_VMALLOC with HAVE_ARCH_HUGE_VMAP) [1], which is in Linus’ 
master branch, but not drm-tip. Note, I am using a 32-bit user space and 
a 64-bit Linux kernel. Reverting commit fac54e2bfb5b, and having your 
patch a applied, the hang is gone.

I am adding the people involved in the other discussion to make them 
aware of this failure case.


Kind regards,

Paul


[1]: https://linux-regtracking.leemhuis.info/regzbot/mainline/

Chuansheng Liu March 31, 2022, 8:39 a.m. UTC | #11

Hi Paul,

> -----Original Message-----
> From: dri-devel <dri-devel-bounces@lists.freedesktop.org> On Behalf Of Paul
> Menzel
> Sent: Thursday, March 31, 2022 4:22 PM
> To: Liu, Chuansheng <chuansheng.liu@intel.com>
> Cc: linux-fbdev@vger.kernel.org; Dave Hansen <dave.hansen@linux.intel.com>;
> akpm@linux-foundation.org; daniel@iogearbox.net; linux-mm@kvack.org;
> netdev@vger.kernel.org; deller@gmx.de; x86@kernel.org; ast@kernel.org; dri-
> devel@lists.freedesktop.org; andrii@kernel.org; Song Liu <song@kernel.org>;
> Ingo Molnar <mingo@redhat.com>; Thomas Gleixner <tglx@linutronix.de>;
> tzimmermann@suse.de; Borislav Petkov <bp@alien8.de>; bpf@vger.kernel.org;
> Edgecombe, Rick P <rick.p.edgecombe@intel.com>; kernel-team@fb.com
> Subject: Re: [PATCH] fbdev: defio: fix the pagelist corruption
> 
> Dear Chuansheng,
> 
> 
> Am 31.03.22 um 02:06 schrieb Liu, Chuansheng:
> 
> >> -----Original Message-----
> >> From: Paul Menzel <pmenzel@molgen.mpg.de>
> >> Sent: Thursday, March 31, 2022 12:47 AM
> 
> […]
> 
> >> Am 29.03.22 um 01:58 schrieb Liu, Chuansheng:
> >>
> >>>> -----Original Message-----
> >>>> From: Paul Menzel
> >>>> Sent: Monday, March 28, 2022 2:15 PM
> >>
> >>>> Am 28.03.22 um 02:58 schrieb Liu, Chuansheng:
> >>>>
> >>>>>> -----Original Message-----
> >>>>
> >>>>>> Sent: Saturday, March 26, 2022 4:11 PM
> >>>>
> >>>>>> Am 17.03.22 um 06:46 schrieb Chuansheng Liu:
> >>>>>>> Easily hit the below list corruption:
> >>>>>>> ==
> >>>>>>> list_add corruption. prev->next should be next (ffffffffc0ceb090), but
> >>>>>>> was ffffec604507edc8. (prev=ffffec604507edc8).
> >>>>>>> WARNING: CPU: 65 PID: 3959 at lib/list_debug.c:26
> >>>>>>> __list_add_valid+0x53/0x80
> >>>>>>> CPU: 65 PID: 3959 Comm: fbdev Tainted: G     U
> >>>>>>> RIP: 0010:__list_add_valid+0x53/0x80
> >>>>>>> Call Trace:
> >>>>>>>      <TASK>
> >>>>>>>      fb_deferred_io_mkwrite+0xea/0x150
> >>>>>>>      do_page_mkwrite+0x57/0xc0
> >>>>>>>      do_wp_page+0x278/0x2f0
> >>>>>>>      __handle_mm_fault+0xdc2/0x1590
> >>>>>>>      handle_mm_fault+0xdd/0x2c0
> >>>>>>>      do_user_addr_fault+0x1d3/0x650
> >>>>>>>      exc_page_fault+0x77/0x180
> >>>>>>>      ? asm_exc_page_fault+0x8/0x30
> >>>>>>>      asm_exc_page_fault+0x1e/0x30
> >>>>>>> RIP: 0033:0x7fd98fc8fad1
> >>>>>>> ==
> >>>>>>>
> >>>>>>> Figure out the race happens when one process is adding &page->lru
> into
> >>>>>>> the pagelist tail in fb_deferred_io_mkwrite(), another process is
> >>>>>>> re-initializing the same &page->lru in fb_deferred_io_fault(), which is
> >>>>>>> not protected by the lock.
> >>>>>>>
> >>>>>>> This fix is to init all the page lists one time during initialization,
> >>>>>>> it not only fixes the list corruption, but also avoids INIT_LIST_HEAD()
> >>>>>>> redundantly.
> >>>>>>>
> >>>>>>> Fixes: 105a940416fc ("fbdev/defio: Early-out if page is already
> enlisted")
> >>>>>>> Cc: Thomas Zimmermann <tzimmermann@suse.de>
> >>>>>>> Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>
> >>>>>>> ---
> >>>>>>>      drivers/video/fbdev/core/fb_defio.c | 9 ++++++++-
> >>>>>>>      1 file changed, 8 insertions(+), 1 deletion(-)
> >>>>>>>
> >>>>>>> diff --git a/drivers/video/fbdev/core/fb_defio.c
> b/drivers/video/fbdev/core/fb_defio.c
> >>>>>>> index 98b0f23bf5e2..eafb66ca4f28 100644
> >>>>>>> --- a/drivers/video/fbdev/core/fb_defio.c
> >>>>>>> +++ b/drivers/video/fbdev/core/fb_defio.c
> >>>>>>> @@ -59,7 +59,6 @@ static vm_fault_t fb_deferred_io_fault(struct
> vm_fault *vmf)
> >>>>>>>      		printk(KERN_ERR "no mapping available\n");
> >>>>>>>
> >>>>>>>      	BUG_ON(!page->mapping);
> >>>>>>> -	INIT_LIST_HEAD(&page->lru);
> >>>>>>>      	page->index = vmf->pgoff;
> >>>>>>>
> >>>>>>>      	vmf->page = page;
> >>>>>>> @@ -220,6 +219,8 @@ static void fb_deferred_io_work(struct
> work_struct *work)
> >>>>>>>      void fb_deferred_io_init(struct fb_info *info)
> >>>>>>>      {
> >>>>>>>      	struct fb_deferred_io *fbdefio = info->fbdefio;
> >>>>>>> +	struct page *page;
> >>>>>>> +	int i;
> >>>>>>>
> >>>>>>>      	BUG_ON(!fbdefio);
> >>>>>>>      	mutex_init(&fbdefio->lock);
> >>>>>>> @@ -227,6 +228,12 @@ void fb_deferred_io_init(struct fb_info *info)
> >>>>>>>      	INIT_LIST_HEAD(&fbdefio->pagelist);
> >>>>>>>      	if (fbdefio->delay == 0) /* set a default of 1 s */
> >>>>>>>      		fbdefio->delay = HZ;
> >>>>>>> +
> >>>>>>> +	/* initialize all the page lists one time */
> >>>>>>> +	for (i = 0; i < info->fix.smem_len; i += PAGE_SIZE) {
> >>>>>>> +		page = fb_deferred_io_page(info, i);
> >>>>>>> +		INIT_LIST_HEAD(&page->lru);
> >>>>>>> +	}
> >>>>>>>      }
> >>>>>>>      EXPORT_SYMBOL_GPL(fb_deferred_io_init);
> >>>>>>>
> >>>>>> Applying your patch on top of current Linus’ master branch, tty0 is
> >>>>>> unusable and looks frozen. Sometimes network card still works,
> sometimes
> >>>>>> not.
> >>>>>
> >>>>> I don't see how the patch would cause below BUG call stack, need some
> time to
> >>>>> debug. Just few comments:
> >>>>> 1. Will the system work well without this patch?
> >>>>
> >>>> Yes, the framebuffer works well without the patch.
> >>>>
> >>>>> 2. When you are sure the patch causes the regression you saw, please get
> free
> >>>> to submit one reverted patch, thanks : )
> >>>>
> >>>> I think you for patch wasn’t submitted yet – at least not pulled by Linus.
> >>> The patch has been in drm-tip, could you have a try with the latest drm-tip
> to see
> >>> if the Framebuffer works well, in that case, we could revert it in drm-tip then.
> >>
> >> With drm-tip (drm-tip: 2022y-03m-29d-13h-14m-35s UTC integration
> >> manifest) everything works fine. (I had to disable amdgpu driver, as it
> >> failed to build.) Is anyone able to explain that?
> >
> > My patch is for fixing another patch which is in the drm-tip at least,
> 
> The referenced commit 105a940416fc in the Fixes tag is also in Linus’
> master branch.
> 
> > so I assume applying my patch into Linus tree directly is not
> > completely proper. That's my intention of asking your help for
> > retesting drm-tip.
> If there were such a relation, that would need to be documented in the
> commit message.
You should have seen it : )

> 
> > You mean everything working fine means another issue you hit is also
> > gone?
> No, I just mean the hang when applying your patch.
> 
> Anyway, after figuring out, that drm-tip, is actually not behind Linus’
> master branch, I tried to figure out the differences, and it turns out
> it’s also related to commit fac54e2bfb5b (x86/Kconfig: Select
> HAVE_ARCH_HUGE_VMALLOC with HAVE_ARCH_HUGE_VMAP) [1], which is in
> Linus’
> master branch, but not drm-tip. Note, I am using a 32-bit user space and
> a 64-bit Linux kernel. Reverting commit fac54e2bfb5b, and having your
> patch a applied, the hang is gone.
Good to know you have figured it out, and the issue you hit is not related to
my patch : )

> 
> I am adding the people involved in the other discussion to make them
> aware of this failure case.
> 
> 
> Kind regards,
> 
> Paul
> 
> 
> [1]: https://linux-regtracking.leemhuis.info/regzbot/mainline/

Patch

diff --git a/drivers/video/fbdev/core/fb_defio.c b/drivers/video/fbdev/core/fb_defio.c
index 98b0f23bf5e2..eafb66ca4f28 100644
--- a/drivers/video/fbdev/core/fb_defio.c
+++ b/drivers/video/fbdev/core/fb_defio.c
@@ -59,7 +59,6 @@  static vm_fault_t fb_deferred_io_fault(struct vm_fault *vmf)
 		printk(KERN_ERR "no mapping available\n");
 
 	BUG_ON(!page->mapping);
-	INIT_LIST_HEAD(&page->lru);
 	page->index = vmf->pgoff;
 
 	vmf->page = page;
@@ -220,6 +219,8 @@  static void fb_deferred_io_work(struct work_struct *work)
 void fb_deferred_io_init(struct fb_info *info)
 {
 	struct fb_deferred_io *fbdefio = info->fbdefio;
+	struct page *page;
+	int i;
 
 	BUG_ON(!fbdefio);
 	mutex_init(&fbdefio->lock);
@@ -227,6 +228,12 @@  void fb_deferred_io_init(struct fb_info *info)
 	INIT_LIST_HEAD(&fbdefio->pagelist);
 	if (fbdefio->delay == 0) /* set a default of 1 s */
 		fbdefio->delay = HZ;
+
+	/* initialize all the page lists one time */
+	for (i = 0; i < info->fix.smem_len; i += PAGE_SIZE) {
+		page = fb_deferred_io_page(info, i);
+		INIT_LIST_HEAD(&page->lru);
+	}
 }
 EXPORT_SYMBOL_GPL(fb_deferred_io_init);