Bug#1000616: Kernel list_del corruption. next->prev should be ...

To: Kai Lüke <kailueke@riseup.net>, 1000616@bugs.debian.org
Subject: Bug#1000616: Kernel list_del corruption. next->prev should be ...
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 25 Nov 2021 22:47:14 +0100
Message-id: <[🔎] YaAEYvnQ1NXHgut6@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1000616@bugs.debian.org
In-reply-to: <[🔎] b24d6b18-84f3-7985-ebfb-f615345e8175@riseup.net>
References: <[🔎] b24d6b18-84f3-7985-ebfb-f615345e8175@riseup.net> <[🔎] b24d6b18-84f3-7985-ebfb-f615345e8175@riseup.net>

Control: tags -1 + moreinfo

Hi Kai,

On Thu, Nov 25, 2021 at 10:32:08PM +0100, Kai Lüke wrote:
> Package: linux-image-5.15.0-1-amd64
> Version: 5.15.3-1
> 
> I often hit this bug here, often shortly before others are hit which render
> the system unusable.
> Here the dmesg log section from pstore:
> 
> 
> <3>[  257.036085] list_del corruption. next->prev should be
> ffffdfd4c8b732c8, but was ffff98adb59f5830
> <4>[  257.036115] ------------[ cut here ]------------
> <2>[  257.036117] kernel BUG at lib/list_debug.c:54!
> <4>[  257.036129] invalid opcode: 0000 [#1] SMP NOPTI
> <4>[  257.036137] CPU: 1 PID: 3955 Comm: xdg-document-po Tainted: G         
> I       5.15.0-1-amd64 #1  Debian 5.15.3-1
> <4>[  257.036146] Hardware name: LENOVO 20CLS2LJ00/20CLS2LJ00, BIOS N10ET38W
> (1.17 ) 08/20/2015
> <4>[  257.036150] RIP: 0010:__list_del_entry_valid.cold+0x1d/0x47
> <4>[  257.036164] Code: c7 c7 d8 c5 d5 aa e8 32 f7 fe ff 0f 0b 48 89 fe 48
> c7 c7 68 c6 d5 aa e8 21 f7 fe ff 0f 0b 48 c7 c7 18 c7 d5 aa e8 13 f7 fe ff
> <0f> 0b 48 89 f2 48 89 fe 48 c7 c7 d8 c6 d5 aa e8 ff f6 fe ff 0f 0b
> <4>[  257.036170] RSP: 0018:ffffa6ba0182b958 EFLAGS: 00010046
> <4>[  257.036178] RAX: 0000000000000054 RBX: ffffa6ba0182bab0 RCX:
> 0000000000000000
> dmesg-efi-163787479303001:
> Oops#1 Part3
> <4>[  257.036183] RDX: 0000000000000000 RSI: ffff98afc5c60880 RDI:
> ffff98afc5c60880
> <4>[  257.036188] RBP: ffffdfd4c8b732c0 R08: 0000000000000000 R09:
> ffffa6ba0182b788
> <4>[  257.036192] R10: ffffa6ba0182b780 R11: ffffffffab2d21c8 R12:
> 0000000000000002
> <4>[  257.036197] R13: ffffa6ba0182bae0 R14: ffffa6ba0182b998 R15:
> ffffdfd4c8b73248
> <4>[  257.036202] FS:  00007f3313ed5380(0000) GS:ffff98afc5c40000(0000)
> knlGS:0000000000000000
> <4>[  257.036208] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> <4>[  257.036213] CR2: 00007f5434002078 CR3: 0000000035acc005 CR4:
> 00000000003706e0
> <4>[  257.036219] Call Trace:
> <4>[  257.036224]  <TASK>
> <4>[  257.036228]  release_pages+0x2eb/0x510
> <4>[  257.036244]  __pagevec_release+0x1c/0x50
> <4>[  257.036254]  truncate_inode_pages_range+0x157/0x520
> <4>[  257.036264]  ? schedule+0x44/0xa0
> <4>[  257.036271]  ? schedule_hrtimeout_range_clock+0x9d/0x120
> <4>[  257.036281]  ? __inode_wait_for_writeback+0x7e/0xf0
> <4>[  257.036294]  fuse_evict_inode+0x16/0xd0 [fuse]
> <4>[  257.036320]  evict+0xce/0x180
> <4>[  257.036330]  __dentry_kill+0xe1/0x180
> <4>[  257.036337]  shrink_dentry_list+0x4e/0xc0
> <4>[  257.036344]  shrink_dcache_parent+0xd1/0x120
> <4>[  257.036352]  d_invalidate+0x66/0xe0
> <4>[  257.036359]  ? dput+0x32/0x300
> <4>[  257.036366]  fuse_reverse_inval_entry+0xbd/0x1e0 [fuse]
> <4>[  257.036385]  fuse_dev_do_write+0x54b/0xee0 [fuse]
> <4>[  257.036404]  ? __pollwait+0xd0/0xd0
> <4>[  257.036416]  fuse_dev_write+0x4f/0x80 [fuse]
> <4>[  257.036449]  do_iter_readv_writev+0x14f/0x1b0
> <4>[  257.036462]  do_iter_write+0x7c/0x1c0
> <4>[  257.036473]  vfs_writev+0xaa/0x140
> <4>[  257.036485]  ? ktime_get_ts64+0x49/0xf0
> <4>[  257.036494]  do_writev+0x6b/0x110
> <4>[  257.036505]  do_syscall_64+0x38/0xc0
> <4>[  257.036512]  entry_SYSCALL_64_after_hwframe+0x44/0xae
> dmesg-efi-163787479302001:
> Oops#1 Part2
> <4>[  257.036523] RIP: 0033:0x7f3314351a6d
> <4>[  257.036529] Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 6a f9
> f8 ff 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05
> <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 be f9 f8 ff 48
> <4>[  257.036535] RSP: 002b:00007ffde2997830 EFLAGS: 00000293 ORIG_RAX:
> 0000000000000014
> <4>[  257.036543] RAX: ffffffffffffffda RBX: 0000000000000003 RCX:
> 00007f3314351a6d
> <4>[  257.036547] RDX: 0000000000000003 RSI: 00007ffde29978a0 RDI:
> 0000000000000007
> <4>[  257.036552] RBP: 00007ffde29978a0 R08: 0000000000000000 R09:
> 00007f33145b82c0
> <4>[  257.036556] R10: 00007f33000033a0 R11: 0000000000000293 R12:
> 0000563a24a49690
> <4>[  257.036560] R13: 0000000000000003 R14: 00007f3300003440 R15:
> 0000563a24a1f8c0
> <4>[  257.036567]  </TASK>
> <4>[  257.036570] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer
> snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device
> xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp
> nft_compat iscsi_target_mod target_core_mod nft_masq nft_counter
> nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bridge stp
> llc nf_tables nfnetlink ctr bnep overlay ccm algif_aead des_generic libdes
> ecb algif_skcipher cpufreq_userspace cpufreq_powersave cmac cpufreq_ondemand
> cpufreq_conservative md4 algif_hash lz4 af_alg lz4_compress zram zsmalloc
> btusb btrtl btbcm btintel bluetooth jitterentropy_rng uvcvideo
> videobuf2_vmalloc videobuf2_memops sha512_ssse3 videobuf2_v4l2
> videobuf2_common sha512_generic videodev mc drbg ansi_cprng ecdh_generic ecc
> crc16 binfmt_misc nls_ascii nls_cp437 vfat fat joydev intel_rapl_msr
> intel_rapl_common mei_wdt x86_pkg_temp_thermal intel_powerclamp iwlmvm
> snd_ctl_led watchdog snd_hda_codec_realtek snd_hda_codec_generic
> snd_hda_codec_hdmi
> dmesg-efi-163787479301001:
> Oops#1 Part1
> <4>[  257.036705]  kvm_intel snd_hda_intel mei_hdcp mac80211 kvm
> snd_intel_dspcfg snd_intel_sdw_acpi irqbypass libarc4 snd_hda_codec rapl
> snd_hda_core intel_cstate iwlwifi snd_hwdep intel_uncore snd_pcm_oss
> snd_mixer_oss psmouse efi_pstore sg cfg80211 e1000e pcspkr thinkpad_acpi
> wmi_bmof snd_pcm mei_me intel_pch_thermal snd_timer nvram platform_profile
> ledtrig_audio lpc_ich snd ptp mei pps_core soundcore rfkill ac evdev button
> tcp_bbr sch_fq sunrpc fuse configfs ip_tables x_tables dm_crypt sd_mod
> t10_pi crc_t10dif crct10dif_generic i915 crct10dif_pclmul crct10dif_common
> crc32_pclmul ghash_clmulni_intel rtsx_pci_sdmmc mmc_core i2c_algo_bit ttm
> ahci drm_kms_helper xhci_pci libahci xhci_hcd libata cec rc_core aesni_intel
> drm ehci_pci ehci_hcd crypto_simd usbcore cryptd scsi_mod scsi_common
> serio_raw rtsx_pci usb_common wmi battery video btrfs blake2b_generic
> libcrc32c crc32c_generic crc32c_intel xor zstd_compress raid6_pq dm_mod
> pkcs8_key_parser uinput coretemp loop msr ledtrig_pattern ecryptfs
> <4>[  257.036884]  parport_pc ppdev lp parport efivarfs autofs4
> <4>[  257.036907] ---[ end trace 3e972949dae73a5f ]---

Can you retest this as well with the kernel in experimental based on
5.16-rc1? 

If you can reproduce it, can you please report it directly to upstream
(and keep us in the loop so we know about the status)?

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#1000616: Kernel list_del corruption. next->prev should be ...
  - From: Kai Lüke <kailueke@riseup.net>

References:
- Bug#1000616: Kernel list_del corruption. next->prev should be ...
  - From: Kai Lüke <kailueke@riseup.net>

Prev by Date: Processed: reassign 1000616 to linux
Next by Date: Processed: Re: Bug#1000616: Kernel list_del corruption. next->prev should be ...
Previous by thread: Bug#1000616: Kernel list_del corruption. next->prev should be ...
Next by thread: Bug#1000616: Kernel list_del corruption. next->prev should be ...
Index(es):
- Date
- Thread