Re: [PATCH v5 mm-new 0/6] mm: hugetlb: allocate frozen gigantic folio

[Zi Yan <ziy@nvidia.com>]

On 7 Jan 2026, at 12:31, Claudiu Beznea wrote:

> Hi,
>
> On 12/30/25 09:24, Kefeng Wang wrote:
>> Introduce alloc_contig_frozen_pages() and cma_alloc_frozen_compound()
>> which avoid atomic operation about page refcount, and then convert to
>> allocate frozen gigantic folio by the new helpers in hugetlb to cleanup
>> the alloc_gigantic_folio().
>
> I'm seeing the following issues on the Renesas RZ/G3S SoC when doing suspend to idle:
>
> [  129.539064] Freezing user space processes
> [  129.545037] Freezing user space processes completed (elapsed 0.005 seconds)
> [  129.552078] OOM killer disabled.
> [  129.555335] Freezing remaining freezable tasks
> [  129.561405] Freezing remaining freezable tasks completed (elapsed 0.001 seconds)
> [  129.636729] Unable to handle kernel paging request at virtual address dead000000000108

This is LIST_POISON1 + 8, namely at __list_del(), assigning to next->prev
caused the issue. This means list_del() has been performed on page->pcplist,
since list_del() sets ->next to LIST_POISON1.

> [  129.644674] Mem abort info:
> [  129.647456]   ESR = 0x0000000096000044
> [  129.651190]   EC = 0x25: DABT (current EL), IL = 32 bits
> [  129.656482]   SET = 0, FnV = 0
> [  129.659523]   EA = 0, S1PTW = 0
> [  129.662650]   FSC = 0x04: level 0 translation fault
> [  129.667507] Data abort info:
> [  129.670374]   ISV = 0, ISS = 0x00000044, ISS2 = 0x00000000
> [  129.675837]   CM = 0, WnR = 1, TnD = 0, TagAccess = 0
> [  129.680867]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
> [  129.686158] [dead000000000108] address between user and kernel address ranges
> [  129.693267] Internal error: Oops: 0000000096000044 [#1]  SMP
> [  129.698905] Modules linked in: nvme nvme_core snd_soc_simple_card snd_soc_simple_card_utils snd_soc_rz_ssi snd_soc_da7213 renesas_usbhs snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd soundcore rzg3s_thermal clk_vbattb rzg2l_adc rtc_renesas_rtca3 industrialio_adc sha256 cfg80211 bluetooth ecdh_generic ecc rfkill fuse drm backlight ipv6
> [  129.730189] CPU: 0 UID: 0 PID: 282 Comm: python3 Not tainted 6.19.0-rc4-next-20260107-00002-g608ca48d0994 #1 PREEMPT
> [  129.740765] Hardware name: Renesas SMARC EVK version 2 based on r9a08g045s33 (DT)
> [  129.748223] pstate: a04000c5 (NzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> [  129.755160] pc : free_pcppages_bulk+0x12c/0x204
> [  129.759701] lr : free_pcppages_bulk+0x168/0x204
> [  129.764219] sp : ffff80008392b7e0
> [  129.767520] x29: ffff80008392b7e0 x28: ffff00003cff96b0 x27: ffff00003fe25700
> [  129.774638] x26: ffff800081e66bd8 x25: 0000000000000001 x24: 0000000000000025
> [  129.781755] x23: ffff00003cff9680 x22: ffff00003cff9690 x21: dead000000000100
> [  129.788872] x20: 0000000000000001 x19: 0000000000000000 x18: 0000000000000020
> [  129.795989] x17: ffff00000f3d0a00 x16: 0000000000000006 x15: 000000e7ebec93d2
> [  129.803106] x14: 0000000000000005 x13: dead000000000100 x12: 0000000000000038
> [  129.810223] x11: 0000000000000000 x10: 0000000000000001 x9 : 0000000000000000
> [  129.817339] x8 : 0000000000000000 x7 : ffff00003fe258a8 x6 : dead000000000122
> [  129.824456] x5 : dead000000000122 x4 : ffff00003fe14628 x3 : fffffdffc0f799c8
> [  129.831573] x2 : 0401010101010101 x1 : 000000000007de67 x0 : fffffdffc0f799c0
> [  129.838691] Call trace:
> [  129.841129]  free_pcppages_bulk+0x12c/0x204 (P)
> [  129.845653]  free_frozen_page_commit.constprop.0+0x27c/0x478
> [  129.851300]  __free_frozen_pages+0x1a0/0x63c
> [  129.855562]  free_contig_frozen_range+0xd0/0x118
> [  129.860165]  cma_release+0x7c/0xd8
> [  129.863568]  dma_free_contiguous+0x2c/0x74
> [  129.867657]  dma_direct_free+0xd8/0x1b0
> [  129.871482]  dma_free_attrs+0x84/0xf8
> [  129.875140]  ravb_ring_free+0x5c/0x1b4
> [  129.878888]  ravb_close+0x12c/0x1d4
> [  129.882368]  ravb_suspend+0x60/0x16c
> [  129.885935]  device_suspend+0x148/0x3f4
> [  129.889766]  dpm_suspend+0x1b0/0x2ac
> [  129.893332]  dpm_suspend_start+0x54/0x70
> [  129.897245]  suspend_devices_and_enter+0x124/0x4b8
> [  129.902026]  pm_suspend+0x1a4/0x1f0
> [  129.905506]  state_store+0x8c/0x110
> [  129.908985]  kobj_attr_store+0x18/0x2c
> [  129.912727]  sysfs_kf_write+0x7c/0x94
> [  129.916384]  kernfs_fop_write_iter+0x128/0x1b8
> [  129.920815]  vfs_write+0x2ac/0x350
> [  129.924210]  ksys_write+0x68/0xfc
> [  129.927517]  __arm64_sys_write+0x1c/0x28
> [  129.931431]  invoke_syscall+0x48/0x10c
> [  129.935177]  el0_svc_common.constprop.0+0xc0/0xe0
> [  129.939871]  do_el0_svc+0x1c/0x28
> [  129.943180]  el0_svc+0x34/0x10c
> [  129.946319]  el0t_64_sync_handler+0xa0/0xe4
> [  129.950492]  el0t_64_sync+0x198/0x19c
>
> Using ./scripts/decode_stacktrace.sh on this leads to the following output:
>
> ./scripts/decode_stacktrace.sh build-arm64/vmlinux < out
> [  490.453272] Call trace:
> [  490.455711]  free_pcppages_bulk (include/linux/list.h:203 include/linux/list.h:226 include/linux/list.h:237 mm/page_alloc.c:1525) (P)
> [  490.460234]  free_frozen_page_commit.constprop.0 (include/linux/spinlock.h:392 mm/page_alloc.c:2919)
> [  490.465881]  __free_frozen_pages (mm/page_alloc.c:3003)
> [  490.470143]  free_contig_frozen_range (mm/page_alloc.c:6977 mm/page_alloc.c:7379)
> [  490.474747]  cma_release (mm/cma.c:996 mm/cma.c:1025)
> [  490.478149]  dma_free_contiguous (kernel/dma/contiguous.c:430)
> [  490.482240]  dma_direct_free (kernel/dma/direct.c:351)
> [  490.486064]  dma_free_attrs (kernel/dma/mapping.c:688)
> [  490.489723]  ravb_ring_free (drivers/net/ethernet/renesas/ravb_main.c:249 drivers/net/ethernet/renesas/ravb_main.c:260)
> [  490.493469]  ravb_close (drivers/net/ethernet/renesas/ravb_main.c:2406)
> [  490.496950]  ravb_suspend (drivers/net/ethernet/renesas/ravb_main.c:3225)
> [  490.500516]  device_suspend (drivers/base/power/main.c:504 drivers/base/power/main.c:1965)
> [  490.504347]  dpm_suspend (drivers/base/power/main.c:2049)
> [  490.507916]  dpm_suspend_start (drivers/base/power/main.c:2282)
> [  490.511829]  suspend_devices_and_enter (kernel/power/suspend.c:523)
> [  490.516609]  pm_suspend (kernel/power/suspend.c:621 kernel/power/suspend.c:644)
> [  490.520088]  state_store (kernel/power/main.c:819)
> [  490.523568]  kobj_attr_store (lib/kobject.c:842)
> [  490.527310]  sysfs_kf_write (fs/sysfs/file.c:143)
> [  490.530967]  kernfs_fop_write_iter (fs/kernfs/file.c:352)
> [  490.535398]  vfs_write (fs/read_write.c:593 fs/read_write.c:686)
> [  490.538793]  ksys_write (fs/read_write.c:738)
> [  490.542101]  __arm64_sys_write (fs/read_write.c:746)
> [  490.546014]  invoke_syscall (arch/arm64/include/asm/current.h:19 arch/arm64/kernel/syscall.c:54)
> [  490.549762]  el0_svc_common.constprop.0 (arch/arm64/kernel/syscall.c:70)
> [  490.554454]  do_el0_svc (arch/arm64/kernel/syscall.c:152)
> [  490.557763]  el0_svc (arch/arm64/include/asm/irqflags.h:55 arch/arm64/include/asm/irqflags.h:76 arch/arm64/kernel/entry-common.c:80 arch/arm64/kernel/entry-common.c:725)
> [  490.560901]  el0t_64_sync_handler (arch/arm64/kernel/entry-common.c:744)
> [  490.565074]  el0t_64_sync (arch/arm64/kernel/entry.S:596)
>
> Reverting this series leads to no more failures. Should things be handled differently now in the drivers? Do you consider there is something buggy in the ravb driver?

Is it possible to do a bisect? That would help find the issue. I think
the series does not intend to change how existing cma_* APIs behave.

Thanks.

Best Regards,
Yan, Zi