Re: [linus:master] [hugetlb] 7118fc2906: kernel_BUG_at_lib/list_debug.c

From: Feng Tang
Date: Tue Jan 17 2023 - 07:23:13 EST

On Tue, Jan 17, 2023 at 04:01:08PM +0800, Tang, Feng wrote:
> On Tue, Jan 17, 2023 at 03:39:15PM +0800, Vlastimil Babka wrote:
> > On 1/17/23 08:10, kernel test robot wrote:
> > >
> > > +Vlastimil Babka, Hyeonggon Yoo, Feng Tang and Fengwei Yin
> > >
> > > Hi, Mike Kravetz,
> > >
> > > we reported
> > > "[linus:master] [mm, slub] 0af8489b02: kernel_BUG_at_include/linux/mm.h" [1]
> > >
> > > Vlastimil, Hyeonggon, Feng and Fengwei gave us a lot of great guidances based on
> > > it, and, perticularly, after enabling below config per Vlastimil's suggestion
> > > CONFIG_DEBUG_PAGEALLOC
> > > CONFIG_DEBUG_PAGEALLOC_ENABLE_DEFAULT
> > > CONFIG_SLUB_DEBUG
> > > CONFIG_SLUB_DEBUG_ON
> > > by more tests, we realized the "0af8489b02" is not the real culprit.
> > >
> > > the new bisection was triggered and finally it pointed to this "7118fc2906".
> > >
> > > though reporting for different issues
> > > ("kernel_BUG_at_include/linux/mm.h" for 0af8489b02 vs.
> > > "kernel_BUG_at_lib/list_debug.c" for this commit),
> > > Feng and Fengwei helped further to confirm they are similar.
> > > They will supply more technical wise analysis later.
> > >
> > > please be noted the issues are not always happening
> > > (~10% on this commit or 0af8489b02)
> >
> > Great find! Looking at the commit, I'd bet the only part relevant to our bug
> > is the "by the way we remove setting refcount to zero on tail pages which
> > should already be zero":
> >
> > > diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> > > index db00ee8d79d2..eeff64843718 100644
> > > --- a/mm/page_alloc.c
> > > +++ b/mm/page_alloc.c
> > > @@ -754,7 +754,6 @@ void prep_compound_page(struct page *page, unsigned int order)
> > > __SetPageHead(page);
> > > for (i = 1; i < nr_pages; i++) {
> > > struct page *p = page + i;
> > > - set_page_count(p, 0);
> > > p->mapping = TAIL_MAPPING;
> > > set_compound_head(p, page);
> > > }
> >
> > So either the assumption of refcount being already 0 is wrong (shouldn't be,
> > AFAIK?), or this atomic operation effectively prevents some very subtle race
> > (although IIRC atomic_set() has no barrier semantics defined, it could still
> > affect a specific CPU?
>
> Yes, "set_page_count(p, 0);" seems to be what matters here. Restoring
> it make the list corruption issue not reproducable for 300+ runs.
>
> And back in debugging 0af8489b02, the thing was similar that if we
> added some code inside prep_compound_page(), the issue also can't
> be reproduced.
>
> So this 7118fc2906 seems just 'expose' the problem on i386, and is
> not the root cause.
>
> I suspect it is related with i386 compiling, based on the debug and
> memory dump. I'm doing some compiler option and adding memory
> barrier in prep_compound_page(), and will update when the test run
> is done.

With the following patch to use 'O1' instead 'O2' gcc optoin for
page_alloc.c, the list corruption issue can't be reproduced for
commit 7118fc2906 in 1000 runs.

Oliver has reproduced it for v6.0, applying the same patch can also
make the issue gone.

As is can't be reproduced with X86_64 build, it could be i386
compiling related.

I also objdumped 'prep_compound_page' for vmlinux of 7118fc2906 and
its parent commit 48b8d744ea84, which have big difference than the
simple 'set_page_count()' change, but I can't tell which part is
abnormal, so attach them for further check.

---
diff --git a/mm/Makefile b/mm/Makefile
index 8e105e5b3e293..2b3780208e65d 100644
--- a/mm/Makefile
+++ b/mm/Makefile
@@ -36,6 +36,8 @@ KCOV_INSTRUMENT_failslab.o := n
CFLAGS_init-mm.o += $(call cc-disable-warning, override-init)
CFLAGS_init-mm.o += $(call cc-disable-warning, initializer-overrides)

+CFLAGS_page_alloc.o += -O1
+
mmu-y := nommu.o
mmu-$(CONFIG_MMU) := highmem.o memory.o mincore.o \
mlock.o mmap.o mmu_gather.o mprotect.o mremap.o \

Thanks,
Feng

>
> Thanks,
> Feng
>
> > I guess we could
> > - try to restore that set_page_count(p, 0); on current kernel to see if it
> > kills the bug
> > - instead of restoring it, add (only locally for purposes of the test) a
> > BUG_ON() if refcount is not zero already, and find out why if it triggers
> > (unfortunately might also appear to fix the bug even if it doesn't trigger).

c13b3b90 <prep_compound_page>:
c13b3b90: 55 push %ebp
c13b3b91: 89 e5 mov %esp,%ebp
c13b3b93: 57 push %edi
c13b3b94: 89 c7 mov %eax,%edi
c13b3b96: 56 push %esi
c13b3b97: 53 push %ebx
c13b3b98: 83 ec 14 sub $0x14,%esp
c13b3b9b: 83 fa 1f cmp $0x1f,%edx
c13b3b9e: 89 55 e4 mov %edx,-0x1c(%ebp)
c13b3ba1: 0f 87 33 31 ed 01 ja c3286cda <prep_compound_page.cold>
c13b3ba7: 0f b6 4d e4 movzbl -0x1c(%ebp),%ecx
c13b3bab: bb 01 00 00 00 mov $0x1,%ebx
c13b3bb0: d3 e3 shl %cl,%ebx
c13b3bb2: 83 3f ff cmpl $0xffffffff,(%edi)
c13b3bb5: 0f 84 65 02 00 00 je c13b3e20 <prep_compound_page+0x290>
c13b3bbb: 83 05 d0 28 6c c5 01 addl $0x1,0xc56c28d0
c13b3bc2: 83 15 d4 28 6c c5 00 adcl $0x0,0xc56c28d4
c13b3bc9: 0f ba 2f 10 btsl $0x10,(%edi)
c13b3bcd: 83 05 f0 28 6c c5 01 addl $0x1,0xc56c28f0
c13b3bd4: 83 15 f4 28 6c c5 00 adcl $0x0,0xc56c28f4
c13b3bdb: 83 fb 01 cmp $0x1,%ebx
c13b3bde: 0f 8e 80 00 00 00 jle c13b3c64 <prep_compound_page+0xd4>
c13b3be4: 8d 47 01 lea 0x1(%edi),%eax
c13b3be7: 8b 15 fc 28 6c c5 mov 0xc56c28fc,%edx
c13b3bed: 89 45 e8 mov %eax,-0x18(%ebp)
c13b3bf0: a1 f8 28 6c c5 mov 0xc56c28f8,%eax
c13b3bf5: 8d 4f 28 lea 0x28(%edi),%ecx
c13b3bf8: 89 7d e0 mov %edi,-0x20(%ebp)
c13b3bfb: 83 c0 01 add $0x1,%eax
c13b3bfe: 89 45 ec mov %eax,-0x14(%ebp)
c13b3c01: 83 d2 00 adc $0x0,%edx
c13b3c04: a1 f8 28 6c c5 mov 0xc56c28f8,%eax
c13b3c09: 89 55 f0 mov %edx,-0x10(%ebp)
c13b3c0c: 8b 15 fc 28 6c c5 mov 0xc56c28fc,%edx
c13b3c12: 83 eb 02 sub $0x2,%ebx
c13b3c15: 31 f6 xor %esi,%esi
c13b3c17: 83 c0 02 add $0x2,%eax
c13b3c1a: 83 d2 00 adc $0x0,%edx
c13b3c1d: 01 c3 add %eax,%ebx
c13b3c1f: 8b 45 ec mov -0x14(%ebp),%eax
c13b3c22: 11 d6 adc %edx,%esi
c13b3c24: 8b 55 f0 mov -0x10(%ebp),%edx
c13b3c27: 89 f7 mov %esi,%edi
c13b3c29: 89 de mov %ebx,%esi
c13b3c2b: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
c13b3c2f: 90 nop
c13b3c30: a3 f8 28 6c c5 mov %eax,0xc56c28f8
c13b3c35: 8b 5d e8 mov -0x18(%ebp),%ebx
c13b3c38: 83 c0 01 add $0x1,%eax
c13b3c3b: 89 15 fc 28 6c c5 mov %edx,0xc56c28fc
c13b3c41: 83 d2 00 adc $0x0,%edx
c13b3c44: 83 c1 28 add $0x28,%ecx
c13b3c47: c7 41 e4 00 04 00 00 movl $0x400,-0x1c(%ecx)
c13b3c4e: 89 59 dc mov %ebx,-0x24(%ecx)
c13b3c51: 89 fb mov %edi,%ebx
c13b3c53: 31 d3 xor %edx,%ebx
c13b3c55: 89 5d ec mov %ebx,-0x14(%ebp)
c13b3c58: 89 f3 mov %esi,%ebx
c13b3c5a: 31 c3 xor %eax,%ebx
c13b3c5c: 0b 5d ec or -0x14(%ebp),%ebx
c13b3c5f: 75 cf jne c13b3c30 <prep_compound_page+0xa0>
c13b3c61: 8b 7d e0 mov -0x20(%ebp),%edi
c13b3c64: c6 47 30 01 movb $0x1,0x30(%edi)
c13b3c68: 8b 45 e4 mov -0x1c(%ebp),%eax
c13b3c6b: 83 05 b8 1a 6c c5 01 addl $0x1,0xc56c1ab8
c13b3c72: 83 15 bc 1a 6c c5 00 adcl $0x0,0xc56c1abc
c13b3c79: 83 f8 1f cmp $0x1f,%eax
c13b3c7c: 88 47 31 mov %al,0x31(%edi)
c13b3c7f: 0f 87 4f 02 00 00 ja c13b3ed4 <prep_compound_page+0x344>
c13b3c85: c7 47 34 ff ff ff ff movl $0xffffffff,0x34(%edi)
c13b3c8c: 0f b6 4d e4 movzbl -0x1c(%ebp),%ecx
c13b3c90: b8 01 00 00 00 mov $0x1,%eax
c13b3c95: 8b 77 04 mov 0x4(%edi),%esi
c13b3c98: d3 e0 shl %cl,%eax
c13b3c9a: 83 05 00 29 6c c5 01 addl $0x1,0xc56c2900
c13b3ca1: 89 47 38 mov %eax,0x38(%edi)
c13b3ca4: 83 15 04 29 6c c5 00 adcl $0x0,0xc56c2904
c13b3cab: f7 c6 01 00 00 00 test $0x1,%esi
c13b3cb1: 0f 85 b9 01 00 00 jne c13b3e70 <prep_compound_page+0x2e0>
c13b3cb7: 83 05 88 1a 6c c5 01 addl $0x1,0xc56c1a88
c13b3cbe: 89 fe mov %edi,%esi
c13b3cc0: 83 15 8c 1a 6c c5 00 adcl $0x0,0xc56c1a8c
c13b3cc7: a1 a0 15 6c c5 mov 0xc56c15a0,%eax
c13b3ccc: 8b 15 a4 15 6c c5 mov 0xc56c15a4,%edx
c13b3cd2: 89 c1 mov %eax,%ecx
c13b3cd4: 83 c1 01 add $0x1,%ecx
c13b3cd7: 89 d3 mov %edx,%ebx
c13b3cd9: 89 0d a0 15 6c c5 mov %ecx,0xc56c15a0
c13b3cdf: 8b 0e mov (%esi),%ecx
c13b3ce1: 83 d3 00 adc $0x0,%ebx
c13b3ce4: 83 05 90 1a 6c c5 01 addl $0x1,0xc56c1a90
c13b3ceb: 89 1d a4 15 6c c5 mov %ebx,0xc56c15a4
c13b3cf1: 83 15 94 1a 6c c5 00 adcl $0x0,0xc56c1a94
c13b3cf8: 81 e1 00 00 01 00 and $0x10000,%ecx
c13b3cfe: 75 4e jne c13b3d4e <prep_compound_page+0x1be>
c13b3d00: 8b 4e 04 mov 0x4(%esi),%ecx
c13b3d03: 83 05 98 1a 6c c5 01 addl $0x1,0xc56c1a98
c13b3d0a: 83 15 9c 1a 6c c5 00 adcl $0x0,0xc56c1a9c
c13b3d11: f6 c1 01 test $0x1,%cl
c13b3d14: 75 2a jne c13b3d40 <prep_compound_page+0x1b0>
c13b3d16: a1 08 29 6c c5 mov 0xc56c2908,%eax
c13b3d1b: 8b 15 0c 29 6c c5 mov 0xc56c290c,%edx
c13b3d21: 83 c0 01 add $0x1,%eax
c13b3d24: a3 08 29 6c c5 mov %eax,0xc56c2908
c13b3d29: 83 d2 00 adc $0x0,%edx
c13b3d2c: 89 15 0c 29 6c c5 mov %edx,0xc56c290c
c13b3d32: 83 c4 14 add $0x14,%esp
c13b3d35: 5b pop %ebx
c13b3d36: 5e pop %esi
c13b3d37: 5f pop %edi
c13b3d38: 5d pop %ebp
c13b3d39: c3 ret
c13b3d3a: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
c13b3d40: 83 05 a0 1a 6c c5 01 addl $0x1,0xc56c1aa0
c13b3d47: 83 15 a4 1a 6c c5 00 adcl $0x0,0xc56c1aa4
c13b3d4e: 83 3e ff cmpl $0xffffffff,(%esi)
c13b3d51: 0f 84 2d 01 00 00 je c13b3e84 <prep_compound_page+0x2f4>
c13b3d57: 83 05 48 1a 6c c5 01 addl $0x1,0xc56c1a48
c13b3d5e: 8b 0d a8 1a 6c c5 mov 0xc56c1aa8,%ecx
c13b3d64: 8b 1d ac 1a 6c c5 mov 0xc56c1aac,%ebx
c13b3d6a: 83 15 4c 1a 6c c5 00 adcl $0x0,0xc56c1a4c
c13b3d71: 83 c0 02 add $0x2,%eax
c13b3d74: 83 d2 00 adc $0x0,%edx
c13b3d77: a3 a0 15 6c c5 mov %eax,0xc56c15a0
c13b3d7c: 8b 06 mov (%esi),%eax
c13b3d7e: 83 c1 01 add $0x1,%ecx
c13b3d81: 89 15 a4 15 6c c5 mov %edx,0xc56c15a4
c13b3d87: 83 d3 00 adc $0x0,%ebx
c13b3d8a: 8b 15 0c 29 6c c5 mov 0xc56c290c,%edx
c13b3d90: 89 45 ec mov %eax,-0x14(%ebp)
c13b3d93: a1 08 29 6c c5 mov 0xc56c2908,%eax
c13b3d98: f7 45 ec 00 00 01 00 testl $0x10000,-0x14(%ebp)
c13b3d9f: 74 4f je c13b3df0 <prep_compound_page+0x260>
c13b3da1: 83 05 70 1a 6c c5 01 addl $0x1,0xc56c1a70
c13b3da8: 89 0d a8 1a 6c c5 mov %ecx,0xc56c1aa8
c13b3dae: 83 15 74 1a 6c c5 00 adcl $0x0,0xc56c1a74
c13b3db5: 80 7e 31 01 cmpb $0x1,0x31(%esi)
c13b3db9: 89 1d ac 1a 6c c5 mov %ebx,0xc56c1aac
c13b3dbf: 76 49 jbe c13b3e0a <prep_compound_page+0x27a>
c13b3dc1: c7 47 58 00 00 00 00 movl $0x0,0x58(%edi)
c13b3dc8: 83 c0 01 add $0x1,%eax
c13b3dcb: a3 08 29 6c c5 mov %eax,0xc56c2908
c13b3dd0: 83 d2 00 adc $0x0,%edx
c13b3dd3: 83 05 10 29 6c c5 01 addl $0x1,0xc56c2910
c13b3dda: 89 15 0c 29 6c c5 mov %edx,0xc56c290c
c13b3de0: 83 15 14 29 6c c5 00 adcl $0x0,0xc56c2914
c13b3de7: 83 c4 14 add $0x14,%esp
c13b3dea: 5b pop %ebx
c13b3deb: 5e pop %esi
c13b3dec: 5f pop %edi
c13b3ded: 5d pop %ebp
c13b3dee: c3 ret
c13b3def: 90 nop
c13b3df0: 83 05 68 1a 6c c5 01 addl $0x1,0xc56c1a68
c13b3df7: 89 0d a8 1a 6c c5 mov %ecx,0xc56c1aa8
c13b3dfd: 83 15 6c 1a 6c c5 00 adcl $0x0,0xc56c1a6c
c13b3e04: 89 1d ac 1a 6c c5 mov %ebx,0xc56c1aac
c13b3e0a: 83 05 b0 1a 6c c5 01 addl $0x1,0xc56c1ab0
c13b3e11: 83 15 b4 1a 6c c5 00 adcl $0x0,0xc56c1ab4
c13b3e18: e9 04 ff ff ff jmp c13b3d21 <prep_compound_page+0x191>
c13b3e1d: 8d 76 00 lea 0x0(%esi),%esi
c13b3e20: 83 05 c8 28 6c c5 01 addl $0x1,0xc56c28c8
c13b3e27: ba 98 c9 e8 c3 mov $0xc3e8c998,%edx
c13b3e2c: 89 f8 mov %edi,%eax
c13b3e2e: 83 15 cc 28 6c c5 00 adcl $0x0,0xc56c28cc
c13b3e35: e8 36 16 fb ff call c1365470 <dump_page>
c13b3e3a: 83 05 d8 28 6c c5 01 addl $0x1,0xc56c28d8
c13b3e41: 83 15 dc 28 6c c5 00 adcl $0x0,0xc56c28dc
c13b3e48: 0f 0b ud2
c13b3e4a: 83 05 e0 28 6c c5 01 addl $0x1,0xc56c28e0
c13b3e51: 83 15 e4 28 6c c5 00 adcl $0x0,0xc56c28e4
c13b3e58: 83 05 e8 28 6c c5 01 addl $0x1,0xc56c28e8
c13b3e5f: b8 c0 d4 5e c4 mov $0xc45ed4c0,%eax
c13b3e64: 83 15 ec 28 6c c5 00 adcl $0x0,0xc56c28ec
c13b3e6b: e8 58 6b f3 01 call c32ea9c8 <__ubsan_handle_builtin_unreachable>
c13b3e70: 83 05 80 1a 6c c5 01 addl $0x1,0xc56c1a80
c13b3e77: 83 15 84 1a 6c c5 00 adcl $0x0,0xc56c1a84
c13b3e7e: 4e dec %esi
c13b3e7f: e9 43 fe ff ff jmp c13b3cc7 <prep_compound_page+0x137>
c13b3e84: 83 05 40 1a 6c c5 01 addl $0x1,0xc56c1a40
c13b3e8b: ba 98 c9 e8 c3 mov $0xc3e8c998,%edx
c13b3e90: 89 f0 mov %esi,%eax
c13b3e92: 83 15 44 1a 6c c5 00 adcl $0x0,0xc56c1a44
c13b3e99: e8 d2 15 fb ff call c1365470 <dump_page>
c13b3e9e: 83 05 50 1a 6c c5 01 addl $0x1,0xc56c1a50
c13b3ea5: 83 15 54 1a 6c c5 00 adcl $0x0,0xc56c1a54
c13b3eac: 0f 0b ud2
c13b3eae: 83 05 58 1a 6c c5 01 addl $0x1,0xc56c1a58
c13b3eb5: 83 15 5c 1a 6c c5 00 adcl $0x0,0xc56c1a5c
c13b3ebc: 83 05 60 1a 6c c5 01 addl $0x1,0xc56c1a60
c13b3ec3: b8 b4 d4 5e c4 mov $0xc45ed4b4,%eax
c13b3ec8: 83 15 64 1a 6c c5 00 adcl $0x0,0xc56c1a64
c13b3ecf: e8 f4 6a f3 01 call c32ea9c8 <__ubsan_handle_builtin_unreachable>
c13b3ed4: e9 26 2e ed 01 jmp c3286cff <prep_compound_page.cold+0x25>
c13b3ed9: 8d b4 26 00 00 00 00 lea 0x0(%esi,%eiz,1),%esi



c13b3c90 <prep_compound_page>:
c13b3c90: 55 push %ebp
c13b3c91: 89 e5 mov %esp,%ebp
c13b3c93: 57 push %edi
c13b3c94: 56 push %esi
c13b3c95: 89 c6 mov %eax,%esi
c13b3c97: 53 push %ebx
c13b3c98: 83 ec 0c sub $0xc,%esp
c13b3c9b: 83 fa 1f cmp $0x1f,%edx
c13b3c9e: 89 55 ec mov %edx,-0x14(%ebp)
c13b3ca1: 0f 87 33 2f ed 01 ja c3286bda <prep_compound_page.cold>
c13b3ca7: 0f b6 4d ec movzbl -0x14(%ebp),%ecx
c13b3cab: bf 01 00 00 00 mov $0x1,%edi
c13b3cb0: d3 e7 shl %cl,%edi
c13b3cb2: 83 3e ff cmpl $0xffffffff,(%esi)
c13b3cb5: 0f 84 85 02 00 00 je c13b3f40 <prep_compound_page+0x2b0>
c13b3cbb: 83 05 d0 28 6c c5 01 addl $0x1,0xc56c28d0
c13b3cc2: 83 15 d4 28 6c c5 00 adcl $0x0,0xc56c28d4
c13b3cc9: 0f ba 2e 10 btsl $0x10,(%esi)
c13b3ccd: 83 05 f0 28 6c c5 01 addl $0x1,0xc56c28f0
c13b3cd4: 83 15 f4 28 6c c5 00 adcl $0x0,0xc56c28f4
c13b3cdb: 83 ff 01 cmp $0x1,%edi
c13b3cde: 7e 69 jle c13b3d49 <prep_compound_page+0xb9>
c13b3ce0: 89 75 e8 mov %esi,-0x18(%ebp)
c13b3ce3: 8d 46 28 lea 0x28(%esi),%eax
c13b3ce6: bb 01 00 00 00 mov $0x1,%ebx
c13b3ceb: 8d 4e 01 lea 0x1(%esi),%ecx
c13b3cee: 89 c6 mov %eax,%esi
c13b3cf0: 83 05 80 18 6c c5 01 addl $0x1,0xc56c1880
c13b3cf7: c7 46 1c 00 00 00 00 movl $0x0,0x1c(%esi)
c13b3cfe: 83 15 84 18 6c c5 00 adcl $0x0,0xc56c1884
c13b3d05: 3e 8d 74 26 00 lea %ds:0x0(%esi,%eiz,1),%esi
c13b3d0a: 83 05 90 18 6c c5 01 addl $0x1,0xc56c1890
c13b3d11: 83 15 94 18 6c c5 00 adcl $0x0,0xc56c1894
c13b3d18: 83 05 a0 18 6c c5 01 addl $0x1,0xc56c18a0
c13b3d1f: 83 15 a4 18 6c c5 00 adcl $0x0,0xc56c18a4
c13b3d26: 83 05 f8 28 6c c5 01 addl $0x1,0xc56c28f8
c13b3d2d: c7 46 0c 00 04 00 00 movl $0x400,0xc(%esi)
c13b3d34: 83 15 fc 28 6c c5 00 adcl $0x0,0xc56c28fc
c13b3d3b: 43 inc %ebx
c13b3d3c: 83 c6 28 add $0x28,%esi
c13b3d3f: 89 4e dc mov %ecx,-0x24(%esi)
c13b3d42: 39 df cmp %ebx,%edi
c13b3d44: 75 aa jne c13b3cf0 <prep_compound_page+0x60>
c13b3d46: 8b 75 e8 mov -0x18(%ebp),%esi
c13b3d49: 83 05 00 29 6c c5 01 addl $0x1,0xc56c2900
c13b3d50: 8b 45 ec mov -0x14(%ebp),%eax
c13b3d53: c6 46 30 01 movb $0x1,0x30(%esi)
c13b3d57: 83 15 04 29 6c c5 00 adcl $0x0,0xc56c2904
c13b3d5e: 83 05 b8 1a 6c c5 01 addl $0x1,0xc56c1ab8
c13b3d65: 88 46 31 mov %al,0x31(%esi)
c13b3d68: 83 15 bc 1a 6c c5 00 adcl $0x0,0xc56c1abc
c13b3d6f: 83 f8 1f cmp $0x1f,%eax
c13b3d72: 0f 87 7e 02 00 00 ja c13b3ff6 <prep_compound_page+0x366>
c13b3d78: c7 46 34 ff ff ff ff movl $0xffffffff,0x34(%esi)
c13b3d7f: 0f b6 4d ec movzbl -0x14(%ebp),%ecx
c13b3d83: b8 01 00 00 00 mov $0x1,%eax
c13b3d88: d3 e0 shl %cl,%eax
c13b3d8a: 89 46 38 mov %eax,0x38(%esi)
c13b3d8d: 8b 46 04 mov 0x4(%esi),%eax
c13b3d90: 83 05 08 29 6c c5 01 addl $0x1,0xc56c2908
c13b3d97: 83 15 0c 29 6c c5 00 adcl $0x0,0xc56c290c
c13b3d9e: a8 01 test $0x1,%al
c13b3da0: 0f 85 ea 01 00 00 jne c13b3f90 <prep_compound_page+0x300>
c13b3da6: 83 05 88 1a 6c c5 01 addl $0x1,0xc56c1a88
c13b3dad: 89 f7 mov %esi,%edi
c13b3daf: 83 15 8c 1a 6c c5 00 adcl $0x0,0xc56c1a8c
c13b3db6: a1 a0 15 6c c5 mov 0xc56c15a0,%eax
c13b3dbb: 8b 15 a4 15 6c c5 mov 0xc56c15a4,%edx
c13b3dc1: 89 c1 mov %eax,%ecx
c13b3dc3: 83 c1 01 add $0x1,%ecx
c13b3dc6: 89 d3 mov %edx,%ebx
c13b3dc8: 89 0d a0 15 6c c5 mov %ecx,0xc56c15a0
c13b3dce: 8b 0f mov (%edi),%ecx
c13b3dd0: 83 d3 00 adc $0x0,%ebx
c13b3dd3: 83 05 90 1a 6c c5 01 addl $0x1,0xc56c1a90
c13b3dda: 89 1d a4 15 6c c5 mov %ebx,0xc56c15a4
c13b3de0: 83 15 94 1a 6c c5 00 adcl $0x0,0xc56c1a94
c13b3de7: 81 e1 00 00 01 00 and $0x10000,%ecx
c13b3ded: 75 4f jne c13b3e3e <prep_compound_page+0x1ae>
c13b3def: 8b 4f 04 mov 0x4(%edi),%ecx
c13b3df2: 83 05 98 1a 6c c5 01 addl $0x1,0xc56c1a98
c13b3df9: 83 15 9c 1a 6c c5 00 adcl $0x0,0xc56c1a9c
c13b3e00: f6 c1 01 test $0x1,%cl
c13b3e03: 75 2b jne c13b3e30 <prep_compound_page+0x1a0>
c13b3e05: a1 10 29 6c c5 mov 0xc56c2910,%eax
c13b3e0a: 8b 15 14 29 6c c5 mov 0xc56c2914,%edx
c13b3e10: 83 c0 01 add $0x1,%eax
c13b3e13: a3 10 29 6c c5 mov %eax,0xc56c2910
c13b3e18: 83 d2 00 adc $0x0,%edx
c13b3e1b: 89 15 14 29 6c c5 mov %edx,0xc56c2914
c13b3e21: 83 c4 0c add $0xc,%esp
c13b3e24: 5b pop %ebx
c13b3e25: 5e pop %esi
c13b3e26: 5f pop %edi
c13b3e27: 5d pop %ebp
c13b3e28: c3 ret
c13b3e29: 8d b4 26 00 00 00 00 lea 0x0(%esi,%eiz,1),%esi
c13b3e30: 83 05 a0 1a 6c c5 01 addl $0x1,0xc56c1aa0
c13b3e37: 83 15 a4 1a 6c c5 00 adcl $0x0,0xc56c1aa4
c13b3e3e: 83 3f ff cmpl $0xffffffff,(%edi)
c13b3e41: 0f 84 5f 01 00 00 je c13b3fa6 <prep_compound_page+0x316>
c13b3e47: 83 05 48 1a 6c c5 01 addl $0x1,0xc56c1a48
c13b3e4e: 8b 0d a8 1a 6c c5 mov 0xc56c1aa8,%ecx
c13b3e54: 8b 1d ac 1a 6c c5 mov 0xc56c1aac,%ebx
c13b3e5a: 83 15 4c 1a 6c c5 00 adcl $0x0,0xc56c1a4c
c13b3e61: 83 c0 02 add $0x2,%eax
c13b3e64: 83 d2 00 adc $0x0,%edx
c13b3e67: a3 a0 15 6c c5 mov %eax,0xc56c15a0
c13b3e6c: 8b 07 mov (%edi),%eax
c13b3e6e: 83 c1 01 add $0x1,%ecx
c13b3e71: 89 15 a4 15 6c c5 mov %edx,0xc56c15a4
c13b3e77: 83 d3 00 adc $0x0,%ebx
c13b3e7a: 8b 15 14 29 6c c5 mov 0xc56c2914,%edx
c13b3e80: 89 45 f0 mov %eax,-0x10(%ebp)
c13b3e83: a1 10 29 6c c5 mov 0xc56c2910,%eax
c13b3e88: f7 45 f0 00 00 01 00 testl $0x10000,-0x10(%ebp)
c13b3e8f: 74 7f je c13b3f10 <prep_compound_page+0x280>
c13b3e91: 83 05 70 1a 6c c5 01 addl $0x1,0xc56c1a70
c13b3e98: 89 0d a8 1a 6c c5 mov %ecx,0xc56c1aa8
c13b3e9e: 83 15 74 1a 6c c5 00 adcl $0x0,0xc56c1a74
c13b3ea5: 80 7f 31 01 cmpb $0x1,0x31(%edi)
c13b3ea9: 89 1d ac 1a 6c c5 mov %ebx,0xc56c1aac
c13b3eaf: 76 79 jbe c13b3f2a <prep_compound_page+0x29a>
c13b3eb1: c7 46 58 00 00 00 00 movl $0x0,0x58(%esi)
c13b3eb8: 83 c0 01 add $0x1,%eax
c13b3ebb: a3 10 29 6c c5 mov %eax,0xc56c2910
c13b3ec0: 83 d2 00 adc $0x0,%edx
c13b3ec3: 83 05 18 29 6c c5 01 addl $0x1,0xc56c2918
c13b3eca: 89 15 14 29 6c c5 mov %edx,0xc56c2914
c13b3ed0: 83 15 1c 29 6c c5 00 adcl $0x0,0xc56c291c
c13b3ed7: 83 c4 0c add $0xc,%esp
c13b3eda: 5b pop %ebx
c13b3edb: 5e pop %esi
c13b3edc: 5f pop %edi
c13b3edd: 5d pop %ebp
c13b3ede: c3 ret
c13b3edf: 90 nop
c13b3ee0: 83 05 88 18 6c c5 01 addl $0x1,0xc56c1888
c13b3ee7: 89 f0 mov %esi,%eax
c13b3ee9: 89 4d f0 mov %ecx,-0x10(%ebp)
c13b3eec: 83 15 8c 18 6c c5 00 adcl $0x0,0xc56c188c
c13b3ef3: 31 d2 xor %edx,%edx
c13b3ef5: e8 56 3e 08 00 call c1437d50 <__page_ref_set>
c13b3efa: 8b 4d f0 mov -0x10(%ebp),%ecx
c13b3efd: 83 05 98 18 6c c5 01 addl $0x1,0xc56c1898
c13b3f04: 83 15 9c 18 6c c5 00 adcl $0x0,0xc56c189c
c13b3f0b: e9 16 fe ff ff jmp c13b3d26 <prep_compound_page+0x96>
c13b3f10: 83 05 68 1a 6c c5 01 addl $0x1,0xc56c1a68
c13b3f17: 89 0d a8 1a 6c c5 mov %ecx,0xc56c1aa8
c13b3f1d: 83 15 6c 1a 6c c5 00 adcl $0x0,0xc56c1a6c
c13b3f24: 89 1d ac 1a 6c c5 mov %ebx,0xc56c1aac
c13b3f2a: 83 05 b0 1a 6c c5 01 addl $0x1,0xc56c1ab0
c13b3f31: 83 15 b4 1a 6c c5 00 adcl $0x0,0xc56c1ab4
c13b3f38: e9 d3 fe ff ff jmp c13b3e10 <prep_compound_page+0x180>
c13b3f3d: 8d 76 00 lea 0x0(%esi),%esi
c13b3f40: 83 05 c8 28 6c c5 01 addl $0x1,0xc56c28c8
c13b3f47: ba 48 c9 e8 c3 mov $0xc3e8c948,%edx
c13b3f4c: 89 f0 mov %esi,%eax
c13b3f4e: 83 15 cc 28 6c c5 00 adcl $0x0,0xc56c28cc
c13b3f55: e8 16 16 fb ff call c1365570 <dump_page>
c13b3f5a: 83 05 d8 28 6c c5 01 addl $0x1,0xc56c28d8
c13b3f61: 83 15 dc 28 6c c5 00 adcl $0x0,0xc56c28dc
c13b3f68: 0f 0b ud2
c13b3f6a: 83 05 e0 28 6c c5 01 addl $0x1,0xc56c28e0
c13b3f71: 83 15 e4 28 6c c5 00 adcl $0x0,0xc56c28e4
c13b3f78: 83 05 e8 28 6c c5 01 addl $0x1,0xc56c28e8
c13b3f7f: b8 c0 d4 5e c4 mov $0xc45ed4c0,%eax
c13b3f84: 83 15 ec 28 6c c5 00 adcl $0x0,0xc56c28ec
c13b3f8b: e8 b8 66 f3 01 call c32ea648 <__ubsan_handle_builtin_unreachable>
c13b3f90: 83 05 80 1a 6c c5 01 addl $0x1,0xc56c1a80
c13b3f97: 8d 78 ff lea -0x1(%eax),%edi
c13b3f9a: 83 15 84 1a 6c c5 00 adcl $0x0,0xc56c1a84
c13b3fa1: e9 10 fe ff ff jmp c13b3db6 <prep_compound_page+0x126>
c13b3fa6: 83 05 40 1a 6c c5 01 addl $0x1,0xc56c1a40
c13b3fad: ba 48 c9 e8 c3 mov $0xc3e8c948,%edx
c13b3fb2: 89 f8 mov %edi,%eax
c13b3fb4: 83 15 44 1a 6c c5 00 adcl $0x0,0xc56c1a44
c13b3fbb: e8 b0 15 fb ff call c1365570 <dump_page>
c13b3fc0: 83 05 50 1a 6c c5 01 addl $0x1,0xc56c1a50
c13b3fc7: 83 15 54 1a 6c c5 00 adcl $0x0,0xc56c1a54
c13b3fce: 0f 0b ud2
c13b3fd0: 83 05 58 1a 6c c5 01 addl $0x1,0xc56c1a58
c13b3fd7: 83 15 5c 1a 6c c5 00 adcl $0x0,0xc56c1a5c
c13b3fde: 83 05 60 1a 6c c5 01 addl $0x1,0xc56c1a60
c13b3fe5: b8 b4 d4 5e c4 mov $0xc45ed4b4,%eax
c13b3fea: 83 15 64 1a 6c c5 00 adcl $0x0,0xc56c1a64
c13b3ff1: e8 52 66 f3 01 call c32ea648 <__ubsan_handle_builtin_unreachable>
c13b3ff6: e9 04 2c ed 01 jmp c3286bff <prep_compound_page.cold+0x25>
c13b3ffb: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
c13b3fff: 90 nop