Oops in VMA code

From: Alexander Graf
Date: Wed Jun 15 2011 - 17:59:38 EST

Next message: Dirk Gouders: "Re: [2.6.39] drm/i915: blank screen on Lenovo Ideapad U160"
Previous message: Anthony Liguori: "Re: [ANNOUNCE] Native Linux KVM tool v2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi memory management experts,

I just had this crash while compiling code on my PPC G5. I was running my PPC KVM tree, which was pretty much 06e86849cf4019945a106913adb9ff0abcc01770 plus a few unrelated KVM patches. User space is 64-bit.

Is this a known issue or did I hit something completely unexpected?

Unable to handle kernel paging request for data at address 0xc00090026236bbc0
Faulting instruction address: 0xc000000000190598
Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=4 NUMA PowerMac
Modules linked in:
NIP: c000000000190598 LR: c0000000001908a4 CTR: c000000000190850
REGS: c000000262987a50 TRAP: 0300 Tainted: G W (3.0.0-rc2+)
MSR: 9000000000009032 <EE,ME,IR,DR> CR: 48000448 XER: 00000000
DAR: c00090026236bbc0, DSISR: 40010000
TASK = c000000262d6cfb0[13951] 'cc1' THREAD: c000000262984000 CPU: 2
GPR00: 0000040008f1f000 c000000262987cd0 c000000000e31578 c000000262828e00
GPR04: 0000000000008000 0000000000008000 ffffffffffffffff 0000000000000000
GPR08: fffff000fffff000 c00090026236bbe8 0000100000000000 c00000026236b420
GPR12: 0000000028000442 c00000000fffef00 000000000000005f 0000000010026be4
GPR16: 0000000000000000 00000000109fa6a4 00000000109eb110 00000000108b6338
GPR20: 000000001099ca90 000000001099c590 0000000000000000 00000000109eb164
GPR24: 00000000109fa7a8 0000000000000001 c00090026236bbb0 0000040008f45000
GPR28: c0000002628fc580 c000000262828e00 c000000000d631e8 0000040008f45000
NIP [c000000000190598] .do_munmap+0x138/0x3f0
LR [c0000000001908a4] .SyS_munmap+0x54/0x90
Call Trace:
[c000000262987cd0] [0000000000008000] 0x8000 (unreliable)
[c000000262987d90] [c0000000001908a4] .SyS_munmap+0x54/0x90
[c000000262987e30] [c000000000009864] syscall_exit+0x0/0x40
Instruction dump:
3b400000 2fa90000 409e0024 4800005c 60000000 60000000 e9290010 7d7a5b78
2fa90000 7f4bd378 419e0034 3b49ffc8 <e81a0010> 7fbf0040 419cffe0 e97a0018
---[ end trace 31fd0ba7d8756003 ]---

It seems to be related to vma mapping, but I have no idea in that area of code:

(gdb) l *0xc000000000190598
0xc000000000190598 is in find_vma_prev (mm/mmap.c:1641).
1636
1637 while (rb_node) {
1638 struct vm_area_struct *vma_tmp;
1639 vma_tmp = rb_entry(rb_node, struct vm_area_struct, vm_rb);
1640
1641 if (addr < vma_tmp->vm_end) {
1642 rb_node = rb_node->rb_left;
1643 } else {
1644 prev = vma_tmp;
1645 if (!prev->vm_next || (addr < prev->vm_next->vm_end))

Ben suggested to also dump the disassembly of that function, so here it is:

0xc00000000018e630 <find_vma_prev>: cmpdi r3,0
0xc00000000018e634 <find_vma_prev+4>: beq 0xc00000000018e6d0 <find_vma_prev+160>
0xc00000000018e638 <find_vma_prev+8>: ld r11,8(r3)
0xc00000000018e63c <find_vma_prev+12>: ld r3,0(r3)
0xc00000000018e640 <find_vma_prev+16>: cmpdi cr7,r11,0
0xc00000000018e644 <find_vma_prev+20>: beq cr7,0xc00000000018e6dc <find_vma_prev+172>
0xc00000000018e648 <find_vma_prev+24>: li r8,0
0xc00000000018e64c <find_vma_prev+28>: b 0xc00000000018e65c <find_vma_prev+44>
0xc00000000018e650 <find_vma_prev+32>: ld r11,16(r11)
0xc00000000018e654 <find_vma_prev+36>: cmpdi cr7,r11,0
0xc00000000018e658 <find_vma_prev+40>: beq cr7,0xc00000000018e694 <find_vma_prev+100>
0xc00000000018e65c <find_vma_prev+44>: addi r9,r11,-56
0xc00000000018e660 <find_vma_prev+48>: ld r0,16(r9)
0xc00000000018e664 <find_vma_prev+52>: cmpld cr7,r0,r4
0xc00000000018e668 <find_vma_prev+56>: bgt cr7,0xc00000000018e650 <find_vma_prev+32>
0xc00000000018e66c <find_vma_prev+60>: ld r10,24(r9)
0xc00000000018e670 <find_vma_prev+64>: mr r8,r9
0xc00000000018e674 <find_vma_prev+68>: cmpdi cr7,r10,0
0xc00000000018e678 <find_vma_prev+72>: beq cr7,0xc00000000018e6b0 <find_vma_prev+128>
0xc00000000018e67c <find_vma_prev+76>: ld r0,16(r10)
0xc00000000018e680 <find_vma_prev+80>: cmpld cr7,r4,r0
0xc00000000018e684 <find_vma_prev+84>: blt cr7,0xc00000000018e6b0 <find_vma_prev+128>
0xc00000000018e688 <find_vma_prev+88>: ld r11,8(r11)
0xc00000000018e68c <find_vma_prev+92>: cmpdi cr7,r11,0
0xc00000000018e690 <find_vma_prev+96>: bne cr7,0xc00000000018e65c <find_vma_prev+44>
0xc00000000018e694 <find_vma_prev+100>: cmpdi cr7,r8,0
0xc00000000018e698 <find_vma_prev+104>: std r8,0(r5)
0xc00000000018e69c <find_vma_prev+108>: beqlr- cr7
0xc00000000018e6a0 <find_vma_prev+112>: ld r3,24(r8)
0xc00000000018e6a4 <find_vma_prev+116>: blr
0xc00000000018e6a8 <find_vma_prev+120>: nop
0xc00000000018e6ac <find_vma_prev+124>: nop
0xc00000000018e6b0 <find_vma_prev+128>: mr r8,r9
0xc00000000018e6b4 <find_vma_prev+132>: cmpdi cr7,r8,0
0xc00000000018e6b8 <find_vma_prev+136>: std r8,0(r5)
0xc00000000018e6bc <find_vma_prev+140>: bne+ cr7,0xc00000000018e6a0 <find_vma_prev+112>
0xc00000000018e6c0 <find_vma_prev+144>: blr
0xc00000000018e6c4 <find_vma_prev+148>: nop
0xc00000000018e6c8 <find_vma_prev+152>: nop
0xc00000000018e6cc <find_vma_prev+156>: nop
0xc00000000018e6d0 <find_vma_prev+160>: std r3,0(r5)
0xc00000000018e6d4 <find_vma_prev+164>: li r3,0
0xc00000000018e6d8 <find_vma_prev+168>: blr
0xc00000000018e6dc <find_vma_prev+172>: std r11,0(r5)
0xc00000000018e6e0 <find_vma_prev+176>: blr

Alex

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dirk Gouders: "Re: [2.6.39] drm/i915: blank screen on Lenovo Ideapad U160"
Previous message: Anthony Liguori: "Re: [ANNOUNCE] Native Linux KVM tool v2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]