crash in entry.S restore_all, 2.6.12-rc2, x86, PAGEALLOC

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Ingo Molnar <mingo@elte.hu>
To: linux-kernel@vger.kernel.org
Cc: Linus Torvalds <torvalds@osdl.org>,
	stsp@aknet.ru, Andrew Morton <akpm@osdl.org>
Subject: crash in entry.S restore_all, 2.6.12-rc2, x86, PAGEALLOC
Date: Tue, 5 Apr 2005 08:55:45 +0200	[thread overview]
Message-ID: <20050405065544.GA21360@elte.hu> (raw)


the crashes below happen when PAGEALLOC is enabled. It's this 
instruction:

        movb OLDSS(%esp), %ah

OLDSS is 0x38, esp is f4f83fc8, OLDSS(%esp) is thus f4f84000, which 
correctly creates the PAGEALLOC pagefault. esp is off by 4 bytes?

it could be the ESP-16-bit-corruption patch causing this, or it could be 
an already existing latent bug getting triggered now: normally only iret 
accesses the OLDSS, and we fix any iret faults up, but now that we 
explicitly access %esp the esp bug shows up.

so it would be nice to understand why this triggers. It seems to be a 
sporadic event - first it hit hotplug, then input.agent. If i disable 
PAGEALLOC the system boots up fine. In any case, the ESP-corruption 
patch is not safe until this bug is understood, as it right now may read 
a random byte off the next page, and possibly doing bogus calls to the 
16-bit-fixup code.

	Ingo

-------------

BUG: Unable to handle kernel paging request at virtual address f4f84000
 printing eip:
c010287c
*pde = 00527067
*pte = 34f84000
Oops: 0000 [#1]
PREEMPT DEBUG_PAGEALLOC
Modules linked in:
CPU:    0
EIP:    0060:[<c010287c>]    Not tainted VLI
EFLAGS: 00010046   (2.6.12-rc2-RT-V0.7.43-09) 
EIP is at restore_all+0x4/0x18
eax: 00000206   ebx: 00000000   ecx: 00000000   edx: 00000001
esi: 00000000   edi: 009b63f9   ebp: f4f82000   esp: f4f83fc8
ds: 007b   es: 007b   ss: 0068   preempt: 00000001
Process 10-udev.hotplug (pid: 1264, threadinfo=f4f82000 task=f5034a10)
Stack: 00000000 bfa71dd0 009c0ffc 00000000 009b63f9 bfa71d44 000000c5 0000007b 
       0000007b ffffffef c01027ba 00000060 00000206 0000007b 
Call Trace:
 [<c01036ac>] show_stack+0x7a/0x90 (32)
 [<c0103835>] show_registers+0x15a/0x1d2 (56)
 [<c0103a30>] die+0xf4/0x17e (68)
 [<c010f444>] do_page_fault+0x3de/0x60a (212)
 [<c01032eb>] error_code+0x4f/0x54 (-8076)

---------------------

BUG: Unable to handle kernel paging request at virtual address f57bc000
 printing eip:
c010287c
*pde = 00529067
*pte = 357bc000
Oops: 0000 [#1]
PREEMPT DEBUG_PAGEALLOC
Modules linked in:
CPU:    0
EIP:    0060:[<c010287c>]    Not tainted VLI
EFLAGS: 00010046   (2.6.12-rc2-RT-V0.7.43-09) 
EIP is at restore_all+0x4/0x18
eax: 00000206   ebx: b7f11000   ecx: 00000000   edx: 00000000
esi: 080e4f28   edi: 00000000   ebp: f57ba000   esp: f57bbfc8
ds: 007b   es: 007b   ss: 0068   preempt: 00000001
Process input.agent (pid: 1131, threadinfo=f57ba000 task=f57b9a10)
Stack: b7f11000 00001000 009c0ffc 080e4f28 00000000 bfc112c0 0000005b 0000007b 
       0000007b ffffff00 c01027ba 00000060 00000206 0000007b 
Call Trace:
 [<c01036ac>] show_stack+0x7a/0x90 (32)
 [<c0103835>] show_registers+0x15a/0x1d2 (56)
 [<c0103a30>] die+0xf4/0x17e (68)
 [<c010f474>] do_page_fault+0x3de/0x60a (212)
 [<c01032eb>] error_code+0x4f/0x54 (-8076)

next             reply	other threads:[~2005-04-05  6:56 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-05  6:55 Ingo Molnar [this message]
2005-04-05  7:03 ` crash in entry.S restore_all, 2.6.12-rc2, x86, PAGEALLOC Andrew Morton
2005-04-05  7:07   ` Ingo Molnar
2005-04-05  7:16   ` Ingo Molnar
2005-04-05  7:29     ` Ingo Molnar
2005-04-05  7:40       ` Ingo Molnar
2005-04-05  9:51         ` Mikael Pettersson
2005-04-05 18:09           ` Ingo Molnar
2005-04-05  7:05 ` Ingo Molnar
2005-04-05 19:11 ` Stas Sergeev
2005-04-05 19:19   ` Linus Torvalds
2005-04-05 19:41     ` Stas Sergeev
2005-04-05 19:53       ` Linus Torvalds
2005-04-05 20:44         ` Ingo Molnar
2005-04-05 21:04           ` Linus Torvalds
2005-04-06 15:44         ` Stas Sergeev
2005-04-07  8:00           ` Ingo Molnar
2005-04-07 11:10             ` Andrew Morton
2005-04-07 14:47               ` Linus Torvalds
2005-04-07 14:51                 ` Ingo Molnar
2005-04-07 16:47                 ` Dave Jones
2005-04-07 17:17                   ` Richard B. Johnson
2005-04-07 17:23                   ` Linus Torvalds
2005-04-07 16:11             ` Stas Sergeev
2005-04-07 16:35               ` Linus Torvalds
2005-04-07 16:46                 ` Stas Sergeev
2005-04-07 16:55                   ` Linus Torvalds
2005-04-07 18:10                     ` Stas Sergeev
2005-04-10 13:20                     ` Stas Sergeev
2005-04-10 22:32                       ` Andrew Morton
2005-04-11 17:15                         ` Stas Sergeev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050405065544.GA21360@elte.hu \
    --to=mingo@elte.hu \
    --cc=akpm@osdl.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stsp@aknet.ru \
    --cc=torvalds@osdl.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox