Add some debug info in drop_other_mm_ref(line 1516), get on machine crash. log attached, pity I lost prink info. Does current->mm indicates userspace? Thanks. ============================ 1502 #ifdef CONFIG_SMP 1503 /* Another cpu may still have their %cr3 pointing at the pagetable, so 1504 we need to repoint it somewhere else before we can unpin it. */ 1505 static void drop_other_mm_ref(void *info) 1506 { 1507 <+++struct mm_struct *mm = info; 1508 <+++struct mm_struct *active_mm; 1509 1510 <+++active_mm = percpu_read(cpu_tlbstate.active_mm); 1511 1512 <+++if (active_mm == mm){ 1513 if(current->mm){ 1514 <+++<+++ printk("in userspace active_mm %p mm %p curr_mm %p tlbstate%d\n", 1515 active_mm, mm, current->mm, percpu_read(cpu_tlbstate.state)); 1516 BUG(); 1517 } 1518 <+++<+++leave_mm(smp_processor_id()); 1519 } 1520 ============================ Starting udev: ------------[ cut here ]------------ kernel BUG at arch/x86/xen/mmu.c:1516! invalid opcode: 0000 [#1] SMP last sysfs file: /sys/class/raw/rawctl/dev CPU 2 Modules linked in: snd_seq_dummy bnx2 snd_seq_oss(+) snd_seq_midi_event snd_seq snd_seq_device serio_raw snd_pcm_oss snd_mixer_oss snd_pcm snd_timer i2c_i801 i2c_core iTCO_wdt snd pata_acpi iTCO_vendor_support ata_generic soundcore snd_page_alloc pcspkr ata_piix shpchp mptsas mptscsih mptbase Pid: 1126, comm: khelper Not tainted 2.6.32.36xen #1 Tecal RH2285 RIP: e030:[] [] drop_other_mm_ref+0x46/0x80 RSP: e02b:ffff880028078e58 EFLAGS: 00010092 RAX: 0000000000000015 RBX: 0000000000000001 RCX: 00000000ffff0075 RDX: 0000000000009f9f RSI: ffffffff8144006a RDI: 0000000000000004 RBP: ffff880028078e68 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000028078cf8 R11: 0000000000000246 R12: ffff88012c032680 R13: ffff880028080020 R14: 00000000000004f1 R15: 0000000000000000 FS: 00007f01adcf8710(0000) GS:ffff880028075000(0000) knlGS:0000000000000000 CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00007f01adf20648 CR3: 000000012a546000 CR4: 0000000000002660 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process khelper (pid: 1126, threadinfo ffff88012d80e000, task ffff88012b880000) Stack: 0000000000000001 ffff88012bb9bb88 ffff880028078e98 ffffffff81087224 <0> ffff880028078e78 ffff880028078e78 ffff88015f808540 00000000000004f1 <0> ffff880028078ea8 ffffffff81010118 ffff880028078ee8 ffffffff810a936a Call Trace: [] generic_smp_call_function_single_interrupt+0xd8/0xfc [] xen_call_function_single_interrupt+0x13/0x28 [] handle_IRQ_event+0x66/0x120 [] handle_percpu_irq+0x41/0x6e [] __xen_evtchn_do_upcall+0x1ab/0x27d [] xen_evtchn_do_upcall+0x33/0x46 [] xen_do_hypervisor_callback+0x1e/0x30 [] ? xen_restore_fl_direct_end+0x0/0x1 [] ? hypercall_page+0x22a/0x1000 [] ? hypercall_page+0x22a/0x1000 [] ? _spin_unlock_irqrestore+0x15/0x17 [] ? xen_force_evtchn_callback+0xd/0xf [] ? check_events+0x12/0x20 [] ? _spin_unlock_irqrestore+0x15/0x17 [] ? xen_restore_fl_direct_end+0x0/0x1 [] ? xen_restore_fl_direct_end+0x0/0x1 [] ? xen_mc_issue+0x2e/0x33 [] ? __xen_pgd_pin+0xc1/0xc9 [] ? xen_pgd_pin+0x12/0x14 [] ? xen_activate_mm+0x25/0x2f [] ? flush_old_exec+0x390/0x500 [] ? load_elf_binary+0x0/0x17ef [] ? load_elf_binary+0x0/0x17ef [] ? load_elf_binary+0x398/0x17ef [] ? need_resched+0x23/0x2d [] ? process_measurement+0xc0/0xd7 [] ? load_elf_binary+0x0/0x17ef [] ? search_binary_handler+0xc8/0x255 [] ? do_execve+0x1c3/0x29e [] ? sys_execve+0x43/0x5d [] ? __call_usermodehelper+0x0/0x6f [] ? kernel_execve+0x68/0xd0 [] ? __call_usermodehelper+0x0/0x6f [] ? xen_restore_fl_direct_end+0x0/0x1 [] ? ____call_usermodehelper+0x113/0x11e [] ? child_rip+0xa/0x20 [] ? __call_usermodehelper+0x0/0x6f [] ? int_ret_from_sys_call+0x7/0x1b [] ? retint_restore_args+0x5/0x6 [] ? child_rip+0x0/0x20 Code: 75 3a 65 48 8b 04 25 c0 cb 00 00 48 83 b8 78 02 00 00 00 74 1a 65 8b 34 25 c8 55 01 00 48 c7 c7 06 98 5b 81 31 c0 e8 d9 90 04 00 <0f> 0b eb fe 65 8b 3c 25 78 e3 00 00 e8 e5 be 02 00 65 48 8b 1c RIP [] drop_other_mm_ref+0x46/0x80 RSP [] ? init_amd+0x296/0x37a [] ? xen_force_evtchn_callback+0xd/0xf [] ? check_events+0x12/0x20 [] ? print_oops_end_marker+0x23/0x25 [] oops_end+0xb6/0xc6 [] die+0x5a/0x63 [] do_trap+0x115/0x124 [] do_invalid_op+0x9c/0xa5 [] ? drop_other_mm_ref+0x46/0x80 [] ? printk+0xa7/0xa9 [] invalid_op+0x1b/0x20 [] ? init_amd+0x296/0x37a [] ? drop_other_mm_ref+0x46/0x80 [] ? drop_other_mm_ref+0x46/0x80 [] generic_smp_call_function_single_interrupt+0xd8/0xfc [] xen_call_function_single_interrupt+0x13/0x28 [] handle_IRQ_event+0x66/0x120 [] handle_percpu_irq+0x41/0x6e [] __xen_evtchn_do_upcall+0x1ab/0x27d [] xen_evtchn_do_upcall+0x33/0x46 [] xen_do_hypervisor_callback+0x1e/0x30 [] ? xen_restore_fl_direct_end+0x0/0x1 [] ? hypercall_page+0x22a/0x1000 [] ? hypercall_page+0x22a/0x1000 [] ? _spin_unlock_irqrestore+0x15/0x17 [] ? xen_force_evtchn_callback+0xd/0xf [] ? check_events+0x12/0x20 [] ? _spin_unlock_irqrestore+0x15/0x17 [] ? xen_restore_fl_direct_end+0x0/0x1 [] ? xen_restore_fl_direct_end+0x0/0x1 [] ? xen_mc_issue+0x2e/0x33 [] ? __xen_pgd_pin+0xc1/0xc9 [] ? xen_pgd_pin+0x12/0x14 [] ? xen_activate_mm+0x25/0x2f [] ? flush_old_exec+0x390/0x500 [] ? load_elf_binary+0x0/0x17ef [] ? load_elf_binary+0x0/0x17ef [] ? load_elf_binary+0x398/0x17ef