From mboxrd@z Thu Jan 1 00:00:00 1970 From: MaoXiaoyun Subject: RE: Kernel BUG at arch/x86/mm/tlb.c:61 Date: Mon, 25 Apr 2011 20:54:54 +0800 Message-ID: References: , , , , , , , <4DA3438A.6070503@goop.org>, , , <20110412100000.GA15647@dumpdata.com>, , , , , , <4DA8B715.9080508@goop.org>, Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1205683555==" Return-path: In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: jeremy@goop.org Cc: xen devel , giamteckchoon@gmail.com, konrad.wilk@oracle.com List-Id: xen-devel@lists.xenproject.org --===============1205683555== Content-Type: multipart/alternative; boundary="_d0481d91-bb04-4359-9d6b-4ca70b7f1b2c_" --_d0481d91-bb04-4359-9d6b-4ca70b7f1b2c_ Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable Add some debug info in drop_other_mm_ref(line 1516), get on machine crash= . log attached, pity I lost prink info. =20 Does current->mm indicates userspace? Thanks. =20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D 1502 #ifdef CONFIG_SMP 1503 /* Another cpu may still have their %cr3 pointing at the pagetable, = so 1504 we need to repoint it somewhere else before we can unpin it. */ 1505 static void drop_other_mm_ref(void *info) 1506 { 1507 <+++struct mm_struct *mm =3D info; 1508 <+++struct mm_struct *active_mm; 1509=20 1510 <+++active_mm =3D percpu_read(cpu_tlbstate.active_mm); 1511=20 1512 <+++if (active_mm =3D=3D mm){ 1513 if(current->mm){ 1514 <+++<+++ printk("in userspace active_mm %p mm %p curr_mm %p tlbst= ate%d\n", = =20 1515 active_mm, mm, current->mm, percpu_read(cpu_tlbst= ate.state)); 1516 BUG(); 1517 } 1518 <+++<+++leave_mm(smp_processor_id()); 1519 } 1520=20 =20 =20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D =20 Starting udev: ------------[ cut here ]------------ kernel BUG at arch/x86/xen/mmu.c:1516! invalid opcode: 0000 [#1] SMP=20 last sysfs file: /sys/class/raw/rawctl/dev CPU 2=20 Modules linked in: snd_seq_dummy bnx2 snd_seq_oss(+) snd_seq_midi_event s= nd_seq=20 snd_seq_device serio_raw snd_pcm_oss snd_mixer_oss snd_pcm snd_timer i2c_= i801 i2c_core iTCO_wdt snd pata_acpi iTCO_vendor_support ata_generic soun= dcore=20 snd_page_alloc pcspkr ata_piix shpchp mptsas mptscsih mptbase = =20 Pid: 1126, comm: khelper Not tainted 2.6.32.36xen #1 Tecal RH2285 = =20 RIP: e030:[] [] drop_other_mm_ref+0x= 46/0x80 RSP: e02b:ffff880028078e58 EFLAGS: 00010092 RAX: 0000000000000015 RBX: 0000000000000001 RCX: 00000000ffff0075 RDX: 0000000000009f9f RSI: ffffffff8144006a RDI: 0000000000000004 RBP: ffff880028078e68 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000028078cf8 R11: 0000000000000246 R12: ffff88012c032680 R13: ffff880028080020 R14: 00000000000004f1 R15: 0000000000000000 FS: 00007f01adcf8710(0000) GS:ffff880028075000(0000) knlGS:0000000000000= 000 CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00007f01adf20648 CR3: 000000012a546000 CR4: 0000000000002660 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process khelper (pid: 1126, threadinfo ffff88012d80e000, task ffff88012b8= 80000) Stack: 0000000000000001 ffff88012bb9bb88 ffff880028078e98 ffffffff81087224 <0> ffff880028078e78 ffff880028078e78 ffff88015f808540 00000000000004f1 <0> ffff880028078ea8 ffffffff81010118 ffff880028078ee8 ffffffff810a936a Call Trace: =20 [] generic_smp_call_function_single_interrupt+0xd8/0xf= c [] xen_call_function_single_interrupt+0x13/0x28 [] handle_IRQ_event+0x66/0x120 [] handle_percpu_irq+0x41/0x6e [] __xen_evtchn_do_upcall+0x1ab/0x27d [] xen_evtchn_do_upcall+0x33/0x46 [] xen_do_hypervisor_callback+0x1e/0x30 =20 [] ? xen_restore_fl_direct_end+0x0/0x1 [] ? hypercall_page+0x22a/0x1000 [] ? hypercall_page+0x22a/0x1000 [] ? _spin_unlock_irqrestore+0x15/0x17 [] ? xen_force_evtchn_callback+0xd/0xf [] ? check_events+0x12/0x20 [] ? _spin_unlock_irqrestore+0x15/0x17 [] ? xen_restore_fl_direct_end+0x0/0x1 [] ? xen_restore_fl_direct_end+0x0/0x1 [] ? xen_mc_issue+0x2e/0x33 [] ? __xen_pgd_pin+0xc1/0xc9 [] ? xen_pgd_pin+0x12/0x14 [] ? xen_activate_mm+0x25/0x2f [] ? flush_old_exec+0x390/0x500 [] ? load_elf_binary+0x0/0x17ef [] ? load_elf_binary+0x0/0x17ef [] ? load_elf_binary+0x398/0x17ef [] ? need_resched+0x23/0x2d [] ? process_measurement+0xc0/0xd7 [] ? load_elf_binary+0x0/0x17ef [] ? search_binary_handler+0xc8/0x255 [] ? do_execve+0x1c3/0x29e [] ? sys_execve+0x43/0x5d [] ? __call_usermodehelper+0x0/0x6f [] ? kernel_execve+0x68/0xd0 [] ? __call_usermodehelper+0x0/0x6f [] ? xen_restore_fl_direct_end+0x0/0x1 [] ? ____call_usermodehelper+0x113/0x11e [] ? child_rip+0xa/0x20 [] ? __call_usermodehelper+0x0/0x6f [] ? int_ret_from_sys_call+0x7/0x1b [] ? retint_restore_args+0x5/0x6 [] ? child_rip+0x0/0x20 Code: 75 3a 65 48 8b 04 25 c0 cb 00 00 48 83 b8 78 02 00 00 00 74 1a 65 8= b 34 25 c8 55 01 00 48 c7 c7 06 98 5b 81 31 c0 e8 d9 90 04 00 <0f> 0b eb = fe 65 8b 3c=20 25 78 e3 00 00 e8 e5 be 02 00 65 48 8b 1c = =20 RIP [] drop_other_mm_ref+0x46/0x80 RSP [] ? init_amd+0x296/0x37a [] ? xen_force_evtchn_callback+0xd/0xf [] ? check_events+0x12/0x20 [] ? print_oops_end_marker+0x23/0x25 [] oops_end+0xb6/0xc6 [] die+0x5a/0x63 [] do_trap+0x115/0x124 [] do_invalid_op+0x9c/0xa5 [] ? drop_other_mm_ref+0x46/0x80 [] ? printk+0xa7/0xa9 [] invalid_op+0x1b/0x20 [] ? init_amd+0x296/0x37a [] ? drop_other_mm_ref+0x46/0x80 [] ? drop_other_mm_ref+0x46/0x80 [] generic_smp_call_function_single_interrupt+0xd8/0xf= c [] xen_call_function_single_interrupt+0x13/0x28 [] handle_IRQ_event+0x66/0x120 [] handle_percpu_irq+0x41/0x6e [] __xen_evtchn_do_upcall+0x1ab/0x27d [] xen_evtchn_do_upcall+0x33/0x46 [] xen_do_hypervisor_callback+0x1e/0x30 [] ? xen_restore_fl_direct_end+0x0/0x1 [] ? hypercall_page+0x22a/0x1000 [] ? hypercall_page+0x22a/0x1000 [] ? _spin_unlock_irqrestore+0x15/0x17 [] ? xen_force_evtchn_callback+0xd/0xf [] ? check_events+0x12/0x20 [] ? _spin_unlock_irqrestore+0x15/0x17 [] ? xen_restore_fl_direct_end+0x0/0x1 [] ? xen_restore_fl_direct_end+0x0/0x1 [] ? xen_mc_issue+0x2e/0x33 [] ? __xen_pgd_pin+0xc1/0xc9 [] ? xen_pgd_pin+0x12/0x14 [] ? xen_activate_mm+0x25/0x2f [] ? flush_old_exec+0x390/0x500 [] ? load_elf_binary+0x0/0x17ef [] ? load_elf_binary+0x0/0x17ef [] ? load_elf_binary+0x398/0x17ef =20 --_d0481d91-bb04-4359-9d6b-4ca70b7f1b2c_ Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: quoted-printable Add some debug info in drop_other_mm_ref(line 1516), get on machine = crash.
log attached, pity I lost prink info.

Does current->mm indicates userspace?
Thanks.

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D
1502 #ifdef CONFIG_SMP
1503 /* Another cpu may still have their %cr3 p= ointing at the pagetable, so
1504    we need to repoint= it somewhere else before we can unpin it. */
1505 static void drop_ot= her_mm_ref(void *info)
1506 {
1507 <+++struct mm_struct *mm =3D = info;
1508 <+++struct mm_struct *active_mm;
1509
1510 <++= +active_mm =3D percpu_read(cpu_tlbstate.active_mm);
1511
1512 <= +++if (active_mm =3D=3D mm){
1513      &= nbsp; if(current->mm){
1514 <+++<+++    = printk("in userspace active_mm %p mm %p curr_mm %p tlbstate%d\n", &n= bsp;           &nb= sp;           &nbs= p;            = ;            =         & nbsp;           &= nbsp;
1515       = ;            = active_mm, mm, current->mm, percpu_read(cpu_tlbstate.state));
1516=              = BUG();
1517         }
1518 = <+++<+++leave_mm(smp_processor_id());
1519   &nbs= p; }
1520

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D

Starting udev: ------------[ cut here ]------------
kernel BUG at arch= /x86/xen/mmu.c:1516!
invalid opcode: 0000 [#1] SMP
last sysfs file= : /sys/class/raw/rawctl/dev
CPU 2
Modules linked in: snd_seq_dummy= bnx2 snd_seq_oss(+) snd_seq_midi_event snd_seq
snd_seq_device serio_= raw snd_pcm_oss snd_mixer_oss snd_pcm snd_timer i2c_i801 i2c_core iTCO_wd= t snd pata_acpi iTCO_vendor_support ata_generic soundcore
snd_page_alloc pcspkr ata_piix shpchp mptsas mptscsih mptbase  =             &= nbsp;            <= BR>Pid: 1126, comm: khelper Not tainted 2.6.32.36xen #1 Tecal RH2285 = ;
RIP: e030:[<ffff= ffff8100e4c0>] [<ffffffff8100e4c0>] drop_other_mm_ref+0x46= /0x80
RSP: e02b:ffff880028078e58 EFLAGS: 00010092
RAX: 000000= 0000000015 RBX: 0000000000000001 RCX: 00000000ffff0075
RDX: 0000000000= 009f9f RSI: ffffffff8144006a RDI: 0000000000000004
RBP: ffff880028078e= 68 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000028078cf8 R= 11: 0000000000000246 R12: ffff88012c032680
R13: ffff880028080020 R14: = 00000000000004f1 R15: 0000000000000000
FS: 00007f01adcf8710(0000= ) GS:ffff880028075000(0000) knlGS:0000000000000000
CS: e033 DS: = 0000 ES: 0000 CR0: 000000008005003b
CR 2: 00007f01adf20648 CR3: 000000012a546000 CR4: 0000000000002660
DR0: = 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000= 000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process khelp= er (pid: 1126, threadinfo ffff88012d80e000, task ffff88012b880000)
Sta= ck:
0000000000000001 ffff88012bb9bb88 ffff880028078e98 ffffffff8= 1087224
<0> ffff880028078e78 ffff880028078e78 ffff88015f808540 0= 0000000000004f1
<0> ffff880028078ea8 ffffffff81010118 ffff880028= 078ee8 ffffffff810a936a
Call Trace:
<IRQ>
[&l= t;ffffffff81087224>] generic_smp_call_function_single_interrupt+0xd8/0= xfc
[<ffffffff81010118>] xen_call_function_single_interrup= t+0x13/0x28
[<ffffffff810a936a>] handle_IRQ_event+0x66/0x1= 20
[<ffffffff810aac5b>] handle_percpu_irq+0x41/0x6e
&nb= sp;[<ffffffff8128c1a8>] __xen_evtchn_do_upcall+0x1ab/0x27d
= ;[<ffffffff8128dcf9>] xen_evtchn_do_ upcall+0x33/0x46
[<ffffffff81013efe>] xen_do_hypervisor_c= allback+0x1e/0x30
<EOI>
[<ffffffff8100f8df>= ;] ? xen_restore_fl_direct_end+0x0/0x1
[<ffffffff8100922a>= ] ? hypercall_page+0x22a/0x1000
[<ffffffff8100922a>] ? hyp= ercall_page+0x22a/0x1000
[<ffffffff81447292>] ? _spin_unlo= ck_irqrestore+0x15/0x17
[<ffffffff8100f195>] ? xen_force_e= vtchn_callback+0xd/0xf
[<ffffffff8100f8f2>] ? check_events= +0x12/0x20
[<ffffffff81447292>] ? _spin_unlock_irqrestore+= 0x15/0x17
[<ffffffff8100f8df>] ? xen_restore_fl_direct_end= +0x0/0x1
[<ffffffff8100f8df>] ? xen_restore_fl_direct_end+= 0x0/0x1
[<ffffffff8100d47f>] ? xen_mc_issue+0x2e/0x33
&= nbsp;[<ffffffff8100e42f>] ? __xen_pgd_pin+0xc1/0xc9
[<f= fffffff8100e449>] ? xen_pgd_pin+0x12/0x14
[<ffffffff8100e4= 70>] ? xen_activate_mm+0x25/0x2f
&nb sp;[<ffffffff81113f59>] ? flush_old_exec+0x390/0x500
[<= ;ffffffff81150dc9>] ? load_elf_binary+0x0/0x17ef
[<fffffff= f81150dc9>] ? load_elf_binary+0x0/0x17ef
[<ffffffff8115116= 1>] ? load_elf_binary+0x398/0x17ef
[<ffffffff81042fcf>]= ? need_resched+0x23/0x2d
[<ffffffff811f463c>] ? process_m= easurement+0xc0/0xd7
[<ffffffff81150dc9>] ? load_elf_binar= y+0x0/0x17ef
[<ffffffff81113098>] ? search_binary_handler+= 0xc8/0x255
[<ffffffff81114366>] ? do_execve+0x1c3/0x29e [<ffffffff8101155d>] ? sys_execve+0x43/0x5d
[<ff= ffffff8106fc45>] ? __call_usermodehelper+0x0/0x6f
[<ffffff= ff81013e28>] ? kernel_execve+0x68/0xd0
[<ffffffff8106fc45&= gt;] ? __call_usermodehelper+0x0/0x6f
[<ffffffff8100f8df>]= ? xen_restore_fl_direct_end+0x0/0x1
[<ffffffff8106fb64>] = ? ____call_usermodehelper+0x113/0x11e
& nbsp;[<ffffffff81013daa>] ? child_rip+0xa/0x20
[<fffff= fff8106fc45>] ? __call_usermodehelper+0x0/0x6f
[<ffffffff8= 1012f91>] ? int_ret_from_sys_call+0x7/0x1b
[<ffffffff81013= 71d>] ? retint_restore_args+0x5/0x6
[<ffffffff81013da0>= ] ? child_rip+0x0/0x20
Code: 75 3a 65 48 8b 04 25 c0 cb 00 00 48 83 b8= 78 02 00 00 00 74 1a 65 8b 34 25 c8 55 01 00 48 c7 c7 06 98 5b 81 31 c0 = e8 d9 90 04 00 <0f> 0b eb fe 65 8b 3c
25 78 e3 00 00 e8 e5 be 02 00 65 48 8b 1c     &n= bsp;           &nb= sp;           &nbs= p;
RIP&nb= sp; [<ffffffff8100e4c0>] drop_other_mm_ref+0x46/0x80
RSP &= lt;ffff880028078e58>
[<ffffffff8144006a>] ? init_amd+0x296/0x= 37a
[<ffffffff8100f195>] ? xen_force_evtchn_callback+0xd/0= xf
[<ffffffff8100f8f2>] ? check_events+0x12/0x20
= [<ffffffff81056487>] ? print_oops_end_marker+0x23/0x25
[&l= t;ffffffff81448165>] oops_end+0xb6/0xc6
[<ffffffff810166e5= >] die+0x5a/0x63
[<ffffffff81447a3c>] do_trap+0x115/0x1= 24
[<ffffffff810148e6>] do_invalid_op+0x9c/0xa5
[= <ffffffff8100e4c0>] ? drop_other_mm_ref+0x46/0x80
[<fff= fffff81057640>] ? printk+0xa7/0xa9
[<ffffffff81013b3b>] invalid_op+0x1b/0x20
[<ffff= ffff8144006a>] ? init_amd+0x296/0x37a
[<ffffffff8100e4c0&g= t;] ? drop_other_mm_ref+0x46/0x80
[<ffffffff8100e4c0>] ? d= rop_other_mm_ref+0x46/0x80
[<ffffffff81087224>] generic_sm= p_call_function_single_interrupt+0xd8/0xfc
[<ffffffff81010118= >] xen_call_function_single_interrupt+0x13/0x28
[<ffffffff= 810a936a>] handle_IRQ_event+0x66/0x120
[<ffffffff810aac5b&= gt;] handle_percpu_irq+0x41/0x6e
[<ffffffff8128c1a8>] __xe= n_evtchn_do_upcall+0x1ab/0x27d
[<ffffffff8128dcf9>] xen_ev= tchn_do_upcall+0x33/0x46
[<ffffffff81013efe>] xen_do_hyper= visor_callback+0x1e/0x30
<EOI> [<ffffffff8100f8df= >] ? xen_restore_fl_direct_end+0x0/0x1
[<ffffffff8100922a&= gt;] ? hypercall_page+0x22a/0x1000
[<ffffffff8100922a>] ? = hypercall_page+0x22a/0x1000
[< ffffffff81447292>] ? _spin_unlock_irqrestore+0x15/0x17
[<= ffffffff8100f195>] ? xen_force_evtchn_callback+0xd/0xf
[<f= fffffff8100f8f2>] ? check_events+0x12/0x20
[<ffffffff81447= 292>] ? _spin_unlock_irqrestore+0x15/0x17
[<ffffffff8100f8= df>] ? xen_restore_fl_direct_end+0x0/0x1
[<ffffffff8100f8d= f>] ? xen_restore_fl_direct_end+0x0/0x1
[<ffffffff8100d47f= >] ? xen_mc_issue+0x2e/0x33
[<ffffffff8100e42f>] ? __xe= n_pgd_pin+0xc1/0xc9
[<ffffffff8100e449>] ? xen_pgd_pin+0x1= 2/0x14
[<ffffffff8100e470>] ? xen_activate_mm+0x25/0x2f [<ffffffff81113f59>] ? flush_old_exec+0x390/0x500
[= <ffffffff81150dc9>] ? load_elf_binary+0x0/0x17ef
[<ffff= ffff81150dc9>] ? load_elf_binary+0x0/0x17ef
[<ffffffff8115= 1161>] ? load_elf_binary+0x398/0x17ef

--_d0481d91-bb04-4359-9d6b-4ca70b7f1b2c_-- --===============1205683555== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --===============1205683555==--