From: Al Viro <viro@ZenIV.linux.org.uk>
To: Alexander Shaduri <ashaduri@gmail.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: BUG: unable to handle kernel paging request at virtual address
Date: Sat, 5 Jan 2008 09:10:12 +0000 [thread overview]
Message-ID: <20080105091012.GG27894@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20080104213812.20268840@linux.localdomain>
On Fri, Jan 04, 2008 at 09:38:12PM +0400, Alexander Shaduri wrote:
>
> I got the following message, shortly followed by a system hang.
> BUG: unable to handle kernel paging request at virtual address 48464443
>
> (see the oops below).
AFAICS, it's quicklist_alloc() called from pgd_alloc():
static inline void *quicklist_alloc(int nr, gfp_t flags, void (*ctor)(void *))
{
struct quicklist *q;
void **p = NULL;
q =&get_cpu_var(quicklist)[nr];
p = q->page;
if (likely(p)) {
q->page = p[0];
and we have q->page == 0x48464443. Seeing how we assign that sucker, that
smells like we've got a page on quicklist with {0x43, 0x44, 0x46, 0x48}
in its first 4 bytes. Instead of having address of the next page stored
in there...
Do other oopsen of the same kind give the same value? The shortest
scenario I can see for that is
* something accidentally frees a page
* pgd_alloc() grabs it
* pgd_free() releases it and puts on quicklist; the first 4 bytes
are zeroed.
* whatever used to hold that page modifies it, overwriting its
beginning
* next pgd_alloc() grabs that page and advances quicklist - sets
it to the first 4 bytes of that page. At that point we are well and truly
fucked - quicklist is corrupted and once we need more pgd we'll get that
oops.
The question is, what's losing and then overwriting that page in the
first place?
next prev parent reply other threads:[~2008-01-05 9:10 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-04 17:38 BUG: unable to handle kernel paging request at virtual address Alexander Shaduri
2008-01-05 9:10 ` Al Viro [this message]
2008-01-05 13:36 ` Alexander Shaduri
2008-01-05 14:34 ` Mikael Pettersson
2008-01-05 14:46 ` Alexander Shaduri
2008-01-05 20:16 ` Al Viro
2008-01-05 20:30 ` Alexander Shaduri
2008-01-05 21:20 ` Alexey Dobriyan
2008-01-05 21:30 ` Alexander Shaduri
2008-01-22 13:40 ` Alexander Shaduri
-- strict thread matches above, loose matches on Subject: below --
2006-08-01 8:09 Chuck Ebbert
2006-07-31 14:48 Stephen Lynch
2006-07-31 15:07 ` Ingo Oeser
2006-07-31 17:48 ` Stephen Lynch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080105091012.GG27894@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=ashaduri@gmail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).