[#3999] Kernel crashes when allocator is set to slob

Document created by Aaronwu Employee on Aug 28, 2013
Version 1Show Document
  • View in full screen mode

[#3999] Kernel crashes when allocator is set to slob

Submitted By: Vivi Li

Open Date

2008-04-01 20:36:11     Close Date

2008-04-16 05:44:02

Priority:

Medium     Assignee:

Yi Li

Status:

Closed     Fixed In Release:

N/A

Found In Release:

N/A     Release:

Category:

N/A     Board:

N/A

Processor:

N/A     Silicon Revision:

Is this bug repeatable?:

Yes     Resolution:

Fixed

Uboot version or rev.:

    Toolchain version or rev.:

08r1-rc8

App binary format:

N/A     

Summary: Kernel crashes when allocator is set to slob

Details:

 

Kernel crashes for all board when allocator is set to slob(wt_slob/wb_slob).

 

Below is the log when default config is used and slob is set on bf537:

--

## Starting application at 0x0016e000 ...

Linux version 2.6.24.4-ADI-2008R2-pre-svn4516 (test@uclinux142-usb176x) (gcc version 4.1.2 (ADI svn8

console [early_BFuart0] enabled

early printk enabled on early_BFuart0

Warning: limiting memory to 56MB due to hardware anomaly 05000263

Board Memory: 64MB

Kernel Managed Memory: 64MB

Memory map:

  fixedcode = 0x00000400-0x00000490

  text      = 0x00001000-0x000ff8e0

  rodata    = 0x000ffa20-0x0014be74

  bss       = 0x0014be80-0x00159724

  data      = 0x00159724-0x0016e000

    stack   = 0x0016c000-0x0016e000

  init      = 0x0016e000-0x004f1000

  available = 0x004f1000-0x037ff000

  DMA Zone  = 0x03f00000-0x04000000

Hardware Trace Active and Enabled

Reset caused by Software reset

Blackfin support (C) 2004-2008 Analog Devices, Inc.

Compiled for ADSP-BF537 Rev 0.2

Blackfin Linux support by   blackfin.uclinux.org/

Processor Speed: 200 MHz core clock and 100 MHz System Clock

 

 

 

ANOMALY_05000273: CCLK must be >= 2*SCLK !!!

 

 

Instruction Cache Enabled

Data Cache Enabled (write-back)

Built 1 zonelists in Zone order, mobility grouping off.  Total pages: 14224

Kernel command line: root=/dev/mtdblock0 rw earlyprintk=serial,uart0,57600 ip=10.100.4.50:10.100.4.f

Configuring Blackfin Priority Driven Interrupts

PID hash table entries: 256 (order: 8, 1024 bytes)

console handover: boot [early_BFuart0] -> real [ttyBF0]

Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)

Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)

Memory available: 51700k/65536k RAM, (3596k init code, 1018k kernel code, 442k data, 1024k dma, 775)

Blackfin Scratchpad data SRAM: 4 KB

Blackfin Data A SRAM: 16 KB (15 KB free)

Blackfin Data B SRAM: 16 KB (16 KB free)

Blackfin Instruction SRAM: 48 KB (41 KB free)

Security Framework initialized

Mount-cache hash table entries: 512

net_namespace: 64 bytes

Data access misaligned address violation

- Attempted misaligned data memory or data cache access.

Kernel OOPS in progress

Deferred Exception context

CURRENT PROCESS:

COMM=swapper PID=1

invalid mm

return address: [0x00038e0c]; contents of:

0x00038de0:  ff27  3038  2fed  0000  0560  0167  6f86  a336

0x00038df0:  3028  63f8  b0f0  3039  3022  60a0  300e  6002

0x00038e00:  e3ff  ff16  3210  0c42  1820  489e [b0d5] 9317

0x00038e10:  1414  b096  a370  486e  b110  1c0c  6100  b050

 

SEQUENCER STATUS:               Not tainted

SEQSTAT: 00002024  IPEND: 8030  SYSCFG: 0006

  HWERRCAUSE: 0x0

  EXCAUSE   : 0x24

  physical IVG15 asserted : <0xffa00db8> { _evt_system_call + 0x0 }

  logical irq   6 mapped  : <0xffa00364> { _timer_interrupt + 0x0 }

RETE: <0x00000000> { _run_init_process + 0xfffff000 }

RETN: <0x00585f54> /* unknown address */

RETX: <0x00038e0c> { _kmem_cache_create + 0x24 }

RETS: <0x00038e04> { _kmem_cache_create + 0x1c }

PC  : <0x00038e0c> { _kmem_cache_create + 0x24 }

DCPLB_FAULT_ADDR: <0x037f7fd4> /* unknown address */

ICPLB_FAULT_ADDR: <0x00038e0c> { _kmem_cache_create + 0x24 }

 

PROCESSOR STATE:

R0 : 037f7fd6    R1 : 0000000b    R2 : 00000800    R3 : 00000000

R4 : 00000000    R5 : 00132408    R6 : 00040000    R7 : 0000005c

P0 : 00565ed8    P1 : 00565ef8    P2 : 037f7fd6    P3 : 00185454

P4 : 00584000    P5 : 001886b0    FP : 00188858    SP : 00585e78

LB0: ffa01840    LT0: ffa0183e    LC0: 00000000

LB1: 00082fa4    LT1: 00082f98    LC1: 00000000

B0 : 00000000    L0 : 00000000    M0 : 00000000    I0 : 0014de54

B1 : 00000000    L1 : 00000000    M1 : 00000000    I1 : 00000000

B2 : 00000000    L2 : 00000000    M2 : 00000000    I2 : 00000000

B3 : 00000000    L3 : 00000000    M3 : 00000000    I3 : 00000000

A0.w: 00000000   A0.x: 00000000   A1.w: 00000000   A1.x: 00000000

USP : 00000000  ASTAT: 00003024

 

Hardware Trace:

   0 Target : <0x0000464c> { _trap_c + 0x0 }

     Source : <0xffa006c4> { _exception_to_level5 + 0xb4 }

   1 Target : <0xffa00610> { _exception_to_level5 + 0x0 }

     Source : <0xffa0056c> { _ex_trap_c + 0x5c }

   2 Target : <0xffa00510> { _ex_trap_c + 0x0 }

     Source : <0xffa00764> { _trap + 0x28 }

   3 Target : <0xffa0073c> { _trap + 0x0 }

     Source : <0x00038e0a> { _kmem_cache_create + 0x22 }

   4 Target : <0x00038e04> { _kmem_cache_create + 0x1c }

     Source : <0x00038ccc> { _slob_alloc + 0xa0 }

   5 Target : <0x00038cc2> { _slob_alloc + 0x96 }

     Source : <0x00038cbc> { _slob_alloc + 0x90 }

   6 Target : <0x00038ca2> { _slob_alloc + 0x76 }

     Source : <0x00038c92> { _slob_alloc + 0x66 }

   7 Target : <0x00038c7e> { _slob_alloc + 0x52 }

     Source : <0x00038850> { _slob_page_alloc + 0xd0 }

   8 Target : <0x00038846> { _slob_page_alloc + 0xc6 }

     Source : <0x00038820> { _slob_page_alloc + 0xa0 }

   9 Target : <0x00038814> { _slob_page_alloc + 0x94 }

     Source : <0x00038730> { _set_slob + 0x14 }

  10 Target : <0x0003871c> { _set_slob + 0x0 }

     Source : <0x00038810> { _slob_page_alloc + 0x90 }

  11 Target : <0x00038804> { _slob_page_alloc + 0x84 }

     Source : <0x00038736> { _set_slob + 0x1a }

  12 Target : <0x00038732> { _set_slob + 0x16 }

     Source : <0x0003872a> { _set_slob + 0xe }

  13 Target : <0x0003871c> { _set_slob + 0x0 }

     Source : <0x00038800> { _slob_page_alloc + 0x80 }

  14 Target : <0x000387fa> { _slob_page_alloc + 0x7a }

     Source : <0x00038742> { _slob_units + 0xa }

  15 Target : <0x00038738> { _slob_units + 0x0 }

     Source : <0x000387f6> { _slob_page_alloc + 0x76 }

Stack from 00585e58:

        000fea68 ffa006c8 0015bd0c 0015bd0c 0015bd08 00584000 00585f0c 00584000

        00038e0c 00008030 00002024 00000000 00585f54 00038e0c 00038e0c 00038e04

        037f7fd6 00003024 00082fa4 ffa01840 00082f98 ffa0183e 00000000 00000000

        00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

        00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

        00000000 00000000 00000000 0014de54 00000000 00188858 001886b0 00584000

 

Call Trace:

[<00040000>] _get_write_access+0x4/0x34

[<0001555c>] _user_kobject_create+0xa8/0xbc

[<00040000>] _get_write_access+0x4/0x34

[<0017faa6>] _filelock_init+0x26/0x38

[<0016e5e8>] _kernel_init+0x88/0x234

[<00040000>] _get_write_access+0x4/0x34

[<000474a4>] _init_once+0x0/0x8

[<0016e5e8>] _kernel_init+0x88/0x234

[<0016e560>] _kernel_init+0x0/0x234

[<00001686>] _kernel_thread_helper+0x6/0xc

 

Modules linked in:

Kernel panic - not syncing: Kernel exception

--

 

Follow-ups

 

--- Mike Frysinger                                           2008-04-01 22:45:56

the message in the middle probably shouldnt be ignored:

ANOMALY_05000273: CCLK must be >= 2*SCLK !!!

 

--- Vivi Li                                                  2008-04-02 00:56:46

I noticed that the clock for uboot is not default value, so tried it with

another uboot. It still crashes. This happens not only for 537 but other

platforms.

 

--

U-Boot 1.1.6-svn1168 (ADI-2008R1) (Apr  2 2008 - 08:53:59)

 

CPU:   ADSP bf537-0.2 (Detected Rev: 0.2)

Board: ADI BF537 stamp board

       Support:   blackfin.uclinux.org/

Clock: VCO: 500 MHz, Core: 500 MHz, System: 100 MHz

RAM:   64 MB

Flash:  4 MB

In:    serial

Out:   serial

Err:   serial

Net:   Blackfin EMAC

MAC:   00:E0:22:FE:47:D4

I2C:   ready

Hit any key to stop autoboot:  0

Using Blackfin EMAC device

TFTP from server 10.100.4.174; our IP address is 10.100.4.50

Filename 'linux'.

Load address: 0x1000000

Loading: #################################################################

         #################################################################

         #################################################################

         #################################################################

         #################################################################

         #################################################################

         #################################################################

         #################################################################

         #################################################################

         #################################################################

         #################################################################

         #################################################################

         #################################################################

         #################################################################

         #################################################################

         #################################################################

         #################################################################

         ########

done

Bytes transferred = 5695003 (56e61b hex)

Loading .text @ 0x00001000 (1042160 bytes)

Loading .exit.text.refok @ 0x000ff6f0 (296 bytes)

Loading .rodata @ 0x000ff820 (247248 bytes)

Loading __ksymtab @ 0x0013bdf0 (14880 bytes)

Loading __ksymtab_gpl @ 0x0013f810 (4160 bytes)

Loading __ksymtab_strings @ 0x00140850 (45820 bytes)

Loading __param @ 0x0014bb4c (300 bytes)

Clearing .bss @ 0x0014bc80 (55460 bytes)

Loading .data @ 0x00159524 (76508 bytes)

Loading .init.text @ 0x0016c000 (94788 bytes)

Loading .init.data @ 0x00183244 (12800 bytes)

Loading .init.setup @ 0x00186444 (600 bytes)

Loading .initcall.init @ 0x0018669c (444 bytes)

Loading .con_initcall.init @ 0x00186858 (4 bytes)

Loading .init.ramfs @ 0x0018685c (3565494 bytes)

Loading .text_l1 @ 0xffa00000 (6984 bytes)

sh_addr: FFA00000, p_paddr: 004ED012

Loading from: 014E1000 to 004ED012, size: 6984

Loading .data_l1 @ 0xff800000 (192 bytes)

sh_addr: FF800000, p_paddr: 004EEB5A

Loading from: 014E3000 to 004EEB5A, size: 192

## Starting application at 0x0016c000 ...

Linux version 2.6.24.4-ADI-2008R2-pre-svn4516 (test@uclinux142-usb176x) (gcc

version 4.1.2 (ADI svn8

console [early_BFuart0] enabled

early printk enabled on early_BFuart0

Warning: limiting memory to 56MB due to hardware anomaly 05000263

Board Memory: 64MB

Kernel Managed Memory: 64MB

Memory map:

  fixedcode = 0x00000400-0x00000490

  text      = 0x00001000-0x000ff6f0

  rodata    = 0x000ff820-0x0014bc78

  bss       = 0x0014bc80-0x00159524

  data      = 0x00159524-0x0016c000

    stack   = 0x0016a000-0x0016c000

  init      = 0x0016c000-0x004ef000

  available = 0x004ef000-0x037ff000

  DMA Zone  = 0x03f00000-0x04000000

Hardware Trace Active and Enabled

Reset caused by Software reset

Blackfin support (C) 2004-2008 Analog Devices, Inc.

Compiled for ADSP-BF537 Rev 0.2

Blackfin Linux support by   blackfin.uclinux.org/

Processor Speed: 500 MHz core clock and 100 MHz System Clock

Instruction Cache Enabled

Data Cache Enabled (write-through)

Built 1 zonelists in Zone order, mobility grouping off.  Total pages: 14224

Kernel command line: root=/dev/mtdblock0 rw earlyprintk=serial,uart0,57600

ip=10.100.4.50:10.100.4.f

Configuring Blackfin Priority Driven Interrupts

PID hash table entries: 256 (order: 8, 1024 bytes)

console handover: boot [early_BFuart0] -> real [ttyBF0]

Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)

Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)

Memory available: 51708k/65536k RAM, (3596k init code, 1017k kernel code, 435k

data, 1024k dma, 775)

Blackfin Scratchpad data SRAM: 4 KB

Blackfin Data A SRAM: 16 KB (15 KB free)

Blackfin Data B SRAM: 16 KB (16 KB free)

Blackfin Instruction SRAM: 48 KB (41 KB free)

Security Framework initialized

Mount-cache hash table entries: 512

net_namespace: 64 bytes

NET: Registered protocol family 16

Blackfin GPIO Controller

Blackfin DMA Controller

stamp_init(): registering device resources

Data access misaligned address violation

- Attempted misaligned data memory or data cache access.

Kernel OOPS in progress

Deferred Exception context

CURRENT PROCESS:

COMM=swapper PID=1

invalid mm

return address: [0x00038d90]; contents of:

0x00038d70:  6f86  a336  3028  63f8  b0f0  3039  3022  60a0

0x00038d80:  300e  6002  e3ff  ff16  3210  0c42  1820  489e

0x00038d90: [b0d5] 9317  1414  b096  a370  486e  b110  1c0c

0x00038da0:  6100  b050  a050  09a0  1002  b054  6c86  0127

 

SEQUENCER STATUS:               Not tainted

SEQSTAT: 00002024  IPEND: 8030  SYSCFG: 0006

  HWERRCAUSE: 0x0

  EXCAUSE   : 0x24

  physical IVG15 asserted : <0xffa00db8> { _evt_system_call + 0x0 }

  logical irq   6 mapped  : <0xffa00364> { _timer_interrupt + 0x0 }

RETE: <0x00000000> { _run_init_process + 0xfffff000 }

RETN: <0x00583f1c> /* unknown address */

RETX: <0x00038d90> { _kmem_cache_create + 0x24 }

RETS: <0x00038d88> { _kmem_cache_create + 0x1c }

PC  : <0x00038d90> { _kmem_cache_create + 0x24 }

DCPLB_FAULT_ADDR: <0x037f1374> /* unknown address */

ICPLB_FAULT_ADDR: <0x00038d90> { _kmem_cache_create + 0x24 }

 

PROCESSOR STATE:

R0 : 037f1376    R1 : 000000c7    R2 : 00000293    R3 : ffffffff

R4 : 00000000    R5 : 037f1364    R6 : 00002000    R7 : 00000040

P0 : 004ff038    P1 : 00563e38    P2 : 037f1376    P3 : 00183454

P4 : 00167978    P5 : 0016792c    FP : 00186858    SP : 00583e40

LB0: ffa01848    LT0: ffa01846    LC0: 00000000

LB1: 00083264    LT1: 0008325a    LC1: 00000000

B0 : 00000000    L0 : 00000000    M0 : 00000000    I0 : 0014dc54

B1 : 00000000    L1 : 00000000    M1 : 00000000    I1 : 00583e70

B2 : 00000000    L2 : 00000000    M2 : 00000000    I2 : 00000000

B3 : 00000000    L3 : 00000000    M3 : 00000000    I3 : 00000000

A0.w: 00000000   A0.x: 00000000   A1.w: 00000000   A1.x: 00000000

USP : 00000000  ASTAT: 00003024

 

Hardware Trace:

   0 Target : <0x0000464c> { _trap_c + 0x0 }

     Source : <0xffa006c4> { _exception_to_level5 + 0xb4 }

   1 Target : <0xffa00610> { _exception_to_level5 + 0x0 }

     Source : <0xffa0056c> { _ex_trap_c + 0x5c }

   2 Target : <0xffa00510> { _ex_trap_c + 0x0 }

     Source : <0xffa00764> { _trap + 0x28 }

   3 Target : <0xffa0073c> { _trap + 0x0 }

     Source : <0x00038d8e> { _kmem_cache_create + 0x22 }

   4 Target : <0x00038d88> { _kmem_cache_create + 0x1c }

     Source : <0x00038c50> { _slob_alloc + 0xa0 }

   5 Target : <0x00038c46> { _slob_alloc + 0x96 }

     Source : <0x00038c40> { _slob_alloc + 0x90 }

   6 Target : <0x00038c26> { _slob_alloc + 0x76 }

     Source : <0x00038c16> { _slob_alloc + 0x66 }

   7 Target : <0x00038c02> { _slob_alloc + 0x52 }

     Source : <0x000387d4> { _slob_page_alloc + 0xd0 }

   8 Target : <0x000387ca> { _slob_page_alloc + 0xc6 }

     Source : <0x000387a4> { _slob_page_alloc + 0xa0 }

   9 Target : <0x00038798> { _slob_page_alloc + 0x94 }

     Source : <0x000386b4> { _set_slob + 0x14 }

  10 Target : <0x000386a0> { _set_slob + 0x0 }

     Source : <0x00038794> { _slob_page_alloc + 0x90 }

  11 Target : <0x00038788> { _slob_page_alloc + 0x84 }

     Source : <0x00038840> { _slob_page_alloc + 0x13c }

  12 Target : <0x00038838> { _slob_page_alloc + 0x134 }

     Source : <0x00038772> { _slob_page_alloc + 0x6e }

  13 Target : <0x00038768> { _slob_page_alloc + 0x64 }

     Source : <0x000386e6> { _slob_next + 0x1e }

  14 Target : <0x000386c8> { _slob_next + 0x0 }

     Source : <0x00038764> { _slob_page_alloc + 0x60 }

  15 Target : <0x00038754> { _slob_page_alloc + 0x50 }

     Source : <0x00038742> { _slob_page_alloc + 0x3e }

Stack from 00583e20:

        00000000 ffa006c8 0015bb0c 0015bb0c 0015bb08 037ca8a0 00000000

001573a0

        00038d90 00008030 00002024 00000000 00583f1c 00038d90 00038d90

00038d88

        037f1376 00003024 00083264 ffa01848 0008325a ffa01846 00000000

00000000

        00000000 00000000 00000000 00000000 00000000 00000000 00000000

00000000

        00000000 00000000 00000000 00000000 00000000 00000000 00000000

00000000

        00000000 00000000 00583e70 0014dc54 00000000 00186858 0016792c

00167978

 

Call Trace:

[<00002000>] _get_sclk+0x10/0x58

[<00002000>] _get_sclk+0x10/0x58

[<000aef4a>] _proto_register+0xa2/0x174

[<00002000>] _get_sclk+0x10/0x58

[<00002000>] _get_sclk+0x10/0x58

[<00181fb8>] _inet_init+0x14/0x2b4

[<0017da28>] _init_pipe_fs+0x30/0x58

[<0016c5e8>] _kernel_init+0x88/0x234

[<0016c560>] _kernel_init+0x0/0x234

[<00001686>] _kernel_thread_helper+0x6/0xc

 

Modules linked in:

Kernel panic - not syncing: Kernel exception

--

 

--- Yi Li                                                    2008-04-11 06:52:28

tested using trunk toolchain, still fails:

 

struct kmem_cache *kmem_cache_create(const char *name, size_t size,

        size_t align, unsigned long flags,

        void (*ctor)(struct kmem_cache *, void *))

{

        struct kmem_cache *c;

 

        c = slob_alloc(sizeof(struct kmem_cache), flags, 0, -1);

 

        if (c) {

                c->name = name; <-- this triggers exception

                c->size = size;

 

--- Yi Li                                                    2008-04-14 02:59:03

objdump shows:

 

000006cc <_kmem_cache_create>:

6cc:   60 05           [--SP] = (R7:4);

6ce:   67 01           [--SP] = RETS;

6d0:   86 6f           SP += -0x10;            /* (-16) */

6d2:   36 a3           R6 = [SP + 0x30];

6d4:   28 30           R5 = R0;

6d6:   f8 63           R0 = -0x1 (X);          /*              R0=0xffffffff(

-1) */

6d8:   f0 b0           [SP + 0xc] = R0;

6da:   39 30           R7 = R1;

6dc:   22 30           R4 = R2;

6de:   a0 60           R0 = 0x14 (X);          /*              R0=0x14( 20)

*/

6e0:   0e 30           R1 = R6;

6e2:   02 60           R2 = 0x0 (X);           /*              R2=0x0(  0) */

6e4:   ff e3 16 ff     CALL 0x510 <_slob_alloc>;

6e8:   10 32           P2 = R0;

6ea:   42 0c           CC = P2 == 0x0;

6ec:   20 18           IF CC JUMP 0x72c <_kmem_cache_create+0x60>;

6ee:   9e 48           CC = !BITTST (R6, 0x13);                /* bit 19 */

6f0:   d5 b0           [P2 + 0xc] = R5;

6f2:   17 93           [P2] = R7;

6f4:   14 14           IF !CC JUMP 0x71c <_kmem_cache_create+0x50>

(BP);

6f6:   96 b0           [P2 + 0x8] = R6; <--- misalign exception happens

here

 

P2 : 037f1376

P2 is not aligned to 4 bytes.

 

Bellow patch can fix this issue, but there should be some more reasonable fix.

 

Index: slob.c

===================================================================

--- slob.c      (revision 4569)

+++ slob.c      (working copy)

@@ -510,7 +510,7 @@

{

        struct kmem_cache *c;

 

-       c = slob_alloc(sizeof(struct kmem_cache), flags, 0, -1);

+       c = slob_alloc(sizeof(struct kmem_cache), flags, 4, -1);

 

        if (c) {

                c->name = name;

 

 

--- Mike Frysinger                                           2008-04-14 03:10:53

the same change was posted to another bug, but without any explanation from the

poster ...

 

--- Yi Li                                                    2008-04-14 05:26:07

fixed. using ARCH_KMALLOC_MINALIGN to force alignment.

 

slob.c:

"#ifndef ARCH_KMALLOC_MINALIGN

#define ARCH_KMALLOC_MINALIGN __alignof__(unsigned long)

#endif

"

 

--- Vivi Li                                                  2008-04-16 05:44:01

OK now. Close it.

 

 

 

    Files

    Changes

    Commits

    Dependencies

    Duplicates

    Associations

    Tags

 

File Name     File Type     File Size     Posted By

No Files Were Found

Attachments

    Outcomes