[#5635] OOM in trunk causes a double fault in trace decoding

Document created by Aaronwu Employee on Sep 5, 2013
Version 1Show Document
  • View in full screen mode

[#5635] OOM in trunk causes a double fault in trace decoding

Submitted By: Mike Frysinger

Open Date

2009-10-22 04:56:13     Close Date

2009-11-05 11:14:45

Priority:

Medium     Assignee:

Robin Getz

Status:

Closed     Fixed In Release:

N/A

Found In Release:

2010R1     Release:

Category:

N/A     Board:

STAMP

Processor:

BF537     Silicon Revision:

Is this bug repeatable?:

Yes     Resolution:

Fixed

Uboot version or rev.:

    Toolchain version or rev.:

trunk 3675

App binary format:

N/A     

Summary: OOM in trunk causes a double fault in trace decoding

Details:

 

simple code:

$ cat test.c

int main() { static long long a[1024 * 1024 * 20] = { 0 }; return a;}

 

$ bfin-uclinux-gcc test.c

$ rcp a.out root@bfin:/

 

root:/> /a.out

------------[ cut here ]------------

Badness at mm/page_alloc.c:1751

 

ADSP-BF537-0.2 500(MHz CCLK) 125(MHz SCLK) (mpu off)

Linux version 2.6.31.4-ADI-2010R1-pre (vapier@vapier) (gcc version 4.3.4 (ADI-trunk/git-053bcdc) ) #45 Thu Oct 22 03:40:39 EDT 2009

 

SEQUENCER STATUS:               Not tainted

SEQSTAT: 00000021  IPEND: 8008  IMASK: ffff  SYSCFG: 0006

  EXCAUSE   : 0x21

  physical IVG3 asserted : <0xffa0081c> { _trap + 0x0 }

  physical IVG15 asserted : <0xffa010ec> { _evt_system_call + 0x0 }

  logical irq   6 mapped  : <0xffa00498> { _timer_interrupt + 0x0 }

  logical irq  10 mapped  : <0x000b808c> { _bfin_rtc_interrupt + 0x0 }

  logical irq  18 mapped  : <0x000a4a90> { _bfin_serial_dma_rx_int + 0x0 }

  logical irq  19 mapped  : <0x000a47f4> { _bfin_serial_dma_tx_int + 0x0 }

  logical irq  24 mapped  : <0x000ae8dc> { _bfin_mac_interrupt + 0x0 }

RETE: <0x00000000> /* Maybe null pointer? */

RETN: <0x02853c84> /* kernel dynamic memory */

RETX: <0x00000480> /* Maybe fixed code section */

RETS: <0x00036534> { ___alloc_pages_nodemask + 0xac }

PC  : <0x000365a4> { ___alloc_pages_nodemask + 0x11c }

DCPLB_FAULT_ADDR: <0x0016b4d0> /* kernel dynamic memory */

ICPLB_FAULT_ADDR: <0x000365a4> { ___alloc_pages_nodemask + 0x11c }

PROCESSOR STATE:

R0 : 00000000    R1 : 0000000d    R2 : 00000000    R3 : 00000041

R4 : 00000010    R5 : 00000001    R6 : 000000d0    R7 : 00000000

P0 : 00000004    P1 : 0017e5bc    P2 : 0016b4d0    P3 : 00000000

P4 : 0017efdc    P5 : 0017efe0    FP : 00000000    SP : 02853ba8

LB0: ffa01860    LT0: ffa01860    LC0: 00000000

LB1: 0001847e    LT1: 0001846c    LC1: 00000000

B0 : 00000000    L0 : 00000000    M0 : 00000000    I0 : 02a7c834

B1 : 00000000    L1 : 00000000    M1 : 00000000    I1 : 02a7c800

B2 : 00000000    L2 : 00000000    M2 : 00000000    I2 : 00000000

B3 : 00000000    L3 : 00000000    M3 : 00000000    I3 : 00000000

A0.w: 00000000   A0.x: 00000000   A1.w: 00000000   A1.x: 00000000

USP : 0296bd50  ASTAT: 02003025

 

Hardware Trace:

   0 Target : <0x00005178> { _trap_c + 0x0 }

     Source : <0xffa007b0> { _exception_to_level5 + 0xa4 } CALL pcrel

   1 Target : <0xffa0070c> { _exception_to_level5 + 0x0 }

     Source : <0xffa005c0> { _bfin_return_from_exception + 0x20 } RTX

   2 Target : <0xffa005a0> { _bfin_return_from_exception + 0x0 }

     Source : <0xffa00664> { _ex_trap_c + 0x74 } JUMP.S

   3 Target : <0xffa005f0> { _ex_trap_c + 0x0 }

     Source : <0xffa00884> { _trap + 0x68 } JUMP (P4)

   4 Target : <0xffa0083c> { _trap + 0x20 }

     Source : <0xffa00838> { _trap + 0x1c } IF !CC JUMP

   5 Target : <0xffa0081c> { _trap + 0x0 }

     Source : <0x000365a2> { ___alloc_pages_nodemask + 0x11a } IF CC JUMP

   6 Target : <0x00036574> { ___alloc_pages_nodemask + 0xec }

     Source : <0x00036538> { ___alloc_pages_nodemask + 0xb0 } IF !CC JUMP

   7 Target : <0x00036534> { ___alloc_pages_nodemask + 0xac }

     Source : <0x00036382> { _get_page_from_freelist + 0x186 } RTS

   8 Target : <0x0003636e> { _get_page_from_freelist + 0x172 }

     Source : <0x0003c6f6> { _next_zones_zonelist + 0x26 } RTS

   9 Target : <0x0003c6ee> { _next_zones_zonelist + 0x1e }

     Source : <0x0003c6e0> { _next_zones_zonelist + 0x10 } IF !CC JUMP

  10 Target : <0x0003c6d0> { _next_zones_zonelist + 0x0 }

     Source : <0x0003636a> { _get_page_from_freelist + 0x16e } CALL pcrel

  11 Target : <0x00036356> { _get_page_from_freelist + 0x15a }

     Source : <0x00036480> { _get_page_from_freelist + 0x284 } IF CC JUMP

  12 Target : <0x0003647e> { _get_page_from_freelist + 0x282 }

     Source : <0x00034944> { _zone_watermark_ok + 0x78 } RTS

  13 Target : <0x00034940> { _zone_watermark_ok + 0x74 }

     Source : <0x0003491c> { _zone_watermark_ok + 0x50 } IF !CC JUMP

  14 Target : <0x000348fe> { _zone_watermark_ok + 0x32 }

     Source : <0x000348f0> { _zone_watermark_ok + 0x24 } IF CC JUMP

  15 Target : <0x000348ee> { _zone_watermark_ok + 0x22 }

     Source : <0x000348e2> { _zone_watermark_ok + 0x16 } IF CC JUMP

Allocation of length 167780352 from process 160 (a.out) failed

DMA per-cpu:

CPU    0: hi:    0, btch:   1 usd:   0

Active_anon:0 active_file:190 inactive_anon:0

inactive_file:1448 unevictable:0 dirty:0 writeback:0 unstable:0

free:11353 slab:383 mapped:0 pagetables:0 bounce:0

DMA free:45412kB min:4096kB low:5120kB high:6144kB active_anon:0kB inactive_anon:0kB active_file:760kB inactive_file:5792kB unevictable:0kB present:56892kB pages_scanned:0 all_unre

claimable? no

lowmem_reserve[]: 0 0 0

DMA: 3*4kB 5*8kB 5*16kB 7*32kB 6*64kB 3*128kB 5*256kB 2*512kB 3*1024kB 3*2048kB 2*4096kB 1*8192kB 1*16384kB 0*32768kB = 45412kB

1643 total pagecache pages

NULL pointer access

Kernel OOPS in progress

Deferred Exception context

CURRENT PROCESS:

COMM=a.out PID=160

CPU = 0

TEXT = 0x(null)-0x(null)        DATA = 0x(null)-0x(null)

BSS = 0x(null)-0x(null)  USER-STACK = 0x(null)

 

return address: [0x00043866]; contents of:

0x00043840:  09d3  2fb1  ad1a  0c42  1ba0  e511  0011  0c41

0x00043850:  1b96  304b  6002  63f8  0061  2f8b  3208  0030

0x00043860:  61f9  0041  6201 [a14a] 5408  67fa  0c00  b14a

0x00043870:  1c07  e14a  0017  e10a  20c8  9110  0040  0c02

 

ADSP-BF537-0.2 500(MHz CCLK) 125(MHz SCLK) (mpu off)

Linux version 2.6.31.4-ADI-2010R1-pre (vapier@vapier) (gcc version 4.3.4 (ADI-trunk/git-053bcdc) ) #45 Thu Oct 22 03:40:39 EDT 2009

 

SEQUENCER STATUS:               Tainted: G        W

SEQSTAT: 00060027  IPEND: 8008  IMASK: 003f  SYSCFG: 0006

  Peripheral interrupts masked off

  Kernel interrupts masked off

  EXCAUSE   : 0x27

  physical IVG3 asserted : <0xffa0081c> { _trap + 0x0 }

  physical IVG15 asserted : <0xffa010ec> { _evt_system_call + 0x0 }

  logical irq   6 mapped  : <0xffa00498> { _timer_interrupt + 0x0 }

  logical irq  10 mapped  : <0x000b808c> { _bfin_rtc_interrupt + 0x0 }

  logical irq  18 mapped  : <0x000a4a90> { _bfin_serial_dma_rx_int + 0x0 }

  logical irq  19 mapped  : <0x000a47f4> { _bfin_serial_dma_tx_int + 0x0 }

  logical irq  24 mapped  : <0x000ae8dc> { _bfin_mac_interrupt + 0x0 }

RETE: <0x00000000> /* Maybe null pointer? */

NULL pointer access

Kernel OOPS in progress

Deferred Exception context

No Valid process in current context

return address: [0xffa00976]; contents of:

0xffa00950:  0000  0010  e10a  2108  e14a  ffe0  0023  9110

0xffa00960:  b070  3107  b230  307e  e106  e000  e146  ffff

0xffa00970:  55f7  3217  9152 [e716] 0081  e127  0172  3070

0xffa00980:  08be  1382  307e  e106  e000  e146  ffff  55f7

 

Follow-ups

 

--- Robin Getz                                               2009-10-22 10:58:07

It doesn't look like double fault handing is working properly either...

 

Recovering from DOUBLE FAULT event

While handling exception (EXCAUSE = 0x0) at (null)

   DCPLB_FAULT_ADDR: (null)

   ICPLB_FAULT_ADDR: (null)

The instruction at _d_path+0x3a/0x7c caused a double exception

 

But anyway -- it looks like the d_path changes that were made recently in

./traps_c:decode_address() are causing a problem.

 

-Robin

 

--- Mike Frysinger                                           2009-11-05 07:46:31

Robin sent a fix for the double fault upstream (and ive since merged it into

trunk), so the only thing left here is to commit some code Robin has to avoid

parsing userspace maps when double faulting

 

--- Robin Getz                                               2009-11-05 10:45:41

For some reason -- I thought I committed that already - but svn diff said

otherwise...

 

Committed now.

-Robin

 

--- Mike Frysinger                                           2009-11-05 11:14:45

things work for me now, so nothing left to do here

 

 

 

    Files

    Changes

    Commits

    Dependencies

    Duplicates

    Associations

    Tags

 

File Name     File Type     File Size     Posted By

No Files Were Found

Attachments

    Outcomes