[#5635] OOM in trunk causes a double fault in trace decoding
Submitted By: Mike Frysinger
Open Date
2009-10-22 04:56:13 Close Date
2009-11-05 11:14:45
Priority:
Medium Assignee:
Robin Getz
Status:
Closed Fixed In Release:
N/A
Found In Release:
2010R1 Release:
Category:
N/A Board:
STAMP
Processor:
BF537 Silicon Revision:
Is this bug repeatable?:
Yes Resolution:
Fixed
Uboot version or rev.:
Toolchain version or rev.:
trunk 3675
App binary format:
N/A
Summary: OOM in trunk causes a double fault in trace decoding
Details:
simple code:
$ cat test.c
int main() { static long long a[1024 * 1024 * 20] = { 0 }; return a;}
$ bfin-uclinux-gcc test.c
$ rcp a.out root@bfin:/
root:/> /a.out
------------[ cut here ]------------
Badness at mm/page_alloc.c:1751
ADSP-BF537-0.2 500(MHz CCLK) 125(MHz SCLK) (mpu off)
Linux version 2.6.31.4-ADI-2010R1-pre (vapier@vapier) (gcc version 4.3.4 (ADI-trunk/git-053bcdc) ) #45 Thu Oct 22 03:40:39 EDT 2009
SEQUENCER STATUS: Not tainted
SEQSTAT: 00000021 IPEND: 8008 IMASK: ffff SYSCFG: 0006
EXCAUSE : 0x21
physical IVG3 asserted : <0xffa0081c> { _trap + 0x0 }
physical IVG15 asserted : <0xffa010ec> { _evt_system_call + 0x0 }
logical irq 6 mapped : <0xffa00498> { _timer_interrupt + 0x0 }
logical irq 10 mapped : <0x000b808c> { _bfin_rtc_interrupt + 0x0 }
logical irq 18 mapped : <0x000a4a90> { _bfin_serial_dma_rx_int + 0x0 }
logical irq 19 mapped : <0x000a47f4> { _bfin_serial_dma_tx_int + 0x0 }
logical irq 24 mapped : <0x000ae8dc> { _bfin_mac_interrupt + 0x0 }
RETE: <0x00000000> /* Maybe null pointer? */
RETN: <0x02853c84> /* kernel dynamic memory */
RETX: <0x00000480> /* Maybe fixed code section */
RETS: <0x00036534> { ___alloc_pages_nodemask + 0xac }
PC : <0x000365a4> { ___alloc_pages_nodemask + 0x11c }
DCPLB_FAULT_ADDR: <0x0016b4d0> /* kernel dynamic memory */
ICPLB_FAULT_ADDR: <0x000365a4> { ___alloc_pages_nodemask + 0x11c }
PROCESSOR STATE:
R0 : 00000000 R1 : 0000000d R2 : 00000000 R3 : 00000041
R4 : 00000010 R5 : 00000001 R6 : 000000d0 R7 : 00000000
P0 : 00000004 P1 : 0017e5bc P2 : 0016b4d0 P3 : 00000000
P4 : 0017efdc P5 : 0017efe0 FP : 00000000 SP : 02853ba8
LB0: ffa01860 LT0: ffa01860 LC0: 00000000
LB1: 0001847e LT1: 0001846c LC1: 00000000
B0 : 00000000 L0 : 00000000 M0 : 00000000 I0 : 02a7c834
B1 : 00000000 L1 : 00000000 M1 : 00000000 I1 : 02a7c800
B2 : 00000000 L2 : 00000000 M2 : 00000000 I2 : 00000000
B3 : 00000000 L3 : 00000000 M3 : 00000000 I3 : 00000000
A0.w: 00000000 A0.x: 00000000 A1.w: 00000000 A1.x: 00000000
USP : 0296bd50 ASTAT: 02003025
Hardware Trace:
0 Target : <0x00005178> { _trap_c + 0x0 }
Source : <0xffa007b0> { _exception_to_level5 + 0xa4 } CALL pcrel
1 Target : <0xffa0070c> { _exception_to_level5 + 0x0 }
Source : <0xffa005c0> { _bfin_return_from_exception + 0x20 } RTX
2 Target : <0xffa005a0> { _bfin_return_from_exception + 0x0 }
Source : <0xffa00664> { _ex_trap_c + 0x74 } JUMP.S
3 Target : <0xffa005f0> { _ex_trap_c + 0x0 }
Source : <0xffa00884> { _trap + 0x68 } JUMP (P4)
4 Target : <0xffa0083c> { _trap + 0x20 }
Source : <0xffa00838> { _trap + 0x1c } IF !CC JUMP
5 Target : <0xffa0081c> { _trap + 0x0 }
Source : <0x000365a2> { ___alloc_pages_nodemask + 0x11a } IF CC JUMP
6 Target : <0x00036574> { ___alloc_pages_nodemask + 0xec }
Source : <0x00036538> { ___alloc_pages_nodemask + 0xb0 } IF !CC JUMP
7 Target : <0x00036534> { ___alloc_pages_nodemask + 0xac }
Source : <0x00036382> { _get_page_from_freelist + 0x186 } RTS
8 Target : <0x0003636e> { _get_page_from_freelist + 0x172 }
Source : <0x0003c6f6> { _next_zones_zonelist + 0x26 } RTS
9 Target : <0x0003c6ee> { _next_zones_zonelist + 0x1e }
Source : <0x0003c6e0> { _next_zones_zonelist + 0x10 } IF !CC JUMP
10 Target : <0x0003c6d0> { _next_zones_zonelist + 0x0 }
Source : <0x0003636a> { _get_page_from_freelist + 0x16e } CALL pcrel
11 Target : <0x00036356> { _get_page_from_freelist + 0x15a }
Source : <0x00036480> { _get_page_from_freelist + 0x284 } IF CC JUMP
12 Target : <0x0003647e> { _get_page_from_freelist + 0x282 }
Source : <0x00034944> { _zone_watermark_ok + 0x78 } RTS
13 Target : <0x00034940> { _zone_watermark_ok + 0x74 }
Source : <0x0003491c> { _zone_watermark_ok + 0x50 } IF !CC JUMP
14 Target : <0x000348fe> { _zone_watermark_ok + 0x32 }
Source : <0x000348f0> { _zone_watermark_ok + 0x24 } IF CC JUMP
15 Target : <0x000348ee> { _zone_watermark_ok + 0x22 }
Source : <0x000348e2> { _zone_watermark_ok + 0x16 } IF CC JUMP
Allocation of length 167780352 from process 160 (a.out) failed
DMA per-cpu:
CPU 0: hi: 0, btch: 1 usd: 0
Active_anon:0 active_file:190 inactive_anon:0
inactive_file:1448 unevictable:0 dirty:0 writeback:0 unstable:0
free:11353 slab:383 mapped:0 pagetables:0 bounce:0
DMA free:45412kB min:4096kB low:5120kB high:6144kB active_anon:0kB inactive_anon:0kB active_file:760kB inactive_file:5792kB unevictable:0kB present:56892kB pages_scanned:0 all_unre
claimable? no
lowmem_reserve[]: 0 0 0
DMA: 3*4kB 5*8kB 5*16kB 7*32kB 6*64kB 3*128kB 5*256kB 2*512kB 3*1024kB 3*2048kB 2*4096kB 1*8192kB 1*16384kB 0*32768kB = 45412kB
1643 total pagecache pages
NULL pointer access
Kernel OOPS in progress
Deferred Exception context
CURRENT PROCESS:
COMM=a.out PID=160
CPU = 0
TEXT = 0x(null)-0x(null) DATA = 0x(null)-0x(null)
BSS = 0x(null)-0x(null) USER-STACK = 0x(null)
return address: [0x00043866]; contents of:
0x00043840: 09d3 2fb1 ad1a 0c42 1ba0 e511 0011 0c41
0x00043850: 1b96 304b 6002 63f8 0061 2f8b 3208 0030
0x00043860: 61f9 0041 6201 [a14a] 5408 67fa 0c00 b14a
0x00043870: 1c07 e14a 0017 e10a 20c8 9110 0040 0c02
ADSP-BF537-0.2 500(MHz CCLK) 125(MHz SCLK) (mpu off)
Linux version 2.6.31.4-ADI-2010R1-pre (vapier@vapier) (gcc version 4.3.4 (ADI-trunk/git-053bcdc) ) #45 Thu Oct 22 03:40:39 EDT 2009
SEQUENCER STATUS: Tainted: G W
SEQSTAT: 00060027 IPEND: 8008 IMASK: 003f SYSCFG: 0006
Peripheral interrupts masked off
Kernel interrupts masked off
EXCAUSE : 0x27
physical IVG3 asserted : <0xffa0081c> { _trap + 0x0 }
physical IVG15 asserted : <0xffa010ec> { _evt_system_call + 0x0 }
logical irq 6 mapped : <0xffa00498> { _timer_interrupt + 0x0 }
logical irq 10 mapped : <0x000b808c> { _bfin_rtc_interrupt + 0x0 }
logical irq 18 mapped : <0x000a4a90> { _bfin_serial_dma_rx_int + 0x0 }
logical irq 19 mapped : <0x000a47f4> { _bfin_serial_dma_tx_int + 0x0 }
logical irq 24 mapped : <0x000ae8dc> { _bfin_mac_interrupt + 0x0 }
RETE: <0x00000000> /* Maybe null pointer? */
NULL pointer access
Kernel OOPS in progress
Deferred Exception context
No Valid process in current context
return address: [0xffa00976]; contents of:
0xffa00950: 0000 0010 e10a 2108 e14a ffe0 0023 9110
0xffa00960: b070 3107 b230 307e e106 e000 e146 ffff
0xffa00970: 55f7 3217 9152 [e716] 0081 e127 0172 3070
0xffa00980: 08be 1382 307e e106 e000 e146 ffff 55f7
Follow-ups
--- Robin Getz 2009-10-22 10:58:07
It doesn't look like double fault handing is working properly either...
Recovering from DOUBLE FAULT event
While handling exception (EXCAUSE = 0x0) at (null)
DCPLB_FAULT_ADDR: (null)
ICPLB_FAULT_ADDR: (null)
The instruction at _d_path+0x3a/0x7c caused a double exception
But anyway -- it looks like the d_path changes that were made recently in
./traps_c:decode_address() are causing a problem.
-Robin
--- Mike Frysinger 2009-11-05 07:46:31
Robin sent a fix for the double fault upstream (and ive since merged it into
trunk), so the only thing left here is to commit some code Robin has to avoid
parsing userspace maps when double faulting
--- Robin Getz 2009-11-05 10:45:41
For some reason -- I thought I committed that already - but svn diff said
otherwise...
Committed now.
-Robin
--- Mike Frysinger 2009-11-05 11:14:45
things work for me now, so nothing left to do here
Files
Changes
Commits
Dependencies
Duplicates
Associations
Tags
File Name File Type File Size Posted By
No Files Were Found