UP load_up_fpu crash (2.6.8-rc2)
Nathan Lynch
nathanl at austin.ibm.com
Tue Aug 17 12:54:55 EST 2004
On Tue, 2004-07-27 at 20:50, Paul Mackerras wrote:
> Nathan Lynch writes:
>
> > We seem to be broken with CONFIG_SMP=n on 2.6.8-rc2 and 2.6.8-rc1-mm1:
> >
> > Freeing unused kernel memory: 280k freed
> > INIT: version 2.85 booting
> > Vector: 300 (Data Access) at [c00000003f043bb0]
> > pc: c00000000000bab0: .load_up_fpu+0xb0/0x16c
> > lr: 00000000400272b8
> > sp: c00000003f043e30
> > msr: 8000000000003032
> > dar: 108
> > dsisr: 40000000
> > current = 0xc00000003f03d440
> > paca = 0xc0000000003cc000
> > pid = 327, comm = hotplug
> > enter ? for help
> > mon> t
> > [c00000003f043e30] c00000000000b4d8 .handle_page_fault+0x20/0x40
> > (unreliable)
> > --- Exception: 801 (FPU Unavailable) at 000000004000b908
> > SP (ffffe480) is in userspace
>
> This is very puzzling. It appears that we have taken a FPU
> unavailable trap from userspace, which is fine, but then it looks like
> we think some other task owns the FPU at the moment, and that task is
> a kernel thread.
>
> We are crashing because last_task_used_math->thread.regs is NULL.
> That should only happen for a kernel thread, but last_task_used_math
> should never point to a kernel thread. The only place that
> last_task_used_math gets set to a non-NULL value is in load_up_fpu,
> and that should only be called if we get a FPU unavailable trap from
> usermode.
>
> It would be very useful to see what last_task_used_math contains at
> the time of the crash, and see what last_task_used_math->comm is, so
> we can work out whether the task that owns the FPU is in fact a kernel
> thread - in which case we need to work out how last_task_used_math is
> getting to point at it - or if it isn't a kernel thread, in which case
> we need to work out why task->thread.regs is NULL for that task.
Sorry to take so long to investigate this further. Still happens with
2.6.8.1-mm1:
Vector: 300 (Data Access) at [c0000003df1bfbb0]
pc: c00000000000b8b0: .load_up_fpu+0xb0/0x16c
lr: 00000000400272b8
sp: c0000003df1bfe30
msr: 8000000000003032
dar: 108
dsisr: 40000000
current = 0xc0000003df1bb440
paca = 0xc0000000003f0000
pid = 836, comm = hotplug
mon> t
[c0000003df1bfe30] c00000000000b2d8 .handle_page_fault+0x20/0x40
(unreliable)
--- Exception: 801 (FPU Unavailable) at 000000004000b908
SP (ffffe480) is in userspace
mon> ls last_task_used_math
last_task_used_math: c0000000005ede90
mon> d c0000000005ede90
c0000000005ede90 c00000000f6151c0 0000000000000000 |.....aQ.........|
c0000000005edea0 0000000000000000 0000000000000000 |................|
c0000000005edeb0 0000000000000000 0000000000000000 |................|
c0000000005edec0 0000000000000000 0000000000000000 |................|
mon> d c00000000f6151c0
c00000000f6151c0 0000000000000002 c00000000f618000 |.............a..|
c00000000f6151d0 0000000400000000 0000000000000100 |................|
c00000000f6151e0 0000000000000000 ffffffff00000073 |...............s|
c00000000f6151f0 0000007800000000 0000000000100100 |...x............|
mon>
c00000000f615200 0000000000200200 0000000000000000 |..... ..........|
c00000000f615210 000000003b9ac985 0000000000000065 |....;..........e|
c00000000f615220 00001a46ac04c868 0000000000000000 |...F...h........|
c00000000f615230 0000000000000000 0000000000000001 |................|
mon>
c00000000f615240 0000004d00000000 c00000000f614988 |...M.........aI.|
c00000000f615250 c00000000044f8a8 c00000000f615258 |.....D.......aRX|
c00000000f615260 c00000000f615258 c00000000f615268 |.....aRX.....aRh|
c00000000f615270 c00000000f615268 c0000000003e0bb0 |.....aRh.....>..|
mon>
c00000000f615280 c0000000003e0bb0 c000000000448d30 |.....>.......D.0|
c00000000f615290 0000000000000000 0000000000000000 |................|
c00000000f6152a0 0000000000000000 8000000000000001 |................|
c00000000f6152b0 0000000100000000 c00000000044f820 |.............D. |
mon>
c00000000f6152c0 c00000000044f820 c00000000f614a18 |.....D. .....aJ.|
c00000000f6152d0 c00000000f57e358 c00000000044f928 |.....W.X.....D.(|
c00000000f6152e0 c00000000044f928 c00000000f6151c0 |.....D.(.....aQ.|
c00000000f6152f0 c00000000f615318 c00000000f615318 |.....aS......aS.|
mon>
c00000000f615300 c00000000f615308 0000000100000001 |.....aS.........|
c00000000f615310 c00000000f6151c0 c00000000f6152f0 |.....aQ......aR.|
c00000000f615320 c00000000f6152f0 c00000000e1294b0 |.....aR.........|
c00000000f615330 c00000000e1294b0 c00000000f615360 |.............aS`|
mon>
c00000000f615340 c00000000f615360 c00000000f615350 |.....aS`.....aSP|
c00000000f615350 0000000100000001 c00000000f6151c0 |.............aQ.|
c00000000f615360 c00000000f615338 c00000000f615338 |.....aS8.....aS8|
c00000000f615370 c00000000e1394b0 c00000000e1394b0 |................|
mon>
c00000000f615380 c00000000f614ac0 c00000000044f9e0 |.....aJ......D..|
c00000000f615390 c00000000044f9f8 0000000000000001 |.....D..........|
c00000000f6153a0 c00000000044f820 c00000000044f9e0 |.....D. .....D..|
c00000000f6153b0 c00000000044f9e0 c00000000e13f680 |.....D..........|
mon>
c00000000f6153c0 c00000000e13f680 c00000000f614b08 |.............aK.|
c00000000f6153d0 c00000000044fa28 c00000000044fa40 |.....D.(.....D.@|
c00000000f6153e0 0000000000000001 c00000000044f820 |.............D. |
c00000000f6153f0 c00000000044fa28 c00000000044fa28 |.....D.(.....D.(|
mon>
c00000000f615400 c00000000e14f680 c00000000e14f680 |................|
c00000000f615410 c00000000f615410 c00000000f615410 |.....aT......aT.|
c00000000f615420 0000000000000000 0000000000000000 |................|
c00000000f615430 0000000000000000 0000000000000000 |................|
mon>
c00000000f615440 0000000000000000 0000000000000000 |................|
c00000000f615450 0000000000000000 0000000000000000 |................|
c00000000f615460 0000000000000000 0000000000000000 |................|
c00000000f615470 0000000000000000 0000000000000000 |................|
mon>
c00000000f615480 0000000000000000 000000004b87ad6e |............K..n|
c00000000f615490 c0000000005ae2c0 c00000000f6151c0 |.....Z.......aQ.|
c00000000f6154a0 0000000000000000 0000000000000000 |................|
c00000000f6154b0 0000000000000329 0000000000000000 |.......)........|
mon>
c00000000f6154c0 0000000000000000 00000000000005c1 |................|
c00000000f6154d0 0000000000000000 0000000000000000 |................|
c00000000f6154e0 0000000000000000 0000000000000148 |...............H|
c00000000f6154f0 000000000000002a 0000000000000005 |.......*........|
mon>
c00000000f615500 0000000000000000 0000000000000000 |................|
c00000000f615510 0000000000000000 0000000000000000 |................|
c00000000f615520 0000000000000000 0000000000000000 |................|
c00000000f615530 c000000000469108 fffffeff00000000 |.....F..........|
mon>
c00000000f615540 ffffffff00000000 c0000000004690b8 |.............F..|
c00000000f615550 ffffffffffffffff ffffffffffffffff |................|
c00000000f615560 ffffffffffffffff ffffffffffffffff |................|
c00000000f615570 ffffffffffffffff ffffffffffffffff |................|
mon>
c00000000f615580 0000000000800000 ffffffffffffffff |................|
c00000000f615590 0000000000000000 ffffffffffffffff |................|
c00000000f6155a0 ffffffffffffffff ffffffffffffffff |................|
c00000000f6155b0 000000000000f800 000000000000f800 |................|
c00000000f6155c0 0000000000000400 0000000000000400 |................|
c00000000f6155d0 0000000000008000 0000000000008000 |................|
c00000000f6155e0 ffffffffffffffff ffffffffffffffff |................|
c00000000f6155f0 ffffffffffffffff ffffffffffffffff |................|
mon>
c00000000f615600 0000000000000400 0000000000000400 |................|
c00000000f615610 00000000000c8000 00000000000c8000 |................|
c00000000f615620 0000696e69740065 7200000000000000 |..init.er.......|
c00000000f615630 0000000000000000 0000000000000000 |................|
So it looks like last_task_used_math points to init?
Nathan
** Sent via the linuxppc64-dev mail list. See http://lists.linuxppc.org/
More information about the Linuxppc64-dev
mailing list