Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754213AbbGFKE4 (ORCPT <rfc822;w@1wt.eu>);
	Mon, 6 Jul 2015 06:04:56 -0400
Received: from casper.infradead.org ([85.118.1.10]:44548 "EHLO
	casper.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753575AbbGFKEx (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 6 Jul 2015 06:04:53 -0400
Date: Mon, 6 Jul 2015 12:04:47 +0200
From: Peter Zijlstra <peterz@infradead.org>
To: Arthur Marsh <arthur.marsh@internode.on.net>
Cc: linux-kernel@vger.kernel.org, Rusty Russell <rusty@rustcorp.com.au>,
        Steven Rostedt <rostedt@goodmis.org>,
        Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
        Oleg Nesterov <oleg@redhat.com>,
        "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Subject: Re: lock-up with module: Optimize __module_address() using a latched
 RB-tree
Message-ID: <20150706100447.GX3644@twins.programming.kicks-ass.net>
References: <55997889.5020101@internode.on.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <55997889.5020101@internode.on.net>
User-Agent: Mutt/1.5.21 (2012-12-30)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1534
Lines: 42

On Mon, Jul 06, 2015 at 04:03:45AM +0930, Arthur Marsh wrote:
> On this machine, a single core Athlon 64 with a 32 bit current Linus' git
> head kernel, I get a lock-up early in the boot process. (A dmesg output of a
> successful boot-up of kernel 4.1.0 up to and slightly passed the point where
> the git head kernel locks up is attached).
> 
> A photo of the lock-up appears at:
> 
> http://www.users.on.net/~arthur.marsh/20150706462.jpg

So building a kernel with your .config (and a similar GCC) I was able to
match up the Code: with actual compiler output.

The faulting instruction is a dereference of mod->module_core through:

__modules_address()
  mod_find()
    latch_tree_find()
      mod_tree_comp()
        __mod_tree_val()

    20e0:       8b 90 44 01 00 00       mov    0x144(%eax),%edx

Now eax is NULL, which will have given you the splat.

The curious thing is that the mod pointer is obtained from the
mod_tree_node structure:

    20d0:       8b 46 fc                mov    -0x4(%esi),%eax

And esi looks like a regular kernel pointer.

Furthermore, we explicitly set the mod pointers in mod_tree_insert()
before linking in the nodes.

This all has the smell of memory corruption, this gfx card you need to
pull, you're not accidentally using a binary driver for that?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/