Another Oops messages for FPU restore are as below:
<snip>
IP: [<c100bcbe>] __math_state_restore+0x5e/0x80
Oops: 0000 [#1] SMP
last sysfs file: /sys/module/serpent/initstate
<0> Call Trace:
? do_device_not_available+0x0/0x20
match_state_restore+0x39/0x50
do_device_not_available+0x10/0x20
error_code+0x67/0x6c
?flush_thread+0x3f/0x70
flush_old_exec+0x419/0x590
load_elf_binary+0x25c/0x1290
?default_spin_lock_flags+0x8/0x10
?_raw_spin_lock_flags+0x2f/0x50
?page_address+0xd3/0xe0
?default_spin_lock_flags+0x8/0x10
?_raw_spin_lock_flags+0x2f/0x50
?page_address+0xd3/0xe0
?kunmap_high+0x6f/0xa0
?_copy_from_user+0x44/0x70
search_binary_handler+0xb2/0x2b0
?load_elf_binary+0x0/0x1290
do_execve+0x37/0x70
ptregs_execve+0x12/0x18
?sysenter_do_call+0x12/0x28
</snip>
decodes
<snip>
0xc100bcbe in fxrstor_checking () at /linux-source-2.6.38/arch/x86/include/asm/i387.h:198
198 alternative_input(
(gdb) bt
#0 0xc100bcbe in fxrstor_checking () at /linux-source-2.6.38/arch/x86/include/asm/i387.h:198
#1 fpu_fxrstor_checking () at /linux-source-2.6.38/arch/x86/include/asm/i387.h:267
#2 fpu_restore_checking () at /linux-source-2.6.38/arch/x86/include/asm/i387.h:275
#3 restore_fpu_checking () at /linux-source-2.6.38/arch/x86/include/asm/i387.h:280
#4 __math_state_restore () at arch/x86/kernel/traps.c:826
#5 0xc100bd19 in math_state_restore () at arch/x86/kernel/traps.c:868
#6 0xc1523640 in do_device_not_available (regs=0xf0097e24, error_code=<value optimized out>) at arch/x86/kernel/traps.c:886
#7 <signal handler called>
#8 __clear_fpu () at /linux-source-2.6.38/arch/x86/include/asm/i387.h:302
#9 clear_fpu () at /linux-source-2.6.38/arch/x86/include/asm/i387.h:386
#10 flush_thread () at arch/x86/kernel/process.c:132
#11 0xc1132229 in flush_old_exec (bprm=0xf018d600) at fs/exec.c:1048
#12 0xc116bf1c in load_elf_binary (bprm=0xf018d600, regs=0xf0097fb4) at fs/binfmt_elf.c:711
#13 0xc11317d2 in search_binary_handler (bprm=0xf018d600, regs=0xf0097fb4) at fs/exec.c:1329
#14 0xc1132d2f in do_execve (filename=<value optimized out>, argv=0xbfef4074, envp=0xbfef407c, regs=0xf0097fb4) at fs/exec.c:1450
#15 0xc10128e7 in sys_execve (name=<value optimized out>, argv=0xbfef4074, envp=0xbfef407c, regs=0xf0097fb4) at arch/x86/kernel/process.c:320
#16 0xc100aaee in ?? () at arch/x86/kernel/entry_32.S:729
#17 <signal handler called>
#18 0xb78da424 in ?? ()
Cannot access memory at address 0xbfef3f64
(gdb)
Code: 2f 85 c9 75 2b 83 4b 0c 01 80 86 80 01 00 00 01 8b 1c 24 8b 74 24 04 8b 7c 24 08 89 ec 5d c3 8d b6 00 00 00 00 8b 86 4c 03 00 00 <0f> ae 08 eb d5 e8 38 76 02 00 90 83 c8 08 e8 3f 76 02 00 90 b8
root@dnsubuntu:/linux-source-2.6.38# echo "Code: 2f 85 c9 75 2b 83 4b 0c 01 80 86 80 01 00 00 01 8b 1c 24 8b 74 24 04 8b 7c 24 08 89 ec 5d c3 8d b6 00 00 00 00 8b 86 4c 03 00 00 <0f> ae 08 eb d5 e8 38 76 02 00 90 83 c8 08 e8 3f 76 02 00 90 b8" | ./scripts/decodecode
Code: 2f 85 c9 75 2b 83 4b 0c 01 80 86 80 01 00 00 01 8b 1c 24 8b 74 24 04 8b 7c 24 08 89 ec 5d c3 8d b6 00 00 00 00 8b 86 4c 03 00 00 <0f> ae 08 eb d5 e8 38 76 02 00 90 83 c8 08 e8 3f 76 02 00 90 b8
All code
========
0: 2f das
1: 85 c9 test %ecx,%ecx
3: 75 2b jne 0x30
5: 83 4b 0c 01 orl $0x1,0xc(%ebx)
9: 80 86 80 01 00 00 01 addb $0x1,0x180(%esi)
10: 8b 1c 24 mov (%esp),%ebx
13: 8b 74 24 04 mov 0x4(%esp),%esi
17: 8b 7c 24 08 mov 0x8(%esp),%edi
1b: 89 ec mov %ebp,%esp
1d: 5d pop %ebp
1e: c3 ret
1f: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
25: 8b 86 4c 03 00 00 mov 0x34c(%esi),%eax
2b:* 0f ae 08 fxrstor (%eax) <-- trapping instruction
2e: eb d5 jmp 0x5
30: e8 38 76 02 00 call 0x2766d
35: 90 nop
36: 83 c8 08 or $0x8,%eax
39: e8 3f 76 02 00 call 0x2767d
3e: 90 nop
3f: b8 .byte 0xb8
Code starting with the faulting instruction
===========================================
0: 0f ae 08 fxrstor (%eax)
3: eb d5 jmp 0xffffffda
5: e8 38 76 02 00 call 0x27642
a: 90 nop
b: 83 c8 08 or $0x8,%eax
e: e8 3f 76 02 00 call 0x27652
13: 90 nop
14: b8 .byte 0xb8
</snip>
Thanks & Regards
TimLee