Re: BUG: sleeping function called from invalid context atarch/x86/mm/fault.c:1081
From: Peter Zijlstra
Date: Wed Dec 15 2010 - 04:53:15 EST
On Tue, 2010-12-14 at 12:29 -0800, Linus Torvalds wrote:
> which looks like one of the "list_for_each_entry()" uses of that
> hash_head. In fact, building lockdep.lst and matching against that
> 0x2a6 constant (it's a warn_slowpath_null thing and is the line
> number), we can pinpoint exactly which one it seems to be. Afaik, it
> seems to be this code in look_up_lock_class:
>
> /*
> * We can walk the hash lockfree, because the hash only
> * grows, and we are careful when adding entries to the end:
> */
> list_for_each_entry(class, hash_head, hash_entry) {
> if (class->key == key) {
> WARN_ON_ONCE(class->name != lock->name);
> return class;
> }
> }
>
> Maybe the RCU list use in lockdep isn't entirely safe?
>
> Added Peter and Ingo to the cc. It does look like some lockdep race.
>
> Or then it's some general memory corruption, of course. That just
> happened to hit the lockdep data structures. That would explain your
> subsequent radeon GP fault too.
Typically such crashes in lockdep are indeed indicative of a scribble,
typically a use after free with slab poisoning.
But I'll try and run through that code later today to see if I can spot
anything.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/