BUG: unable to handle kernel paging request at address

[lfu]

I have a linux driver which is called with an application. The app runs ok at the first time, but at the 2nd time, it will crash with this error message:

-------------------------------------------------------------------------------------

Code:

BUG: unable to handle kernel paging request at ee67f800                         
IP: [<ed09c5e7>] SomeFunc+0x2e7/0x640 [driver_name]           
*pdpt = 00000000005a5001 *pde = 00000000157fb067 *pte = 0000000000000000        
Oops: 0000 [#1] PREEMPT                                                         
last sysfs file: /sys/class/sound/controlC0/dev                                 
Modules linked in: ... driver_name ...                                                          
                                                                                
Pid: 1744, comm: driver_thread Tainted: P           (2.6.28 #1)                
EIP: 0060:[<ed09c5e7>] EFLAGS: 00010202 CPU: 0                                  
EIP is at SomeFunc+0x2e7/0x640 [driver_name]                  
EAX: 00000800 EBX: ee67f800 ECX: ee680000 EDX: f1f80000                         
ESI: 00000010 EDI: d2c8e21c EBP: d3ea9af4 ESP: d3ea9a70                         
 DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068                                   
Process driver_thread (pid: 1744, ti=d3ea8000 task=d5516b10 task.ti=d3ea8000)  
Stack:                                                                          
 ee67f800 f1f80000 ee680000 ee67f800 00000000 2eea8000 00008000 00000000        
 00000800 00000000 d2c00d1c f1f80000 00000004 00000000 00000000 00000000        
 00000000 ee680000 00000780 0000021c 0000021c d3ea9ae8 00000006 d3ea9b7c        
Call Trace:                                                                     
 [<ed08da9f>] SomeTopFunc+0x1f/0x30 [driver_name]                  
 [<ed08b8c4>] SomeTopFunc1+0x4c4/0x610 [driver_name]                   
 [<ed08da80>] SomeTopFunc2+0x0/0x30 [driver_name]                   
 [<ed0a44b0>] SomeTopFunc3+0x1e0/0x200 [driver_name]                       
 [<c01179b8>] enqueue_task_rt+0x23/0x43                                         
 [<c0115d48>] enqueue_task+0xa/0x14                                             
 [<c0115dda>] activate_task+0x17/0x1f                                           
 [<c0117843>] try_to_wake_up+0xa7/0xa9                                          
 [<d89c3224>] SGX_ISRHandler+0x28/0x57 [pvrsrvkm]                               
 [<d89b9deb>] PVRSRVSystemLISR_ForEachVaCb+0x24/0x3a [pvrsrvkm]                 
 [<d89b9dc7>] PVRSRVSystemLISR_ForEachVaCb+0x0/0x3a [pvrsrvkm]                  
 [<d89c0e01>] List_PVRSRV_DEVICE_NODE_ForEach_va+0x1f/0x30 [pvrsrvkm]           
 [<c01179b8>] enqueue_task_rt+0x23/0x43                                         
 [<c0115d48>] enqueue_task+0xa/0x14                                             
 [<c0115dda>] activate_task+0x17/0x1f                                           
 [<c0117843>] try_to_wake_up+0xa7/0xa9                                          
 [<c01179b8>] enqueue_task_rt+0x23/0x43                                         
 [<c0115d48>] enqueue_task+0xa/0x14                                             
 [<c0115dda>] activate_task+0x17/0x1f                                           
 [<c0117843>] try_to_wake_up+0xa7/0xa9                                          
 [<d6682374>] SomeTopFunc4+0x9c/0x258 [core_driver]                       
 [<d63bb6fb>] SomeTopFunc5+0x3b/0x70 [core_driver1]                    
[<ed09eb22>]SomeTopFunc6+0x12/0x40[driver_name]                                          
 [<d667f60a>] someTopFunc7+0x0/0x73f [core_driver]                          
 [<ed0a48a0>] driver_thread_func+0x2c0/0x360 [driver_name]                 
 [<c0117398>] __sched_setscheduler+0x1ac/0x356                                  
 [<d636b643>] thread_wrapper+0x0/0x55 [osal_linux]                              
 [<d636b656>] thread_wrapper+0x13/0x55 [osal_linux]                             
 [<c012b23d>] kthread+0x0/0x56                                                  
 [<c012b272>] kthread+0x35/0x56                                                 
 [<c012b23d>] kthread+0x0/0x56                                                  
 [<c0103b07>] kernel_thread_helper+0x7/0x10                                     
Code: 7c 24 40 66 0f 7f 44 24 30 66 0f 7f 4c 24 60 8b 54 24 04 8b 4c 24 08 8b 5c
 24 0c 8b 74 24 10 8b 7d 08 66 0f 6f 74 24 60 83 c6 10 <66> 0f 6f 2b 66 0f 6f fe
 66 0f 6f 24 41 66 0f 6f c5 66 0f 61 fe                                         
EIP: [<ed09c5e7>] SomeFunc+0x2e7/0x640 [driver_name] SS:ESP 00
68:d3ea9a70                                                                     
---[ end trace f110f80bc609a61e ]---

---------------------------------------------------------------------------

I've identified that SomeFunc+0x2e7 has this instruction:

Code:

 2e7:   66 0f 6f 2b             movdqa (%ebx),%xmm5

This is part of the Code in the Oops message above:

Code:

2bb:   89 7c 24 40             mov    %edi,0x40(%esp)
 2bf:   66 0f 7f 44 24 30       movdqa %xmm0,0x30(%esp)
 2c5:   66 0f 7f 4c 24 60       movdqa %xmm1,0x60(%esp)
 2cb:   8b 54 24 04             mov    0x4(%esp),%edx
 2cf:   8b 4c 24 08             mov    0x8(%esp),%ecx
 2d3:   8b 5c 24 0c             mov    0xc(%esp),%ebx
 2d7:   8b 74 24 10             mov    0x10(%esp),%esi
 2db:   8b 7d 08                mov    0x8(%ebp),%edi
 2de:   66 0f 6f 74 24 60       movdqa 0x60(%esp),%xmm6
 2e4:   83 c6 10                add    $0x10,%esi
 2e7:   66 0f 6f 2b             movdqa (%ebx),%xmm5
 2eb:   66 0f 6f fe             movdqa %xmm6,%xmm7
 2ef:   66 0f 6f 24 41          movdqa (%ecx,%eax,2),%xmm4
 2f4:   66 0f 6f c5             movdqa %xmm5,%xmm0
 2f8:   66 0f 61 fe             punpcklwd %xmm6,%xmm7

When I remove the one line code corresponding to 2e7 instruction, it no longer crashes. But I am puzzled why there is a problem with this instruction. The source line that I removed is like this (with SIMD intrinsics):

Code:

_m128i mmreg = _mm_load_si128( (const __m128i*) (mem_address));

What could be a problem?