Xen project Mailing List

Re: [Xen-devel] latest pv_ops dom0 (2.6.29-rc6) crashes / unhandled page fault

To: Jeremy Fitzhardinge <jeremy@xxxxxxxx>

From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>

Date: Tue, 03 Mar 2009 10:16:07 +0000

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 03 Mar 2009 02:17:13 -0800

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

On Mon, 2009-03-02 at 20:38 -0500, Jeremy Fitzhardinge wrote: > What does this map to in your vmlinux? I get the same sort of thing, this particular one is from a domU, the EIP is (gdb) list *0xc0103f06 0xc0103f06 is in get_phys_to_machine (/local/scratch/ianc/devel/kernels/linux-2.6/arch/x86/xen/mmu.c:253). 248 if (unlikely(pfn >= MAX_DOMAIN_PAGES)) 249 return INVALID_P2M_ENTRY; 250 251 topidx = p2m_top_index(pfn); 252 idx = p2m_index(pfn); 253 return p2m_top[topidx][idx]; 254 } 255 EXPORT_SYMBOL_GPL(get_phys_to_machine); 256 257 /* install a new p2m_top page */ (gdb) disas 0xc0103f06 Dump of assembler code for function get_phys_to_machine: 0xc0103ee0 <get_phys_to_machine+0>: mov %eax,%ecx 0xc0103ee2 <get_phys_to_machine+2>: mov $0xffffffff,%eax 0xc0103ee7 <get_phys_to_machine+7>: push %ebp 0xc0103ee8 <get_phys_to_machine+8>: cmp $0x1fffff,%ecx 0xc0103eee <get_phys_to_machine+14>: mov %esp,%ebp 0xc0103ef0 <get_phys_to_machine+16>: ja 0xc0103f09 <get_phys_to_machine+41> 0xc0103ef2 <get_phys_to_machine+18>: mov 0xc0449a88,%edx 0xc0103ef8 <get_phys_to_machine+24>: mov %ecx,%eax 0xc0103efa <get_phys_to_machine+26>: and $0x3ff,%ecx 0xc0103f00 <get_phys_to_machine+32>: shr $0xa,%eax 0xc0103f03 <get_phys_to_machine+35>: mov (%edx,%eax,4),%eax 0xc0103f06 <get_phys_to_machine+38>: mov (%eax,%ecx,4),%eax 0xc0103f09 <get_phys_to_machine+41>: pop %ebp 0xc0103f0a <get_phys_to_machine+42>: ret It bisects down to: commit 962342dabe7a71946d9a5187083577a37dcbe205 Author: Jeremy Fitzhardinge <jeremy.fitzhardinge@xxxxxxxxxx> Date: Thu Feb 26 17:40:47 2009 -0800 xen: dynamically allocate p2m tables Saves about 128k static object size. Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@xxxxxxxxxx> Crash:1 (XEN) d20:v0: unhandled page fault (ec=0000) (XEN) Pagetable walk from 0000000000041b8d: (XEN) L4[0x000] = 000000004149c027 00000000000003dd (XEN) L3[0x000] = 0000000000000000 ffffffffffffffff (XEN) domain_crash_sync called from entry.S (XEN) Domain 20 (vcpu#0) crashed on cpu#1: (XEN) ----[ Xen-3.4-unstable x86_64 debug=y Not tainted ]---- (XEN) CPU: 1 (XEN) RIP: e019:[<00000000c0103f06>] (XEN) RFLAGS: 0000000000000202 EM: 1 CONTEXT: pv guest (XEN) rax: 000000000004193d rbx: 0000000000001008 rcx: 0000000000000094 (XEN) rdx: 00000000c0495000 rsi: 0000000000100800 rdi: 00000000c0494000 (XEN) rbp: 00000000c03efeb4 rsp: 00000000c03efea4 r8: 0000000000000000 (XEN) r9: 0000000000000000 r10: 0000000000000000 r11: 0000000000000000 (XEN) r12: 0000000000000000 r13: 0000000000000000 r14: 0000000000000000 (XEN) r15: 0000000000000000 cr0: 000000008005003b cr4: 00000000000006f0 (XEN) cr3: 00000000dfbd0000 cr2: 0000000000041b8d (XEN) ds: e021 es: e021 fs: e021 gs: e021 ss: e021 cs: e019 (XEN) Guest stack trace from esp=c03efea4: (XEN) 00000000 c0103f06 0001e019 00010002 c03efec8 c01058a3 00000000 c0100000 (XEN) c03ecd00 c03efed8 c010308f 00000163 80000000 c03efee0 c03fa748 c03eff9c (XEN) c03fbb6e c03eff88 c03eff80 c032679e 00003fff c03eff18 c01352af 00000000 (XEN) 000000f0 ffffff10 c03effb0 c03eff88 c0105dbe c0106f10 c0135732 00000000 (XEN) 00000000 00000003 000371b5 00000000 00000004 00000000 00000000 0000000f (XEN) 0000009b 205bff90 33202020 06000000 00000000 5d370020 c03e0020 c0105dbe (XEN) c03eff84 00006000 00000000 00007000 00000000 c03c71d8 00000000 00000000 (XEN) 00000000 00000000 00000000 00000000 c03effe0 c03c1e80 c03effb8 c03f37d1 (XEN) c0329020 0048e000 00000000 c041c520 c036a0ca c03effd0 c03f30a9 00494000 (XEN) 00000000 c036a0ca c03effec c03efffc c03fa24c 00000000 00000000 1f898975 (XEN) 80000401 00020800 00000f44 00000000 c048b000 00000000 00000000 quick gdb decoded stack trace: <<< (XEN) 00000000 c0103f06 0001e019 00010002 c03efec8 c01058a3 00000000 c0100000 c0103f06: get_phys_to_machine + 38 in section .text c03efec8: init_thread_union + 7880 in section .data.init_task c01058a3: xen_setup_mfn_list_list + 115 in section .text c0100000: startup_32 in section .text.head <<< (XEN) c03ecd00 c03efed8 c010308f 00000163 80000000 c03efee0 c03fa748 c03eff9c c03ecd00: boot_cpu_id in section .data.read_mostly c03efed8: init_thread_union + 7896 in section .data.init_task c010308f: xen_setup_shared_info + 95 in section .text c03efee0: init_thread_union + 7904 in section .data.init_task c03fa748: xen_pagetable_setup_done + 8 in section .init.text c03eff9c: init_thread_union + 8092 in section .data.init_task <<< (XEN) c03fbb6e c03eff88 c03eff80 c032679e 00003fff c03eff18 c01352af 00000000 c03fbb6e: setup_arch + 1150 in section .init.text c03eff88: init_thread_union + 8072 in section .data.init_task c03eff80: init_thread_union + 8064 in section .data.init_task c032679e: _spin_unlock_irqrestore + 30 in section .text c03eff18: init_thread_union + 7960 in section .data.init_task c01352af: release_console_sem + 447 in section .text <<< (XEN) 000000f0 ffffff10 c03effb0 c03eff88 c0105dbe c0106f10 c0135732 00000000 c03effb0: init_thread_union + 8112 in section .data.init_task c03eff88: init_thread_union + 8072 in section .data.init_task c0105dbe: __raw_callee_save_xen_restore_fl + 6 in section .text c0106f10: xen_spin_unlock in section .text c0135732: vprintk + 530 in section .text <<< (XEN) 00000000 00000003 000371b5 00000000 00000004 00000000 00000000 0000000f <<< (XEN) 0000009b 205bff90 33202020 06000000 00000000 5d370020 c03e0020 c0105dbe c03e0020: doublefault_tss + 6176 in section .data.cacheline_aligned c0105dbe: __raw_callee_save_xen_restore_fl + 6 in section .text <<< (XEN) c03eff84 00006000 00000000 00007000 00000000 c03c71d8 00000000 00000000 c03eff84: init_thread_union + 8068 in section .data.init_task c03c71d8: tick_notifier in section .data <<< (XEN) 00000000 00000000 00000000 00000000 c03effe0 c03c1e80 c03effb8 c03f37d1 c03effe0: init_thread_union + 8160 in section .data.init_task c03c1e80: reboot_cpu in section .data c03effb8: init_thread_union + 8120 in section .data.init_task c03f37d1: start_kernel + 113 in section .init.text <<< (XEN) c0329020 0048e000 00000000 c041c520 c036a0ca c03effd0 c03f30a9 00494000 c0329020: linux_banner in section .rodata c041c520: command_line in section .init.data c036a0ca: kallsyms_token_index + 526 in section .rodata c03effd0: init_thread_union + 8144 in section .data.init_task c03f30a9: i386_start_kernel + 137 in section .init.text <<< (XEN) 00000000 c036a0ca c03effec c03efffc c03fa24c 00000000 00000000 1f898975 c036a0ca: kallsyms_token_index + 526 in section .rodata c03effec: init_thread_union + 8172 in section .data.init_task c03efffc: init_thread_union + 8188 in section .data.init_task c03fa24c: xen_start_kernel + 828 in section .init.text > > -- Pasi > > > > _______________________________________________ > > Xen-devel mailing list > > Xen-devel@xxxxxxxxxxxxxxxxxxx > > http://lists.xensource.com/xen-devel > > > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.