|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Re: Balloon driver crash
On Thu, 2010-06-03 at 20:37 +0100, M A Young wrote:
> On Thu, 3 Jun 2010, M A Young wrote:
>
> > I get the following crash when I try to start up a guest on a low memory
> > machine
> >
> > BUG: unable to handle kernel NULL pointer dereference at (null)
> > IP: [<c0632641>] balloon_process+0x3e5/0x596
> > *pdpt = 0000000000aac001 *pde = 0000000000000000 Oops: 0000 [#1] SMP last
> > sysfs file: /sys/devices/system/xen_memory/xen_memory0/info/current_kb
> > Modules linked in: nfs lockd fscache nfs_acl nf_conntrack_ftp bridge stp
> > llc
> > autofs4 rpcsec_gss_krb5 auth_rpcgss des_generic sunrpc ip6table_filter
> > ip6_tables ipv6 xen_evtchn xenfs snd_intel8x0 snd_ac97_codec ac97_bus
> > snd_seq
> > snd_seq_device ppdev snd_pcm parport_pc parport snd_timer e100 snd
> > soundcore
> > mii iTCO_wdt snd_page_alloc i2c_i801 iTCO_vendor_support i915
> > drm_kms_helper
> > drm i2c_algo_bit i2c_core video output [last unloaded: scsi_wait_scan]
> > Pid: 6, comm: events/0 Not tainted (2.6.32.14-1.2.105.xendom0.fc12.i686.PAE
> > #1) EIP: 0061:[<c0632641>] EFLAGS: 00010046 CPU: 0
> > EIP is at balloon_process+0x3e5/0x596
> > EAX: c25f6000 EBX: 00000f02 ECX: c269e038 EDX: 00000000
> > ESI: 00000000 EDI: 00018f02 EBP: dc09df6c ESP: dc09df08
> > DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0069
> > Process events/0 (pid: 6, ti=dc09c000 task=dc083fc0 task.ti=dc09c000)
> > Stack:
> > dc09df38 dc09df4c c0ab0288 00000000 00000001 ffffb4d7 00000000 00018f02
> > 00000f02 00000000 000003a9 00000000 c0407250 c2a10004 c2a19b04 c2a10004
> > c0407247 00000000 00000000 00000000 00000000 00007ff0 c2a1d460 c09db2dc
> > Call Trace:
> > [<c0407250>] ? check_events+0x8/0xc
> > [<c0407247>] ? xen_restore_fl_direct_end+0x0/0x1
> > [<c0458d11>] ? worker_thread+0x140/0x1b9
> > [<c063225c>] ? balloon_process+0x0/0x596
> > [<c045c79d>] ? autoremove_wake_function+0x0/0x34
> > [<c0458bd1>] ? worker_thread+0x0/0x1b9
> > [<c045c565>] ? kthread+0x64/0x69
> > [<c045c501>] ? kthread+0x0/0x69
> > [<c040ac07>] ? kernel_thread_helper+0x7/0x10
> > Code: ff 25 ff ff ff 7f 8b 55 c8 39 f8 89 04 95 e0 7e b6 c0 b8 01 00 00 00
> > 0f
> > 44 45 a8 83 ca ff 89 45 a8 89 d8 e8 ed 3f dd ff 8b 55 b4 <8b> 02 c1 e8 1e
> > 69
> > c0 00 0b 00 00 05 80 13 9f c0 2b 80 ec 0a 00 EIP: [<c0632641>]
> > balloon_process+0x3e5/0x596 SS:ESP 0069:dc09df08
> > CR2: 0000000000000000
> >
> > The relevant address is
> > 0xc0632641 <balloon_process+997>: mov (%edx),%eax
>
> This seems to be about line 343 of drivers/xen/balloon.c in the subroutine
> decrease_reservation which is
> for (j = 0; j < balloon_npages; j++, lpfn++, mfn++) {
> if ((discontig_frame_list[j] = pfn_to_mfn(lpfn))
> != mfn)
> discontig_free = 1;
>
> set_phys_to_machine(lpfn, INVALID_P2M_ENTRY);
> /* here */ if (!PageHighMem(page)) {
> ret = HYPERVISOR_update_va_mapping(
> (unsigned long)__va(lpfn <<
> PAGE_SHIFT),
> __pte_ma(0), 0);
> BUG_ON(ret);
> }
> }
>
> >From what I can tell page is meaningless in this context as it is just
> a temporary variable used in the previous loop, so I would
> guess that PageHighMem should be checking something else, or page should
> be set somewhere eg. at a guess page=pfn_to_page(lpfn);
That would be my guess also. CCing Dave McCracken who looks to have
introduced this code in 0e898d5e "Add hugepage support to balloon
driver"
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |