Subject: Re: recent dom0 kernels reboot on loading?
To: None <port-xen@NetBSD.org>
From: Mikolaj Golub <to.my.trociny@gmail.com>
List: port-xen
Date: 09/18/2007 08:54:08
On Mon, 17 Sep 2007 21:30:13 +0200 Manuel Bouyer wrote:
MB> On Mon, Sep 17, 2007 at 03:57:39PM +0300, Mikolaj Golub wrote:
>>
>> On Mon, 03 Sep 2007 10:27:46 +0300 Mikolaj Golub wrote:
>>
>> MG> Crash info:
>>
>> MG> (XEN) ----[ Xen-3.1.0 x86_32 debug=n Not tainted ]----
>> MG> (XEN) CPU: 0
>> MG> (XEN) EIP: e019:[<c04cc344>]
>> MG> (XEN) EFLAGS: 00000246 CONTEXT: guest
>> MG> (XEN) eax: c0955404 ebx: 000003cf ecx: 00000001 edx: c0955404
>> MG> (XEN) esi: 00000000 edi: c0955400 ebp: c0a57b0c esp: c0a57ad0
>> MG> (XEN) cr0: 8005003b cr4: 000006d0 cr3: 1ea54000 cr2: 00000000
>> MG> (XEN) ds: e021 es: e021 fs: 0000 gs: 0000 ss: e021 cs: e019
>> MG> (XEN) Guest stack trace from esp=c0a57ad0:
>> MG> (XEN) 00000000 c04cc344 0001e019 00010046 c043535b c0955404 00000000 00000000
>> MG> (XEN) 00000000 00000000 00000000 c0955404 000003cf 000003c0 c0955400 c0a57b4c
>>
>> MG> gdb session:
>>
>> MG> -bash-3.2$ gdb netbsd-XEN3_DOM0.gdb
>> MG> GNU gdb 6.5
>> MG> Copyright (C) 2006 Free Software Foundation, Inc.
>> MG> GDB is free software, covered by the GNU General Public License, and you are
>> MG> welcome to change it and/or distribute copies of it under certain conditions.
>> MG> Type "show copying" to see the conditions.
>> MG> There is absolutely no warranty for GDB. Type "show warranty" for details.
>> MG> This GDB was configured as "i386--netbsdelf"...
>> MG> (gdb) list *0xc04cc344
>> MG> No source file for address 0xc04cc344.
>>
>> (gdb) disassemble 0xc04cc344
>> Dump of assembler code for function mutex_enter:
>> 0xc04cc340 <mutex_enter+0>: mov 0x4(%esp),%edx
>> 0xc04cc344 <mutex_enter+4>: mov %fs:0x18,%ecx
>> 0xc04cc34b <mutex_enter+11>: xor %eax,%eax
>> 0xc04cc34d <mutex_enter+13>: cmpxchg %ecx,0x0(%edx)
>> 0xc04cc351 <mutex_enter+17>: jne,pn 0xc04161b0 <mutex_vector_enter>
>> 0xc04cc358 <mutex_enter+24>: ret
>> 0xc04cc359 <mutex_enter+25>: lea 0x0(%esi),%esi
>> End of assembler dump.
>>
>> Am I right interpreting it that `list *0xc04cc344' did not output because at
>> address 0xc04cc344 there is assembler function mutex_enter? So, crush is at
>> mutex_enter?
MB> Yes, on the mov %fs:0x18,%ecx intruction, or maybe the previous one.
MB> I'm not sure if it's OK for %fs to be 0 at this point. To me it looks like
MB> it should not.
MB> Could you try to see what c043535b and c0955404 points to in your sources ?
(gdb) list *0xc043535b
0xc043535b is in extent_alloc_region_descriptor (/usr/src/sys/kern/subr_extent.c:148).
143 /*
144 * XXX Make a static, create-time flags word, so we don't
145 * XXX have to lock to read it!
146 */
147 mutex_enter(&ex->ex_lock);
148 exflags = ex->ex_flags;
149 mutex_exit(&ex->ex_lock);
150
151 if (exflags & EXF_FIXED) {
152 struct extent_fixed *fex = (struct extent_fixed *)ex;
(gdb) disassemble 0xc043535b
Dump of assembler code for function extent_alloc_region_descriptor:
....
0xc0435356 <extent_alloc_region_descriptor+38>: call 0xc04cc340 <mutex_enter>
0xc043535b <extent_alloc_region_descriptor+43>: mov 0x24(%edi),%ebx
0xc043535e <extent_alloc_region_descriptor+46>: mov 0xfffffff0(%ebp),%eax
0xc0435361 <extent_alloc_region_descriptor+49>: mov %eax,(%esp)
0xc0435364 <extent_alloc_region_descriptor+52>: call 0xc04cc360 <mutex_exit>
....
(gdb) list *0xc0955404
No source file for address 0xc0955404.
(gdb) disassemble 0xc0955404
Dump of assembler code for function ioport_ex_storage:
0xc0955400 <ioport_ex_storage+0>: add %al,(%eax)
0xc0955402 <ioport_ex_storage+2>: add %al,(%eax)
0xc0955404 <ioport_ex_storage+4>: add %al,(%eax)
0xc0955406 <ioport_ex_storage+6>: add %al,(%eax)
0xc0955408 <ioport_ex_storage+8>: add %al,(%eax)
.....
--
Mikolaj Golub