Subject: Re: recent dom0 kernels reboot on loading?
To: None <>
From: Mikolaj Golub <>
List: port-xen
Date: 09/18/2007 08:54:08
On Mon, 17 Sep 2007 21:30:13 +0200 Manuel Bouyer wrote:

 MB> On Mon, Sep 17, 2007 at 03:57:39PM +0300, Mikolaj Golub wrote:
 >> On Mon, 03 Sep 2007 10:27:46 +0300 Mikolaj Golub wrote:
 >>  MG> Crash info:
 >>  MG> (XEN) ----[ Xen-3.1.0  x86_32  debug=n  Not tainted ]----
 >>  MG> (XEN) CPU:    0
 >>  MG> (XEN) EIP:    e019:[<c04cc344>]
 >>  MG> (XEN) EFLAGS: 00000246   CONTEXT: guest
 >>  MG> (XEN) eax: c0955404   ebx: 000003cf   ecx: 00000001   edx: c0955404
 >>  MG> (XEN) esi: 00000000   edi: c0955400   ebp: c0a57b0c   esp: c0a57ad0
 >>  MG> (XEN) cr0: 8005003b   cr4: 000006d0   cr3: 1ea54000   cr2: 00000000
 >>  MG> (XEN) ds: e021   es: e021   fs: 0000   gs: 0000   ss: e021   cs: e019
 >>  MG> (XEN) Guest stack trace from esp=c0a57ad0:
 >>  MG> (XEN)    00000000 c04cc344 0001e019 00010046 c043535b c0955404 00000000 00000000
 >>  MG> (XEN)    00000000 00000000 00000000 c0955404 000003cf 000003c0 c0955400 c0a57b4c
 >>  MG> gdb session:
 >>  MG> -bash-3.2$ gdb netbsd-XEN3_DOM0.gdb 
 >>  MG> GNU gdb 6.5
 >>  MG> Copyright (C) 2006 Free Software Foundation, Inc.
 >>  MG> GDB is free software, covered by the GNU General Public License, and you are
 >>  MG> welcome to change it and/or distribute copies of it under certain conditions.
 >>  MG> Type "show copying" to see the conditions.
 >>  MG> There is absolutely no warranty for GDB.  Type "show warranty" for details.
 >>  MG> This GDB was configured as "i386--netbsdelf"...
 >>  MG> (gdb) list *0xc04cc344
 >>  MG> No source file for address 0xc04cc344.
 >> (gdb) disassemble 0xc04cc344
 >> Dump of assembler code for function mutex_enter:
 >> 0xc04cc340 <mutex_enter+0>:     mov    0x4(%esp),%edx
 >> 0xc04cc344 <mutex_enter+4>:     mov    %fs:0x18,%ecx
 >> 0xc04cc34b <mutex_enter+11>:    xor    %eax,%eax
 >> 0xc04cc34d <mutex_enter+13>:    cmpxchg %ecx,0x0(%edx)
 >> 0xc04cc351 <mutex_enter+17>:    jne,pn 0xc04161b0 <mutex_vector_enter>
 >> 0xc04cc358 <mutex_enter+24>:    ret    
 >> 0xc04cc359 <mutex_enter+25>:    lea    0x0(%esi),%esi
 >> End of assembler dump.
 >> Am I right interpreting it that `list *0xc04cc344' did not output because at
 >> address 0xc04cc344 there is assembler function mutex_enter? So, crush is at
 >> mutex_enter?

 MB> Yes, on the mov %fs:0x18,%ecx intruction, or maybe the previous one.
 MB> I'm not sure if it's OK for %fs to be 0 at this point. To me it looks like
 MB> it should not.

 MB> Could you try to see what c043535b and c0955404 points to in your sources ?

(gdb) list *0xc043535b
0xc043535b is in extent_alloc_region_descriptor (/usr/src/sys/kern/subr_extent.c:148).
143             /*
144              * XXX Make a static, create-time flags word, so we don't
145              * XXX have to lock to read it!
146              */
147             mutex_enter(&ex->ex_lock);
148             exflags = ex->ex_flags;
149             mutex_exit(&ex->ex_lock);
151             if (exflags & EXF_FIXED) {
152                     struct extent_fixed *fex = (struct extent_fixed *)ex;
(gdb) disassemble 0xc043535b
Dump of assembler code for function extent_alloc_region_descriptor:
0xc0435356 <extent_alloc_region_descriptor+38>: call   0xc04cc340 <mutex_enter>
0xc043535b <extent_alloc_region_descriptor+43>: mov    0x24(%edi),%ebx
0xc043535e <extent_alloc_region_descriptor+46>: mov    0xfffffff0(%ebp),%eax
0xc0435361 <extent_alloc_region_descriptor+49>: mov    %eax,(%esp)
0xc0435364 <extent_alloc_region_descriptor+52>: call   0xc04cc360 <mutex_exit>
(gdb) list *0xc0955404
No source file for address 0xc0955404.
(gdb) disassemble 0xc0955404
Dump of assembler code for function ioport_ex_storage:
0xc0955400 <ioport_ex_storage+0>:       add    %al,(%eax)
0xc0955402 <ioport_ex_storage+2>:       add    %al,(%eax)
0xc0955404 <ioport_ex_storage+4>:       add    %al,(%eax)
0xc0955406 <ioport_ex_storage+6>:       add    %al,(%eax)
0xc0955408 <ioport_ex_storage+8>:       add    %al,(%eax)

Mikolaj Golub