From: Gerd Hoffmann <kraxel@suse.de>
To: Keir Fraser <Keir.Fraser@cl.cam.ac.uk>
Cc: Xen devel list <xen-devel@lists.xensource.com>
Subject: Re: [BUG] double fault for sale ;)
Date: Tue, 30 May 2006 16:02:22 +0200 [thread overview]
Message-ID: <447C506E.2070301@suse.de> (raw)
In-Reply-To: <cbd1957668968d46ab6c568d7cc2ce51@cl.cam.ac.uk>
[-- Attachment #1: Type: text/plain, Size: 469 bytes --]
Keir Fraser wrote:
> The few stack frames you looked at already look quite innocent. They
> don't take up much stack space. OTOH it is somewhat weird to be doing
> writable pagetable work that far down the stack. It'll be interesting to
> see what was going on to cause writable pagetable state to be flushed.
Looks like an endless recursion, trace (and patch) attached.
cheers,
Gerd
--
Gerd Hoffmann <kraxel@suse.de>
http://www.suse.de/~kraxel/julika-dora.jpeg
[-- Attachment #2: xen-double-fault-3-stack --]
[-- Type: text/plain, Size: 6210 bytes --]
(XEN) Xen stack trace from esp=ffbf4f84:
(XEN) stack overflow fixup
(XEN) Xen stack trace from esp=ffbf5000:
(XEN) stack ffbf5030, text ff135035 <get_page_and_type+0x34/0x57>
(XEN) stack ffbf5050, text ff135a93 <get_page_from_l1e+0x17c/0x206>, frame 8
(XEN) stack ffbf5080, text ff183b28 <map_domain_page+0x68/0x3fa>, frame 12
(XEN) stack ffbf50a0, text ff13c80e <revalidate_l1+0xb2/0x17f>, frame 8
(XEN) stack ffbf50e0, text ff13cb13 <ptwr_flush+0x238/0x34f>, frame 16
(XEN) stack ffbf5120, text ff13d89f <cleanup_writable_pagetable+0x64/0x86>, frame 16
(XEN) stack ffbf5130, text ff137766 <get_page_type+0x266/0x63d>, frame 4
(XEN) stack ffbf51e0, text ff135035 <get_page_and_type+0x34/0x57>, frame 44
(XEN) stack ffbf5200, text ff135a93 <get_page_from_l1e+0x17c/0x206>, frame 8
(XEN) stack ffbf5230, text ff183b28 <map_domain_page+0x68/0x3fa>, frame 12
(XEN) stack ffbf5250, text ff13c80e <revalidate_l1+0xb2/0x17f>, frame 8
(XEN) stack ffbf5290, text ff13cb13 <ptwr_flush+0x238/0x34f>, frame 16
(XEN) stack ffbf52d0, text ff13d89f <cleanup_writable_pagetable+0x64/0x86>, frame 16
(XEN) stack ffbf52e0, text ff137766 <get_page_type+0x266/0x63d>, frame 4
(XEN) stack ffbf5390, text ff135035 <get_page_and_type+0x34/0x57>, frame 44
(XEN) stack ffbf53b0, text ff135a93 <get_page_from_l1e+0x17c/0x206>, frame 8
(XEN) stack ffbf53e0, text ff183b28 <map_domain_page+0x68/0x3fa>, frame 12
(XEN) stack ffbf5400, text ff13c80e <revalidate_l1+0xb2/0x17f>, frame 8
(XEN) stack ffbf5440, text ff13cb13 <ptwr_flush+0x238/0x34f>, frame 16
(XEN) stack ffbf5480, text ff13d89f <cleanup_writable_pagetable+0x64/0x86>, frame 16
(XEN) stack ffbf5490, text ff137766 <get_page_type+0x266/0x63d>, frame 4
(XEN) stack ffbf5540, text ff135035 <get_page_and_type+0x34/0x57>, frame 44
(XEN) stack ffbf5560, text ff135a93 <get_page_from_l1e+0x17c/0x206>, frame 8
(XEN) stack ffbf5590, text ff183b28 <map_domain_page+0x68/0x3fa>, frame 12
(XEN) stack ffbf55b0, text ff13c80e <revalidate_l1+0xb2/0x17f>, frame 8
(XEN) stack ffbf55f0, text ff13cb13 <ptwr_flush+0x238/0x34f>, frame 16
(XEN) stack ffbf5630, text ff13d89f <cleanup_writable_pagetable+0x64/0x86>, frame 16
(XEN) stack ffbf5640, text ff137766 <get_page_type+0x266/0x63d>, frame 4
(XEN) stack ffbf56f0, text ff135035 <get_page_and_type+0x34/0x57>, frame 44
(XEN) stack ffbf5710, text ff135a93 <get_page_from_l1e+0x17c/0x206>, frame 8
(XEN) stack ffbf5740, text ff183b28 <map_domain_page+0x68/0x3fa>, frame 12
(XEN) stack ffbf5760, text ff13c80e <revalidate_l1+0xb2/0x17f>, frame 8
(XEN) stack ffbf57a0, text ff13cb13 <ptwr_flush+0x238/0x34f>, frame 16
(XEN) stack ffbf57e0, text ff13d89f <cleanup_writable_pagetable+0x64/0x86>, frame 16
(XEN) stack ffbf57f0, text ff137766 <get_page_type+0x266/0x63d>, frame 4
(XEN) stack ffbf58a0, text ff135035 <get_page_and_type+0x34/0x57>, frame 44
(XEN) stack ffbf58c0, text ff135a93 <get_page_from_l1e+0x17c/0x206>, frame 8
(XEN) stack ffbf58f0, text ff183b28 <map_domain_page+0x68/0x3fa>, frame 12
(XEN) stack ffbf5910, text ff13c80e <revalidate_l1+0xb2/0x17f>, frame 8
(XEN) stack ffbf5950, text ff13cb13 <ptwr_flush+0x238/0x34f>, frame 16
(XEN) stack ffbf597c, text ff137b63 <__cpus_empty+0x18/0x1a>, frame 11
(XEN) stack ffbf5990, text ff13d89f <cleanup_writable_pagetable+0x64/0x86>, frame 5
(XEN) stack ffbf59a0, text ff137766 <get_page_type+0x266/0x63d>, frame 4
(XEN) stack ffbf59cc, text ff1233f5 <smp_apic_timer_interrupt+0x17/0x19>, frame 11
(XEN) stack ffbf5a1c, text ff183f8e <mapcache_current_vcpu+0xb/0xc5>, frame 20
(XEN) stack ffbf5a50, text ff135035 <get_page_and_type+0x34/0x57>, frame 13
(XEN) stack ffbf5a70, text ff135a93 <get_page_from_l1e+0x17c/0x206>, frame 8
(XEN) stack ffbf5aa0, text ff183b28 <map_domain_page+0x68/0x3fa>, frame 12
(XEN) stack ffbf5aac, text ff13d1e7 <ptwr_emulated_update+0x5bd/0x5d6>, frame 3
(XEN) stack ffbf5ac0, text ff13c80e <revalidate_l1+0xb2/0x17f>, frame 5
(XEN) stack ffbf5b00, text ff13cb13 <ptwr_flush+0x238/0x34f>, frame 16
(XEN) stack ffbf5b40, text ff13d89f <cleanup_writable_pagetable+0x64/0x86>, frame 16
(XEN) stack ffbf5b50, text ff137766 <get_page_type+0x266/0x63d>, frame 4
(XEN) stack ffbf5b70, text ff183f8e <mapcache_current_vcpu+0xb/0xc5>, frame 8
(XEN) stack ffbf5b80, text ff183e85 <map_domain_page+0x3c5/0x3fa>, frame 4
(XEN) stack ffbf5c00, text ff135035 <get_page_and_type+0x34/0x57>, frame 32
(XEN) stack ffbf5c20, text ff135a93 <get_page_from_l1e+0x17c/0x206>, frame 8
(XEN) stack ffbf5c50, text ff183b28 <map_domain_page+0x68/0x3fa>, frame 12
(XEN) stack ffbf5c70, text ff13c80e <revalidate_l1+0xb2/0x17f>, frame 8
(XEN) stack ffbf5cb0, text ff13cb13 <ptwr_flush+0x238/0x34f>, frame 16
(XEN) stack ffbf5cc0, text ff135637 <get_page_from_pagenr+0x43/0x93>, frame 4
(XEN) stack ffbf5cf0, text ff13d89f <cleanup_writable_pagetable+0x64/0x86>, frame 12
(XEN) stack ffbf5d00, text ff137766 <get_page_type+0x266/0x63d>, frame 4
(XEN) stack ffbf5d10, text ff12341c <raise_softirq+0x25/0x27>, frame 4
(XEN) stack ffbf5d20, text ff135c12 <get_page_from_l2e+0xf5/0x131>, frame 4
(XEN) stack ffbf5d30, text ff137c01 <__next_cpu+0x26/0x48>, frame 4
(XEN) stack ffbf5db0, text ff135035 <get_page_and_type+0x34/0x57>, frame 32
(XEN) stack ffbf5dd0, text ff135a93 <get_page_from_l1e+0x17c/0x206>, frame 8
(XEN) stack ffbf5e00, text ff183b28 <map_domain_page+0x68/0x3fa>, frame 12
(XEN) stack ffbf5e20, text ff13c80e <revalidate_l1+0xb2/0x17f>, frame 8
(XEN) stack ffbf5e60, text ff13cb13 <ptwr_flush+0x238/0x34f>, frame 16
(XEN) stack ffbf5e70, text ff138731 <set_foreigndom+0x13/0x228>, frame 4
(XEN) stack ffbf5e8c, text ff184169 <unmap_domain_page+0x107/0x33c>, frame 7
(XEN) stack ffbf5ea0, text ff13d89f <cleanup_writable_pagetable+0x64/0x86>, frame 5
(XEN) stack ffbf5eb0, text ff1389df <do_mmuext_op+0x99/0xa2f>, frame 4
(XEN) stack ffbf5ecc, text ff13d5e6 <ptwr_do_page_fault+0x37b/0x483>, frame 7
(XEN) stack ffbf5f3c, text ff144dba <fixup_page_fault+0x39e/0x3ec>, frame 28
(XEN) stack ffbf5f6c, text ff144fe1 <do_page_fault+0x9f/0x334>, frame 12
(XEN) stack ffbf5f80, text ff11c5f5 <do_softirq+0xa1/0xb8>, frame 5
(XEN) stack ffbf5f90, text ff1847df <hypercall+0x8f/0xaf>, frame 4
[-- Attachment #3: xen-debug-patch --]
[-- Type: text/plain, Size: 1481 bytes --]
diff -r 14717dedba02 xen/arch/x86/x86_32/traps.c
--- a/xen/arch/x86/x86_32/traps.c Sun May 21 19:15:58 2006
+++ b/xen/arch/x86/x86_32/traps.c Tue May 30 15:59:30 2006
@@ -173,6 +173,51 @@
tss->esi, tss->edi, tss->ebp, tss->esp);
printk("ds: %04x es: %04x fs: %04x gs: %04x ss: %04x\n",
tss->ds, tss->es, tss->fs, tss->gs, tss->ss);
+
+ {
+#define stack_words_per_line 8
+
+ unsigned long *stack, addr, *lstack;
+ int words;
+
+ addr = tss->esp;
+ stack = (void*)addr;
+ printk("Xen stack trace from "__OP"sp=%p:\n ", stack);
+
+ if ((addr & 0xfff) > 0xf00) {
+ printk("stack overflow fixup\n");
+ while ((addr & 0xfff) > 0xf00)
+ addr += 4;
+ stack = (void*)addr;
+ printk("Xen stack trace from "__OP"sp=%p:\n ", stack);
+ }
+
+ lstack = NULL;
+ for (;; stack++) {
+ if (((long)stack & (STACK_SIZE-BYTES_PER_LONG)) == 0)
+ break;
+ addr = *stack;
+ if (is_kernel_text(addr)) {
+ printk("\n stack %p, text %p <", stack, _p(addr));
+ print_symbol("%s",addr);
+ printk(">");
+ if (lstack)
+ printk(", frame %d", stack - lstack);
+ lstack = stack;
+ printk("\n");
+ words = 0;
+ } else {
+ if (stack_words_per_line == words) {
+ printk("\n");
+ words = 0;
+ }
+ printk(" %p", _p(addr));
+ words++;
+ }
+ }
+ printk("\n");
+ }
+
printk("************************************\n");
printk("CPU%d DOUBLE FAULT -- system shutdown\n", cpu);
printk("System needs manual reset.\n");
[-- Attachment #4: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
next prev parent reply other threads:[~2006-05-30 14:02 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-29 15:00 [BUG] double fault for sale ;) Gerd Hoffmann
2006-05-29 15:06 ` Keir Fraser
2006-05-29 16:03 ` Gerd Hoffmann
2006-05-29 16:11 ` Keir Fraser
2006-05-30 14:02 ` Gerd Hoffmann [this message]
2006-05-30 14:08 ` Keir Fraser
2006-05-30 14:46 ` Keir Fraser
2006-05-30 16:49 ` Gerd Hoffmann
2006-05-29 15:16 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=447C506E.2070301@suse.de \
--to=kraxel@suse.de \
--cc=Keir.Fraser@cl.cam.ac.uk \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.