From: Vincent Bernardoff <vincent.bernardoff@citrix.com>
To: xen-devel@lists.xen.org
Subject: Crashing kernel with dom0/libxc gnttab/gntshr
Date: Tue, 30 Jul 2013 11:50:00 +0100 [thread overview]
Message-ID: <51F79A58.5060004@citrix.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 388 bytes --]
Hi,
The attached program makes my kernel (3.9.9-1-ARCH, stock Archlinux
kernel) crash with the attached dmesg output.
The program just shares a page from dom0 to dom0, then map the page,
then unshare the page, and the unsharing makes the kernel crash. I ran
into this issue while implementing a native OCaml vchan driver.
I'm very much interested in advices/help.
Cheers,
Vincent
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: libxc_gntshr_bug2.c --]
[-- Type: text/x-csrc; name="libxc_gntshr_bug2.c", Size: 1044 bytes --]
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <xenctrl.h>
#include <sys/mman.h>
int main(int argc, char** argv)
{
void* map_shr;
void* map_tab;
uint32_t ref;
int ret;
xc_gntshr *shr_h = xc_gntshr_open(NULL, 0);
if (shr_h == NULL)
{
perror("xc_gntshr_open");
exit(EXIT_FAILURE);
}
xc_gnttab *tab_h = xc_gnttab_open(NULL, 0);
if (tab_h == NULL)
{
perror("xc_gnttab_open");
exit(EXIT_FAILURE);
}
map_shr = xc_gntshr_share_pages(shr_h, 0, 1, &ref, 1);
if (map_shr == NULL)
{
perror("xc_gntshr_share_pages");
exit(EXIT_FAILURE);
}
map_tab = xc_gnttab_map_grant_ref(tab_h, 0, ref, PROT_READ|PROT_WRITE);
if (map_tab == NULL)
{
perror("xc_gnttab_map_grant_ref");
exit(EXIT_FAILURE);
}
/* Now we unshare the page */
ret = xc_gntshr_munmap(shr_h, map_shr, 1);
if (ret != 0)
{
perror("xc_gntshr_munmap");
exit(EXIT_FAILURE);
}
/* At this point, the kernel should complain… */
return 0;
}
[-- Attachment #3: dmesg.log --]
[-- Type: text/x-log, Size: 13090 bytes --]
[ 299.710029] FS: 00007fe69748f700(0000) GS:ffff88011ba40000(0000) knlGS:0000000000000000
[ 299.710029] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 299.710029] CR2: 00007fe696d78f30 CR3: 00000000c34fe000 CR4: 0000000000002660
[ 299.710029] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 299.710029] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 299.876698] Process a.out (pid: 922, threadinfo ffff8800cc3c6000, task ffff8800c34829e0)
[ 299.876698] Stack:
[ 299.876698] ffff8800cc2dc5b0 ffff8800cc3c7d88 ffff88000251bc60 ffff88000251b980
[ 299.876698] ffff88000251b960 ffff88000251b990 ffff8800c34829e0 ffff8800cc3c7dd8
[ 299.876698] ffffffffa03e847f ffff88000251b990 ffff880114d50a80 0000000000000000
[ 299.876698] Call Trace:
[ 299.876698] [<ffffffffa03e847f>] ? mn_release+0x4f/0x130 [xen_gntdev]
[ 299.876698] [<ffffffff8116b0c4>] ? __mmu_notifier_release+0x44/0xc0
[ 299.876698] [<ffffffff81153d09>] ? exit_mmap+0x149/0x170
[ 299.876698] [<ffffffff814d2a8a>] ? _raw_spin_lock_irqsave+0x1a/0x50
[ 299.876698] [<ffffffff810b5c3a>] ? exit_robust_list+0x6a/0x130
[ 299.876698] [<ffffffff81055209>] ? mmput+0x59/0x120
[ 299.876698] [<ffffffff8105d97f>] ? do_exit+0x27f/0xab0
[ 299.876698] [<ffffffff81152b90>] ? do_munmap+0x2b0/0x3e0
[ 299.876698] [<ffffffff8105e22f>] ? do_group_exit+0x3f/0xa0
[ 299.876698] [<ffffffff8105e2a4>] ? sys_exit_group+0x14/0x20
[ 299.876698] [<ffffffff814da89d>] ? system_call_fastpath+0x1a/0x1f
[ 299.876698] Code: 00 00 00 d8 02 3c cc 00 88 ff ff ff ff ff ff ff ff ff ff 60 7d 3c cc 00 88 ff ff 30 e0 00 00 00 00 00 00 82 02 01 00 00 00 00 00 <70> 7d 3c cc 00 88 ff ff 2b e0 00 00 00 00 00 00 b0 c5 2d
cc 00
[ 299.876698] RIP [<ffff8800cc3c7d60>] 0xffff8800cc3c7d5f
[ 299.876698] RSP <ffff8800cc3c7d70>
[ 299.964961] ---[ end trace 2cc41b9c64237359 ]---
[ 299.964962] Fixing recursive fault but reboot is needed!
[ 299.964963] BUG: scheduling while atomic: a.out/922/0x00000002
[ 299.964985] Modules linked in: snd_hda_codec_hdmi snd_hda_codec_analog snd_hda_intel snd_hda_codec iTCO_wdt gpio_ich iTCO_vendor_support ppdev evdev dcdbas radeon mperf psmouse tg3 coretemp microcode serio_
raw pcspkr snd_hwdep snd_pcm ttm snd_page_alloc snd_timer drm_kms_helper i2c_i801 snd x38_edac edac_core ptp pps_core lpc_ich libphy drm i2c_algo_bit i2c_core soundcore parport_pc parport button processor xenf
s xen_privcmd xen_pciback xen_netback xen_blkback xen_gntalloc xen_gntdev xen_evtchn nfs lockd sunrpc fscache ext4 crc16 mbcache jbd2 hid_generic usbhid hid sr_mod cdrom sd_mod ahci libahci libata scsi_mod ehc
i_pci uhci_hcd ehci_hcd usbcore usb_common
[ 299.964987] Pid: 922, comm: a.out Tainted: G B D 3.9.9-1-ARCH #1
[ 299.964987] Call Trace:
[ 299.964991] [<ffffffff814cabcb>] __schedule_bug+0x4d/0x5b
[ 299.964994] [<ffffffff814d1ae6>] __schedule+0x936/0x940
[ 299.964997] [<ffffffff81059a29>] ? console_trylock+0x19/0x70
[ 299.964999] [<ffffffff814d2c86>] ? _raw_spin_unlock+0x36/0x40
[ 299.965002] [<ffffffff8105a3c6>] ? vprintk_emit+0x176/0x4c0
[ 299.965004] [<ffffffff814ca7ff>] ? printk+0x54/0x56
[ 299.965007] [<ffffffff814d1b19>] schedule+0x29/0x70
[ 299.965009] [<ffffffff8105e129>] do_exit+0xa29/0xab0
[ 299.965012] [<ffffffff8105b731>] ? kmsg_dump+0xc1/0xd0
[ 299.965015] [<ffffffff814d42c3>] oops_end+0xa3/0xe0
[ 299.965019] [<ffffffff81018deb>] die+0x4b/0x70
[ 299.965021] [<ffffffff814d3be0>] do_trap+0x60/0x170
[ 299.965024] [<ffffffff810163d5>] do_invalid_op+0x95/0xb0
[ 299.965027] [<ffffffff810085ec>] ? xen_batched_set_pte+0xdc/0x200
[ 299.965030] [<ffffffff814d2a8a>] ? _raw_spin_lock_irqsave+0x1a/0x50
[ 299.965032] [<ffffffff814d2ca2>] ? _raw_spin_unlock_irqrestore+0x12/0x50
[ 299.965035] [<ffffffff814dbb1e>] invalid_op+0x1e/0x30
[ 299.965038] [<ffffffffa03e847f>] ? mn_release+0x4f/0x130 [xen_gntdev]
[ 299.965042] [<ffffffff8116b0c4>] ? __mmu_notifier_release+0x44/0xc0
[ 299.965045] [<ffffffff81153d09>] ? exit_mmap+0x149/0x170
[ 299.965047] [<ffffffff814d2a8a>] ? _raw_spin_lock_irqsave+0x1a/0x50
[ 299.965050] [<ffffffff810b5c3a>] ? exit_robust_list+0x6a/0x130
[ 299.965055] [<ffffffff81055209>] ? mmput+0x59/0x120
[ 299.965057] [<ffffffff8105d97f>] ? do_exit+0x27f/0xab0
[ 299.965060] [<ffffffff81152b90>] ? do_munmap+0x2b0/0x3e0
[ 299.965062] [<ffffffff8105e22f>] ? do_group_exit+0x3f/0xa0
[ 299.965065] [<ffffffff8105e2a4>] ? sys_exit_group+0x14/0x20
[ 299.965067] [<ffffffff814da89d>] ? system_call_fastpath+0x1a/0x1f
[-- Attachment #4: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next reply other threads:[~2013-07-30 10:50 UTC|newest] Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top 2013-07-30 10:50 Vincent Bernardoff [this message] 2013-07-30 10:59 ` Crashing kernel with dom0/libxc gnttab/gntshr Ian Campbell 2013-07-30 13:41 ` Vincent Bernardoff 2013-07-30 15:50 ` Vincent Bernardoff 2013-07-30 15:55 ` Ian Campbell 2013-07-30 16:58 ` David Vrabel 2013-07-30 21:03 ` Daniel De Graaf 2013-08-02 13:50 ` Stefano Stabellini 2013-08-02 14:10 ` Ian Campbell 2013-08-02 16:49 ` Jeremy Fitzhardinge 2013-08-02 17:02 ` Stefano Stabellini 2013-08-03 10:06 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51F79A58.5060004@citrix.com \
--to=vincent.bernardoff@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.