From mboxrd@z Thu Jan 1 00:00:00 1970 From: Wei Huang Subject: Re: The segmentfault when using xl create domU Date: Tue, 15 Apr 2014 17:07:05 -0500 Message-ID: <534DAD89.1040604@samsung.com> References: <25f20e60.4a87.145633bba97.Coremail.duqi_2009@163.com> <1397552021.24638.13.camel@kazak.uk.xensource.com> <78496d24.5d.14564c71cc0.Coremail.duqi_2009@163.com> <534D3E54.9060008@linaro.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: In-reply-to: <534D3E54.9060008@linaro.org> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Julien Grall , duqi Cc: Ian Campbell , "Stefano Stabellini (Xen mainlister)" , =?UTF-8?B?5a6r5pmT5Yip?= , hdegoede , "bjzhang@suse.com" , "xen-devel@lists.xen.org" List-Id: xen-devel@lists.xenproject.org On 04/15/2014 09:12 AM, Julien Grall wrote: > Hello, > > On 04/15/2014 10:45 AM, duqi wrote: >> At 2014-04-15 04:53:41, "Ian Campbell" wrote: >>> On Tue, 2014-04-15 at 10:33 +0800, duqi wrote: >>>> Hi there, >>>> We tried to create domU with command "xl -vvv create -d domU_01" and >>>> met the below fault: >>>> >>>> root@linaro-alip:~/domU# xl -vvv create -d domU_01 >>> >>> Does this happen if you drop the "-d"? >>> >>> please could you run under gdb and grab a backtrace. Someth8ing like: >>> # gdb --args xl -vvv create -d domU_01 >>> (gdb) run >>> .... >>> crash! >>> (gdb) bt >>> >> >> Hi, here is the gdb output: >> Program received signal SIGSEGV, Segmentation fault. >> 0xb6f6bc30 in memcpy (__len=16, __src=0xbefe6e0c, __dest=0x39488) >> at /usr/lib/gcc-cross/arm-linux-gnueabihf/4.7/../../../../arm-linux-gnueabihf/include/bits/string3.h:51 >> 51 /usr/lib/gcc-cross/arm-linux-gnueabihf/4.7/../../../../arm-linux-gnueabihf/include/bits/string3.h: No such file or direc. >> (gdb) bt >> #0 0xb6f6bc30 in memcpy (__len=16, __src=0xbefe6e0c, __dest=0x39488) >> at /usr/lib/gcc-cross/arm-linux-gnueabihf/4.7/../../../../arm-linux-gnueabihf/include/bits/string3.h:51 >> #1 libxl_list_vm (ctx=ctx@entry=0x33030, >> nb_vm_out=nb_vm_out@entry=0xbeffee30) at libxl.c:689 >> #2 0xb6f7b934 in libxl__domain_make (gc=gc@entry=0x393d0, >> info=info@entry=0xbefff040, domid=domid@entry=0xbeffeec0) >> at libxl_create.c:613 >> #3 0xb6f7cadc in initiate_domain_create (dcs=0x398a8, egc=0xbeffeec4) >> at libxl_create.c:791 >> #4 do_domain_create (ctx=ctx@entry=0x33030, >> d_config=d_config@entry=0xbefff040, domid=domid@entry=0xbeffef80, >> restore_fd=restore_fd@entry=-1, >> checkpointed_stream=checkpointed_stream@entry=0, ao_how=ao_how@entry=0x0, >> aop_console_how=aop_console_how@entry=0x0) at libxl_create.c:1424 >> #5 0xb6f7d428 in libxl_domain_create_new (ctx=0x33030, >> d_config=d_config@entry=0xbefff040, domid=domid@entry=0xbeffef80, >> ao_how=ao_how@entry=0x0, aop_console_how=aop_console_how@entry=0x0) >> at libxl_create.c:1449 >> #6 0x00017040 in create_domain (dom_info=0xbeffefdc) at xl_cmdimpl.c:2283 >> #7 main_create (argc=, argv=) >> at xl_cmdimpl.c:4469 >> #8 0x0000db84 in main (argc=3, argv=0xbefff82c) at xl.c:362 >> (gdb) > > It's a compiler bug. For some reasons gcc doesn't generate the right assembly > when -O1 is specified on the command line. Which version of gcc do you use(4.7.*?)? > Which distribution are you using? > Can you also call disas the crash and copy the output? > > Gcc 4.8 doesn't seem to be affected. > > FYI, I got this output from 4.7 with Linaro Ubuntu raring (gcc 4.7.3). > > 0x76f71bd0 <+224>: mov r5, #0 > 0x76f71bd4 <+228>: mov r4, r5 > 0x76f71bd8 <+232>: mov r7, r5 <= r7 = r5 = 0 > 0x76f71bdc <+236>: sub r6, r11, #98304 ; 0x18000 > 0x76f71be0 <+240>: sub r6, r6, #36 ; 0x24 > 0x76f71be4 <+244>: mov r9, r5 > 0x76f71be8 <+248>: str r8, [r12, #-68] ; 0x44 > 0x76f71bec <+252>: sub r3, r11, #98304 ; 0x18000 > 0x76f71bf0 <+256>: ldr r0, [r3, #-68] ; 0x44 > 0x76f71bf4 <+260>: ldrh r1, [r6, r5] > 0x76f71bf8 <+264>: mov r2, r9 > 0x76f71bfc <+268>: bl 0x76f6d6ac > 0x76f71c00 <+272>: cmp r0, #0 > 0x76f71c04 <+276>: bne 0x76f71c50 > 0x76f71c08 <+280>: add r8, r7, r7, lsl #2 <= Last time we set r8 = r7 << 2 = 0 > 0x76f71c0c <+284>: sub r12, r11, #98304 ; 0x18000 > 0x76f71c10 <+288>: str r8, [r12, #-56] ; 0x38 > 0x76f71c14 <+292>: ldr r3, [r12, #-60] ; 0x3c > 0x76f71c18 <+296>: add lr, r3, r8, lsl #2 > 0x76f71c1c <+300>: add r12, r4, r4, lsl #1 > 0x76f71c20 <+304>: add r12, r6, r12, lsl #5 > 0x76f71c24 <+308>: add r12, r12, #76 ; 0x4c > 0x76f71c28 <+312>: ldm r12!, {r0, r1, r2, r3} > 0x76f71c2c <+316>: mov r12, r8 > => 0x76f71c30 <+320>: ldr r8, [r8, #-60] ; 0x3c <= r8 (=0) is dereferenced > I saw the same thing on my system and ack'ed that this is compiler related. My compiler is 4.7.3. I was able to fix it with the following hack: diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c index 730f6e1..14eac6b 100644 --- a/tools/libxl/libxl.c +++ b/tools/libxl/libxl.c @@ -667,7 +667,8 @@ libxl_vminfo * libxl_list_vm(libxl_ctx *ctx, int *nb_vm_out) { GC_INIT(ctx); libxl_vminfo *ptr = NULL; - int idx, i, ret; + volatile int idx, i; + int ret; xc_domaininfo_t info[1024]; ret = xc_domain_getinfolist(ctx->xch, 1, ARRAY_SIZE(info), info); > > Regards, > >