From mboxrd@z Thu Jan  1 00:00:00 1970
From: Major Hayden <major@mhtx.net>
Subject: Re: Xen BUG at page_alloc.c:1738 (Xen 4.5)
Date: Wed, 20 May 2015 11:52:23 -0500
Message-ID: <555CBBC7.2070201@mhtx.net>
References: <555B7BB8.90909@mhtx.net>
	<555C80EA020000780007C12D@mail.emea.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <555C80EA020000780007C12D@mail.emea.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: xen-devel@lists.xen.org
List-Id: xen-devel@lists.xenproject.org

On 05/20/2015 05:41 AM, Jan Beulich wrote:
> Considering that no-one else is seeing this - is this perhaps connected
> to you building Xen with pre-release gcc 5.0.1? This is also because in
> order for the above to indeed occur, mmio_ro_do_page_fault()'s
> put_page() would need to drop the last reference of a page, yet
> page_get_owner_and_reference() doesn't obtain a reference when
> a page is unallocated (and hence unowned), i.e. normally a page
> would have a refcount of at least 2 here. Hence this would be
> possible only due to a race, but the exact same race to be observed
> on different hardware _and_ under an emulator is extremely unlikely.

That could be a possibility.  There is one Fedora patch[1] to fix a GCC 5 compile error but that's probably unrelated to the crash.

I'm still hunting around to see what I can figure out.

[1] http://pkgs.fedoraproject.org/cgit/xen.git/tree/?h=f22

--
Major Hayden