xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: "Xuquan (Quan Xu)" <xuquan8@huawei.com>
Cc: "George.Dunlap@eu.citrix.com" <George.Dunlap@eu.citrix.com>,
	Jan Beulich <JBeulich@suse.com>,
	"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: qeustion: a panic in __do_update_va_mapping()
Date: Tue, 1 Nov 2016 13:21:25 +0000	[thread overview]
Message-ID: <7e0a476c-8cf6-57db-a0b4-54437b8d9810@citrix.com> (raw)
In-Reply-To: <E0A769A898ADB6449596C41F51EF62C6ABF869@SZXEMI506-MBX.china.huawei.com>

On 01/11/16 12:07, Xuquan (Quan Xu) wrote:
> On November 01, 2016 8:00 PM, Andrew Cooper wrote:
>> On 01/11/16 11:57, Xuquan (Quan Xu) wrote:
>>> On November 01, 2016 7:41 PM, Andrew Cooper
>> <andrew.cooper3@citrix.com > wrote:
>>>> On 01/11/16 11:23, Xuquan (Quan Xu) wrote:
>>>>> On November 01, 2016 7:16 PM, Andrew Cooper <
>>>> andrew.cooper3@citrix.com > wrote:
>>>>>> On 01/11/16 11:01, Xuquan (Quan Xu) wrote:
>>>>>>> Hi Andrew,
>>>>>>>
>>>>>>> When I run some application with Xen, I encounter a Panic with log
>>>>>>> as the
>>>>>> bottom of this email.
>>>>>>> I find this panic is as similar as your fix e4e9d2d4e76bd8fe22
>> 'x86/p2m-ept:
>>>>>> don't unmap the EPT pagetable while it is still in use'.
>>>>>>
>>>>>> Its not the same.  My fix was for a pagefault.  Your crash is
>>>>>> hitting a
>>>>>> BUG()
>>>>>>
>>>>>> You need to investigate which BUG() is being hit (you are clearly
>>>>>> not using staging, as page_alloc.c:429 is outside of a function), and why.
>>>>>>
>>>>> It is not using staging, a internal version, but the
>>>>> __do_update_va_mapping() is
>>>> the same..
>>>>> So I think it is similar to staging.
>>>> __do_update_va_mapping() is not relevant.  Your problem is in
>>>> alloc_heap_pages(), not __do_update_va_mapping().
>>>>
>>> Andrew, thanks for your help..
>>>
>>> Check it,
>>> the BUG() is from
>>> do_memory_op() -- alloc_domheap_pages() -- alloc_heap_pages()..
>>> , not from  __do_update_va_mapping().
>>>
>>> If so, I think the information is too limited to debug..
>>>
>>> the BUG() is being hit at:
>>> ...
>>> alloc_heap_pages()
>>>     for ( i = 0; i < (1 << order); i++ )
>>>     {
>>>         /* Reference count must continuously be zero for free pages. */
>>>         BUG_ON(pg[i].count_info != PGC_state_free); ...
>>>
>>>
>>> I guess I hit a 'count_info == -1', more put_page() is called to return the page..
>> Yes.  This means that you have a reference counting error elsewhere in
>> the hypervisor, and something is dropping too many references.
>>
> :(:(..
> Any method to address it?

Not specifically.  It is similar to chasing a double free bug.

You should review whatever local additions you have in your tree extra
carefully.  It might be that there is a setup path which doesn't take a
ref, or a buggy error path which cleans up too many refs.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

  reply	other threads:[~2016-11-01 13:21 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-01 11:01 qeustion: a panic in __do_update_va_mapping() Xuquan (Quan Xu)
2016-11-01 11:15 ` Andrew Cooper
2016-11-01 11:23   ` Xuquan (Quan Xu)
2016-11-01 11:41     ` Andrew Cooper
2016-11-01 11:57       ` Xuquan (Quan Xu)
2016-11-01 11:59         ` Andrew Cooper
2016-11-01 12:07           ` Xuquan (Quan Xu)
2016-11-01 13:21             ` Andrew Cooper [this message]
2016-11-02  0:37               ` Xuquan (Quan Xu)
     [not found]               ` <E0A769A898ADB6449596C41F51EF62C6AC024D@SZXEMI506-MBX.china.huawei.com>
2016-11-03 13:18                 ` Jan Beulich
2016-11-03 13:27                   ` Xuquan (Quan Xu)
2016-11-03 13:45                     ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7e0a476c-8cf6-57db-a0b4-54437b8d9810@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=George.Dunlap@eu.citrix.com \
    --cc=JBeulich@suse.com \
    --cc=xen-devel@lists.xen.org \
    --cc=xuquan8@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).