WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] Balloon driver crash

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Balloon driver crash
From: M A Young <m.a.young@xxxxxxxxxxxx>
Date: Thu, 3 Jun 2010 14:37:10 +0100 (BST)
Delivery-date: Thu, 03 Jun 2010 06:38:23 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Alpine 2.00 (GSO 1167 2008-08-23)
I get the following crash when I try to start up a guest on a low memory machine

BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<c0632641>] balloon_process+0x3e5/0x596
*pdpt = 0000000000aac001 *pde = 0000000000000000 Oops: 0000 [#1] SMP last sysfs file: /sys/devices/system/xen_memory/xen_memory0/info/current_kb
Modules linked in: nfs lockd fscache nfs_acl nf_conntrack_ftp bridge stp llc 
autofs4 rpcsec_gss_krb5 auth_rpcgss des_generic sunrpc ip6table_filter 
ip6_tables ipv6 xen_evtchn xenfs snd_intel8x0 snd_ac97_codec ac97_bus snd_seq 
snd_seq_device ppdev snd_pcm parport_pc parport snd_timer e100 snd soundcore 
mii iTCO_wdt snd_page_alloc i2c_i801 iTCO_vendor_support i915 drm_kms_helper 
drm i2c_algo_bit i2c_core video output [last unloaded: scsi_wait_scan]
Pid: 6, comm: events/0 Not tainted (2.6.32.14-1.2.105.xendom0.fc12.i686.PAE #1) EIP: 0061:[<c0632641>] EFLAGS: 00010046 CPU: 0
EIP is at balloon_process+0x3e5/0x596
EAX: c25f6000 EBX: 00000f02 ECX: c269e038 EDX: 00000000
ESI: 00000000 EDI: 00018f02 EBP: dc09df6c ESP: dc09df08
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0069
Process events/0 (pid: 6, ti=dc09c000 task=dc083fc0 task.ti=dc09c000)
Stack:
dc09df38 dc09df4c c0ab0288 00000000 00000001 ffffb4d7 00000000 00018f02
 00000f02 00000000 000003a9 00000000 c0407250 c2a10004 c2a19b04 c2a10004
 c0407247 00000000 00000000 00000000 00000000 00007ff0 c2a1d460 c09db2dc
Call Trace:
[<c0407250>] ? check_events+0x8/0xc
[<c0407247>] ? xen_restore_fl_direct_end+0x0/0x1
[<c0458d11>] ? worker_thread+0x140/0x1b9
[<c063225c>] ? balloon_process+0x0/0x596
[<c045c79d>] ? autoremove_wake_function+0x0/0x34
[<c0458bd1>] ? worker_thread+0x0/0x1b9
[<c045c565>] ? kthread+0x64/0x69
[<c045c501>] ? kthread+0x0/0x69
[<c040ac07>] ? kernel_thread_helper+0x7/0x10
Code: ff 25 ff ff ff 7f 8b 55 c8 39 f8 89 04 95 e0 7e b6 c0 b8 01 00 00 00 0f 44 45 a8 83 ca ff 89 45 a8 89 d8 e8 ed 3f dd ff 8b 55 b4 <8b> 02 c1 e8 1e 69 c0 00 0b 00 00 05 80 13 9f c0 2b 80 ec 0a 00 EIP: [<c0632641>] balloon_process+0x3e5/0x596 SS:ESP 0069:dc09df08
CR2: 0000000000000000

The relevant address is
0xc0632641 <balloon_process+997>: mov    (%edx),%eax

and the context is
   0xc06325e1 <balloon_process+901>:      mov    (%eax),%edx
   0xc06325e3 <balloon_process+903>:      mov    %edx,-0x44(%ebp)
   0xc06325e6 <balloon_process+906>:      mov    -0x44(%ebp),%eax
   0xc06325e9 <balloon_process+909>:      shl    $0x5,%eax
   0xc06325ec <balloon_process+912>:      add    0xc0b5c740,%eax
   0xc06325f2 <balloon_process+918>:      call   0xc06321e2 <balloon_append>
   0xc06325f7 <balloon_process+923>:      movl   $0x0,-0x58(%ebp)
   0xc06325fe <balloon_process+930>:      movl   $0x0,-0x38(%ebp)
   0xc0632605 <balloon_process+937>:
    jmp    0xc063267f <balloon_process+1059>
   0xc0632607 <balloon_process+939>:      cmpb   $0x0,0xc0a105ae
   0xc063260e <balloon_process+946>:      mov    %ebx,%eax
   0xc0632610 <balloon_process+948>:      jne    0xc063261c 
<balloon_process+960>
   0xc0632612 <balloon_process+950>:      call   0xc0404eff 
<get_phys_to_machine>
   0xc0632617 <balloon_process+955>:      and    $0x7fffffff,%eax
   0xc063261c <balloon_process+960>:      mov    -0x38(%ebp),%edx
   0xc063261f <balloon_process+963>:      cmp    %edi,%eax
   0xc0632621 <balloon_process+965>:      mov    %eax,-0x3f498120(,%edx,4)
   0xc0632628 <balloon_process+972>:      mov    $0x1,%eax
   0xc063262d <balloon_process+977>:      cmove  -0x58(%ebp),%eax
   0xc0632631 <balloon_process+981>:      or     $0xffffffff,%edx
   0xc0632634 <balloon_process+984>:      mov    %eax,-0x58(%ebp)
   0xc0632637 <balloon_process+987>:      mov    %ebx,%eax
   0xc0632639 <balloon_process+989>:      call   0xc040662b 
<set_phys_to_machine>
   0xc063263e <balloon_process+994>:      mov    -0x4c(%ebp),%edx
   0xc0632641 <balloon_process+997>:      mov    (%edx),%eax
   0xc0632643 <balloon_process+999>:      shr    $0x1e,%eax
   0xc0632646 <balloon_process+1002>:     imul   $0xb00,%eax,%eax
   0xc063264c <balloon_process+1008>:     add    $0xc09f1380,%eax
   0xc0632651 <balloon_process+1013>:     sub    0xaec(%eax),%eax
   0xc0632657 <balloon_process+1019>:     cmp    $0x1600,%eax
   0xc063265c <balloon_process+1024>:
    je     0xc063267c <balloon_process+1056>
   0xc063265e <balloon_process+1026>:     cmp    $0x2100,%eax
   0xc0632663 <balloon_process+1031>:
    jne    0xc06327d1 <balloon_process+1397>
   0xc0632669 <balloon_process+1037>:     cmpl   $0x2,0xc0b58d3c
   0xc0632670 <balloon_process+1044>:
    jne    0xc06327d1 <balloon_process+1397>
   0xc0632676 <balloon_process+1050>:
    jmp    0xc063267c <balloon_process+1056>
   0xc0632678 <balloon_process+1052>:     ud2a
   0xc063267a <balloon_process+1054>:
    jmp    0xc063267a <balloon_process+1054>
   0xc063267c <balloon_process+1056>:     incl   -0x38(%ebp)
   0xc063267f <balloon_process+1059>:     mov    -0x38(%ebp),%edi
   0xc0632682 <balloon_process+1062>:     mov    -0x38(%ebp),%ebx
   0xc0632685 <balloon_process+1065>:     mov    0xc0b67edc,%edx
   0xc063268b <balloon_process+1071>:     add    -0x48(%ebp),%edi
   0xc063268e <balloon_process+1074>:     add    -0x44(%ebp),%ebx
   0xc0632691 <balloon_process+1077>:     cmp    %edx,-0x38(%ebp)
   0xc0632694 <balloon_process+1080>:     jb     0xc0632607 
<balloon_process+939>
   0xc063269a <balloon_process+1086>:     cmpl   $0x0,-0x58(%ebp)
   0xc063269e <balloon_process+1090>:
    je     0xc06326e3 <balloon_process+1159>
   0xc06326a0 <balloon_process+1092>:     mov    -0x64(%ebp),%edi
   0xc06326a3 <balloon_process+1095>:     xor    %eax,%eax

so the crash occurs just after a call to set_phys_to_machine

        Michael Young

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel