Date: Mon, 3 Mar 2008 01:01:34 +0100 From: Juergen Lock <nox@jelal.kn-bremen.de> To: qemu-devel@nongnu.org, freebsd-emulation@FreeBSD.org Subject: Re: qemu 2008-03-02 snapshot FreeBSD 7.0/amd64 guest regression (tcg?) Message-ID: <20080303000134.GA68444@saturn.kn-bremen.de> In-Reply-To: <20080302204702.GA62895@saturn.kn-bremen.de> References: <20080302204702.GA62895@saturn.kn-bremen.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Mar 02, 2008 at 09:47:02PM +0100, Juergen Lock wrote: > Hi! > > I've prepared a FreeBSD qemu-devel port update, as already mentioned > on the freebsd-emulation list, and found the FreeBSD 7.0/amd64 isos > now pagefault repeatedly, saying: > > panic: page fault > cpuid = 0 > kernel trap 12 with interrupts disabled > > > Fatal trap 12: page fault while in kernel mode > cpuid = 0; apic id = 00 > fault virtual address = 0x20 > fault code = supervisor read data, page not present > instruction pointer = 0x8:0xffffffff8046c704 > trap number = 12 > frame pointer = 0x10:0x0 > ... > > 0xffffffff8046c704 in the 7.0-RELEASE kernel used on the isos is > in _thread_lock_flags: > > (kgdb) disassemble _thread_lock_flags > Dump of assembler code for function _thread_lock_flags: > 0xffffffff8046c6e0 <_thread_lock_flags+0>: push %r14 > 0xffffffff8046c6e2 <_thread_lock_flags+2>: mov %rdi,%r14 > 0xffffffff8046c6e5 <_thread_lock_flags+5>: push %r13 > 0xffffffff8046c6e7 <_thread_lock_flags+7>: push %r12 > 0xffffffff8046c6e9 <_thread_lock_flags+9>: push %rbp > 0xffffffff8046c6ea <_thread_lock_flags+10>: push %rbx > 0xffffffff8046c6eb <_thread_lock_flags+11>: mov %gs:0x0,%r13 > 0xffffffff8046c6f4 <_thread_lock_flags+20>: xor %r12d,%r12d > 0xffffffff8046c6f7 <_thread_lock_flags+23>: callq 0xffffffff8071df80 <spinlock_enter> > 0xffffffff8046c6fc <_thread_lock_flags+28>: mov (%r14),%rbp > 0xffffffff8046c6ff <_thread_lock_flags+31>: mov $0x4,%eax > 0xffffffff8046c704 <_thread_lock_flags+36>: lock cmpxchg %r13,0x20(%rbp) > 0xffffffff8046c70a <_thread_lock_flags+42>: sete %al > 0xffffffff8046c70d <_thread_lock_flags+45>: test %al,%al > 0xffffffff8046c70f <_thread_lock_flags+47>: jne 0xffffffff8046c799 <_thread_lock_flags+185> > 0xffffffff8046c715 <_thread_lock_flags+53>: mov 0x20(%rbp),%rdx > 0xffffffff8046c719 <_thread_lock_flags+57>: cmp %r13,%rdx > 0xffffffff8046c71c <_thread_lock_flags+60>: je 0xffffffff8046c7cd <_thread_lock_flags+237> > 0xffffffff8046c722 <_thread_lock_flags+66>: callq 0xffffffff8071c4e0 <spinlock_exit> > ---Type <return> to continue, or q <return> to quit--- > 0xffffffff8046c727 <_thread_lock_flags+71>: jmp 0xffffffff8046c73c <_thread_lock_flags+92> > 0xffffffff8046c729 <_thread_lock_flags+73>: data16 > ... > > so this looks like either %rbp is indeed zero or that cmpxchg insn isnt > getting correctly translated. If you want to reproduce just boot the 35 MB > 7.0-RELEASE-amd64-bootonly.iso in qemu-system-x86_64 (without kqemu); you > can find mirrors via > http://mirrorlist.freebsd.org/ > (search for isos, amd64 architecture, I used 7.0 as you can see.) > > Oh, if you want to look at the live kernel you can boot the > 7.0-RELEASE-amd64-livefs.iso in 0.9.1 with the previously mentioned > patch (see > http://www.nabble.com/forum/ViewPost.jtp?post=14921171 > ), select fixit->cdrom in the menu that comes up after choosing > the keyboard layout, and run `kgdb /dist/boot/kernel/kernel /dev/mem'. Update: looks like the bug is i386 host only, at least I got a report of amd64 host working. (will try to confirm later...) Juergen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080303000134.GA68444>