From owner-freebsd-emulation@FreeBSD.ORG  Sun Mar  2 20:50:36 2008
Return-Path: <owner-freebsd-emulation@FreeBSD.ORG>
Delivered-To: freebsd-emulation@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6F9C71065673
	for <freebsd-emulation@FreeBSD.org>;
	Sun,  2 Mar 2008 20:50:36 +0000 (UTC)
	(envelope-from nox@saturn.kn-bremen.de)
Received: from gwyn.kn-bremen.de (gwyn.kn-bremen.de [212.63.36.242])
	by mx1.freebsd.org (Postfix) with ESMTP id CD4EC8FC19
	for <freebsd-emulation@FreeBSD.org>;
	Sun,  2 Mar 2008 20:50:35 +0000 (UTC)
	(envelope-from nox@saturn.kn-bremen.de)
Received: by gwyn.kn-bremen.de (Postfix, from userid 10)
	id 73231296A08; Sun,  2 Mar 2008 21:50:33 +0100 (CET)
Received: from saturn.kn-bremen.de (nox@localhost [127.0.0.1])
	by saturn.kn-bremen.de (8.14.2/8.13.8) with ESMTP id m22Kl2fc063240;
	Sun, 2 Mar 2008 21:47:02 +0100 (CET)
	(envelope-from nox@saturn.kn-bremen.de)
Received: (from nox@localhost)
	by saturn.kn-bremen.de (8.14.2/8.13.6/Submit) id m22Kl209063239;
	Sun, 2 Mar 2008 21:47:02 +0100 (CET) (envelope-from nox)
From: Juergen Lock <nox@jelal.kn-bremen.de>
Date: Sun, 2 Mar 2008 21:47:02 +0100
To: qemu-devel@nongnu.org, freebsd-emulation@FreeBSD.org
Message-ID: <20080302204702.GA62895@saturn.kn-bremen.de>
Mail-Followup-To: qemu-devel@nongnu.org,
	freebsd-emulation@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.16 (2007-06-09)
Cc: 
Subject: qemu 2008-03-02 snapshot FreeBSD 7.0/amd64 guest regression (tcg?)
X-BeenThere: freebsd-emulation@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Development of Emulators of other operating systems
	<freebsd-emulation.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-emulation>, 
	<mailto:freebsd-emulation-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-emulation>
List-Post: <mailto:freebsd-emulation@freebsd.org>
List-Help: <mailto:freebsd-emulation-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-emulation>, 
	<mailto:freebsd-emulation-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Mar 2008 20:50:36 -0000

Hi!

 I've prepared a FreeBSD qemu-devel port update, as already mentioned
on the freebsd-emulation list, and found the FreeBSD 7.0/amd64 isos
now pagefault repeatedly, saying:

panic: page fault
cpuid = 0
kernel trap 12 with interrupts disabled


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x20
fault code              = supervisor read data, page not present
instruction pointer     = 0x8:0xffffffff8046c704
trap number             = 12
frame pointer           = 0x10:0x0
...

0xffffffff8046c704 in the 7.0-RELEASE kernel used on the isos is
in _thread_lock_flags:

(kgdb) disassemble _thread_lock_flags 
Dump of assembler code for function _thread_lock_flags:
0xffffffff8046c6e0 <_thread_lock_flags+0>:	push   %r14
0xffffffff8046c6e2 <_thread_lock_flags+2>:	mov    %rdi,%r14
0xffffffff8046c6e5 <_thread_lock_flags+5>:	push   %r13
0xffffffff8046c6e7 <_thread_lock_flags+7>:	push   %r12
0xffffffff8046c6e9 <_thread_lock_flags+9>:	push   %rbp
0xffffffff8046c6ea <_thread_lock_flags+10>:	push   %rbx
0xffffffff8046c6eb <_thread_lock_flags+11>:	mov    %gs:0x0,%r13
0xffffffff8046c6f4 <_thread_lock_flags+20>:	xor    %r12d,%r12d
0xffffffff8046c6f7 <_thread_lock_flags+23>:	callq  0xffffffff8071df80 <spinlock_enter>
0xffffffff8046c6fc <_thread_lock_flags+28>:	mov    (%r14),%rbp
0xffffffff8046c6ff <_thread_lock_flags+31>:	mov    $0x4,%eax
0xffffffff8046c704 <_thread_lock_flags+36>:	lock cmpxchg %r13,0x20(%rbp)
0xffffffff8046c70a <_thread_lock_flags+42>:	sete   %al
0xffffffff8046c70d <_thread_lock_flags+45>:	test   %al,%al
0xffffffff8046c70f <_thread_lock_flags+47>:	jne    0xffffffff8046c799 <_thread_lock_flags+185>
0xffffffff8046c715 <_thread_lock_flags+53>:	mov    0x20(%rbp),%rdx
0xffffffff8046c719 <_thread_lock_flags+57>:	cmp    %r13,%rdx
0xffffffff8046c71c <_thread_lock_flags+60>:	je     0xffffffff8046c7cd <_thread_lock_flags+237>
0xffffffff8046c722 <_thread_lock_flags+66>:	callq  0xffffffff8071c4e0 <spinlock_exit>
---Type <return> to continue, or q <return> to quit---
0xffffffff8046c727 <_thread_lock_flags+71>:	jmp    0xffffffff8046c73c <_thread_lock_flags+92>
0xffffffff8046c729 <_thread_lock_flags+73>:	data16
...

 so this looks like either %rbp is indeed zero or that cmpxchg insn isnt
getting correctly translated.  If you want to reproduce just boot the 35 MB
7.0-RELEASE-amd64-bootonly.iso in qemu-system-x86_64 (without kqemu); you
can find mirrors via
	http://mirrorlist.freebsd.org/
(search for isos, amd64 architecture, I used 7.0 as you can see.)

 Oh, if you want to look at the live kernel you can boot the
7.0-RELEASE-amd64-livefs.iso in 0.9.1 with the previously mentioned
patch (see
	http://www.nabble.com/forum/ViewPost.jtp?post=14921171
), select fixit->cdrom in the menu that comes up after choosing
the keyboard layout, and run `kgdb /dist/boot/kernel/kernel /dev/mem'.

 Thanx,
	Juergen