From owner-freebsd-emulation@FreeBSD.ORG Fri Jun 8 20:27:16 2007 Return-Path: X-Original-To: freebsd-emulation@FreeBSD.org Delivered-To: freebsd-emulation@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id ABF3316A46C; Fri, 8 Jun 2007 20:27:16 +0000 (UTC) (envelope-from nox@saturn.kn-bremen.de) Received: from gwyn.kn-bremen.de (gwyn.kn-bremen.de [212.63.36.242]) by mx1.freebsd.org (Postfix) with ESMTP id 5D69A13C45D; Fri, 8 Jun 2007 20:27:16 +0000 (UTC) (envelope-from nox@saturn.kn-bremen.de) Received: by gwyn.kn-bremen.de (Postfix, from userid 10) id 43A2E1615CA; Fri, 8 Jun 2007 22:27:15 +0200 (CEST) Received: from saturn.kn-bremen.de (nox@localhost [127.0.0.1]) by saturn.kn-bremen.de (8.13.6/8.13.6) with ESMTP id l58KOpJC025657; Fri, 8 Jun 2007 22:24:51 +0200 (CEST) (envelope-from nox@saturn.kn-bremen.de) Received: (from nox@localhost) by saturn.kn-bremen.de (8.13.6/8.13.6/Submit) id l58KOoLC025656; Fri, 8 Jun 2007 22:24:50 +0200 (CEST) (envelope-from nox) From: Juergen Lock Date: Fri, 8 Jun 2007 22:24:50 +0200 To: Allan Jude Message-ID: <20070608202450.GA23993@saturn.kn-bremen.de> Mail-Followup-To: Allan Jude , bug-followup@FreeBSD.org, freebsd-hackers@freebsd.org, freebsd-emulation@freebsd.org References: <200706081510.l58FAA84097522@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200706081510.l58FAA84097522@freefall.freebsd.org> User-Agent: Mutt/1.5.14 (2007-02-12) Cc: freebsd-hackers@FreeBSD.org, freebsd-emulation@FreeBSD.org, bug-followup@FreeBSD.org Subject: Re: ports/113430: Kernel Panic with emulators/qemu on AMD64 SMP X-BeenThere: freebsd-emulation@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Development of Emulators of other operating systems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2007 20:27:16 -0000 On Fri, Jun 08, 2007 at 03:10:10PM +0000, Allan Jude wrote: > I recreated it again, and the 'stopped at' in the kernel panic is: > > userret+0x22 movq 0(%rdi),%rbx Ok so apparently userret was called with a bogus td arg, can you find out from where? (there should be a return address on the stack, userret here starts with a sub $0x28,%rsp (hmm, no frame pointer?) so add that or whatever yours subtracts.) Btw, > fault virtual address = 0x202 > fault code = supervisor read, page not present >[...] > #9 0xffffffff80650f5d in trap (frame= > {tf_rdi = 0xffffff012f655720, tf_rsi = 0x4, tf_rdx = 0x46, tf_rcx >[...] shouldnt tf_rdi here be rdi at the time of the fault, i.e. 0x202? Anyone know why its different? Also, as mentioned above userret doesnt save a frame pointer here (rbp) and indeed, > 0xffffff012f655720, tf_rax = 0x2, tf_rbx = 0xf4240, tf_rbp = > 0xffffffffb38f5d10, tf_r10 = 0xffffff012b39e108, tf_r11 = 0x2, tf_r12 = >[...] > tf_rflags = 0x10282, tf_rsp = 0xffffffffb38f5bb0, tf_ss = tf_rbp seems to be way off compared to tf_rsp, are parts of the kernel now compiled with -fomit-frame-pointer? (even for a debug kernel?) This may explain why we dont see who called userret in the kgdb backtrace...