This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] BUG: unable to handle kernel paging request - balloon_in

To: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Subject: Re: [Xen-devel] BUG: unable to handle kernel paging request - balloon_init - xen-4.1.0 -
From: Scott Garron <xen-devel@xxxxxxxxxxxxxxxxxx>
Date: Thu, 28 Apr 2011 22:12:52 -0400
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 28 Apr 2011 19:14:52 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20110428183019.GA9852@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4DB60C04.6050802@xxxxxxxxxxxxxxxxxx> <20110426031545.GB20779@xxxxxxxxxxxx> <4DB6522A.9000304@xxxxxxxxxxxxxxxxxx> <20110427200937.GA19853@xxxxxxxxxxxx> <4DB8AAA6.4050808@xxxxxxxxxxxxxxxxxx> <20110428183019.GA9852@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20101226 Icedove/3.0.11
Scott Garron wrote:
Just for kicks, I tried hexediting balloon.o and changing that
instruction to "imul   $0x1,%rdx,%rcx" (since multiplying by 1 will
essentially nullify the instruction), but the end result was still
the same crash, even though the value for "page" ended up being

     While still thinking along those lines, I re-enabled
CONFIG_SPARSEMEM_VMEMMAP, then hexedited the instruction again, and the
kernel got further along in the boot process, but crashed while trying
to free the initrd memory.

The serial console from that boot is at:


     My deduction so far is that "page = pfn_to_page(pfn);" is somehow
returning a location that isn't quite "correct", but removing the
"multipliply by 0x38" instruction only returned something partially
usable and it took a dump all over the memory pages.

     Admittedly, I really know little about how all of this works, so my
debugging process is like taking stabs in the dark.  It's somewhat
intriguing to me, so I'm pretty much just playing with it until someone
who knows more can reproduce it.  It's hard to imagine that I'm the only
one having this problem with the current "xen/stable-2.6.32.x" branch.

Scott Garron

Xen-devel mailing list