This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-bugs] [Bug 641] New: Create & Destroy a VMX with 4G memory several

To: xen-bugs@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-bugs] [Bug 641] New: Create & Destroy a VMX with 4G memory several time will make xend hang on IA-32e
From: bugzilla-daemon@xxxxxxxxxxxxxxxxxxx
Date: Thu, 11 May 2006 18:06:48 -0700
Delivery-date: Thu, 11 May 2006 18:07:40 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-bugs-request@lists.xensource.com?subject=help>
List-id: Xen Bugzilla <xen-bugs.lists.xensource.com>
List-post: <mailto:xen-bugs@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-bugs>, <mailto:xen-bugs-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-bugs>, <mailto:xen-bugs-request@lists.xensource.com?subject=unsubscribe>
Reply-to: bugs@xxxxxxxxxxxxxxxxxx
Sender: xen-bugs-bounces@xxxxxxxxxxxxxxxxxxx

           Summary: Create & Destroy a VMX with 4G memory several time will
                    make xend hang on IA-32e
           Product: Xen
           Version: unstable
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: P1
         Component: HVM
        AssignedTo: xen-bugs@xxxxxxxxxxxxxxxxxxx
        ReportedBy: xiao.zhang@xxxxxxxxx

Hardware: Paxville (16LP, 8G physical memory)
Service os: RHEL4U2-IA32e
Guest os: FC3-IA32e

What I do is:

1. Create a VMX with 4g memory.
2. Destroy it when it starts to boot.
3. Go to step 1.

After several times of create & destroy (less than 20 times), xend will hang.

Serial log is below:

Eeek! page_mapcount(page) went negative! (-1)
  page->flags = 14
  page->count = 0
  page->mapping = 0000000000000000
----------- [cut here ] --------- [please bite here ] ---------
Kernel BUG at mm/rmap.c:560
invalid opcode: 0000 [1] SMP
Modules linked in: video thermal processor fan button battery ac
Pid: 7473, comm: qemu-dm Not tainted 2.6.16-xen0 #1
RIP: e030:[<ffffffff80167f27>] <ffffffff80167f27>{page_remove_rmap+135}
RSP: e02b:ffff88000b081b98  EFLAGS: 00010286
RAX: 00000000ffffffff RBX: ffff88000125c488 RCX: ffffffff80528728
RDX: ffffffff80528728 RSI: 0000000000000000 RDI: ffffffff80528720
RBP: ffff88000b081ba8 R08: 000000003b9aca00 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000080 R12: 00002aaaaabf6000
R13: ffff88000125c488 R14: 0000000000000000 R15: ffff88000cf4d800
FS:  00002b7c08dfd640(0000) GS:ffffffff8064f000(0000) knlGS:0000000000000000
CS:  e033 DS: 0000 ES: 0000
Process qemu-dm (pid: 7473, threadinfo ffff88000b080000, task ffff88000bca43c0)
Stack: 0000000000000000 ffff880016613fb0 ffff88000b081ca8 ffffffff8015e9f1
       00002aaaaaeabfff 00002aaaaaeabfff 00002aaaaaeabfff 80000001630b6067
       ffff88000cf4d878 ffffffff00000000
Call Trace: <ffffffff8015e9f1>{unmap_vmas+1793} <ffffffff80165411>
       <ffffffff8012a0e7>{mmput+55} <ffffffff8012f246>{exit_mm+230}
       <ffffffff8012fab0>{do_exit+528} <ffffffff80152e07>
       <ffffffff80137dd2>{recalc_sigpending+18} <ffffffff80138549>
       <ffffffff8013029f>{do_group_exit+271} <ffffffff8013a73d>
       <ffffffff801432a0>{autoremove_wake_function+0} <ffffffff8010a52d>
       <ffffffff80182107>{pipe_readv+663} <ffffffff8018219e>{pipe_read+30}
       <ffffffff8010b30d>{sysret_signal+56} <ffffffff8010ad10>

Code: 0f 0b 68 54 df 4a 80 c2 30 02 48 c7 c6 ff ff ff ff bf 20 00
RIP <ffffffff80167f27>{page_remove_rmap+135} RSP <ffff88000b081b98>
 <1>Fixing recursive fault but reboot is needed!

Configure bugmail: 
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Xen-bugs mailing list

<Prev in Thread] Current Thread [Next in Thread>