Description of problem: f12 rawhide kernel (2.6.31-33.fc12.x86_64) crashes when started on RHEL 5.4 Xen hypervisor as PV domU. dom0 is RHEL 5.4 x86_64. Version-Release number of selected component (if applicable): kernel-2.6.31-33.fc12.x86_64 How reproducible: Always Steps to Reproduce: 1. Install RHEL 5.4 dom0 2. try to install f12/rawhide using virt-install 3. or manually try to boot the latest rawhide kernel as PV domU Actual results: kernel crashes. "xm log" says "WARNING (XendDomainInfo:965) Domain has crashed: name=debug id=1" Expected results: kernel boots and works normally. Additional info: # /usr/lib64/xen/bin/xenctx -s System.map-2.6.31-33.fc12.x86_64 1 rip: ffffffff819f8d3f xen_load_gdt_boot+0xab rsp: ffffffff81743f08 rax: ffffffea rbx: ffffffff81822000 rcx: 0021f527 rdx: 00000000 rsi: 800000021f527061 rdi: ffffffff81822000 rbp: ffffffff81743fa8 r8: 00000000 r9: 00000000 r10: 00000000 r11: 00000000 r12: ffffffff81743fb8 r13: ffffffff81743f50 r14: 00000080 r15: 00000000 cs: 0000e033 ds: 00000000 fs: 00000000 gs: 00000000 Stack: 000000000021f527 0000000000000000 ffffffff819f8d3f 000000010000e030 0000000000010082 ffffffff81743f48 000000000000e02b ffffffff819f8d3b 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001822 0000008000000000 ffffffff8100cb0e 0000000000000000 Code: 20 c3 78 81 31 d2 48 89 c6 48 89 df e8 85 04 61 ff 85 c0 74 04 <0f> 0b eb fe 49 63 c7 48 81 c3 00 Call Trace: [<ffffffff819f8d3f>] xen_load_gdt_boot+0xab <-- [<ffffffff819f8d3f>] xen_load_gdt_boot+0xab [<ffffffff819f8d3b>] xen_load_gdt_boot+0xa7 [<ffffffff8100cb0e>] p2m_top_index+0x9 [<ffffffff8101f209>] switch_to_new_gdt+0x31 [<ffffffff819f8a24>] xen_start_kernel+0x282
# gdb vmlinux (gdb) x/i 0xffffffff819f8d3f 0xffffffff819f8d3f <xen_load_gdt_boot+171>: ud2a 0xffffffff819f8c94 <xen_load_gdt_boot>: push %rbp 0xffffffff819f8c95 <xen_load_gdt_boot+1>: mov %rsp,%rbp 0xffffffff819f8c98 <xen_load_gdt_boot+4>: push %r15 0xffffffff819f8c9a <xen_load_gdt_boot+6>: xor %r15d,%r15d 0xffffffff819f8c9d <xen_load_gdt_boot+9>: push %r14 0xffffffff819f8c9f <xen_load_gdt_boot+11>: push %r13 0xffffffff819f8ca1 <xen_load_gdt_boot+13>: push %r12 0xffffffff819f8ca3 <xen_load_gdt_boot+15>: mov %rdi,%r12 0xffffffff819f8ca6 <xen_load_gdt_boot+18>: push %rbx 0xffffffff819f8ca7 <xen_load_gdt_boot+19>: sub $0x18,%rsp 0xffffffff819f8cab <xen_load_gdt_boot+23>: movzwl (%rdi),%eax 0xffffffff819f8cae <xen_load_gdt_boot+26>: mov 0x2(%rdi),%rbx 0xffffffff819f8cb2 <xen_load_gdt_boot+30>: inc %eax 0xffffffff819f8cb4 <xen_load_gdt_boot+32>: mov %eax,%r14d 0xffffffff819f8cb7 <xen_load_gdt_boot+35>: mov %eax,-0x34(%rbp) 0xffffffff819f8cba <xen_load_gdt_boot+38>: lea 0xfff(%r14),%rax 0xffffffff819f8cc1 <xen_load_gdt_boot+45>: shr $0xc,%rax 0xffffffff819f8cc5 <xen_load_gdt_boot+49>: lea 0x1e(,%rax,8),%rax 0xffffffff819f8ccd <xen_load_gdt_boot+57>: and $0x7f0,%eax 0xffffffff819f8cd2 <xen_load_gdt_boot+62>: sub %rax,%rsp 0xffffffff819f8cd5 <xen_load_gdt_boot+65>: lea 0xf(%rsp),%r13 0xffffffff819f8cda <xen_load_gdt_boot+70>: and $0xfffffffffffffff0,%r13 0xffffffff819f8cde <xen_load_gdt_boot+74>: test $0xfff,%ebx 0xffffffff819f8ce4 <xen_load_gdt_boot+80>: je 0xffffffff819f8d55 <xen_load_gdt_boot+193> 0xffffffff819f8ce6 <xen_load_gdt_boot+82>: ud2a 0xffffffff819f8ce8 <xen_load_gdt_boot+84>: jmp 0xffffffff819f8ce8 <xen_load_gdt_boot+84> 0xffffffff819f8cea <xen_load_gdt_boot+86>: mov %rbx,%rdi 0xffffffff819f8ced <xen_load_gdt_boot+89>: callq 0xffffffff8103ecfc <__phys_addr> 0xffffffff819f8cf2 <xen_load_gdt_boot+94>: mov %rax,%rsi 0xffffffff819f8cf5 <xen_load_gdt_boot+97>: shr $0xc,%rsi 0xffffffff819f8cf9 <xen_load_gdt_boot+101>: mov %rsi,%rdi 0xffffffff819f8cfc <xen_load_gdt_boot+104>: mov %rsi,-0x40(%rbp) 0xffffffff819f8d00 <xen_load_gdt_boot+108>: callq 0xffffffff8100b397 <pfn_to_mfn> 0xffffffff819f8d05 <xen_load_gdt_boot+113>: mov -0x40(%rbp),%rsi 0xffffffff819f8d09 <xen_load_gdt_boot+117>: mov %rax,%rcx 0xffffffff819f8d0c <xen_load_gdt_boot+120>: mov $0x8000000000000161,%rax 0xffffffff819f8d16 <xen_load_gdt_boot+130>: and -0x1e362d(%rip),%rax # 0xffffffff818156f0 <__supported_pte_mask> 0xffffffff819f8d1d <xen_load_gdt_boot+137>: mov %rsi,%rdi 0xffffffff819f8d20 <xen_load_gdt_boot+140>: shl $0xc,%rdi 0xffffffff819f8d24 <xen_load_gdt_boot+144>: or %rax,%rdi 0xffffffff819f8d27 <xen_load_gdt_boot+147>: callq *0xffffffff8178c320 0xffffffff819f8d2e <xen_load_gdt_boot+154>: xor %edx,%edx 0xffffffff819f8d30 <xen_load_gdt_boot+156>: mov %rax,%rsi 0xffffffff819f8d33 <xen_load_gdt_boot+159>: mov %rbx,%rdi 0xffffffff819f8d36 <xen_load_gdt_boot+162>: callq 0xffffffff810091c0 <hypercall_page+448> 0xffffffff819f8d3b <xen_load_gdt_boot+167>: test %eax,%eax 0xffffffff819f8d3d <xen_load_gdt_boot+169>: je 0xffffffff819f8d43 <xen_load_gdt_boot+175> 0xffffffff819f8d3f <xen_load_gdt_boot+171>: ud2a 0xffffffff819f8d41 <xen_load_gdt_boot+173>: jmp 0xffffffff819f8d41 <xen_load_gdt_boot+173> 0xffffffff819f8d43 <xen_load_gdt_boot+175>: movslq %r15d,%rax 0xffffffff819f8d46 <xen_load_gdt_boot+178>: add $0x1000,%rbx 0xffffffff819f8d4d <xen_load_gdt_boot+185>: inc %r15d 0xffffffff819f8d50 <xen_load_gdt_boot+188>: mov %rcx,0x0(%r13,%rax,8) 0xffffffff819f8d55 <xen_load_gdt_boot+193>: mov %r14,%rax 0xffffffff819f8d58 <xen_load_gdt_boot+196>: add 0x2(%r12),%rax 0xffffffff819f8d5d <xen_load_gdt_boot+201>: cmp %rax,%rbx 0xffffffff819f8d60 <xen_load_gdt_boot+204>: jb 0xffffffff819f8cea <xen_load_gdt_boot+86> 0xffffffff819f8d62 <xen_load_gdt_boot+206>: mov -0x34(%rbp),%esi 0xffffffff819f8d65 <xen_load_gdt_boot+209>: mov %r13,%rdi 0xffffffff819f8d68 <xen_load_gdt_boot+212>: shr $0x3,%esi (gdb)
if (HYPERVISOR_update_va_mapping((unsigned long)va, pte, 0)) BUG(); return value was -EINVAL
I forgot to mention that there's no console output at all, because the kernel crashes so early.
Patch for this problem is here: https://bugzilla.redhat.com/show_bug.cgi?id=525406 Please apply it for next rawhide kernel.
This patch has been applied to the rawhide kernel.