kern/164531: Boot time crash using XEN HVM enabled kernel.

Dr Josef L P Karthauser joe at
Thu Jan 26 21:40:09 UTC 2012

>Number:         164531
>Category:       kern
>Synopsis:       Boot time crash using XEN HVM enabled kernel.
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 26 21:40:09 UTC 2012
>Originator:     Dr Josef L P Karthauser
>Release:        FreeBSD 8.2-STABLE amd64
System: FreeBSD infinity 8.2-STABLE FreeBSD 8.2-STABLE #2: Sat Jun 25 23:50:59 BST 2011 root@:/usr/obj/usr/src/sys/INFINITY amd64

	AMD64 machine running under a XEN HVM instance.

Copyright (c) 1992-2011 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 8.2-STABLE #2: Sat Jun 25 23:50:59 BST 2011
    root@:/usr/obj/usr/src/sys/INFINITY amd64
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Xeon(R) CPU           X3470  @ 2.93GHz (2933.36-MHz K8-class CPU)
  Origin = "GenuineIntel"  Id = 0x106e5  Family = 6  Model = 1e  Stepping = 5
  AMD Features=0x28100800<SYSCALL,NX,RDTSCP,LM>
  AMD Features2=0x1<LAHF>
  TSC: P-state invariant
real memory  = 4294967296 (4096 MB)
avail memory = 4114804736 (3924 MB)
ACPI APIC Table: <Xen HVM>
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
FreeBSD/SMP: 1 package(s) x 4 core(s)
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  2
 cpu2 (AP): APIC ID:  4
 cpu3 (AP): APIC ID:  6
ioapic0: Changing APIC ID to 1
MADT: Forcing active-low polarity and level trigger for SCI
ioapic0 <Version 1.1> irqs 0-47 on motherboard
kbd1 at kbdmux0
acpi0: <Xen> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
acpi0: Sleep Button (fixed)
Timecounter "ACPI-safe" frequency 3579545 Hz quality 850
acpi_timer0: <32-bit timer at 3.579545MHz> port 0x1f48-0x1f4b on acpi0
cpu0: <ACPI CPU> on acpi0
cpu1: <ACPI CPU> on acpi0
cpu2: <ACPI CPU> on acpi0
cpu3: <ACPI CPU> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
isab0: <PCI-ISA bridge> at device 1.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX3 WDMA2 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xc220-0xc22f at device 1.1 on pci0
ata0: <ATA channel 0> on atapci0
ata0: [ITHREAD]
ata1: <ATA channel 1> on atapci0
ata1: [ITHREAD]
uhci0: <Intel 82371SB (PIIX3) USB controller> port 0xc200-0xc21f irq 23 at device 1.2 on pci0
uhci0: [ITHREAD]
usbus0: controller did not stop
usbus0: <Intel 82371SB (PIIX3) USB controller> on uhci0
pci0: <bridge> at device 1.3 (no driver attached)
vgapci0: <VGA-compatible display> mem 0xf0000000-0xf1ffffff,0xf3000000-0xf3000fff at device 2.0 on pci0
pci0: <unknown> at device 3.0 (no driver attached)
re0: <RealTek 8139C+ 10/100BaseTX> port 0xc100-0xc1ff mem 0xf3001000-0xf30010ff irq 32 at device 4.0 on pci0
re0: Chip rev. 0x74800000
re0: MAC rev. 0x00000000
miibus0: <MII bus> on re0
rlphy0: <RealTek internal media interface> PHY 0 on miibus0
rlphy0:  10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, auto, auto-flow
re0: Ethernet address: 00:16:3e:b5:39:ae
re0: [FILTER]
atrtc0: <AT realtime clock> port 0x70-0x71 irq 8 on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [ITHREAD]
psm0: model IntelliMouse Explorer, device ID 4
fdc0: <floppy drive controller> port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
fdc0: does not respond
device_attach: fdc0 attach returned 6
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart0: [FILTER]
ppc0: <Parallel port> port 0x378-0x37f irq 7 on acpi0
ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode
ppc0: [ITHREAD]
ppbus0: <Parallel port bus> on ppc0
plip0: <PLIP network interface> on ppbus0
plip0: [ITHREAD]
lpt0: <Printer> on ppbus0
lpt0: [ITHREAD]
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
orm0: <ISA Option ROM> at iomem 0xc9000-0xc97ff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
ZFS NOTICE: Prefetch is disabled by default if less than 4GB of RAM is present;
            to enable, add "vfs.zfs.prefetch_disable=0" to /boot/loader.conf.
ZFS filesystem version 5
ZFS storage pool version 28
Timecounters tick every 10.000 msec
usbus0: 12Mbps Full Speed USB v1.0
ad0: 235520MB <QEMU HARDDISK 0.10.2> at ata0-master WDMA2 
ugen0.1: <Intel> at usbus0
uhub0: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
ad1: 235520MB <QEMU HARDDISK 0.10.2> at ata0-slave WDMA2 
acd0: CDROM <QEMU DVD-ROM/0.10.2> at ata1-master WDMA2 
SMP: AP CPU #1 Launched!
SMP: AP CPU #3 Launched!
SMP: AP CPU #2 Launched!
Root mount waiting for: usbus0
uhub0: 2 ports with 2 removable, self powered
Root mount waiting for: usbus0
ugen0.2: <QEMU 0.10.2> at usbus0
ums0: <Endpoint1 Interrupt Pipe> on usbus0
ums0: 3 buttons and [Z] coordinates ID=0
Trying to mount root from zfs:void


	Enable the XEN HVM drivers in the kernel config:

		# Xen HVM support
		options        XENHVM
		device         xenpci

	Boot the system on the new kernel

	Observe a kernel crash probing the xn0 driver:

	xn0: <Virtual Network Interface> at device/vif/0 on xenbusb_front0
	xn0: Error 2 parsing device/vif/0/mac
	xn0: Fatal error. Transitioning to Closing State
	panic: do something smart
	cpuid = 0
	KDB: stack backtrace:
	#0 0xfff..... at kbd_backtrace+0x5e
	#1 0xfff..... at kbd_backtracepanic+0x187
	#2 0xfff..... at netfront_attach+0x18c
	#3 0xfff..... at device_attach+0x69
	#4 0xfff..... at xenbusb_probe_children+0xdf
	#5 0xfff..... at xenbusb_attach+0x11c
	#6 0xfff..... at device_attach_deferred_+0x21
	#7 0xfff..... at bus_generic_attach+0x1a
	#8 0xfff..... at xs_attach_deferred+0x21 
	#9 0xfff..... at run_interrupt_driven_config_hooks+0xab
	#10 0xfff..... at boot_run_interrupt_driven_config_hooks+02c
	#11 0xfff..... at mi_startup+0x77 
	#12 0xfff..... at btext+0x2c

	Does anyone know whether this might be a trivial fix?

