Hi,
I have some issue while booting GENERIC.MP on Xen 4.17 (XCP-ng 8.3 here).
The VM is started in UEFI mode (it boots fine in BIOS mode).
Disabling xbf(4) makes the OS to boot.
The panic message is:
panic: page full, sc 0xffff800000025800 gnt 0xffff80000011c000 (4) ge
0xffff80000011c0f0
It fails during the xbf(4) attach (in xen_grant_table_alloc() function).
Below is the full trace (taken from console) with some ddb commands.
>From what I understand of the code, xen_grant_table_alloc() found a
table page with free entries (ge_free = 9), and while searching inside
the page, doesn't find the free entries.
I tried to enable some coherencies checks hidden behind XEN_DEBUG but
without they find anything problematic.
For now, the sole problem I might have found (but which doesn't fix my
issue) is some lock problem around (ge_free == 0) access.
diff --git a/sys/dev/pv/xen.c b/sys/dev/pv/xen.c
index 3bcc91430a..12a8f7ce55 100644
--- a/sys/dev/pv/xen.c
+++ b/sys/dev/pv/xen.c
@@ -1062,11 +1062,13 @@
/* Try other existing table pages */
for (i = 0; i < sc->sc_gntcnt; i++) {
ge = &sc->sc_gnt[i];
- if (ge->ge_free == 0)
+ mtx_enter(&ge->ge_lock);
+ if (ge->ge_free == 0) {
+ mtx_leave(&ge->ge_lock);
continue;
- mtx_enter(&ge->ge_lock);
+ }
if (ge->ge_free > 0)
- goto search;
+ goto search;
mtx_leave(&ge->ge_lock);
}
Also, I wonder if it would be possible to run db_ctf_init() earler in
boot process (to avoid running it in ddb prompt if `show struct` used
during autoconf(4)).
Regards.
--
Sebastien Marie
booting hd0a:/bsd: 23304117+4842512+468160+0+1478656
[2098055+128+1592832+1286031]=0x2174598
entry point at 0x1001000
[ using 4978072 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.
Copyright (c) 1995-2026 OpenBSD. All rights reserved. https://www.OpenBSD.org
OpenBSD 7.9-current (GENERIC.MP) #7: Mon May 25 11:43:22 CEST 2026
[email protected]:/sys/arch/amd64/compile/GENERIC.MP
real mem = 2097942528 (2000MB)
avail mem = 1980698624 (1888MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x7e0c1000 (12 entries)
bios0: vendor Xen version "4.17" date 05/13/2026
bios0: Xen HVM domU
efi0 at bios0: UEFI 2.7
efi0: EDK II rev 0x10000
acpi0 at bios0: ACPI 4.0
acpi0: sleep states S5
acpi0: tables DSDT FACP APIC HPET WAET
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 11, 48 pins, remapped
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E3-1585L v5 @ 3.00GHz, 3000.47 MHz, 06-5e-03
cpu0: cpuid 1
edx=1fcbfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT>
ecx=f7fa3203<SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV>
cpu0: cpuid 7.0
ebx=9c27ab<FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT>
edx=bc000c00<MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD>
cpu0: cpuid d.1 eax=f<XSAVEOPT,XSAVEC,XGETBV1,XSAVES>
cpu0: cpuid 80000001 edx=2c100800<NXE,PAGE1GB,RDTSCP,LONG>
ecx=121<LAHF,ABM,3DNOWP>
cpu0: msr 10a=c000004<RSBA,GDS_NO,RFDS_NO>
cpu0: MELTDOWN
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line
4-way L2 cache, 8MB 64b/line 16-way L3 cache
cpu0: smt 0, core 0, package 0, type P
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E3-1585L v5 @ 3.00GHz, 3000.27 MHz, 06-5e-03
cpu1: smt 0, core 0, package 1, type P
acpihpet0 at acpi0: 62500000 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpipci0 at acpi0 PCI0
acpicmos0 at acpi0
"PNP0F13" at acpi0 not configured
"PNP0303" at acpi0 not configured
com0 at acpi0 UAR1 addr 0x3f8/0x8 irq 4: ns16550a, 16 byte fifo
com0: console
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
cpu0: using VERW MDS workaround (except on vmm entry)
pvbus0 at mainbus0: Xen 4.17
xen0 at pvbus0: features 112705<PIRQ,PVCLOCK,CBVEC,AUTOPMAP,WPT>, 64 grant
table frames, event channel 3
"9pfs" at xen0: device/9pfs/ not configured
xbf0 at xen0 backend 0 channel 10: cdrom
panic: page full, sc 0xffff800000025800 gnt 0xffff80000011c000 (4) ge 0xffff800
00011c0f0
Stopped at db_enter+0x14: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 0 0 0 0x10000 0x200 0K swapper
db_enter(10,ffffffff8317b4b0,282,8,ffffffff810a4de4,ffffffff8317b4b0) at db_ent
er+0x14
panic(ffffffff826badd4,ffffffff826badd4,ffff80000011c000,ffff800000025800,fffff
fff82b03c59,ffffffff8317b4c0) at panic+0xd5
xen_grant_table_alloc(ffff800000025800,ffff80000015a550,3188b3ff47442319,ffff80
0000025800,ffffffff82afc158,15) at xen_grant_table_alloc+0x253
xen_bus_dmamap_create(ffffffff82afc158,10000,16,1000,1000,1) at xen_bus_dmamap_
create+0xbb
xbf_alloc_ccbs(ffff8000000d8400,ffff8000000d8400,558c4cf085fb975c,ffff8000000d8
490,ffff8000000d8400,ffff8000000d8570) at xbf_alloc_ccbs+0x15d
xbf_ring_create(ffff8000000d8400,ffff8000000d8400,f3981b1c0e2389c7,ffff8000000d
8400,ffffffff818d0cb1,ffffffff8317b6c0) at xbf_ring_create+0x101
xbf_init(ffff8000000d8400,ffff8000000d8400,281193c9ae430645,ffff8000000d8400,ff
ff800000025800,ffff8000000d8424) at xbf_init+0x15a
xbf_attach(ffff800000025800,ffff8000000d8400,ffffffff8317b858,ffff800000025800,
ec34798d77c9cc99,ffff800000025800) at xbf_attach+0x17c
config_attach(ffff800000025800,ffffffff82b106e0,ffffffff8317b858,ffffffff8138fd
f0,481a4a7b94e875e3,0) at config_attach+0x22b
xen_attach_device(ffff800000025800,ffff800000111900,ffff800000049270,ffff800000
0492c0,2ef5a76331a9dbf7,0) at xen_attach_device+0x18c
xen_probe_devices(ffff800000025800,ffff800000025800,ccc8bca50da11155,ffffffff82
c38990,ffff800000025800,ffffffff82afc138) at xen_probe_devices+0x22f
xen_attach(ffff800000105780,ffff800000025800,ffffffff8317bc00,ffff800000105780,
8b2826d39bc7611c,ffff800000105780) at xen_attach+0x214
config_attach(ffff800000105780,ffffffff82b10670,ffffffff8317bc00,ffffffff81d7bc
40,481a4a7b94073179,ffff800000105780) at config_attach+0x22b
pvbus_search(ffff800000105780,ffffffff82b10670,ffff800000105780,ffff80000010578
0,5e3ed407d5cd5d8f,ffffffff82b10670) at pvbus_search+0x76
end trace frame: 0xffffffff8317bca0, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}> call db_ctf_init
0
ddb{0}> show struct xen_gntent 0xffff80000011c0f0
struct xen_gntent at 0xffff80000011c0f0 (80 bytes) {ge_table = (grant_entry_t *
)0xffff800029650000, ge_start = 1536, ge_reserved = 0, ge_next = 503, ge_free =
9, ge_lock = {mtx_owner = 0, mtx_wantipl = 9, mtx_oldipl = 14, mtx_lock_obj = {
lo_type = (const lock_type *)0x0, lo_name = (const char *)0xffffffff82662beb, l
o_witness = (struct witness *)0xfffffd80031e6840, lo_relative = (struct lock_ob
ject *)0x0, lo_flags = 16973824}}}
ddb{0}>
