From: bugzilla-daemon@bugzilla.kernel.org
To: kvm@vger.kernel.org
Subject: [Bug 27052] Module KVM : unable to handle kernel NULL pointer dereference at
Date: Thu, 10 Feb 2011 14:14:29 GMT [thread overview]
Message-ID: <201102101414.p1AEETUB027776@demeter2.kernel.org> (raw)
In-Reply-To: <bug-27052-28872@https.bugzilla.kernel.org/>
https://bugzilla.kernel.org/show_bug.cgi?id=27052
--- Comment #24 from prochazka <prochazka.nicolas@gmail.com> 2011-02-10 14:14:25 ---
I can now reproduce it under this circonstance on different server
- Windows XP guest SP2 : guest OS seems to be important, other XP sp3 works
fine
- connect with vnc to this guest and connect with RDP on other
( 5 or 6 guests ) .
kernel : 2.6.37
qemu-kvm with hugepages option for #18 #19 .
/usr/local/bin/qemu -name XP_013 -vga std -net
tap,vlan=0,name=interne,ifname=vmtap28 -net
nic,vlan=0,macaddr=ac:de:48:88:e2:92,model=e1000 -cpu host -localtime -usb
-usbdevice tablet -vnc 10.98.98.13:135 -monitor
tcp:127.0.0.1:10135,server,nowait,nodelay -m 512 -pidfile
/var/run/qemu/XP_013.pid -net
vde,port=85,vlan=5,sock=/tmpsafe/neoswitch_bridge,name=externe -net
nic,vlan=5,macaddr=ac:de:48:7b:9e:ec,model=e1000 -mem-prealloc -mem-path
/hugepages -rtc base=localtime -drive
file=/mnt/vdisk/images/VM-XP_013.1297326902.381783,index=0,media=disk,snapshot=on,cache=unsafe
-drive
file=/swapfile-guest/swap1,if=ide,index=1,media=disk,snapshot=on,boot=off -fda
fat:floppy:/mnt/vdisk/diskconf/XP_013
Last Kernel that works reliably : 2.6.34 ( I do not test with kernel between
2.6.34 and 2.6.37 )
I just reproduce bug, with kernel 2.6.38rc4 + without hugepage
( kvm module from 2.6.38rc4 tree)
general protection fault: 0000 [#4] SMP
last sysfs file: /sys/devices/system/cpu/cpu7/cache/index2/shared_cpu_map
CPU 0
Modules linked in: kvm_intel kvm bnx2
Pid: 15886, comm: qemu Tainted: G D 2.6.38-rc4 #1 0P010H/PowerEdge
M600
RIP: 0010:[<ffffffffa00319a5>] [<ffffffffa00319a5>] drop_spte+0xd5/0x1f0 [kvm]
RSP: 0018:ffff8804d6cd5b88 EFLAGS: 00010246
RAX: ffffc9001a2d2ff8 RBX: ffff88049dbc7c00 RCX: 0000880529dd6460
RDX: 0000000000000000 RSI: 0000880529dd6460 RDI: ffff8807e30ba000
RBP: ffff8804d6cd5b98 R08: 0000000000000000 R09: dead000000200200
R10: dead000000100100 R11: 0000000000000000 R12: ffff8804d6efc000
R13: ffff8804d6cd5c08 R14: 0000000000000000 R15: ffff88049dbc7c00
FS: 00007f9b43455740(0000) GS:ffff8800bfc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00000000056ab000 CR3: 00000004d6cfd000 CR4: 00000000000426e0
DR0: 00000000000000a0 DR1: 0000000000000000 DR2: 0000000000000003
DR3: 00000000000000b0 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process qemu (pid: 15886, threadinfo ffff8804d6cd4000, task ffff88050f22c000)
Stack:
ffff8804a5027f00 ffff8804d6efc000 ffff8804d6cd5bf8 ffffffffa0031e7f
00000000fffffff5 0000000000000000 ffff8804d6cd5be8 ffffffff00000180
0000000000000000 ffff8804d6efc000 ffff8804a50276e0 ffff8804d6cd5c08
Call Trace:
[<ffffffffa0031e7f>] kvm_mmu_prepare_zap_page+0x8f/0x2f0 [kvm]
[<ffffffffa00327aa>] kvm_mmu_zap_all+0x4a/0x90 [kvm]
[<ffffffffa0026496>] kvm_arch_flush_shadow+0x16/0x30 [kvm]
[<ffffffffa0018c43>] __kvm_set_memory_region+0x2c3/0x810 [kvm]
[<ffffffff81075e28>] ? hrtimer_start+0x18/0x20
[<ffffffffa00473b7>] ? create_pit_timer+0xb7/0xd0 [kvm]
[<ffffffffa00474a3>] ? pit_load_count+0xd3/0x120 [kvm]
[<ffffffffa0047852>] ? kvm_pit_load_count+0x22/0x60 [kvm]
[<ffffffffa00191d3>] kvm_set_memory_region+0x43/0x70 [kvm]
[<ffffffffa001921d>] kvm_vm_ioctl_set_memory_region+0x1d/0x30 [kvm]
[<ffffffffa0019a55>] kvm_vm_ioctl+0x1e5/0x3e0 [kvm]
[<ffffffff811368d3>] do_vfs_ioctl+0xa3/0x540
[<ffffffff81083afe>] ? sys_futex+0xce/0x170
[<ffffffff81136dbf>] sys_ioctl+0x4f/0x80
[<ffffffff81002f82>] system_call_fastpath+0x16/0x1b
Code: 50 38 48 63 f6 48 8b 34 f2 0f b6 50 28 83 e2 0f eb b8 0f 1f 40 00 48 83
e6 fe 0f 84 d9 00 00 00 45 31 c0 0f 1f 00 48 89 f1 31 d2 <48> 8b 39 48 85 ff 74
10 48 39 fb 74 26 ff c2 48 83 c1 08 83 fa
RIP [<ffffffffa00319a5>] drop_spte+0xd5/0x1f0 [kvm]
RSP <ffff8804d6cd5b88>
---[ end trace a0f93d7b4fb495a7 ]---
general protection fault: 0000 [#5] SMP
last sysfs file: /sys/devices/system/cpu/cpu7/cache/index2/shared_cpu_map
CPU 5
Modules linked in: kvm_intel kvm bnx2
Pid: 30332, comm: bash Tainted: G D 2.6.38-rc4 #1 0P010H/PowerEdge
M600
RIP: 0010:[<ffffffff81140b68>] [<ffffffff81140b68>] dup_fd+0x168/0x300
RSP: 0018:ffff8805fbd03da0 EFLAGS: 00010202
RAX: 00000000000007f8 RBX: ffff8807e94179c0 RCX: bfffffffffffffff
RDX: 00008807e3ef5480 RSI: 00000000000000ff RDI: 0000000000000800
RBP: ffff8805fbd03e00 R08: ffff8804f2c20280 R09: 0000000000000003
R10: 0000000000000001 R11: 4000000000000000 R12: ffff8804bf071000
R13: ffff8804f2c20540 R14: ffff8807dac23800 R15: 0000000000000100
FS: 00007fb0a6a11700(0000) GS:ffff8800bfd40000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000bf3000 CR3: 00000007116cf000 CR4: 00000000000426e0
DR0: 0000000000000003 DR1: 00000000000000b0 DR2: 0000000000000001
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process bash (pid: 30332, threadinfo ffff8805fbd02000, task ffff880715cd1000)
Stack:
ffff880500000005 0000000100000282 0000000000000020 ffff8806fa7dca40
ffff8807feaceec8 ffff8807feacef40 00007fb0a6a119d0 ffff8807db5f7000
0000000000000000 0000000001200011 00007fb0a6a119d0 0000000000000000
Call Trace:
[<ffffffff8104fd52>] copy_process+0xa02/0x1200
[<ffffffff810505b3>] do_fork+0x63/0x340
[<ffffffff819b2bee>] ? _raw_spin_lock+0xe/0x20
[<ffffffff81124477>] ? fd_install+0x67/0x90
[<ffffffff8112f1b0>] ? do_pipe_flags+0xb0/0x100
[<ffffffff8100c598>] sys_clone+0x28/0x30
[<ffffffff81003223>] stub_clone+0x13/0x20
[<ffffffff81002f82>] ? system_call_fastpath+0x16/0x1b
Code: 4c 89 c2 e8 1b 35 23 00 45 85 ff 74 77 41 8d 47 ff 31 f6 48 8d 3c c5 08
00 00 00 41 ba 01 00 00 00 31 c0 eb 1a 66 0f 1f 44 00 00 <f0> 48 ff 42 30 49 89
14 04 ff c6 48 83 c0 08 48 39 f8 74 3c 49
RIP [<ffffffff81140b68>] dup_fd+0x168/0x300
RSP <ffff8805fbd03da0>
---[ end trace a0f93d7b4fb495a8 ]---
general protection fault: 0000 [#6] SMP
last sysfs file: /sys/devices/system/cpu/cpu7/cache/index2/shared_cpu_map
CPU 5
Modules linked in: kvm_intel kvm bnx2
Pid: 30332, comm: bash Tainted: G D 2.6.38-rc4 #1 0P010H/PowerEdge
M600
RIP: 0010:[<ffffffff81124549>] [<ffffffff81124549>] filp_close+0x19/0x90
RSP: 0018:ffff8805fbd03b28 EFLAGS: 00010286
RAX: ffff8807dac23ff8 RBX: 0000000000000003 RCX: ffff8806fa7dc180
RDX: 0000000000000000 RSI: ffff8807feaceec0 RDI: 00008807e3ef5480
RBP: ffff8805fbd03b48 R08: 0000000000000000 R09: 0000000000000000
R10: ffff8807e5659d90 R11: 0000000000000000 R12: 0000000000000001
R13: ffff8806fa7dca40 R14: ffff8807feaceec0 R15: 00000000000000ff
FS: 0000000000000000(0000) GS:ffff8800bfd40000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000bf3000 CR3: 0000000001d61000 CR4: 00000000000426e0
DR0: 0000000000000003 DR1: 00000000000000b0 DR2: 0000000000000001
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process bash (pid: 30332, threadinfo ffff8805fbd02000, task ffff880715cd1000)
Stack:
0000000000000099 0000000000000003 0000000000000001 ffff8806fa7dca40
ffff8805fbd03b98 ffffffff81053890 ffff880715cd1000 0000000000000000
0000000000000000 ffff8807feaceec0 ffff880715cd14b4 ffff880715cd1000
Call Trace:
[<ffffffff81053890>] put_files_struct+0xd0/0xf0
[<ffffffff81053904>] exit_files+0x54/0x70
[<ffffffff810552ae>] do_exit+0x14e/0x800
[<ffffffff8100726f>] oops_end+0xaf/0xf0
[<ffffffff810074bb>] die+0x5b/0x90
[<ffffffff81004df2>] do_general_protection+0x162/0x170
[<ffffffff819b3335>] general_protection+0x25/0x30
[<ffffffff81140b68>] ? dup_fd+0x168/0x300
[<ffffffff8104fd52>] copy_process+0xa02/0x1200
[<ffffffff810505b3>] do_fork+0x63/0x340
[<ffffffff819b2bee>] ? _raw_spin_lock+0xe/0x20
[<ffffffff81124477>] ? fd_install+0x67/0x90
[<ffffffff8112f1b0>] ? do_pipe_flags+0xb0/0x100
[<ffffffff8100c598>] sys_clone+0x28/0x30
[<ffffffff81003223>] stub_clone+0x13/0x20
[<ffffffff81002f82>] ? system_call_fastpath+0x16/0x1b
Code: 5d e8 4c 8b 65 f0 4c 8b 6d f8 c9 c3 66 0f 1f 44 00 00 55 48 89 e5 48 83
ec 20 48 89 5d e8 4c 89 65 f0 4c 89 6d f8 0f 1f 44 00 00 <48> 8b 47 30 48 89 fb
49 89 f4 48 85 c0 74 4d 48 8b 47 20 48 85
RIP [<ffffffff81124549>] filp_close+0x19/0x90
RSP <ffff8805fbd03b28>
---[ end trace a0f93d7b4fb495a9 ]---
Fixing recursive fault but reboot is needed!
BUG: unable to handle kernel paging request at ffffed7fffffffd8
IP: [<ffffffffa0031f12>] kvm_mmu_prepare_zap_page+0x122/0x2f0 [kvm]
PGD 0
Oops: 0000 [#7] SMP
last sysfs file: /sys/devices/system/cpu/cpu7/cache/index2/shared_cpu_map
CPU 1
Modules linked in: kvm_intel kvm bnx2
Pid: 17293, comm: qemu Tainted: G D 2.6.38-rc4 #1 0P010H/PowerEdge
M600
RIP: 0010:[<ffffffffa0031f12>] [<ffffffffa0031f12>]
kvm_mmu_prepare_zap_page+0x122/0x2f0 [kvm]
RSP: 0018:ffff8804a51838e8 EFLAGS: 00010206
RAX: 00000000000001ff RBX: ffff8804f2f04c80 RCX: 0000037fffffffc8
RDX: ffffea0000000000 RSI: ffff880463d77ff8 RDI: ffff880463d77ff0
RBP: ffff8804a5183938 R08: ffff8804df999808 R09: dead000000200200
R10: dead000000100100 R11: 0000000000000000 R12: ffff8804a50cc000
R13: ffff8804a51839e8 R14: 0000000000000002 R15: ffff880463d77ff8
FS: 00007f364c568710(0000) GS:ffff8800bfc40000(0000) knlGS:0000000000000000
CS: 0010 DS: 002b ES: 002b CR0: 000000008005003b
CR2: ffffed7fffffffd8 CR3: 00000004a50ad000 CR4: 00000000000426e0
DR0: 0000000000000001 DR1: 0000000000000002 DR2: 0000000000000001
DR3: 000000000000000a DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process qemu (pid: 17293, threadinfo ffff8804a5182000, task ffff8804bf3ba000)
Stack:
ffff8804a51839a8 ffffffffa0033ed5 ffff880400000006 00000000000001fe
000000000000000f ffff8804f2f04c80 ffff8804f2f04c90 0000000000000000
0000000000000080 ffff8804f2ef3700 ffff8804a5183a38 ffffffffa003791c
Call Trace:
[<ffffffffa0033ed5>] ? paging32_walk_addr_generic+0x375/0x5c0 [kvm]
[<ffffffffa003791c>] kvm_mmu_pte_write+0x22c/0xa90 [kvm]
[<ffffffffa0016f42>] ? kvm_write_guest_page+0x72/0xd0 [kvm]
[<ffffffffa0027106>] emulator_write_phys+0x56/0x70 [kvm]
[<ffffffffa002718b>] emulator_write_emulated_onepage+0x6b/0x190 [kvm]
[<ffffffffa0027333>] emulator_write_emulated+0x83/0xa0 [kvm]
[<ffffffffa001f28d>] ? emulator_get_cached_segment_base+0x1d/0x20 [kvm]
[<ffffffffa00272b0>] ? emulator_write_emulated+0x0/0xa0 [kvm]
[<ffffffffa003fa0d>] x86_emulate_insn+0x20fd/0x6390 [kvm]
[<ffffffffa003b64b>] ? x86_decode_insn+0x74b/0xcd0 [kvm]
[<ffffffffa003ab00>] ? em_mov+0x0/0x20 [kvm]
[<ffffffffa0028eb8>] x86_emulate_instruction+0xb8/0x3d0 [kvm]
[<ffffffffa0034ff1>] kvm_mmu_page_fault+0x71/0x90 [kvm]
[<ffffffffa007cb24>] handle_exception+0x324/0x390 [kvm_intel]
[<ffffffffa007cc1e>] vmx_handle_exit+0x8e/0x2b0 [kvm_intel]
[<ffffffffa002c546>] kvm_arch_vcpu_ioctl_run+0x526/0xe70 [kvm]
[<ffffffffa001a6f2>] kvm_vcpu_ioctl+0x502/0x650 [kvm]
[<ffffffff81063ed1>] ? dequeue_signal+0x41/0x170
[<ffffffff81061b1f>] ? copy_siginfo_to_user+0xff/0x1f0
[<ffffffff811368d3>] do_vfs_ioctl+0xa3/0x540
[<ffffffff81083afe>] ? sys_futex+0xce/0x170
[<ffffffff81136dbf>] sys_ioctl+0x4f/0x80
[<ffffffff81002f82>] system_call_fastpath+0x16/0x1b
Code: 75 d8 0f 0b eb fe 0f 1f 00 48 ba 00 f0 ff ff ff ff 0f 00 4c 89 fe 48 21
d1 48 ba 00 00 00 00 00 ea ff ff 48 c1 e9 0c 48 6b c9 38 <48> 8b 7c 11 10 89 45
c8 e8 61 f5 ff ff 48 8b 0d ea 6c 02 00 8b
RIP [<ffffffffa0031f12>] kvm_mmu_prepare_zap_page+0x122/0x2f0 [kvm]
RSP <ffff8804a51838e8>
CR2: ffffed7fffffffd8
---[ end trace a0f93d7b4fb495aa ]---
--
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
next prev parent reply other threads:[~2011-02-10 14:14 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-19 10:04 [Bug 27052] New: Module KVM : unable to handle kernel NULL pointer dereference at bugzilla-daemon
2011-01-19 11:06 ` [Bug 27052] " bugzilla-daemon
2011-01-19 11:26 ` bugzilla-daemon
2011-01-19 11:34 ` bugzilla-daemon
2011-01-20 17:29 ` bugzilla-daemon
2011-01-20 17:30 ` bugzilla-daemon
2011-01-20 19:45 ` bugzilla-daemon
2011-01-21 3:27 ` bugzilla-daemon
2011-01-21 3:29 ` bugzilla-daemon
2011-01-25 8:49 ` bugzilla-daemon
2011-01-25 13:09 ` bugzilla-daemon
2011-01-25 13:35 ` bugzilla-daemon
2011-01-25 13:55 ` bugzilla-daemon
2011-01-25 17:08 ` bugzilla-daemon
2011-01-25 17:08 ` bugzilla-daemon
2011-01-25 17:29 ` bugzilla-daemon
2011-01-28 6:58 ` bugzilla-daemon
2011-02-04 21:11 ` bugzilla-daemon
2011-02-04 21:13 ` bugzilla-daemon
2011-02-08 9:46 ` bugzilla-daemon
2011-02-08 10:50 ` bugzilla-daemon
2011-02-10 8:25 ` bugzilla-daemon
2011-02-10 13:36 ` bugzilla-daemon
2011-02-10 13:50 ` bugzilla-daemon
2011-02-10 14:14 ` bugzilla-daemon [this message]
2011-02-10 14:16 ` bugzilla-daemon
2011-02-10 16:57 ` bugzilla-daemon
2011-02-10 16:58 ` bugzilla-daemon
2011-02-11 15:43 ` bugzilla-daemon
2011-02-11 21:33 ` bugzilla-daemon
2011-02-12 17:06 ` bugzilla-daemon
2011-02-13 16:11 ` bugzilla-daemon
2011-02-13 16:38 ` bugzilla-daemon
2011-02-13 19:39 ` bugzilla-daemon
2011-02-13 20:13 ` bugzilla-daemon
2011-02-14 14:52 ` bugzilla-daemon
2011-02-14 15:50 ` bugzilla-daemon
2011-02-14 15:51 ` bugzilla-daemon
2011-02-14 16:02 ` bugzilla-daemon
2011-04-21 11:45 ` bugzilla-daemon
2011-04-21 12:13 ` bugzilla-daemon
2011-04-21 12:39 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201102101414.p1AEETUB027776@demeter2.kernel.org \
--to=bugzilla-daemon@bugzilla.kernel.org \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.