From mboxrd@z Thu Jan  1 00:00:00 1970
From: bugzilla-daemon@bugzilla.kernel.org
Subject: [Bug 27052] Module KVM : unable to handle kernel NULL pointer
 dereference at
Date: Thu, 10 Feb 2011 14:14:29 GMT
Message-ID: <201102101414.p1AEETUB027776@demeter2.kernel.org>
References: <bug-27052-28872@https.bugzilla.kernel.org/>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
To: kvm@vger.kernel.org
Return-path: <kvm-owner@vger.kernel.org>
Received: from demeter2.kernel.org ([140.211.167.42]:44422 "EHLO
	demeter2.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1756364Ab1BJOOa (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 10 Feb 2011 09:14:30 -0500
Received: from demeter2.kernel.org (localhost.localdomain [127.0.0.1])
	by demeter2.kernel.org (8.14.4/8.14.3) with ESMTP id p1AEETVY027777
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <kvm@vger.kernel.org>; Thu, 10 Feb 2011 14:14:29 GMT
In-Reply-To: <bug-27052-28872@https.bugzilla.kernel.org/>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

https://bugzilla.kernel.org/show_bug.cgi?id=27052





--- Comment #24 from prochazka <prochazka.nicolas@gmail.com>  2011-02-10 14:14:25 ---
I can now reproduce it under this circonstance on different server 

- Windows XP guest SP2  : guest OS seems to be important, other XP sp3 works
fine
- connect with vnc to this guest and connect with RDP on other 
( 5 or 6 guests ) .

kernel : 2.6.37 
qemu-kvm with hugepages option for #18 #19 . 

/usr/local/bin/qemu -name XP_013 -vga std -net
tap,vlan=0,name=interne,ifname=vmtap28 -net
nic,vlan=0,macaddr=ac:de:48:88:e2:92,model=e1000 -cpu host -localtime -usb
-usbdevice tablet -vnc 10.98.98.13:135 -monitor
tcp:127.0.0.1:10135,server,nowait,nodelay -m 512 -pidfile
/var/run/qemu/XP_013.pid -net
vde,port=85,vlan=5,sock=/tmpsafe/neoswitch_bridge,name=externe -net
nic,vlan=5,macaddr=ac:de:48:7b:9e:ec,model=e1000 -mem-prealloc -mem-path
/hugepages -rtc base=localtime -drive
file=/mnt/vdisk/images/VM-XP_013.1297326902.381783,index=0,media=disk,snapshot=on,cache=unsafe
-drive
file=/swapfile-guest/swap1,if=ide,index=1,media=disk,snapshot=on,boot=off -fda
fat:floppy:/mnt/vdisk/diskconf/XP_013

Last Kernel that works reliably : 2.6.34  ( I do not test with kernel between
2.6.34 and 2.6.37 ) 


I just reproduce bug, with kernel 2.6.38rc4  + without hugepage 
( kvm module from 2.6.38rc4 tree) 


general protection fault: 0000 [#4] SMP 
last sysfs file: /sys/devices/system/cpu/cpu7/cache/index2/shared_cpu_map
CPU 0 
Modules linked in: kvm_intel kvm bnx2

Pid: 15886, comm: qemu Tainted: G      D     2.6.38-rc4 #1 0P010H/PowerEdge
M600
RIP: 0010:[<ffffffffa00319a5>]  [<ffffffffa00319a5>] drop_spte+0xd5/0x1f0 [kvm]
RSP: 0018:ffff8804d6cd5b88  EFLAGS: 00010246
RAX: ffffc9001a2d2ff8 RBX: ffff88049dbc7c00 RCX: 0000880529dd6460
RDX: 0000000000000000 RSI: 0000880529dd6460 RDI: ffff8807e30ba000
RBP: ffff8804d6cd5b98 R08: 0000000000000000 R09: dead000000200200
R10: dead000000100100 R11: 0000000000000000 R12: ffff8804d6efc000
R13: ffff8804d6cd5c08 R14: 0000000000000000 R15: ffff88049dbc7c00
FS:  00007f9b43455740(0000) GS:ffff8800bfc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00000000056ab000 CR3: 00000004d6cfd000 CR4: 00000000000426e0
DR0: 00000000000000a0 DR1: 0000000000000000 DR2: 0000000000000003
DR3: 00000000000000b0 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process qemu (pid: 15886, threadinfo ffff8804d6cd4000, task ffff88050f22c000)
Stack:
 ffff8804a5027f00 ffff8804d6efc000 ffff8804d6cd5bf8 ffffffffa0031e7f
 00000000fffffff5 0000000000000000 ffff8804d6cd5be8 ffffffff00000180
 0000000000000000 ffff8804d6efc000 ffff8804a50276e0 ffff8804d6cd5c08
Call Trace:
 [<ffffffffa0031e7f>] kvm_mmu_prepare_zap_page+0x8f/0x2f0 [kvm]
 [<ffffffffa00327aa>] kvm_mmu_zap_all+0x4a/0x90 [kvm]
 [<ffffffffa0026496>] kvm_arch_flush_shadow+0x16/0x30 [kvm]
 [<ffffffffa0018c43>] __kvm_set_memory_region+0x2c3/0x810 [kvm]
 [<ffffffff81075e28>] ? hrtimer_start+0x18/0x20
 [<ffffffffa00473b7>] ? create_pit_timer+0xb7/0xd0 [kvm]
 [<ffffffffa00474a3>] ? pit_load_count+0xd3/0x120 [kvm]
 [<ffffffffa0047852>] ? kvm_pit_load_count+0x22/0x60 [kvm]
 [<ffffffffa00191d3>] kvm_set_memory_region+0x43/0x70 [kvm]
 [<ffffffffa001921d>] kvm_vm_ioctl_set_memory_region+0x1d/0x30 [kvm]
 [<ffffffffa0019a55>] kvm_vm_ioctl+0x1e5/0x3e0 [kvm]
 [<ffffffff811368d3>] do_vfs_ioctl+0xa3/0x540
 [<ffffffff81083afe>] ? sys_futex+0xce/0x170
 [<ffffffff81136dbf>] sys_ioctl+0x4f/0x80
 [<ffffffff81002f82>] system_call_fastpath+0x16/0x1b
Code: 50 38 48 63 f6 48 8b 34 f2 0f b6 50 28 83 e2 0f eb b8 0f 1f 40 00 48 83
e6 fe 0f 84 d9 00 00 00 45 31 c0 0f 1f 00 48 89 f1 31 d2 <48> 8b 39 48 85 ff 74
10 48 39 fb 74 26 ff c2 48 83 c1 08 83 fa 
RIP  [<ffffffffa00319a5>] drop_spte+0xd5/0x1f0 [kvm]
 RSP <ffff8804d6cd5b88>
---[ end trace a0f93d7b4fb495a7 ]---
general protection fault: 0000 [#5] SMP 
last sysfs file: /sys/devices/system/cpu/cpu7/cache/index2/shared_cpu_map
CPU 5 
Modules linked in: kvm_intel kvm bnx2

Pid: 30332, comm: bash Tainted: G      D     2.6.38-rc4 #1 0P010H/PowerEdge
M600
RIP: 0010:[<ffffffff81140b68>]  [<ffffffff81140b68>] dup_fd+0x168/0x300
RSP: 0018:ffff8805fbd03da0  EFLAGS: 00010202
RAX: 00000000000007f8 RBX: ffff8807e94179c0 RCX: bfffffffffffffff
RDX: 00008807e3ef5480 RSI: 00000000000000ff RDI: 0000000000000800
RBP: ffff8805fbd03e00 R08: ffff8804f2c20280 R09: 0000000000000003
R10: 0000000000000001 R11: 4000000000000000 R12: ffff8804bf071000
R13: ffff8804f2c20540 R14: ffff8807dac23800 R15: 0000000000000100
FS:  00007fb0a6a11700(0000) GS:ffff8800bfd40000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000bf3000 CR3: 00000007116cf000 CR4: 00000000000426e0
DR0: 0000000000000003 DR1: 00000000000000b0 DR2: 0000000000000001
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process bash (pid: 30332, threadinfo ffff8805fbd02000, task ffff880715cd1000)
Stack:
 ffff880500000005 0000000100000282 0000000000000020 ffff8806fa7dca40
 ffff8807feaceec8 ffff8807feacef40 00007fb0a6a119d0 ffff8807db5f7000
 0000000000000000 0000000001200011 00007fb0a6a119d0 0000000000000000
Call Trace:
 [<ffffffff8104fd52>] copy_process+0xa02/0x1200
 [<ffffffff810505b3>] do_fork+0x63/0x340
 [<ffffffff819b2bee>] ? _raw_spin_lock+0xe/0x20
 [<ffffffff81124477>] ? fd_install+0x67/0x90
 [<ffffffff8112f1b0>] ? do_pipe_flags+0xb0/0x100
 [<ffffffff8100c598>] sys_clone+0x28/0x30
 [<ffffffff81003223>] stub_clone+0x13/0x20
 [<ffffffff81002f82>] ? system_call_fastpath+0x16/0x1b
Code: 4c 89 c2 e8 1b 35 23 00 45 85 ff 74 77 41 8d 47 ff 31 f6 48 8d 3c c5 08
00 00 00 41 ba 01 00 00 00 31 c0 eb 1a 66 0f 1f 44 00 00 <f0> 48 ff 42 30 49 89
14 04 ff c6 48 83 c0 08 48 39 f8 74 3c 49 
RIP  [<ffffffff81140b68>] dup_fd+0x168/0x300
 RSP <ffff8805fbd03da0>
---[ end trace a0f93d7b4fb495a8 ]---
general protection fault: 0000 [#6] SMP 
last sysfs file: /sys/devices/system/cpu/cpu7/cache/index2/shared_cpu_map
CPU 5 
Modules linked in: kvm_intel kvm bnx2

Pid: 30332, comm: bash Tainted: G      D     2.6.38-rc4 #1 0P010H/PowerEdge
M600
RIP: 0010:[<ffffffff81124549>]  [<ffffffff81124549>] filp_close+0x19/0x90
RSP: 0018:ffff8805fbd03b28  EFLAGS: 00010286
RAX: ffff8807dac23ff8 RBX: 0000000000000003 RCX: ffff8806fa7dc180
RDX: 0000000000000000 RSI: ffff8807feaceec0 RDI: 00008807e3ef5480
RBP: ffff8805fbd03b48 R08: 0000000000000000 R09: 0000000000000000
R10: ffff8807e5659d90 R11: 0000000000000000 R12: 0000000000000001
R13: ffff8806fa7dca40 R14: ffff8807feaceec0 R15: 00000000000000ff
FS:  0000000000000000(0000) GS:ffff8800bfd40000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000bf3000 CR3: 0000000001d61000 CR4: 00000000000426e0
DR0: 0000000000000003 DR1: 00000000000000b0 DR2: 0000000000000001
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process bash (pid: 30332, threadinfo ffff8805fbd02000, task ffff880715cd1000)
Stack:
 0000000000000099 0000000000000003 0000000000000001 ffff8806fa7dca40
 ffff8805fbd03b98 ffffffff81053890 ffff880715cd1000 0000000000000000
 0000000000000000 ffff8807feaceec0 ffff880715cd14b4 ffff880715cd1000
Call Trace:
 [<ffffffff81053890>] put_files_struct+0xd0/0xf0
 [<ffffffff81053904>] exit_files+0x54/0x70
 [<ffffffff810552ae>] do_exit+0x14e/0x800
 [<ffffffff8100726f>] oops_end+0xaf/0xf0
 [<ffffffff810074bb>] die+0x5b/0x90
 [<ffffffff81004df2>] do_general_protection+0x162/0x170
 [<ffffffff819b3335>] general_protection+0x25/0x30
 [<ffffffff81140b68>] ? dup_fd+0x168/0x300
 [<ffffffff8104fd52>] copy_process+0xa02/0x1200
 [<ffffffff810505b3>] do_fork+0x63/0x340
 [<ffffffff819b2bee>] ? _raw_spin_lock+0xe/0x20
 [<ffffffff81124477>] ? fd_install+0x67/0x90
 [<ffffffff8112f1b0>] ? do_pipe_flags+0xb0/0x100
 [<ffffffff8100c598>] sys_clone+0x28/0x30
 [<ffffffff81003223>] stub_clone+0x13/0x20
 [<ffffffff81002f82>] ? system_call_fastpath+0x16/0x1b
Code: 5d e8 4c 8b 65 f0 4c 8b 6d f8 c9 c3 66 0f 1f 44 00 00 55 48 89 e5 48 83
ec 20 48 89 5d e8 4c 89 65 f0 4c 89 6d f8 0f 1f 44 00 00 <48> 8b 47 30 48 89 fb
49 89 f4 48 85 c0 74 4d 48 8b 47 20 48 85 
RIP  [<ffffffff81124549>] filp_close+0x19/0x90
 RSP <ffff8805fbd03b28>
---[ end trace a0f93d7b4fb495a9 ]---
Fixing recursive fault but reboot is needed!
BUG: unable to handle kernel paging request at ffffed7fffffffd8
IP: [<ffffffffa0031f12>] kvm_mmu_prepare_zap_page+0x122/0x2f0 [kvm]
PGD 0 
Oops: 0000 [#7] SMP 
last sysfs file: /sys/devices/system/cpu/cpu7/cache/index2/shared_cpu_map
CPU 1 
Modules linked in: kvm_intel kvm bnx2

Pid: 17293, comm: qemu Tainted: G      D     2.6.38-rc4 #1 0P010H/PowerEdge
M600
RIP: 0010:[<ffffffffa0031f12>]  [<ffffffffa0031f12>]
kvm_mmu_prepare_zap_page+0x122/0x2f0 [kvm]
RSP: 0018:ffff8804a51838e8  EFLAGS: 00010206
RAX: 00000000000001ff RBX: ffff8804f2f04c80 RCX: 0000037fffffffc8
RDX: ffffea0000000000 RSI: ffff880463d77ff8 RDI: ffff880463d77ff0
RBP: ffff8804a5183938 R08: ffff8804df999808 R09: dead000000200200
R10: dead000000100100 R11: 0000000000000000 R12: ffff8804a50cc000
R13: ffff8804a51839e8 R14: 0000000000000002 R15: ffff880463d77ff8
FS:  00007f364c568710(0000) GS:ffff8800bfc40000(0000) knlGS:0000000000000000
CS:  0010 DS: 002b ES: 002b CR0: 000000008005003b
CR2: ffffed7fffffffd8 CR3: 00000004a50ad000 CR4: 00000000000426e0
DR0: 0000000000000001 DR1: 0000000000000002 DR2: 0000000000000001
DR3: 000000000000000a DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process qemu (pid: 17293, threadinfo ffff8804a5182000, task ffff8804bf3ba000)
Stack:
 ffff8804a51839a8 ffffffffa0033ed5 ffff880400000006 00000000000001fe
 000000000000000f ffff8804f2f04c80 ffff8804f2f04c90 0000000000000000
 0000000000000080 ffff8804f2ef3700 ffff8804a5183a38 ffffffffa003791c
Call Trace:
 [<ffffffffa0033ed5>] ? paging32_walk_addr_generic+0x375/0x5c0 [kvm]
 [<ffffffffa003791c>] kvm_mmu_pte_write+0x22c/0xa90 [kvm]
 [<ffffffffa0016f42>] ? kvm_write_guest_page+0x72/0xd0 [kvm]
 [<ffffffffa0027106>] emulator_write_phys+0x56/0x70 [kvm]
 [<ffffffffa002718b>] emulator_write_emulated_onepage+0x6b/0x190 [kvm]
 [<ffffffffa0027333>] emulator_write_emulated+0x83/0xa0 [kvm]
 [<ffffffffa001f28d>] ? emulator_get_cached_segment_base+0x1d/0x20 [kvm]
 [<ffffffffa00272b0>] ? emulator_write_emulated+0x0/0xa0 [kvm]
 [<ffffffffa003fa0d>] x86_emulate_insn+0x20fd/0x6390 [kvm]
 [<ffffffffa003b64b>] ? x86_decode_insn+0x74b/0xcd0 [kvm]
 [<ffffffffa003ab00>] ? em_mov+0x0/0x20 [kvm]
 [<ffffffffa0028eb8>] x86_emulate_instruction+0xb8/0x3d0 [kvm]
 [<ffffffffa0034ff1>] kvm_mmu_page_fault+0x71/0x90 [kvm]
 [<ffffffffa007cb24>] handle_exception+0x324/0x390 [kvm_intel]
 [<ffffffffa007cc1e>] vmx_handle_exit+0x8e/0x2b0 [kvm_intel]
 [<ffffffffa002c546>] kvm_arch_vcpu_ioctl_run+0x526/0xe70 [kvm]
 [<ffffffffa001a6f2>] kvm_vcpu_ioctl+0x502/0x650 [kvm]
 [<ffffffff81063ed1>] ? dequeue_signal+0x41/0x170
 [<ffffffff81061b1f>] ? copy_siginfo_to_user+0xff/0x1f0
 [<ffffffff811368d3>] do_vfs_ioctl+0xa3/0x540
 [<ffffffff81083afe>] ? sys_futex+0xce/0x170
 [<ffffffff81136dbf>] sys_ioctl+0x4f/0x80
 [<ffffffff81002f82>] system_call_fastpath+0x16/0x1b
Code: 75 d8 0f 0b eb fe 0f 1f 00 48 ba 00 f0 ff ff ff ff 0f 00 4c 89 fe 48 21
d1 48 ba 00 00 00 00 00 ea ff ff 48 c1 e9 0c 48 6b c9 38 <48> 8b 7c 11 10 89 45
c8 e8 61 f5 ff ff 48 8b 0d ea 6c 02 00 8b 
RIP  [<ffffffffa0031f12>] kvm_mmu_prepare_zap_page+0x122/0x2f0 [kvm]
 RSP <ffff8804a51838e8>
CR2: ffffed7fffffffd8
---[ end trace a0f93d7b4fb495aa ]---

-- 
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.