[ kernel 3.5 ] Kernel bug when using kvm

[ kernel 3.5 ] Kernel bug when using kvm

[nicolas prochazka]

Hello,
with linux kernel 3.5rc6 and 3.5rc7
I do not test with other kernel 3.5.
On linux kernel 3.3.8 ,  threre is no problem.

If I start qemu-kvm process, system is overload and
dmesg :

 BUG: unable to handle kernel paging request at 000000010000003b
IP: [<ffffffff8119f694>] tid_fd_revalidate+0x84/0x1a0
PGD 66989a067 PUD 0
Oops: 0000 [#1] SMP
CPU 3
Modules linked in: [last unloaded: kvm]


Regards,
Nicolas Prochazka

Re: [ kernel 3.5 ] Kernel bug when using kvm

[Avi Kivity]

On 07/16/2012 02:06 PM, nicolas prochazka wrote:
> Hello,
> with linux kernel 3.5rc6 and 3.5rc7
> I do not test with other kernel 3.5.
> On linux kernel 3.3.8 ,  threre is no problem.
> 
> If I start qemu-kvm process, system is overload and
> dmesg :
> 
>  BUG: unable to handle kernel paging request at 000000010000003b
> IP: [<ffffffff8119f694>] tid_fd_revalidate+0x84/0x1a0
> PGD 66989a067 PUD 0
> Oops: 0000 [#1] SMP
> CPU 3
> Modules linked in: [last unloaded: kvm]

Is this repeatable?

Please post a complete stack trace.




-- 
error compiling committee.c: too many arguments to function

Re: [ kernel 3.5 ] Kernel bug when using kvm

[nicolas prochazka]

No, It is not 100% reproductible, I'm trying to find the case, but :
Now when i start a qemu-kvm ,
there is a kvm-pit/xxxx  which takes a lot of cpu time ( ~ 20 %) ,  (
not with kernel 3.3.8 )

for the complete stack trace, which kernel options should i set,
i've already kernel debug .

Regards,
Nicolas Prochazka.

2012/7/16 Avi Kivity <avi@redhat.com>:
> On 07/16/2012 02:06 PM, nicolas prochazka wrote:
>> Hello,
>> with linux kernel 3.5rc6 and 3.5rc7
>> I do not test with other kernel 3.5.
>> On linux kernel 3.3.8 ,  threre is no problem.
>>
>> If I start qemu-kvm process, system is overload and
>> dmesg :
>>
>>  BUG: unable to handle kernel paging request at 000000010000003b
>> IP: [<ffffffff8119f694>] tid_fd_revalidate+0x84/0x1a0
>> PGD 66989a067 PUD 0
>> Oops: 0000 [#1] SMP
>> CPU 3
>> Modules linked in: [last unloaded: kvm]
>
> Is this repeatable?
>
> Please post a complete stack trace.
>
>
>
>
> --
> error compiling committee.c: too many arguments to function
>
>

Re: [ kernel 3.5 ] Kernel bug when using kvm

[Avi Kivity]

On 07/16/2012 05:37 PM, nicolas prochazka wrote:
> No, It is not 100% reproductible, I'm trying to find the case, but :
> Now when i start a qemu-kvm ,
> there is a kvm-pit/xxxx  which takes a lot of cpu time ( ~ 20 %) ,  (
> not with kernel 3.3.8 )
> 
> for the complete stack trace, which kernel options should i set,
> i've already kernel debug .

Should be following the BUG message.  Is what you posted everything you got?

> 
> Regards,
> Nicolas Prochazka.
> 
> 2012/7/16 Avi Kivity <avi@redhat.com>:
>> On 07/16/2012 02:06 PM, nicolas prochazka wrote:
>>> Hello,
>>> with linux kernel 3.5rc6 and 3.5rc7
>>> I do not test with other kernel 3.5.
>>> On linux kernel 3.3.8 ,  threre is no problem.
>>>
>>> If I start qemu-kvm process, system is overload and
>>> dmesg :
>>>
>>>  BUG: unable to handle kernel paging request at 000000010000003b
>>> IP: [<ffffffff8119f694>] tid_fd_revalidate+0x84/0x1a0
>>> PGD 66989a067 PUD 0
>>> Oops: 0000 [#1] SMP
>>> CPU 3
>>> Modules linked in: [last unloaded: kvm]
>>
>> Is this repeatable?
>>
>> Please post a complete stack trace.
>>
>>
>>
>>
>> --
>> error compiling committee.c: too many arguments to function
>>
>>
> 


-- 
error compiling committee.c: too many arguments to function

Re: [ kernel 3.5 ] Kernel bug when using kvm

[nicolas prochazka]

sorry,
i recompile kernel with some option, and crash again :
( it seems i need to run a lot of qemu process to bug )


[ 3117.379546] BUG: unable to handle kernel paging request at 000000010000003b
[ 3117.379783] IP: [<ffffffff811a3654>] tid_fd_revalidate+0x84/0x1a0
[ 3117.379978] PGD 6ea4e0067 PUD 0
[ 3117.380012] Oops: 0000 [#1] SMP
[ 3117.380012] CPU 4
[ 3117.380012] Modules linked in: kvm_intel kvm [last unloaded: kvm]
[ 3117.380012]
[ 3117.380012] Pid: 9816, comm: netstat Not tainted 3.5.0-rc7 #2 Dell
Inc. PowerEdge M600/0MY736
[ 3117.380012] RIP: 0010:[<ffffffff811a3654>]  [<ffffffff811a3654>]
tid_fd_revalidate+0x84/0x1a0
[ 3117.380012] RSP: 0018:ffff8806ff6c1d78  EFLAGS: 00010206
[ 3117.380012] RAX: ffff8806fc5042c0 RBX: ffff8806fa161380 RCX: 000000000000007e
[ 3117.380012] RDX: 00000000ffffffff RSI: 0000000000000000 RDI: ffff8806fc5042c0
[ 3117.411799] RBP: ffff8806ff6c1d98 R08: ffff88083fd16b30 R09: ffffffff8119fef0
[ 3117.411799] R10: 0000000000000000 R11: 0000000000000206 R12: ffff8807e3d20180
[ 3117.411799] R13: ffff880759832000 R14: ffff8807f2980838 R15: ffff8806ff6c1e08
[ 3117.411799] FS:  00007fcb7124b700(0000) GS:ffff88083fd00000(0000)
knlGS:0000000000000000
[ 3117.438973] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3117.438973] CR2: 000000010000003b CR3: 000000075e06c000 CR4: 00000000000027e0
[ 3117.438973] DR0: 0000000000000003 DR1: 00000000000000b0 DR2: 0000000000000001
[ 3117.438973] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 3117.438973] Process netstat (pid: 9816, threadinfo
ffff8806ff6c0000, task ffff8807cefb3000)
[ 3117.438973] Stack:
[ 3117.438973]  ffff8807e3d20180 0000000000000007 ffff8806fa161380
ffff8807e3ef5c00
[ 3117.490924]  ffff8806ff6c1dc8 ffffffff811a3880 ffffffffff0a0210
0000000000000001
[ 3117.490924]  ffff8806ff6c1e98 ffff8807f22a8d00 ffff8806ff6c1e48
ffffffff811a4cd6
[ 3117.490924] Call Trace:
[ 3117.490924]  [<ffffffff811a3880>] proc_fd_instantiate+0x80/0xa0
[ 3117.490924]  [<ffffffff811a4cd6>] proc_fill_cache+0x126/0x150
[ 3117.490924]  [<ffffffff811a3800>] ? proc_fdinfo_instantiate+0x90/0x90
[ 3117.490924]  [<ffffffff811505a0>] ? filldir64+0xe0/0xe0
[ 3117.490924]  [<ffffffff811a5006>] proc_readfd_common+0xf6/0x1c0
[ 3117.490924]  [<ffffffff811a3800>] ? proc_fdinfo_instantiate+0x90/0x90
[ 3117.490924]  [<ffffffff811505a0>] ? filldir64+0xe0/0xe0
[ 3117.490924]  [<ffffffff811a5105>] proc_readfd+0x15/0x20
[ 3117.490924]  [<ffffffff811507c0>] vfs_readdir+0xa0/0xc0
[ 3117.490924]  [<ffffffff811505a0>] ? filldir64+0xe0/0xe0
[ 3117.490924]  [<ffffffff8115096d>] sys_getdents+0x8d/0x100
[ 3117.490924]  [<ffffffff81ae9c29>] system_call_fastpath+0x16/0x1b
[ 3117.609269] alloc_fd: slot 7 not NULL!
[ 3117.490924] Code: b8 00 00 00 48 8b 50 08 44 3b 32 0f 83 9e 00 00
00 45 89 f6 49 c1 e6 03 4c 03 72 08 49 8b 16 48 85 d2 0f 84 87 00 00
00 48 89 c7 <44> 8b 62 3c e8 13 29 ea ff 4c 89 ef e8 4b df ff ff 85 c0
0f 84
[ 3117.490924] RIP  [<ffffffff811a3654>] tid_fd_revalidate+0x84/0x1a0
[ 3117.490924]  RSP <ffff8806ff6c1d78>
[ 3117.651103] CR2: 000000010000003b
[ 3117.651103] ------------[ cut here ]------------
[ 3117.651103] WARNING: at kernel/softirq.c:159 local_bh_enable_ip+0x7a/0xa0()
[ 3117.651103] Hardware name: PowerEdge M600
[ 3117.651103] Modules linked in: kvm_intel kvm [last unloaded: kvm]
[ 3117.651103] Pid: 9816, comm: netstat Not tainted 3.5.0-rc7 #2
[ 3117.651103] Call Trace:
[ 3117.651103]  [<ffffffff81041c1f>] warn_slowpath_common+0x7f/0xc0
[ 3117.651103]  [<ffffffff81041c7a>] warn_slowpath_null+0x1a/0x20
[ 3117.651103]  [<ffffffff8104a88a>] local_bh_enable_ip+0x7a/0xa0
[ 3117.651103]  [<ffffffff81ae9129>] _raw_spin_unlock_bh+0x19/0x20
[ 3117.651103]  [<ffffffff81441dea>] cn_netlink_send+0xaa/0x180
[ 3117.651103]  [<ffffffff813d39fb>] uvesafb_exec+0x14b/0x290
[ 3117.651103]  [<ffffffff813d3c7c>] uvesafb_blank+0x13c/0x180
[ 3117.651103]  [<ffffffff813c0332>] fb_blank+0x62/0xc0
[ 3117.651103]  [<ffffffff813d0690>] ? bit_update_start+0x60/0x60
[ 3117.651103]  [<ffffffff813cc74b>] fbcon_blank+0x22b/0x2d0
[ 3117.651103]  [<ffffffff8106b6fe>] ? up+0x2e/0x50
[ 3117.651103]  [<ffffffff81043fa5>] ? console_unlock+0x245/0x3c0
[ 3117.651103]  [<ffffffff8102db49>] ? default_spin_lock_flags+0x9/0x10
[ 3117.651103]  [<ffffffff81ae8eef>] ? _raw_spin_lock_irqsave+0x2f/0x40
[ 3117.651103]  [<ffffffff81052c3c>] ? lock_timer_base+0x3c/0x70
[ 3117.651103]  [<ffffffff8105364d>] ? mod_timer+0x15d/0x2b0
[ 3117.651103]  [<ffffffff81429d38>] do_unblank_screen+0xa8/0x1c0
[ 3117.651103]  [<ffffffff81429e60>] unblank_screen+0x10/0x20
[ 3117.651103]  [<ffffffff81395305>] bust_spinlocks+0x15/0x40
[ 3117.651103]  [<ffffffff81005c6f>] oops_end+0x3f/0xf0
[ 3117.651103]  [<ffffffff8103165d>] no_context+0x11d/0x2d0
[ 3117.651103]  [<ffffffff81031541>] ? no_context+0x1/0x2d0
[ 3117.651103]  [<ffffffff8103194d>] __bad_area_nosemaphore+0x13d/0x220
[ 3117.651103]  [<ffffffff81031aa6>] __bad_area+0x56/0x70
[ 3117.651103]  [<ffffffff81031ad3>] bad_area+0x13/0x20
[ 3117.651103]  [<ffffffff81032016>] do_page_fault+0x356/0x440
[ 3117.651103]  [<ffffffff81ae8eae>] ? _raw_spin_lock+0xe/0x20
[ 3117.651103]  [<ffffffff81ae8eae>] ? _raw_spin_lock+0xe/0x20
[ 3117.651103]  [<ffffffff8106db4a>] ? lg_local_unlock+0x1a/0x20
[ 3117.651103]  [<ffffffff81ae8eae>] ? _raw_spin_lock+0xe/0x20
[ 3117.651103]  [<ffffffff8106db4a>] ? lg_local_unlock+0x1a/0x20
[ 3117.651103]  [<ffffffff81ae9575>] page_fault+0x25/0x30
[ 3117.651103]  [<ffffffff8119fef0>] ? proc_alloc_inode+0x20/0xa0
[ 3117.651103]  [<ffffffff811a3654>] ? tid_fd_revalidate+0x84/0x1a0
[ 3117.651103]  [<ffffffff811a3624>] ? tid_fd_revalidate+0x54/0x1a0
[ 3117.651103]  [<ffffffff811a3880>] proc_fd_instantiate+0x80/0xa0
[ 3117.651103]  [<ffffffff811a4cd6>] proc_fill_cache+0x126/0x150
[ 3117.651103]  [<ffffffff811a3800>] ? proc_fdinfo_instantiate+0x90/0x90
[ 3117.651103]  [<ffffffff811505a0>] ? filldir64+0xe0/0xe0
[ 3117.651103]  [<ffffffff811a5006>] proc_readfd_common+0xf6/0x1c0
[ 3117.651103]  [<ffffffff811a3800>] ? proc_fdinfo_instantiate+0x90/0x90
[ 3117.651103]  [<ffffffff811505a0>] ? filldir64+0xe0/0xe0
[ 3117.651103]  [<ffffffff811a5105>] proc_readfd+0x15/0x20
[ 3117.651103]  [<ffffffff811507c0>] vfs_readdir+0xa0/0xc0
[ 3117.651103]  [<ffffffff811505a0>] ? filldir64+0xe0/0xe0
[ 3117.651103]  [<ffffffff8115096d>] sys_getdents+0x8d/0x100
[ 3117.651103]  [<ffffffff81ae9c29>] system_call_fastpath+0x16/0x1b
[ 3117.651103] ---[ end trace 26e2f3891a2cefe1 ]---
[ 3118.086497] ---[ end trace 26e2f3891a2cefe2 ]---

2012/7/16 Avi Kivity <avi@redhat.com>:
> On 07/16/2012 05:37 PM, nicolas prochazka wrote:
>> No, It is not 100% reproductible, I'm trying to find the case, but :
>> Now when i start a qemu-kvm ,
>> there is a kvm-pit/xxxx  which takes a lot of cpu time ( ~ 20 %) ,  (
>> not with kernel 3.3.8 )
>>
>> for the complete stack trace, which kernel options should i set,
>> i've already kernel debug .
>
> Should be following the BUG message.  Is what you posted everything you got?
>
>>
>> Regards,
>> Nicolas Prochazka.
>>
>> 2012/7/16 Avi Kivity <avi@redhat.com>:
>>> On 07/16/2012 02:06 PM, nicolas prochazka wrote:
>>>> Hello,
>>>> with linux kernel 3.5rc6 and 3.5rc7
>>>> I do not test with other kernel 3.5.
>>>> On linux kernel 3.3.8 ,  threre is no problem.
>>>>
>>>> If I start qemu-kvm process, system is overload and
>>>> dmesg :
>>>>
>>>>  BUG: unable to handle kernel paging request at 000000010000003b
>>>> IP: [<ffffffff8119f694>] tid_fd_revalidate+0x84/0x1a0
>>>> PGD 66989a067 PUD 0
>>>> Oops: 0000 [#1] SMP
>>>> CPU 3
>>>> Modules linked in: [last unloaded: kvm]
>>>
>>> Is this repeatable?
>>>
>>> Please post a complete stack trace.
>>>
>>>
>>>
>>>
>>> --
>>> error compiling committee.c: too many arguments to function
>>>
>>>
>>
>
>
> --
> error compiling committee.c: too many arguments to function
>
>

Oops in proc_fd_instantiate (was: Re: [ kernel 3.5 ] Kernel bug when using kvm)

[Avi Kivity]

On 07/16/2012 05:46 PM, nicolas prochazka wrote:
> sorry,
> i recompile kernel with some option, and crash again :
> ( it seems i need to run a lot of qemu process to bug )
> 
> 
> [ 3117.379546] BUG: unable to handle kernel paging request at 000000010000003b
> [ 3117.379783] IP: [<ffffffff811a3654>] tid_fd_revalidate+0x84/0x1a0
> [ 3117.379978] PGD 6ea4e0067 PUD 0
> [ 3117.380012] Oops: 0000 [#1] SMP
> [ 3117.380012] CPU 4
> [ 3117.380012] Modules linked in: kvm_intel kvm [last unloaded: kvm]
> [ 3117.380012]
> [ 3117.380012] Pid: 9816, comm: netstat Not tainted 3.5.0-rc7 #2 Dell
> Inc. PowerEdge M600/0MY736
> [ 3117.380012] RIP: 0010:[<ffffffff811a3654>]  [<ffffffff811a3654>]
> tid_fd_revalidate+0x84/0x1a0
> [ 3117.380012] RSP: 0018:ffff8806ff6c1d78  EFLAGS: 00010206
> [ 3117.380012] RAX: ffff8806fc5042c0 RBX: ffff8806fa161380 RCX: 000000000000007e
> [ 3117.380012] RDX: 00000000ffffffff RSI: 0000000000000000 RDI: ffff8806fc5042c0
> [ 3117.411799] RBP: ffff8806ff6c1d98 R08: ffff88083fd16b30 R09: ffffffff8119fef0
> [ 3117.411799] R10: 0000000000000000 R11: 0000000000000206 R12: ffff8807e3d20180
> [ 3117.411799] R13: ffff880759832000 R14: ffff8807f2980838 R15: ffff8806ff6c1e08
> [ 3117.411799] FS:  00007fcb7124b700(0000) GS:ffff88083fd00000(0000)
> knlGS:0000000000000000
> [ 3117.438973] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 3117.438973] CR2: 000000010000003b CR3: 000000075e06c000 CR4: 00000000000027e0
> [ 3117.438973] DR0: 0000000000000003 DR1: 00000000000000b0 DR2: 0000000000000001
> [ 3117.438973] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> [ 3117.438973] Process netstat (pid: 9816, threadinfo
> ffff8806ff6c0000, task ffff8807cefb3000)
> [ 3117.438973] Stack:
> [ 3117.438973]  ffff8807e3d20180 0000000000000007 ffff8806fa161380
> ffff8807e3ef5c00
> [ 3117.490924]  ffff8806ff6c1dc8 ffffffff811a3880 ffffffffff0a0210
> 0000000000000001
> [ 3117.490924]  ffff8806ff6c1e98 ffff8807f22a8d00 ffff8806ff6c1e48
> ffffffff811a4cd6
> [ 3117.490924] Call Trace:
> [ 3117.490924]  [<ffffffff811a3880>] proc_fd_instantiate+0x80/0xa0
> [ 3117.490924]  [<ffffffff811a4cd6>] proc_fill_cache+0x126/0x150
> [ 3117.490924]  [<ffffffff811a3800>] ? proc_fdinfo_instantiate+0x90/0x90
> [ 3117.490924]  [<ffffffff811505a0>] ? filldir64+0xe0/0xe0
> [ 3117.490924]  [<ffffffff811a5006>] proc_readfd_common+0xf6/0x1c0
> [ 3117.490924]  [<ffffffff811a3800>] ? proc_fdinfo_instantiate+0x90/0x90
> [ 3117.490924]  [<ffffffff811505a0>] ? filldir64+0xe0/0xe0
> [ 3117.490924]  [<ffffffff811a5105>] proc_readfd+0x15/0x20
> [ 3117.490924]  [<ffffffff811507c0>] vfs_readdir+0xa0/0xc0
> [ 3117.490924]  [<ffffffff811505a0>] ? filldir64+0xe0/0xe0
> [ 3117.490924]  [<ffffffff8115096d>] sys_getdents+0x8d/0x100
> [ 3117.490924]  [<ffffffff81ae9c29>] system_call_fastpath+0x16/0x1b
> [ 3117.609269] alloc_fd: slot 7 not NULL!
> [ 3117.490924] Code: b8 00 00 00 48 8b 50 08 44 3b 32 0f 83 9e 00 00
> 00 45 89 f6 49 c1 e6 03 4c 03 72 08 49 8b 16 48 85 d2 0f 84 87 00 00
> 00 48 89 c7 <44> 8b 62 3c e8 13 29 ea ff 4c 89 ef e8 4b df ff ff 85 c0
> 0f 84


Seems to be in the outside kvm.  Copying lkml.


-- 
error compiling committee.c: too many arguments to function