From mboxrd@z Thu Jan  1 00:00:00 1970
From: bugzilla-daemon@bugzilla.kernel.org
Subject: [Bug 54061] New: guest panic after live migration
Date: Tue, 19 Feb 2013 03:05:31 +0000 (UTC)
Message-ID: <bug-54061-28872@https.bugzilla.kernel.org/>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
To: kvm@vger.kernel.org
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail.kernel.org ([198.145.19.201]:57440 "EHLO mail.kernel.org"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1756279Ab3BSDFi (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 18 Feb 2013 22:05:38 -0500
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id C19B72022B
	for <kvm@vger.kernel.org>; Tue, 19 Feb 2013 03:05:34 +0000 (UTC)
Received: from bugzilla.kernel.org (bugzilla.kernel.org [198.145.19.217])
	by mail.kernel.org (Postfix) with ESMTP id 5C9F320219
	for <kvm@vger.kernel.org>; Tue, 19 Feb 2013 03:05:32 +0000 (UTC)
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

https://bugzilla.kernel.org/show_bug.cgi?id=54061

           Summary: guest panic after live migration
           Product: Virtualization
           Version: unspecified
          Platform: All
        OS/Version: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: kvm
        AssignedTo: virtualization_kvm@kernel-bugs.osdl.org
        ReportedBy: yongjie.ren@intel.com
        Regression: No


Created an attachment (id=93511)
 --> (https://bugzilla.kernel.org/attachment.cgi?id=93511)
guest panic after migration

Environment:
------------
Host OS (ia32/ia32e/IA64):ia32e
Guest OS (ia32/ia32e/IA64):ia32e
Guest OS Type (Linux/Windows):Linux (e.g. RHEL6.3)
kvm.git next branch Commit:cbd29cb6e38af6119df2cdac0c58acf0e85c177e
qemu-kvm.git Commit:4d9367b76f71c6d938cf8201392abe4bfb1136cb
Hardware:SandyBridge-EP, Westmere-EP

Bug detailed description:
--------------------------
After live migration, guest will panic.
This should be a KVM kernel bug.
kvm      + qemu-kvm   =  result
cbd29cb6 + 4d9367b7   = bad
b0da5bec + 4d9367b7   = good

Reproduce steps:
----------------
1. start up a host with kvm (commit: cbd29cb6)
2. Start a TCP daemon for migration:
qemu-system-x86_64 -m 1024 -smp 2 -net nic,macaddr=00:12:32:45:12:54 -net tap
/root/rhel6u3.img -incoming tcp:localhost:4444
3. create a guest 
qemu-system-x86_64 -m 1024 -smp 2 -net nic,macaddr=00:12:32:45:12:54 -net tap
/root/rhel6u3.img
4. "ctrl+Alt+2" switch to QEMU monitor
5. in monitor:  migrate tcp:localhost:4444

Current result:
----------------
after live migration, guest panic

Expected result:
----------------
after live migration, guest work fine.

Basic root-causing log:
----------------------
WARNING: at lib/list_debug.c:30 __list_add+0x8f/0xa0() (Tainted: G    B   W 
---------------   )

Hardware name: Bochs

list_add corruption. prev->next should be next (ffff88003fae0ac0), but was
ffff8800365c3000. (prev=ffff8800365f9040).

Modules linked in: autofs4 sunrpc ipv6 uinput ppdev parport_pc parport
microcode sg 8139too 8139cp mii i2c_piix4 i2c_core ext4 mbcache jbd2 sr_mod
cdrom sd_mod crc_t10dif pata_acpi ata_generic ata_piix dm_mirror dm_region_hash
dm_log dm_mod [last unloaded: speedstep_lib]

Pid: 12, comm: events/1 Tainted: G    B   W  ---------------   
2.6.32-279.el6.x86_64 #1

Call Trace:

 [<ffffffff8106b747>] ? warn_slowpath_common+0x87/0xc0

 [<ffffffff8106b836>] ? warn_slowpath_fmt+0x46/0x50

 [<ffffffff8128301f>] ? __list_add+0x8f/0xa0

 [<ffffffff81163f64>] ? free_block+0x154/0x170

 [<ffffffff811641b1>] ? drain_array+0xc1/0x100

 [<ffffffff8116517e>] ? cache_reap+0x8e/0x260

 [<ffffffff81137090>] ? vmstat_update+0x0/0x40

 [<ffffffff811650f0>] ? cache_reap+0x0/0x260

 [<ffffffff8108c760>] ? worker_thread+0x170/0x2a0

 [<ffffffff810920d0>] ? autoremove_wake_function+0x0/0x40

 [<ffffffff8108c5f0>] ? worker_thread+0x0/0x2a0

 [<ffffffff81091d66>] ? kthread+0x96/0xa0

 [<ffffffff8100c14a>] ? child_rip+0xa/0x20

 [<ffffffff81091cd0>] ? kthread+0x0/0xa0

 [<ffffffff8100c140>] ? child_rip+0x0/0x20

---[ end trace f17758832a0dcb5e ]---

general protection fault: 0000 [#1] SMP 

last sysfs file: /sys/devices/pci0000:00/0000:00:03.0/irq

CPU 1 

Modules linked in: autofs4 sunrpc ipv6 uinput ppdev parport_pc parport
microcode sg 8139too 8139cp mii i2c_piix4 i2c_core ext4 mbcache jbd2 sr_mod
cdrom sd_mod crc_t10dif pata_acpi ata_generic ata_piix dm_mirror dm_region_hash
dm_log dm_mod [last unloaded: speedstep_lib]



Pid: 1173, comm: rs:main Q:Reg Tainted: G    B   W  ---------------   
2.6.32-279.el6.x86_64 #1 Bochs Bochs

RIP: 0010:[<ffffffff81282f00>]  [<ffffffff81282f00>] list_del+0x10/0xa0

RSP: 0018:ffff880037547a78  EFLAGS: 00010096

RAX: dead000000200200 RBX: ffffea0000ceb940 RCX: 0000000000000000

RDX: 0000000000000010 RSI: ffff88003edd00d0 RDI: ffffea0000ceb940

RBP: ffff880037547a88 R08: 0000000000000000 R09: 0000000000000000

R10: 0000000000000000 R11: 0000000000000000 R12: ffff88003edd00c0

R13: ffff8800000116c0 R14: 000000000000362e R15: ffffea0000ceb918

FS:  00007fc44b7cc700(0000) GS:ffff880002300000(0000) knlGS:0000000000000000

CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033

CR2: 00007fc44c5aba10 CR3: 000000003dc44000 CR4: 00000000000006e0

DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000

DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400

Process rs:main Q:Reg (pid: 1173, threadinfo ffff880037546000, task
ffff880037062ae0)

Stack:

 0000000000000282 0000000000000001 ffff880037547ba8 ffffffff811258a8

<d> ffff880037547ab8 0000000000000000 ffffffff00000001 ffff88003728b400

<d> 0000000000c7f118 00000040ffffffff 0000000000000000 ffff880000033c28

Call Trace:

 [<ffffffff811258a8>] get_page_from_freelist+0x288/0x820

 [<ffffffffa00869f6>] ? jbd2_journal_stop+0x1e6/0x2b0 [jbd2]

 [<ffffffff81126f31>] __alloc_pages_nodemask+0x111/0x940

 [<ffffffff81161d62>] kmem_getpages+0x62/0x170

 [<ffffffff811623cf>] cache_grow+0x2cf/0x320

 [<ffffffff81162622>] cache_alloc_refill+0x202/0x240

 [<ffffffff8116351f>] kmem_cache_alloc+0x15f/0x190

 [<ffffffff811b9738>] fsnotify_create_event+0x38/0x1a0

 [<ffffffff811b9430>] fsnotify+0x140/0x160

 [<ffffffff8117b0e2>] vfs_write+0x132/0x1a0

 [<ffffffff8117ba81>] sys_write+0x51/0x90

 [<ffffffff8100b0f2>] system_call_fastpath+0x16/0x1b

Code: 89 95 fc fe ff ff e9 ab fd ff ff 4c 8b ad e8 fe ff ff e9 db fd ff ff 90
90 90 90 55 48 89 e5 53 48 89 fb 48 83 ec 08 48 8b 47 08 <4c> 8b 00 4c 39 c7 75
39 48 8b 03 4c 8b 40 08 4c 39 c3 75 4c 48 

RIP  [<ffffffff81282f00>] list_del+0x10/0xa0

 RSP <ffff880037547a78>

---[ end trace f17758832a0dcb5f ]---

Kernel panic - not syncing: Fatal exception

Pid: 1173, comm: rs:main Q:Reg Tainted: G    B D W  ---------------   
2.6.32-279.el6.x86_64 #1

Call Trace:

 [<ffffffff814fd11a>] ? panic+0xa0/0x168

 [<ffffffff815012b4>] ? oops_end+0xe4/0x100

 [<ffffffff8100f26b>] ? die+0x5b/0x90

 [<ffffffff81500e22>] ? do_general_protection+0x152/0x160

 [<ffffffff815005f5>] ? general_protection+0x25/0x30

 [<ffffffff81282f00>] ? list_del+0x10/0xa0

 [<ffffffff811248d2>] ? bad_page+0x52/0x160

 [<ffffffff811258a8>] ? get_page_from_freelist+0x288/0x820

 [<ffffffffa00869f6>] ? jbd2_journal_stop+0x1e6/0x2b0 [jbd2]

 [<ffffffff81126f31>] ? __alloc_pages_nodemask+0x111/0x940

 [<ffffffff81161d62>] ? kmem_getpages+0x62/0x170

 [<ffffffff811623cf>] ? cache_grow+0x2cf/0x320

 [<ffffffff81162622>] ? cache_alloc_refill+0x202/0x240

 [<ffffffff8116351f>] ? kmem_cache_alloc+0x15f/0x190

 [<ffffffff811b9738>] ? fsnotify_create_event+0x38/0x1a0

 [<ffffffff811b9430>] ? fsnotify+0x140/0x160

 [<ffffffff8117b0e2>] ? vfs_write+0x132/0x1a0

 [<ffffffff8117ba81>] ? sys_write+0x51/0x90

 [<ffffffff8100b0f2>] ? system_call_fastpath+0x16/0x1b

-- 
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.