https://bugzilla.kernel.org/show_bug.cgi?id=54061
Summary: guest panic after live migration
Product: Virtualization
Version: unspecified
Platform: All
OS/Version: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: kvm
AssignedTo: [email protected]
ReportedBy: [email protected]
Regression: No
Created an attachment (id=93511)
--> (https://bugzilla.kernel.org/attachment.cgi?id=93511)
guest panic after migration
Environment:
------------
Host OS (ia32/ia32e/IA64):ia32e
Guest OS (ia32/ia32e/IA64):ia32e
Guest OS Type (Linux/Windows):Linux (e.g. RHEL6.3)
kvm.git next branch Commit:cbd29cb6e38af6119df2cdac0c58acf0e85c177e
qemu-kvm.git Commit:4d9367b76f71c6d938cf8201392abe4bfb1136cb
Hardware:SandyBridge-EP, Westmere-EP
Bug detailed description:
--------------------------
After live migration, guest will panic.
This should be a KVM kernel bug.
kvm + qemu-kvm = result
cbd29cb6 + 4d9367b7 = bad
b0da5bec + 4d9367b7 = good
Reproduce steps:
----------------
1. start up a host with kvm (commit: cbd29cb6)
2. Start a TCP daemon for migration:
qemu-system-x86_64 -m 1024 -smp 2 -net nic,macaddr=00:12:32:45:12:54 -net tap
/root/rhel6u3.img -incoming tcp:localhost:4444
3. create a guest
qemu-system-x86_64 -m 1024 -smp 2 -net nic,macaddr=00:12:32:45:12:54 -net tap
/root/rhel6u3.img
4. "ctrl+Alt+2" switch to QEMU monitor
5. in monitor: migrate tcp:localhost:4444
Current result:
----------------
after live migration, guest panic
Expected result:
----------------
after live migration, guest work fine.
Basic root-causing log:
----------------------
WARNING: at lib/list_debug.c:30 __list_add+0x8f/0xa0() (Tainted: G B W
--------------- )
Hardware name: Bochs
list_add corruption. prev->next should be next (ffff88003fae0ac0), but was
ffff8800365c3000. (prev=ffff8800365f9040).
Modules linked in: autofs4 sunrpc ipv6 uinput ppdev parport_pc parport
microcode sg 8139too 8139cp mii i2c_piix4 i2c_core ext4 mbcache jbd2 sr_mod
cdrom sd_mod crc_t10dif pata_acpi ata_generic ata_piix dm_mirror dm_region_hash
dm_log dm_mod [last unloaded: speedstep_lib]
Pid: 12, comm: events/1 Tainted: G B W ---------------
2.6.32-279.el6.x86_64 #1
Call Trace:
[<ffffffff8106b747>] ? warn_slowpath_common+0x87/0xc0
[<ffffffff8106b836>] ? warn_slowpath_fmt+0x46/0x50
[<ffffffff8128301f>] ? __list_add+0x8f/0xa0
[<ffffffff81163f64>] ? free_block+0x154/0x170
[<ffffffff811641b1>] ? drain_array+0xc1/0x100
[<ffffffff8116517e>] ? cache_reap+0x8e/0x260
[<ffffffff81137090>] ? vmstat_update+0x0/0x40
[<ffffffff811650f0>] ? cache_reap+0x0/0x260
[<ffffffff8108c760>] ? worker_thread+0x170/0x2a0
[<ffffffff810920d0>] ? autoremove_wake_function+0x0/0x40
[<ffffffff8108c5f0>] ? worker_thread+0x0/0x2a0
[<ffffffff81091d66>] ? kthread+0x96/0xa0
[<ffffffff8100c14a>] ? child_rip+0xa/0x20
[<ffffffff81091cd0>] ? kthread+0x0/0xa0
[<ffffffff8100c140>] ? child_rip+0x0/0x20
---[ end trace f17758832a0dcb5e ]---
general protection fault: 0000 [#1] SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:03.0/irq
CPU 1
Modules linked in: autofs4 sunrpc ipv6 uinput ppdev parport_pc parport
microcode sg 8139too 8139cp mii i2c_piix4 i2c_core ext4 mbcache jbd2 sr_mod
cdrom sd_mod crc_t10dif pata_acpi ata_generic ata_piix dm_mirror dm_region_hash
dm_log dm_mod [last unloaded: speedstep_lib]
Pid: 1173, comm: rs:main Q:Reg Tainted: G B W ---------------
2.6.32-279.el6.x86_64 #1 Bochs Bochs
RIP: 0010:[<ffffffff81282f00>] [<ffffffff81282f00>] list_del+0x10/0xa0
RSP: 0018:ffff880037547a78 EFLAGS: 00010096
RAX: dead000000200200 RBX: ffffea0000ceb940 RCX: 0000000000000000
RDX: 0000000000000010 RSI: ffff88003edd00d0 RDI: ffffea0000ceb940
RBP: ffff880037547a88 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88003edd00c0
R13: ffff8800000116c0 R14: 000000000000362e R15: ffffea0000ceb918
FS: 00007fc44b7cc700(0000) GS:ffff880002300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc44c5aba10 CR3: 000000003dc44000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process rs:main Q:Reg (pid: 1173, threadinfo ffff880037546000, task
ffff880037062ae0)
Stack:
0000000000000282 0000000000000001 ffff880037547ba8 ffffffff811258a8
<d> ffff880037547ab8 0000000000000000 ffffffff00000001 ffff88003728b400
<d> 0000000000c7f118 00000040ffffffff 0000000000000000 ffff880000033c28
Call Trace:
[<ffffffff811258a8>] get_page_from_freelist+0x288/0x820
[<ffffffffa00869f6>] ? jbd2_journal_stop+0x1e6/0x2b0 [jbd2]
[<ffffffff81126f31>] __alloc_pages_nodemask+0x111/0x940
[<ffffffff81161d62>] kmem_getpages+0x62/0x170
[<ffffffff811623cf>] cache_grow+0x2cf/0x320
[<ffffffff81162622>] cache_alloc_refill+0x202/0x240
[<ffffffff8116351f>] kmem_cache_alloc+0x15f/0x190
[<ffffffff811b9738>] fsnotify_create_event+0x38/0x1a0
[<ffffffff811b9430>] fsnotify+0x140/0x160
[<ffffffff8117b0e2>] vfs_write+0x132/0x1a0
[<ffffffff8117ba81>] sys_write+0x51/0x90
[<ffffffff8100b0f2>] system_call_fastpath+0x16/0x1b
Code: 89 95 fc fe ff ff e9 ab fd ff ff 4c 8b ad e8 fe ff ff e9 db fd ff ff 90
90 90 90 55 48 89 e5 53 48 89 fb 48 83 ec 08 48 8b 47 08 <4c> 8b 00 4c 39 c7 75
39 48 8b 03 4c 8b 40 08 4c 39 c3 75 4c 48
RIP [<ffffffff81282f00>] list_del+0x10/0xa0
RSP <ffff880037547a78>
---[ end trace f17758832a0dcb5f ]---
Kernel panic - not syncing: Fatal exception
Pid: 1173, comm: rs:main Q:Reg Tainted: G B D W ---------------
2.6.32-279.el6.x86_64 #1
Call Trace:
[<ffffffff814fd11a>] ? panic+0xa0/0x168
[<ffffffff815012b4>] ? oops_end+0xe4/0x100
[<ffffffff8100f26b>] ? die+0x5b/0x90
[<ffffffff81500e22>] ? do_general_protection+0x152/0x160
[<ffffffff815005f5>] ? general_protection+0x25/0x30
[<ffffffff81282f00>] ? list_del+0x10/0xa0
[<ffffffff811248d2>] ? bad_page+0x52/0x160
[<ffffffff811258a8>] ? get_page_from_freelist+0x288/0x820
[<ffffffffa00869f6>] ? jbd2_journal_stop+0x1e6/0x2b0 [jbd2]
[<ffffffff81126f31>] ? __alloc_pages_nodemask+0x111/0x940
[<ffffffff81161d62>] ? kmem_getpages+0x62/0x170
[<ffffffff811623cf>] ? cache_grow+0x2cf/0x320
[<ffffffff81162622>] ? cache_alloc_refill+0x202/0x240
[<ffffffff8116351f>] ? kmem_cache_alloc+0x15f/0x190
[<ffffffff811b9738>] ? fsnotify_create_event+0x38/0x1a0
[<ffffffff811b9430>] ? fsnotify+0x140/0x160
[<ffffffff8117b0e2>] ? vfs_write+0x132/0x1a0
[<ffffffff8117ba81>] ? sys_write+0x51/0x90
[<ffffffff8100b0f2>] ? system_call_fastpath+0x16/0x1b
--
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
