Fischer, Anna
2009-Feb-26 00:23 UTC
[Xen-devel] xen-unstable HVM guest causes dom0 kernel crash
I am running a single HVM guest under the latest xen-unstable version. I get
very random kernel crashes when the HVM guest is running. Then the HVM guest
freezes and I can only destroy and restart it. Sometimes even the whole physical
box freezes and I have to reboot it.
I have attached some logs and kernel traces. Does anyone recognize a known issue
about this?
xm info
======
release : 2.6.18.8-xen
version : #4 SMP Thu Feb 19 07:20:00 PST 2009
machine : i686
nr_cpus : 2
nr_nodes : 1
cores_per_socket : 2
threads_per_core : 1
cpu_mhz : 2200
virt_caps : hvm
total_memory : 2039
free_memory : 125
node_to_cpu : node0:0-1
node_to_memory : node0:125
xen_major : 3
xen_minor : 4
xen_extra : -unstable
xen_caps : xen-3.0-x86_32p hvm-3.0-x86_32 hvm-3.0-x86_32p
xen_scheduler : credit
xen_pagesize : 4096
platform_params : virt_start=0xf5800000
xen_changeset : Wed Feb 18 08:59:26 2009 +0000 19228:b29a64d04a01
cc_compiler : gcc version 4.1.2 20070925 (Red Hat 4.1.2-33)
cc_compile_by : user
cc_compile_domain : localdomain
cc_compile_date : Wed Feb 18 09:43:26 PST 2009
xend_config_format : 4
Kernel trace 1
=============
tap1.1: no IPv6 routers present
tap1.2: no IPv6 routers present
general protection fault: 0000 [#1]
SMP
Modules linked in: xt_physdev iptable_filter ip_tables x_tables tun bridge
rfcomm l2cap bluetooth autofs4 sunrpc binfmt_misc dm_mirror dm_multipath dm_mod
ipv6 8250_pnp joydev 8250 serial_core tsdev serio_raw tpm_infineon tpm tpm_bios
i2c_i801 i2c_core pcspkr piix usbhid ixgbe sg evdev rtc aacraid usb_storage
libusual ata_piix ahci libata sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd
ehci_hcd usbcore
CPU: 0
EIP: 0061:[<c030c000>] Not tainted VLI
EFLAGS: 00010046 (2.6.18.8-xen #4)
EIP is at _spin_lock_irqsave+0x20/0x40
eax: 00000000 ebx: f5616000 ecx: ffffffff edx: 00000000
esi: ea005b14 edi: ea005b44 ebp: fffff060 esp: ea005b28
ds: 007b es: 007b ss: 0069
Process qemu-dm (pid: 4704, ti=ea004000 task=ea1418b0 task.ti=ea004000)
Stack: ffffffff c012fed0 ea005b68 ea005b68 00000000 c012ff9d c012ff47 00000000
ea005b68 fffff060 00000000 00000000 c030ab1a c013b02a ea005c8c c013b0cd
00000000 ea724780 ed652200 c012f530 ea1418b0 c043fe80 00000011 00000000
Call Trace:
[<c012fed0>] lock_timer_base+0x20/0x50
[<c012ff9d>] __mod_timer+0x2d/0xd0
[<c012ff47>] try_to_del_timer_sync+0x47/0x50
[<c030ab1a>] schedule_timeout+0x4a/0xd0
[<c013b02a>] remove_wait_queue+0x1a/0x50
[<c013b0cd>] add_wait_queue+0x1d/0x50
[<c012f530>] process_timeout+0x0/0x10
[<c018f113>] do_select+0x3a3/0x490
[<c018f7d0>] __pollwait+0x0/0x100
[<c011eaf0>] default_wake_function+0x0/0x10
[<c011eaf0>] default_wake_function+0x0/0x10
[<c011eaf0>] default_wake_function+0x0/0x10
[<c011eaf0>] default_wake_function+0x0/0x10
[<c011eaf0>] default_wake_function+0x0/0x10
[<c011eaf0>] default_wake_function+0x0/0x10
[<c025ea9e>] netif_be_start_xmit+0x4e/0x3f0
[<c011223b>] send_IPI_mask_bitmask+0x7b/0x110
[<c011d8c1>] __activate_task+0x21/0x40
[<c011e7e1>] try_to_wake_up+0x41/0x350
[<c011d499>] __wake_up_common+0x39/0x60
[<c011da48>] __wake_up+0x38/0x50
[<c0305c20>] unix_write_space+0x80/0x90
[<c02a0718>] sock_wfree+0x38/0x40
[<c02a21a9>] __kfree_skb+0x49/0x110
[<c02a12f1>] skb_dequeue+0x41/0x60
[<c03040da>] unix_stream_recvmsg+0x23a/0x550
[<c018f3bb>] core_sys_select+0x1bb/0x2e0
[<c029bf30>] sock_aio_read+0x80/0x90
[<c017a6a4>] do_sync_read+0xc4/0x100
[<c013ae10>] autoremove_wake_function+0x0/0x50
[<c018fc01>] sys_select+0xe1/0x1a0
[<c010846e>] do_syscall_trace+0x1ee/0x205
[<c01059bf>] syscall_call+0x7/0xb
Code: 86 10 8b 04 24 e9 a1 f2 e1 ff 90 53 89 c1 8b 1d 04 47 36 c0 89 e0 25 00 e0
ff ff 8b 50 10 c1 e2 06 0f b6 44 1a 01 c6 44 1a 01 01 <f0> fe 09 79 19 a9
00 02 00 00 74 09 f3 90 80 39 00 7e f9 eb eb
EIP: [<c030c000>] _spin_lock_irqsave+0x20/0x40 SS:ESP 0069:ea005b28
Kernel trace 2
=============
eth0: port 3(vif15.0) entering learning state
eth0: topology change detected, propagating
eth0: port 3(vif15.0) entering forwarding state
avahi-daemon[3256]: Registering new address record for fe80::fcff:ffff:feff:ffff
on vif15.0.*.
avahi-daemon[3256]: Registering new address record for fe80::6496:d3ff:fee5:440e
on tap15.0.*.
BUG: unable to handle kernel NULL pointer dereference at virtual address
000004b4
printing eip:
c014fc3e
23b1a000 -> *pde = 00000000:25592001
1dc30000 -> *pme = 00000000:00000000
Oops: 0000 [#1]
SMP
Modules linked in: xt_physdev iptable_filter ip_tables x_tables tun bridge
rfcomm l2cap bluetooth autofs4 sunrpc binfmt_misc dm_mirror dm_multipath dm_mod
ipv6 joydev tsdev serio_raw usbhid tpm_infineon 8250_pnp 8250 serial_core tpm
tpm_bios ixgbe pcspkr i2c_i801 piix i2c_core sg evdev rtc aacraid usb_storage
libusual ata_piix ahci libata sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd
ehci_hcd usbcore
CPU: 0
EIP: 0061:[<c014fc3e>] Not tainted VLI
EFLAGS: 00010286 (2.6.18.8-xen #4)
EIP is at audit_syscall_exit+0x1e/0x340
eax: e2486014 ebx: 00000000 ecx: 00000001 edx: 00000000
esi: 00000000 edi: ea476800 ebp: 00000000 esp: e2487f64
ds: 007b es: 007b ss: 0069
Process qemu-dm (pid: 20819, ti=e2486000 task=e2c99770 task.ti=e2486000)
Stack: 0006e013 00000000 000301b6 49a2b00c e2487fa8 e2487fa8 00000000 e2486000
00000000 00000000 ea476800 00000001 c010843a c0139970 00000001 00000000
e2487fbc 00000001 f5616000 00000000 e2486000 c0105afd 00000001 bf934b04
Call Trace:
[<c010843a>] do_syscall_trace+0x1ba/0x205
[<c0139970>] posix_ktime_get_ts+0x0/0x10
[<c0105afd>] syscall_exit_work+0x25/0x2a
Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 83 ec 30 89 c1 89 e0 25 00 e0 ff
ff 89 5c 24 20 89 74 24 24 89 7c 24 28 89 6c 24 2c 8b 28 <8b> b5 b4 04 00
00 85 f6 75 14 8b 5c 24 20 8b 74 24 24 8b 7c 24
EIP: [<c014fc3e>] audit_syscall_exit+0x1e/0x340 SS:ESP 0069:e2487f64
Kernel trace 3
=============
eth1: port 2(tap2.2) entering forwarding state
device vif2.2 entered promiscuous mode
eth1: port 3(vif2.2) entering learning state
eth1: topology change detected, propagating
eth1: port 3(vif2.2) entering forwarding state
device vif2.1 entered promiscuous mode
device vif2.0 entered promiscuous mode
eth0: port 4(vif2.1) entering learning state
eth0: port 5(vif2.0) entering learning state
eth0: topology change detected, propagating
eth0: port 5(vif2.0) entering forwarding state
eth0: topology change detected, propagating
eth0: port 4(vif2.1) entering forwarding state
tap2.1: no IPv6 routers present
tap2.0: no IPv6 routers present
tap2.2: no IPv6 routers present
vif2.1: no IPv6 routers present
vif2.2: no IPv6 routers present
vif2.0: no IPv6 routers present
general protection fault: 0000 [#1]
SMP
Modules linked in: xt_physdev iptable_filter ip_tables x_tables tun bridge
rfcomm l2cap bluetooth autofs4 sunrpc binfmt_misc dm_mirror dm_multipath dm_mod
ipv6 8250_pnp 8250 serial_core joydev tsdev piix tpm_infineon tpm tpm_bios
i2c_i801 i2c_core pcspkr usbhid serio_raw ixgbe sg evdev rtc aacraid usb_storage
libusual ata_piix ahci libata sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd
ehci_hcd usbcore
CPU: 0
EIP: 0061:[<c030c000>] Not tainted VLI
EFLAGS: 00010046 (2.6.18.8-xen #4)
EIP is at _spin_lock_irqsave+0x20/0x40
eax: 00000000 ebx: f5616000 ecx: ffffffff edx: 00000000
esi: e68e3b14 edi: e68e3b44 ebp: 00000000 esp: e68e3b2c
ds: 007b es: 007b ss: 0069
Process qemu-dm (pid: 5437, ti=e68e2000 task=eaa3f480 task.ti=e68e2000)
Stack: ffffffff c012fed0 e68e3b68 ffffffff 00000000 c012ff13 00000000 e68e3b68
0003231f c012ff5e e68e3b68 c030ab26 c013b02a e68e3c8c c013b0cd 00000000
00200200 0003231f c012f530 eaa3f480 c043fe80 00000011 00000000 c018f113
Call Trace:
[<c012fed0>] lock_timer_base+0x20/0x50
[<c012ff13>] try_to_del_timer_sync+0x13/0x50
[<c012ff5e>] del_timer_sync+0xe/0x20
[<c030ab26>] schedule_timeout+0x56/0xd0
[<c013b02a>] remove_wait_queue+0x1a/0x50
[<c013b0cd>] add_wait_queue+0x1d/0x50
[<c012f530>] process_timeout+0x0/0x10
[<c018f113>] do_select+0x3a3/0x490
[<c018f7d0>] __pollwait+0x0/0x100
[<c011eaf0>] default_wake_function+0x0/0x10
[<c011eaf0>] default_wake_function+0x0/0x10
[<c011eaf0>] default_wake_function+0x0/0x10
[<c011eaf0>] default_wake_function+0x0/0x10
[<c011eaf0>] default_wake_function+0x0/0x10
[<c011eaf0>] default_wake_function+0x0/0x10
[<c01f0b88>] swiotlb_map_single+0xa8/0x1e0
[<c011223b>] send_IPI_mask_bitmask+0x7b/0x110
[<c011e7e1>] try_to_wake_up+0x41/0x350
[<c011d499>] __wake_up_common+0x39/0x60
[<c011da48>] __wake_up+0x38/0x50
[<c0305c20>] unix_write_space+0x80/0x90
[<c02a0718>] sock_wfree+0x38/0x40
[<c02a21a9>] __kfree_skb+0x49/0x110
[<c02a12f1>] skb_dequeue+0x41/0x60
[<c03040da>] unix_stream_recvmsg+0x23a/0x550
[<c011d8c1>] __activate_task+0x21/0x40
[<c018f3bb>] core_sys_select+0x1bb/0x2e0
[<c029bf30>] sock_aio_read+0x80/0x90
[<c017a6a4>] do_sync_read+0xc4/0x100
[<c013ae10>] autoremove_wake_function+0x0/0x50
[<c018fc01>] sys_select+0xe1/0x1a0
[<c010846e>] do_syscall_trace+0x1ee/0x205
[<c01059bf>] syscall_call+0x7/0xb
Code: 86 10 8b 04 24 e9 a1 f2 e1 ff 90 53 89 c1 8b 1d 04 47 36 c0 89 e0 25 00 e0
ff ff 8b 50 10 c1 e2 06 0f b6 44 1a 01 c6 44 1a 01 01 <f0> fe 09 79 19 a9
00 02 00 00 74 09 f3 90 80 39 00 7e f9 eb eb
EIP: [<c030c000>] _spin_lock_irqsave+0x20/0x40 SS:ESP 0069:e68e3b2c
qemu-dm.log
==========
domid: 2
qemu: the number of cpus is 1
config qemu network with xen bridge for tap2.0 eth0
config qemu network with xen bridge for tap2.1 eth0
config qemu network with xen bridge for tap2.2 eth1
Watching /local/domain/0/device-model/2/logdirty/next-active
Watching /local/domain/0/device-model/2/command
char device redirected to /dev/pts/2
qemu_map_cache_init nr_buckets = 4000 size 196608
shared page at pfn feffd
buffered io page at pfn feffb
Guest uuid = b4484d44-a16d-63b6-11e5-343dd1149359
Time offset set 0
populating video RAM at ff000000
mapping video RAM from ff000000
Register xen platform.
Done register platform.
xs_read(/local/domain/0/device-model/2/xen_extended_power_mgmt): read error
I/O request not ready: 0, ptr: 0, port: 0, data: 0, count: 0, size: 0
cirrus vga map change while on lfb mode
mapping vram to f0000000 - f0400000
gpe_en_write: addr=0x1f6c, val=0x0.
gpe_sts_write: addr=0x1f68, val=0xff.
gpe_en_write: addr=0x1f6d, val=0x0.
gpe_sts_write: addr=0x1f69, val=0xff.
gpe_en_write: addr=0x1f6e, val=0x0.
gpe_sts_write: addr=0x1f6a, val=0xff.
gpe_en_write: addr=0x1f6f, val=0x0.
gpe_sts_write: addr=0x1f6b, val=0xff.
gpe_en_write: addr=0x1f6c, val=0x8.
ACPI PCI hotplug: read addr=0x10c1, val=0x0.
ACPI PCI hotplug: read addr=0x10c2, val=0x0.
ACPI PCI hotplug: read addr=0x10c1, val=0x0.
ACPI PCI hotplug: read addr=0x10c2, val=0x0.
ACPI PCI hotplug: read addr=0x10c1, val=0x0.
ACPI PCI hotplug: read addr=0x10c2, val=0x0.
ACPI PCI hotplug: read addr=0x10c1, val=0x0.
ACPI PCI hotplug: read addr=0x10c2, val=0x0.
ACPI PCI hotplug: read addr=0x10c1, val=0x0.
ACPI PCI hotplug: read addr=0x10c2, val=0x0.
ACPI PCI hotplug: read addr=0x10c1, val=0x0.
ACPI PCI hotplug: read addr=0x10c2, val=0x0.
ACPI PCI hotplug: read addr=0x10c1, val=0x0.
ACPI PCI hotplug: read addr=0x10c2, val=0x0.
ACPI PCI hotplug: read addr=0x10c1, val=0x0.
ACPI PCI hotplug: read addr=0x10c2, val=0x0.
ACPI PCI hotplug: read addr=0x10c1, val=0x0.
ACPI PCI hotplug: read addr=0x10c2, val=0x0.
ACPI PCI hotplug: read addr=0x10c1, val=0x0.
ACPI PCI hotplug: read addr=0x10c2, val=0x0.
ACPI PCI hotplug: read addr=0x10c1, val=0x0.
ACPI PCI hotplug: read addr=0x10c2, val=0x0.
ACPI PCI hotplug: read addr=0x10c1, val=0x0.
ACPI PCI hotplug: read addr=0x10c2, val=0x0.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel