Bug 436881 - qemu-kvm: samba/smb causes "bad page state" and/or freeze
qemu-kvm: samba/smb causes "bad page state" and/or freeze
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: kvm (Show other bugs)
9
All Linux
low Severity medium
: ---
: ---
Assigned To: Glauber Costa
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-10 17:46 EDT by Tom London
Modified: 2009-03-20 12:45 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-20 12:45:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Tom London 2008-03-10 17:46:49 EDT
Description of problem:

Trying to get "qemu-kvm -smb dir" to work.

Started "smbd" via "service smb start", started qemu-kvm on WinXP guest image.

When attempting to use "\\smbserver\qemu" in WinXP guest, either get system
crash (nothing in logs), or the following:

Bad page state in process 'qemu-kvm'
page:c27ad158 flags:0x8000001c mapping:00000000 mapcount:1 count:0 (Tainted: P 
      )
Trying to fix it up, but a reboot is needed
Backtrace:
Pid: 2249, comm: qemu-kvm Tainted: P         2.6.25-0.101.rc4.git3.fc9 #1
 [<c046a9df>] bad_page+0x5e/0x8c
 [<c046b4c3>] free_hot_cold_page+0x63/0x1dc
 [<c046b67a>] free_hot_page+0xa/0xc
 [<c046e35e>] put_page+0xbb/0xc1
 [<f8f89f5d>] kvm_release_page_dirty+0x18/0x1a [kvm]
 [<f8f8ee5c>] rmap_remove+0x80/0x166 [kvm]
 [<f8f8efdb>] kvm_mmu_zap_page+0x99/0x22e [kvm]
 [<f8f90308>] kvm_mmu_pte_write+0x242/0x61e [kvm]
 [<f8f89d29>] ? kvm_write_guest_page+0x32/0x40 [kvm]
 [<f8f8e1e0>] emulator_write_emulated_onepage+0xa8/0x140 [kvm]
 [<f8f8e2c6>] emulator_write_emulated+0x4e/0x57 [kvm]
 [<f8f94d74>] x86_emulate_insn+0x2e9e/0x385e [kvm]
 [<f8f91d46>] ? x86_decode_insn+0x6db/0x86b [kvm]
 [<f8f8c3c0>] emulate_instruction+0x1d2/0x2a7 [kvm]
 [<f8f9142b>] kvm_mmu_page_fault+0x3f/0x78 [kvm]
 [<f8fb9382>] handle_exception+0x119/0x1b7 [kvm_intel]
 [<f8fb8347>] kvm_handle_exit+0x65/0x82 [kvm_intel]
 [<f8f8dc87>] kvm_arch_vcpu_ioctl_run+0x3ef/0x540 [kvm]
 [<f8f89329>] kvm_vcpu_ioctl+0xee/0x345 [kvm]
 [<c043f465>] ? clocksource_get_next+0xd/0x43
 [<c0638f69>] ? _spin_unlock_irqrestore+0x39/0x50
 [<c04d6216>] ? avc_has_perm_noaudit+0x3be/0x3dc
 [<c04d6b78>] ? avc_has_perm+0x39/0x43
 [<c04d80e7>] ? inode_has_perm+0x5b/0x65
 [<c043ddfb>] ? getnstimeofday+0x34/0xd1
 [<c04d84c1>] ? file_has_perm+0x7f/0x88
 [<f8f8923b>] ? kvm_vcpu_ioctl+0x0/0x345 [kvm]
 [<c04929a6>] vfs_ioctl+0x22/0x69
 [<c0492c26>] do_vfs_ioctl+0x239/0x24c
 [<c04d864d>] ? selinux_file_ioctl+0xa8/0xab
 [<c0492c79>] sys_ioctl+0x40/0x5b
 [<c0405d16>] syscall_call+0x7/0xb
 =======================
Bad page state in process 'qemu-kvm'
page:c1e12248 flags:0x8000001c mapping:00000000 mapcount:1 count:0 (Tainted: P 
  B   )
Trying to fix it up, but a reboot is needed
Backtrace:
Pid: 2249, comm: qemu-kvm Tainted: P    B    2.6.25-0.101.rc4.git3.fc9 #1
 [<c046a9df>] bad_page+0x5e/0x8c
 [<c046b4c3>] free_hot_cold_page+0x63/0x1dc
 [<c046b67a>] free_hot_page+0xa/0xc
 [<c046e35e>] put_page+0xbb/0xc1
 [<f8f89f5d>] kvm_release_page_dirty+0x18/0x1a [kvm]
 [<f8f8ee5c>] rmap_remove+0x80/0x166 [kvm]
 [<f8f8efdb>] kvm_mmu_zap_page+0x99/0x22e [kvm]
 [<f8f90308>] kvm_mmu_pte_write+0x242/0x61e [kvm]
 [<f8f89d29>] ? kvm_write_guest_page+0x32/0x40 [kvm]
 [<f8f8e1e0>] emulator_write_emulated_onepage+0xa8/0x140 [kvm]
 [<f8f8e2c6>] emulator_write_emulated+0x4e/0x57 [kvm]
 [<f8f94d74>] x86_emulate_insn+0x2e9e/0x385e [kvm]
 [<f8f91d46>] ? x86_decode_insn+0x6db/0x86b [kvm]
 [<f8f8c3c0>] emulate_instruction+0x1d2/0x2a7 [kvm]
 [<f8f9142b>] kvm_mmu_page_fault+0x3f/0x78 [kvm]
 [<f8fb9382>] handle_exception+0x119/0x1b7 [kvm_intel]
 [<f8fb8347>] kvm_handle_exit+0x65/0x82 [kvm_intel]
 [<f8f8dc87>] kvm_arch_vcpu_ioctl_run+0x3ef/0x540 [kvm]
 [<f8f89329>] kvm_vcpu_ioctl+0xee/0x345 [kvm]
 [<c043f465>] ? clocksource_get_next+0xd/0x43
 [<c0638f69>] ? _spin_unlock_irqrestore+0x39/0x50
 [<c04d6216>] ? avc_has_perm_noaudit+0x3be/0x3dc
 [<c04d6b78>] ? avc_has_perm+0x39/0x43
 [<c04d80e7>] ? inode_has_perm+0x5b/0x65
 [<c043ddfb>] ? getnstimeofday+0x34/0xd1
 [<c04d84c1>] ? file_has_perm+0x7f/0x88
 [<f8f8923b>] ? kvm_vcpu_ioctl+0x0/0x345 [kvm]
 [<c04929a6>] vfs_ioctl+0x22/0x69
 [<c0492c26>] do_vfs_ioctl+0x239/0x24c
 [<c04d864d>] ? selinux_file_ioctl+0xa8/0xab
 [<c0492c79>] sys_ioctl+0x40/0x5b
 [<c0405d16>] syscall_call+0x7/0xb
 =======================
Bad page state in process 'qemu-kvm'
page:c23cc0a8 flags:0x8000001c mapping:00000000 mapcount:1 count:0 (Tainted: P 
  B   )
Trying to fix it up, but a reboot is needed
Backtrace:
Pid: 2249, comm: qemu-kvm Tainted: P    B    2.6.25-0.101.rc4.git3.fc9 #1
 [<c046a9df>] bad_page+0x5e/0x8c
 [<c046b4c3>] free_hot_cold_page+0x63/0x1dc
 [<c046b67a>] free_hot_page+0xa/0xc
 [<c046e35e>] put_page+0xbb/0xc1
 [<f8f89f5d>] kvm_release_page_dirty+0x18/0x1a [kvm]
 [<f8f8ee5c>] rmap_remove+0x80/0x166 [kvm]
 [<f8f8efdb>] kvm_mmu_zap_page+0x99/0x22e [kvm]
 [<f8f90308>] kvm_mmu_pte_write+0x242/0x61e [kvm]
 [<f8f89d29>] ? kvm_write_guest_page+0x32/0x40 [kvm]
 [<f8f8e1e0>] emulator_write_emulated_onepage+0xa8/0x140 [kvm]
 [<f8f8e2c6>] emulator_write_emulated+0x4e/0x57 [kvm]
 [<f8f94d74>] x86_emulate_insn+0x2e9e/0x385e [kvm]
 [<f8f91d46>] ? x86_decode_insn+0x6db/0x86b [kvm]
 [<f8f8c3c0>] emulate_instruction+0x1d2/0x2a7 [kvm]
 [<f8f9142b>] kvm_mmu_page_fault+0x3f/0x78 [kvm]
 [<f8fb9382>] handle_exception+0x119/0x1b7 [kvm_intel]
 [<f8fb8347>] kvm_handle_exit+0x65/0x82 [kvm_intel]
 [<f8f8dc87>] kvm_arch_vcpu_ioctl_run+0x3ef/0x540 [kvm]
 [<f8f89329>] kvm_vcpu_ioctl+0xee/0x345 [kvm]
 [<c043f465>] ? clocksource_get_next+0xd/0x43
 [<c0638f69>] ? _spin_unlock_irqrestore+0x39/0x50
 [<c04d6216>] ? avc_has_perm_noaudit+0x3be/0x3dc
 [<c04d6b78>] ? avc_has_perm+0x39/0x43
 [<c04d80e7>] ? inode_has_perm+0x5b/0x65
 [<c043ddfb>] ? getnstimeofday+0x34/0xd1
 [<c04d84c1>] ? file_has_perm+0x7f/0x88
 [<f8f8923b>] ? kvm_vcpu_ioctl+0x0/0x345 [kvm]
 [<c04929a6>] vfs_ioctl+0x22/0x69
 [<c0492c26>] do_vfs_ioctl+0x239/0x24c
 [<c04d864d>] ? selinux_file_ioctl+0xa8/0xab
 [<c0492c79>] sys_ioctl+0x40/0x5b
 [<c0405d16>] syscall_call+0x7/0xb
 =======================
------------[ cut here ]------------
kernel BUG at include/linux/mm.h:263!
invalid opcode: 0000 [#1] SMP 
Modules linked in: sha256_generic aes_i586 aes_generic cbc dm_crypt vmnet(P)
vmmon(P) coretemp ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr
iscsi_tcp libiscsi scsi_transport_iscsi nf_conntrack_ipv4 ipt_REJECT
iptable_filter ip_tables nf_conntrack_netbios_ns nf_conntrack_ipv6 xt_state
nf_conntrack xt_tcpudp ip6t_ipv6header ip6t_REJECT ip6table_filter ip6_tables
x_tables ipv6 cpufreq_ondemand acpi_cpufreq fuse loop dm_multipath kvm_intel kvm
snd_usb_audio snd_usb_lib snd_rawmidi arc4 ecb thinkpad_acpi sdhci
crypto_blkcipher mmc_core sr_mod snd_hda_intel cdrom battery parport_pc iTCO_wdt
iTCO_vendor_support ac snd_seq_dummy iwl3945 snd_seq_oss snd_seq_midi_event
snd_seq firewire_ohci firewire_core snd_seq_device i915 snd_pcm_oss button
parport ata_piix snd_mixer_oss drm i2c_algo_bit nsc_ircc snd_pcm ata_generic
hwmon irda i2c_i801 pata_acpi snd_timer e1000e usblp i2c_core snd_page_alloc
snd_hwdep crc_ccitt snd crc_itu_t mac80211 cfg80211 soundcore sg dm_snapshot
dm_zero dm_mirror dm_mod ahci libata sd_mod scsi_mod ext3 jbd mbcache uhci_hcd
ohci_hcd ehci_hcd [last unloaded: scsi_wait_scan]

Pid: 2249, comm: qemu-kvm Tainted: P    B    (2.6.25-0.101.rc4.git3.fc9 #1)
EIP: 0060:[<c0473300>] EFLAGS: 00010246 CPU: 0
EIP is at follow_page+0x152/0x1f4
EAX: 00000000 EBX: c1e12248 ECX: 0004052f EDX: c1e12248
ESI: 4052f067 EDI: 00000007 EBP: d7389c4c ESP: d7389c24
 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
Process qemu-kvm (pid: 2249, ti=d7389000 task=e7cde000 task.ti=d7389000)
Stack: a140a000 c8401580 00000001 c18211f4 e529b028 d7389c4c c04768c2 00000007 
       00000000 c8401580 d7389c88 c0474913 f8f90c04 d7389c98 ea19c000 e7cde000 
       f8f8f856 00000246 ea19c064 00000000 00000020 a140a000 a140a000 df3ae000 
Call Trace:
 [<c04768c2>] ? find_extend_vma+0x15/0x4d
 [<c0474913>] ? get_user_pages+0x277/0x2d6
 [<f8f90c04>] ? paging32_walk_addr+0xa3/0x256 [kvm]
 [<f8f8f856>] ? mmu_set_spte+0x295/0x378 [kvm]
 [<f8f89fdb>] ? gfn_to_page+0x72/0xae [kvm]
 [<c0638077>] ? down_read+0x63/0x6a
 [<f8f911aa>] ? paging32_page_fault+0xa4/0x2e6 [kvm]
 [<f8f91402>] ? kvm_mmu_page_fault+0x16/0x78 [kvm]
 [<f8fb9382>] ? handle_exception+0x119/0x1b7 [kvm_intel]
 [<f8fb8347>] ? kvm_handle_exit+0x65/0x82 [kvm_intel]
 [<f8f8dc87>] ? kvm_arch_vcpu_ioctl_run+0x3ef/0x540 [kvm]
 [<f8f89329>] ? kvm_vcpu_ioctl+0xee/0x345 [kvm]
 [<c043f465>] ? clocksource_get_next+0xd/0x43
 [<c0638f69>] ? _spin_unlock_irqrestore+0x39/0x50
 [<c04d6216>] ? avc_has_perm_noaudit+0x3be/0x3dc
 [<c04d6b78>] ? avc_has_perm+0x39/0x43
 [<c04d80e7>] ? inode_has_perm+0x5b/0x65
 [<c043ddfb>] ? getnstimeofday+0x34/0xd1
 [<c04d84c1>] ? file_has_perm+0x7f/0x88
 [<f8f8923b>] ? kvm_vcpu_ioctl+0x0/0x345 [kvm]
 [<c04929a6>] ? vfs_ioctl+0x22/0x69
 [<c0492c26>] ? do_vfs_ioctl+0x239/0x24c
 [<c04d864d>] ? selinux_file_ioctl+0xa8/0xab
 [<c0492c79>] ? sys_ioctl+0x40/0x5b
 [<c0405d16>] ? syscall_call+0x7/0xb
 =======================
Code: ed f8 ff ff 85 c0 89 c3 74 57 f7 c7 04 00 00 00 74 21 8b 00 89 da 25 00 40
02 00 3d 00 40 02 00 75 03 8b 53 0c 83 7a 04 00 75 04 <0f> 0b eb fe f0 ff 42 04
83 e7 02 74 29 83 7d e0 00 74 18 89 f0 
EIP: [<c0473300>] follow_page+0x152/0x1f4 SS:ESP 0068:d7389c24
---[ end trace b71339722fcfd418 ]---
note: qemu-kvm[2249] exited with preempt_count 1
BUG: sleeping function called from invalid context at kernel/rwsem.c:21
in_atomic():1, irqs_disabled():0
INFO: lockdep is turned off.
Pid: 2249, comm: qemu-kvm Tainted: P    B D  2.6.25-0.101.rc4.git3.fc9 #1
 [<c0422c83>] __might_sleep+0xd1/0xd6
 [<c063802a>] down_read+0x16/0x6a
 [<c04476d0>] futex_wake+0x2e/0xcb
 [<c04fc4c6>] ? number+0x106/0x1c0
 [<c0448711>] do_futex+0x9d/0xa6e
 [<c0638f9d>] ? _spin_unlock+0x1d/0x20
 [<c055437f>] ? vt_console_print+0x281/0x289
 [<c04fcd68>] ? vsnprintf+0x3e7/0x420
 [<c05540fe>] ? vt_console_print+0x0/0x289
 [<c0463df1>] ? __delayacct_add_tsk+0x175/0x206
 [<c04491b3>] sys_futex+0xd1/0xe7
 [<c04266b0>] mm_release+0x61/0x6b
 [<c0429efa>] exit_mm+0x18/0xe7
 [<c042b6f5>] do_exit+0x1fc/0x635
 [<c042851e>] ? oops_exit+0x23/0x28
 [<c0407330>] die+0x15c/0x164
 [<c0639d05>] do_trap+0x8a/0xa3
 [<c04076fc>] ? do_invalid_op+0x0/0x76
 [<c0407768>] do_invalid_op+0x6c/0x76
 [<c0473300>] ? follow_page+0x152/0x1f4
 [<c0474594>] ? handle_mm_fault+0x62a/0x732
 [<c04745e4>] ? handle_mm_fault+0x67a/0x732
 [<c0639622>] error_code+0x72/0x78
 [<c047007b>] ? kswapd+0x39a/0x447
 [<c0473300>] ? follow_page+0x152/0x1f4
 [<c04768c2>] ? find_extend_vma+0x15/0x4d
 [<c0474913>] get_user_pages+0x277/0x2d6
 [<f8f90c04>] ? paging32_walk_addr+0xa3/0x256 [kvm]
 [<f8f8f856>] ? mmu_set_spte+0x295/0x378 [kvm]
 [<f8f89fdb>] gfn_to_page+0x72/0xae [kvm]
 [<c0638077>] ? down_read+0x63/0x6a
 [<f8f911aa>] paging32_page_fault+0xa4/0x2e6 [kvm]
 [<f8f91402>] kvm_mmu_page_fault+0x16/0x78 [kvm]
 [<f8fb9382>] handle_exception+0x119/0x1b7 [kvm_intel]
 [<f8fb8347>] kvm_handle_exit+0x65/0x82 [kvm_intel]
 [<f8f8dc87>] kvm_arch_vcpu_ioctl_run+0x3ef/0x540 [kvm]
 [<f8f89329>] kvm_vcpu_ioctl+0xee/0x345 [kvm]
 [<c043f465>] ? clocksource_get_next+0xd/0x43
 [<c0638f69>] ? _spin_unlock_irqrestore+0x39/0x50
 [<c04d6216>] ? avc_has_perm_noaudit+0x3be/0x3dc
 [<c04d6b78>] ? avc_has_perm+0x39/0x43
 [<c04d80e7>] ? inode_has_perm+0x5b/0x65
 [<c043ddfb>] ? getnstimeofday+0x34/0xd1
 [<c04d84c1>] ? file_has_perm+0x7f/0x88
 [<f8f8923b>] ? kvm_vcpu_ioctl+0x0/0x345 [kvm]
 [<c04929a6>] vfs_ioctl+0x22/0x69
 [<c0492c26>] do_vfs_ioctl+0x239/0x24c
 [<c04d864d>] ? selinux_file_ioctl+0xa8/0xab
 [<c0492c79>] sys_ioctl+0x40/0x5b
 [<c0405d16>] syscall_call+0x7/0xb
 =======================



Version-Release number of selected component (if applicable):
kernel-2.6.25-0.101.rc4.git3.fc9.i686
kvm-63-2.fc9.i386

How reproducible:
System freeze most common result.
Fails every time.


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Tom London 2008-03-11 19:43:11 EDT
Similar "crash" with kernel-2.6.25-0.105.rc5.fc9.i686

kvm: guest NX capability removed
Bad page state in process 'qemu-kvm'
page:c1dc8dc8 flags:0x8000001c mapping:00000000 mapcount:1 count:0 (Tainted: P 
      )
Trying to fix it up, but a reboot is needed
Backtrace:
Pid: 6586, comm: qemu-kvm Tainted: P         2.6.25-0.105.rc5.fc9 #1
 [<c046a9c7>] bad_page+0x5e/0x8c
 [<c046b4ab>] free_hot_cold_page+0x63/0x1dc
 [<c046b662>] free_hot_page+0xa/0xc
 [<c046e346>] put_page+0xbb/0xc1
 [<f8f94f5d>] kvm_release_page_dirty+0x18/0x1a [kvm]
 [<f8f99e5c>] rmap_remove+0x80/0x166 [kvm]
 [<f8f99fdb>] kvm_mmu_zap_page+0x99/0x22e [kvm]
 [<f8f9b308>] kvm_mmu_pte_write+0x242/0x61e [kvm]
 [<f8f94d29>] ? kvm_write_guest_page+0x32/0x40 [kvm]
 [<f8f991e0>] emulator_write_emulated_onepage+0xa8/0x140 [kvm]
 [<f8f992c6>] emulator_write_emulated+0x4e/0x57 [kvm]
 [<f8f9fd74>] x86_emulate_insn+0x2e9e/0x385e [kvm]
 [<f8f9cd46>] ? x86_decode_insn+0x6db/0x86b [kvm]
 [<f8f973c0>] emulate_instruction+0x1d2/0x2a7 [kvm]
 [<f8f9c42b>] kvm_mmu_page_fault+0x3f/0x78 [kvm]
 [<f8fc4382>] handle_exception+0x119/0x1b7 [kvm_intel]
 [<f8fc3347>] kvm_handle_exit+0x65/0x82 [kvm_intel]
 [<f8f98c87>] kvm_arch_vcpu_ioctl_run+0x3ef/0x540 [kvm]
 [<f8f94329>] kvm_vcpu_ioctl+0xee/0x345 [kvm]
 [<c043f455>] ? clocksource_get_next+0xd/0x43
 [<c042ce8f>] ? irq_exit+0x5f/0x77
 [<c04080d3>] ? do_IRQ+0xac/0xc5
 [<c04d61fe>] ? avc_has_perm_noaudit+0x3be/0x3dc
 [<c04d6b60>] ? avc_has_perm+0x39/0x43
 [<c04d80cf>] ? inode_has_perm+0x5b/0x65
 [<c04fb552>] ? rb_insert_color+0x56/0xc0
 [<c04d84a9>] ? file_has_perm+0x7f/0x88
 [<f8f9423b>] ? kvm_vcpu_ioctl+0x0/0x345 [kvm]
 [<c049298e>] vfs_ioctl+0x22/0x69
 [<c0492c0e>] do_vfs_ioctl+0x239/0x24c
 [<c04d8635>] ? selinux_file_ioctl+0xa8/0xab
 [<c0492c61>] sys_ioctl+0x40/0x5b
 [<c0405d16>] syscall_call+0x7/0xb
 =======================
Bad page state in process 'qemu-kvm'
page:c1d91f48 flags:0x8000001c mapping:00000000 mapcount:1 count:0 (Tainted: P 
  B   )
Trying to fix it up, but a reboot is needed
Backtrace:
Pid: 6586, comm: qemu-kvm Tainted: P    B    2.6.25-0.105.rc5.fc9 #1
 [<c046a9c7>] bad_page+0x5e/0x8c
 [<c046b4ab>] free_hot_cold_page+0x63/0x1dc
 [<c046b662>] free_hot_page+0xa/0xc
 [<c046e346>] put_page+0xbb/0xc1
 [<f8f94f5d>] kvm_release_page_dirty+0x18/0x1a [kvm]
 [<f8f99e5c>] rmap_remove+0x80/0x166 [kvm]
 [<f8f99fdb>] kvm_mmu_zap_page+0x99/0x22e [kvm]
 [<f8f9b308>] kvm_mmu_pte_write+0x242/0x61e [kvm]
 [<f8f94d29>] ? kvm_write_guest_page+0x32/0x40 [kvm]
 [<f8f991e0>] emulator_write_emulated_onepage+0xa8/0x140 [kvm]
 [<f8f992c6>] emulator_write_emulated+0x4e/0x57 [kvm]
 [<f8f9fd74>] x86_emulate_insn+0x2e9e/0x385e [kvm]
 [<f8f9cd46>] ? x86_decode_insn+0x6db/0x86b [kvm]
 [<f8f973c0>] emulate_instruction+0x1d2/0x2a7 [kvm]
 [<f8f9c42b>] kvm_mmu_page_fault+0x3f/0x78 [kvm]
 [<f8fc4382>] handle_exception+0x119/0x1b7 [kvm_intel]
 [<f8fc3347>] kvm_handle_exit+0x65/0x82 [kvm_intel]
 [<f8f98c87>] kvm_arch_vcpu_ioctl_run+0x3ef/0x540 [kvm]
 [<f8f94329>] kvm_vcpu_ioctl+0xee/0x345 [kvm]
 [<c043f455>] ? clocksource_get_next+0xd/0x43
 [<c042ce8f>] ? irq_exit+0x5f/0x77
 [<c04080d3>] ? do_IRQ+0xac/0xc5
 [<c04d61fe>] ? avc_has_perm_noaudit+0x3be/0x3dc
 [<c04d6b60>] ? avc_has_perm+0x39/0x43
 [<c04d80cf>] ? inode_has_perm+0x5b/0x65
 [<c04fb597>] ? rb_insert_color+0x9b/0xc0
 [<c04d84a9>] ? file_has_perm+0x7f/0x88
 [<f8f9423b>] ? kvm_vcpu_ioctl+0x0/0x345 [kvm]
 [<c049298e>] vfs_ioctl+0x22/0x69
 [<c0492c0e>] do_vfs_ioctl+0x239/0x24c
 [<c04d8635>] ? selinux_file_ioctl+0xa8/0xab
 [<c0492c61>] sys_ioctl+0x40/0x5b
 [<c0405d16>] syscall_call+0x7/0xb
 =======================
Bad page state in process 'qemu-kvm'
page:c1dfffc8 flags:0x8000001c mapping:00000000 mapcount:1 count:0 (Tainted: P 
  B   )
Trying to fix it up, but a reboot is needed
Backtrace:
Pid: 6586, comm: qemu-kvm Tainted: P    B    2.6.25-0.105.rc5.fc9 #1
 [<c046a9c7>] bad_page+0x5e/0x8c
 [<c046b4ab>] free_hot_cold_page+0x63/0x1dc
 [<c046b662>] free_hot_page+0xa/0xc
 [<c046e346>] put_page+0xbb/0xc1
 [<f8f94f5d>] kvm_release_page_dirty+0x18/0x1a [kvm]
 [<f8f99e5c>] rmap_remove+0x80/0x166 [kvm]
 [<f8f99fdb>] kvm_mmu_zap_page+0x99/0x22e [kvm]
 [<f8f9b308>] kvm_mmu_pte_write+0x242/0x61e [kvm]
 [<f8f94d29>] ? kvm_write_guest_page+0x32/0x40 [kvm]
 [<f8f991e0>] emulator_write_emulated_onepage+0xa8/0x140 [kvm]
 [<f8f992c6>] emulator_write_emulated+0x4e/0x57 [kvm]
 [<f8f9fd74>] x86_emulate_insn+0x2e9e/0x385e [kvm]
 [<f8f9cd46>] ? x86_decode_insn+0x6db/0x86b [kvm]
 [<f8f973c0>] emulate_instruction+0x1d2/0x2a7 [kvm]
 [<f8f9c42b>] kvm_mmu_page_fault+0x3f/0x78 [kvm]
 [<f8fc4382>] handle_exception+0x119/0x1b7 [kvm_intel]
 [<f8fc3347>] kvm_handle_exit+0x65/0x82 [kvm_intel]
 [<f8f98c87>] kvm_arch_vcpu_ioctl_run+0x3ef/0x540 [kvm]
 [<f8f94329>] kvm_vcpu_ioctl+0xee/0x345 [kvm]
 [<c043f455>] ? clocksource_get_next+0xd/0x43
 [<c042ce8f>] ? irq_exit+0x5f/0x77
 [<c04080d3>] ? do_IRQ+0xac/0xc5
 [<c04d61fe>] ? avc_has_perm_noaudit+0x3be/0x3dc
 [<c04d6b60>] ? avc_has_perm+0x39/0x43
 [<c04d80cf>] ? inode_has_perm+0x5b/0x65
 [<c04fb597>] ? rb_insert_color+0x9b/0xc0
 [<c04d84a9>] ? file_has_perm+0x7f/0x88
 [<f8f9423b>] ? kvm_vcpu_ioctl+0x0/0x345 [kvm]
 [<c049298e>] vfs_ioctl+0x22/0x69
 [<c0492c0e>] do_vfs_ioctl+0x239/0x24c
 [<c04d8635>] ? selinux_file_ioctl+0xa8/0xab
 [<c0492c61>] sys_ioctl+0x40/0x5b
 [<c0405d16>] syscall_call+0x7/0xb
 =======================
------------[ cut here ]------------
kernel BUG at include/linux/mm.h:263!
invalid opcode: 0000 [#1] SMP 
Modules linked in: sha256_generic aes_i586 aes_generic cbc dm_crypt vmnet(P)
vmmon(P) coretemp ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr
iscsi_tcp libiscsi scsi_transport_iscsi nf_conntrack_ipv4 ipt_REJECT
iptable_filter ip_tables nf_conntrack_netbios_ns nf_conntrack_ipv6 xt_state
nf_conntrack xt_tcpudp ip6t_ipv6header ip6t_REJECT ip6table_filter ip6_tables
x_tables ipv6 cpufreq_ondemand acpi_cpufreq fuse loop dm_multipath kvm_intel kvm
snd_usb_audio snd_usb_lib snd_rawmidi sr_mod cdrom snd_hda_intel snd_seq_dummy
snd_seq_oss snd_seq_midi_event parport_pc ata_piix thinkpad_acpi hwmon snd_seq
snd_seq_device nsc_ircc arc4 ecb snd_pcm_oss parport battery sdhci i915
snd_mixer_oss ata_generic firewire_ohci firewire_core ac crypto_blkcipher
mmc_core snd_pcm iTCO_wdt iTCO_vendor_support iwl3945 pata_acpi irda button
snd_timer mac80211 snd_page_alloc drm crc_ccitt crc_itu_t sg cfg80211 usblp
snd_hwdep snd i2c_algo_bit e1000e i2c_i801 soundcore i2c_core dm_snapshot
dm_zero dm_mirror dm_mod ahci libata sd_mod scsi_mod ext3 jbd mbcache uhci_hcd
ohci_hcd ehci_hcd [last unloaded: scsi_wait_scan]

Pid: 6586, comm: qemu-kvm Tainted: P    B    (2.6.25-0.105.rc5.fc9 #1)
EIP: 0060:[<c04732e8>] EFLAGS: 00010246 CPU: 0
EIP is at follow_page+0x152/0x1f4
EAX: 00000000 EBX: c1d91f48 ECX: 0003e08f EDX: c1d91f48
ESI: 3e08f067 EDI: 00000007 EBP: e933cc4c ESP: e933cc24
 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
Process qemu-kvm (pid: 6586, ti=e933c000 task=f7bc6000 task.ti=e933c000)
Stack: a125e000 e9a78600 00000001 c15423b4 d80a3978 e933cc4c c04768aa 00000007 
       00000000 e9a78600 e933cc88 c04748fb f8f9bc04 e933cc98 e8f51c80 f7bc6000 
       f8f9a856 00000246 e8f51ce4 00000000 00000020 a125e000 a125e000 c3c00000 
Call Trace:
 [<c04768aa>] ? find_extend_vma+0x15/0x4d
 [<c04748fb>] ? get_user_pages+0x277/0x2d6
 [<f8f9bc04>] ? paging32_walk_addr+0xa3/0x256 [kvm]
 [<f8f9a856>] ? mmu_set_spte+0x295/0x378 [kvm]
 [<f8f94fdb>] ? gfn_to_page+0x72/0xae [kvm]
 [<c0638037>] ? down_read+0x63/0x6a
 [<f8f9c1aa>] ? paging32_page_fault+0xa4/0x2e6 [kvm]
 [<f8f9c402>] ? kvm_mmu_page_fault+0x16/0x78 [kvm]
 [<f8fc4382>] ? handle_exception+0x119/0x1b7 [kvm_intel]
 [<f8fc3347>] ? kvm_handle_exit+0x65/0x82 [kvm_intel]
 [<f8f98c87>] ? kvm_arch_vcpu_ioctl_run+0x3ef/0x540 [kvm]
 [<f8f94329>] ? kvm_vcpu_ioctl+0xee/0x345 [kvm]
 [<c043f455>] ? clocksource_get_next+0xd/0x43
 [<c042ce8f>] ? irq_exit+0x5f/0x77
 [<c04080d3>] ? do_IRQ+0xac/0xc5
 [<c04d61fe>] ? avc_has_perm_noaudit+0x3be/0x3dc
 [<c04d6b60>] ? avc_has_perm+0x39/0x43
 [<c04d80cf>] ? inode_has_perm+0x5b/0x65
 [<c04fb597>] ? rb_insert_color+0x9b/0xc0
 [<c04d84a9>] ? file_has_perm+0x7f/0x88
 [<f8f9423b>] ? kvm_vcpu_ioctl+0x0/0x345 [kvm]
 [<c049298e>] ? vfs_ioctl+0x22/0x69
 [<c0492c0e>] ? do_vfs_ioctl+0x239/0x24c
 [<c04d8635>] ? selinux_file_ioctl+0xa8/0xab
 [<c0492c61>] ? sys_ioctl+0x40/0x5b
 [<c0405d16>] ? syscall_call+0x7/0xb
 =======================
Code: ed f8 ff ff 85 c0 89 c3 74 57 f7 c7 04 00 00 00 74 21 8b 00 89 da 25 00 40
02 00 3d 00 40 02 00 75 03 8b 53 0c 83 7a 04 00 75 04 <0f> 0b eb fe f0 ff 42 04
83 e7 02 74 29 83 7d e0 00 74 18 89 f0 
EIP: [<c04732e8>] follow_page+0x152/0x1f4 SS:ESP 0068:e933cc24
---[ end trace 6382c7ba58d319cb ]---
note: qemu-kvm[6586] exited with preempt_count 1
BUG: sleeping function called from invalid context at kernel/rwsem.c:21
in_atomic():1, irqs_disabled():0
INFO: lockdep is turned off.
Pid: 6586, comm: qemu-kvm Tainted: P    B D  2.6.25-0.105.rc5.fc9 #1
 [<c0422c64>] __might_sleep+0xd1/0xd6
 [<c0637fea>] down_read+0x16/0x6a
 [<c04476b8>] futex_wake+0x2e/0xcb
 [<c04fc4aa>] ? number+0x106/0x1c0
 [<c04486f9>] do_futex+0x9d/0xa6e
 [<c0638f5d>] ? _spin_unlock+0x1d/0x20
 [<c055435f>] ? vt_console_print+0x281/0x289
 [<c04fcd4c>] ? vsnprintf+0x3e7/0x420
 [<c05540de>] ? vt_console_print+0x0/0x289
 [<c0463dd9>] ? __delayacct_add_tsk+0x175/0x206
 [<c044919b>] sys_futex+0xd1/0xe7
 [<c0426690>] mm_release+0x61/0x6b
 [<c0429eda>] exit_mm+0x18/0xe7
 [<c042b6d6>] do_exit+0x1fc/0x635
 [<c04284fe>] ? oops_exit+0x23/0x28
 [<c0407330>] die+0x15c/0x164
 [<c0639cc5>] do_trap+0x8a/0xa3
 [<c04076fc>] ? do_invalid_op+0x0/0x76
 [<c0407768>] do_invalid_op+0x6c/0x76
 [<c04732e8>] ? follow_page+0x152/0x1f4
 [<c047457c>] ? handle_mm_fault+0x62a/0x732
 [<c043f455>] ? clocksource_get_next+0xd/0x43
 [<c06395e2>] error_code+0x72/0x78
 [<c047007b>] ? kswapd+0x3b2/0x447
 [<c04732e8>] ? follow_page+0x152/0x1f4
 [<c04768aa>] ? find_extend_vma+0x15/0x4d
 [<c04748fb>] get_user_pages+0x277/0x2d6
 [<f8f9bc04>] ? paging32_walk_addr+0xa3/0x256 [kvm]
 [<f8f9a856>] ? mmu_set_spte+0x295/0x378 [kvm]
 [<f8f94fdb>] gfn_to_page+0x72/0xae [kvm]
 [<c0638037>] ? down_read+0x63/0x6a
 [<f8f9c1aa>] paging32_page_fault+0xa4/0x2e6 [kvm]
 [<f8f9c402>] kvm_mmu_page_fault+0x16/0x78 [kvm]
 [<f8fc4382>] handle_exception+0x119/0x1b7 [kvm_intel]
 [<f8fc3347>] kvm_handle_exit+0x65/0x82 [kvm_intel]
 [<f8f98c87>] kvm_arch_vcpu_ioctl_run+0x3ef/0x540 [kvm]
 [<f8f94329>] kvm_vcpu_ioctl+0xee/0x345 [kvm]
 [<c043f455>] ? clocksource_get_next+0xd/0x43
 [<c042ce8f>] ? irq_exit+0x5f/0x77
 [<c04080d3>] ? do_IRQ+0xac/0xc5
 [<c04d61fe>] ? avc_has_perm_noaudit+0x3be/0x3dc
 [<c04d6b60>] ? avc_has_perm+0x39/0x43
 [<c04d80cf>] ? inode_has_perm+0x5b/0x65
 [<c04fb597>] ? rb_insert_color+0x9b/0xc0
 [<c04d84a9>] ? file_has_perm+0x7f/0x88
 [<f8f9423b>] ? kvm_vcpu_ioctl+0x0/0x345 [kvm]
 [<c049298e>] vfs_ioctl+0x22/0x69
 [<c0492c0e>] do_vfs_ioctl+0x239/0x24c
 [<c04d8635>] ? selinux_file_ioctl+0xa8/0xab
 [<c0492c61>] sys_ioctl+0x40/0x5b
 [<c0405d16>] syscall_call+0x7/0xb
 =======================
BUG: scheduling while atomic: qemu-kvm/6586/0x10000001
INFO: lockdep is turned off.
Pid: 6586, comm: qemu-kvm Tainted: P    B D  2.6.25-0.105.rc5.fc9 #1
 [<c04254ca>] __schedule_bug+0x61/0x68
 [<c06367a4>] schedule+0x97/0x6f2
 [<c04258f4>] __cond_resched+0x25/0x3b
 [<c0636eec>] _cond_resched+0x24/0x2f
 [<c0637ff2>] down_read+0x1e/0x6a
 [<c04476b8>] futex_wake+0x2e/0xcb
 [<c04fc4aa>] ? number+0x106/0x1c0
 [<c04486f9>] do_futex+0x9d/0xa6e
 [<c0638f5d>] ? _spin_unlock+0x1d/0x20
 [<c055435f>] ? vt_console_print+0x281/0x289
 [<c04fcd4c>] ? vsnprintf+0x3e7/0x420
 [<c05540de>] ? vt_console_print+0x0/0x289
 [<c0463dd9>] ? __delayacct_add_tsk+0x175/0x206
 [<c044919b>] sys_futex+0xd1/0xe7
 [<c0426690>] mm_release+0x61/0x6b
 [<c0429eda>] exit_mm+0x18/0xe7
 [<c042b6d6>] do_exit+0x1fc/0x635
 [<c04284fe>] ? oops_exit+0x23/0x28
 [<c0407330>] die+0x15c/0x164
 [<c0639cc5>] do_trap+0x8a/0xa3
 [<c04076fc>] ? do_invalid_op+0x0/0x76
 [<c0407768>] do_invalid_op+0x6c/0x76
 [<c04732e8>] ? follow_page+0x152/0x1f4
 [<c047457c>] ? handle_mm_fault+0x62a/0x732
 [<c043f455>] ? clocksource_get_next+0xd/0x43
 [<c06395e2>] error_code+0x72/0x78
 [<c047007b>] ? kswapd+0x3b2/0x447
 [<c04732e8>] ? follow_page+0x152/0x1f4
 [<c04768aa>] ? find_extend_vma+0x15/0x4d
 [<c04748fb>] get_user_pages+0x277/0x2d6
 [<f8f9bc04>] ? paging32_walk_addr+0xa3/0x256 [kvm]
 [<f8f9a856>] ? mmu_set_spte+0x295/0x378 [kvm]
 [<f8f94fdb>] gfn_to_page+0x72/0xae [kvm]
 [<c0638037>] ? down_read+0x63/0x6a
 [<f8f9c1aa>] paging32_page_fault+0xa4/0x2e6 [kvm]
 [<f8f9c402>] kvm_mmu_page_fault+0x16/0x78 [kvm]
 [<f8fc4382>] handle_exception+0x119/0x1b7 [kvm_intel]
 [<f8fc3347>] kvm_handle_exit+0x65/0x82 [kvm_intel]
 [<f8f98c87>] kvm_arch_vcpu_ioctl_run+0x3ef/0x540 [kvm]
 [<f8f94329>] kvm_vcpu_ioctl+0xee/0x345 [kvm]
 [<c043f455>] ? clocksource_get_next+0xd/0x43
 [<c042ce8f>] ? irq_exit+0x5f/0x77
 [<c04080d3>] ? do_IRQ+0xac/0xc5
 [<c04d61fe>] ? avc_has_perm_noaudit+0x3be/0x3dc
 [<c04d6b60>] ? avc_has_perm+0x39/0x43
 [<c04d80cf>] ? inode_has_perm+0x5b/0x65
 [<c04fb597>] ? rb_insert_color+0x9b/0xc0
 [<c04d84a9>] ? file_has_perm+0x7f/0x88
 [<f8f9423b>] ? kvm_vcpu_ioctl+0x0/0x345 [kvm]
 [<c049298e>] vfs_ioctl+0x22/0x69
 [<c0492c0e>] do_vfs_ioctl+0x239/0x24c
 [<c04d8635>] ? selinux_file_ioctl+0xa8/0xab
 [<c0492c61>] sys_ioctl+0x40/0x5b
 [<c0405d16>] syscall_call+0x7/0xb
 =======================
Comment 2 Chuck Ebbert 2008-03-13 16:44:35 EDT
There have been no kvm updates since -rc5, so it looks like this is unfixed.
Comment 3 Tom London 2008-03-16 15:18:20 EDT
Still happens with kernel-2.6.25-0.121.rc5.git4.fc9.i686; this time, no dump. 
Just hard freeze.

Mar 16 12:05:48 localhost kernel: kvm: guest NX capability removed
Mar 16 12:06:02 localhost kernel: kvm: emulating exchange as write
Mar 16 12:07:50 localhost kernel: Bad page state in process 'qemu-kvm'
Mar 16 12:09:55 localhost kernel: imklog 3.12.1, log source = /proc/kmsg started.
Mar 16 12:09:55 localhost kernel: Inspecting
/boot/System.map-2.6.25-0.121.rc5.git4.fc9
Mar 16 12:09:56 localhost kernel: Loaded 28551 symbols from
/boot/System.map-2.6.25-0.121.rc5.git4.fc9.
Mar 16 12:09:56 localhost kernel: Symbols match kernel version 2.6.25.
Mar 16 12:09:56 localhost kernel: No module symbols loaded - kernel modules not
enabled.
Comment 4 Tom London 2008-04-10 09:58:39 EDT
Running kernel-2.6.25-0.212.rc8.git6.fc9.i686 (and a few previous) no long
observe this.

Believe there is still a qemu-kvm issue (as I haven't been able to get this to
work), but no longer get kernel issues.

Is this likely due to kernel updates?
Comment 5 Bug Zapper 2008-05-14 01:55:12 EDT
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 6 Mark McLoughlin 2008-11-11 12:28:16 EST
Re-assigning kvm.ko bugs to the kvm package for easier tracking
Comment 7 Chris Lalancette 2009-03-02 07:56:41 EST
Can you give a complete qemu-kvm command-line that you are using?  I briefly tried to reproduce this (admittedly, on F-10), but was unable to do so.  That being said, there may be some difference with what I tried and what you were using, so a complete command-line would be helpful.

Thanks,
Chris Lalancette
Comment 8 Tom London 2009-03-02 10:50:03 EST
Uhhh....  I'm running rawhide now.

Attempting to recreate this with 

kvm-84-2.fc11.x86_64
kernel-2.6.29-0.176.rc6.git5.fc11.x86_64

Yield different (but not successful) results.

I'll try to detail and if appropriate create a new BZ, if that is agreeable.

[I've long ago given up on smb... I now use ssh....]
Comment 9 Mark McLoughlin 2009-03-20 12:45:53 EDT
Hmm, sounds like this problem has gone away in F11 or changed a little? Closing as fixed in rawhide, please re-open this if you can reproduce or file new bugs if it breaks in different ways. Thanks

Note You need to log in before you can comment on or make changes to this bug.