976996 – KVM - reboot inside vm crashes host

Bug 976996 - KVM - reboot inside vm crashes host

Summary: KVM - reboot inside vm crashes host

Keywords:
Status:	CLOSED DUPLICATE of bug 976789
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	19
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Kernel Maintainer List
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-06-22 11:20 UTC by Andre Naehring
Modified:	2013-06-24 09:02 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-06-24 08:56:11 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
/var/log/messages shortened to corresponding messages (40.89 KB, text/plain) 2013-06-24 08:45 UTC, Andre Naehring	no flags	Details
View All

Description Andre Naehring 2013-06-22 11:20:15 UTC

Description of problem:

Running a simple "reboot" inside a virtual machine (kvm, x64) crashes the host with kernel 3.9.6. With 3.9.2 the error does not occur. Problem is reproducable,

Version-Release number of selected component (if applicable):

kernel 3.9.6

How reproducible:


Steps to Reproduce:
1. create a vm guest with kvm 
2. initiate reboot inside the vm

Actual results:

Host crashes

Expected results:

VM should reboot

Additional info:

The error is reproducable with kernel 3.9.6. WIth 3.9.2 everything works fine.

Comment 1 Andrew Jones 2013-06-24 06:51:56 UTC

As this is reproducible for you, can you please reproduce it and then grab the backtrace from the host's console?

thanks,
drew

Comment 2 Andre Naehring 2013-06-24 08:43:56 UTC

Hello Drew,

there is no backtrace on the console. The system simply feels frozen without any further action or report. 

But I found the message you wanted in /var/log/messages, so it looks like the system is reporting but not usable. I'll attach the shortened /var/log/messages.

Comment 3 Andre Naehring 2013-06-24 08:45:34 UTC

Created attachment 764518 [details]
/var/log/messages shortened to corresponding messages

Comment 4 Andrew Jones 2013-06-24 08:56:11 UTC

Thanks. Dupping this to 976789, which may be a dup of 972715. One more question though. Was ksmtuned active?

Pasting backtrace below for easier reference.

BUG: unable to handle kernel paging request at 00000035fde9c000
 IP: [<ffffffff81164382>] anon_vma_chain_link+0x12/0x40
 PGD 37263067 PUD 3724b067 PMD 372ba067 PTE 8000000109de5025
 Oops: 0003 [#1] SMP 
 Modules linked in: vhost_net macvtap macvlan fuse ebtable_nat xt_CHECKSUM tun bridge stp llc rfcomm bnep nf_conntrack_netbios_ns nf_conntrack_broadcast ipt_MASQUERADE ip6table_nat nf_nat_ipv6 ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 iptable_nat nf_nat_ipv4 nf_nat iptable_mangle nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ebtable_filter ebtables ip6table_filter ip6_tables arc4 iwldvm mac80211 acpi_cpufreq mperf coretemp kvm_intel kvm snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm snd_page_alloc snd_timer iwlwifi cfg80211 btusb bluetooth thinkpad_acpi rfkill usblp iTCO_wdt iTCO_vendor_support garmin_gps i2c_i801 microcode tpm_tis tpm tpm_bios snd soundcore uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_core videodev media cdc_mbim cdc_ncm usbnet mii cdc_wdm cdc_acm sdhci_pci e1000e lpc_ich sdhci mfd_core mmc_core ptp pps_core mei wmi uinput dm_crypt hid_logitech_dj crc32_pclmul crc32c_intel i915 ghash_clmulni_intel i2c_algo_bit drm_kms_helper drm i2c_core video
 CPU 1 
 Pid: 1152, comm: Xorg Not tainted 3.9.6-301.fc19.x86_64 #1 LENOVO 23252DG/23252DG
 RIP: 0010:[<ffffffff81164382>]  [<ffffffff81164382>] anon_vma_chain_link+0x12/0x40
 RSP: 0018:ffff880037211d58  EFLAGS: 00010246
 RAX: ffff880115c2b3c8 RBX: 00000035fde9c000 RCX: ffff880037211fd8
 RDX: ffff880115c2b3c0 RSI: 00000035fde9c000 RDI: ffff88004dbf8450
 RBP: ffff880037211d68 R08: 0000000000016d60 R09: ffffffff81166049
 R10: ffff88011e5e86c0 R11: 000000000000000e R12: ffff880115c2b3c0
 R13: ffff880115c2b3c0 R14: ffff880115c2b3c0 R15: 00000035fde9c000
 FS:  00007f95f89c2980(0000) GS:ffff88011e240000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 00000035fde9c000 CR3: 0000000037260000 CR4: 00000000001427e0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
 Process Xorg (pid: 1152, threadinfo ffff880037210000, task ffff8801074f5dc0)
 Stack:
  ffff880115c2b3c0 ffff880106025dc0 ffff880037211db0 ffffffff81166082
  ffff880115ae3a88 ffff88004dbf8450 ffff880115ae3a10 0000000000000000
  ffff880115ae3a10 ffff88004dbf8450 ffff88004dbf8450 ffff880037211de8
 Call Trace:
  [<ffffffff81166082>] anon_vma_clone+0x82/0x140
  [<ffffffff8116616e>] anon_vma_fork+0x2e/0x100
  [<ffffffff8105a536>] dup_mm+0x266/0x660
  [<ffffffff8105b33d>] copy_process.part.24+0x9dd/0x13d0
  [<ffffffff8105be2d>] do_fork+0xad/0x330
  [<ffffffff8105c136>] sys_clone+0x16/0x20
  [<ffffffff8164edf9>] stub_clone+0x69/0x90
  [<ffffffff8164ea99>] ? system_call_fastpath+0x16/0x1b
 Code: d5 b8 f4 ff ff ff 45 31 e4 eb cb 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 55 48 89 e5 41 54 49 89 d4 53 48 89 f3 <48> 89 3e 48 89 53 08 48 8b 57 78 48 8d 77 78 48 8d 7b 10 e8 66 
 RIP  [<ffffffff81164382>] anon_vma_chain_link+0x12/0x40
  RSP <ffff880037211d58>
 CR2: 00000035fde9c000
 ---[ end trace 02770f2010b18c43 ]---

*** This bug has been marked as a duplicate of bug 976789 ***

Comment 5 Andre Naehring 2013-06-24 09:02:27 UTC

(In reply to Andrew Jones from comment #4)
> Thanks. Dupping this to 976789, which may be a dup of 972715. One more
> question though. Was ksmtuned active?

No, not running.

Note You need to log in before you can comment on or make changes to this bug.