On Mon, 2011-09-26 at 19:21 +0300, Avi Kivity wrote: > On 09/26/2011 05:54 PM, Pekka Enberg wrote: > > On Mon, 26 Sep 2011, Asias He wrote: > >> $ ./kvm run -n mode=tap > >> > >> > >> [ 1.490781] registered taskstats version 1 > >> [ 1.492781] BUG: unable to handle kernel NULL pointer dereference at > >> 0000001c > >> [ 1.493781] IP: [<c14f3236>] virtnet_poll+0x16e/0x408 > >> [ 1.493781] *pde = 00000000 > >> [ 1.493781] Oops: 0000 [#1] PREEMPT SMP > >> [ 1.493781] Modules linked in: > >> [ 1.493781] > >> [ 1.493781] Pid: 1, comm: swapper Tainted: G W 3.1.0-rc3+ > >> #77 > >> [ 1.493781] EIP: 0060:[<c14f3236>] EFLAGS: 00010286 CPU: 1 > >> [ 1.493781] EIP is at virtnet_poll+0x16e/0x408 > >> [ 1.493781] EAX: 00001000 EBX: db4bb0c0 ECX: db7cd778 EDX: 00001000 > >> [ 1.493781] ESI: 00000000 EDI: db7cd6c0 EBP: db487fa8 ESP: db487f64 > >> [ 1.493781] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 > >> [ 1.493781] Process swapper (pid: 1, ti=db486000 task=db450000 > >> task.ti=db458000) > >> [ 1.493781] Stack: > >> [ 1.493781] db487f98 19dfb000 db5e1400 00000080 c1b0df60 db6ff000 > >> 00000000 00000010 > >> [ 1.493781] 00000080 dbcebfe0 db5e1414 db5e1000 ffffffff fffec005 > >> db5e1414 db906dc0 > >> [ 1.493781] c1a39a0c db487fd4 c15e4869 fffb71f7 db906dc8 00000080 > >> 0000012c 00000000 > >> [ 1.493781] Call Trace: > >> [ 1.493781] [<c15e4869>] net_rx_action+0x8e/0x177 > >> [ 1.493781] [<c1066128>] __do_softirq+0xa7/0x158 > >> [ 1.493781] [<c1066081>] ? __tasklet_hi_schedule_first+0x2b/0x2b > >> [ 1.493781] <IRQ> > >> [ 1.493781] [<c1065e82>] ? _local_bh_enable_ip.isra.9+0x65/0x86 > >> [ 1.493781] [<c1065eab>] ? local_bh_enable_ip+0x8/0xa > >> [ 1.493781] [<c16a7a78>] ? _raw_spin_unlock_bh+0x18/0x1a > >> [ 1.493781] [<c15e59c5>] ? dev_set_rx_mode+0x22/0x26 > >> [ 1.493781] [<c15e5a5f>] ? __dev_open+0x96/0xa6 > >> [ 1.493781] [<c15e5c23>] ? __dev_change_flags+0x97/0x10e > >> [ 1.493781] [<c15e5cfe>] ? dev_change_flags+0x13/0x3f > >> [ 1.493781] [<c1acfe6f>] ? ip_auto_config+0x160/0xcf8 > >> [ 1.493781] [<c1393c86>] ? extract_entropy+0x45/0x71 > >> [ 1.493781] [<c1059e35>] ? get_parent_ip+0xb/0x31 > >> [ 1.493781] [<c16aa6b7>] ? sub_preempt_count+0x7c/0x89 > >> [ 1.493781] [<c16a7d24>] ? _raw_spin_unlock+0x1c/0x27 > >> [ 1.493781] [<c1629173>] ? > >> tcp_set_default_congestion_control+0x8c/0x95 > >> [ 1.493781] [<c1001159>] ? do_one_initcall+0x71/0x114 > >> [ 1.493781] [<c1acfd0f>] ? root_nfs_parse_addr+0x91/0x91 > >> [ 1.493781] [<c1a9c7ab>] ? kernel_init+0xab/0x11d > >> [ 1.493781] [<c1a9c700>] ? start_kernel+0x301/0x301 > >> [ 1.493781] [<c16acfb6>] ? kernel_thread_helper+0x6/0xd > >> [ 1.493781] Code: 89 d8 e8 23 94 0e 00 8b 4d dc 89 c7 f3 a4 8b 55 dc > >> 8b 4d d8 29 55 f0 8b 75 e0 01 d1 eb 13 8d 45 f0 89 f2 50 89 d8 e8 ae f2 > >> ff ff <8b> 76 1c 31 c9 58 83 7d f0 00 75 e7 85 f6 89 75 e0 0f 84 6e 02 > >> [ 1.493781] EIP: [<c14f3236>] virtnet_poll+0x16e/0x408 SS:ESP > >> 0068:db487f64 > >> [ 1.493781] CR2: 000000000000001c > >> [ 1.549772] ---[ end trace 4eaa2a86a8e2da27 ]--- > >> [ 1.550772] Kernel panic - not syncing: Fatal exception in interrupt > >> [ 1.551772] Pid: 1, comm: swapper Tainted: G D W 3.1.0-rc3+ > >> #77 > >> [ 1.553771] Call Trace: > >> [ 1.553771] [<c169ca33>] panic+0x58/0x156 > >> [ 1.554771] [<c16a921a>] oops_end+0x8c/0x9b > >> [ 1.555771] [<c169c4e7>] no_context+0x116/0x120 > >> [ 1.555771] [<c169c5e1>] __bad_area_nosemaphore+0xf0/0xf8 > >> [ 1.557771] [<c169c5f6>] bad_area_nosemaphore+0xd/0x10 > >> [ 1.558771] [<c16aa4b5>] do_page_fault+0x174/0x2fa > >> [ 1.559770] [<c107bad0>] ? sched_clock_local+0x10/0x14b > >> [ 1.560770] [<c15db33f>] ? __netdev_alloc_skb+0x17/0x34 > >> [ 1.561770] [<c10e9b84>] ? __kmalloc_track_caller+0xb7/0xc7 > >> [ 1.563770] [<c15db33f>] ? __netdev_alloc_skb+0x17/0x34 > >> [ 1.564770] [<c16aa341>] ? spurious_fault+0xa8/0xa8 > >> [ 1.565770] [<c16a89d6>] error_code+0x5a/0x60 > >> [ 1.566769] [<c16aa341>] ? spurious_fault+0xa8/0xa8 > >> [ 1.567769] [<c14f3236>] ? virtnet_poll+0x16e/0x408 > >> [ 1.567769] [<c15e4869>] net_rx_action+0x8e/0x177 > >> [ 1.568769] [<c1066128>] __do_softirq+0xa7/0x158 > >> [ 1.569769] [<c1066081>] ? __tasklet_hi_schedule_first+0x2b/0x2b > >> [ 1.569769] <IRQ> [<c1065e82>] ? > >> _local_bh_enable_ip.isra.9+0x65/0x86 > >> [ 1.570769] [<c1065eab>] ? local_bh_enable_ip+0x8/0xa > >> [ 1.571769] [<c16a7a78>] ? _raw_spin_unlock_bh+0x18/0x1a > >> [ 1.571769] [<c15e59c5>] ? dev_set_rx_mode+0x22/0x26 > >> [ 1.572768] [<c15e5a5f>] ? __dev_open+0x96/0xa6 > >> [ 1.573768] [<c15e5c23>] ? __dev_change_flags+0x97/0x10e > >> [ 1.573768] [<c15e5cfe>] ? dev_change_flags+0x13/0x3f > >> [ 1.574768] [<c1acfe6f>] ? ip_auto_config+0x160/0xcf8 > >> [ 1.574768] [<c1393c86>] ? extract_entropy+0x45/0x71 > >> [ 1.575768] [<c1059e35>] ? get_parent_ip+0xb/0x31 > >> [ 1.576768] [<c16aa6b7>] ? sub_preempt_count+0x7c/0x89 > >> [ 1.576768] [<c16a7d24>] ? _raw_spin_unlock+0x1c/0x27 > >> [ 1.577768] [<c1629173>] ? > >> tcp_set_default_congestion_control+0x8c/0x95 > >> [ 1.578768] [<c1001159>] ? do_one_initcall+0x71/0x114 > >> [ 1.578768] [<c1acfd0f>] ? root_nfs_parse_addr+0x91/0x91 > >> [ 1.579767] [<c1a9c7ab>] ? kernel_init+0xab/0x11d > >> [ 1.580767] [<c1a9c700>] ? start_kernel+0x301/0x301 > >> [ 1.581767] [<c16acfb6>] ? kernel_thread_helper+0x6/0xd > >> [ 1.582767] Rebooting in 1 seconds.. > >> # KVM session ended normally. > > > > This needs fixing before I can apply the patch, right? > > Looks like a guest kernel bug, no? It's a kernel bug and should be fixed there, but it's caused by us not passing sane values to virtio-net, which we can fix on our side as well. So my plan is to prevent triggering it from within kvm tools while working on a kernel patch. -- Sasha. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html