lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 17 Mar 2010 10:14:50 +0800
From:	"Hao, Xudong" <xudong.hao@...el.com>
To:	"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
CC:	Avi Kivity <avi@...hat.com>
Subject: host panic based on kernel 2.6.34-RC1

Hi, all

I installed a latest kvm based on kernel 2.6.34-rc1, after I load kvm kvm_intel module, and start /etc/init.d/kvm, a few minutes later, the system will panic. The panic is easy to reproduce when I use tcpdump in host.
However, if I stop /etc/init.d/kvm, everything is OK, host works fine. Does anyone met similar issue? any hint?

Host-kernel: 2.6.34-rc1
kvm commit: bb527ef62280e127a8914ba365a3abd3b47acac0
qemu-kvm commit:69dd59a66aaf56d1e8e4c96d0a0923c9cf8f79a0

vt-dp8 login: BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
IP: [<ffffffffa053cb9e>] br_mdb_ip_get+0x0/0xa5 [bridge]
PGD 21a521067 PUD 21b213067 PMD 0 
Oops: 0000 [#1] SMP 
last sysfs file: /sys/class/net/sw3/ifindex
CPU 6 
Modules linked in: kvm_intel kvm nfs fscache bridge stp nfsd lockd nfs_acl auth_rpcgss exportfs autofs4 hidp rfcomm l2cap crc16 bluetooth rfkill sunrpc ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr ipv6 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi acpi_cpufreq dm_mirror dm_region_hash dm_log dm_multipath dm_mod video output sbs sbshc battery acpi_memhotplug ac lp sg ide_cd_mod cdrom serio_raw floppy parport_pc parport rtc_cmos rtc_core rtc_lib button e1000 firewire_ohci firewire_core crc_itu_t igb snd_hda_codec_realtek e1000e i2c_i801 i2c_core snd_hda_intel snd_hda_codec snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore snd_page_alloc shpchp pcspkr aacraid ahci ata_piix libata sd_mod scsi_mod ext3 jbd ehci_hcd ohci_hcd uhci_hcd [last unloaded: kvm]

Pid: 0, comm: swapper Not tainted 2.6.34-rc1 #1 X7DWA/X7DWA
RIP: 0010:[<ffffffffa053cb9e>]  [<ffffffffa053cb9e>] br_mdb_ip_get+0x0/0xa5 [bridge]
RSP: 0018:ffff880001d83af8  EFLAGS: 00010246
RAX: ffff88021153c000 RBX: 0000000000000000 RCX: ffff880001d83ba0
RDX: ffff880229e27e00 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff880221eb1680 R08: 00000000ffe80017 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff880211582044
R13: ffff88021153c5c0 R14: ffff880221eb1680 R15: ffff880211582000
FS:  0000000000000000(0000) GS:ffff880001d80000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000028 CR3: 000000021c8c5000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process swapper (pid: 0, threadinfo ffff88022f182000, task ffff88022f17b320)
Stack:
 ffffffffa053dc2b ffff880001d83be0 ffff880229e27e00 00000014c6d310ac
<0> 0000000000000014 ffff880221eb1680 ffffffff81606840 ffff88021153c007
<0> ffffffffa05379e9 ffff88021153cfe8 ffff880221eb1680 ffff880229e27e00
Call Trace:
 <IRQ> 
 [<ffffffffa053dc2b>] ? br_multicast_rcv+0x6ba/0x809 [bridge]
 [<ffffffffa05379e9>] ? br_handle_frame_finish+0x0/0x1b7 [bridge]
 [<ffffffffa0537a4a>] ? br_handle_frame_finish+0x61/0x1b7 [bridge]
 [<ffffffffa053c02a>] ? br_nf_pre_routing_finish+0x2b2/0x2cf [bridge]
 [<ffffffffa053bd78>] ? br_nf_pre_routing_finish+0x0/0x2cf [bridge]
 [<ffffffff81264c3a>] ? nf_hook_slow+0x61/0xc4
 [<ffffffffa053bd78>] ? br_nf_pre_routing_finish+0x0/0x2cf [bridge]
 [<ffffffffa053c84e>] ? br_nf_pre_routing+0x619/0x633 [bridge]
 [<ffffffff81264b9d>] ? nf_iterate+0x41/0x7d
 [<ffffffffa05379e9>] ? br_handle_frame_finish+0x0/0x1b7 [bridge]
 [<ffffffff81264c3a>] ? nf_hook_slow+0x61/0xc4
 [<ffffffffa05379e9>] ? br_handle_frame_finish+0x0/0x1b7 [bridge]
 [<ffffffffa0537d49>] ? br_handle_frame+0x1a9/0x1d0 [bridge]
 [<ffffffff81247d10>] ? netif_receive_skb+0x39b/0x4a9
 [<ffffffff8124807d>] ? dev_gro_receive+0x120/0x235
 [<ffffffff81247e98>] ? napi_skb_finish+0x1c/0x30
 [<ffffffffa023fece>] ? igb_poll+0x7df/0xb32 [igb]
 [<ffffffff8124a3cd>] ? net_rx_action+0xac/0x160
 [<ffffffff81044d93>] ? hrtimer_run_queues+0xed/0x193
 [<ffffffff81034f7f>] ? __do_softirq+0x96/0x119
 [<ffffffff8100370c>] ? call_softirq+0x1c/0x28
 [<ffffffff81004c41>] ? do_softirq+0x31/0x64
 [<ffffffff81004328>] ? do_IRQ+0xa7/0xbd
 [<ffffffff812ce653>] ? ret_from_intr+0x0/0xa
 <EOI> 
 [<ffffffff810093f4>] ? mwait_idle+0x55/0x58
 [<ffffffff810019ae>] ? cpu_idle+0x40/0x5e
Code: 00 00 48 8d bb 30 0a 00 00 89 ee e8 5c fd ff ff 85 c0 89 c1 75 dd eb 05 b9 ea ff ff ff 41 fe 04 24 5a 5b 5d 41 5c 41 5d 89 c8 c3 <8b> 47 28 41 89 f0 29 f0 c1 ee 0d 31 c6 b8 b9 79 37 9e 44 29 c0 
RIP  [<ffffffffa053cb9e>] br_mdb_ip_get+0x0/0xa5 [bridge]
 RSP <ffff880001d83af8>
CR2: 0000000000000028
---[ end trace 675a4009fe1b21fa ]---
Kernel panic - not syncing: Fatal exception in interrupt
Pid: 0, comm: swapper Tainted: G      D    2.6.34-rc1 #1
Call Trace:
 <IRQ>  [<ffffffff8103062b>] ? panic+0x85/0xfa
 [<ffffffff812cf2b8>] ? oops_end+0x61/0xad
 [<ffffffff812ce653>] ? ret_from_intr+0x0/0xa
 [<ffffffff811437da>] ? delay_tsc+0x0/0x4b
 [<ffffffff81031a31>] ? kmsg_dump+0x99/0x12a
 [<ffffffff812cf2f7>] ? oops_end+0xa0/0xad
 [<ffffffff8101eee8>] ? no_context+0x1f4/0x203
 [<ffffffff81026032>] ? activate_task+0x22/0x28
 [<ffffffff812ce85f>] ? page_fault+0x1f/0x30
 [<ffffffffa053cb9e>] ? br_mdb_ip_get+0x0/0xa5 [bridge]
 [<ffffffffa053dc2b>] ? br_multicast_rcv+0x6ba/0x809 [bridge]
 [<ffffffffa05379e9>] ? br_handle_frame_finish+0x0/0x1b7 [bridge]
 [<ffffffffa0537a4a>] ? br_handle_frame_finish+0x61/0x1b7 [bridge]
 [<ffffffffa053c02a>] ? br_nf_pre_routing_finish+0x2b2/0x2cf [bridge]
 [<ffffffffa053bd78>] ? br_nf_pre_routing_finish+0x0/0x2cf [bridge]
 [<ffffffff81264c3a>] ? nf_hook_slow+0x61/0xc4
 [<ffffffffa053bd78>] ? br_nf_pre_routing_finish+0x0/0x2cf [bridge]
 [<ffffffffa053c84e>] ? br_nf_pre_routing+0x619/0x633 [bridge]
 [<ffffffff81264b9d>] ? nf_iterate+0x41/0x7d
 [<ffffffffa05379e9>] ? br_handle_frame_finish+0x0/0x1b7 [bridge]
 [<ffffffff81264c3a>] ? nf_hook_slow+0x61/0xc4
 [<ffffffffa05379e9>] ? br_handle_frame_finish+0x0/0x1b7 [bridge]
 [<ffffffffa0537d49>] ? br_handle_frame+0x1a9/0x1d0 [bridge]
 [<ffffffff81247d10>] ? netif_receive_skb+0x39b/0x4a9
 [<ffffffff8124807d>] ? dev_gro_receive+0x120/0x235
 [<ffffffff81247e98>] ? napi_skb_finish+0x1c/0x30
 [<ffffffffa023fece>] ? igb_poll+0x7df/0xb32 [igb]
 [<ffffffff8124a3cd>] ? net_rx_action+0xac/0x160
 [<ffffffff81044d93>] ? hrtimer_run_queues+0xed/0x193
 [<ffffffff81034f7f>] ? __do_softirq+0x96/0x119
 [<ffffffff8100370c>] ? call_softirq+0x1c/0x28
 [<ffffffff81004c41>] ? do_softirq+0x31/0x64
 [<ffffffff81004328>] ? do_IRQ+0xa7/0xbd
 [<ffffffff812ce653>] ? ret_from_intr+0x0/0xa
 <EOI>  [<ffffffff810093f4>] ? mwait_idle+0x55/0x58
 [<ffffffff810019ae>] ? cpu_idle+0x40/0x5e

Best Regards,
Xudong Hao
Download attachment "panic" of type "application/octet-stream" (31838 bytes)

Download attachment "config-2.6.34-rc1" of type "application/octet-stream" (86348 bytes)

Powered by blists - more mailing lists