Public bug reported:

Environment:
------------
Host OS (ia32/ia32e/IA64):ia32e
Guest OS (ia32/ia32e/IA64):ia32e
Guest OS Type (Linux/Windows):Linux
kvm.git Commit:e11ae1a102b46f76441e328a2743ae5d6e201423
qemu-kvm Commit:4d9367b76f71c6d938cf8201392abe4bfb1136cb
Host Kernel Version:3.7.0
Hardware:Romley-EP, WSM-EP


Bug detailed description:
--------------------------
When writing date to remote filesystem (e.g. NFS) and compiling kernel in a 
guest, the guest will hang occasionally.
This can't be reproduced every time.


Reproduce steps:
----------------
1. star a guest: qemu-system-x86_64 -m 4096 -smp 4 -drive 
file=rhel6u3-b.img,if=virtio -net nic,macaddr=00:16:13:52:24:11 -net tap 
2. in guest:      mount my-nfs:/temp /mnt
3. do kernel build and write some data in /mnt dir 


Current result:
----------------
host serial port will print “call trace”message 

Expected result:
----------------
Guest work fine.

Basic root-causing log:
----------------------
(some log in the host side)
INFO: rcu_sched self-detected stall on CPU { 7}  (t=21000 jiffies g=6506 c=6505
q=803)
sending NMI to all CPUs:
NMI backtrace for cpu 7
CPU 7 
Pid: 10664, comm: qemu-system-x86 Tainted: P             3.7.0 #2 Intel
Corporation S2600CP/S2600CP
RIP: 0010:[<ffffffff8121d28b>]  [<ffffffff8121d28b>] find_next_bit+0x3f/0x9d
RSP: 0018:ffff88043f6e3ce8  EFLAGS: 00000006
RAX: 00000000ff00fe00 RBX: ffff88083f20cdd0 RCX: 0000000000000009
RDX: 0000000000000009 RSI: 00000000000000ff RDI: 00000000000000ff
RBP: ffff88043f6e3ce8 R08: 0000000000000000 R09: ffff88043f6ecdf0
R10: 0000000000000004 R11: 0000000000000000 R12: ffff88043f6ecdf0
R13: 000000000000cdc0 R14: 000000000000cdd0 R15: 0000000000000002
FS:  00007fda02753700(0000) GS:ffff88043f6e0000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000031db8df760 CR3: 000000042c82d000 CR4: 00000000000427e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process qemu-system-x86 (pid: 10664, threadinfo ffff88042b310000, task
ffff880424d03800)
Stack:
 ffff88043f6e3d08 ffffffff81210366 ffff88043f6ecdf0 0000000000000008
 ffff88043f6e3d78 ffffffff81022a57 ffff88043f6e3f48 7fffffff00020001
 0000000000000007 00080000813fe374 ffff88083f20cdd0 0000000000000096
Call Trace:
 <IRQ> 
 [<ffffffff81210366>] cpumask_next_and+0x2c/0x39
 [<ffffffff81022a57>] __x2apic_send_IPI_mask+0xa9/0x129
 [<ffffffff81022aee>] x2apic_send_IPI_all+0x17/0x19
 [<ffffffff8101fdc0>] arch_trigger_all_cpu_backtrace+0x52/0x8a
 [<ffffffff8109e683>] print_cpu_stall+0xcc/0x15b
 [<ffffffff8109e989>] __rcu_pending+0x5d/0x166
 [<ffffffff8109eb62>] rcu_check_callbacks+0xd0/0x132
 [<ffffffff8103fd16>] update_process_times+0x3c/0x72
 [<ffffffff81074770>] tick_sched_handle+0x45/0x54
 [<ffffffff8107492c>] tick_sched_timer+0x58/0x77
 [<ffffffff81051eee>] __run_hrtimer+0xd6/0x161
 [<ffffffff810748d4>] ? tick_nohz_handler+0xab/0xab
 [<ffffffff81039144>] ? __do_softirq+0x182/0x1b4
 [<ffffffff810522a5>] hrtimer_interrupt+0xce/0x1b0
 [<ffffffff8101f9a9>] smp_apic_timer_interrupt+0x81/0x94
 [<ffffffff81407d4a>] apic_timer_interrupt+0x6a/0x70
 <EOI> 
 [<ffffffff813622a2>] ? skb_flow_dissect+0xca/0x33c
 [<ffffffff81358107>] ? sock_alloc_send_pskb+0x10d/0x337
 [<ffffffff8135f622>] ? skb_copy_datagram_from_iovec+0x58/0x20f
 [<ffffffff81365fe2>] __skb_get_rxhash+0x15/0xc0
 [<ffffffffa02e04c5>] tun_get_user+0x471/0x4e8 [tun]
 [<ffffffffa02e05ac>] ? tun_sendmsg+0x70/0x70 [tun]
 [<ffffffffa02e0627>] tun_chr_aio_write+0x7b/0x93 [tun]
 [<ffffffff81108cdc>] do_sync_readv_writev+0x93/0xd1
 [<ffffffff8110932d>] do_readv_writev+0xb6/0x17f
 [<ffffffff81407120>] ? ret_from_fork+0xb0/0xb0
 [<ffffffff811170de>] ? do_vfs_ioctl+0x255/0x271
 [<ffffffff81109434>] vfs_writev+0x3e/0x49
 [<ffffffff8110952e>] sys_writev+0x4f/0x9e
 [<ffffffff81407192>] system_call_fastpath+0x16/0x1b
Code: 89 d0 48 c1 e9 06 49 83 e0 c0 4c 8d 0c cf 48 89 f7 4c 29 c7 83 e2 3f 74
39 48 83 c8 ff 88 d1 48 d3 e0 49 23 01 48 83 ff 3f 76 3b <48> 85 c0 75 4f 49 83
c1 08 48 83 ef 40 49 83 c0 40 eb 14 49 8b

** Affects: qemu
     Importance: Undecided
         Status: New

** Attachment added: "host serial port log"
   
https://bugs.launchpad.net/bugs/1096814/+attachment/3476027/+files/host-serial.log

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1096814

Title:
  Guest hang when doing kernel build and writing date in guest

Status in QEMU:
  New

Bug description:
  Environment:
  ------------
  Host OS (ia32/ia32e/IA64):ia32e
  Guest OS (ia32/ia32e/IA64):ia32e
  Guest OS Type (Linux/Windows):Linux
  kvm.git Commit:e11ae1a102b46f76441e328a2743ae5d6e201423
  qemu-kvm Commit:4d9367b76f71c6d938cf8201392abe4bfb1136cb
  Host Kernel Version:3.7.0
  Hardware:Romley-EP, WSM-EP

  
  Bug detailed description:
  --------------------------
  When writing date to remote filesystem (e.g. NFS) and compiling kernel in a 
guest, the guest will hang occasionally.
  This can't be reproduced every time.

  
  Reproduce steps:
  ----------------
  1. star a guest: qemu-system-x86_64 -m 4096 -smp 4 -drive 
file=rhel6u3-b.img,if=virtio -net nic,macaddr=00:16:13:52:24:11 -net tap 
  2. in guest:      mount my-nfs:/temp /mnt
  3. do kernel build and write some data in /mnt dir 

  
  Current result:
  ----------------
  host serial port will print “call trace”message 

  Expected result:
  ----------------
  Guest work fine.

  Basic root-causing log:
  ----------------------
  (some log in the host side)
  INFO: rcu_sched self-detected stall on CPU { 7}  (t=21000 jiffies g=6506 
c=6505
  q=803)
  sending NMI to all CPUs:
  NMI backtrace for cpu 7
  CPU 7 
  Pid: 10664, comm: qemu-system-x86 Tainted: P             3.7.0 #2 Intel
  Corporation S2600CP/S2600CP
  RIP: 0010:[<ffffffff8121d28b>]  [<ffffffff8121d28b>] find_next_bit+0x3f/0x9d
  RSP: 0018:ffff88043f6e3ce8  EFLAGS: 00000006
  RAX: 00000000ff00fe00 RBX: ffff88083f20cdd0 RCX: 0000000000000009
  RDX: 0000000000000009 RSI: 00000000000000ff RDI: 00000000000000ff
  RBP: ffff88043f6e3ce8 R08: 0000000000000000 R09: ffff88043f6ecdf0
  R10: 0000000000000004 R11: 0000000000000000 R12: ffff88043f6ecdf0
  R13: 000000000000cdc0 R14: 000000000000cdd0 R15: 0000000000000002
  FS:  00007fda02753700(0000) GS:ffff88043f6e0000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 00000031db8df760 CR3: 000000042c82d000 CR4: 00000000000427e0
  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
  DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
  Process qemu-system-x86 (pid: 10664, threadinfo ffff88042b310000, task
  ffff880424d03800)
  Stack:
   ffff88043f6e3d08 ffffffff81210366 ffff88043f6ecdf0 0000000000000008
   ffff88043f6e3d78 ffffffff81022a57 ffff88043f6e3f48 7fffffff00020001
   0000000000000007 00080000813fe374 ffff88083f20cdd0 0000000000000096
  Call Trace:
   <IRQ> 
   [<ffffffff81210366>] cpumask_next_and+0x2c/0x39
   [<ffffffff81022a57>] __x2apic_send_IPI_mask+0xa9/0x129
   [<ffffffff81022aee>] x2apic_send_IPI_all+0x17/0x19
   [<ffffffff8101fdc0>] arch_trigger_all_cpu_backtrace+0x52/0x8a
   [<ffffffff8109e683>] print_cpu_stall+0xcc/0x15b
   [<ffffffff8109e989>] __rcu_pending+0x5d/0x166
   [<ffffffff8109eb62>] rcu_check_callbacks+0xd0/0x132
   [<ffffffff8103fd16>] update_process_times+0x3c/0x72
   [<ffffffff81074770>] tick_sched_handle+0x45/0x54
   [<ffffffff8107492c>] tick_sched_timer+0x58/0x77
   [<ffffffff81051eee>] __run_hrtimer+0xd6/0x161
   [<ffffffff810748d4>] ? tick_nohz_handler+0xab/0xab
   [<ffffffff81039144>] ? __do_softirq+0x182/0x1b4
   [<ffffffff810522a5>] hrtimer_interrupt+0xce/0x1b0
   [<ffffffff8101f9a9>] smp_apic_timer_interrupt+0x81/0x94
   [<ffffffff81407d4a>] apic_timer_interrupt+0x6a/0x70
   <EOI> 
   [<ffffffff813622a2>] ? skb_flow_dissect+0xca/0x33c
   [<ffffffff81358107>] ? sock_alloc_send_pskb+0x10d/0x337
   [<ffffffff8135f622>] ? skb_copy_datagram_from_iovec+0x58/0x20f
   [<ffffffff81365fe2>] __skb_get_rxhash+0x15/0xc0
   [<ffffffffa02e04c5>] tun_get_user+0x471/0x4e8 [tun]
   [<ffffffffa02e05ac>] ? tun_sendmsg+0x70/0x70 [tun]
   [<ffffffffa02e0627>] tun_chr_aio_write+0x7b/0x93 [tun]
   [<ffffffff81108cdc>] do_sync_readv_writev+0x93/0xd1
   [<ffffffff8110932d>] do_readv_writev+0xb6/0x17f
   [<ffffffff81407120>] ? ret_from_fork+0xb0/0xb0
   [<ffffffff811170de>] ? do_vfs_ioctl+0x255/0x271
   [<ffffffff81109434>] vfs_writev+0x3e/0x49
   [<ffffffff8110952e>] sys_writev+0x4f/0x9e
   [<ffffffff81407192>] system_call_fastpath+0x16/0x1b
  Code: 89 d0 48 c1 e9 06 49 83 e0 c0 4c 8d 0c cf 48 89 f7 4c 29 c7 83 e2 3f 74
  39 48 83 c8 ff 88 d1 48 d3 e0 49 23 01 48 83 ff 3f 76 3b <48> 85 c0 75 4f 49 
83
  c1 08 48 83 ef 40 49 83 c0 40 eb 14 49 8b

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1096814/+subscriptions

Reply via email to