[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Saving a guest crashes dom0

  • To: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxx>
  • From: Paul Durrant <Paul.Durrant@xxxxxxxxxx>
  • Date: Wed, 18 May 2016 14:23:14 +0000
  • Accept-language: en-GB, en-US
  • Delivery-date: Wed, 18 May 2016 14:23:57 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>
  • Thread-index: AQHRsQzIRLZodwJZZEO0zRk9CQc9lJ++vgVggAABJXA=
  • Thread-topic: Saving a guest crashes dom0
> -----Original Message-----
> From: Paul Durrant
> Sent: 18 May 2016 15:18
> To: 'Boris Ostrovsky'; xen-devel
> Subject: RE: Saving a guest crashes dom0
> 
> > -----Original Message-----
> > From: Boris Ostrovsky [mailto:boris.ostrovsky@xxxxxxxxxx]
> > Sent: 18 May 2016 14:54
> > To: xen-devel; Paul Durrant
> > Subject: Saving a guest crashes dom0
> >
> > Saving a guest (xl save) crashes dom0, log below.
> >
> > Paul, this seems to be happening in the code that you modified
> > recently.  If you don't have time I can look at this but it will
> > probably have to wait until tomorrow.
> >
> 
> No, this looks problematic, I'll look now... What was the guest?
> 

Never mind. I see the problem. Disconnection of the control ring is done 
regardless of whether a control ring was connected and the hash deinit is not 
adequately protected. I'll come up with a patch.

  Paul

>   Paul
> 
> >
> > -boris
> >
> >
> > [  176.347760] BUG: unable to handle kernel NULL pointer dereference at
> > 0000000000000008
> > [  176.347780] IP: [<ffffffff815b426f>] xenvif_flush_hash+0x6f/0xd0
> > [  176.347791] PGD 563f067 PUD 54b1067 PMD 0
> > [  176.347798] Oops: 0000 [#1] SMP
> > [  176.347803] Modules linked in: dm_multipath dm_mod xen_evtchn
> > iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
> > libcrc32c crc32c_generic crc32c_intel sg sr_mod cdrom sd_mod ahci
> > libahci libata scsi_mod i915 e1000e video backlight wmi tpm_tis
> > xen_blkfront xen_netfront xenfs xen_privcmd
> > [  176.347840] CPU: 1 PID: 26 Comm: xenwatch Not tainted
> > 4.6.0upstream-03623-g0b7962a-dirty #1
> > [  176.347845] Hardware name: LENOVO ThinkServer TS130/        , BIOS
> > 9HKT47AUS 01/10/2012
> > [  176.347850] task: ffff880037e22140 ti: ffff880037e40000 task.ti:
> > ffff880037e40000
> > [  176.347855] RIP: e030:[<ffffffff815b426f>]  [<ffffffff815b426f>]
> > xenvif_flush_hash+0x6f/0xd0
> > [  176.347862] RSP: e02b:ffff880037e43cb8  EFLAGS: 00010017
> > [  176.347866] RAX: ffff880006190250 RBX: ffff88000619f840 RCX:
> > 0000000000000000
> > [  176.347870] RDX: 0000000000000001 RSI: ffffffff81215ce0 RDI:
> > ffff88000619fad0
> > [  176.347875] RBP: ffff880037e43d28 R08: 0000000000000040 R09:
> > 0000000000000040
> > [  176.347879] R10: 0000000000000040 R11: 0000000000000001 R12:
> > ffff88000619fad0
> > [  176.347883] R13: 0000000000000000 R14: ffff88000619fad8 R15:
> > ffff880037e43cd8
> > [  176.347892] FS:  00007f3fa46cb710(0000) GS:ffff88003de80000(0000)
> > knlGS:0000000000000000
> > [  176.347927] CS:  e033 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [  176.347930] CR2: 0000000000000008 CR3: 0000000006cad000 CR4:
> > 0000000000042660
> > [  176.347935] Stack:
> > [  176.347939]  000000000000003e ffff880006190250 0000000000000002
> > 000000000006c560
> > [  176.347946]  ffff88000619f850 0000000000000002 0000000000000000
> > ffffffff81476f4e
> > [  176.347952]  ffff880037e43d18 ffff88000619f840 0000000000000006
> > 0000000000000040
> > [  176.347959] Call Trace:
> > [  176.347963]  [<ffffffff81476f4e>] ? xenbus_unmap_ring_vfree+0xe/0x10
> > [  176.347968]  [<ffffffff815b42d9>] xenvif_deinit_hash+0x9/0x10
> > [  176.347973]  [<ffffffff815b315d>] xenvif_disconnect_ctrl+0x3d/0xb0
> > [  176.347977]  [<ffffffff815b27ac>] set_backend_state+0x13c/0x200
> > [  176.347982]  [<ffffffff815b2d97>] frontend_changed+0x77/0xe0
> > [  176.347987]  [<ffffffff8147afdd>] xenbus_otherend_changed+0x9d/0xa0
> > [  176.347993]  [<ffffffff8147b34b>] frontend_changed+0xb/0x10
> > [  176.347997]  [<ffffffff81478de8>] xenwatch_thread+0xc8/0x190
> > [  176.348002]  [<ffffffff810f8940>] ? woken_wake_function+0x10/0x10
> > [  176.348008]  [<ffffffff817d0b42>] ? schedule+0x42/0xb0
> > [  176.348013]  [<ffffffff817d4305>] ?
> > _raw_spin_unlock_irqrestore+0x15/0x20
> > [  176.348017]  [<ffffffff81478d20>] ? join+0x60/0x60
> > [  176.348022]  [<ffffffff810d7c02>] kthread+0xd2/0xf0
> > [  176.348027]  [<ffffffff810df561>] ? finish_task_switch+0x91/0x220
> > [  176.348032]  [<ffffffff810e2359>] ? schedule_tail+0x19/0xd0
> > [  176.348036]  [<ffffffff817d49bf>] ret_from_fork+0x1f/0x40
> > [  176.348041]  [<ffffffff810d7b30>] ?
> > kthread_freezable_should_stop+0x80/0x80
> > [  176.348045] Code: 90 02 00 00 4c 8d b3 98 02 00 00 4c 89 e7 e8 59 03
> > 22 00 4c 8b ab 98 02 00 00 48 89 45 98 4d 39 f5 4c 89 6d c0 74 48 4c 8d
> > 7d b0 <49> 8b 55 08 49 8b 45 00 48 bf 00 02 00 00 00 00 ad de 48 c7 c6
> > [  176.348095] RIP  [<ffffffff815b426f>] xenvif_flush_hash+0x6f/0xd0
> > [  176.348101]  RSP <ffff880037e43cb8>
> > [  176.348103] CR2: 0000000000000008
> > [  176.348108] ---[ end trace b58563dcb1aec61c ]---
> > [  176.348111] Kernel panic - not syncing: Fatal exception
> > [  176.348117] Kernel Offset: disabled
> > (XEN) [2016-05-18 13:06:05] Hardware Dom0 crashed: rebooting machine in
> > 5 seconds.
> > (XEN) [2016-05-18 13:06:10] Resetting with ACPI MEMORY or I/O
> RESET_REG.
> >

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.