kvm segfaults

Looks like a problem in curses.

Do you get the segfault if you leave off the -curses option?

:-Dustin

I get the exact same problem with the kvm-84 backport for Hardy. I've got a ton of these:

[9257662.920957] kvm[32576]: segfault at 29c rip 431db7 rsp 7fff34552300 error 4
[9326565.509652] kvm[21403]: segfault at 29c rip 431f87 rsp 7fff8f921710 error 4
[9326565.539824] kvm[574]: segfault at 29c rip 431f87 rsp 7fffaeff4da0 error 4
[9552622.565234] kvm[27268]: segfault at 29c rip 431f87 rsp 7fff8b9d4780 error 4
[9708621.294288] kvm[19549]: segfault at 29c rip 431f87 rsp 7fffde194f40 error 4
[9760586.598334] kvm[3009]: segfault at 29c rip 431f87 rsp 7fffc9d3a990 error 4
[9760584.171162] kvm[3013]: segfault at 29c rip 431f87 rsp 7fff798af660 error 4
[9771095.594420] kvm[697]: segfault at 29c rip 431f87 rsp 7fffe235ee10 error 4
[9771093.117852] kvm[703]: segfault at 29c rip 431f87 rsp 7fff45d7bb30 error 4
[9771205.352935] kvm[1628]: segfault at 29c rip 431f87 rsp 7fff73a0b4e0 error 4
[9771205.353095] kvm[1635]: segfault at 29c rip 431f87 rsp 7fffa2fdcd90 error 4
[9774766.320499] kvm[23869]: segfault at 29c rip 431f87 rsp 7fff6c3235b0 error 4
[9779884.735849] kvm[23940]: segfault at 29c rip 431f87 rsp 7fff78e76c70 error 4
[9779887.686334] kvm[2554]: segfault at 29c rip 431f87 rsp 7fff0509ae90 error 4
[9797955.573851] kvm[20882]: segfault at 29c rip 431f87 rsp 7fff6f8a2220 error 4
[9797952.661145] kvm[20893]: segfault at 29c rip 431f87 rsp 7fff76cb2a60 error 4
[9808209.562440] kvm[20890]: segfault at 29c rip 431f87 rsp 7fffde9ea7e0 error 4
[9816715.343731] kvm[14903]: segfault at 29c rip 431f87 rsp 7fff09dd2790 error 4
[9828895.668024] kvm[16372]: segfault at 29c rip 431f87 rsp 7fffc8cb8a70 error 4
[9828892.784692] kvm[16375]: segfault at 29c rip 431f87 rsp 7fff8edd3bc0 error 4
[9853494.092946] kvm[5473]: segfault at 29c rip 431f87 rsp 7fff81c4fa00 error 4
[9853494.206620] kvm[5464]: segfault at 29c rip 431f87 rsp 7fff24d7bbc0 error 4
[9917668.410834] kvm[28710]: segfault at 29c rip 431f87 rsp 7fff199c3f60 error 4
[9917671.202794] kvm[28722]: segfault at 29c rip 431f87 rsp 7fffc36f54a0 error 4

These are all with guests that ran perfectly under the stock Hardy kvm userspace and the kernelspace stuff from the hardy kernel.

I forgot to mention that I don't use curses. I'm VNC all the way :)

I managed to extract this backtrace.

It seems the bug is somewhere in the block layer. The segfault is caused by the IDE DMA callback being called, but the embedded IDEState is NULL. Lots of stuff has changed in the block layer since kvm-84 came out, so this might prove tricky to narrow down.

Soren Hansen, I have same thoughts because last message from guest was smth like "ad0 read dma timeout, retrying...".

Dustin Kirkland, yes, it's segfaults anyway :(

exe, did you just happen to be looking at the guest at the time of the crash or do you have a way to trigger it?

I hadn't looked at the guest when it crashed. It was just last message on serial console.

I can't trigger it.Seems it's occurs only once a boot or under heavy io load. I can't experiment with a server because it's in production environment. I will make backups soon. If problem in io-subsystem it will crash again and I will try to reproduce it in another(testing) virtual container.

Last message on serial console from guest:

=======================
FreeBSD/i386 (virt002.serv) (ttyd0)

login: ad0: TIMEOUT - READ_DMA retrying (1 retry left) LBA=194373119

virsh #
=======================
And then in dmesg:
[736228.331135] kvm[2933]: segfault at 29c ip 0000000000431859 sp 00007fffa94391e0 error 4 in kvm[400000+1e1000]

Unfortunally I cannot say how to reproduce this bug. I tried to use bonnie++ to load io-subsystem, but guest hadn't failed.

I get a segfault whenever I run a qemu-img convert, or copy a large file (over 5 GB) as root in a terminal, not to mention have firefox open and trying to surf at the same time... very annoying.

I have package in my company PPA (~linux2go) that fixes this. It includes the following upstream commits:

5f7a4ea7ad2355d17ded90c393627d38d440ab26
1f310e069d8e6c998272839aad0c6127c438c84b
2f615dfb773043e4545319d470e407ea6d4f1ecb
c48260ed4c7824dfda5b604e44af9bce182c43a7
82aa3e8ddba30f1d392f4af78bfb79f1a3b58730

These should be SRU'd into Jaunty.

Sorry, "Eucalyptus bugbot" is my alter ago.

Proposed debdiff.

For those experiencing this problem on kvm-84 on Hardy or Intrepid, I have uploaded a new package with soren's patch to the PPA.
 * https://edge.launchpad.net/~ubuntu-virt/+archive/ppa

If you are able to test that, please leave feedback here.

:-Dustin

Ugh, quite intrusive, but I agree that crashing VMs on LTSes are bad. So please upload this to -propose and give it proper testing.

On Wed, May 06, 2009 at 09:48:20AM -0000, Martin Pitt wrote:
> Ugh, quite intrusive, but I agree that crashing VMs on LTSes are bad.

This if for Jaunty, so it's not an LTS issue at the moment. However,
we're working on getting kvm-84 into shape to get it into Hardy, and
this bug is a serious blocker for that.

> So please upload this to -propose and give it proper testing.

It already there (since yesterday evening).

Thanks.

Accepted kvm into jaunty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Now, I'm nominating for Hardy and Intrepid. This fix should be included in the kvm-84 backport that I'm working on.

:-Dustin

I'm beginning to test this. I will post to this topic If it segfaults.

Installing the update from jaunty-proposed (amd64) has stopped my virtual machine from segfaulting. Before my XP virtual machine was segfaulting all the time. It would always segfault during a disk consistency check when booting up, and if I skipped that check it wouldn't take all that long before it segfaulted while I was doing things anyway. Anyway, it's working now so thank you very much for the fix. :)

With kvm 1:84+dfsg-0ubuntu12.1~ppa6 after 3 days:

ad0: TIMEOUT - WRITE_DMA retrying (1 retry left) LBA=20875903

Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 02
fault virtual address = 0xc90ecfad
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc07e1624
stack pointer = 0x28:0xe9e01c30
frame pointer = 0x28:0xe9e01c3c
code segment = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 21 (swi6: task queue)
trap number = 12
panic: page fault
cpuid = 2
Uptime: 3d17h7m41s
Cannot dump. No dump device defined.
Automatic reboot in 15 seconds - press a key on the console to abort
Rebooting...
cpu_reset: Stopping other CPUs

commit 7403b14eeb4670d54497284b110ca3e3be4a99a4
Author: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>
Date: Sat Mar 28 16:11:25 2009 +0000

    Fix DMA API when handling an immediate error from block layer (Avi Kivity)
--
commit c240b9af599d20e06a58090366be682684bd8555
Author: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>
Date: Sat Mar 28 16:11:20 2009 +0000

    Fix vectored aio bounce handling immediate errors (Avi Kivity)

Should fix this issue.

Oh-oh-oh, after a couple of unsleepy nights it seems bug https://bugs.launchpad.net/ubuntu/+source/linux/+bug/276476 triggers this problem. When all tasks are freazed in IO freebsd raises DMA timeout and then reboots soon.

Anyway I can easy trigger this problem. No solution yet :(((

oops, segfaults have returned. I migrated to kvm-85.

On Mon, Jun 22, 2009 at 3:47 AM, exe<email address hidden> wrote:
> oops, segfaults have returned. I migrated to kvm-85.

Please clarify... are you seeing the segfaults in kvm-85 or kvm-84?

:-Dustin

I saw segfaults with kvm-84.
I have built package from debian unstable. Also I've had to rebuilt libvirt as old libvirt-bin from karmic doesn't support kvm newer than 84.

Now uptime of my kvm-85 virtual machine is almost 3 days, no problems detected. Unfortunally I must reboot server soon to replace defective hdd.

Apparently I am having the same problem with KVM-62 in Ubuntu Hardy Heron server amd64 with kernel 2.6.24-19-server. At the moment it has happened a single time, but I can confirm that the VM is under heavy IO load. Even so this it is a _very_ serious problem from the moment that the VM is a productive host.

KVM start configuration:

# APS2
$KVM -hda /dev/vm/aps2-raiz -hdb /dev/vm/aps2-space \
 -hdc /dev/vm/aps2-index -hdd /dev/vm/aps2-cache -m 4096 -smp 4 \
 -net nic,vlan=0,macaddr=00:16:3E:00:00:27 -net tap -daemonize -vnc :5 -k es \
 -localtime -monitor telnet:localhost:4005,server,nowait \
 -serial telnet:localhost:4045,server,nowait

Next, I copy the lines found in /var/log/messages:

Jun 29 10:28:21 ss02 kernel: [5867223.459407] kvm[30711]: segfault at 284 rip 42ff7f rsp 7fffd9b9f580 error 4
Jun 29 10:28:21 ss02 kernel: [5867223.629174] br0: port 6(tap4) entering disabled state
Jun 29 10:28:21 ss02 kernel: [5867223.670810] device tap4 left promiscuous mode
Jun 29 10:28:21 ss02 kernel: [5867223.670819] audit(1246282101.383:100): dev=tap4 prom=0 old_prom=256 auid=4294967295
Jun 29 10:28:21 ss02 kernel: [5867223.670821] br0: port 6(tap4) entering disabled state

Hardware:

HP Proliant DL380 G5
2 x Xeon QuadCore - 2 GHz
16 GiB RAM / 1 GiB swap
Network interface: 2 x NC373i 10 / 100 / 1000
HP Smart Array E200 with 8 x 300 GB SAS - 10k / RAID 5.

The VM is running Debian GNU/Linux Lenny 5.0.2 with kernel 2.6.26-2-686 and 'pci=noacpi' kernel option in order to avoid transmit timed out from network interface which turn it inaccessible to the rest of the network. Both /var/log/messages and /var/log/syslog in the VM don't show messages of IDE DMA callback problems.

Regards,
Daniel

I'm running jaunty with everything up-to-date.

I was experiencing segfaults similar to those described in this ticket when disk I/O was high. For example, when dd'ing a raw image file to an LVM volume, when the image was about 60G, caused several kvm processes to crash.

I was able to reproduce these crashes in an interesting way:

I gave a FreeBSD VM an AoE volume, with the following command line:

/usr/bin/kvm -S -M pc -m 256 -smp 1 -name freebsd-test -uuid fa4f4230-ff42-012b-cef0-00163ec95f4c -monitor pty -boot c -drive file=/dev/mapper/vol1-freebsd--test,if=ide,index=0,boot=on -drive file=/dev/etherd/e0.1,if=ide,index=1 -net none -serial pty -parallel none -usb

Slightly prior to booting this VM, I would turn off the AoE volume where it was exported from. When FreeBSD would try to mount it, the kvm process would crash within about 30 seconds.

After installing the following ppa:

1:84+dfsg-0ubuntu12.1~rc2ppa3

I have not been able to reproduce the problem. Instead of the kvm process crashing, FreeBSD just reports a crap load of DMA errors:

[root@beta ~]# fsck /dev/ad1s1a
** /dev/ad1s1a
** Last Mounted on /backup
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
** Phase 5 - Check Cyl groups
5939 files, 145406 used, 108409 free (2713 frags, 13212 blocks, 1.1% fragmentation)
ad1: FAILURE - WRITE_DMA status=41<READY,ERROR> error=4<ABORTED> LBA=191

CANNOT WRITE BLK: 128
CONTINUE? [yn] y

ad1: FAILURE - WRITE_DMA status=41<READY,ERROR> error=4<ABORTED> LBA=191
ad1: FAILURE - WRITE_DMA status=41<READY,ERROR> error=4<ABORTED> LBA=192
ad1: FAILURE - WRITE_DMA status=41<READY,ERROR> error=4<ABORTED> LBA=193
ad1: FAILURE - WRITE_DMA status=41<READY,ERROR> error=4<ABORTED> LBA=194
ad1: FAILURE - WRITE_DMA status=41<READY,ERROR> error=4<ABORTED> LBA=195
ad1: FAILURE - WRITE_DMA status=41<READY,ERROR> error=4<ABORTED> LBA=196
ad1: FAILURE - WRITE_DMA status=41<READY,ERROR> error=4<ABORTED> LBA=197

Since I pulled the rug from under it (probably equivalent to unplugging a real hard drive if this was a physical machine), I would expect these kinda of DMA errors.

So, all in all, +1 on this PPA.

Garry Dolley, you hit another bug. As I understood, the problem is inside io. When your OS flusches dirty page all read requests are frozen. If in this time freebsd tries to read from disk via DMA-channel it fails to do that as kvm cant read from disk. So freebsd thinks that disk is broken and reports this ERROR.

Can someone please try to reproduce this with the latest (rc3) packages in:
 * https://edge.launchpad.net/~ubuntu-virt/+archive/ppa

I have backported the patch that Anthony suggested. Please let me know if this solves your problem.

:-Dustin

exe, OK. Nevertheless, the 1:84+dfsg-0ubuntu12.1~rc2ppa3 package has been more stable for me on jaunty than 1:84+dfsg-0ubuntu11.

Garry-

Could you please test the rc4 package in the PPA? I strongly believe that it should fix your segfault.

:-Dustin

I had the very same bug a few days ago with the kvm84 backport for hardy:

 Jul 4 07:54:38 toulouse kernel: [4540400.485118] kvm[23661]:
segfault at 3e9d20a9 eip 080bcbd8 esp bf9a8774 error 4

It was happening after a while under heavy network load with virtio. The latest version of the package on the ubuntu-virt ppa seems to have fixed it - no segfault since, albeit loads and loads of traffic I made to test it.

Okay, I just uploaded kvm_84+dfsg-0ubuntu12.1 to jaunty-proposed.

Please test and give feedback here. If we can get verification of the fix, then we can see this pushed to jaunty-updates.

Thanks.

:-Dustin

Uploaded kvm_84+dfsg-0ubuntu12.2_source.changes, which also fixes a minor Apport reporting bug.

Please test that in proposed and leave feedback.

:-Dustin

This bug was fixed in the package kvm - 1:84+dfsg-0ubuntu15

---------------
kvm (1:84+dfsg-0ubuntu15) karmic; urgency=low

  * Cherry-pick qcow2 corruption patch from upstream git
    - Fix-at-least-one-cause-of-qcow2-corruption.-Nolan.patch
  * Cherry-pick dma error handling patch from upstream git, LP: #359447
    - Fix-DMA-API-when-handling-an-immediate-error-from-bl.patch
  * debian/control: depend on linux-server and linux-generic headers;
    this may be a bit overkill, as you only need one of the two,
    however, we don't know which one of the two until postinst;
    because of this, we get *tons* of bug reports about kvm-source not
    being able to build because of missing headers (even though we print
    a helpful warning message in postinst), LP: #394953
  * debian/kvm-source.postinst: touch reboot-required to ensure that
    the new kvm module gets loaded and running

 -- Dustin Kirkland <email address hidden> Tue, 07 Jul 2009 14:06:52 -0500

Dustin,

rc2 in the PPA (1:84+dfsg-0ubuntu12.1~rc2ppa3) appears to have already fixed the segfault.

No segfaults in 3 days and I've applied some high disk I/O to the machine.

I can't test rc4 right away b/c rc2 is on a production machine. Once I can declare another maintenance window and reboot the machine, I'll try rc4. However, it seems the only difference between rc2 and rc4 are packaging related items, which I was able to walk through myself.

Thanks Garry. You are correct about the differences between those two
packages. Thank you for the verification.

:-Dustin

No problem! Thanks for cherry-picking those fixes and providing us a more stable kvm package.

Accepted kvm into jaunty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

I'm setting up a new jaunty box within the next few days. I will install the jaunty-proposed version of kvm and report the results.

So there's quite a list of people on this thread reporting segfault problems.

Would one of those please test the package in jaunty-proposed?

:-Dustin

Hi, Dustin.

I would like to test the backport of KVM-84 for Hardy Heron server amd64. As I commented above, I found that a KVM process of a VM with high rate of I/O terminated with segmentation fault in an installation of Hardy Heron server amd64 with KVM-62.

Adding the following lines to /etc/apt/sources.list

deb http://ppa.launchpad.net/ubuntu-virt/ppa/ubuntu hardy main
deb-src http://ppa.launchpad.net/ubuntu-virt/ppa/ubuntu hardy main

The unique reference that I found about KVM-84 is given by the following package:

# aptitude show kvm-source
Package: kvm-source
State: partially configured
Automatically installed: yes
Version: 1:84+dfsg-0ubuntu12.1~rc5ppa1
Priority: opcional
Section: misc
Maintainer: Ubuntu Core Developers <email address hidden>
Uncompressed Size: 1655k
Depends: build-essential, bzip2, debhelper (>= 5), dkms, linux-headers, linux-headers-generic, linux-headers-server, make
Suggests: kernel-package
Description: Source for the KVM driver
 This package provides the source code for the KVM kernel modules. The kvm package is also required in order to make use of
 these modules. Kernel source or headers are required to compile these modules.

 Not needed for Ubuntu systems.

This is the last version that would fix the bug? It would only be necessary to install this package and to compile?

I enabled jaunty-proposed on a new jaunty box and upgraded kvm:

$ sudo apt-get install kvm
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
  ubuntu-vm-builder hal vde2 samba kvm-source kvm-pxe
The following packages will be upgraded:
  kvm
1 upgraded, 0 newly installed, 0 to remove and 8 not upgraded.
Need to get 0B/1143kB of archives.
After this operation, 4096B disk space will be freed.
(Reading database ... 23790 files and directories currently installed.)
Preparing to replace kvm 1:84+dfsg-0ubuntu11 (using .../kvm_1%3a84+dfsg-0ubuntu12.3_amd64.deb) ...
Unpacking replacement kvm ...
Processing triggers for man-db ...
Setting up kvm (1:84+dfsg-0ubuntu12.3) ...
 * Loading kvm module kvm_intel
   ...done.

$

The install, as you can see, went without a hitch.

Will report how the VMs handle when I have more data.

After migrating to kvm 85+dfsg-4 uptime of freebsd guest is constantly increasing(15days now). No problems occured in this period.

Update:

No crashes on jaunty-proposed, although I have not stressed the box much yet.

No crashes on RC2 (1:84+dfsg-0ubuntu12.1~rc2ppa3) in 11 days (since upgrade to RC2), and I *have* stressed the box.

This bug was fixed in the package kvm - 1:84+dfsg-0ubuntu12.3

---------------
kvm (1:84+dfsg-0ubuntu12.3) jaunty-proposed; urgency=low

  * Cherry-pick qcow2 corruption patch from upstream git
    - Fix-at-least-one-cause-of-qcow2-corruption.-Nolan.patch,
    LP: #392295
  * Cherry-pick patch series from upstream to fix segfaults when
    cancelling DMA operations in virtual machines. LP: #359447
  * Cherry-pick dma error handling patch from upstream git, LP: #359447
    - Fix-DMA-API-when-handling-an-immediate-error-from-bl.patch
  * debian/control: depend on linux-server and linux-generic headers;
    this may be a bit overkill, as you only need one of the two,
    however, we don't know which one of the two until postinst;
    because of this, we get *tons* of bug reports about kvm-source not
    being able to build because of missing headers (even though we print
    a helpful warning message in postinst), LP: #394953
  * debian/kvm-source.postinst: touch reboot-required to ensure that
    the new kvm module gets loaded and running
  * debian/source_kvm.py: only collect packages related to kvm for apport,
    LP: #382077

 -- Dustin Kirkland <email address hidden> Tue, 07 Jul 2009 14:22:26 -0500

This bug was fixed in kvm-84 as published to hardy-backports and intrepid-backports. If you're suffering from this bug, please try that package.

:-Dustin

Is it really fixed? I am running kvm 1:84+dfsg-0ubuntu12.4 on Ubuntu 9.04 and still see this error:

Sep 3 15:43:00 vm-01 kernel: [2395791.060789] kvm[19481]: segfault at 0 ip 0000000000479a20 sp 00007fffe4f56690 error 4 in kvm[400000+1e1000]

Sep 3 18:00:02 vm-01 kernel: [2404013.508648] kvm[4649]: segfault at 0 ip 0000000000479a20 sp 00007fffee56f070 error 4 in kvm[400000+1e1000]