Bug 1040783

Summary: BUG: unable to handle kernel NULL pointer dereference at 00000000000002a8
Product: Red Hat Enterprise Linux 7 Reporter: Sibiao Luo <sluo>
Component: qemu-kvmAssignee: Virtualization Maintenance <virt-maint>
Status: CLOSED DUPLICATE QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: acathrow, chayang, jasowang, juzhang, michen, pbonzini, qzhang, virt-maint, xfu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-12 06:23:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
vmcore-dmesg. none

Description Sibiao Luo 2013-12-12 06:09:58 UTC 
Description of problem:
fail to resume after do S3 in guest with press keyboard, and guest will reboot and call trace, only hit two times when i retried the bug 920017. from the call trace log that related to the virtio_scsi.

Version-Release number of selected component (if applicable):
host info:
3.10.0-60.el7.x86_64
qemu-kvm-rhev-1.5.3-21.el7.x86_64
seabios-1.7.2.2-4.el7.x86_64
guest info:
3.10.0-60.el7.x86_64

How reproducible:
only hit two times

Steps to Reproduce:
1.boot a guest with rhel7 guest on the latest rhel7 host(libiscsi backend and enable the discard).
# /usr/libexec/qemu-kvm -M pc -S -cpu SandyBridge -enable-kvm -m 2048 -smp 4,sockets=2,cores=2,threads=1 -no-kvm-pit-reinjection -usb -device usb-tablet,id=input0 -name sluo -uuid 990ea161-6b67-47b2-b803-19fb01d30d30 -rtc base=localtime,clock=host,driftfix=slew -device virtio-serial-pci,id=virtio-serial0,max_ports=16,vectors=0,bus=pci.0,addr=0x3 -chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait -device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port1 -chardev socket,id=channel2,path=/tmp/helloworld2,server,nowait -device virtserialport,chardev=channel2,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port2 -drive file=iscsi://10.66.90.100:3260/iqn.2001-05.com.equallogic:0-8a0906-4c41f7d03-453f49b421052a57-s2-sluo-270305-1/0,if=none,id=drive-system-disk,cache=none,format=raw,aio=native,werror=stop,rerror=stop,discard=on -iscsi id=iqn0 -device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x4,num_queues=4 -device scsi-block,drive=drive-system-disk,bus=scsi0.0,id=libiscsi-system-disk,bootindex=1 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device rtl8139,netdev=hostnet0,id=rtl8139-net-pci0,mac=00:01:02:B6:40:21,bus=pci.0,addr=0x5 -device virtio-balloon-pci,id=ballooning,bus=pci.0,addr=0x6 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -drive file=iscsi://10.66.90.100:3260/iqn.2001-05.com.equallogic:0-8a0906-4fb1f7d03-455f49b421252a57-s2-sluo-270305-2/0,if=none,id=drive-data-disk,cache=none,format=raw,aio=native,werror=stop,rerror=stop,discard=on -iscsi id=iqn1 -device virtio-scsi-pci,id=scsi1,bus=pci.0,addr=0x7,num_queues=4 -device scsi-hd,drive=drive-data-disk,bus=scsi1.0,id=libiscsi-data-disk -k en-us -boot menu=on -qmp tcp:0:4444,server,nowait -serial unix:/tmp/ttyS0,server,nowait -vnc :1 -spice disable-ticketing,port=5931 -vga qxl -monitor stdio
2.do S3.
3.resume guest by press any keyboard.

Actual results:
guest will reboot and call trace after press any keyboard to resume it. I will attach the vmcore-dmesg.txt later.
...
[    0.510552] BUG: unable to handle kernel NULL pointer dereference at 00000000000002a8
[    0.510557] IP: [<ffffffffa004ada4>] __virtscsi_set_affinity+0xe4/0x140 [virtio_scsi]
[    0.510558] PGD 50f77067 PUD 50fb0067 PMD 0 
[    0.510559] Oops: 0000 [#1] SMP 
[    0.510575] Modules linked in: tcp_lp bnep bluetooth rfkill fuse nf_conntrack_netbios_ns nf_conntrack_broadcast ipt_MASQUERADE ip6t_REJECT ipt_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw iptable_filter ip_tables sg crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel lrw gf128mul qxl glue_helper ablk_helper cryptd ttm drm_kms_helper drm i2c_piix4 8139too microcode i2c_core virtio_console virtio_balloon serio_raw pcspkr mperf nfsd auth_rpcgss nfs_acl lockd sunrpc uinput xfs libcrc32c sd_mod
[    0.510579]  sr_mod cdrom crc_t10dif crct10dif_common ata_generic pata_acpi virtio_scsi ata_piix 8139cp libata mii virtio_pci virtio_ring virtio floppy dm_mirror dm_region_hash dm_log dm_mod
[    0.510581] CPU: 0 PID: 4324 Comm: pm-suspend Not tainted 3.10.0-60.el7.x86_64 #1
[    0.510589] Hardware name: Red Hat KVM, BIOS Bochs 01/01/2011
[    0.510590] task: ffff88005b49cbb0 ti: ffff88005b776000 task.ti: ffff88005b776000
[    0.510592] RIP: 0010:[<ffffffffa004ada4>]  [<ffffffffa004ada4>] __virtscsi_set_affinity+0xe4/0x140 [virtio_scsi]
[    0.510593] RSP: 0000:ffff88005b777cf8  EFLAGS: 00010206
[    0.510594] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000200
[    0.510594] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88004e795000
[    0.510595] RBP: ffff88005b777d18 R08: ffffffff819b2660 R09: 0000000000000000
[    0.510595] R10: ffffffff819b2660 R11: ffff880079fa5d20 R12: ffff880036e0b6d8
[    0.510595] R13: ffffffff819b2660 R14: 0000000000000000 R15: 0000000000000000
[    0.510596] FS:  00007fbf287bb740(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
[    0.510597] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.510597] CR2: 00000000000002a8 CR3: 000000004e744000 CR4: 00000000000406f0
[    0.510600] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    0.510602] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[    0.510603] Stack:
[    0.510604]  00000000ffffffd3 ffff880036e5b450 0000000000000012 0000000000000003
[    0.510605]  ffff88005b777d28 ffffffffa004aead ffff88005b777d60 ffffffff815c1d4c
[    0.510606]  0000000000000003 0000000000000010 0000000000000000 ffff88007c04e150
[    0.510606] Call Trace:
[    0.510610]  [<ffffffffa004aead>] virtscsi_cpu_callback+0x3d/0x50 [virtio_scsi]
[    0.510613]  [<ffffffff815c1d4c>] notifier_call_chain+0x4c/0x70
[    0.510616]  [<ffffffff8108579e>] __raw_notifier_call_chain+0xe/0x10
[    0.510617]  [<ffffffff8105d853>] cpu_notify+0x23/0x50
[    0.510619]  [<ffffffff815a7955>] _cpu_up+0xfb/0x13f
[    0.510620]  [<ffffffff8159acfc>] enable_nonboot_cpus+0xac/0xe0
[    0.510622]  [<ffffffff810a541c>] suspend_devices_and_enter+0x1fc/0x3d0
[    0.510623]  [<ffffffff810a575b>] pm_suspend+0x16b/0x240
[    0.510624]  [<ffffffff810a4729>] state_store+0x79/0xf0
[    0.510626]  [<ffffffff8129d1cf>] kobj_attr_store+0xf/0x20
[    0.510628]  [<ffffffff81210a66>] sysfs_write_file+0xc6/0x140
[    0.510631]  [<ffffffff8119eecd>] vfs_write+0xbd/0x1e0
[    0.510632]  [<ffffffff8119f899>] SyS_write+0x49/0xa0
[    0.510634]  [<ffffffff815c6399>] system_call_fastpath+0x16/0x1b
[    0.510644] Code: 84 f6 74 82 48 63 35 a4 8e 96 e1 41 be ff ff ff ff 31 db eb 34 66 90 48 63 cb 48 83 c1 20 48 c1 e1 04 49 8b 7c 0c 10 48 8b 57 20 <48> 8b 92 a8 02 00 00 48 8b 4a 50 48 85 c9 74 0b 89 c6 ff d1 48 
[    0.510646] RIP  [<ffffffffa004ada4>] __virtscsi_set_affinity+0xe4/0x140 [virtio_scsi]
[    0.510646]  RSP <ffff88005b777cf8>
[    0.510646] CR2: 00000000000002a8

Expected results:
it can resume from S3 successfully.

Additional info:
Comment 1 Sibiao Luo 2013-12-12 06:14:46 UTC 
Created attachment 835625 [details]
vmcore-dmesg.
Comment 2 jason wang 2013-12-12 06:23:20 UTC 
Looks duplicated.

*** This bug has been marked as a duplicate of bug 1024220 ***