Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1040783

Summary: BUG: unable to handle kernel NULL pointer dereference at 00000000000002a8
Product: Red Hat Enterprise Linux 7 Reporter: Sibiao Luo <sluo>
Component: qemu-kvmAssignee: Virtualization Maintenance <virt-maint>
Status: CLOSED DUPLICATE QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: acathrow, chayang, jasowang, juzhang, michen, pbonzini, qzhang, virt-maint, xfu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-12 06:23:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
vmcore-dmesg. none

Description Sibiao Luo 2013-12-12 06:09:58 UTC 
Description of problem:
fail to resume after do S3 in guest with press keyboard, and guest will reboot and call trace, only hit two times when i retried the bug 920017. from the call trace log that related to the virtio_scsi.

Version-Release number of selected component (if applicable):
host info:
3.10.0-60.el7.x86_64
qemu-kvm-rhev-1.5.3-21.el7.x86_64
seabios-1.7.2.2-4.el7.x86_64
guest info:
3.10.0-60.el7.x86_64

How reproducible:
only hit two times

Steps to Reproduce:
1.boot a guest with rhel7 guest on the latest rhel7 host(libiscsi backend and enable the discard).
# /usr/libexec/qemu-kvm -M pc -S -cpu SandyBridge -enable-kvm -m 2048 -smp 4,sockets=2,cores=2,threads=1 -no-kvm-pit-reinjection -usb -device usb-tablet,id=input0 -name sluo -uuid 990ea161-6b67-47b2-b803-19fb01d30d30 -rtc base=localtime,clock=host,driftfix=slew -device virtio-serial-pci,id=virtio-serial0,max_ports=16,vectors=0,bus=pci.0,addr=0x3 -chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait -device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port1 -chardev socket,id=channel2,path=/tmp/helloworld2,server,nowait -device virtserialport,chardev=channel2,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port2 -drive file=iscsi://10.66.90.100:3260/iqn.2001-05.com.equallogic:0-8a0906-4c41f7d03-453f49b421052a57-s2-sluo-270305-1/0,if=none,id=drive-system-disk,cache=none,format=raw,aio=native,werror=stop,rerror=stop,discard=on -iscsi id=iqn0 -device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x4,num_queues=4 -device scsi-block,drive=drive-system-disk,bus=scsi0.0,id=libiscsi-system-disk,bootindex=1 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device rtl8139,netdev=hostnet0,id=rtl8139-net-pci0,mac=00:01:02:B6:40:21,bus=pci.0,addr=0x5 -device virtio-balloon-pci,id=ballooning,bus=pci.0,addr=0x6 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -drive file=iscsi://10.66.90.100:3260/iqn.2001-05.com.equallogic:0-8a0906-4fb1f7d03-455f49b421252a57-s2-sluo-270305-2/0,if=none,id=drive-data-disk,cache=none,format=raw,aio=native,werror=stop,rerror=stop,discard=on -iscsi id=iqn1 -device virtio-scsi-pci,id=scsi1,bus=pci.0,addr=0x7,num_queues=4 -device scsi-hd,drive=drive-data-disk,bus=scsi1.0,id=libiscsi-data-disk -k en-us -boot menu=on -qmp tcp:0:4444,server,nowait -serial unix:/tmp/ttyS0,server,nowait -vnc :1 -spice disable-ticketing,port=5931 -vga qxl -monitor stdio
2.do S3.
3.resume guest by press any keyboard.

Actual results:
guest will reboot and call trace after press any keyboard to resume it. I will attach the vmcore-dmesg.txt later.
...
[    0.510552] BUG: unable to handle kernel NULL pointer dereference at 00000000000002a8
[    0.510557] IP: [<ffffffffa004ada4>] __virtscsi_set_affinity+0xe4/0x140 [virtio_scsi]
[    0.510558] PGD 50f77067 PUD 50fb0067 PMD 0 
[    0.510559] Oops: 0000 [#1] SMP 
[    0.510575] Modules linked in: tcp_lp bnep bluetooth rfkill fuse nf_conntrack_netbios_ns nf_conntrack_broadcast ipt_MASQUERADE ip6t_REJECT ipt_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw iptable_filter ip_tables sg crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel lrw gf128mul qxl glue_helper ablk_helper cryptd ttm drm_kms_helper drm i2c_piix4 8139too microcode i2c_core virtio_console virtio_balloon serio_raw pcspkr mperf nfsd auth_rpcgss nfs_acl lockd sunrpc uinput xfs libcrc32c sd_mod
[    0.510579]  sr_mod cdrom crc_t10dif crct10dif_common ata_generic pata_acpi virtio_scsi ata_piix 8139cp libata mii virtio_pci virtio_ring virtio floppy dm_mirror dm_region_hash dm_log dm_mod
[    0.510581] CPU: 0 PID: 4324 Comm: pm-suspend Not tainted 3.10.0-60.el7.x86_64 #1
[    0.510589] Hardware name: Red Hat KVM, BIOS Bochs 01/01/2011
[    0.510590] task: ffff88005b49cbb0 ti: ffff88005b776000 task.ti: ffff88005b776000
[    0.510592] RIP: 0010:[<ffffffffa004ada4>]  [<ffffffffa004ada4>] __virtscsi_set_affinity+0xe4/0x140 [virtio_scsi]
[    0.510593] RSP: 0000:ffff88005b777cf8  EFLAGS: 00010206
[    0.510594] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000200
[    0.510594] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88004e795000
[    0.510595] RBP: ffff88005b777d18 R08: ffffffff819b2660 R09: 0000000000000000
[    0.510595] R10: ffffffff819b2660 R11: ffff880079fa5d20 R12: ffff880036e0b6d8
[    0.510595] R13: ffffffff819b2660 R14: 0000000000000000 R15: 0000000000000000
[    0.510596] FS:  00007fbf287bb740(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
[    0.510597] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.510597] CR2: 00000000000002a8 CR3: 000000004e744000 CR4: 00000000000406f0
[    0.510600] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    0.510602] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[    0.510603] Stack:
[    0.510604]  00000000ffffffd3 ffff880036e5b450 0000000000000012 0000000000000003
[    0.510605]  ffff88005b777d28 ffffffffa004aead ffff88005b777d60 ffffffff815c1d4c
[    0.510606]  0000000000000003 0000000000000010 0000000000000000 ffff88007c04e150
[    0.510606] Call Trace:
[    0.510610]  [<ffffffffa004aead>] virtscsi_cpu_callback+0x3d/0x50 [virtio_scsi]
[    0.510613]  [<ffffffff815c1d4c>] notifier_call_chain+0x4c/0x70
[    0.510616]  [<ffffffff8108579e>] __raw_notifier_call_chain+0xe/0x10
[    0.510617]  [<ffffffff8105d853>] cpu_notify+0x23/0x50
[    0.510619]  [<ffffffff815a7955>] _cpu_up+0xfb/0x13f
[    0.510620]  [<ffffffff8159acfc>] enable_nonboot_cpus+0xac/0xe0
[    0.510622]  [<ffffffff810a541c>] suspend_devices_and_enter+0x1fc/0x3d0
[    0.510623]  [<ffffffff810a575b>] pm_suspend+0x16b/0x240
[    0.510624]  [<ffffffff810a4729>] state_store+0x79/0xf0
[    0.510626]  [<ffffffff8129d1cf>] kobj_attr_store+0xf/0x20
[    0.510628]  [<ffffffff81210a66>] sysfs_write_file+0xc6/0x140
[    0.510631]  [<ffffffff8119eecd>] vfs_write+0xbd/0x1e0
[    0.510632]  [<ffffffff8119f899>] SyS_write+0x49/0xa0
[    0.510634]  [<ffffffff815c6399>] system_call_fastpath+0x16/0x1b
[    0.510644] Code: 84 f6 74 82 48 63 35 a4 8e 96 e1 41 be ff ff ff ff 31 db eb 34 66 90 48 63 cb 48 83 c1 20 48 c1 e1 04 49 8b 7c 0c 10 48 8b 57 20 <48> 8b 92 a8 02 00 00 48 8b 4a 50 48 85 c9 74 0b 89 c6 ff d1 48 
[    0.510646] RIP  [<ffffffffa004ada4>] __virtscsi_set_affinity+0xe4/0x140 [virtio_scsi]
[    0.510646]  RSP <ffff88005b777cf8>
[    0.510646] CR2: 00000000000002a8

Expected results:
it can resume from S3 successfully.

Additional info:
Comment 1 Sibiao Luo 2013-12-12 06:14:46 UTC 
Created attachment 835625 [details]
vmcore-dmesg.
Comment 2 jason wang 2013-12-12 06:23:20 UTC 
Looks duplicated.

*** This bug has been marked as a duplicate of bug 1024220 ***