Bug 1325740

Summary: kernel panic when using qemu-system-x86 with vfio passthrough
Product: [Fedora] Fedora Reporter: Kenny Root <kenny>
Component: kernelAssignee: fedora-kernel-kvm
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 23CC: fedora-kernel-kvm, gansalmon, itamar, jonathan, kenny, kernel-maint, madhu.chinakonda, mchehab
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-27 17:35:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Kenny Root 2016-04-11 04:50:35 UTC 
Description of problem:
When running a guest with vfio passthough, eventually a kernel panic happens (usually after 3-5 days). In this case I'm running Windows 8 guest with an ATI card using vfio passthrough.

Version-Release number of selected component (if applicable):
4.4.6-300.fc23.x86_64

How reproducible:
So far happened 4 times in the past week.

Steps to Reproduce:
1. Create Windows 8 guest in qemu with vfio passthrough of GPU
2. Run some compute/memory intensive applications for a couple days

Actual results:
Kernel panic happens on host after a couple days

Expected results:
Guest should run without host kernel panic

Additional info:
Here is the latest panic traceback:

[213303.712908] page:ffffea0024c58000 count:-2147483648 mapcount:1 mapping:ffff8810343b7001 index:0x7fe275200
[213303.712953] flags: 0x5ffff80084407c(referenced|uptodate|dirty|lru|active|head|swapbacked|compound_lock)
[213303.713004] page dumped because: VM_BUG_ON_PAGE(atomic_read(&page_head->_count) <= 0)
[213303.713034] page->mem_cgroup:ffff880bbc260800
[213303.713071] ------------[ cut here ]------------
[213303.713090] kernel BUG at mm/swap.c:216!
[213303.713107] invalid opcode: 0000 [#1]
[213303.713121] page:ffffea0024c5f180 count:0 mapcount:573659599 mapping:          (null) index:0x0
[213303.713122] flags: 0x5ffff800000000(
[213303.713123] )
[213303.713124] page dumped because: VM_BUG_ON_PAGE(atomic_read(&compound_head(page)->_count) <= 0)
[213303.713204] SMP

[213303.713216] Modules linked in: vfio_iommu_type1 vfio_pci vfio_virqfd vfio vhost_net vhost macvtap macvlan tun ipmi_poweroff ipmi_watchdog 8021q garp mrp cfg80211 rfkill ip_set nfnetlink bridge stp llc iTCO_wdt iTCO_vendor_support cdc_acm intel_rapl iosf_mbi x86_pkg_temp_thermal coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul joydev sb_edac edac_core i2c_i801 snd_hda_intel snd_hda_codec snd_hda_core mei_me lpc_ich snd_hwdep mei snd_seq snd_seq_device ioatdma ses enclosure snd_pcm snd_timer snd soundcore ipmi_devintf wmi shpchp ipmi_si acpi_power_meter acpi_pad ipmi_msghandler tpm_tis tpm binfmt_misc nfsd nfs_acl lockd grace auth_rpcgss sunrpc raid10 uas usb_storage raid1 ast drm_kms_helper ttm drm crc32c_intel igb mpt3sas ptp pps_core dca raid_class i2c_algo_bit scsi_transport_sas fjes
[213303.713598]  [last unloaded: iptable_raw]
[213303.713611] CPU: 2 PID: 15808 Comm: qemu-system-x86 Not tainted 4.4.6-300.fc23.x86_64 #1
[213303.713643] Hardware name: Supermicro Super Server/X10SRH-CF, BIOS 1.0b 05/18/2015
[213303.713673] task: ffff8810338f9e00 ti: ffff8809ffe10000 task.ti: ffff8809ffe10000
[213303.713702] RIP: 0010:[<ffffffff811bd77a>]  [<ffffffff811bd77a>] put_compound_page+0x31a/0x370
[213303.713741] RSP: 0018:ffff8809ffe13c28  EFLAGS: 00010086
[213303.713762] RAX: 0000000000000021 RBX: ffffea0024c5f2c0 RCX: 0000000000000006
[213303.713790] RDX: 0000000000000000 RSI: 0000000000000046 RDI: ffff88103f28dff0
[213303.713818] RBP: ffff8809ffe13c38 R08: 0000000000000000 R09: 00000000000008d7
[213303.713846] R10: ffffc9000aa9a000 R11: 00000000000008d7 R12: ffffea0024c58000
[213303.713874] R13: 0000000000000000 R14: ffff8810338f9e00 R15: ffff880a0030c048
[213303.713903] FS:  00007fe337689700(0000) GS:ffff88103f280000(0000) knlGS:00007ff6d1212000
[213303.713934] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[213303.713957] CR2: 00000000b8fb12dc CR3: 0000000bdb45a000 CR4: 00000000001426e0
[213303.713985] Stack:
[213303.713995]  ffffea0024c5f2c0 ffff880cbf040000 ffff8809ffe13c50 ffffffff811bd7ed
[213303.714029]  ffffea0000000000 ffff8809ffe13c68 ffffffffa03f2b13 00000000009317cb
[213303.714062]  ffff8809ffe13c80 ffffffffa03f2be7 ffff880cbf040000 ffff8809ffe13cb0
[213303.714096] Call Trace:
[213303.714111]  [<ffffffff811bd7ed>] put_page+0x1d/0x60
[213303.714147]  [<ffffffffa03f2b13>] kvm_release_pfn_clean+0x43/0x50 [kvm]
[213303.714183]  [<ffffffffa03f2be7>] kvm_release_page_dirty+0x37/0x50 [kvm]
[213303.714213]  [<ffffffffa08f3aff>] handle_vmclear+0xaf/0x1f0 [kvm_intel]
[213303.715348]  [<ffffffffa08f1389>] vmx_handle_exit+0x1d9/0x1430 [kvm_intel]
[213303.716501]  [<ffffffffa040aa24>] kvm_arch_vcpu_ioctl_run+0x4a4/0x14e0 [kvm]
[213303.717642]  [<ffffffff81022bd1>] ? __kernel_fpu_end+0xa1/0xe0
[213303.718794]  [<ffffffffa0404ada>] ? kvm_arch_vcpu_load+0x5a/0x220 [kvm]
[213303.719947]  [<ffffffffa03f304d>] kvm_vcpu_ioctl+0x33d/0x620 [kvm]
[213303.721065]  [<ffffffff810166d4>] ? __switch_to+0x244/0x4a0
[213303.722168]  [<ffffffff81241248>] do_vfs_ioctl+0x298/0x480
[213303.723248]  [<ffffffff81148c2b>] ? __audit_syscall_entry+0xab/0xf0
[213303.724315]  [<ffffffff81337553>] ? security_file_ioctl+0x43/0x60
[213303.725368]  [<ffffffff812414a9>] SyS_ioctl+0x79/0x90
[213303.726408]  [<ffffffff817a04ee>] entry_SYSCALL_64_fastpath+0x12/0x71
[213303.727451] Code: 81 48 89 df e8 68 d1 01 00 0f 0b 48 c7 c6 28 07 a7 81 4c 89 e7 e8 57 d1 01 00 0f 0b 48 c7 c6 b8 07 a7 81 4c 89 e7 e8 46 d1 01 00 <0f> 0b 48 c7 c6 38 1d a5 81 4c 89 e7 e8 35 d1 01 00 0f 0b 48 c7
[213303.729705] RIP  [<ffffffff811bd77a>] put_compound_page+0x31a/0x370
[213303.730767]  RSP <ffff8809ffe13c28>
[213303.735658] ---[ end trace 158aa32e4d893b30 ]---
[213303.735660] ------------[ cut here ]------------
[213303.735662] kernel BUG at mm/internal.h:83!
[213303.735664] invalid opcode: 0000 [#2] SMP
[213303.735695] Modules linked in: vfio_iommu_type1 vfio_pci vfio_virqfd vfio vhost_net vhost macvtap macvlan tun ipmi_poweroff ipmi_watchdog 8021q garp mrp cfg80211 rfkill ip_set nfnetlink bridge stp llc iTCO_wdt iTCO_vendor_support cdc_acm intel_rapl iosf_mbi x86_pkg_temp_thermal coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul joydev sb_edac edac_core i2c_i801 snd_hda_intel snd_hda_codec snd_hda_core mei_me lpc_ich snd_hwdep mei snd_seq snd_seq_device ioatdma ses enclosure snd_pcm snd_timer snd soundcore ipmi_devintf wmi shpchp ipmi_si acpi_power_meter acpi_pad ipmi_msghandler tpm_tis tpm binfmt_misc nfsd nfs_acl lockd grace auth_rpcgss sunrpc raid10 uas usb_storage raid1 ast drm_kms_helper ttm drm crc32c_intel igb mpt3sas ptp pps_core dca raid_class i2c_algo_bit scsi_transport_sas fjes
[213303.735696]  [last unloaded: iptable_raw]
[213303.735698] CPU: 10 PID: 15809 Comm: qemu-system-x86 Tainted: G      D         4.4.6-300.fc23.x86_64 #1
[213303.735699] Hardware name: Supermicro Super Server/X10SRH-CF, BIOS 1.0b 05/18/2015
[213303.735700] task: ffff881033970000 ti: ffff880a01380000 task.ti: ffff880a01380000
[213303.735707] RIP: 0010:[<ffffffff81217ee3>]  [<ffffffff81217ee3>] follow_trans_huge_pmd+0x343/0x390
[213303.735708] RSP: 0018:ffff880a013839e8  EFLAGS: 00010246
[213303.735709] RAX: 0000000000000053 RBX: ffffea0024c5f180 RCX: 0000000000000000
[213303.735710] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000282
[213303.735712] RBP: ffff880a01383a08 R08: 0000000000000000 R09: 0000000000000053
[213303.735713] R10: ffff880bbb5b7c00 R11: 000000000000fef4 R12: 0000000000007180
[213303.735714] R13: 0000000000000004 R14: ffff880bbb5b7c00 R15: ffff880bbb5b7c00
[213303.735715] FS:  00007fe336e88700(0000) GS:ffff88103f480000(0000) knlGS:00007ff6d1214000
[213303.735717] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[213303.735718] CR2: 00000000b8fb12dc CR3: 0000000bdb45a000 CR4: 00000000001426e0
[213303.735718] Stack:
[213303.735721]  0000000000000307 00007fe2753c6000 ffff880a01383acc ffffea0027fd6fc0
[213303.735723]  ffff880a01383a48 ffffffff811db475 ffff8809ff5bfd48 0000000000000307
[213303.735724]  ffff880a01383b44 ffff881033970000 0000000000000307 ffff880bbb5b7c00
[213303.735725] Call Trace:
[213303.735729]  [<ffffffff811db475>] follow_page_mask+0x2d5/0x370
[213303.735731]  [<ffffffff811db5ec>] __get_user_pages+0xdc/0x700
[213303.735750]  [<ffffffffa0411c14>] ? paging64_gva_to_gpa+0x44/0xb0 [kvm]
[213303.735753]  [<ffffffff811daca0>] __get_user_pages_unlocked+0x160/0x1e0
[213303.735762]  [<ffffffffa03f2487>] __gfn_to_pfn_memslot+0x317/0x3a0 [kvm]
[213303.735772]  [<ffffffffa03f2a00>] kvm_vcpu_gfn_to_pfn+0xe0/0x100 [kvm]
[213303.735781]  [<ffffffffa03f2abe>] kvm_vcpu_gfn_to_page+0xe/0x20 [kvm]
[213303.735785]  [<ffffffffa08f381d>] nested_vmx_check_vmptr+0x19d/0x200 [kvm_intel]
[213303.735796]  [<ffffffffa03fca78>] ? kvm_set_cr4+0x128/0x270 [kvm]
[213303.735799]  [<ffffffffa08f393c>] handle_vmon+0xbc/0x1d0 [kvm_intel]
[213303.735802]  [<ffffffffa08f1389>] vmx_handle_exit+0x1d9/0x1430 [kvm_intel]
[213303.735806]  [<ffffffff810e6270>] ? wake_atomic_t_function+0x70/0x70
[213303.735818]  [<ffffffffa040aa24>] kvm_arch_vcpu_ioctl_run+0x4a4/0x14e0 [kvm]
[213303.735830]  [<ffffffffa0404ada>] ? kvm_arch_vcpu_load+0x5a/0x220 [kvm]
[213303.735839]  [<ffffffffa03f304d>] kvm_vcpu_ioctl+0x33d/0x620 [kvm]
[213303.735841]  [<ffffffff810166d4>] ? __switch_to+0x244/0x4a0
[213303.735843]  [<ffffffff81241248>] do_vfs_ioctl+0x298/0x480
[213303.735845]  [<ffffffff81148c2b>] ? __audit_syscall_entry+0xab/0xf0
[213303.735848]  [<ffffffff81337553>] ? security_file_ioctl+0x43/0x60
[213303.735850]  [<ffffffff812414a9>] SyS_ioctl+0x79/0x90
[213303.735853]  [<ffffffff817a04ee>] entry_SYSCALL_64_fastpath+0x12/0x71
[213303.735867] Code: fe ff ff e8 e0 5c fe ff 85 c0 0f 85 02 fe ff ff f0 ff 43 18 48 89 d8 e9 f9 fd ff ff 48 c7 c6 f0 07 a7 81 48 89 df e8 dd 29 fc ff <0f> 0b 48 c7 c6 18 1d a5 81 48 89 df e8 cc 29 fc ff 0f 0b 48 89
[213303.735870] RIP  [<ffffffff81217ee3>] follow_trans_huge_pmd+0x343/0x390
[213303.735870]  RSP <ffff880a013839e8>
[213303.735903] ---[ end trace 158aa32e4d893b31 ]---


Older one:

Apr  5 01:16:39 turbo kernel: page:ffffea002db7cec0 count:0 mapcount:1 mapping:          (null) index:0x0
Apr  5 01:16:39 turbo kernel: page:ffffea002db78000 count:-2147483648 mapcount:1 mapping:ffff880ff3a53781 index:0x7f27b6200
Apr  5 01:16:39 turbo kernel: flags: 0x5ffff80084407c(referenced|uptodate|dirty|lru|active|head|swapbacked|compound_lock)
Apr  5 01:16:40 turbo kernel: page dumped because: VM_BUG_ON_PAGE(atomic_read(&page_head->_count) <= 0)
Apr  5 01:16:40 turbo kernel: page->mem_cgroup:ffff880f4a667000
Apr  5 01:16:40 turbo kernel: ------------[ cut here ]------------
Apr  5 01:16:40 turbo kernel: kernel BUG at mm/swap.c:216!
Apr  5 01:16:40 turbo kernel: invalid opcode: 0000 [#1] SMP
Apr  5 01:16:40 turbo kernel: Modules linked in: vfio_pci vfio_iommu_type1 vfio_virqfd vfio vhost_net vhost macvtap macvlan tun ipmi_poweroff ipmi_watchdog 8021q garp mrp cfg80211 rfkill ip_set nfnetlink bridge stp llc iTCO_wdt iTCO_vendor_support intel_rapl iosf_mbi x86_pkg_temp_thermal coretemp kvm_intel cdc_acm kvm irqbypass crct10dif_pclmul crc32_pclmul joydev snd_hda_intel snd_hda_codec sb_edac snd_hda_core edac_core snd_hwdep snd_seq snd_seq_device i2c_i801 snd_pcm lpc_ich mei_me snd_timer mei snd soundcore ses enclosure ioatdma shpchp wmi ipmi_devintf ipmi_si ipmi_msghandler acpi_power_meter acpi_pad tpm_tis tpm binfmt_misc nfsd nfs_acl lockd grace auth_rpcgss sunrpc raid10 uas usb_storage ast raid1 drm_kms_helper ttm drm crc32c_intel igb mpt3sas ptp pps_core dca raid_class i2c_algo_bit scsi_transport_sas fjes
Apr  5 01:16:40 turbo kernel: [last unloaded: nf_defrag_ipv4]
Apr  5 01:16:40 turbo kernel: CPU: 1 PID: 7235 Comm: qemu-system-x86 Not tainted 4.4.6-300.fc23.x86_64 #1
Apr  5 01:16:40 turbo kernel: Hardware name: Supermicro Super Server/X10SRH-CF, BIOS 1.0b 05/18/2015
Apr  5 01:16:40 turbo kernel: task: ffff880ff3cbbc00 ti: ffff880c58f9c000 task.ti: ffff880c58f9c000
Apr  5 01:16:40 turbo kernel: RIP: 0010:[<ffffffff811bd77a>]  [<ffffffff811bd77a>] put_compound_page+0x31a/0x370
Apr  5 01:16:40 turbo kernel: RSP: 0018:ffff880c58f9fc28  EFLAGS: 00010086
Apr  5 01:16:40 turbo kernel: RAX: 0000000000000021 RBX: ffffea002db7f300 RCX: 0000000000000002
Apr  5 01:16:40 turbo kernel: RDX: 0000000000000000 RSI: 0000000000000086 RDI: 0000000000000086
Apr  5 01:16:40 turbo kernel: RBP: ffff880c58f9fc38 R08: 0000000000000000 R09: 0000000000000021
Apr  5 01:16:40 turbo kernel: R10: 000000000000000c R11: 0000000000013484 R12: ffffea002db78000
Apr  5 01:16:40 turbo kernel: R13: 0000000000000000 R14: ffff880ff3cbbc00 R15: ffff880c4d134048
Apr  5 01:16:40 turbo kernel: FS:  00007f2877e11700(0000) GS:ffff88103f240000(0000) knlGS:00007ff6400e2000
Apr  5 01:16:40 turbo kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr  5 01:16:40 turbo kernel: CR2: 0000000000000030 CR3: 0000000c546bd000 CR4: 00000000001426e0
Apr  5 01:16:40 turbo kernel: Stack:
Apr  5 01:16:40 turbo kernel: ffffea002db7f300 ffff880c4baf8000 ffff880c58f9fc50 ffffffff811bd7ed
Apr  5 01:16:40 turbo kernel: ffffea0000000000 ffff880c58f9fc68 ffffffffa03cab13 0000000000b6dfcc
Apr  5 01:16:40 turbo kernel: ffff880c58f9fc80 ffffffffa03cabe7 ffff880c4baf8000 ffff880c58f9fcb0
Apr  5 01:16:40 turbo kernel: Call Trace:
Apr  5 01:16:40 turbo kernel: [<ffffffff811bd7ed>] put_page+0x1d/0x60
Apr  5 01:16:40 turbo kernel: [<ffffffffa03cab13>] kvm_release_pfn_clean+0x43/0x50 [kvm]
Apr  5 01:16:40 turbo kernel: [<ffffffffa03cabe7>] kvm_release_page_dirty+0x37/0x50 [kvm]
Apr  5 01:16:40 turbo kernel: [<ffffffffa049faff>] handle_vmclear+0xaf/0x1f0 [kvm_intel]
Apr  5 01:16:40 turbo kernel: [<ffffffffa049d389>] vmx_handle_exit+0x1d9/0x1430 [kvm_intel]
Apr  5 01:16:40 turbo kernel: [<ffffffff811155d7>] ? ktime_get+0x37/0xa0
Apr  5 01:16:40 turbo kernel: [<ffffffffa03e2a24>] kvm_arch_vcpu_ioctl_run+0x4a4/0x14e0 [kvm]
Apr  5 01:16:40 turbo kernel: [<ffffffffa03dcada>] ? kvm_arch_vcpu_load+0x5a/0x220 [kvm]
Apr  5 01:16:40 turbo kernel: [<ffffffffa03cb04d>] kvm_vcpu_ioctl+0x33d/0x620 [kvm]
Apr  5 01:16:40 turbo kernel: [<ffffffffa03f5da0>] ? check_perm_out+0x50/0x50 [kvm]
Apr  5 01:16:40 turbo kernel: [<ffffffff81241248>] do_vfs_ioctl+0x298/0x480
Apr  5 01:16:40 turbo kernel: [<ffffffff81148c2b>] ? __audit_syscall_entry+0xab/0xf0
Apr  5 01:16:40 turbo kernel: [<ffffffff81337553>] ? security_file_ioctl+0x43/0x60
Apr  5 01:16:40 turbo kernel: [<ffffffff812414a9>] SyS_ioctl+0x79/0x90
Apr  5 01:16:40 turbo kernel: [<ffffffff817a04ee>] entry_SYSCALL_64_fastpath+0x12/0x71
Apr  5 01:16:40 turbo kernel: Code: 81 48 89 df e8 68 d1 01 00 0f 0b 48 c7 c6 28 07 a7 81 4c 89 e7 e8 57 d1 01 00 0f 0b 48 c7 c6 b8 07 a7 81 4c 89 e7 e8 46 d1 01 00 <0f> 0b 48 c7 c6 38 1d a5 81 4c 89 e7 e8 35 d1 01 00 0f 0b 48 c7
Apr  5 01:16:40 turbo kernel: RIP  [<ffffffff811bd77a>] put_compound_page+0x31a/0x370
Apr  5 01:16:40 turbo kernel: RSP <ffff880c58f9fc28>
Apr  5 01:16:40 turbo kernel: ---[ end trace 15c71170fc8822b8 ]---
Apr  5 01:16:40 turbo kernel: flags: 0x5ffff800000010(dirty)
Apr  5 01:16:40 turbo kernel: page dumped because: VM_BUG_ON_PAGE(atomic_read(&compound_head(page)->_count) <= 0)
Apr  5 01:16:40 turbo kernel: ------------[ cut here ]------------
Apr  5 01:16:40 turbo kernel: kernel BUG at mm/internal.h:83!
Apr  5 01:16:40 turbo kernel: invalid opcode: 0000 [#2] SMP
Apr  5 01:16:40 turbo kernel: Modules linked in: vfio_pci vfio_iommu_type1 vfio_virqfd vfio vhost_net vhost macvtap macvlan tun ipmi_poweroff ipmi_watchdog 8021q garp mrp cfg80211 rfkill ip_set nfnetlink bridge stp llc iTCO_wdt iTCO_vendor_support intel_rapl iosf_mbi x86_pkg_temp_thermal coretemp kvm_intel cdc_acm kvm irqbypass crct10dif_pclmul crc32_pclmul joydev snd_hda_intel snd_hda_codec sb_edac snd_hda_core edac_core snd_hwdep snd_seq snd_seq_device i2c_i801 snd_pcm lpc_ich mei_me snd_timer mei snd soundcore ses enclosure ioatdma shpchp wmi ipmi_devintf ipmi_si ipmi_msghandler acpi_power_meter acpi_pad tpm_tis tpm binfmt_misc nfsd nfs_acl lockd grace auth_rpcgss sunrpc raid10 uas usb_storage ast raid1 drm_kms_helper ttm drm crc32c_intel igb mpt3sas ptp pps_core dca raid_class i2c_algo_bit scsi_transport_sas fjes
Apr  5 01:16:40 turbo kernel: [last unloaded: nf_defrag_ipv4]
Apr  5 01:16:40 turbo kernel: CPU: 0 PID: 7234 Comm: qemu-system-x86 Tainted: G      D         4.4.6-300.fc23.x86_64 #1
Apr  5 01:16:40 turbo kernel: Hardware name: Supermicro Super Server/X10SRH-CF, BIOS 1.0b 05/18/2015
Apr  5 01:16:40 turbo kernel: task: ffff880ff3cb8000 ti: ffff880c4bd34000 task.ti: ffff880c4bd34000
Apr  5 01:16:40 turbo kernel: RIP: 0010:[<ffffffff81217ee3>]  [<ffffffff81217ee3>] follow_trans_huge_pmd+0x343/0x390
Apr  5 01:16:40 turbo kernel: RSP: 0018:ffff880c4bd37a28  EFLAGS: 00010246
Apr  5 01:16:40 turbo kernel: RAX: 0000000000000053 RBX: ffffea002db7cec0 RCX: 0000000000000000
Apr  5 01:16:40 turbo kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88103f20dff8
Apr  5 01:16:40 turbo kernel: RBP: ffff880c4bd37a48 R08: 0000000000000000 R09: 0000000000000879
Apr  5 01:16:40 turbo kernel: R10: ffff880f3f29f000 R11: 0000000000000879 R12: 0000000000004ec0
Apr  5 01:16:40 turbo kernel: R13: 0000000000000004 R14: ffff880f3f29f000 R15: ffff880f3f29f000
Apr  5 01:16:40 turbo kernel: FS:  00007f2878612700(0000) GS:ffff88103f200000(0000) knlGS:00007ff63faa6000
Apr  5 01:16:40 turbo kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr  5 01:16:40 turbo kernel: CR2: 00000000b902b2dc CR3: 0000000c546bd000 CR4: 00000000001426f0
Apr  5 01:16:40 turbo kernel: Stack:
Apr  5 01:16:40 turbo kernel: 0000000000000307 00007f27b633b000 ffff880c4bd37b0c ffffea00009d7ec0
Apr  5 01:16:40 turbo kernel: ffff880c4bd37a88 ffffffff811db475 ffff8800275fbd88 0000000000000307
Apr  5 01:16:40 turbo kernel: ffff880c4bd37b84 ffff880ff3cb8000 0000000000000307 ffff880f3f29f000
Apr  5 01:16:40 turbo kernel: Call Trace:
Apr  5 01:16:40 turbo kernel: [<ffffffff811db475>] follow_page_mask+0x2d5/0x370
Apr  5 01:16:40 turbo kernel: [<ffffffff811db5ec>] __get_user_pages+0xdc/0x700
Apr  5 01:16:40 turbo kernel: [<ffffffff811daca0>] __get_user_pages_unlocked+0x160/0x1e0
Apr  5 01:16:40 turbo kernel: [<ffffffffa03ca487>] __gfn_to_pfn_memslot+0x317/0x3a0 [kvm]
Apr  5 01:16:40 turbo kernel: [<ffffffffa03caa00>] kvm_vcpu_gfn_to_pfn+0xe0/0x100 [kvm]
Apr  5 01:16:40 turbo kernel: [<ffffffffa03caabe>] kvm_vcpu_gfn_to_page+0xe/0x20 [kvm]
Apr  5 01:16:40 turbo kernel: [<ffffffffa04a0861>] nested_vmx_run+0x491/0x1610 [kvm_intel]
Apr  5 01:16:40 turbo kernel: [<ffffffffa04a2b1f>] ? handle_vmwrite+0x20f/0x2e0 [kvm_intel]
Apr  5 01:16:40 turbo kernel: [<ffffffffa04a1a13>] handle_vmlaunch+0x13/0x20 [kvm_intel]
Apr  5 01:16:40 turbo kernel: [<ffffffffa049d389>] vmx_handle_exit+0x1d9/0x1430 [kvm_intel]
Apr  5 01:16:40 turbo kernel: [<ffffffffa03e2a24>] kvm_arch_vcpu_ioctl_run+0x4a4/0x14e0 [kvm]
Apr  5 01:16:40 turbo kernel: [<ffffffffa03dcada>] ? kvm_arch_vcpu_load+0x5a/0x220 [kvm]
Apr  5 01:16:40 turbo kernel: [<ffffffffa03cb04d>] kvm_vcpu_ioctl+0x33d/0x620 [kvm]
Apr  5 01:16:40 turbo kernel: [<ffffffff81241248>] do_vfs_ioctl+0x298/0x480
Apr  5 01:16:40 turbo kernel: [<ffffffff81148c2b>] ? __audit_syscall_entry+0xab/0xf0
Apr  5 01:16:40 turbo kernel: [<ffffffff81337553>] ? security_file_ioctl+0x43/0x60
Apr  5 01:16:40 turbo kernel: [<ffffffff812414a9>] SyS_ioctl+0x79/0x90
Apr  5 01:16:40 turbo kernel: [<ffffffff817a04ee>] entry_SYSCALL_64_fastpath+0x12/0x71
Apr  5 01:16:40 turbo kernel: Code: fe ff ff e8 e0 5c fe ff 85 c0 0f 85 02 fe ff ff f0 ff 43 18 48 89 d8 e9 f9 fd ff ff 48 c7 c6 f0 07 a7 81 48 89 df e8 dd 29 fc ff <0f> 0b 48 c7 c6 18 1d a5 81 48 89 df e8 cc 29 fc ff 0f 0b 48 89
Apr  5 01:16:40 turbo kernel: RIP  [<ffffffff81217ee3>] follow_trans_huge_pmd+0x343/0x390
Apr  5 01:16:40 turbo kernel: RSP <ffff880c4bd37a28>
Apr  5 01:16:40 turbo kernel: ---[ end trace 15c71170fc8822b9 ]---
Comment 1 Kenny Root 2016-04-16 16:28:44 UTC 
Another page dump today. Anything I should gather when this happens?

[460196.303943] page:ffffea0032c58000 count:-2147483648 mapcount:1 mapping:ffff880dd022e5f1 index:0x7ff1dde00
[460196.303962] page:ffffea0032c5d300 count:0 mapcount:1 mapping:          (null) index:0x0
[460196.303965] flags: 0x5ffff800000014(referenced|dirty)
[460196.303966] page dumped because: VM_BUG_ON_PAGE(atomic_read(&compound_head(page)->_count) <= 0)
[460196.304002] ------------[ cut here ]------------
[460196.304003] kernel BUG at mm/internal.h:83!
[460196.304006] invalid opcode: 0000 [#1] SMP
[460196.304038] Modules linked in: vfio_pci vfio_iommu_type1 vfio_virqfd vfio ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_nat_ipv4 iptable_mangle ebtable_filter ebtables act_police cls_basic cls_flow cls_fw cls_u32 sch_tbf sch_prio sch_hfsc sch_htb sch_ingress sch_sfq nf_conntrack_snmp ip6t_MASQUERADE nf_nat_masquerade_ipv6 xt_CHECKSUM ip6t_rpfilter xt_statistic xt_CT ip6t_ipv6header xt_connlimit xt_addrtype ip_set_hash_ip xt_comment xt_recent xt_nat ip6table_nat nf_nat_ipv6 nf_nat xt_set xt_NFLOG nfnetlink_log xt_LOG nf_log_ipv6 nf_log_common nf_conntrack_tftp nf_conntrack_sip nf_conntrack_sane nf_conntrack_proto_udplite nf_conntrack_proto_sctp nf_conntrack_pptp nf_conntrack_proto_gre nf_conntrack_netlink nf_conntrack_netbios_ns nf_conntrack_broadcast nf_conntrack_irc nf_conntrack_h323
[460196.304075]  nf_conntrack_ftp ts_kmp nf_conntrack_amanda xt_TPROXY nf_defrag_ipv4 xt_time xt_TCPMSS xt_tcpmss xt_sctp xt_policy xt_pkttype xt_physdev br_netfilter xt_owner xt_NFQUEUE xt_multiport xt_mark xt_mac xt_limit xt_length xt_iprange xt_helper xt_hashlimit xt_DSCP xt_dscp xt_dccp xt_connmark xt_CLASSIFY xt_AUDIT ip6t_REJECT nf_reject_ipv6 xt_state nf_conntrack_ipv6 nf_defrag_ipv6 xt_conntrack nf_conntrack ip6table_raw ip6table_mangle ip6table_filter ip6_tables vhost_net vhost macvtap macvlan tun ipmi_poweroff ipmi_watchdog 8021q garp mrp cfg80211 rfkill ip_set nfnetlink bridge stp llc iTCO_wdt iTCO_vendor_support intel_rapl iosf_mbi x86_pkg_temp_thermal coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul crc32c_intel sb_edac edac_core cdc_acm joydev i2c_i801 snd_hda_intel snd_hda_codec
[460196.304099]  lpc_ich mei_me snd_hda_core mei snd_hwdep snd_seq snd_seq_device ses enclosure snd_pcm ipmi_devintf snd_timer snd soundcore ioatdma shpchp wmi ipmi_si ipmi_msghandler acpi_power_meter acpi_pad tpm_tis tpm binfmt_misc nfsd nfs_acl lockd grace auth_rpcgss sunrpc raid10 uas usb_storage raid1 ast drm_kms_helper ttm igb drm mpt3sas ptp pps_core raid_class dca scsi_transport_sas i2c_algo_bit fjes [last unloaded: iptable_raw]
[460196.304102] CPU: 3 PID: 12167 Comm: qemu-system-x86 Not tainted 4.4.6-301.fc23.x86_64 #1
[460196.304103] Hardware name: Supermicro Super Server/X10SRH-CF, BIOS 2.0 12/17/2015
[460196.304105] task: ffff880ff7305a00 ti: ffff880d74c60000 task.ti: ffff880d74c60000
[460196.304113] RIP: 0010:[<ffffffff81217ee3>]  [<ffffffff81217ee3>] follow_trans_huge_pmd+0x343/0x390
[460196.304116] RSP: 0018:ffff880d74c63a28  EFLAGS: 00010246
[460196.304117] RAX: 0000000000000053 RBX: ffffea0032c5d300 RCX: 0000000000000000
[460196.304118] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000286
[460196.304119] RBP: ffff880d74c63a48 R08: 0000000000000000 R09: 0000000000000053
[460196.304120] R10: ffff880d7449b480 R11: 0000000000014ef4 R12: 0000000000005300
[460196.304121] R13: 0000000000000004 R14: ffff880d7449b480 R15: ffff880d7449b480
[460196.304123] FS:  00007ff29fafb700(0000) GS:ffff88103f2c0000(0000) knlGS:00007ff7976b4000
[460196.304124] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[460196.304125] CR2: 00000000b614d010 CR3: 0000000d74761000 CR4: 00000000001426e0
[460196.304126] Stack:
[460196.304129]  0000000000000307 00007ff1ddf4c000 ffff880d74c63b0c ffffea0035d38240
[460196.304131]  ffff880d74c63a88 ffffffff811db475 ffff880d74e09778 0000000000000307
[460196.304133]  ffff880d74c63b84 ffff880ff7305a00 0000000000000307 ffff880d7449b480
[460196.304133] Call Trace:
[460196.304139]  [<ffffffff811db475>] follow_page_mask+0x2d5/0x370
[460196.304142]  [<ffffffff811db5ec>] __get_user_pages+0xdc/0x700
[460196.304145]  [<ffffffff811daca0>] __get_user_pages_unlocked+0x160/0x1e0
[460196.304171]  [<ffffffffa0413487>] __gfn_to_pfn_memslot+0x317/0x3a0 [kvm]
[460196.304186]  [<ffffffffa0413a00>] kvm_vcpu_gfn_to_pfn+0xe0/0x100 [kvm]
[460196.304200]  [<ffffffffa0413abe>] kvm_vcpu_gfn_to_page+0xe/0x20 [kvm]
[460196.304207]  [<ffffffffa0895861>] nested_vmx_run+0x491/0x1610 [kvm_intel]
[460196.304211]  [<ffffffffa0897b1f>] ? handle_vmwrite+0x20f/0x2e0 [kvm_intel]
[460196.304215]  [<ffffffffa0896a13>] handle_vmlaunch+0x13/0x20 [kvm_intel]
[460196.304220]  [<ffffffffa0892389>] vmx_handle_exit+0x1d9/0x1430 [kvm_intel]
[460196.304238]  [<ffffffffa042ba24>] kvm_arch_vcpu_ioctl_run+0x4a4/0x14e0 [kvm]
[460196.304256]  [<ffffffffa0425ada>] ? kvm_arch_vcpu_load+0x5a/0x220 [kvm]
[460196.304270]  [<ffffffffa041404d>] kvm_vcpu_ioctl+0x33d/0x620 [kvm]
[460196.304289]  [<ffffffffa043eda0>] ? check_perm_out+0x50/0x50 [kvm]
[460196.304293]  [<ffffffff81241248>] do_vfs_ioctl+0x298/0x480
[460196.304296]  [<ffffffff81148c2b>] ? __audit_syscall_entry+0xab/0xf0
[460196.304300]  [<ffffffff81337553>] ? security_file_ioctl+0x43/0x60
[460196.304302]  [<ffffffff812414a9>] SyS_ioctl+0x79/0x90
[460196.304306]  [<ffffffff817a05ae>] entry_SYSCALL_64_fastpath+0x12/0x71
[460196.304332] Code: fe ff ff e8 e0 5c fe ff 85 c0 0f 85 02 fe ff ff f0 ff 43 18 48 89 d8 e9 f9 fd ff ff 48 c7 c6 f0 07 a7 81 48 89 df e8 dd 29 fc ff <0f> 0b 48 c7 c6 18 1d a5 81 48 89 df e8 cc 29 fc ff 0f 0b 48 89
[460196.304335] RIP  [<ffffffff81217ee3>] follow_trans_huge_pmd+0x343/0x390
[460196.304336]  RSP <ffff880d74c63a28>
[460196.310655] ---[ end trace d8b3e76b9a46f70c ]---
[460196.401410] flags: 0x5ffff80084403c(referenced|uptodate|dirty|lru|head|swapbacked|compound_lock)
[460196.402704] page dumped because: VM_BUG_ON_PAGE(atomic_read(&page_head->_count) <= 0)
[460196.403607] page->mem_cgroup:ffff880ee1cf5000
[460196.404514] ------------[ cut here ]------------
[460196.405359] kernel BUG at mm/swap.c:216!
[460196.406330] invalid opcode: 0000 [#2] SMP
[460196.407182] Modules linked in: vfio_pci vfio_iommu_type1 vfio_virqfd vfio ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_nat_ipv4 iptable_mangle ebtable_filter ebtables act_police cls_basic cls_flow cls_fw cls_u32 sch_tbf sch_prio sch_hfsc sch_htb sch_ingress sch_sfq nf_conntrack_snmp ip6t_MASQUERADE nf_nat_masquerade_ipv6 xt_CHECKSUM ip6t_rpfilter xt_statistic xt_CT ip6t_ipv6header xt_connlimit xt_addrtype ip_set_hash_ip xt_comment xt_recent xt_nat ip6table_nat nf_nat_ipv6 nf_nat xt_set xt_NFLOG nfnetlink_log xt_LOG nf_log_ipv6 nf_log_common nf_conntrack_tftp nf_conntrack_sip nf_conntrack_sane nf_conntrack_proto_udplite nf_conntrack_proto_sctp nf_conntrack_pptp nf_conntrack_proto_gre nf_conntrack_netlink nf_conntrack_netbios_ns nf_conntrack_broadcast nf_conntrack_irc nf_conntrack_h323
[460196.412760]  nf_conntrack_ftp ts_kmp nf_conntrack_amanda xt_TPROXY nf_defrag_ipv4 xt_time xt_TCPMSS xt_tcpmss xt_sctp xt_policy xt_pkttype xt_physdev br_netfilter xt_owner xt_NFQUEUE xt_multiport xt_mark xt_mac xt_limit xt_length xt_iprange xt_helper xt_hashlimit xt_DSCP xt_dscp xt_dccp xt_connmark xt_CLASSIFY xt_AUDIT ip6t_REJECT nf_reject_ipv6 xt_state nf_conntrack_ipv6 nf_defrag_ipv6 xt_conntrack nf_conntrack ip6table_raw ip6table_mangle ip6table_filter ip6_tables vhost_net vhost macvtap macvlan tun ipmi_poweroff ipmi_watchdog 8021q garp mrp cfg80211 rfkill ip_set nfnetlink bridge stp llc iTCO_wdt iTCO_vendor_support intel_rapl iosf_mbi x86_pkg_temp_thermal coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul crc32c_intel sb_edac edac_core cdc_acm joydev i2c_i801 snd_hda_intel snd_hda_codec
[460196.419068]  lpc_ich mei_me snd_hda_core mei snd_hwdep snd_seq snd_seq_device ses enclosure snd_pcm ipmi_devintf snd_timer snd soundcore ioatdma shpchp wmi ipmi_si ipmi_msghandler acpi_power_meter acpi_pad tpm_tis tpm binfmt_misc nfsd nfs_acl lockd grace auth_rpcgss sunrpc raid10 uas usb_storage raid1 ast drm_kms_helper ttm igb drm mpt3sas ptp pps_core raid_class dca scsi_transport_sas i2c_algo_bit fjes [last unloaded: iptable_raw]
[460196.424712] CPU: 11 PID: 12169 Comm: qemu-system-x86 Tainted: G      D         4.4.6-301.fc23.x86_64 #1
[460196.425876] Hardware name: Supermicro Super Server/X10SRH-CF, BIOS 2.0 12/17/2015
[460196.427042] task: ffff881033cb9e00 ti: ffff880d76390000 task.ti: ffff880d76390000
[460196.428221] RIP: 0010:[<ffffffff811bd77a>]  [<ffffffff811bd77a>] put_compound_page+0x31a/0x370
[460196.429418] RSP: 0018:ffff880d76393bc0  EFLAGS: 00010082
[460196.430610] RAX: 0000000000000021 RBX: ffffea0032c5d380 RCX: 0000000000000006
[460196.431836] RDX: 0000000000000000 RSI: 0000000000000046 RDI: ffff88103f4cdff0
[460196.433049] RBP: ffff880d76393bd0 R08: 0000000000000000 R09: 0000000000000849
[460196.434260] R10: 0000000000000000 R11: 0000000000000849 R12: ffffea0032c58000
[460196.435471] R13: 0000000000000005 R14: ffff880d76393c70 R15: ffff880cb173e000
[460196.436681] FS:  00007ff29eaf9700(0000) GS:ffff88103f4c0000(0000) knlGS:0000000000000000
[460196.437904] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[460196.439121] CR2: 00000000b6ac6000 CR3: 0000000d74761000 CR4: 00000000001426e0
[460196.440351] Stack:
[460196.441573]  ffffea0032c5d380 00000000000fefff ffff880d76393be8 ffffffff811bd7ed
[460196.442875]  ffffea0000000000 ffff880d76393c00 ffffffffa0413b13 0000000000cb174e
[460196.444138]  ffff880d76393c18 ffffffffa0413be7 ffff880d76398000 ffff880d76393cb0
[460196.445403] Call Trace:
[460196.446659]  [<ffffffff811bd7ed>] put_page+0x1d/0x60
[460196.447938]  [<ffffffffa0413b13>] kvm_release_pfn_clean+0x43/0x50 [kvm]
[460196.449210]  [<ffffffffa0413be7>] kvm_release_page_dirty+0x37/0x50 [kvm]
[460196.450444]  [<ffffffffa08919ec>] nested_vmx_vmexit+0x6ac/0xb80 [kvm_intel]
[460196.451668]  [<ffffffffa0897b1f>] ? handle_vmwrite+0x20f/0x2e0 [kvm_intel]
[460196.452907]  [<ffffffffa0892ce0>] vmx_handle_exit+0xb30/0x1430 [kvm_intel]
[460196.454138]  [<ffffffffa042ba24>] kvm_arch_vcpu_ioctl_run+0x4a4/0x14e0 [kvm]
[460196.455357]  [<ffffffffa0425ada>] ? kvm_arch_vcpu_load+0x5a/0x220 [kvm]
[460196.456563]  [<ffffffffa041404d>] kvm_vcpu_ioctl+0x33d/0x620 [kvm]
[460196.457754]  [<ffffffff81241248>] do_vfs_ioctl+0x298/0x480
[460196.458943]  [<ffffffff81148c2b>] ? __audit_syscall_entry+0xab/0xf0
[460196.460136]  [<ffffffff81337553>] ? security_file_ioctl+0x43/0x60
[460196.461329]  [<ffffffff812414a9>] SyS_ioctl+0x79/0x90
[460196.462512]  [<ffffffff817a05ae>] entry_SYSCALL_64_fastpath+0x12/0x71
[460196.463660] Code: 81 48 89 df e8 68 d1 01 00 0f 0b 48 c7 c6 28 07 a7 81 4c 89 e7 e8 57 d1 01 00 0f 0b 48 c7 c6 b8 07 a7 81 4c 89 e7 e8 46 d1 01 00 <0f> 0b 48 c7 c6 38 1d a5 81 4c 89 e7 e8 35 d1 01 00 0f 0b 48 c7
[460196.466076] RIP  [<ffffffff811bd77a>] put_compound_page+0x31a/0x370
[460196.467209]  RSP <ffff880d76393bc0>
[460196.468310] ---[ end trace d8b3e76b9a46f70d ]---
Comment 2 Josh Boyer 2016-05-27 13:26:54 UTC 
Is this still happening with 4.5.y?
Comment 3 Kenny Root 2016-05-27 17:34:28 UTC 
I haven't seen it in a while. It might have stopped with 4.4.8 or 4.4.9.
Comment 4 Josh Boyer 2016-05-27 17:35:17 UTC 
Thanks.