Bug 904966

Summary: host crashed while assign a PF to guest by vfio with -M pc-1.3
Product: Red Hat Enterprise Linux 7 Reporter: Chao Yang <chayang>
Component: qemu-kvmAssignee: Alex Williamson <alex.williamson>
Status: CLOSED CURRENTRELEASE QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 7.0CC: acathrow, alex.williamson, chayang, hhuang, juzhang, michen, shuang, virt-maint, xuhan
Target Milestone: pre-dev-freezeKeywords: TestBlocker
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: v3.7-rc3-165-g49f8a1a Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 10:42:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chao Yang 2013-01-28 09:56:47 UTC
Description of problem:
Assigning a PF to rhel6.4 guest by vfio with -M pc-1.3 caused host kernel panic.
Will attach the core file once kdump finishes its job.

Version-Release number of selected component (if applicable):
3.7.0-0.32.el7.x86_64
qemu-kvm-1.3.0-3.el7.x86_64

How reproducible:
1/1

Steps to Reproduce:
1. unbind PF from host
2. bind it to vfio-pci
3. assign it to guest with -M pc-1.3

Actual results:
host crashed.

Expected results:


Additional info:

--- slice from /var/log/messages
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3779.445977] BUG: unable to handle kernel paging request at ffffffffa05ea650
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3779.525356] IP: [<ffffffff815f13f0>] mutex_lock+0x20/0x50
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3779.582883] PGD 18c5067 PUD 18c9063 PMD 3fbb3f7067 PTE fc5ec5161
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3779.641458] Oops: 0003 [#1] SMP 
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3779.696728] Modules linked in: iptable_filter ip_tables vfio_pci vfio_iommu_type1 vfio vhost_net tun macvtap macvlan lockd bridge stp llc be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i cxgb4 cxgb3i cxgb3 mdio libcxgbi ib_iser rdma_cm ib_addr iw_cm ib_cm ib_sa ib_mad ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi sg serio_raw pcspkr sp5100_tco k10temp dcdbas i2c_piix4 kvm_amd kvm amd64_edac_mod edac_mce_amd edac_core microcode acpi_power_meter sd_mod crc_t10dif usb_storage mgag200 sr_mod i2c_algo_bit cdrom drm_kms_helper ttm igb mpt2sas ahci drm dca libahci ptp raid_class e1000e pps_core libata i2c_core scsi_transport_sas bnx2 sunrpc dm_mirror dm_region_hash dm_log dm_mod
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3780.106512] CPU 0 
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3780.108756] Pid: 357, comm: kworker/u:2 Not tainted 3.7.0-0.32.el7.x86_64 #1 Dell Inc. PowerEdge R715/00XHKG
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3780.258598] RIP: 0010:[<ffffffff815f13f0>]  [<ffffffff815f13f0>] mutex_lock+0x20/0x50
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3780.325839] RSP: 0018:ffff880fc68b3d58  EFLAGS: 00010246
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3780.392613] RAX: 0000000000000000 RBX: ffffffffa05ea650 RCX: dead000000200200
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3780.462189] RDX: 0000000000000000 RSI: 0000000000000282 RDI: ffffffffa05ea650
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3780.531305] RBP: ffff880fc68b3d68 R08: ffff881fc9055720 R09: ffffffff81bdbbc8
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3780.601858] R10: 0000000000000001 R11: 0000000000000004 R12: ffff881fc9055700
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3780.672552] R13: ffffffffa05ea650 R14: ffffffffa05e9ce0 R15: ffffffff81bdbc90
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3780.741022] FS:  00007f21fc1f7800(0000) GS:ffff880fdfc00000(0000) knlGS:0000000000000000
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3780.809994] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3780.879844] CR2: ffffffffa05ea650 CR3: 00000000018c3000 CR4: 00000000000007f0
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3780.948932] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3781.016274] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3781.084507] Process kworker/u:2 (pid: 357, threadinfo ffff880fc68b2000, task ffff880fc68a9950)
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3781.153418] Stack:
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3781.215342]  ffff881fc74b0150 ffff881fc9055700 ffff880fc68b3d98 ffffffffa05e9c56
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3781.281299]  ffff881fc90557a8 ffff881fc9055700 ffff881fc74b5a00 0000000000000000
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3781.347841]  ffff880fc68b3dc8 ffffffffa05e9e25 ffff881fc7b763c0 0000000000000000
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3781.411451] Call Trace:
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3781.470695]  [<ffffffffa05e9c56>] irqfd_resampler_shutdown+0x36/0xc0 [kvm]
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3781.533898]  [<ffffffffa05e9e25>] irqfd_shutdown+0x45/0x70 [kvm]
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3781.594564]  [<ffffffff8107c0d8>] process_one_work+0x148/0x490
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3781.653899]  [<ffffffffa05e9de0>] ? irqfd_ptable_queue_proc+0x20/0x20 [kvm]
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3781.714105]  [<ffffffff8107e7ae>] worker_thread+0x15e/0x450
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3781.775888]  [<ffffffff8107e650>] ? busy_worker_rebind_fn+0x110/0x110
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3781.839273]  [<ffffffff81083990>] kthread+0xc0/0xd0
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3781.900364]  [<ffffffff810838d0>] ? kthread_create_on_node+0x120/0x120
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3781.962401]  [<ffffffff815fc16c>] ret_from_fork+0x7c/0xb0
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3782.022047]  [<ffffffff810838d0>] ? kthread_create_on_node+0x120/0x120
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3782.081226] Code: 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 89 e5 48 83 ec 10 48 89 5d f0 48 89 fb 4c 89 65 f8 e8 73 13 00 00 48 89 df <f0> ff 0f 79 05 e8 06 04 00 00 65 48 8b 04 25 00 c7 00 00 4c 8b 
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3782.210382] RIP  [<ffffffff815f13f0>] mutex_lock+0x20/0x50
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3782.266843]  RSP <ffff880fc68b3d58>
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3782.320961] CR2: ffffffffa05ea650
Jan 28 15:52:23 bootp-66-83-245 kernel: [ 3782.372078] ---[ end trace e3b24feda9ea48b2 ]---
Jan 28 15:52:24 bootp-66-83-245 sh[3573]: abrt-dump-oops: Found oopses: 1
Jan 28 15:52:24 bootp-66-83-245 sh[3573]: abrt-dump-oops: Creating dump directories
Jan 28 15:52:24 bootp-66-83-245 abrtd: Directory 'oops-2013-01-28-15:52:24-4406-1' creation detected
Jan 28 15:52:24 bootp-66-83-245 abrt-dump-oops: Reported 1 kernel oopses to Abrt
Jan 28 15:52:24 bootp-66-83-245 abrtd: Can't open file '/var/spool/abrt/oops-2013-01-28-15:52:24-4406-1/uid': No such file or directory

Comment 2 Alex Williamson 2013-01-28 15:26:42 UTC
This has already been fixed upstream.  The fix didn't make 3.7.0 and it seems the stable tag was dropped so as of 3.7.5 it still has not been included in a stable release.  It will be fixed in 3.8.

Comment 3 Chao Yang 2013-01-29 02:37:10 UTC
(In reply to comment #2)
> This has already been fixed upstream.  The fix didn't make 3.7.0 and it
> seems the stable tag was dropped so as of 3.7.5 it still has not been
> included in a stable release.  It will be fixed in 3.8.

Thanks for your clarification. I am pleased to retest when 3.8 arrives.

Comment 9 juzhang 2013-11-04 09:36:14 UTC
According to comment7 and comment8, set this issue as verified.

Comment 11 Ludek Smid 2014-06-13 10:42:04 UTC
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.