Bug 981075

Summary: Kernel panic when shutting down qemu-kvm virtual machine
Product: [Fedora] Fedora Reporter: PJ Waskiewicz <peter.p.waskiewicz.jr>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 19CC: gansalmon, itamar, jonathan, kernel-maint, madhu.chinakonda, masao-takahashi, maxim, peter.p.waskiewicz.jr
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-07-05 12:28:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description PJ Waskiewicz 2013-07-03 23:57:12 UTC 
Description of problem: Stopping a virtual machine (Win7) running with qemu-kvm by either shutting down the guest or saving state to disk causes a kernel panic.


Version-Release number of selected component (if applicable):  Kernel 3.9.8-300.fc19.x86_64, qemu version qemu-kvm-1.4.2-4.fc19.x86_64


How reproducible: 100% of the time


Steps to Reproduce:
1. Configure a VM with a Virtual NAT network interface
2. Start the VM
3. Shut down the guest OS

Actual results: Host kernel panics, see backtrace below (I also have the whole vmcore of the crash if desired).


Expected results: VM shutdown should not crash the host kernel


Additional info: Tested with Linus' latest linux tree (commit 76f7a102c0290d3e24703b6cd3716d5a594d6173) and confirmed the bug is gone.

Kernel backtrace of the crash (collected via kdump):

PID: 7904   TASK: ffff8801ecd4aee0  CPU: 3   COMMAND: "qemu-system-x86"
 #0 [ffff8801c74458f0] machine_kexec at ffffffff8103dc52
 #1 [ffff8801c7445940] crash_kexec at ffffffff810c69b3
 #2 [ffff8801c7445a08] oops_end at ffffffff81647cf0
 #3 [ffff8801c7445a30] die at ffffffff810168bb
 #4 [ffff8801c7445a60] do_trap at ffffffff816475b0
 #5 [ffff8801c7445ab0] do_invalid_op at ffffffff81013f55
 #6 [ffff8801c7445b50] invalid_op at ffffffff8165011e
    [exception RIP: __mod_timer.part.39+4]
    RIP: ffffffff8163ca8b  RSP: ffff8801c7445c08  RFLAGS: 00010246
    RAX: 0000000000000000  RBX: ffff8802106a5400  RCX: ffffffff81ce2b70
    RDX: 0000000000000000  RSI: 00000000ffff1ebf  RDI: ffff8802106a5400
    RBP: ffff8801c7445c08   R8: 00000000254fa7e0   R9: 00000000c27fa6a5
    R10: 0000000000000000  R11: 0000000000000000  R12: 0000000000000000
    R13: 00000000ffff1ebf  R14: ffff880206c7e818  R15: 0000000000000000
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #7 [ffff8801c7445c10] mod_timer at ffffffff8106d905
 #8 [ffff8801c7445c50] br_multicast_del_pg.isra.20 at ffffffffa063bd25 [bridge]
 #9 [ffff8801c7445c80] br_multicast_disable_port at ffffffffa063c948 [bridge]
#10 [ffff8801c7445cb0] br_stp_disable_port at ffffffffa0635cca [bridge]
#11 [ffff8801c7445ce8] br_device_event at ffffffffa06344e8 [bridge]
#12 [ffff8801c7445d18] notifier_call_chain at ffffffff8164aafc
#13 [ffff8801c7445d50] raw_notifier_call_chain at ffffffff810858f6
#14 [ffff8801c7445d60] call_netdevice_notifiers at ffffffff81536aad
#15 [ffff8801c7445d80] dev_close_many at ffffffff81536d17
#16 [ffff8801c7445dc0] rollback_registered_many at ffffffff81537f68
#17 [ffff8801c7445de8] rollback_registered at ffffffff81538101
#18 [ffff8801c7445e10] unregister_netdevice_queue at ffffffff815390d8
#19 [ffff8801c7445e30] __tun_detach at ffffffffa06562f0 [tun]
#20 [ffff8801c7445e88] tun_chr_close at ffffffffa06564bd [tun]
#21 [ffff8801c7445ea8] __fput at ffffffff8119b1f1
#22 [ffff8801c7445ef0] ____fput at ffffffff8119b3fe
#23 [ffff8801c7445f00] task_work_run at ffffffff8107cf7f
#24 [ffff8801c7445f30] do_notify_resume at ffffffff810139e1
#25 [ffff8801c7445f50] int_signal at ffffffff8164f292
    RIP: 00007f2fbf92012d  RSP: 00007fff7ee75b20  RFLAGS: 00000293
    RAX: 0000000000000000  RBX: 00007f2fc3ec0380  RCX: ffffffffffffffff
    RDX: 0000000000000000  RSI: 0000000000000000  RDI: 0000000000000019
    RBP: 00007fff7ee75b68   R8: 00007f2fc3ec0380   R9: 000000000000000f
    R10: 00000000ffffffff  R11: 0000000000000293  R12: 0000000000000001
    R13: 00007f2fc3e8a540  R14: 0000000000000000  R15: 0000000000000000
    ORIG_RAX: 0000000000000003  CS: 0033  SS: 002b
Comment 1 Maxim Burgerhout 2013-07-04 11:16:59 UTC 
Confirmed with identical backtrace, also concerning a Windows 7 VM. 

Bug does not occur when I boot my machine with kernel 3.9.6-301.fc19.x86_64.
Comment 2 Josh Boyer 2013-07-05 12:28:41 UTC 
Fallout for bug 880035.  Should have a fix later today.

*** This bug has been marked as a duplicate of bug 980254 ***