Bug 990781
| Summary: | Host crash when running rh_kernel_update test with guest rhel.5.9 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | xhan |
| Component: | qemu-kvm | Assignee: | Hai Huang <hhuang> |
| Status: | CLOSED DUPLICATE | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.0 | CC: | acathrow, hhuang, juzhang, michen, shuang, virt-maint, xhan, xwei |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-08-09 05:14:15 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Test again with setting vhost=off, the issue doesn't happen. This BZ is very likely to be a duplicate of Bug 984723 - CVE-2013-4127 kernel: vhost-net: use-after-free in vhost_net_flush https://bugzilla.redhat.com/show_bug.cgi?id=984723 To confirm, please follow the steps described in C9 below: https://bugzilla.redhat.com/show_bug.cgi?id=980072#c9 Please note that one of the confirmation step is to remove vhost, which you have already done. After the confirmation, please close this BZ as a duplicate of 984723. Thank you. Confirmed with the first step: Change all the virtio-net to other types of network(rtl8139), no host crash. *** This bug has been marked as a duplicate of bug 984723 *** |
Description of problem: Test rh_kernel_update with guest rhel5.9 causes the host crash. Version-Release number of selected component (if applicable): kernel : kernel-3.10.0-3.el7.x86_64 qemu-kvm: qemu-kvm-1.5.2-1.el7.x86_64 How reproducible: 100% (2/2) Steps to Reproduce: 1. Boot with guest rhel5.9 qemu-kvm \ -S \ -name 'virt-tests-vm1' \ -nodefaults \ -drive file='RHEL-Server-5.9-32-virtio.qcow2',index=0,if=none,id=drive-virtio-disk1,media=disk,cache=none,snapshot=off,format=qcow2,aio=native \ -device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,bootindex=0 \ -device virtio-net-pci,netdev=idg2eUBw,mac='9a:c6:c7:c8:c9:ca',bus=pci.0,addr=0x3,id='idbObDYL' \ -netdev tap,id=idg2eUBw,vhost=on \ -m 4096 \ -smp 4,maxcpus=4,cores=2,threads=1,sockets=2 \ -cpu 'SandyBridge' \ -M pc \ -spice port=3000,password=123456,addr=0,tls-port=3200,x509-dir=/tmp/spice_x509d,tls-channel=main,tls-channel=inputs,image-compression=auto_glz,zlib-glz-wan-compression=auto,streaming-video=all,agent-mouse=on,playback-compression=on,ipv4 \ -vga qxl \ -global qxl-vga.vram_size=33554432 \ -rtc base=utc,clock=host,driftfix=slew \ -boot order=cdn,once=c,menu=off \ -no-kvm-pit-reinjection \ -enable-kvm 2. Send cont 3. Try to login guest Actual results: Host crash Expected results: The test should proceed without errors. Additional info: bt PID: 1004 TASK: ffff88020e4c0000 CPU: 1 COMMAND: "autotest" #0 [ffff8801f4d5ba78] machine_kexec at ffffffff8103ce02 #1 [ffff8801f4d5bac8] crash_kexec at ffffffff810c9a33 #2 [ffff8801f4d5bb90] oops_end at ffffffff815fc700 #3 [ffff8801f4d5bbb8] die at ffffffff8101490b #4 [ffff8801f4d5bbe8] do_general_protection at ffffffff815fc19a #5 [ffff8801f4d5bc10] general_protection at ffffffff815fbb28 [exception RIP: __kmalloc+149] RIP: ffffffff81182935 RSP: ffff8801f4d5bcc8 RFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff8801e39bb208 RCX: 0000000000037a29 RDX: 0000000000037a28 RSI: 0000000000000000 RDI: 0000000000000007 RBP: ffff8801f4d5bcf8 R8: 0000000000017360 R9: ffffffff81214394 R10: ffff880215003b00 R11: 0000000001580d87 R12: 00000000000080d0 R13: e700001000000041 R14: 0000000000000039 R15: ffff880215003b00 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #6 [ffff8801f4d5bd00] ext4_htree_store_dirent at ffffffff81214394 #7 [ffff8801f4d5bd38] htree_dirblock_to_tree at ffffffff812233d9 #8 [ffff8801f4d5bda8] ext4_htree_fill_tree at ffffffff812240e6 #9 [ffff8801f4d5be50] ext4_readdir at ffffffff81213cdd #10 [ffff8801f4d5bef8] vfs_readdir at ffffffff811aca30 #11 [ffff8801f4d5bf38] sys_getdents at ffffffff811ace86 #12 [ffff8801f4d5bf80] system_call_fastpath at ffffffff81603b59 RIP: 00007f7398adec15 RSP: 00007fff4e82d9d0 RFLAGS: 00010206 RAX: 000000000000004e RBX: ffffffff81603b59 RCX: 00000000033e6b70 RDX: 0000000000008000 RSI: 0000000003447088 RDI: 0000000000000024 RBP: 0000000003447088 R8: 0000000000000000 R9: 0000000000000076 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: ffffffffffffff80 R15: 0000000003447088 ORIG_RAX: 000000000000004e CS: 0033 SS: 002b calltrace: [ 1.159362] Call Trace: [ 1.159367] [<ffffffff81214394>] ? ext4_htree_store_dirent+0x34/0x120 [ 1.159369] [<ffffffff81214394>] ext4_htree_store_dirent+0x34/0x120 [ 1.159373] [<ffffffff812233d9>] htree_dirblock_to_tree+0x169/0x1c0 [ 1.159375] [<ffffffff812240e6>] ext4_htree_fill_tree+0xc6/0x270 [ 1.159378] [<ffffffff811830ee>] ? kmem_cache_alloc_trace+0x1ce/0x1f0 [ 1.159379] [<ffffffff8121422e>] ? ext4_readdir+0x6be/0x7d0 [ 1.159381] [<ffffffff81213cdd>] ext4_readdir+0x16d/0x7d0 [ 1.159385] [<ffffffff811acc60>] ? fillonedir+0xf0/0xf0 [ 1.159387] [<ffffffff811acc60>] ? fillonedir+0xf0/0xf0 [ 1.159389] [<ffffffff811acc60>] ? fillonedir+0xf0/0xf0 [ 1.159391] [<ffffffff811aca30>] vfs_readdir+0xb0/0xe0 [ 1.159393] [<ffffffff811ace86>] SyS_getdents+0x86/0x120 [ 1.159398] [<ffffffff81603b59>] system_call_fastpath+0x16/0x1b [ 1.159414] Code: db 00 00 49 8b 50 08 4d 8b 28 49 8b 40 10 4d 85 ed 0f 84 30 01 00 00 48 85 c0 0f 84 27 01 00 00 49 63 42 20 48 8d 4a 01 4d 8b 02 <49> 8b 5c 05 00 4c 89 e8 65 49 0f c7 08 0f 94 c0 84 c0 74 b8 49 [ 1.159417] RIP [<ffffffff81182935>] __kmalloc+0x95/0x230 [ 1.159417] RSP <ffff8801f4d5bcc8>