868177 – guest reboot automatically and Call Trace after do live migration with floppy in used

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 868177 - guest reboot automatically and Call Trace after do live migration with floppy in used

Summary: guest reboot automatically and Call Trace after do live migration with floppy...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	6.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Juan Quintela
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-10-19 08:21 UTC by Sibiao Luo
Modified:	2015-01-14 12:33 UTC (History)
CC List:	15 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-01-14 12:33:36 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Sibiao Luo 2012-10-19 08:21:34 UTC

Description of problem:
this bug was discovered when verify the bug 854474. do live migration with keeping write date to the floppy, after migration completed, the script stop run in the guest and guest will reboot autoinatic and Call Trace.

Version-Release number of selected component (if applicable):
# uname -r && rpm -q qemu-kvm
2.6.32-331.el6.x86_64
qemu-kvm-0.12.1.2-2.327.el6.x86_64
# rpm -q seabios
seabios-0.6.1.2-25.el6.x86_64
# rpm -q spice-server
spice-server-0.12.0-1.el6.x86_64
guest info:
# uname -r
2.6.32-331.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1.# qemu-img create -f raw floppy.vfd 1.44M
2.boot VM with floppy disk in src and dest with '-incoming tcp:0:5888,server,nowait'.
3.modprobe floppy and format the floppy disk with ext4 filesystem type.
4.mount it and write data to the floppy with script.
# mkdir /home/floppy
# cat script.sh 
mount /dev/fd0 -t ext4 /home/floppy
for((;;))
do
  echo hello > /home/floppy/file
  echo "========================"
  rm -fr /home/floppy/file
done
5.do live migration
(qemu) __com.redhat_spice_migrate_info $dest_ip_addr $port
main_channel_client_handle_migrate_connected: client 0x7ffffa3f7f00 connected: 1 seamless 1
(qemu) migrate -d tcp:$dest_ip_addr:$port
  
Actual results:
after step 5, migrate successfully, but the script stop run in the guest and guest will reboot automatic and Call Trace after a while. I will paste the call trace log later.

Expected results:
after do live migration with floppy in used, script(I/O) is still continue running and guest works well.

Additional info:
# /usr/libexec/qemu-kvm -M rhel6.4.0 -cpu SandyBridge -enable-kvm -m 4096 -smp 4,sockets=2,cores=2,threads=1 -usb -device usb-tablet,id=input0 -name sluo_migration -uuid 990ea161-6b67-47b2-b803-19fb01d30d30 -rtc base=localtime,clock=host,driftfix=slew -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x3 -drive file=/dev/vg-90.100-sluo/lv-90.100-migration-macvtap,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,id=hostnet0,vhost=on,fd=6 6<>/dev/tap6 -device virtio-net-pci,netdev=hostnet0,id=virtio-net-pci0,mac=08:2E:5F:0A:0D:B1,bus=pci.0,addr=0x5 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -spice port=5931,disable-ticketing,seamless-migration=on -vga qxl -global qxl-vga.vram_size=67108864 -device intel-hda,id=sound0,bus=pci.0,addr=0x6 -device hda-duplex -device usb-ehci,id=ehci,addr=0x7 -chardev spicevmc,name=usbredir,id=usbredirchardev1 -device usb-redir,chardev=usbredirchardev1,id=usbredirdev1,bus=ehci.0,debug=3 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x8 -drive file=/dev/vg-90.100-sluo/lv-90.100-data-disk,if=none,id=data-disk,format=qcow2,cache=none,werror=stop,rerror=stop -device virtio-blk-pci,bus=pci.0,addr=0x9,drive=data-disk,id=sluo-disk -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -drive file=/mnt/RHEL6.3-20120613.2-Server-x86_64-DVD1.iso,if=none,media=cdrom,format=raw,id=drive-ide1-0-1 -device ide-drive,drive=drive-ide1-0-1,id=ide1-0-1,bus=ide.1,unit=1 -drive file=/mnt/floppy.vfd,if=none,id=drive-fdc0-0-0,format=raw -global isa-fdc.driveA=drive-fdc0-0-0 -nodefaults -serial unix:/tmp/ttyS0,server,nowait -qmp tcp:0:4444,server,nowait -boot menu=on -monitor stdio

Comment 1 Sibiao Luo 2012-10-19 08:23:04 UTC

(In reply to comment #0)
>   
> Actual results:
> after step 5, migrate successfully, but the script stop run in the guest and
> guest will reboot automatic and Call Trace after a while. I will paste the
> call trace log later.

# nc -U /tmp/ttyS0 
atkbd.c: Unknown key pressed (translated set 2, code 0x0 on isa0060/serio0).
atkbd.c: Use 'setkeycodes 00 <keycode>' to make it known.
atkbd.c: Unknown key pressed (translated set 2, code 0x0 on isa0060/serio0).
atkbd.c: Use 'setkeycodes 00 <keycode>' to make it known.
atkbd.c: Unknown key pressed (translated set 2, code 0x0 on isa0060/serio0).
atkbd.c: Use 'setkeycodes 00 <keycode>' to make it known.
BUG: unable to handle kernel NULL pointer dereference at 0000000000000035
IP: [<ffffffffa03316ab>] setup_rw_floppy+0x6b/0x380 [floppy]
PGD 11bb49067 PUD 11c3eb067 PMD 0 
Oops: 0000 [#1] SMP 
last sysfs file: /sys/devices/pci0000:00/0000:00:09.0/local_cpus
CPU 0 
Modules linked in: nls_utf8 fuse floppy autofs4 sunrpc ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter ip_tables ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 uinput sg microcode virtio_balloon snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer snd soundcore snd_page_alloc virtio_net virtio_console i2c_piix4 i2c_core ext4 mbcache jbd2 sr_mod cdrom virtio_blk pata_acpi ata_generic ata_piix virtio_pci virtio_ring virtio dm_mirror dm_region_hash dm_log dm_mod [last unloaded: speedstep_lib]

Pid: 0, comm: swapper Not tainted 2.6.32-331.el6.x86_64 #1 Red Hat KVM
RIP: 0010:[<ffffffffa03316ab>]  [<ffffffffa03316ab>] setup_rw_floppy+0x6b/0x380 [floppy]
RSP: 0018:ffff880028203e20  EFLAGS: 00010246
RAX: 0000000000000000 RBX: 00000000000000da RCX: 0000000000000004
RDX: 0000000000000000 RSI: 0000000000000246 RDI: 00000000ffffffff
RBP: ffff880028203e40 R08: ffff88002820e0e0 R09: 00000045dfa6e440
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000008 R14: 0000000000000009 R15: ffffffffa0331640
FS:  0000000000000000(0000) GS:ffff880028200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000000035 CR3: 000000011c3f3000 CR4: 00000000000406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process swapper (pid: 0, threadinfo ffffffff81a00000, task ffffffff81a8d020)
Stack:
 ffffffff81eaa280 ffffffffa0336d20 ffff880028203e90 0000000000000000
<d> ffff880028203ed0 ffffffff8107eeb7 000000000003529e ffffffff81eabea0
<d> ffffffff81eabaa0 ffffffff81eab6a0 ffffffff81a01fd8 ffffffff81a01fd8
Call Trace:
 <IRQ> 
 [<ffffffff8107eeb7>] run_timer_softirq+0x197/0x340
 [<ffffffff8102b4fd>] ? lapic_next_event+0x1d/0x30
 [<ffffffff810745b1>] __do_softirq+0xc1/0x1e0
 [<ffffffff81098ebb>] ? hrtimer_interrupt+0x14b/0x260
 [<ffffffff8100c24c>] call_softirq+0x1c/0x30
 [<ffffffff8100de85>] do_softirq+0x65/0xa0
 [<ffffffff81074395>] irq_exit+0x85/0x90
 [<ffffffff81526020>] smp_apic_timer_interrupt+0x70/0x9b
 [<ffffffff8100bc13>] apic_timer_interrupt+0x13/0x20
 <EOI> 
 [<ffffffff8103891b>] ? native_safe_halt+0xb/0x10
 [<ffffffff81014acd>] default_idle+0x4d/0xb0
 [<ffffffff81009e06>] cpu_idle+0xb6/0x110
 [<ffffffff81501e5a>] rest_init+0x7a/0x80
 [<ffffffff81c24f7b>] start_kernel+0x424/0x430
 [<ffffffff81c2433a>] x86_64_start_reservations+0x125/0x129
 [<ffffffff81c24438>] x86_64_start_kernel+0xfa/0x109
Code: e5 08 75 6c 45 31 e4 45 31 f6 80 78 35 00 74 24 49 63 d6 41 83 c6 01 0f be 7c 10 36 e8 0f e0 ff ff 41 09 c4 48 8b 05 d5 6e 00 00 <0f> b6 50 35 44 39 f2 7f dc 0f b6 05 59 79 00 00 48 c1 e0 07 f6 
RIP  [<ffffffffa03316ab>] setup_rw_floppy+0x6b/0x380 [floppy]
 RSP <ffff880028203e20>
CR2: 0000000000000035

Comment 2 Sibiao Luo 2012-10-19 08:23:42 UTC

My host cpu info:

processor	: 7
vendor_id	: GenuineIntel
cpu family	: 6
model		: 42
model name	: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
stepping	: 7
cpu MHz		: 1600.000
cache size	: 8192 KB
physical id	: 0
siblings	: 8
core id		: 3
cpu cores	: 4
apicid		: 7
initial apicid	: 7
fpu		: yes
fpu_exception	: yes
cpuid level	: 13
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb xsaveopt pln pts dts tpr_shadow vnmi flexpriority ept vpid
bogomips	: 6784.11
clflush size	: 64
cache_alignment	: 64
address sizes	: 36 bits physical, 48 bits virtual
power management:

Comment 7 Juan Quintela 2014-08-19 10:35:10 UTC

The floppy is not shared.

If you want to share the floppy, you need to mount it with cache=none

Could you retest with it?

I am not sure that read/write floppy works well on migration, but will take a look.

Comment 8 Markus Armbruster 2014-08-19 11:37:44 UTC

If I read the report correctly, the guest first reboots spontaneously, only to crash during boot.  Console log and call trace show only the crash.  Is there anything in the logs right before the reboot?

Incorrect cache mode may corrupt data, but it shouldn't cause spontaneous reboots or kernel crashes.

Comment 9 Sibiao Luo 2014-08-20 06:09:37 UTC

(In reply to Juan Quintela from comment #7)
> The floppy is not shared.
> 
> If you want to share the floppy, you need to mount it with cache=none
> 
> Could you retest with it?
I can't reproduce it any more with the same steps as comment #0, it can do live migration with floppy in used, script(I/O) is still continue running and guest works well.

host info:
# uname -r && rpm -q qemu-kvm-rhev && rpm -q seabios
2.6.32-491.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.439.el6.x86_64
seabios-0.6.1.2-28.el6.x86_64
guest info:
2.6.32-491.el6.x86_64

> I am not sure that read/write floppy works well on migration, but will take
> a look.
should work as we has such test plan/case.

Best Regards,
sluo

Comment 10 Sibiao Luo 2014-08-20 06:13:47 UTC

(In reply to Markus Armbruster from comment #8)
> If I read the report correctly, the guest first reboots spontaneously, only
> to crash during boot.  Console log and call trace show only the crash.  Is
> there anything in the logs right before the reboot?
> 
Not crash during reboot, the guest crash and then reboot spontaneously.
there is a log "BUG: unable to handle kernel NULL pointer dereference at 0000000000000035" unexpected.
> Incorrect cache mode may corrupt data, but it shouldn't cause spontaneous
> reboots or kernel crashes.
But now i can't reproduce it any more.

Best Regards,
sluo

Comment 11 Markus Armbruster 2014-08-20 07:24:18 UTC

Looks like the kernel crash bug has been fixed since you reported this bug.

Comment 14 Juan Quintela 2015-01-14 12:33:36 UTC

It was missing cache=none, once that they fixed the command line, bug dissapeared (comment #10).

Note You need to log in before you can comment on or make changes to this bug.