RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 964966 - Downloading file via macvtap network causes kernel crashes
Summary: Downloading file via macvtap network causes kernel crashes
Keywords:
Status: CLOSED DUPLICATE of bug 927574
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: rc
: ---
Assignee: Virtualization Maintenance
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-05-20 08:25 UTC by xhan
Modified: 2014-06-18 08:08 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-05-20 10:18:51 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
vmcore file split pieces a (50.00 MB, application/octet-stream)
2013-05-20 08:36 UTC, xhan 		no flags Details
vmcore file split pieces b (50.00 MB, application/octet-stream)
2013-05-20 08:48 UTC, xhan 		no flags Details
vmcore file split pieces c (50.00 MB, application/octet-stream)
2013-05-20 08:58 UTC, xhan 		no flags Details
vmcore file split pieces d (50.00 MB, application/octet-stream)
2013-05-20 09:41 UTC, xhan 		no flags Details
vmcore file split pieces e (39.26 MB, application/octet-stream)
2013-05-20 09:58 UTC, xhan 		no flags Details
View All

Description xhan 2013-05-20 08:25:22 UTC 
Description of problem:

Start guest with macvtap. Download files from external server. (do
downloading action several times (3-5) ) Then the kernel crashes.

crash> bt
PID: 1447   TASK: ffff880206f64c20  CPU: 3   COMMAND: "qemu"
 #0 [ffff88020c6b7898] machine_kexec at ffffffff81046e87
 #1 [ffff88020c6b78e8] crash_kexec at ffffffff810f09c3
 #2 [ffff88020c6b79b0] oops_end at ffffffff816be180
 #3 [ffff88020c6b79d8] no_context at ffffffff816ad6a0
 #4 [ffff88020c6b7a20] __bad_area_nosemaphore at ffffffff816ad72b
 #5 [ffff88020c6b7a68] bad_area_nosemaphore at ffffffff816ad897
 #6 [ffff88020c6b7a78] __do_page_fault at ffffffff816c11be
 #7 [ffff88020c6b7b70] do_page_fault at ffffffff816c13fe
 #8 [ffff88020c6b7b80] page_fault at ffffffff816bd508
    [exception RIP: dev_queue_xmit+334]
    RIP: ffffffff8157701e  RSP: ffff88020c6b7c38  RFLAGS: 00010202
    RAX: ffff88020c55bec0  RBX: ffff880206f6d000  RCX: ffff88030c55afff
    RDX: 0000000000000b92  RSI: 00000000ffffffff  RDI: 0000000000000000
    RBP: ffff88020c6b7c80   R8: 0000000000000001   R9: 0000000000000000
    R10: 0000000000000001  R11: 0000000000000001  R12: ffff8802069ce400
    R13: ffff88020aae0000  R14: 000000000000000c  R15: ffff88020f601400
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #9 [ffff88020c6b7c88] macvlan_start_xmit at ffffffffa033f462 [macvlan]
#10 [ffff88020c6b7cb8] macvtap_get_user at ffffffffa0334ea3 [macvtap]
#11 [ffff88020c6b7d38] macvtap_aio_write at ffffffffa03351b0 [macvtap]
#12 [ffff88020c6b7d48] do_sync_readv_writev at ffffffff811dc4f9
#13 [ffff88020c6b7e60] do_readv_writev at ffffffff811dc7a9
#14 [ffff88020c6b7f30] vfs_writev at ffffffff811dc938
#15 [ffff88020c6b7f40] sys_writev at ffffffff811dca6c
#16 [ffff88020c6b7f80] system_call_fastpath at ffffffff816c6159
    RIP: 00007fa1c7af0280  RSP: 00007fffc81e98b0  RFLAGS: 00000246
    RAX: 0000000000000014  RBX: ffffffff816c6159  RCX: 0000000000000000
    RDX: 0000000000000004  RSI: 00007fffc81e5610  RDI: 0000000000000005
    RBP: 00007fa1cd69f070   R8: 0000000000000000   R9: 0000000000000000
    R10: 00007fa1cd69f070  R11: 0000000000000293  R12: 0000000000000004
    R13: 00007fffc81e5610  R14: 0000000000000004  R15: 00007fa1cd69f070
    ORIG_RAX: 0000000000000014  CS: 0033  SS: 002b


Version-Release number of selected component (if applicable):

uname -r
3.9.0-0.55.el7.x86_64.debug

rpm -qa | grep iproute
iproute-3.8.0-4.el7.x86_64

rpm -qa | grep qemu-kvm
qemu-kvm-1.4.0-3.el7.x86_64

lspci -kvvvvxxxxs 00:19.0
00:19.0 Ethernet controller: Intel Corporation 82579LM Gigabit Network Connection (rev 04)
    Subsystem: Hewlett-Packard Company Device 3397
    Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx+
    Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
    Latency: 0
    Interrupt: pin A routed to IRQ 46
    Region 0: Memory at f7f00000 (32-bit, non-prefetchable) [size=128K]
    Region 1: Memory at f7f39000 (32-bit, non-prefetchable) [size=4K]
    Region 2: I/O ports at f040 [size=32]
    Capabilities: [c8] Power Management version 2
        Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
        Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=1 PME-
    Capabilities: [d0] MSI: Enable+ Count=1/1 Maskable- 64bit+
        Address: 00000000fee003d8  Data: 0000
    Capabilities: [e0] PCI Advanced Features
        AFCap: TP+ FLR+
        AFCtrl: FLR-
        AFStatus: TP-
    Kernel driver in use: e1000e
00: 86 80 02 15 07 05 10 00 04 00 00 02 00 00 00 00
10: 00 00 f0 f7 00 90 f3 f7 41 f0 00 00 00 00 00 00
20: 00 00 00 00 00 00 00 00 00 00 00 00 3c 10 97 33
30: 00 00 00 00 c8 00 00 00 00 00 00 00 03 01 00 00
40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
90: 00 00 00 00 00 00 00 00 04 54 00 00 80 a0 00 80
a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
c0: 00 00 00 00 00 00 00 00 01 d0 22 c8 00 20 00 07
d0: 05 e0 81 00 d8 03 e0 fe 00 00 00 00 00 00 00 00
e0: 13 00 06 03 00 00 00 00 00 00 00 00 00 00 00 00
f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

How reproducible:
100%

Steps to Reproduce:

1. start qemu-kvm over macvtap
/root/autotest_debug/autotest-devel/client/tests/virt/qemu/qemu \
    -name 'vm1' \
    -chardev
socket,id=qmp_id_qmpmonitor1,path=/tmp/monitor-qmpmonitor1-20130516-191518-9t3b8mad,server,nowait
\
    -mon chardev=qmp_id_qmpmonitor1,mode=control \
    -chardev
socket,id=serial_id_serial1,path=/tmp/serial-serial1-20130516-191518-9t3b8mad,server,nowait
\
    -device isa-serial,chardev=serial_id_serial1 \
    -chardev
socket,id=seabioslog_id_20130516-191518-9t3b8mad,path=/tmp/seabios-20130516-191518-9t3b8mad,server,nowait
\
    -device
isa-debugcon,chardev=seabioslog_id_20130516-191518-9t3b8mad,iobase=0x402
\
    -device ich9-usb-uhci1,id=usb1,bus=pci.0,addr=0x4 \
    -drive
file='/root/autotest_debug/autotest-devel/client/tests/virt/shared/data/images/RHEL-Server-6.5-64-virtio.raw',if=none,id=drive-virtio-disk1,media=disk,cache=writeback,snapshot=off,format=raw,aio=native
\
    -device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1 \
    -device
virtio-net-pci,netdev=iduunnVY,mac=9a:f7:f8:f9:fa:fb,bus=pci.0,addr=0x3,id='idZXUo4N'
\
    -netdev tap,id=iduunnVY,vhost=off,fd=5 \
     5<>/dev/tap5 \
    -m 4096 \
    -smp 4,maxcpus=4,cores=2,threads=1,sockets=2 \
    -cpu 'SandyBridge' \
    -M pc \
    -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 \
    -vnc :0 \
    -vga cirrus \
    -rtc base=utc,clock=host,driftfix=slew  \
    -boot order=cdn,once=c,menu=off   \
    -no-kvm-pit-reinjection \
    -enable-kvm

2. login to guest, do download action
wget
http://download.devel.redhat.com/brewroot/packages/kernel/2.6.32/220.34.2.el6/noarch/kernel-firmware-2.6.32-220.34.2.el6.noarch.rpm

or

rpm -ivhf
http://download.devel.redhat.com/brewroot/packages/kernel/2.6.32/220.34.2.el6/noarch/kernel-firmware-2.6.32-220.34.2.el6.noarch.rpm

or

rpm -Uvhf
http://download.devel.redhat.com/brewroot/packages/kernel/2.6.32/220.34.2.el6/noarch/kernel-firmware-2.6.32-220.34.2.el6.noarch.rpm



Actual results:
1. Host kernel crashes

Expected results:
Host can work well.

Additional info:

#ip link add link enp2s0 name macvtap0 type macvtap
# ip link set macvtap0 address 9a:f7:f8:f9:fa:fb up
# ip link show macvtap0
5: macvtap0@enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN mode DEFAULT qlen 500
    link/ether 9a:f7:f8:f9:fa:fb brd ff:ff:ff:ff:ff:ff
Comment 1 xhan 2013-05-20 08:36:24 UTC 
Created attachment 750468 [details]
vmcore file split pieces a
Comment 2 xhan 2013-05-20 08:48:05 UTC 
Created attachment 750471 [details]
vmcore file split pieces b
Comment 3 xhan 2013-05-20 08:58:47 UTC 
Created attachment 750476 [details]
vmcore file split pieces c
Comment 4 xhan 2013-05-20 09:41:07 UTC 
Created attachment 750477 [details]
vmcore file split pieces d
Comment 5 xhan 2013-05-20 09:58:57 UTC 
Created attachment 750480 [details]
vmcore file split pieces e
Comment 6 xhan 2013-05-20 10:00:19 UTC 
Use command: "cat vmcore-* > vmcore" to join the splitted files.
Comment 7 jason wang 2013-05-20 10:18:51 UTC 

*** This bug has been marked as a duplicate of bug 927574 ***
Note You need to log in before you can comment on or make changes to this bug.