977227 – host kernel panic during installing rhel7 guest

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 977227 - host kernel panic during installing rhel7 guest

Summary: host kernel panic during installing rhel7 guest

Keywords:
Status:	CLOSED DUPLICATE of bug 980072
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Radim Krčmář
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-06-24 06:22 UTC by Chao Yang
Modified:	2016-08-31 04:02 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-07-03 15:07:20 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Chao Yang 2013-06-24 06:22:06 UTC

Description of problem:
When I was installing a rhel7 guest, host kernel panic happened.

Version-Release number of selected component (if applicable):
3.10.0-0.rc6.63.el7.x86_64
qemu-kvm-1.5.0-2.el7.x86_64

How reproducible:
1/1

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
CLI:
# /usr/libexec/qemu-kvm -name rhel7 -M q35 -enable-kvm -m 4096 -smp 4,sockets=2,cores=2,threads=1 -uuid 0bf7e1d2-afa4-c8fb-ce16-185a40a32478 -no-user-config -nodefaults -rtc base=localtime -boot menu=on -device piix3-usb-uhci,id=usb,bus=pcie.0 -drive file=/home/rhel7.raw,if=none,id=drive-virtio-disk0,format=raw -device virtio-blk-pci,scsi=off,drive=drive-virtio-disk0,id=virtio-disk0 -usb -device usb-tablet,id=input0 -spice disable-ticketing,port=5000 -vga qxl -balloon none -netdev tap,id=hostnet,vhost=on -device virtio-net-pci,netdev=hostnet,id=net,mac=52:54:11:a1:d1:77,bus=pcie.0  -monitor stdio -serial unix:/tmp/test,server,nowait -netdev tap,id=hostnet1 -device e1000,netdev=hostnet1,id=net1,mac=52:54:11:a1:d1:78,bus=pcie.0 -netdev tap,id=hostnet2 -device rtl8139,netdev=hostnet2,id=net2,mac=52:54:11:a1:d1:79,bus=pcie.0 -drive file=/home/floppy.img,if=none,id=drive-fdc0-0-0,format=raw -global isa-fdc.driveA=drive-fdc0-0-0 -device intel-hda,id=sound0,bus=pcie.0 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pcie.0 -device usb-hub,port=2,id=hub -device usb-storage,port=2.4,drive=drive,id=usb-2-0,removable=on -drive  file=/home/usb.qcow2,if=none,id=drive,media=disk,format=qcow2,cache=none,aio=threads -device usb-ehci,id=ehci -device usb-storage,drive=drive-usb-0-0,id=usb-0-0,removable=on,bus=ehci.0,port=1 -drive file=/home/usb-1.qcow2,if=none,id=drive-usb-0-0,media=disk,format=qcow2,cache=none,aio=native
(qemu) (/usr/libexec/qemu-kvm:8227): SpiceWorker-Warning **: red_worker.c:11755:handle_dev_monitors_config_async: ignoring an empty monitors config message from driver
(/usr/libexec/qemu-kvm:8227): SpiceWorker-Warning **: red_worker.c:11755:handle_dev_monitors_config_async: ignoring an empty monitors config message from driver


From dmesg:
----------
[11521.700038] BUG: unable to handle kernel paging request at 00007f7fe59a5000
[11521.713921] IP: [<ffffffff81165122>] anon_vma_chain_link+0x12/0x40
[11521.727112] PGD 215f59067 PUD 215f5a067 PMD 21643e067 PTE 8000000121a45065
[11521.741233] Oops: 0003 [#1] SMP 
[11521.751259] Modules linked in: vhost_net macvtap macvlan tun ip6table_filter ip6_tables ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT xt_CHECKSUM iptable_mangle iptable_filter ip_tables bridge stp llc sg mperf e1000e coretemp kvm_intel kvm crc32_pclmul crc32c_intel ghash_clmulni_intel iTCO_wdt iTCO_vendor_support shpchp ptp pps_core i2c_i801 pcspkr cdc_ether lpc_ich mfd_core usbnet wmi microcode mii xfs libcrc32c sd_mod crc_t10dif usb_storage sr_mod cdrom mgag200 i2c_algo_bit drm_kms_helper ttm ahci libahci drm mpt2sas libata raid_class i2c_core scsi_transport_sas dm_mirror dm_region_hash dm_log dm_mod
[11521.865704] CPU: 3 PID: 7949 Comm: crond Not tainted 3.10.0-0.rc6.63.el7.x86_64 #1
[11521.882501] Hardware name: IBM IBM System X3100 M4 -[2582I18]-/00D8867, BIOS -[JQE152FUS-1.03]- 12/11/2012
[11521.901836] task: ffff88022b636420 ti: ffff88022aa3e000 task.ti: ffff88022aa3e000
[11521.918862] RIP: 0010:[<ffffffff81165122>]  [<ffffffff81165122>] anon_vma_chain_link+0x12/0x40
[11521.937225] RSP: 0018:ffff88022aa3fda0  EFLAGS: 00010246
[11521.951808] RAX: ffff88023278c288 RBX: 00007f7fe59a5000 RCX: ffff88022aa3ffd8
[11521.968511] RDX: ffff880216675340 RSI: 00007f7fe59a5000 RDI: ffff880215f442e0
[11521.985072] RBP: ffff88022aa3fdb0 R08: 0000000000017360 R09: ffffffff81167281
[11522.001679] R10: 000000000000000b R11: ffff8802164adb80 R12: ffff880216675340
[11522.018377] R13: ffff880224681398 R14: ffff880215f442e0 R15: 00007f7fe59a5000
[11522.035189] FS:  00007f7fedbf4800(0000) GS:ffff88023fcc0000(0000) knlGS:0000000000000000
[11522.053189] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[11522.068535] CR2: 00007f7fe59a5000 CR3: 0000000215f58000 CR4: 00000000001427e0
[11522.085568] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[11522.102602] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[11522.119594] Stack:
[11522.130789]  ffff880216675340 0000000000000000 ffff88022aa3fde8 ffffffff811672bb
[11522.148286]  ffff880224681398 ffff880230f54e00 ffff880215f44228 0000000000000001
[11522.165817]  ffff880215f442e0 ffff88022aa3fe58 ffffffff8105ce06 ffff880230f54e68
[11522.183348] Call Trace:
[11522.195257]  [<ffffffff811672bb>] anon_vma_fork+0xab/0x100
[11522.210767]  [<ffffffff8105ce06>] dup_mm+0x276/0x670
[11522.225660]  [<ffffffff8105dc0c>] copy_process.part.25+0x9dc/0x13f0
[11522.242135]  [<ffffffff8105e71d>] do_fork+0xad/0x340
[11522.257065]  [<ffffffff811b6350>] ? get_unused_fd_flags+0x30/0x40
[11522.273346]  [<ffffffff8105ea36>] SyS_clone+0x16/0x20
[11522.288323]  [<ffffffff8160cd39>] stub_clone+0x69/0x90
[11522.303271]  [<ffffffff8160c9d9>] ? system_call_fastpath+0x16/0x1b
[11522.319447] Code: c0 74 0a c7 40 28 01 00 00 00 48 89 00 5d c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 54 49 89 d4 53 48 89 f3 <48> 89 3e 48 89 53 08 48 8b 57 78 48 8d 77 78 48 8d 7b 10 e8 b6 
[11522.360682] RIP  [<ffffffff81165122>] anon_vma_chain_link+0x12/0x40
[11522.377391]  RSP <ffff88022aa3fda0>
[11522.390968] CR2: 00007f7fe59a5000


From crash:
----------
crash: cannot determine thread return address
      KERNEL: /usr/lib/debug/lib/modules/3.10.0-0.rc6.63.el7.x86_64/vmlinux
    DUMPFILE: /var/crash/127.0.0.1-2013.06.24-05:50:13/vmcore  [PARTIAL DUMP]
        CPUS: 8
        DATE: Mon Jun 24 13:50:01 2013
      UPTIME: 03:11:57
LOAD AVERAGE: 0.76, 0.79, 0.50
       TASKS: 236
    NODENAME: ibm-x3100m4-02.qe.lab.eng.nay.redhat.com
     RELEASE: 3.10.0-0.rc6.63.el7.x86_64
     VERSION: #1 SMP Tue Jun 18 12:15:45 EDT 2013
     MACHINE: x86_64  (3392 Mhz)
      MEMORY: 8 GB
       PANIC: "Oops: 0003 [#1] SMP " (check log for details)
         PID: 7949
     COMMAND: "crond"
        TASK: ffff88022b636420  [THREAD_INFO: ffff88022aa3e000]
         CPU: 3
       STATE: TASK_RUNNING (PANIC)

crash> bt
PID: 7949   TASK: ffff88022b636420  CPU: 3   COMMAND: "crond"
 #0 [ffff88022aa3fa08] machine_kexec at ffffffff8103ce72
 #1 [ffff88022aa3fa58] crash_kexec at ffffffff810c9903
 #2 [ffff88022aa3fb20] oops_end at ffffffff816055c0
 #3 [ffff88022aa3fb48] no_context at ffffffff815f7d1c
 #4 [ffff88022aa3fb90] __bad_area_nosemaphore at ffffffff815f7d9c
 #5 [ffff88022aa3fbd8] bad_area_nosemaphore at ffffffff815f7f08
 #6 [ffff88022aa3fbe8] __do_page_fault at ffffffff8160818e
 #7 [ffff88022aa3fce0] do_page_fault at ffffffff8160838e
 #8 [ffff88022aa3fcf0] page_fault at ffffffff81604a18
    [exception RIP: anon_vma_chain_link+18]
    RIP: ffffffff81165122  RSP: ffff88022aa3fda0  RFLAGS: 00010246
    RAX: ffff88023278c288  RBX: 00007f7fe59a5000  RCX: ffff88022aa3ffd8
    RDX: ffff880216675340  RSI: 00007f7fe59a5000  RDI: ffff880215f442e0
    RBP: ffff88022aa3fdb0   R8: 0000000000017360   R9: ffffffff81167281
    R10: 000000000000000b  R11: ffff8802164adb80  R12: ffff880216675340
    R13: ffff880224681398  R14: ffff880215f442e0  R15: 00007f7fe59a5000
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #9 [ffff88022aa3fdb8] anon_vma_fork at ffffffff811672bb
#10 [ffff88022aa3fdf0] dup_mm at ffffffff8105ce06
#11 [ffff88022aa3fe60] copy_process at ffffffff8105dc0c
#12 [ffff88022aa3fed8] do_fork at ffffffff8105e71d
#13 [ffff88022aa3ff38] sys_clone at ffffffff8105ea36
#14 [ffff88022aa3ff48] stub_clone at ffffffff8160cd39
    RIP: 00007f7fece876cc  RSP: 00007fff6f053110  RFLAGS: 00000246
    RAX: 0000000000000038  RBX: 0000000000000000  RCX: ffffffffffffffff
    RDX: 0000000000000000  RSI: 0000000000000000  RDI: 0000000001200011
    RBP: 00007fff6f053190   R8: 0000000000001f0d   R9: 0000000000000000
    R10: 00007f7fedbf4ad0  R11: 0000000000000246  R12: 00007fff6f053110
    R13: 00007fff6f053130  R14: 0000000000000000  R15: 00007f7feec86655
    ORIG_RAX: 0000000000000038  CS: 0033  SS: 002b

Comment 3 Andrew Jones 2013-06-24 07:39:13 UTC

chayang,
can we get access to the machine this reproduces on?

thanks,
drew

Comment 5 Eric Paris 2013-07-03 15:07:20 UTC

closing as a dup of 980072    The root cause is almost certainly the same as 976789

*** This bug has been marked as a duplicate of bug 980072 ***

Comment 6 JianHong Yin 2016-08-31 04:02:01 UTC

Got same call stack on RHEL-7.1, during installing.

https://beaker.engineering.redhat.com/jobs/1480262
http://beaker-archive.app.eng.bos.redhat.com/beaker-logs/2016/08/14802/1480262/3024888/console.log
host: bkr-hv03-guest09.dsal.lab.eng.bos.redhat.com

------------------------------
Starting automated install      
  
.      
      
.      
  
       
[   22.342456] BUG: unable to handle kernel paging request at 00007f34e6057000 
[   22.343008] IP: [<ffffffff8118c0d2>] anon_vma_chain_link+0x12/0x40 
[   22.343008] PGD 139188067 PUD 138c6e067 PMD 7f195067 PTE 80000000ad1ab065 
[   22.343008] Oops: 0003 [#1] SMP  
[   22.343008] Modules linked in: xfs libcrc32c fcoe libfcoe libfc scsi_transport_fc scsi_tgt ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables parport_pc serio_raw pcspkr virtio_balloon parport virtio_console i2c_piix4 i2c_core ext4 mbcache jbd2 loop nfsv3 nfs_acl nfs lockd fscache ata_generic pata_acpi crct10dif_pclmul crct10dif_common crc32_pclmul crc32c_intel ghash_clmulni_intel virtio_blk virtio_net aesni_intel glue_helper ablk_helper cryptd ata_piix libata virtio_pci virtio_ring virtio sunrpc xts lrw gf128mul sha256_ssse3 dm_crypt dm_round_robin dm_snapshot dm_bufio dm_mirror dm_region_hash dm_log dm_zero linear raid10 raid456 async_raid6_recov async_memcpy async_pq raid6_pq async_xor xor async_tx raid1 raid0 iscsi_ibft iscsi_boot_sysfs floppy iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi squashfs cramfs edd dm_multipath dm_mod 
[   22.343008] CPU: 0 PID: 1330 Comm: anaconda Tainted: G        W   --------------   3.10.0-229.el7.x86_64 #1 
[   22.343008] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 
[   22.343008] task: ffff88007f8ef1c0 ti: ffff8800a8514000 task.ti: ffff8800a8514000 
[   22.343008] RIP: 0010:[<ffffffff8118c0d2>]  [<ffffffff8118c0d2>] anon_vma_chain_link+0x12/0x40 
[   22.343008] RSP: 0018:ffff8800a8517d90  EFLAGS: 00010246 
[   22.343008] RAX: ffff88007f346d88 RBX: 00007f34e6057000 RCX: ffff8800a8517fd8 
[   22.343008] RDX: ffff88007fb69ac0 RSI: 00007f34e6057000 RDI: ffff8800b9b3bca8 
[   22.343008] RBP: ffff8800a8517da0 R08: 00000000000163e0 R09: ffffffff8118e3d1 
[   22.343008] R10: 0000000000000009 R11: ffff8800b9b3bbd0 R12: ffff88007fb69ac0 
[   22.343008] R13: ffff8800b64f8a20 R14: ffff8800b9b3bca8 R15: 00007f34e6057000 
[   22.343008] FS:  00007f34d2472700(0000) GS:ffff88013fc00000(0000) knlGS:0000000000000000 
[   22.343008] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 
[   22.343008] CR2: 00007f34e6057000 CR3: 0000000131d08000 CR4: 00000000001406f0 
[   22.343008] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 
[   22.343008] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 
[   22.343008] Stack: 
[   22.343008]  ffff88007fb69ac0 0000000000000000 ffff8800a8517dd8 ffffffff8118e40b 
[   22.343008]  ffff8800b64f8a20 ffff8800b6626bc0 ffff8800b9b3bbd0 0000000000000002 
[   22.343008]  ffff8800b9b3bca8 ffff8800a8517e48 ffffffff8106b986 ffff8800b6626c38 
[   22.343008] Call Trace: 
[   22.343008]  [<ffffffff8118e40b>] anon_vma_fork+0xab/0x100 
[   22.343008]  [<ffffffff8106b986>] dup_mm+0x266/0x660 
[   22.343008]  [<ffffffff8106c7f9>] copy_process.part.25+0xa49/0x14d0 
[   22.343008]  [<ffffffff8106d43c>] do_fork+0xbc/0x350 
[   22.343008]  [<ffffffff8106d756>] SyS_clone+0x16/0x20 
[   22.343008]  [<ffffffff816140f9>] stub_clone+0x69/0x90 
[   22.343008]  [<ffffffff81613da9>] ? system_call_fastpath+0x16/0x1b 
[   22.343008] Code: c0 74 0a c7 40 28 01 00 00 00 48 89 00 5d c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 54 49 89 d4 53 48 89 f3 <48> 89 3e 48 89 53 08 48 8b 57 78 48 8d 77 78 48 8d 7b 10 e8 c6  
[   22.343008] RIP  [<ffffffff8118c0d2>] anon_vma_chain_link+0x12/0x40 
[   22.343008]  RSP <ffff8800a8517d90> 
[   22.343008] CR2: 00007f34e6057000 
[   22.384622] ---[ end trace 421a9796344e2eea ]--- 
[   22.385368] Kernel panic - not syncing: Fatal exception 
[-- MARK -- Wed Aug 31 02:50:00 2016] 
[-- MARK -- Wed Aug 31 02:55:00 2016] 
[-- MARK -- Wed Aug 31 03:00:00 2016] 
[-- MARK -- Wed Aug 31 03:05:00 2016] 
[-- MARK -- Wed Aug 31 03:10:00 2016] 
[-- MARK -- Wed Aug 31 03:15:00 2016] 
[-- MARK -- Wed Aug 31 03:20:00 2016] 
[-- MARK -- Wed Aug 31 03:25:00 2016] 
[-- MARK -- Wed Aug 31 03:30:00 2016] 
[-- MARK -- Wed Aug 31 03:35:00 2016] 
[-- MARK -- Wed Aug 31 03:40:00 2016]

Note You need to log in before you can comment on or make changes to this bug.