Re: [Qemu-devel] PCI: Hot-removing a virtio-blk causes guest panic
On Sat, May 12, 2012 at 12:30 AM, Michael S. Tsirkin wrote: > > On Fri, May 11, 2012 at 12:37:49PM +0800, Amos Kong wrote: > > good: 3.3.0 guest kernel & qemu-kvm-rhel6 > > guest panic: 3.3.0 guest kernel & qemu-upstream (contains fix [1]) > > > > I didn't change anything of guest kernel, > > It seems a bug of qemu-upstream. > > > > [1] http://marc.info/?l=qemu-devel&m=133670266801022&w=2 > > [PATCH] qom: fix refcounting in object_property_del_child() > This fix is wrong, I had sent another patch to fix the object release issues. http://marc.info/?t=13367485119&r=1&w=2 After apply this patch to qemu, guest panic disappears. Guest panic should be caused that the object is not released in qemu. > > > >>> Start VM with one block device: > > qemu-upstream --enable-kvm -name 'vm1' -nodefaults -drive > > file='nolvm.qcow2',index=0,if=virtio,cache=none,snapshot=on -net none -m > > 2000 -smp 2 -vnc :0 -kernel vmlinuz-3.3.0 -append 'ro root=/dev/vda1 > > console=tty0 console=ttyS0,115200' -drive > > file=images/u0,if=none,id=drive-virtio0-0-0,format=qcow2,cache=none > > -device virtio-blk-pci,drive=drive-virtio0-0-0,id=virti0-0-0 -monitor > > unix:/tmp/m,nowait,server > > > > >>> hot-remove the virtio disk > > (qemu)# echo "device_del virti0-0-0" | nc -U /tmp/m > > > > >>> guest panic: > > > Find a working version and bisect? > I tried to bisect obj-ref issue first, and found guest panic is caused by that. Amos
Re: [Qemu-devel] PCI: Hot-removing a virtio-blk causes guest panic
On Fri, May 11, 2012 at 12:37:49PM +0800, Amos Kong wrote: > good: 3.3.0 guest kernel & qemu-kvm-rhel6 > guest panic: 3.3.0 guest kernel & qemu-upstream (contains fix [1]) > > I didn't change anything of guest kernel, > It seems a bug of qemu-upstream. > > [1] http://marc.info/?l=qemu-devel&m=133670266801022&w=2 > [PATCH] qom: fix refcounting in object_property_del_child() > > > >>> Start VM with one block device: > qemu-upstream --enable-kvm -name 'vm1' -nodefaults -drive > file='nolvm.qcow2',index=0,if=virtio,cache=none,snapshot=on -net none -m > 2000 -smp 2 -vnc :0 -kernel vmlinuz-3.3.0 -append 'ro root=/dev/vda1 > console=tty0 console=ttyS0,115200' -drive > file=images/u0,if=none,id=drive-virtio0-0-0,format=qcow2,cache=none > -device virtio-blk-pci,drive=drive-virtio0-0-0,id=virti0-0-0 -monitor > unix:/tmp/m,nowait,server > > >>> hot-remove the virtio disk > (qemu)# echo "device_del virti0-0-0" | nc -U /tmp/m > > >>> guest panic: Find a working version and bisect?
[Qemu-devel] PCI: Hot-removing a virtio-blk causes guest panic
good: 3.3.0 guest kernel & qemu-kvm-rhel6 guest panic: 3.3.0 guest kernel & qemu-upstream (contains fix [1]) I didn't change anything of guest kernel, It seems a bug of qemu-upstream. [1] http://marc.info/?l=qemu-devel&m=133670266801022&w=2 [PATCH] qom: fix refcounting in object_property_del_child() >>> Start VM with one block device: qemu-upstream --enable-kvm -name 'vm1' -nodefaults -drive file='nolvm.qcow2',index=0,if=virtio,cache=none,snapshot=on -net none -m 2000 -smp 2 -vnc :0 -kernel vmlinuz-3.3.0 -append 'ro root=/dev/vda1 console=tty0 console=ttyS0,115200' -drive file=images/u0,if=none,id=drive-virtio0-0-0,format=qcow2,cache=none -device virtio-blk-pci,drive=drive-virtio0-0-0,id=virti0-0-0 -monitor unix:/tmp/m,nowait,server >>> hot-remove the virtio disk (qemu)# echo "device_del virti0-0-0" | nc -U /tmp/m >>> guest panic: kernel BUG at drivers/virtio/virtio.c:158! invalid opcode: [#1] SMP CPU 0 Modules linked in: Pid: 39, comm: kworker/0:2 Not tainted 3.3.0pcifix+ #46 Bochs Bochs RIP: 0010:[] [] virtio_dev_remove+0x49/0x50 RSP: :880078a6da80 EFLAGS: 00010286 RAX: 00ff RBX: 8800788da800 RCX: RDX: c052 RSI: 0202 RDI: 0001c052 RBP: 880078a6da90 R08: R09: 0001 R10: R11: 0001 R12: 81ab7120 R13: 81a8e120 R14: 88007914f000 R15: 88007914f000 FS: () GS:88007cc0() knlGS: CS: 0010 DS: ES: CR0: 8005003b CR2: 7fe852c9e008 CR3: 77b33000 CR4: 06f0 DR0: DR1: DR2: DR3: DR6: 0ff0 DR7: 0400 Process kworker/0:2 (pid: 39, threadinfo 880078a6c000, task 880078a6b4e0) Stack: 88007914f000 8800788da808 880078a6dab0 813949fc 8800788da868 8800788da808 880078a6dad0 81394b4d 8800788da808 0005 880078a6db00 81393acf Call Trace: [] __device_release_driver+0x7c/0xe0 [] device_release_driver+0x2d/0x40 [] bus_remove_device+0x10f/0x180 [] device_del+0x120/0x1d0 [] device_unregister+0x22/0x60 [] unregister_virtio_device+0x12/0x20 [] virtio_pci_remove+0x2a/0x6c [] pci_device_remove+0x52/0x120 [] __device_release_driver+0x7c/0xe0 [] device_release_driver+0x2d/0x40 [] bus_remove_device+0x10f/0x180 [] device_del+0x120/0x1d0 [] device_unregister+0x22/0x60 [] pci_stop_bus_device+0x94/0xa0 [] disable_device+0xac/0x190 [] ? insert_work+0x34/0x80 [] acpiphp_disable_slot+0x30/0x60 [] acpiphp_check_bridge+0x35/0xf0 [] _handle_hotplug_event_func+0x121/0x1d0 [] ? acpi_os_wait_events_complete+0x23/0x23 [] ? check_sub_bridges+0xd0/0xd0 [] process_one_work+0x132/0x450 [] worker_thread+0x17b/0x3c0 [] ? manage_workers+0x120/0x120 [] kthread+0x9e/0xb0 [] kernel_thread_helper+0x4/0x10 [] ? kthread_freezable_should_stop+0x70/0x70 [] ? gs_change+0x13/0x13 Code: 90 00 00 00 48 8b 83 a8 02 00 00 48 89 df ff 50 10 84 c0 75 16 48 89 df be 01 00 00 00 e8 90 fd ff ff 48 83 c4 08 31 c0 5b c9 c3 <0f> 0b eb fe 0f 1f 00 55 48 89 e5 41 55 41 54 53 48 83 ec 08 66 RIP [] virtio_dev_remove+0x49/0x50 RSP ---[ end trace aafd6463605a97fc ]--- BUG: unable to handle kernel paging request at fff8 IP: [] kthread_data+0x10/0x20 PGD 1a0d067 PUD 1a0e067 PMD 0 Oops: [#2] SMP CPU 0 Modules linked in: Pid: 39, comm: kworker/0:2 Tainted: G D 3.3.0pcifix+ #46 Bochs Bochs RIP: 0010:[] [] kthread_data+0x10/0x20 RSP: :880078a6d768 EFLAGS: 00010096 RAX: RBX: RCX: RDX: 81d563c0 RSI: RDI: 880078a6b4e0 RBP: 880078a6d768 R08: 880078a6b550 R09: R10: 0002 R11: R12: R13: 880078a6ba88 R14: 0001 R15: 0006 FS: () GS:88007cc0() knlGS: CS: 0010 DS: ES: CR0: 8005003b CR2: fff8 CR3: 77b33000 CR4: 06f0 DR0: DR1: DR2: DR3: DR6: 0ff0 DR7: 0400 Process kworker/0:2 (pid: 39, threadinfo 880078a6c000, task 880078a6b4e0) Stack: 880078a6d788 8106a1b5 880078a6d788 88007cc13500 880078a6d818 81574ae3 880078a6dfd8 00013500 880078a6c010 00013500 00013500 00013500 Call Trace: [] wq_worker_sleeping+0x15/0xa0 [] __schedule+0x5a3/0x730 [] schedule+0x29/0x70 [] do_exit+0x2ad/0x450 [] oops_end+0xac/0xf0 [] die+0x5b/0x90 [] do_trap+0xc4/0x170 [] do_invalid_op+0x95/0xb0 [] ? virtio_dev_remove+0x49/0x50 [] ? kobject_cleanup+0x9c/0x1b0 [] ? kobject_release+0xd/0x10 [] ? kobject_put+0x2c/0x60 [] invalid_op+0x1b/0x20 [] ? virtio_dev_remove+0x49/0x50 [] __device_re
