KVM and CFS bandwidth control causes kernel crashes (oops)
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | linux (Ubuntu) |
High
|
Unassigned | ||
Bug Description
We've seen this crash at least 3 times when we start setting CPU limits using `cgroups`. It makes using CPU limits impossible, causing instabilities in the operating system. Finally, after installing linux-crashdump, we got a full copy of the crash message.
=======
[146055.357476] BUG: unable to handle kernel NULL pointer dereference at 0000000000000038
[146055.359620] IP: [<ffffffff810a7
[146055.361890] PGD 0
[146055.364131] Oops: 0000 [#1] SMP
[146055.366475] Modules linked in: vhost_net vhost macvtap macvlan act_police cls_u32 sch_ingress ipmi_si xt_multiport nf_conntrack_ipv6 nf_defrag_ipv6 xt_mac xt_physdev xt_set iptable_raw ip_set_hash_ip ip_set nfnetlink mpt3sas mpt2sas raid_class scsi_transport_sas mptctl mptbase veth xt_CHECKSUM iptable_mangle ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT xt_tcpudp dell_rbu bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables nbd openvswitch gre vxlan libcrc32c ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_
[146055.388889] ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul dm_multipath glue_helper ablk_helper scsi_dh cryptd mei_me mei lpc_ich ipmi_msghandler shpchp wmi acpi_power_meter mac_hid lp parport nls_iso8859_1 igb ixgbe i2c_algo_bit dca ptp ahci pps_core megaraid_sas libahci mdio [last unloaded: ipmi_si]
[146055.404208] CPU: 31 PID: 67922 Comm: qemu-system-x86 Not tainted 3.16.0-37-generic #51~14.04.1-Ubuntu
[146055.409906] Hardware name: Dell Inc. PowerEdge R630/0CNCJW, BIOS 1.0.4 08/28/2014
[146055.415754] task: ffff883fcab69e90 ti: ffff883a1c168000 task.ti: ffff883a1c168000
[146055.421817] RIP: 0010:[<
[146055.428079] RSP: 0018:ffff883a1c
[146055.434377] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000044aa200
[146055.440913] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff883ffedf3140
[146055.447474] RBP: ffff883a1c16bd00 R08: 0000000000000000 R09: 0000000000000001
[146055.454181] R10: 0000000000000004 R11: 0000000000000206 R12: ffff883ffedf3140
[146055.460968] R13: 000000000000001f R14: 0000000000000001 R15: ffff883ffedf30c0
[146055.467722] FS: 00007f404919d70
[146055.474756] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[146055.481830] CR2: 0000000000000038 CR3: 0000003a1c45b000 CR4: 00000000001427e0
[146055.489134] Stack:
[146055.496412] 0000000000000000 ffff883ffedf3140 000000000000001f ffff883a1c16bd68
[146055.504053] ffffffff810af2f8 ffff883ffedf3140 00000000000130c0 ffff883fcab69e90
[146055.511786] ffffffff8101c3b9 ffff883a1c16bd50 ffffffff810a4895 ffff883fcab6a3c8
[146055.519551] Call Trace:
[146055.527330] [<ffffffff810af
[146055.535292] [<ffffffff8101c
[146055.543379] [<ffffffff810a4
[146055.551519] [<ffffffff81768
[146055.559722] [<ffffffff81769
[146055.568020] [<ffffffffc0338
[146055.576509] [<ffffffffc0321
[146055.585045] [<ffffffff81156
[146055.593771] [<ffffffff811e7
[146055.602531] [<ffffffff8109d
[146055.611413] [<ffffffffc032b
[146055.620339] [<ffffffff811e7
[146055.629396] [<ffffffff8176d
[146055.638500] Code: 83 c4 10 4c 89 f2 4c 89 ee ff d0 49 8b 04 24 48 85 c0 75 e6 eb 99 0f 1f 40 00 0f 1f 44 00 00 55 48 89 e5 41 55 41 54 49 89 fc 53 <8b> 46 38 48 89 f3 85 c0 75 5d 49 8b 84 24 b0 00 00 00 48 8b 80
[146055.657833] RIP [<ffffffff810a7
[146055.667524] RSP <ffff883a1c16bce8>
[146055.677082] CR2: 0000000000000038
=======
I've found the following "potential" fix that doesn't seem to have every made it through: https:/
In addition, I have a 12GB dump file generated by linux-crashdump, please let me know if there's anything I can do with it which can help troubleshoot this issue.
| Changed in linux (Ubuntu): | |
| status: | New → Incomplete |
| tags: | added: utopic |
| Changed in linux (Ubuntu): | |
| status: | Incomplete → Confirmed |
| Mohammed Naser (mnaser) wrote : | #2 |
Just wanted to add this as it might be useful (I'm trying to do troubleshooting):
crash> dis -rl ffffffff810af2f8
/build/
0xffffffff810af280 <pick_next_
0xffffffff810af285 <pick_next_
/build/
0xffffffff810af286 <pick_next_
/build/
0xffffffff810af28d <pick_next_
0xffffffff810af290 <pick_next_
0xffffffff810af292 <pick_next_
0xffffffff810af295 <pick_next_
0xffffffff810af297 <pick_next_
0xffffffff810af299 <pick_next_
0xffffffff810af29b <pick_next_
0xffffffff810af29c <pick_next_
/build/
0xffffffff810af2a0 <pick_next_
/build/
0xffffffff810af2a4 <pick_next_
/build/
0xffffffff810af2a8 <pick_next_
0xffffffff810af2af <pick_next_
/build/
0xffffffff810af2b3 <pick_next_
0xffffffff810af2ba <pick_next_
0xffffffff810af2bc <pick_next_
/build/
0xffffffff810af2be <pick_next_
0xffffffff810af2c2 <pick_next_
0xffffffff810af2c6 <pick_next_
0xffffffff810af2cc <pick_next_
/build/
0xffffffff810af2d2 <pick_next_
0xffffffff810af2d6 <pick_next_
0xffffffff810af2d9 <pick_next_
0xffffffff810af2dc <pick_next_
/build/
0xffffffff810af2e0 <pick_next_
0xffffffff810af2e2 <pick_next_
0xffffffff810af2e5 <pick_next_
/build/
0xffffffff810af2ea <pick_next_
/build/
0xffffffff810af2ed <pick_next_
/build/
0xffffffff810af2f0 <pick_next_
0xffffffff810a...
| Mohammed Naser (mnaser) wrote : | #3 |
I suspect the following has occured:
https:/
if (!cfs_rq-
goto idle;
put_prev_task(rq, prev);
do {
se = pick_next_
set_next_
cfs_rq = group_cfs_rq(se);
} while (cfs_rq);
We can see that `nr_running` is actually set to 0 when checking the dumps
crash> cfs_rq.nr_running ffff883ffedf3140
nr_running = 0
When following the call order of `put_prev_task`, it actually calls the class-specific `put_prev_
/* throttle cfs_rqs exceeding runtime */
check_
If we start tracing on what `check_
This is my first time debugging Kernel issues so this is just what I think so far, but comments are welcome..
| Mohammed Naser (mnaser) wrote : | #4 |
There is currently a pending patch for this issue, I'll update the bug when it lands
http://
http://
Thank you
| tags: | added: bios-outdated-1.2.10 |
| Chris J Arges (arges) wrote : | #5 |
@mnaser,
I haven't had a ton of time to look into this yet.
Have you tried the following to see if you still get an issue?
1) Running a 4.0+ kernel
2) Patching with https:/
Also it may be helpful to know how you are configuring cgroups for your qemu processes in order to run into this issue.
Thanks,
| Mohammed Naser (mnaser) wrote : | #6 |
Chris,
There's been a few other proposed patches, but my biggest issue now is trying to replicate it over here before trying to look at patches, or else there's no way for me to say "this works".
I'm working on something to try and replicate it today and I'll keep this bug updated.. I hope it goes through well.
Thanks
Mohammed
| Changed in linux (Ubuntu): | |
| importance: | Undecided → High |
| Mohammed Naser (mnaser) wrote : | #7 |
This seems to have taken care of it
| Christopher M. Penalver (penalvch) wrote : | #8 |
Mohammed Naser, did you personally test the patch in #7 and confirm it fixes your issue?
| Changed in linux (Ubuntu): | |
| status: | Confirmed → Incomplete |
| Launchpad Janitor (janitor) wrote : | #9 |
[Expired for linux (Ubuntu) because there has been no activity for 60 days.]
| Changed in linux (Ubuntu): | |
| status: | Incomplete → Expired |


This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:
apport-collect 1458045
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.