libvirtd fails to create VM

Bug #1940107 reported by Thadeu Lima de Souza Cascardo
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Hirsute
High
Thadeu Lima de Souza Cascardo

Bug Description

[Impact]
libvirtd won't be able to create VMs.

[Test case]
Start a VM using virsh/libvirtd:

virsh start focal

[Potential regression]
Some other processes won't be able to start inside some cgroups.

---------------------------

$ virsh start focal
error: Failed to start domain focal
error: internal error: process exited while connecting to monitor: ioctl(KVM_CREATE_VM) failed: 22 Invalid argument
2021-08-16T15:11:23.005201Z qemu-system-x86_64: failed to initialize KVM: Invalid argument

$ sudo dmesg | grep kvm
[ 135.237378] kvm: Nested Virtualization enabled
[ 135.237384] SVM: kvm: Nested Paging enabled
[ 166.209556] kvm [4082]: kvm_vm_worker_thread: cgroup_attach_task_all failed with err -22

CVE References

Changed in linux (Ubuntu):
status: New → Invalid
Changed in linux (Ubuntu Hirsute):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :

We have identified that upstream commit 00b89fe0197f0c55a045775c11553c0cdb7082fe ("sched: Make the idle task quack like a per-CPU kthread") causes this, and its revert fixes the problem.

@smb identified commit a8ea6fc9b089156d9230bfeef964dd9be101a4a9 ("sched: Stop PF_NO_SETAFFINITY from being inherited by various init system threads") should probably fix it, which will be tested and sent as part of a respin for 5.11.

Cascardo.

summary: - libvirtd failes to create VM
+ libvirtd fails to create VM
Changed in linux (Ubuntu Hirsute):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-hirsute' to 'verification-done-hirsute'. If the problem still exists, change the tag 'verification-needed-hirsute' to 'verification-failed-hirsute'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-hirsute
Revision history for this message
Stefan Bader (smb) wrote :

$ uname -a
Linux bartledan 5.11.0-34-generic #36-Ubuntu SMP Thu Aug 26 19:22:09 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

$ virsh start test-f1
Domain 'test-f1' started

$ virsh list
 Id Name State
-------------------------
 1 test-f1 running

$ sudo dmesg|grep kvm
[ 146.346387] kvm [2172]: vcpu0, guest rIP: 0xffffffff8fa73344 disabled perfctr wrmsr: 0xc2 data 0xffff
[ 148.951483] kvm [2172]: vcpu0, guest rIP: 0xffffffff94873344 disabled perfctr wrmsr: 0xc2 data 0xffff

tags: added: verification-done-hirsute
removed: verification-needed-hirsute
Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :

Also works fine with focal:linux-oracle-5.11 5.11.0-1017-oracle.

Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :

Also working on hirsute:focal-linux on the system where it was found:

ubuntu@riccioli:~$ uname -r ; virsh list
5.11.0-34-generic
 Id Name State
------------------------
 1 bionic running

And also on an oracle bare-metal instance with hirsute:linux-oracle 5.11.0-1017-oracle.

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (62.5 KiB)

This bug was fixed in the package linux - 5.11.0-34.36

---------------
linux (5.11.0-34.36) hirsute; urgency=medium

  * hirsute/linux: 5.11.0-34.36 -proposed tracker (LP: #1941766)

  * Server boot failure after adding checks for ACPI IRQ override (LP: #1941657)
    - Revert "ACPI: resources: Add checks for ACPI IRQ override"

linux (5.11.0-33.35) hirsute; urgency=medium

  * hirsute/linux: 5.11.0-33.35 -proposed tracker (LP: #1940101)

  * libvirtd fails to create VM (LP: #1940107)
    - sched: Stop PF_NO_SETAFFINITY from being inherited by various init system
      threads

linux (5.11.0-32.34) hirsute; urgency=medium

  * hirsute/linux: 5.11.0-32.34 -proposed tracker (LP: #1939769)

  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2021.08.16)

  * CVE-2021-3656
    - SAUCE: KVM: nSVM: always intercept VMLOAD/VMSAVE when nested

  * CVE-2021-3653
    - SAUCE: KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

  * [regression] USB device is not detected during boot (LP: #1939638)
    - SAUCE: Revert "usb: core: reduce power-on-good delay time of root hub"

  * Support builtin revoked certificates (LP: #1932029)
    - [Packaging] build canonical-revoked-certs.pem from branch/arch certs
    - [Packaging] Revoke 2012 UEFI signing certificate as built-in
    - [Config] Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679)
    - SAUCE: integrity: add informational messages when revoking certs

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679) // CVE-2020-26541 when certificates are revoked via
    MokListXRT.
    - SAUCE: integrity: Load mokx certs from the EFI MOK config table

  * Include product_sku info to modalias (LP: #1938143)
    - firmware/dmi: Include product_sku info to modalias

  * Fix Ethernet not working by hotplug - RTL8106E (LP: #1930645)
    - net: phy: rename PHY_IGNORE_INTERRUPT to PHY_MAC_INTERRUPT
    - SAUCE: r8169: Use PHY_POLL when RTL8106E enable ASPM

  * [SRU][H/OEM-5.10/OEM-5.13/U] Fix system hang after unplug tbt dock
    (LP: #1938689)
    - SAUCE: igc: fix page fault when thunderbolt is unplugged

  * [Regression] Audio card [8086:9d71] not detected after upgrade from linux
    5.4 to 5.8 (LP: #1915117)
    - [Config] set CONFIG_SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC to y

  * Backlight (screen brightness) on Lenovo P14s AMD Gen2 inop (LP: #1934557)
    - drm/amdgpu/display: only enable aux backlight control for OLED panels

  * Touchpad not working with ASUS TUF F15 (LP: #1937056)
    - pinctrl: tigerlake: Fix GPIO mapping for newer version of software

  * dev_forward_skb: do not scrub skb mark within the same name space
    (LP: #1935040)
    - dev_forward_skb: do not scrub skb mark within the same name space

  * Fix display output on HP hybrid GFX laptops (LP: #1936296)
    - drm/i915: Invoke another _DSM to enable MUX on HP Workstation laptops

  * [SRU][OEM-5.10/H] UBUNTU: SAUCE: Fix backlight control on Samsung 16727
    panel (LP: #1930527)
    - SAUCE: drm/i915: Force DPCD backlight mode for Samsung 16727 pa...

Changed in linux (Ubuntu Hirsute):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers