VMware virtual system crash at in pvscsi_queue()

Solution In Progress - Updated -

Issue

  • Encounteringuse-after-free of scsi_cmnd on VMware virtual guest with vmw_pvscsi and ata_piix.
  • Server rebooted with crash message "general protection fault: 0000 [#1] SMP "
crash> bt
PID: 1961   TASK: ffff881680ab0ff0  CPU: 37  COMMAND: "kdmwork-253:17"
 #0 [ffff88167dfeba20] machine_kexec at ffffffff8105e77b
 #1 [ffff88167dfeba80] __crash_kexec at ffffffff8110acb2
 #2 [ffff88167dfebb50] crash_kexec at ffffffff8110ada0
 #3 [ffff88167dfebb68] oops_end at ffffffff816be738
 #4 [ffff88167dfebb90] die at ffffffff8102e8db
 #5 [ffff88167dfebbc0] do_general_protection at ffffffff816be0ee
 #6 [ffff88167dfebbf0] general_protection at ffffffff816bd6f8
    [exception RIP: pvscsi_queue+955]
    RIP: ffffffffc006b5db  RSP: ffff88167dfebca0  RFLAGS: 00010002
    RAX: 6b6b6b6b6b6b6b6b  RBX: ffff883036c7e080  RCX: 0000003036d4cfff
    RDX: ffffffff81354bd0  RSI: 0000000000000002  RDI: 0000000000000002
    RBP: ffff88167dfebd08   R8: 0000000000000001   R9: 0000000000000000
    R10: ffff880e9dbcb640  R11: ffff882b10e3a878  R12: ffff880e9dbcb640
    R13: ffff884a07f61030  R14: ffff884a07f61030  R15: ffff883036caec50
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #7 [ffff88167dfebd10] scsi_dispatch_cmd at ffffffff81472f10   
 #8 [ffff88167dfebd38] scsi_request_fn at ffffffff8147bdaf     
 #9 [ffff88167dfebda0] __blk_run_queue at ffffffff81302669
#10 [ffff88167dfebdb8] __elv_add_request at ffffffff812fe1cb
#11 [ffff88167dfebdf0] blk_insert_cloned_request at ffffffff813053b0
#12 [ffff88167dfebe18] map_request at ffffffffc000f482 [dm_mod]
#13 [ffff88167dfebe68] map_tio_request at ffffffffc000f576 [dm_mod]
#14 [ffff88167dfebe80] kthread_worker_fn at ffffffff810b6975
#15 [ffff88167dfebec8] kthread at ffffffff810b65b1
#16 [ffff88167dfebf50] ret_from_fork at ffffffff816c64f7
  • Issue can also present as:
PID: 13005  TASK: ffff98c5612eb0c0  CPU: 0   COMMAND: "kworker/u8:3"
 #0 [ffff98bf3ceb73e0] machine_kexec at ffffffff8bc63674
 #1 [ffff98bf3ceb7440] __crash_kexec at ffffffff8bd1cf32
 #2 [ffff98bf3ceb7510] crash_kexec at ffffffff8bd1d020
 #3 [ffff98bf3ceb7528] oops_end at ffffffff8c36d758
 #4 [ffff98bf3ceb7550] no_context at ffffffff8c35bafe
 #5 [ffff98bf3ceb75a0] __bad_area_nosemaphore at ffffffff8c35bb95
 #6 [ffff98bf3ceb75f0] bad_area_nosemaphore at ffffffff8c35bd06
 #7 [ffff98bf3ceb7600] __do_page_fault at ffffffff8c3706b0
 #8 [ffff98bf3ceb7670] do_page_fault at ffffffff8c370915
 #9 [ffff98bf3ceb76a0] page_fault at ffffffff8c36c758
    [exception RIP: pvscsi_queue+68]
    RIP: ffffffffc016b1c4  RSP: ffff98bf3ceb7750  RFLAGS: 00010002
    RAX: 0000000000000000  RBX: ffff98c5843d56c0  RCX: 0000000000000001
    RDX: 000000000026e017  RSI: ffff98c5843d56c0  RDI: ffff98c4bb433000
    RBP: ffff98bf3ceb77b8   R8: 0000000000000010   R9: 0000000000000004
    R10: ffff98c4bb4330d8  R11: ffff98c5843d56c0  R12: ffff98c5843d56c0
    R13: ffff98c4bb433000  R14: ffff98c4bb433000  R15: ffff98c4bad89048
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
#10 [ffff98bf3ceb77c0] scsi_dispatch_cmd at ffffffff8c0d14c0
#11 [ffff98bf3ceb77e8] scsi_request_fn at ffffffff8c0daa5c
#12 [ffff98bf3ceb7850] __blk_run_queue at ffffffff8bf436b9
#13 [ffff98bf3ceb7868] blk_queue_bio at ffffffff8bf473b3
#14 [ffff98bf3ceb78b8] generic_make_request at ffffffff8bf45347
#15 [ffff98bf3ceb7910] submit_bio at ffffffff8bf455f0
#16 [ffff98bf3ceb7968] xfs_add_to_ioend at ffffffffc0347165 [xfs]
#17 [ffff98bf3ceb79a8] xfs_do_writepage at ffffffffc0347787 [xfs]
#18 [ffff98bf3ceb7a28] write_cache_pages at ffffffff8bdc23c4
#19 [ffff98bf3ceb7b40] xfs_vm_writepages at ffffffffc03473ab [xfs]
#20 [ffff98bf3ceb7bb0] do_writepages at ffffffff8bdc3511
....

Environment

  • Red Hat Enterprise Linux 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content