Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1736792

Summary: QEMU core dumped if boot guest with nvdimm backed by /dev/dax0.0 and option pmem=off
Product: Red Hat Enterprise Linux 8 Reporter: Yumei Huang <yuhuang>
Component: qemu-kvmAssignee: Stefan Hajnoczi <stefanha>
Status: CLOSED DEFERRED QA Contact: Yumei Huang <yuhuang>
Severity: high Docs Contact:
Priority: high    
Version: 8.1CC: chayang, juzhang, rbalakri, stefanha, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1736788 Environment:
Last Closed: 2019-08-13 17:50:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1736788    
Bug Blocks: 1736789    

Description Yumei Huang 2019-08-02 02:51:46 UTC 
Hit same issue on slow train.

qemu-kvm-2.12.0-82.module+el8.1.0+3738+0d8c0249
kernel-4.18.0-116.el8.x86_64

+++ This bug was initially created as a clone of Bug #1736788 +++

Description of problem:

Boot guest with nvdimm device backed by /dev/dax0.0, set pmem=off, qemu core dumped with 'Bus error' during guest boot.

Version-Release number of selected component (if applicable):
qemu-kvm-4.0.0-6.module+el8.1.0+3736+a2aefea3
host kernel: 4.18.0-116.el8.x86_64

How reproducible:
always

Steps to Reproduce:
1. Emulate /dev/pmem by adding memmap=4G!4G to host kernel line
# cat /proc/cmdline 
BOOT_IMAGE=(hd0,msdos1)/vmlinuz-4.18.0-116.el8.x86_64 root=/dev/mapper/rhel_hp--dl385g10--02-root ro crashkernel=auto resume=/dev/mapper/rhel_hp--dl385g10--02-swap rd.lvm.lv=rhel_hp-dl385g10-02/root rd.lvm.lv=rhel_hp-dl385g10-02/swap console=ttyS0,115200n81 memmap=4G!4G

2. Create /dev/dax0.0 by ndctl

# ndctl create-namespace -m dax -e namespace0.0 -f -v -a 4096
{
  "dev":"namespace0.0",
  "mode":"devdax",
  "map":"dev",
  "size":"3.94 GiB (4.23 GB)",
  "uuid":"4635cd69-c9f1-4886-a9f6-b8f7aa4d4fc2",
  "daxregion":{
    "id":0,
    "size":"3.94 GiB (4.23 GB)",
    "align":4096,
    "devices":[
      {
        "chardev":"dax0.0",
        "size":"3.94 GiB (4.23 GB)"
      }
    ]
  },
  "align":4096
}
[root@hp-dl385g10-02 ~]# ndctl list
[
  {
    "dev":"namespace0.0",
    "mode":"devdax",
    "map":"dev",
    "size":4225761280,
    "uuid":"4635cd69-c9f1-4886-a9f6-b8f7aa4d4fc2",
    "chardev":"dax0.0",
    "align":4096
  }
]

3. Boot guest with /dev/dax0.0, set pmem=off

# /usr/libexec/qemu-kvm -M pc,nvdimm   \
-m 1G,slots=256,maxmem=40G  \
-object memory-backend-file,id=mem2,share,mem-path=/dev/dax0.0,size=4G,align=128M,pmem=off \
-device nvdimm,memdev=mem2,id=nv2,label-size=2M \
/home/kvm_autotest_root/images/rhel810-64-virtio-scsi.qcow2 \
-monitor stdio -vnc :0

Actual results:
QEMU core dumped.
(qemu) Bus error (core dumped)

Expected results:
No core dump.

Additional info:
1. if set pmem=on, qemu quit and print error message,
qemu-kvm: -object memory-backend-file,id=mem2,share,mem-path=/dev/dax0.0,size=4G,align=128M,pmem=on: size property 4294967296 is larger than pmem file "/dev/dax0.0" size 4225761280

2. if set object size<4G, e.g. -object memory-backend-file,id=mem2,share,mem-path=/dev/dax0.0,size=2G,align=128M,pmem=off, guest can boot up well.

3. Backtrace:
(gdb) bt
#0  0x00007fd2f514a97a in pthread_sigmask () at /lib64/libpthread.so.0
#1  0x00005609c99d5540 in sigbus_reraise ()
#2  0x00005609c99d55a3 in  ()
#3  0x00007fd2f514ddc0 in <signal handler called> () at /lib64/libpthread.so.0
#4  0x00007fd2f4ed66a5 in __memmove_avx_unaligned_erms () at /lib64/libc.so.6
#5  0x00005609c9b00f07 in nvdimm_dsm_write ()
#6  0x00005609c99eae03 in memory_region_write_accessor ()
#7  0x00005609c99e8fb6 in access_with_adjusted_size ()
#8  0x00005609c99ece70 in memory_region_dispatch_write ()
#9  0x00005609c9993923 in flatview_write_continue ()
#10 0x00005609c9993b46 in flatview_write ()
#11 0x00005609c9997ccf in address_space_write ()
#12 0x00005609c99ff324 in kvm_cpu_exec ()
#13 0x00005609c99d7316 in qemu_kvm_cpu_thread_fn ()
#14 0x00005609c9cec774 in qemu_thread_start ()
#15 0x00007fd2f51432de in start_thread () at /lib64/libpthread.so.0
#16 0x00007fd2f4e74463 in clone () at /lib64/libc.so.6
Comment 2 Ademar Reis 2019-08-13 17:50:23 UTC 
(In reply to Yumei Huang from comment #0)
> Hit same issue on slow train.
> 
> qemu-kvm-2.12.0-82.module+el8.1.0+3738+0d8c0249
> kernel-4.18.0-116.el8.x86_64
> 
> +++ This bug was initially created as a clone of Bug #1736788 +++

...

> 
> 3. Boot guest with /dev/dax0.0, set pmem=off
> 
> # /usr/libexec/qemu-kvm -M pc,nvdimm   \
> -m 1G,slots=256,maxmem=40G  \
> -object
> memory-backend-file,id=mem2,share,mem-path=/dev/dax0.0,size=4G,align=128M,
> pmem=off \
> -device nvdimm,memdev=mem2,id=nv2,label-size=2M \
> /home/kvm_autotest_root/images/rhel810-64-virtio-scsi.qcow2 \
> -monitor stdio -vnc :0

The handling of these options in libvirt was introduced in libvirt-5.0, while RHEL is using libvirt-4.5 (RHEL-AV gets rebased, but not RHEL).

Given we don't support direct invocation of qemu in RHEL, I'm closing this BZ. If this can be reproduced using libvirt from RHEL, please reopen.