RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1147354 - Qemu core dump when boot up a guest on a non-existent hugepage path
Summary: Qemu core dump when boot up a guest on a non-existent hugepage path
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm-rhev
Version: 7.1
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: rc
: ---
Assignee: Luiz Capitulino
QA Contact: Virtualization Bugs
URL:
Whiteboard:
: 1158793 1162989 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-09-29 05:51 UTC by CongLi
Modified: 2015-03-05 09:56 UTC (History)
6 users (show)

Fixed In Version: qemu-kvm-rhev-2.1.2-8.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-05 09:56:15 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0624 0 normal SHIPPED_LIVE Important: qemu-kvm-rhev security, bug fix, and enhancement update 2015-03-05 14:37:36 UTC

Description CongLi 2014-09-29 05:51:16 UTC 
Description of problem:
Qemu core dump when boot up a guest on a non-existent hugepage path

Version-Release number of selected component (if applicable):
kernel-3.10.0-170.el7.x86_64
qemu-kvm-rhev-2.1.2-1.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. set the host with 15G hugepage (hugepage size=1G):
# cat /proc/cmdline 
BOOT_IMAGE=/vmlinuz-3.10.0-170.el7.x86_64 root=/dev/mapper/rhel_ibm--x3650m4--05-root ro rd.lvm.lv=rhel_ibm-x3650m4-05/root rd.lvm.lv=rhel_ibm-x3650m4-05/swap console=tty0 reboot=pci console=ttyS0,115200 vconsole.keymap=us vconsole.font=latarcyrheb-sun16 biosdevname=0 crashkernel=256M LANG=en_US.UTF-8 default_hugepagesz=1G hugepagesz=1G hugepages=15 

2. mount hugetlbfs
mount -t hugetlbfs none /mnt/kvm_hugepage

3. boot up the guest on a non-existent path with option '-mem-path'.
(the path should be /mnt/kvm_hugepage instead of /mnt/kvm_hugepag, the latter missed the last letter 'e')
    -m 2048  \
    -mem-path  /mnt/kvm_hugepag \

Actual results:
Qemu core dump

Expected results:
Qemu should prevent such condition

Additional info:
1. core dump info:
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/bin/qemu-kvm -S -name virt-tests-vm1 -sandbox off -M pc -nodefaults -vga qxl -'.
Program terminated with signal 6, Aborted.
#0  0x00007f07b449b989 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt
#0  0x00007f07b449b989 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007f07b449d098 in __GI_abort () at abort.c:90
#2  0x00007f07b44948f6 in __assert_fail_base (
    fmt=0x7f07b45e43e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0x7f07ba934bf5 "new_block", 
    file=file@entry=0x7f07ba934728 "/builddir/build/BUILD/qemu-2.1.2/exec.c", 
    line=line@entry=1220, 
    function=function@entry=0x7f07ba934d60 <__PRETTY_FUNCTION__.33297> "qemu_ram_set_idstr") at assert.c:92
#3  0x00007f07b44949a2 in __GI___assert_fail (
    assertion=assertion@entry=0x7f07ba934bf5 "new_block", 
    file=file@entry=0x7f07ba934728 "/builddir/build/BUILD/qemu-2.1.2/exec.c", 
    line=line@entry=1220, 
    function=function@entry=0x7f07ba934d60 <__PRETTY_FUNCTION__.33297> "qemu_ram_set_idstr") at assert.c:101
#4  0x00007f07ba6c8949 in qemu_ram_set_idstr (addr=<optimized out>, name=<optimized out>, 
    dev=dev@entry=0x0) at /usr/src/debug/qemu-2.1.2/exec.c:1220
#5  0x00007f07ba700e13 in vmstate_register_ram (mr=mr@entry=0x7f07bbb67d60, 
    dev=dev@entry=0x0) at /usr/src/debug/qemu-2.1.2/savevm.c:1407
#6  0x00007f07ba700e47 in vmstate_register_ram_global (mr=mr@entry=0x7f07bbb67d60)
    at /usr/src/debug/qemu-2.1.2/savevm.c:1418
#7  0x00007f07ba6f4f79 in allocate_system_memory_nonnuma (ram_size=2147483648, 
---Type <return> to continue, or q <return> to quit---
    name=0x7f07ba93ecb6 "pc.ram", owner=0x0, mr=0x7f07bbb67d60)
    at /usr/src/debug/qemu-2.1.2/numa.c:275
#8  memory_region_allocate_system_memory (mr=mr@entry=0x7f07bbb67d60, 
    owner=owner@entry=0x0, name=name@entry=0x7f07ba93ecb6 "pc.ram", ram_size=2147483648)
    at /usr/src/debug/qemu-2.1.2/numa.c:286
#9  0x00007f07ba72cd5e in pc_memory_init (machine=machine@entry=0x7f07bb9c3c80, 
    system_memory=system_memory@entry=0x7f07bb9c4bb0, below_4g_mem_size=2147483648, 
    above_4g_mem_size=0, rom_memory=rom_memory@entry=0x7f07bb9cf120, 
    ram_memory=ram_memory@entry=0x7fff00161040, guest_info=guest_info@entry=0x7f07bb9ced00)
    at /usr/src/debug/qemu-2.1.2/hw/i386/pc.c:1225
#10 0x00007f07ba72e586 in pc_init1 (machine=0x7f07bb9c3c80, kvmclock_enabled=1, 
    pci_enabled=1) at /usr/src/debug/qemu-2.1.2/hw/i386/pc_piix.c:181
#11 0x00007f07ba6c1993 in main (argc=<optimized out>, argv=<optimized out>, 
    envp=<optimized out>) at vl.c:4421

2. # sh qemu.sh 
Warning: option deprecated, use lost_tick_policy property of kvm-pit instead.
QEMU 2.1.2 monitor - type 'help' for more information
(qemu) /mnt/kvm_hugepag: No such file or directory
qemu-kvm: /builddir/build/BUILD/qemu-2.1.2/exec.c:1220: qemu_ram_set_idstr: Assertion `new_block' failed.
qemu.sh: line 35: 16144 Aborted                 (core dumped) 

3. Qemu CML:
/bin/qemu-kvm \
    -S  \
    -name 'virt-tests-vm1'  \
    -sandbox off  \
    -M pc  \
    -nodefaults  \
    -vga qxl  \
    -global qxl-vga.vram_size=33554432 \
    -device intel-hda,bus=pci.0,addr=03 \
    -device hda-duplex  \
    -chardev socket,id=qmp_id_qmpmonitor1,path=/tmp/monitor-qmpmonitor1-20140928-172700-4g3PfMTp,server,nowait \
    -mon chardev=qmp_id_qmpmonitor1,mode=control  \
    -chardev socket,id=serial_id_serial0,path=/tmp/serial-serial0-20140928-172700-4g3PfMTp,server,nowait \
    -device isa-serial,chardev=serial_id_serial0 \
    -device virtio-serial-pci,id=virtio_serial_pci0,bus=pci.0,addr=04  \
    -chardev socket,id=devvs,path=/tmp/virtio_port-vs-20140928-172700-4g3PfMTp,server,nowait \
    -device virtserialport,chardev=devvs,name=vs,id=vs,bus=virtio_serial_pci0.0  \
    -chardev socket,id=seabioslog_id_20140928-172700-4g3PfMTp,path=/tmp/seabios-20140928-172700-4g3PfMTp,server,nowait \
    -device isa-debugcon,chardev=seabioslog_id_20140928-172700-4g3PfMTp,iobase=0x402 \
    -device nec-usb-xhci,id=usb1,bus=pci.0,addr=05 \
    -drive id=drive_image1,if=none,cache=none,snapshot=off,aio=native,file=/home/staf-kvm-devel/autotest-devel/client/tests/virt/shared/data/images/RHEL-Server-6.6-64-virtio.qcow2 \
    -device virtio-blk-pci,id=image1,drive=drive_image1,bootindex=0,bus=pci.0,addr=06 \
    -device virtio-net-pci,mac=9a:eb:ec:ed:ee:ef,id=idcejB0N,vectors=4,netdev=idkbmGLy,bus=pci.0,addr=07  \
    -netdev tap,id=idkbmGLy,vhost=on  \
    -m 2048  \
    -mem-path  /mnt/kvm_hugepag \
    -smp 8,cores=4,threads=1,sockets=2  \
    -cpu 'SandyBridge',+kvm_pv_unhalt \
    -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1  \
    -rtc base=utc,clock=host,driftfix=slew  \
    -boot order=cdn,once=c,menu=off  \
    -no-kvm-pit-reinjection \
    -enable-kvm \
    -monitor stdio \
    -vnc :0

4. host info:
processor	: 23
vendor_id	: GenuineIntel
cpu family	: 6
model		: 45
model name	: Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz
stepping	: 7
microcode	: 0x710
cpu MHz		: 2277.265
cache size	: 15360 KB
physical id	: 1
siblings	: 12
core id		: 5
cpu cores	: 6
apicid		: 43
initial apicid	: 43
fpu		: yes
fpu_exception	: yes
cpuid level	: 13
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb xsaveopt pln pts dtherm tpr_shadow vnmi flexpriority ept vpid
bogomips	: 4004.38
clflush size	: 64
cache_alignment	: 64
address sizes	: 46 bits physical, 48 bits virtual
power management:
Comment 3 Luiz Capitulino 2014-10-30 14:27:40 UTC 
*** Bug 1158793 has been marked as a duplicate of this bug. ***
Comment 4 Eduardo Habkost 2014-11-12 15:22:52 UTC 
*** Bug 1162989 has been marked as a duplicate of this bug. ***
Comment 5 Miroslav Rezanina 2014-11-13 09:06:18 UTC 
Fix included in qemu-kvm-rhev-2.1.2-8.el7
Comment 7 huiqingding 2014-11-21 05:15:43 UTC 
Reproduce this bug using the following version:
kernel-3.10.0-205.el7.x86_64
qemu-kvm-rhev-2.1.2-6.el7.x86_64

Steps to Reroduce:
1. mount hugetlbfs
mount -t hugetlbfs none /mnt/kvm_hugepage

2. boot up the guest on a non-existent path with option '-mem-path'.
#/usr/libexec/qemu-kvm -S -name 'virt-tests-vm1' -sandbox off -M pc -nodefaults -vga qxl -global qxl-vga.vram_size=33554432 -device intel-hda,bus=pci.0,addr=03 -device hda-duplex -chardev socket,id=qmp_id_qmpmonitor1,path=/tmp/monitor-qmpmonitor1-20140928-172700-4g3PfMTp,server,nowait -mon chardev=qmp_id_qmpmonitor1,mode=control -chardev socket,id=serial_id_serial0,path=/tmp/serial-serial0-20140928-172700-4g3PfMTp,server,nowait -device isa-serial,chardev=serial_id_serial0 -device virtio-serial-pci,id=virtio_serial_pci0,bus=pci.0,addr=04 -chardev socket,id=devvs,path=/tmp/virtio_port-vs-20140928-172700-4g3PfMTp,server,nowait -device virtserialport,chardev=devvs,name=vs,id=vs,bus=virtio_serial_pci0.0 -chardev socket,id=seabioslog_id_20140928-172700-4g3PfMTp,path=/tmp/seabios-20140928-172700-4g3PfMTp,server,nowait -device isa-debugcon,chardev=seabioslog_id_20140928-172700-4g3PfMTp,iobase=0x402 -device nec-usb-xhci,id=usb1,bus=pci.0,addr=05 -drive id=drive_image1,if=none,cache=none,snapshot=off,aio=native,file=/home/rhel7_1_1029.qcow2 -device virtio-blk-pci,id=image1,drive=drive_image1,bootindex=0,bus=pci.0,addr=06 -device virtio-net-pci,mac=9a:eb:ec:ed:ee:ef,id=idcejB0N,vectors=4,netdev=idkbmGLy,bus=pci.0,addr=07 -netdev tap,id=idkbmGLy,vhost=on -m 2048 -mem-path /mnt/kvm_hugepag -smp 8,cores=4,threads=1,sockets=2 -cpu 'SandyBridge',+kvm_pv_unhalt -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 -rtc base=utc,clock=host,driftfix=slew -boot order=cdn,once=c,menu=off -no-kvm-pit-reinjection -enable-kvm -monitor stdio -vnc :0

Result:
after step2, qemu-kvm core dump:
(gdb) 
#0  0x00007ffff1a085d7 in raise () from /lib64/libc.so.6
#1  0x00007ffff1a09cc8 in abort () from /lib64/libc.so.6
#2  0x00007ffff1a01546 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007ffff1a015f2 in __assert_fail () from /lib64/libc.so.6
#4  0x00005555556248a9 in qemu_ram_set_idstr (addr=<optimized out>, name=<optimized out>, dev=dev@entry=0x0) at /usr/src/debug/qemu-2.1.2/exec.c:1220
#5  0x000055555565cdd3 in vmstate_register_ram (mr=mr@entry=0x55555632a570, dev=dev@entry=0x0) at /usr/src/debug/qemu-2.1.2/savevm.c:1407
#6  0x000055555565ce07 in vmstate_register_ram_global (mr=mr@entry=0x55555632a570) at /usr/src/debug/qemu-2.1.2/savevm.c:1418
#7  0x0000555555650f29 in allocate_system_memory_nonnuma (ram_size=2147483648, name=0x55555589cb36 "pc.ram", owner=0x0, mr=0x55555632a570) at /usr/src/debug/qemu-2.1.2/numa.c:275
#8  memory_region_allocate_system_memory (mr=mr@entry=0x55555632a570, owner=owner@entry=0x0, name=name@entry=0x55555589cb36 "pc.ram", ram_size=2147483648) at /usr/src/debug/qemu-2.1.2/numa.c:286
#9  0x000055555568957e in pc_memory_init (machine=machine@entry=0x5555561862e0, system_memory=system_memory@entry=0x5555561871f0, below_4g_mem_size=2147483648, above_4g_mem_size=0, 
    rom_memory=rom_memory@entry=0x555556191790, ram_memory=ram_memory@entry=0x7fffffffd9c0, guest_info=guest_info@entry=0x555556191340) at /usr/src/debug/qemu-2.1.2/hw/i386/pc.c:1225
#10 0x000055555568ada6 in pc_init1 (machine=0x5555561862e0, kvmclock_enabled=1, pci_enabled=1) at /usr/src/debug/qemu-2.1.2/hw/i386/pc_piix.c:181
#11 0x000055555561d8c3 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4434
Comment 8 huiqingding 2014-11-21 05:17:23 UTC 
Test this issue using the following version:
kernel-3.10.0-205.el7.x86_64
qemu-kvm-rhev-2.1.2-8.el7.x86_64

Test the same steps of comment 7, after step2, the guest can boot normally and qemu-kvm does not core dump.

Based on the above result, I think this issue has been fixed.
Comment 11 errata-xmlrpc 2015-03-05 09:56:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0624.html
Note You need to log in before you can comment on or make changes to this bug.