Bug 1152875

Summary: qemu core dumped when hotplug memory twice with size=0.1G option
Product: Red Hat Enterprise Linux 7 Reporter: Lin Chen <linchen>
Component: qemu-kvm-rhevAssignee: Igor Mammedov <imammedo>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 7.1CC: drjones, hhuang, huding, juzhang, michen, mrezanin, virt-maint, xfu
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: qemu 2.2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-04 16:19:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lin Chen 2014-10-15 06:36:18 UTC 
Description of problem:
qemu core dumped when hotplug memory twice with size=0.1G option
first time:
(qemu) object_add memory-backend-ram,id=mem0,size=0.1G
(qemu) device_add pc-dimm,id=dimm0,memdev=mem0
-->hotplug memory successfully

second time:
(qemu) object_add memory-backend-ram,id=mem1,size=0.1G
(qemu) device_add pc-dimm,id=dimm1,memdev=mem1
-->get error message:kvm_set_phys_mem: error registering slot: Invalid argument
And qemu core dumped


Version-Release number of selected component (if applicable):
inside host:
  uname -r
  3.10.0-186.el7.x86_64
  rpm -qa|grep qemu
  qemu-kvm-rhev-2.1.2-3.el7.x86_64
 

How reproducible:
100%

Steps to Reproduce:
1.boot guest with:
/usr/libexec/qemu-kvm -m 4G,slots=10,maxmem=8G -numa node,cpus=0,nodeid=0 -numa node,cpus=1,nodeid=1
2.hotplug memory twice with size=0.1G option
first time:
(qemu) object_add memory-backend-ram,id=mem0,size=0.1G
(qemu) device_add pc-dimm,id=dimm0,memdev=mem0

second time:
(qemu) object_add memory-backend-ram,id=mem1,size=0.1G
(qemu) device_add pc-dimm,id=dimm1,memdev=mem1

Actual results:
first time:
hotplug memory successfully

second time:
get error message:kvm_set_phys_mem: error registering slot: Invalid argument
And qemu core dumped

Expected results:
hotplug memory successfully and shouldn't let qemu core dump when hotplug memory second time with size=0.1G option. 

Additional info:
gdb information:
(gdb) bt
#0  0x00007ffff1ea1989 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff1ea3098 in __GI_abort () at abort.c:90
#2  0x0000555555652dd7 in kvm_set_phys_mem (section=0x7fffffffc1a0, add=true) at /usr/src/debug/qemu-2.1.2/kvm-all.c:694
#3  0x0000555555654fdf in address_space_update_topology_pass (as=as@entry=0x555555cb03a0 <address_space_memory>, adding=adding@entry=true, 
    new_view=<optimized out>, new_view=<optimized out>, old_view=0x5555563b4790, old_view=0x5555563b4790)
    at /usr/src/debug/qemu-2.1.2/memory.c:753
#4  0x00005555556570a0 in address_space_update_topology (as=0x555555cb03a0 <address_space_memory>)
    at /usr/src/debug/qemu-2.1.2/memory.c:768
#5  memory_region_transaction_commit () at /usr/src/debug/qemu-2.1.2/memory.c:809
#6  0x0000555555686b1c in pc_dimm_plug (errp=0x7fffffffc440, dev=0x5555563b0030, hotplug_dev=<optimized out>)
    at /usr/src/debug/qemu-2.1.2/hw/i386/pc.c:1614
#7  pc_machine_device_plug_cb (hotplug_dev=<optimized out>, dev=0x5555563b0030, errp=0x7fffffffc440)
    at /usr/src/debug/qemu-2.1.2/hw/i386/pc.c:1628
#8  0x0000555555782d65 in device_set_realized (obj=<optimized out>, value=<optimized out>, errp=0x7fffffffc568) at hw/core/qdev.c:850
#9  0x00005555557ff23e in property_set_bool (obj=0x5555563b0030, v=<optimized out>, opaque=0x5555563b09a0, name=<optimized out>, 
    errp=0x7fffffffc568) at qom/object.c:1473
#10 0x00005555558019e7 in object_property_set_qobject (obj=0x5555563b0030, value=<optimized out>, name=0x5555558c0430 "realized", 
    errp=0x7fffffffc568) at qom/qom-qobject.c:24
#11 0x0000555555800600 in object_property_set_bool (obj=obj@entry=0x5555563b0030, value=value@entry=true, 
    name=name@entry=0x5555558c0430 "realized", errp=errp@entry=0x7fffffffc568) at qom/object.c:888
#12 0x000055555570fb2f in qdev_device_add (opts=opts@entry=0x5555563b4fa0) at qdev-monitor.c:554
#13 0x000055555570ff0a in do_device_add (mon=<optimized out>, qdict=<optimized out>, ret_data=<optimized out>) at qdev-monitor.c:677
#14 0x000055555564c08f in handle_user_command (mon=mon@entry=0x5555561a5400, cmdline=<optimized out>)
    at /usr/src/debug/qemu-2.1.2/monitor.c:4112
#15 0x000055555564c467 in monitor_command_cb (opaque=0x5555561a5400, cmdline=<optimized out>, readline_opaque=<optimized out>)
    at /usr/src/debug/qemu-2.1.2/monitor.c:5156
#16 0x000055555588ebdf in readline_handle_byte (rs=0x55555630de30, ch=<optimized out>) at util/readline.c:391
#17 0x000055555564c3f7 in monitor_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>)
    at /usr/src/debug/qemu-2.1.2/monitor.c:5139
#18 0x000055555571bcd1 in qemu_chr_be_write (len=<optimized out>, buf=0x7fffffffc750 "\r\020", s=0x555556175d30) at qemu-char.c:213
#19 fd_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=0x555556175d30) at qemu-char.c:920
#20 0x00007ffff64b2ac6 in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#21 0x0000555555839048 in glib_pollfds_poll () at main-loop.c:190
#22 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:235
#23 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:484
#24 0x000055555561cc1e in main_loop () at vl.c:2010
---Type <return> to continue, or q <return> to quit---
#25 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4552
Comment 2 Igor Mammedov 2014-11-04 16:40:33 UTC 
caused by alignment issue, fix are posted upstream "not allowing non page aligned sizes/addresses" along with fixes for bug 1155581
Comment 3 Igor Mammedov 2015-02-03 14:22:50 UTC 
fixed upstream in 2.2 release,
we should get fixes in RHEV7.2 which is palnned to be based on 2.3
Comment 4 Igor Mammedov 2015-02-12 12:37:39 UTC 
please retest when qemu 7.2 build is available.
Comment 7 Lin Chen 2015-06-23 07:03:41 UTC 
reproduce:
host kernel:3.10.0-267.el7.x86_64
host qemu:  qemu-kvm-rhev-2.1.2-21.el7.x86_64

QE retested this bug on the above environment,then got the same result.
So, the bug is reproduced on the above environment.


verify:
host kernel:3.10.0-267.el7.x86_64
host qemu:  qemu-kvm-rhev-2.3.0-4.el7.x86_64

QE retested this bug on the above environment. After hot-plug 0.1G memory, qemu didn't core dump and got error info:backend memory size must be multiple of 0x200000.
So, the bug fixed.
Comment 8 huiqingding 2015-06-24 03:41:46 UTC 
Based on Comment 7, set this bug to VERIFIED.

Best regards,
Huiqing
Comment 11 errata-xmlrpc 2015-12-04 16:19:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2546.html