Bug 1275230 - memory unplug triggers BUG_ON: kernel BUG at mm/memory_hotplug.c:703!
Summary: memory unplug triggers BUG_ON: kernel BUG at mm/memory_hotplug.c:703!
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm-rhev
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Igor Mammedov
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 1305606 1278282 1288337
TreeView+ depends on / blocked
 
Reported: 2015-10-26 10:16 UTC by Igor Mammedov
Modified: 2016-11-07 20:48 UTC (History)
13 users (show)

Fixed In Version: qemu-kvm-rhev-2.5.0-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1278282 (view as bug list)
Environment:
Last Closed: 2016-11-07 20:48:40 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2673 normal SHIPPED_LIVE qemu-kvm-rhev bug fix and enhancement update 2016-11-08 01:06:13 UTC

Description Igor Mammedov 2015-10-26 10:16:48 UTC
Description of problem:
commit aa8580cd "pc: memhp: force gaps between DIMM's GPA"
regressed memory hot-unplug for linux guests triggering
following BUGON
 =====
 kernel BUG at mm/memory_hotplug.c:703!
 ...
 [<ffffffff81385fa7>] acpi_memory_device_remove+0x79/0xa5
 [<ffffffff81357818>] acpi_bus_trim+0x5a/0x8d
 [<ffffffff81359026>] acpi_device_hotplug+0x1b7/0x418
 ===
    BUG_ON(phys_start_pfn & ~PAGE_SECTION_MASK);
 ===

reson for it is that x86-64 linux guest supports memory
hotplug in chunks of 128Mb and memory section also should
be 128Mb aligned.
However gaps forced between 128Mb DIMMs with backend's
natural alignment of 2Mb make the 2nd and following
DIMMs not being aligned on 128Mb boundary as it was
originally.


Version-Release number of selected component (if applicable):
qemu-kvm-rhev-2.3.0-31

How reproducible:
100%

Steps to Reproduce:
1. start RHEL72 guest liek this:
 /usr/libexec/qemu-kvm -enable-kvm  -m 4G,slots=8,maxmem=32G rhel72.img  -object memory-backend-ram,id=m0,size=1G -device pc-dimm,id=dimm0,memdev=m0  -snapshot -numa node -object memory-backend-ram,id=m1,size=1G -device pc-dimm,id=dimm1,memdev=m1 -monitor unix:/tmp/u,server,nowait -nographic

2. execute following command twice:
 echo "device_del dimm1" | nc -U /tmp/u

Actual results:
guest crash

Expected results:
no guest crash

Comment 7 Yumei Huang 2016-05-19 02:58:31 UTC
Reproduce:
qemu-kvm-rhev-2.3.0-31.el7
kernel-3.10.0-366.el7.x86_64

Steps:
1. boot rhel7.2 guest:
# /usr/libexec/qemu-kvm -name rhel72-sn5 -m 4G,slots=8,maxmem=40G  \

-smp 4,sockets=4,cores=1,threads=1 -no-user-config -nodefaults -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard \

-boot menu=on,strict=on -object iothread,id=iothread0 -drive file=/home/guest/RHEL-Server-7.2-64-virtio.qcow2,if=none,id=drive-data-disk,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop  -device virtio-blk-pci,drive=drive-data-disk,id=data-disk,iothread=iothread0,bus=pci.0,addr=0x7   \

-netdev tap,id=hostnet1,vhost=on -device e1000,netdev=hostnet1,id=net2,mac=10:1a:4a:42:0a:0b,bus=pci.0,addr=0xa -usb -device usb-tablet,id=input0 -vga qxl   \

-spice port=5901,addr=0.0.0.0,disable-ticketing,image-compression=off,seamless-migration=on -monitor unix:/tmp/monitor3,server,nowait -serial unix:/tmp/console,server,nowait -monitor stdio


2. Hotplug memory 5 times via script 
#!/bin/bash 
i=0 
while [ $i -lt 5 ] 
do 
echo $i 
sleep 3 
echo "object_add memory-backend-ram,id=mem$i,size=128M"|nc -U /tmp/monitor3 
sleep 2 
echo "device_add pc-dimm,id=dimm$i,memdev=mem$i,slot=$i"|nc -U /tmp/monitor3 
i=$(($i+1)) 
done 

3. Unplug memory 5 times via script; 
#!/bin/bash
i=0
while [ $i -lt 5 ]
do
echo $i
sleep 3
echo "device_del dimm$i"|nc -U /tmp/monitor3
echo "object_del mem$i"|nc -U /tmp/monitor3
sleep 2
i=$(($i+1))
done 

After step 3, guest crashed. Got "kernel BUG at mm/memory_hotplug.c:703!" in the guest console. 
So the bug is reproduced. 

Verify:
qemu-kvm-rhev-2.6.0-1.el7
kernel-3.10.0-366.el7.x86_64

With same steps as above, guest works well.
So the bug is fixed.

Comment 10 errata-xmlrpc 2016-11-07 20:48:40 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2673.html


Note You need to log in before you can comment on or make changes to this bug.