Bug 1275230 - memory unplug triggers BUG_ON: kernel BUG at mm/memory_hotplug.c:703!
memory unplug triggers BUG_ON: kernel BUG at mm/memory_hotplug.c:703!
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm-rhev (Show other bugs)
7.2
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Igor Mammedov
Virtualization Bugs
: ZStream
Depends On:
Blocks: 1305606 1278282 1288337
  Show dependency treegraph
 
Reported: 2015-10-26 06:16 EDT by Igor Mammedov
Modified: 2016-11-07 15:48 EST (History)
13 users (show)

See Also:
Fixed In Version: qemu-kvm-rhev-2.5.0-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1278282 (view as bug list)
Environment:
Last Closed: 2016-11-07 15:48:40 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Igor Mammedov 2015-10-26 06:16:48 EDT
Description of problem:
commit aa8580cd "pc: memhp: force gaps between DIMM's GPA"
regressed memory hot-unplug for linux guests triggering
following BUGON
 =====
 kernel BUG at mm/memory_hotplug.c:703!
 ...
 [<ffffffff81385fa7>] acpi_memory_device_remove+0x79/0xa5
 [<ffffffff81357818>] acpi_bus_trim+0x5a/0x8d
 [<ffffffff81359026>] acpi_device_hotplug+0x1b7/0x418
 ===
    BUG_ON(phys_start_pfn & ~PAGE_SECTION_MASK);
 ===

reson for it is that x86-64 linux guest supports memory
hotplug in chunks of 128Mb and memory section also should
be 128Mb aligned.
However gaps forced between 128Mb DIMMs with backend's
natural alignment of 2Mb make the 2nd and following
DIMMs not being aligned on 128Mb boundary as it was
originally.


Version-Release number of selected component (if applicable):
qemu-kvm-rhev-2.3.0-31

How reproducible:
100%

Steps to Reproduce:
1. start RHEL72 guest liek this:
 /usr/libexec/qemu-kvm -enable-kvm  -m 4G,slots=8,maxmem=32G rhel72.img  -object memory-backend-ram,id=m0,size=1G -device pc-dimm,id=dimm0,memdev=m0  -snapshot -numa node -object memory-backend-ram,id=m1,size=1G -device pc-dimm,id=dimm1,memdev=m1 -monitor unix:/tmp/u,server,nowait -nographic

2. execute following command twice:
 echo "device_del dimm1" | nc -U /tmp/u

Actual results:
guest crash

Expected results:
no guest crash
Comment 7 Yumei Huang 2016-05-18 22:58:31 EDT
Reproduce:
qemu-kvm-rhev-2.3.0-31.el7
kernel-3.10.0-366.el7.x86_64

Steps:
1. boot rhel7.2 guest:
# /usr/libexec/qemu-kvm -name rhel72-sn5 -m 4G,slots=8,maxmem=40G  \

-smp 4,sockets=4,cores=1,threads=1 -no-user-config -nodefaults -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard \

-boot menu=on,strict=on -object iothread,id=iothread0 -drive file=/home/guest/RHEL-Server-7.2-64-virtio.qcow2,if=none,id=drive-data-disk,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop  -device virtio-blk-pci,drive=drive-data-disk,id=data-disk,iothread=iothread0,bus=pci.0,addr=0x7   \

-netdev tap,id=hostnet1,vhost=on -device e1000,netdev=hostnet1,id=net2,mac=10:1a:4a:42:0a:0b,bus=pci.0,addr=0xa -usb -device usb-tablet,id=input0 -vga qxl   \

-spice port=5901,addr=0.0.0.0,disable-ticketing,image-compression=off,seamless-migration=on -monitor unix:/tmp/monitor3,server,nowait -serial unix:/tmp/console,server,nowait -monitor stdio


2. Hotplug memory 5 times via script 
#!/bin/bash 
i=0 
while [ $i -lt 5 ] 
do 
echo $i 
sleep 3 
echo "object_add memory-backend-ram,id=mem$i,size=128M"|nc -U /tmp/monitor3 
sleep 2 
echo "device_add pc-dimm,id=dimm$i,memdev=mem$i,slot=$i"|nc -U /tmp/monitor3 
i=$(($i+1)) 
done 

3. Unplug memory 5 times via script; 
#!/bin/bash
i=0
while [ $i -lt 5 ]
do
echo $i
sleep 3
echo "device_del dimm$i"|nc -U /tmp/monitor3
echo "object_del mem$i"|nc -U /tmp/monitor3
sleep 2
i=$(($i+1))
done 

After step 3, guest crashed. Got "kernel BUG at mm/memory_hotplug.c:703!" in the guest console. 
So the bug is reproduced. 

Verify:
qemu-kvm-rhev-2.6.0-1.el7
kernel-3.10.0-366.el7.x86_64

With same steps as above, guest works well.
So the bug is fixed.
Comment 10 errata-xmlrpc 2016-11-07 15:48:40 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2673.html

Note You need to log in before you can comment on or make changes to this bug.