Bug 247545 - kernel BUG at arch/i386/mm/pgtable-xen.c:306! >=2GB guest mem.
Summary: kernel BUG at arch/i386/mm/pgtable-xen.c:306! >=2GB guest mem.
Status: CLOSED DUPLICATE of bug 233543
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel-xen
Version: 4.5
Hardware: i386
OS: Linux
Target Milestone: ---
: ---
Assignee: Chris Lalancette
QA Contact: Martin Jenner
Depends On:
TreeView+ depends on / blocked
Reported: 2007-07-09 20:35 UTC by Lars Jonsson
Modified: 2007-11-17 01:14 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-07-25 17:47:35 UTC

Attachments (Terms of Use)

Description Lars Jonsson 2007-07-09 20:35:00 UTC
Description of problem:

Im trying to run RHEL 4.5 (kernel-xenU-2.6.9-55.0.2.EL.i686) guests in RHEL 5
xen RHEL 5 (kernel-xen-2.6.18-8.1.6.el5) but I getting kernel panic when
allocating more the 2GB (2000) of RAM on the rhel4.5 guest, The panic will
happen randomly when booting, some time it can stay up for some minutes.
Ive gotten the guest to run stable when running on exactly 2000 in mem.. but if
you play around with the mem the kernel will then panic.    

My system is a HP BL465c 16GB RAM.

guest config:
# Automatically generated xen config file
name = "rhel45guest"
memory = "4096"
disk = [ 'tap:aio:/xen/images/my-hostname/hda,xvda,w', ]
vif = [ 'mac=00:16:3e:38:32:73, bridge=xenbr1', ]
uuid = "8d06a0f2-3705-4a7a-9853-679f25220d61"
serial = "pty" # enable serial console
on_reboot   = 'restart'
#on_crash    = 'restart'

How reproducible:

running a big machine with RHEL5 and RHEL4.5 PV guests allocating more then 2GB
ram to the guest.

Steps to Reproduce:
1. create a rhel 4.5 pv guest in rhel 5
2. add more the 2000 on guest
3. xm create <guest-config>
Actual results:

Im  spammed with this in the xm dmesg on domain 0:

(XEN) (file=/builddir/build/BUILD/kernel-2.6.18/xen/include/asm/mm.h, line=220)
Error pfn 2a33f9: rd=ff26c080, od=ff1b2080, caf=80000001, taf=e8000000
(XEN) DOM21: (file=mm.c, line=618) Error getting mfn 2a33f9 (pfn 1edbf9) from L1
entry 00000002a33f9025 for dom21
(XEN) DOM21: (file=mm.c, line=3173) ptwr_emulate: fixing up invalid PAE PTE
(XEN) (file=memory.c, line=127) Could not allocate order=0 extent: id=21
memflags=1 (0 of 1)

the guest panic error:
------------[ cut here ]------------
kernel BUG at arch/i386/mm/pgtable-xen.c:306!
invalid operand: 0000 [#8]
Modules linked in: dm_snapshot dm_zero dm_mirror ext3 jbd dm_mod xenblk sd_mod
CPU:    1
EIP:    0061:[<c011163a>]    Not tainted VLI
EFLAGS: 00010282   (2.6.9-55.0.2.ELxenU) 
EIP is at pgd_ctor+0x1d/0x26
eax: fffffff4   ebx: 00000000   ecx: f5392040   edx: 00000000
esi: c321dd80   edi: ed6f2620   ebp: 00000001   esp: ecb57d6c
ds: 007b   es: 007b   ss: 0068
Process default.hotplug (pid: 464, threadinfo=ecb57000 task=ecb21930)
Stack: c0141ad5 ecbb6000 c321dd80 00000001 ecbb6000 ed6f2620 c321dd80 c321de40 
       c0141c57 c321dd80 ed6f2620 00000001 c321dd80 ed6f2620 ecbb6000 00000010 
       00000001 000000d0 c329c080 0000000c c321de08 c321dd80 c0141e46 c321dd80 
Call Trace:
 [<c0141ad5>] cache_init_objs+0x35/0x56
 [<c0141c57>] cache_grow+0xfb/0x187
 [<c0141e46>] cache_alloc_refill+0x163/0x19c
 [<c0142061>] kmem_cache_alloc+0x67/0x97
 [<c0111671>] pgd_alloc+0x17/0x336
 [<c01199d4>] mm_init+0xd7/0x116
 [<c01199e4>] mm_init+0xe7/0x116
 [<c0119c8a>] copy_mm+0xbb/0x396
 [<c0268a6c>] __cond_resched+0x14/0x3c
 [<c011aa5a>] copy_process+0x6b5/0xb0b
 [<c011af9d>] do_fork+0x8a/0x16b
 [<c0126b05>] sigprocmask+0xb6/0xd0
 [<c0126c58>] sys_rt_sigprocmask+0x139/0x14c
 [<c0105d2c>] sys_clone+0x24/0x28
 [<c010737f>] syscall_call+0x7/0xb
Code: 74 02 66 a5 a8 01 74 01 a4 5e 5b 5e 5f c3 80 3d 04 07 2f c0 00 75 1c 6a 20
6a 00 ff 74 24 0c e8 ce 37 00 00 83 c4 0c 85 c0 74 08 <0f> 0b 32 01 16 2d 27 c0
c3 80 3d 04 07 2f c0 00 75 0d c7 44 24 
 <0>Fatal exception: panic in 5 seconds

Expected results:

to work and be stable.

Comment 1 Red Hat Bugzilla 2007-07-25 00:54:05 UTC
change QA contact

Comment 2 Chris Lalancette 2007-07-25 17:47:35 UTC
This is a duplicate of a bug that we already have a patch for.  Closing it as such.

Chris Lalancette

*** This bug has been marked as a duplicate of 233543 ***

Note You need to log in before you can comment on or make changes to this bug.