[bug 1.1] -M pc-1.0 + vhost = SIGSEGV

[bug 1.1] -M pc-1.0 + vhost = SIGSEGV

[Michael Tokarev]

When running current git version of qemu-kvm with -M pc-1.0
and with vhost-net enabled, it crashes with SIGSEGV right when
linux guest loads a virtio-net module.

I haven't tried to debug this deeply.  The first result is:

(gdb) ru -M pc-1.0 -nodefconfig -nodefaults -rtc base=utc -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -netdev tap,ifname=tap-kvm,script=no,id=hostnet0,vhost=on -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:b4:05:b5,bus=pci.0,addr=0x3 -vga cirrus
Starting program: /build/kvm/debian/build/x86_64-softmmu/qemu-system-x86_64 -M pc-1.0 -nodefconfig -nodefaults -rtc base=utc -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -netdev tap,ifname=tap-kvm,script=no,id=hostnet0,vhost=on -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:b4:05:b5,bus=pci.0,addr=0x3 -vga cirrus
...
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xf65f4b70 (LWP 11245)]
0x5668b01a in virtio_pci_mask_vq (vector=vector@entry=1, vq=0x57064448,
    masked=masked@entry=0,
    dev=<error reading variable: Unhandled dwarf expression opcode 0xfa>)
    at /build/kvm/debian/hw/virtio-pci.c:546
546	    int r = kvm_set_irqfd(dev->msix_irq_entries[vector].gsi,

Now, my gdb can't read `dev' variable.  One level up the stack
this variable is shown correctly:

#1  0x5668b15d in virtio_pci_mask_notifier (dev=0x57062748, vector=1, masked=0)
    at /build/kvm/debian/hw/virtio-pci.c:576
576	        r = virtio_pci_mask_vq(dev, vector, virtio_get_queue(vdev, n), masked);
(gdb) p dev->msix_irq_entries[vector].gsi
Cannot access memory at address 0x10
(gdb) p dev
$1 = (PCIDevice *) 0x57062748
(gdb) p dev->msix_irq_entries
$4 = (KVMMsiMessage *) 0x0

So it looks like msix isn't initialized for -M pc-1.0 ?

Thanks,

/mjt

Re: [bug 1.1] -M pc-1.0 + vhost = SIGSEGV

[Michael Tokarev]

On 01.07.2012 19:06, Michael Tokarev wrote:
> When running current git version of qemu-kvm with -M pc-1.0
> and with vhost-net enabled, it crashes with SIGSEGV right when
> linux guest loads a virtio-net module.

And when this happens when a persistent tap device is used,
that tap device becomes unusable until removed and recreated --
it "works" but no network packet goes on.  So it looks like
we've two bugs, one in userspace qemu 1.1 and another in
host kernel (3.0).

Thanks,

/mjt

Re: [bug 1.1] -M pc-1.0 + vhost = SIGSEGV

[Jan Kiszka]

On 2012-07-01 17:06, Michael Tokarev wrote:
> When running current git version of qemu-kvm with -M pc-1.0

Just to clarify: you are talking about stable-1.1 git, not master.

> and with vhost-net enabled, it crashes with SIGSEGV right when
> linux guest loads a virtio-net module.
> 
> I haven't tried to debug this deeply.  The first result is:
> 
> (gdb) ru -M pc-1.0 -nodefconfig -nodefaults -rtc base=utc -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -netdev tap,ifname=tap-kvm,script=no,id=hostnet0,vhost=on -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:b4:05:b5,bus=pci.0,addr=0x3 -vga cirrus
> Starting program: /build/kvm/debian/build/x86_64-softmmu/qemu-system-x86_64 -M pc-1.0 -nodefconfig -nodefaults -rtc base=utc -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -netdev tap,ifname=tap-kvm,script=no,id=hostnet0,vhost=on -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:b4:05:b5,bus=pci.0,addr=0x3 -vga cirrus
> ...
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0xf65f4b70 (LWP 11245)]
> 0x5668b01a in virtio_pci_mask_vq (vector=vector@entry=1, vq=0x57064448,
>     masked=masked@entry=0,
>     dev=<error reading variable: Unhandled dwarf expression opcode 0xfa>)
>     at /build/kvm/debian/hw/virtio-pci.c:546
> 546	    int r = kvm_set_irqfd(dev->msix_irq_entries[vector].gsi,
> 
> Now, my gdb can't read `dev' variable.  One level up the stack
> this variable is shown correctly:
> 
> #1  0x5668b15d in virtio_pci_mask_notifier (dev=0x57062748, vector=1, masked=0)
>     at /build/kvm/debian/hw/virtio-pci.c:576
> 576	        r = virtio_pci_mask_vq(dev, vector, virtio_get_queue(vdev, n), masked);
> (gdb) p dev->msix_irq_entries[vector].gsi
> Cannot access memory at address 0x10
> (gdb) p dev
> $1 = (PCIDevice *) 0x57062748
> (gdb) p dev->msix_irq_entries
> $4 = (KVMMsiMessage *) 0x0
> 
> So it looks like msix isn't initialized for -M pc-1.0 ?

Yes, because the machine option defaults are missing here. Will send a
patch.

Also vhost is buggy as it depends on in-kernel irqchip but doesn't check
for it. Needs to be fixed as well.

Jan
-- 
Siemens AG, Corporate Technology, CT RTC ITP SDP-DE
Corporate Competence Center Embedded Linux

Re: [bug 1.1] -M pc-1.0 + vhost = SIGSEGV

[Michael Tokarev]

02.07.2012 11:20, Jan Kiszka wrote:
> On 2012-07-01 17:06, Michael Tokarev wrote:
>> When running current git version of qemu-kvm with -M pc-1.0
> 
> Just to clarify: you are talking about stable-1.1 git, not master.

Yes, as the $Subject (partially) says.

[]
>> So it looks like msix isn't initialized for -M pc-1.0 ?

And for earlier pc numbers too (eg -M pc-0.15).

> Yes, because the machine option defaults are missing here. Will send a
> patch.
> 
> Also vhost is buggy as it depends on in-kernel irqchip but doesn't check
> for it. Needs to be fixed as well.

And while we're at it, can we please take a look at the kernel
side of this bug, mentioned in other my email?  Namely, when
qemu-kvm sigsegvs in this place, the (persistent) tap device
becomes unusable and needs to be re-created (no packets are
flowing).  We've a nice "reproducer" now for this kernel issue.

(Cc'ing mst for this)

Thanks,

/mjt