From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Clayton Subject: Re: qemu-kvm-1.1.0 crashing with kernel 3.5.0-rc6 Date: Fri, 27 Jul 2012 11:46:50 +0100 Message-ID: <5012719A.5080208@googlemail.com> References: <4FFAB92C.4030001@googlemail.com> <4FFD26B6.8000802@googlemail.com> <20120711071200.GG23898@redhat.com> <4FFD28B9.9040604@googlemail.com> <20120711072255.GH23898@redhat.com> <50031F85.6020908@googlemail.com> <5007FA1C.5080606@googlemail.com> <5007FAD6.2010407@redhat.com> <500850AD.8080504@googlemail.com> <50111369.6020209@googlemail.com> <50111566.5070202@redhat.com> <501130CF.5050207@googlemail.com> <501132EB.6060705@redhat.com> <5011D123.4060101@googlemail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: Avi Kivity , Gleb Natapov , kvm@vger.kernel.org, Jan Kiszka To: Chris Clayton Return-path: Received: from mail-ee0-f46.google.com ([74.125.83.46]:38290 "EHLO mail-ee0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752372Ab2G0Kqw (ORCPT ); Fri, 27 Jul 2012 06:46:52 -0400 Received: by eeil10 with SMTP id l10so621993eei.19 for ; Fri, 27 Jul 2012 03:46:51 -0700 (PDT) In-Reply-To: <5011D123.4060101@googlemail.com> Sender: kvm-owner@vger.kernel.org List-ID: On 07/27/12 00:22, Chris Clayton wrote: > On 07/26/12 13:07, Avi Kivity wrote: >> On 07/26/2012 02:58 PM, Chris Clayton wrote: >> >>>> It looks like general memory corruption. Is this repeatable? What's >>>> the guest uptime when it happens (i.e. is it immediate?) >>> >>> I've just done 10 runs of WinXP SP3 and 5 of them crashed. Three crashed >>> early as XP was starting up - well before the desktop would have >>> appeared. The other two crashed as XP was closing down, having been >>> running for a few minutes (but not doing much). >>> >>> The error messages seen through dmesg are: >>> >>> qemu-kvm[12778] general protection ip:b6c43d77 sp:b5e800fc error:0 in >>> libc-2.16.so[b6b06000+1b4000] >>> qemu-kvm[12813] general protection ip:b6bf6d77 sp:b54ff0fc error:0 in >>> libc-2.16.so[b6ab9000+1b4000] >>> qemu-kvm[12986] general protection ip:b6cd3d77 sp:b55ff0fc error:0 in >>> libc-2.16.so[b6b96000+1b4000] >>> qemu-kvm[13045] general protection ip:b6c91d77 sp:b54ff0fc error:0 in >>> libc-2.16.so[b6b54000+1b4000] >>> qemu-kvm[13225] general protection ip:b6c5bd77 sp:b54ff0fc error:0 in >>> libc-2.16.so[b6b1e000+1b4000] >>> >>> The other 5 were OK, although I only did a bit of web browsing for few >>> minutes with IE. >> >> Failures always in the same place (I'm guess the variations are due to >> PIE -- please configure with --disable-pie for future tests). >> >> Please generate a core and look around, esp. in frame 3 >> (type_table_lookup). Also try to dissect type_table (you may need to >> install the glib debug symbols for this). >> >> >> Here's another backtrace and source listing of the failing function, following build and installation of libc (2.16) with debugging turned on. I'm afraid it's beyond my current knowledge to know what this might be telling us. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb60ffb40 (LWP 6515)] __strcmp_sse4_2 () at ../sysdeps/i386/i686/multiarch/strcmp-sse4.S:217 217 movdqu (%edx), %xmm2 (gdb) generate-core-file Saved corefile core.6509 (gdb) bt #0 __strcmp_sse4_2 () at ../sysdeps/i386/i686/multiarch/strcmp-sse4.S:217 #1 0xb7e82cb4 in g_str_equal (v1=0x8a0cd58, v2=0x8319b82) at ghash.c:1704 #2 0xb7e8137a in g_hash_table_lookup_node (hash_table=0x89fe800, key=0x8319b82, hash_return=0xb60ff178) at ghash.c:422 #3 0xb7e821e5 in g_hash_table_lookup (hash_table=0x89fe800, key=key@entry=0x8319b82) at ghash.c:1074 #4 0x0815c9cb in type_table_lookup (name=0x8319b82 "apic-common") at qom/object.c:94 #5 type_get_by_name (name=name@entry=0x8319b82 "apic-common") at qom/object.c:149 #6 0x0815cf93 in object_dynamic_cast (obj=obj@entry=0x8a44818, typename=typename@entry=0x8319b82 "apic-common") at qom/object.c:416 #7 0x0815cf2d in object_dynamic_cast_assert (obj=obj@entry=0x8a44818, typename=typename@entry=0x8319b82 "apic-common") at qom/object.c:478 #8 0x08192c1b in cpu_set_apic_tpr (d=0x8a44818, val=7 '\a') at /home/chris/rpm/BUILD/qemu-kvm-1.1.1/hw/apic_common.c:60 #9 0x081cb86c in kvm_arch_post_run (env=env@entry=0x8a3ca60, run=run@entry=0xb6271000) at /home/chris/rpm/BUILD/qemu-kvm-1.1.1/target-i386/kvm.c:1695 #10 0x081c686f in kvm_cpu_exec (env=env@entry=0x8a3ca60) at /home/chris/rpm/BUILD/qemu-kvm-1.1.1/kvm-all.c:1269 #11 0x08198c72 in qemu_kvm_cpu_thread_fn (arg=0x8a3ca60) at /home/chris/rpm/BUILD/qemu-kvm-1.1.1/cpus.c:752 #12 0xb7a3ed9e in start_thread () from /lib/libpthread.so.0 #13 0xb77e45ee in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:132 (gdb) print *(0x8a0cd58) $1 = 1667854433 (gdb) print (char*) 0x8a0cd58 $2 = 0x8a0cd58 "apic-common" (gdb) list __strcmp_sse4_2 201 PUSH (REM) 202 #endif 203 #if defined USE_AS_STRCASECMP_L || defined USE_AS_STRNCASECMP_L 204 PUSH (%edi) 205 #endif 206 mov STR1(%esp), %edx 207 mov STR2(%esp), %eax 208 #if defined USE_AS_STRNCMP || defined USE_AS_STRNCASECMP_L 209 movl CNT(%esp), REM 210 test REM, REM (gdb) list 211 je L(eq) 212 #endif 213 mov %dx, %cx 214 and $0xfff, %cx 215 cmp $0xff0, %cx 216 ja L(first4bytes) 217 movdqu (%edx), %xmm2 218 mov %eax, %ecx 219 and $0xfff, %ecx 220 cmp $0xff0, %ecx (gdb) list 221 ja L(first4bytes) 222 #if defined USE_AS_STRCASECMP_L || defined USE_AS_STRNCASECMP_L 223 # define TOLOWER(reg1, reg2) \ 224 movdqa reg1, %xmm3; \ 225 movdqa UCHIGH_reg, %xmm4; \ 226 movdqa reg2, %xmm5; \ 227 movdqa UCHIGH_reg, %xmm6; \ 228 pcmpgtb UCLOW_reg, %xmm3; \ 229 pcmpgtb reg1, %xmm4; \ 230 pcmpgtb UCLOW_reg, %xmm5; \ (gdb) I'll stop sending backtraces etc in now in the hope that someone will advise me on how I might better direct my efforts. Thanks for your help so far.