Re: [Qemu-devel] 32-bit “qemu-system-i386 -enable-kvm” segfaults on x86_64

["Dr. David Alan Gilbert" <dgilbert@redhat.com>]

* Ludovic Courtès (ludo@gnu.org) wrote:
> Hi Daniel,
> 
> Thanks for the quick reply.
> 
> Daniel P. Berrangé <berrange@redhat.com> skribis:
> 
> > On Wed, Jul 04, 2018 at 02:34:07PM +0200, Ludovic Courtès wrote:
> >> Hello,
> >> 
> >> (I’m reporting the issue here because for some reason the launchpad.net
> >> login page redirects me to an “oops” page and fails to log me in.)
> >> 
> >> On a Linux 4.17 x86_64 host, “qemu-system-i386 -enable-kvm”, where
> >> qemu-system-i386 is a 32-bit binary, crashes (it works fine without
> >> ‘-enable-kvm’):
> >> 
> >> --8<---------------cut here---------------start------------->8---
> >> $ uname -rm
> >> 4.17.3-gnu x86_64
> >> $ file /gnu/store/h22dc67wzkv0w2l3775f0xqkyr318x5j-qemu-minimal-2.12.0/bin/qemu-system-i386 
> >> /gnu/store/h22dc67wzkv0w2l3775f0xqkyr318x5j-qemu-minimal-2.12.0/bin/qemu-system-i386: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/ld-linux.so.2, for GNU/Linux 2.6.32, stripped
> >
> > It appears that not only are you using qemu-system-i386 on x86_64
> > host, but this has actually also been built as a 32-bit ELF binary,
> > so will be using the 32-bit compat syscalls. This is quite possibly
> > relevant to any crash, so it would be useful to know if qemu-system-i386,
> > when built as a 64-bit ELF binary works or fails.
> 
> The 64-bit qemu-system-i386 works fine.
> 
> > It appears you are using 2.12.0 release, so it is also helpful if
> > you would try using current git master to see if it still reproduces.
> 
> Here’s what I get with today’s master (commit
> 6d8ad1614e0c97c59a87e6c6208ebeb94e769149):

If you do a dmesg after you get the seg fault do you see
any unusual messages ?

Dave

> --8<---------------cut here---------------start------------->8---
> $ file /gnu/store/5fds9826wk2mhl1kcyr2l3a2nd2bypf4-qemu-minimal-2.12.0-6d8ad16/bin/qemu-system-i386
> /gnu/store/5fds9826wk2mhl1kcyr2l3a2nd2bypf4-qemu-minimal-2.12.0-6d8ad16/bin/qemu-system-i386: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /gnu/stor
> e/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/ld-linux.so.2, for GNU/Linux 2.6.32, with debug_info, not stripped
> $ /gnu/store/5fds9826wk2mhl1kcyr2l3a2nd2bypf4-qemu-minimal-2.12.0-6d8ad16/bin/qemu-system-i386 -enable-kvm /dev/null
> WARNING: Image format was not specified for '/dev/null' and probing guessed raw.
>          Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
>          Specify the 'raw' format explicitly to remove the restrictions.
> VNC server running on 127.0.0.1:5900
> Adres-eraro(nekropsio elŝutita)
> --8<---------------cut here---------------end--------------->8---
> 
> And the backtraces:
> 
> --8<---------------cut here---------------start------------->8---
> Core was generated by `/gnu/store/5fds9826wk2mhl1kcyr2l3a2nd2bypf4-qemu-minimal-2.12.0-6d8ad16/bin/qem'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x5674c42e in kvm_vcpu_ioctl (cpu=0x580d3e60, type=44672) at /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/accel/kvm/kvm-all.c:2097
> 2097    /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/accel/kvm/kvm-all.c: Dosiero aŭ dosierujo ne ekzistas.
> [Current thread is 1 (Thread 0xf611db40 (LWP 9698))]
> 
> [...]
> 
> (gdb) thread apply all bt
> 
> Thread 5 (Thread 0xf76e1bc0 (LWP 9695)):
> #0  0xf7f60059 in __kernel_vsyscall ()
> #1  0xf78425e4 in ppoll () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libc.so.6
> #2  0x56c3eec0 in qemu_poll_ns (fds=0x580e8340, nfds=5, timeout=980889000) at util/qemu-timer.c:334
> #3  0x56c400db in os_host_main_loop_wait (timeout=980889000) at util/main-loop.c:233
> #4  0x56c401d6 in main_loop_wait (nonblocking=0) at util/main-loop.c:497
> #5  0x56890b45 in main_loop () at vl.c:1866
> #6  0x56898676 in main (argc=3, argv=0xffc58ee4, envp=0xffc58ef4) at vl.c:4644
> 
> Thread 4 (Thread 0xf76e0b40 (LWP 9696)):
> #0  0xf7f60059 in __kernel_vsyscall ()
> #1  0xf793fa0b in nanosleep () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libpthread.so.0
> #2  0xf7c59fe3 in g_usleep () from /gnu/store/1k808cq1dwlcjlfqmd4p5rxjpz2vckra-glib-2.56.0/lib/libglib-2.0.so.0
> #3  0x56c5c614 in call_rcu_thread (opaque=0x0) at util/rcu.c:253
> #4  0x56c452a5 in qemu_thread_start (args=0x5802b1d0) at util/qemu-thread-posix.c:504
> #5  0xf793535b in start_thread () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libpthread.so.0
> #6  0xf784c5d6 in clone () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libc.so.6
> 
> Thread 3 (Thread 0xec536b40 (LWP 9701)):
> #0  0xf7f60059 in __kernel_vsyscall ()
> #1  0xf793b35c in pthread_cond_wait@@GLIBC_2.3.2 () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libpthread.so.0
> #2  0x56c44a4f in qemu_cond_wait_impl (cond=0x5910a7c0, mutex=0x5910a7f4, file=0x56e3f412 "ui/vnc-jobs.c", line=213) at util/qemu-thread-posix.c:161
> #3  0x56b0eb4f in vnc_worker_thread_loop (queue=0x5910a7c0) at ui/vnc-jobs.c:213
> #4  0x56b0f0e6 in vnc_worker_thread (arg=0x5910a7c0) at ui/vnc-jobs.c:323
> #5  0x56c452a5 in qemu_thread_start (args=0x581486d0) at util/qemu-thread-posix.c:504
> #6  0xf793535b in start_thread () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libpthread.so.0
> #7  0xf784c5d6 in clone () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libc.so.6
> 
> Thread 2 (Thread 0xf6cffb40 (LWP 9697)):
> #0  0xf7f60059 in __kernel_vsyscall ()
> #1  0xf78425e4 in ppoll () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libc.so.6
> #2  0x56c3ee4a in qemu_poll_ns (fds=0xf63005d0, nfds=1, timeout=-1) at util/qemu-timer.c:322
> #3  0x56c41dcc in aio_poll (ctx=0x5804ebc0, blocking=true) at util/aio-posix.c:629
> #4  0x56887a63 in iothread_run (opaque=0x5804e9d0) at iothread.c:64
> #5  0x56c452a5 in qemu_thread_start (args=0x5804fb10) at util/qemu-thread-posix.c:504
> #6  0xf793535b in start_thread () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libpthread.so.0
> #7  0xf784c5d6 in clone () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libc.so.6
> 
> Thread 1 (Thread 0xf611db40 (LWP 9698)):
> #0  0x5674c42e in kvm_vcpu_ioctl (cpu=0x580d3e60, type=44672) at /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/accel/kvm/kvm-all.c:2097
> #1  0x5674bf61 in kvm_cpu_exec (cpu=0x580d3e60) at /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/accel/kvm/kvm-all.c:1929
> #2  0x56714634 in qemu_kvm_cpu_thread_fn (arg=0x580d3e60) at /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/cpus.c:1215
> #3  0x56c452a5 in qemu_thread_start (args=0x580e75d0) at util/qemu-thread-posix.c:504
> #4  0xf793535b in start_thread () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libpthread.so.0
> #5  0xf784c5d6 in clone () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libc.so.6
> (gdb) thread 1
> [Switching to thread 1 (Thread 0xf611db40 (LWP 9698))]
> #0  0x5674c42e in kvm_vcpu_ioctl (cpu=0x580d3e60, type=44672) at /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/accel/kvm/kvm-all.c:2097
> 2097    in /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/accel/kvm/kvm-all.c
> (gdb) info locals
> ret = 0
> arg = 0x0
> ap = 0xf611d03c "\366\276tV \200+W\310%\034W\222\345\210V`>\rX{\347\210V\t"
> (gdb) p *cpu
> $1 = {parent_obj = {parent_obj = {class = 0x5807baa0, free = 0xf7c35800 <g_free>, properties = 0x580aed90, ref = 1, parent = 0x580b1ad0}, id = 0x0, 
>     canonical_path = 0x580b1ce0 "/machine/unattached/device[0]", realized = true, pending_deleted_event = false, opts = 0x0, hotplugged = 0, parent_bus = 0x0, gpios = {lh_first = 0x0}, 
>     child_bus = {lh_first = 0x0}, num_child_bus = 0, instance_id_alias = -1, alias_required_for_version = 0}, nr_cores = 1, nr_threads = 1, thread = 0x580e7580, thread_id = 9698, running = true, 
>   has_waiter = false, halt_cond = 0x580e7590, thread_kicked = false, created = true, stop = false, stopped = false, unplug = false, crash_occurred = false, exit_request = false, 
>   cflags_next_tb = 4294967295, interrupt_request = 0, singlestep_enabled = 0, icount_budget = 0, icount_extra = 0, jmp_env = {{__jmpbuf = {0, 0, 0, 0, 0, 0}, __mask_was_saved = 0, 
>       __saved_mask = {__val = {0 <repeats 32 times>}}}}, work_mutex = {lock = {__data = {__lock = 0, __count = 0, __owner = 0, __kind = 0, __nusers = 0, {__elision_data = {__espins = 0, 
>             __eelision = 0}, __list = {__next = 0x0}}}, __size = '\000' <repeats 23 times>, __align = 0}, file = 0x0, line = 0, initialized = true}, queued_work_first = 0x0, 
>   queued_work_last = 0x0, cpu_ases = 0x580e7520, num_ases = 1, as = 0x580e74d0, memory = 0x58099300, env_ptr = 0x580d8030, tb_jmp_cache = {0x0 <repeats 4096 times>}, gdb_regs = 0x0, 
>   gdb_num_regs = 41, gdb_num_g_regs = 41, node = {tqe_next = 0x0, tqe_prev = 0x571c300c <cpus>}, breakpoints = {tqh_first = 0x0, tqh_last = 0x580d7fcc}, watchpoints = {tqh_first = 0x0, 
>     tqh_last = 0x580d7fd4}, watchpoint_hit = 0x0, opaque = 0x0, mem_io_pc = 0, mem_io_vaddr = 0, kvm_fd = 16, kvm_state = 0x580bc2c0, kvm_run = 0xf6edd000, trace_dstate_delayed = {0}, 
>   trace_dstate = {0}, cpu_index = 0, halted = 0, can_do_io = 1, exception_index = -1, vcpu_dirty = false, throttle_thread_scheduled = false, ignore_memory_transaction_failures = false, 
>   icount_decr = {u32 = 0, u16 = {low = 0, high = 0}}, hax_vcpu = 0x0, pending_tlb_flush = 0, hvf_fd = 0, iommu_notifiers = 0x58055d00}
> --8<---------------cut here---------------end--------------->8---
> 
> Let me know if you need more information.
> 
> Thank you,
> Ludo’.
> 
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK