[Qemu-devel] [BUG] QEMU crashes when 64bit BAR is present

[Qemu-devel] [BUG] QEMU crashes when 64bit BAR is present

[Alexey Korolev]

Hi all,
I had qemu 1.2.0 crash when using ivshmem driver with 64bit PCI support enabled. The qemu process is terminated at a very early stage of
Linux boot up. Here is the qemu command line:

LC_ALL=C PATH=/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin HOME=/home/user
USER=user LOGNAME=user QEMU_AUDIO_DRV=none /usr/bin/qemu -M pc-0.11 -enable-kvm -m 4096 -smp 1,sockets=1,cores=1,threads=1 -name Cent5 -uuid
59342423-be7a-0f83-b9ac-35a42e521d99 -nodefconfig -nodefaults -chardev
socket,id=charmonitor,path=/var/lib/libvirt/qemu/Cent5.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=readline -rtc base=utc
-boot order=cd,menu=on -drive file=/home/akorolev/Cent54.img,if=none,id=drive-ide0-0-0,format=raw -device
ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -drive if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device
ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -chardev file,id=charserial0,path=/home/akorolev/Cent5.5.log -device
isa-serial,chardev=charserial0,id=serial0 -usb -vnc 127.0.0.1:0 -k en-us -vga cirrus -device
ivshmem,size=128M,pci64=1,shm,bus=pci.0,multifunction=on,addr=0x5.0x0 -device
virtio-balloon-pci,id=balloon0,bus=pci.0,multifunction=on,addr=0x4.0x0

And qemu error output is:
qemu: /home/akorolev/qemu-kvm/exec.c:2255: register_subpage: Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed.

Guest OS is Centos 5.5 and log is pretty boring, as qemu crashes before Linux can report an issue.

Note: The only tweak I've made to qemu is changing PCI bar flag to PCI_ADDRESS_MEM_TYPE_64 in ivshmem driver

I guess the issue is related to this: http://lists.gnu.org/archive/html/qemu-devel/2012-01/msg03189.html
At that time /it was found out that ivshmem bar is split by/ /the hpet region/

Could you please have a look at this?
I'm willing to provide additional info if you need it.

Thanks
Alexey

Re: [Qemu-devel] [BUG] QEMU crashes when 64bit BAR is present

[Gerd Hoffmann]

  Hi,

> And qemu error output is:
> qemu: /home/akorolev/qemu-kvm/exec.c:2255: register_subpage: Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed.
> 
> Guest OS is Centos 5.5 and log is pretty boring, as qemu crashes before Linux can report an issue.

Where does it crash? seabios? linux kernel?
Still reproducable with 1.3.0?

cheers,
  Gerd

Re: [Qemu-devel] [BUG] QEMU crashes when 64bit BAR is present

[Alexey Korolev]

Hi Gerd,
>   Hi,
>
>> And qemu error output is:
>> qemu: /home/akorolev/qemu-kvm/exec.c:2255: register_subpage: Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed.
>>
>> Guest OS is Centos 5.5 and log is pretty boring, as qemu crashes before Linux can report an issue.
> Where does it crash? seabios? linux kernel?
> Still reproducable with 1.3.0?
It is a qemu core assertion.
Haven't tried 1.3.0 yet, can try it today.
The bug is quite easy to reproduce, if use ivshmem with 64bit tweaks and specify size 128M.

Re: [Qemu-devel] [BUG] QEMU crashes when 64bit BAR is present

[Alexey Korolev]

On 06/12/12 09:23, Alexey Korolev wrote:
> Hi Gerd,
>>   Hi,
>>
>>> And qemu error output is:
>>> qemu: /home/akorolev/qemu-kvm/exec.c:2255: register_subpage: Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed.
>>>
>>> Guest OS is Centos 5.5 and log is pretty boring, as qemu crashes before Linux can report an issue.
>> Where does it crash? seabios? linux kernel?
>> Still reproducable with 1.3.0?
> It is a qemu core assertion.
It's a qemu assertion which occurs on early stage of linux bootup process. I guess it fails when linux calls HPET init functions. See this
post for details: http://lists.gnu.org/archive/html/qemu-devel/2012-01/msg03189.html

> Haven't tried 1.3.0 yet, can try it today.
> The bug is quite easy to reproduce, if use ivshmem with 64bit tweaks and specify size 128M.
>
>

Re: [Qemu-devel] [BUG] QEMU crashes when 64bit BAR is present

[Alexey Korolev]

I tried the head today.
Qemu crashes in the same way as before.

>   Hi,
>
>> And qemu error output is:
>> qemu: /home/akorolev/qemu-kvm/exec.c:2255: register_subpage: Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed.
>>
>> Guest OS is Centos 5.5 and log is pretty boring, as qemu crashes before Linux can report an issue.
> Where does it crash? seabios? linux kernel?
> Still reproducable with 1.3.0?
>
> cheers,
>   Gerd
>

Re: [Qemu-devel] [BUG] QEMU crashes when 64bit BAR is present

[Gerd Hoffmann]

On 12/06/12 05:09, Alexey Korolev wrote:
> I tried the head today.
> Qemu crashes in the same way as before.

Hmm.  Doesn't reproduce here (using RHEL-5 as guest, although it is 5.8
so more recent than your centos 5.5).

Is this a 32bit or 64bit guest?

cheers,
  Gerd

Re: [Qemu-devel] [BUG] QEMU crashes when 64bit BAR is present

[Alexey Korolev]

On 06/12/12 20:45, Gerd Hoffmann wrote:
> On 12/06/12 05:09, Alexey Korolev wrote:
>> I tried the head today.
>> Qemu crashes in the same way as before.
> Hmm.  Doesn't reproduce here (using RHEL-5 as guest, although it is 5.8
> so more recent than your centos 5.5).
>
> Is this a 32bit or 64bit guest?
It is a 64bit guest OS.
I've upgraded to RHEL 5.8 and still have the same problem.
Could you please send me a qemu command line you are running?

Re: [Qemu-devel] [BUG] QEMU crashes when 64bit BAR is present

[Gerd Hoffmann]

On 12/07/12 01:22, Alexey Korolev wrote:
> On 06/12/12 20:45, Gerd Hoffmann wrote:
>> On 12/06/12 05:09, Alexey Korolev wrote:
>>> I tried the head today.
>>> Qemu crashes in the same way as before.
>> Hmm.  Doesn't reproduce here (using RHEL-5 as guest, although it is 5.8
>> so more recent than your centos 5.5).
>>
>> Is this a 32bit or 64bit guest?
> It is a 64bit guest OS.
> I've upgraded to RHEL 5.8 and still have the same problem.

My rhel5 is 32bit.

> Could you please send me a qemu command line you are running?

qemu-default -m 512 -hda /vmdisk/guests/rhel5.img -device
ivshmem,size=128M,shm=ivshmem.root

Also tried rhel 5.4 install iso by swapping "-hda $disk" with "-cdrom
$iso", both 32bit and 64bit boot into the installer just fine.

(qemu-default is just a simple wrapper script which starts
qemu-system-x86_64 directly out of the build directory, with -L pointing
to pc-bios of the build directory).

cheers,
  Gerd

Re: [Qemu-devel] [BUG] QEMU crashes when 64bit BAR is present

[Alexey Korolev]

Hi,
>> It is a 64bit guest OS.
>> I've upgraded to RHEL 5.8 and still have the same problem.
> My rhel5 is 32bit.
>
>> Could you please send me a qemu command line you are running?
> qemu-default -m 512 -hda /vmdisk/guests/rhel5.img -device
> ivshmem,size=128M,shm=ivshmem.root
Could you please set the parameter use64=1 ?
I guess 64bit OS might also be important. I don't have a 32 bit version at the moment to check whether it fails or not.

Thanks,
Alexey

Re: [Qemu-devel] [BUG] QEMU crashes when 64bit BAR is present

[Gerd Hoffmann]

On 12/10/12 03:05, Alexey Korolev wrote:
> Hi,
>>> It is a 64bit guest OS.
>>> I've upgraded to RHEL 5.8 and still have the same problem.
>> My rhel5 is 32bit.
>>
>>> Could you please send me a qemu command line you are running?
>> qemu-default -m 512 -hda /vmdisk/guests/rhel5.img -device
>> ivshmem,size=128M,shm=ivshmem.root
> Could you please set the parameter use64=1 ?

It's the default (except when using -M pc-$old), and according to lspci
the guest sees a 64bit bar.

> I guess 64bit OS might also be important. I don't have a 32 bit version at the moment to check whether it fails or not.

both 32bit and 64bit rhel5 installer isos boot just fine for me.

cheers,
  Gerd

Re: [Qemu-devel] [BUG] QEMU crashes when 64bit BAR is present

[Alexey Korolev]

On 10/12/12 20:22, Gerd Hoffmann wrote:
> On 12/10/12 03:05, Alexey Korolev wrote:
>> Hi,
>>>> It is a 64bit guest OS.
>>>> I've upgraded to RHEL 5.8 and still have the same problem.
>>> My rhel5 is 32bit.
>>>
>>>> Could you please send me a qemu command line you are running?
>>> qemu-default -m 512 -hda /vmdisk/guests/rhel5.img -device
>>> ivshmem,size=128M,shm=ivshmem.root
>> Could you please set the parameter use64=1 ?
> It's the default (except when using -M pc-$old), and according to lspci
> the guest sees a 64bit bar.
Correct. Just noticed that the default option use64 is 1.
>> I guess 64bit OS might also be important. I don't have a 32 bit version at the moment to check whether it fails or not.
> both 32bit and 64bit rhel5 installer isos boot just fine for me.
Installers are different case - the issue may not occur with installers.

It is easiest to reproduce the issue on a given configuration. I think I gave a pretty concise description of our case.

To reproduce the problem get:
A Centos 5.8 64bit Linux  (Centos 5.5 fails in the same way as well)
Get the latest qemu checkout (alternatively qemu 1.3.0 and 1.2.0 fail in a very similar way as well)

Try running
/usr/bin/qemu -enable-kvm -m 4096 -smp 1,sockets=1,cores=1,threads=1 -name Cent5 -nodefconfig -nodefaults -chardev
socket,id=charmonitor,path=/var/lib/libvirt/qemu/Cent5.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=readline -rtc base=utc
-boot c -drive file=/patch_to_centos_5_8.ing,if=none,id=drive-ide0-0-0,format=raw -device
ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -vnc 127.0.0.1:0 -k en-us -vga std -device
ivshmem,size=128M,use64=1,shm,bus=pci.0,multifunction=on,addr=0x5.0x0 -device
virtio-balloon-pci,id=balloon0,bus=pci.0,multifunction=on,addr=0x4.0x0

and your guest will either hang or qemu process be terminated with an assertion message.