[Qemu-devel] 32-bit “qemu-system-i386 -enable-kvm” segfaults on x86_64

[Qemu-devel] 32-bit “qemu-system-i386 -enable-kvm” segfaults on x86_64

[Ludovic Courtès]

Hello,

(I’m reporting the issue here because for some reason the launchpad.net
login page redirects me to an “oops” page and fails to log me in.)

On a Linux 4.17 x86_64 host, “qemu-system-i386 -enable-kvm”, where
qemu-system-i386 is a 32-bit binary, crashes (it works fine without
‘-enable-kvm’):

--8<---------------cut here---------------start------------->8---
$ uname -rm
4.17.3-gnu x86_64
$ file /gnu/store/h22dc67wzkv0w2l3775f0xqkyr318x5j-qemu-minimal-2.12.0/bin/qemu-system-i386 
/gnu/store/h22dc67wzkv0w2l3775f0xqkyr318x5j-qemu-minimal-2.12.0/bin/qemu-system-i386: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/ld-linux.so.2, for GNU/Linux 2.6.32, stripped
$ /gnu/store/h22dc67wzkv0w2l3775f0xqkyr318x5j-qemu-minimal-2.12.0/bin/qemu-system-i386 -enable-kvm /dev/null
WARNING: Image format was not specified for '/dev/null' and probing guessed raw.
         Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
         Specify the 'raw' format explicitly to remove the restrictions.
VNC server running on 127.0.0.1:5900
Adres-eraro(nekropsio elŝutita)
--8<---------------cut here---------------start------------->8---

I’d need debugging symbols to provide a useful backtrace, but perhaps
the strace gives useful hints:

--8<---------------cut here---------------start------------->8---
$ strace -o ,,s /gnu/store/h22dc67wzkv0w2l3775f0xqkyr318x5j-qemu-minimal-2.12.0/bin/qemu-system-i386 -enable-kvm /dev/null
WARNING: Image format was not specified for '/dev/null' and probing guessed raw.
         Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
         Specify the 'raw' format explicitly to remove the restrictions.
VNC server running on 127.0.0.1:5900
Adres-eraro
$ tail ,,s
ioctl(10, KVM_CHECK_EXTENSION, 0x4c)    = 1
ioctl(11, KVM_SET_CLOCK, 0xff9f32bc)    = 0
ioctl(16, KVM_KVMCLOCK_CTRL, 0)         = -1 EINVAL (Invalid argument)
write(15, "\1\0\0\0\0\0\0\0", 8)        = 8
futex(0x57ee400c, FUTEX_WAKE_PRIVATE, 2147483647) = 1
getpid()                                = 3064
tgkill(3064, 3068, SIGUSR1)             = 0
futex(0x57193bd8, FUTEX_WAKE_PRIVATE, 1) = 1
ppoll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLIN}, {fd=17, events=POLLIN}], 5, {tv_sec=0, tv_nsec=0}, NULL, 8 <unfinished ...>
+++ killed by SIGSEGV (core dumped) +++
--8<---------------cut here---------------end--------------->8---

Before investigating further, does it ring a bell?  It used to work, and
I think the main difference is the kernel version.

Thanks,
Ludo’.

Re: [Qemu-devel] 32-bit “qemu-system-i386 -enable-kvm” segfaults on x86_64

[Daniel P. Berrangé]

On Wed, Jul 04, 2018 at 02:34:07PM +0200, Ludovic Courtès wrote:
> Hello,
> 
> (I’m reporting the issue here because for some reason the launchpad.net
> login page redirects me to an “oops” page and fails to log me in.)
> 
> On a Linux 4.17 x86_64 host, “qemu-system-i386 -enable-kvm”, where
> qemu-system-i386 is a 32-bit binary, crashes (it works fine without
> ‘-enable-kvm’):
> 
> --8<---------------cut here---------------start------------->8---
> $ uname -rm
> 4.17.3-gnu x86_64
> $ file /gnu/store/h22dc67wzkv0w2l3775f0xqkyr318x5j-qemu-minimal-2.12.0/bin/qemu-system-i386 
> /gnu/store/h22dc67wzkv0w2l3775f0xqkyr318x5j-qemu-minimal-2.12.0/bin/qemu-system-i386: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/ld-linux.so.2, for GNU/Linux 2.6.32, stripped

It appears that not only are you using qemu-system-i386 on x86_64
host, but this has actually also been built as a 32-bit ELF binary,
so will be using the 32-bit compat syscalls. This is quite possibly
relevant to any crash, so it would be useful to know if qemu-system-i386,
when built as a 64-bit ELF binary works or fails.

It appears you are using 2.12.0 release, so it is also helpful if
you would try using current git master to see if it still reproduces.


> $ /gnu/store/h22dc67wzkv0w2l3775f0xqkyr318x5j-qemu-minimal-2.12.0/bin/qemu-system-i386 -enable-kvm /dev/null
> WARNING: Image format was not specified for '/dev/null' and probing guessed raw.
>          Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
>          Specify the 'raw' format explicitly to remove the restrictions.
> VNC server running on 127.0.0.1:5900
> Adres-eraro(nekropsio elŝutita)
> --8<---------------cut here---------------start------------->8---
> 
> I’d need debugging symbols to provide a useful backtrace, but perhaps
> the strace gives useful hints:

strace's are fairly unhelpful I'm afraid, so collecting a stack trace
would be best next step.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [Qemu-devel] 32-bit “qemu-system-i386 -enable-kvm” segfaults on x86_64

[Ludovic Courtès]

Hi Daniel,

Thanks for the quick reply.

Daniel P. Berrangé <berrange@redhat.com> skribis:

> On Wed, Jul 04, 2018 at 02:34:07PM +0200, Ludovic Courtès wrote:
>> Hello,
>> 
>> (I’m reporting the issue here because for some reason the launchpad.net
>> login page redirects me to an “oops” page and fails to log me in.)
>> 
>> On a Linux 4.17 x86_64 host, “qemu-system-i386 -enable-kvm”, where
>> qemu-system-i386 is a 32-bit binary, crashes (it works fine without
>> ‘-enable-kvm’):
>> 
>> --8<---------------cut here---------------start------------->8---
>> $ uname -rm
>> 4.17.3-gnu x86_64
>> $ file /gnu/store/h22dc67wzkv0w2l3775f0xqkyr318x5j-qemu-minimal-2.12.0/bin/qemu-system-i386 
>> /gnu/store/h22dc67wzkv0w2l3775f0xqkyr318x5j-qemu-minimal-2.12.0/bin/qemu-system-i386: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/ld-linux.so.2, for GNU/Linux 2.6.32, stripped
>
> It appears that not only are you using qemu-system-i386 on x86_64
> host, but this has actually also been built as a 32-bit ELF binary,
> so will be using the 32-bit compat syscalls. This is quite possibly
> relevant to any crash, so it would be useful to know if qemu-system-i386,
> when built as a 64-bit ELF binary works or fails.

The 64-bit qemu-system-i386 works fine.

> It appears you are using 2.12.0 release, so it is also helpful if
> you would try using current git master to see if it still reproduces.

Here’s what I get with today’s master (commit
6d8ad1614e0c97c59a87e6c6208ebeb94e769149):

--8<---------------cut here---------------start------------->8---
$ file /gnu/store/5fds9826wk2mhl1kcyr2l3a2nd2bypf4-qemu-minimal-2.12.0-6d8ad16/bin/qemu-system-i386
/gnu/store/5fds9826wk2mhl1kcyr2l3a2nd2bypf4-qemu-minimal-2.12.0-6d8ad16/bin/qemu-system-i386: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /gnu/stor
e/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/ld-linux.so.2, for GNU/Linux 2.6.32, with debug_info, not stripped
$ /gnu/store/5fds9826wk2mhl1kcyr2l3a2nd2bypf4-qemu-minimal-2.12.0-6d8ad16/bin/qemu-system-i386 -enable-kvm /dev/null
WARNING: Image format was not specified for '/dev/null' and probing guessed raw.
         Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
         Specify the 'raw' format explicitly to remove the restrictions.
VNC server running on 127.0.0.1:5900
Adres-eraro(nekropsio elŝutita)
--8<---------------cut here---------------end--------------->8---

And the backtraces:

--8<---------------cut here---------------start------------->8---
Core was generated by `/gnu/store/5fds9826wk2mhl1kcyr2l3a2nd2bypf4-qemu-minimal-2.12.0-6d8ad16/bin/qem'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x5674c42e in kvm_vcpu_ioctl (cpu=0x580d3e60, type=44672) at /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/accel/kvm/kvm-all.c:2097
2097    /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/accel/kvm/kvm-all.c: Dosiero aŭ dosierujo ne ekzistas.
[Current thread is 1 (Thread 0xf611db40 (LWP 9698))]

[...]

(gdb) thread apply all bt

Thread 5 (Thread 0xf76e1bc0 (LWP 9695)):
#0  0xf7f60059 in __kernel_vsyscall ()
#1  0xf78425e4 in ppoll () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libc.so.6
#2  0x56c3eec0 in qemu_poll_ns (fds=0x580e8340, nfds=5, timeout=980889000) at util/qemu-timer.c:334
#3  0x56c400db in os_host_main_loop_wait (timeout=980889000) at util/main-loop.c:233
#4  0x56c401d6 in main_loop_wait (nonblocking=0) at util/main-loop.c:497
#5  0x56890b45 in main_loop () at vl.c:1866
#6  0x56898676 in main (argc=3, argv=0xffc58ee4, envp=0xffc58ef4) at vl.c:4644

Thread 4 (Thread 0xf76e0b40 (LWP 9696)):
#0  0xf7f60059 in __kernel_vsyscall ()
#1  0xf793fa0b in nanosleep () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libpthread.so.0
#2  0xf7c59fe3 in g_usleep () from /gnu/store/1k808cq1dwlcjlfqmd4p5rxjpz2vckra-glib-2.56.0/lib/libglib-2.0.so.0
#3  0x56c5c614 in call_rcu_thread (opaque=0x0) at util/rcu.c:253
#4  0x56c452a5 in qemu_thread_start (args=0x5802b1d0) at util/qemu-thread-posix.c:504
#5  0xf793535b in start_thread () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libpthread.so.0
#6  0xf784c5d6 in clone () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libc.so.6

Thread 3 (Thread 0xec536b40 (LWP 9701)):
#0  0xf7f60059 in __kernel_vsyscall ()
#1  0xf793b35c in pthread_cond_wait@@GLIBC_2.3.2 () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libpthread.so.0
#2  0x56c44a4f in qemu_cond_wait_impl (cond=0x5910a7c0, mutex=0x5910a7f4, file=0x56e3f412 "ui/vnc-jobs.c", line=213) at util/qemu-thread-posix.c:161
#3  0x56b0eb4f in vnc_worker_thread_loop (queue=0x5910a7c0) at ui/vnc-jobs.c:213
#4  0x56b0f0e6 in vnc_worker_thread (arg=0x5910a7c0) at ui/vnc-jobs.c:323
#5  0x56c452a5 in qemu_thread_start (args=0x581486d0) at util/qemu-thread-posix.c:504
#6  0xf793535b in start_thread () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libpthread.so.0
#7  0xf784c5d6 in clone () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libc.so.6

Thread 2 (Thread 0xf6cffb40 (LWP 9697)):
#0  0xf7f60059 in __kernel_vsyscall ()
#1  0xf78425e4 in ppoll () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libc.so.6
#2  0x56c3ee4a in qemu_poll_ns (fds=0xf63005d0, nfds=1, timeout=-1) at util/qemu-timer.c:322
#3  0x56c41dcc in aio_poll (ctx=0x5804ebc0, blocking=true) at util/aio-posix.c:629
#4  0x56887a63 in iothread_run (opaque=0x5804e9d0) at iothread.c:64
#5  0x56c452a5 in qemu_thread_start (args=0x5804fb10) at util/qemu-thread-posix.c:504
#6  0xf793535b in start_thread () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libpthread.so.0
#7  0xf784c5d6 in clone () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libc.so.6

Thread 1 (Thread 0xf611db40 (LWP 9698)):
#0  0x5674c42e in kvm_vcpu_ioctl (cpu=0x580d3e60, type=44672) at /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/accel/kvm/kvm-all.c:2097
#1  0x5674bf61 in kvm_cpu_exec (cpu=0x580d3e60) at /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/accel/kvm/kvm-all.c:1929
#2  0x56714634 in qemu_kvm_cpu_thread_fn (arg=0x580d3e60) at /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/cpus.c:1215
#3  0x56c452a5 in qemu_thread_start (args=0x580e75d0) at util/qemu-thread-posix.c:504
#4  0xf793535b in start_thread () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libpthread.so.0
#5  0xf784c5d6 in clone () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libc.so.6
(gdb) thread 1
[Switching to thread 1 (Thread 0xf611db40 (LWP 9698))]
#0  0x5674c42e in kvm_vcpu_ioctl (cpu=0x580d3e60, type=44672) at /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/accel/kvm/kvm-all.c:2097
2097    in /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/accel/kvm/kvm-all.c
(gdb) info locals
ret = 0
arg = 0x0
ap = 0xf611d03c "\366\276tV \200+W\310%\034W\222\345\210V`>\rX{\347\210V\t"
(gdb) p *cpu
$1 = {parent_obj = {parent_obj = {class = 0x5807baa0, free = 0xf7c35800 <g_free>, properties = 0x580aed90, ref = 1, parent = 0x580b1ad0}, id = 0x0, 
    canonical_path = 0x580b1ce0 "/machine/unattached/device[0]", realized = true, pending_deleted_event = false, opts = 0x0, hotplugged = 0, parent_bus = 0x0, gpios = {lh_first = 0x0}, 
    child_bus = {lh_first = 0x0}, num_child_bus = 0, instance_id_alias = -1, alias_required_for_version = 0}, nr_cores = 1, nr_threads = 1, thread = 0x580e7580, thread_id = 9698, running = true, 
  has_waiter = false, halt_cond = 0x580e7590, thread_kicked = false, created = true, stop = false, stopped = false, unplug = false, crash_occurred = false, exit_request = false, 
  cflags_next_tb = 4294967295, interrupt_request = 0, singlestep_enabled = 0, icount_budget = 0, icount_extra = 0, jmp_env = {{__jmpbuf = {0, 0, 0, 0, 0, 0}, __mask_was_saved = 0, 
      __saved_mask = {__val = {0 <repeats 32 times>}}}}, work_mutex = {lock = {__data = {__lock = 0, __count = 0, __owner = 0, __kind = 0, __nusers = 0, {__elision_data = {__espins = 0, 
            __eelision = 0}, __list = {__next = 0x0}}}, __size = '\000' <repeats 23 times>, __align = 0}, file = 0x0, line = 0, initialized = true}, queued_work_first = 0x0, 
  queued_work_last = 0x0, cpu_ases = 0x580e7520, num_ases = 1, as = 0x580e74d0, memory = 0x58099300, env_ptr = 0x580d8030, tb_jmp_cache = {0x0 <repeats 4096 times>}, gdb_regs = 0x0, 
  gdb_num_regs = 41, gdb_num_g_regs = 41, node = {tqe_next = 0x0, tqe_prev = 0x571c300c <cpus>}, breakpoints = {tqh_first = 0x0, tqh_last = 0x580d7fcc}, watchpoints = {tqh_first = 0x0, 
    tqh_last = 0x580d7fd4}, watchpoint_hit = 0x0, opaque = 0x0, mem_io_pc = 0, mem_io_vaddr = 0, kvm_fd = 16, kvm_state = 0x580bc2c0, kvm_run = 0xf6edd000, trace_dstate_delayed = {0}, 
  trace_dstate = {0}, cpu_index = 0, halted = 0, can_do_io = 1, exception_index = -1, vcpu_dirty = false, throttle_thread_scheduled = false, ignore_memory_transaction_failures = false, 
  icount_decr = {u32 = 0, u16 = {low = 0, high = 0}}, hax_vcpu = 0x0, pending_tlb_flush = 0, hvf_fd = 0, iommu_notifiers = 0x58055d00}
--8<---------------cut here---------------end--------------->8---

Let me know if you need more information.

Thank you,
Ludo’.

Re: [Qemu-devel] 32-bit “qemu-system-i386 -enable-kvm” segfaults on x86_64

[Dr. David Alan Gilbert]

* Ludovic Courtès (ludo@gnu.org) wrote:
> Hi Daniel,
> 
> Thanks for the quick reply.
> 
> Daniel P. Berrangé <berrange@redhat.com> skribis:
> 
> > On Wed, Jul 04, 2018 at 02:34:07PM +0200, Ludovic Courtès wrote:
> >> Hello,
> >> 
> >> (I’m reporting the issue here because for some reason the launchpad.net
> >> login page redirects me to an “oops” page and fails to log me in.)
> >> 
> >> On a Linux 4.17 x86_64 host, “qemu-system-i386 -enable-kvm”, where
> >> qemu-system-i386 is a 32-bit binary, crashes (it works fine without
> >> ‘-enable-kvm’):
> >> 
> >> --8<---------------cut here---------------start------------->8---
> >> $ uname -rm
> >> 4.17.3-gnu x86_64
> >> $ file /gnu/store/h22dc67wzkv0w2l3775f0xqkyr318x5j-qemu-minimal-2.12.0/bin/qemu-system-i386 
> >> /gnu/store/h22dc67wzkv0w2l3775f0xqkyr318x5j-qemu-minimal-2.12.0/bin/qemu-system-i386: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/ld-linux.so.2, for GNU/Linux 2.6.32, stripped
> >
> > It appears that not only are you using qemu-system-i386 on x86_64
> > host, but this has actually also been built as a 32-bit ELF binary,
> > so will be using the 32-bit compat syscalls. This is quite possibly
> > relevant to any crash, so it would be useful to know if qemu-system-i386,
> > when built as a 64-bit ELF binary works or fails.
> 
> The 64-bit qemu-system-i386 works fine.
> 
> > It appears you are using 2.12.0 release, so it is also helpful if
> > you would try using current git master to see if it still reproduces.
> 
> Here’s what I get with today’s master (commit
> 6d8ad1614e0c97c59a87e6c6208ebeb94e769149):

If you do a dmesg after you get the seg fault do you see
any unusual messages ?

Dave

> --8<---------------cut here---------------start------------->8---
> $ file /gnu/store/5fds9826wk2mhl1kcyr2l3a2nd2bypf4-qemu-minimal-2.12.0-6d8ad16/bin/qemu-system-i386
> /gnu/store/5fds9826wk2mhl1kcyr2l3a2nd2bypf4-qemu-minimal-2.12.0-6d8ad16/bin/qemu-system-i386: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /gnu/stor
> e/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/ld-linux.so.2, for GNU/Linux 2.6.32, with debug_info, not stripped
> $ /gnu/store/5fds9826wk2mhl1kcyr2l3a2nd2bypf4-qemu-minimal-2.12.0-6d8ad16/bin/qemu-system-i386 -enable-kvm /dev/null
> WARNING: Image format was not specified for '/dev/null' and probing guessed raw.
>          Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
>          Specify the 'raw' format explicitly to remove the restrictions.
> VNC server running on 127.0.0.1:5900
> Adres-eraro(nekropsio elŝutita)
> --8<---------------cut here---------------end--------------->8---
> 
> And the backtraces:
> 
> --8<---------------cut here---------------start------------->8---
> Core was generated by `/gnu/store/5fds9826wk2mhl1kcyr2l3a2nd2bypf4-qemu-minimal-2.12.0-6d8ad16/bin/qem'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x5674c42e in kvm_vcpu_ioctl (cpu=0x580d3e60, type=44672) at /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/accel/kvm/kvm-all.c:2097
> 2097    /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/accel/kvm/kvm-all.c: Dosiero aŭ dosierujo ne ekzistas.
> [Current thread is 1 (Thread 0xf611db40 (LWP 9698))]
> 
> [...]
> 
> (gdb) thread apply all bt
> 
> Thread 5 (Thread 0xf76e1bc0 (LWP 9695)):
> #0  0xf7f60059 in __kernel_vsyscall ()
> #1  0xf78425e4 in ppoll () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libc.so.6
> #2  0x56c3eec0 in qemu_poll_ns (fds=0x580e8340, nfds=5, timeout=980889000) at util/qemu-timer.c:334
> #3  0x56c400db in os_host_main_loop_wait (timeout=980889000) at util/main-loop.c:233
> #4  0x56c401d6 in main_loop_wait (nonblocking=0) at util/main-loop.c:497
> #5  0x56890b45 in main_loop () at vl.c:1866
> #6  0x56898676 in main (argc=3, argv=0xffc58ee4, envp=0xffc58ef4) at vl.c:4644
> 
> Thread 4 (Thread 0xf76e0b40 (LWP 9696)):
> #0  0xf7f60059 in __kernel_vsyscall ()
> #1  0xf793fa0b in nanosleep () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libpthread.so.0
> #2  0xf7c59fe3 in g_usleep () from /gnu/store/1k808cq1dwlcjlfqmd4p5rxjpz2vckra-glib-2.56.0/lib/libglib-2.0.so.0
> #3  0x56c5c614 in call_rcu_thread (opaque=0x0) at util/rcu.c:253
> #4  0x56c452a5 in qemu_thread_start (args=0x5802b1d0) at util/qemu-thread-posix.c:504
> #5  0xf793535b in start_thread () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libpthread.so.0
> #6  0xf784c5d6 in clone () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libc.so.6
> 
> Thread 3 (Thread 0xec536b40 (LWP 9701)):
> #0  0xf7f60059 in __kernel_vsyscall ()
> #1  0xf793b35c in pthread_cond_wait@@GLIBC_2.3.2 () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libpthread.so.0
> #2  0x56c44a4f in qemu_cond_wait_impl (cond=0x5910a7c0, mutex=0x5910a7f4, file=0x56e3f412 "ui/vnc-jobs.c", line=213) at util/qemu-thread-posix.c:161
> #3  0x56b0eb4f in vnc_worker_thread_loop (queue=0x5910a7c0) at ui/vnc-jobs.c:213
> #4  0x56b0f0e6 in vnc_worker_thread (arg=0x5910a7c0) at ui/vnc-jobs.c:323
> #5  0x56c452a5 in qemu_thread_start (args=0x581486d0) at util/qemu-thread-posix.c:504
> #6  0xf793535b in start_thread () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libpthread.so.0
> #7  0xf784c5d6 in clone () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libc.so.6
> 
> Thread 2 (Thread 0xf6cffb40 (LWP 9697)):
> #0  0xf7f60059 in __kernel_vsyscall ()
> #1  0xf78425e4 in ppoll () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libc.so.6
> #2  0x56c3ee4a in qemu_poll_ns (fds=0xf63005d0, nfds=1, timeout=-1) at util/qemu-timer.c:322
> #3  0x56c41dcc in aio_poll (ctx=0x5804ebc0, blocking=true) at util/aio-posix.c:629
> #4  0x56887a63 in iothread_run (opaque=0x5804e9d0) at iothread.c:64
> #5  0x56c452a5 in qemu_thread_start (args=0x5804fb10) at util/qemu-thread-posix.c:504
> #6  0xf793535b in start_thread () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libpthread.so.0
> #7  0xf784c5d6 in clone () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libc.so.6
> 
> Thread 1 (Thread 0xf611db40 (LWP 9698)):
> #0  0x5674c42e in kvm_vcpu_ioctl (cpu=0x580d3e60, type=44672) at /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/accel/kvm/kvm-all.c:2097
> #1  0x5674bf61 in kvm_cpu_exec (cpu=0x580d3e60) at /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/accel/kvm/kvm-all.c:1929
> #2  0x56714634 in qemu_kvm_cpu_thread_fn (arg=0x580d3e60) at /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/cpus.c:1215
> #3  0x56c452a5 in qemu_thread_start (args=0x580e75d0) at util/qemu-thread-posix.c:504
> #4  0xf793535b in start_thread () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libpthread.so.0
> #5  0xf784c5d6 in clone () from /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/libc.so.6
> (gdb) thread 1
> [Switching to thread 1 (Thread 0xf611db40 (LWP 9698))]
> #0  0x5674c42e in kvm_vcpu_ioctl (cpu=0x580d3e60, type=44672) at /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/accel/kvm/kvm-all.c:2097
> 2097    in /tmp/guix-build-qemu-minimal-2.12.0-6d8ad16.drv-0/source/accel/kvm/kvm-all.c
> (gdb) info locals
> ret = 0
> arg = 0x0
> ap = 0xf611d03c "\366\276tV \200+W\310%\034W\222\345\210V`>\rX{\347\210V\t"
> (gdb) p *cpu
> $1 = {parent_obj = {parent_obj = {class = 0x5807baa0, free = 0xf7c35800 <g_free>, properties = 0x580aed90, ref = 1, parent = 0x580b1ad0}, id = 0x0, 
>     canonical_path = 0x580b1ce0 "/machine/unattached/device[0]", realized = true, pending_deleted_event = false, opts = 0x0, hotplugged = 0, parent_bus = 0x0, gpios = {lh_first = 0x0}, 
>     child_bus = {lh_first = 0x0}, num_child_bus = 0, instance_id_alias = -1, alias_required_for_version = 0}, nr_cores = 1, nr_threads = 1, thread = 0x580e7580, thread_id = 9698, running = true, 
>   has_waiter = false, halt_cond = 0x580e7590, thread_kicked = false, created = true, stop = false, stopped = false, unplug = false, crash_occurred = false, exit_request = false, 
>   cflags_next_tb = 4294967295, interrupt_request = 0, singlestep_enabled = 0, icount_budget = 0, icount_extra = 0, jmp_env = {{__jmpbuf = {0, 0, 0, 0, 0, 0}, __mask_was_saved = 0, 
>       __saved_mask = {__val = {0 <repeats 32 times>}}}}, work_mutex = {lock = {__data = {__lock = 0, __count = 0, __owner = 0, __kind = 0, __nusers = 0, {__elision_data = {__espins = 0, 
>             __eelision = 0}, __list = {__next = 0x0}}}, __size = '\000' <repeats 23 times>, __align = 0}, file = 0x0, line = 0, initialized = true}, queued_work_first = 0x0, 
>   queued_work_last = 0x0, cpu_ases = 0x580e7520, num_ases = 1, as = 0x580e74d0, memory = 0x58099300, env_ptr = 0x580d8030, tb_jmp_cache = {0x0 <repeats 4096 times>}, gdb_regs = 0x0, 
>   gdb_num_regs = 41, gdb_num_g_regs = 41, node = {tqe_next = 0x0, tqe_prev = 0x571c300c <cpus>}, breakpoints = {tqh_first = 0x0, tqh_last = 0x580d7fcc}, watchpoints = {tqh_first = 0x0, 
>     tqh_last = 0x580d7fd4}, watchpoint_hit = 0x0, opaque = 0x0, mem_io_pc = 0, mem_io_vaddr = 0, kvm_fd = 16, kvm_state = 0x580bc2c0, kvm_run = 0xf6edd000, trace_dstate_delayed = {0}, 
>   trace_dstate = {0}, cpu_index = 0, halted = 0, can_do_io = 1, exception_index = -1, vcpu_dirty = false, throttle_thread_scheduled = false, ignore_memory_transaction_failures = false, 
>   icount_decr = {u32 = 0, u16 = {low = 0, high = 0}}, hax_vcpu = 0x0, pending_tlb_flush = 0, hvf_fd = 0, iommu_notifiers = 0x58055d00}
> --8<---------------cut here---------------end--------------->8---
> 
> Let me know if you need more information.
> 
> Thank you,
> Ludo’.
> 
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

Re: [Qemu-devel] 32-bit “qemu-system-i386 -enable-kvm” segfaults on x86_64

[Ludovic Courtès]

"Dr. David Alan Gilbert" <dgilbert@redhat.com> skribis:

> * Ludovic Courtès (ludo@gnu.org) wrote:
>> Hi Daniel,
>> 
>> Thanks for the quick reply.
>> 
>> Daniel P. Berrangé <berrange@redhat.com> skribis:
>> 
>> > On Wed, Jul 04, 2018 at 02:34:07PM +0200, Ludovic Courtès wrote:
>> >> Hello,
>> >> 
>> >> (I’m reporting the issue here because for some reason the launchpad.net
>> >> login page redirects me to an “oops” page and fails to log me in.)
>> >> 
>> >> On a Linux 4.17 x86_64 host, “qemu-system-i386 -enable-kvm”, where
>> >> qemu-system-i386 is a 32-bit binary, crashes (it works fine without
>> >> ‘-enable-kvm’):
>> >> 
>> >> --8<---------------cut here---------------start------------->8---
>> >> $ uname -rm
>> >> 4.17.3-gnu x86_64
>> >> $ file /gnu/store/h22dc67wzkv0w2l3775f0xqkyr318x5j-qemu-minimal-2.12.0/bin/qemu-system-i386 
>> >> /gnu/store/h22dc67wzkv0w2l3775f0xqkyr318x5j-qemu-minimal-2.12.0/bin/qemu-system-i386: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /gnu/store/4aka3nwppxf3z072l6vr8cxvwj3x5h9s-glibc-2.27/lib/ld-linux.so.2, for GNU/Linux 2.6.32, stripped
>> >
>> > It appears that not only are you using qemu-system-i386 on x86_64
>> > host, but this has actually also been built as a 32-bit ELF binary,
>> > so will be using the 32-bit compat syscalls. This is quite possibly
>> > relevant to any crash, so it would be useful to know if qemu-system-i386,
>> > when built as a 64-bit ELF binary works or fails.
>> 
>> The 64-bit qemu-system-i386 works fine.
>> 
>> > It appears you are using 2.12.0 release, so it is also helpful if
>> > you would try using current git master to see if it still reproduces.
>> 
>> Here’s what I get with today’s master (commit
>> 6d8ad1614e0c97c59a87e6c6208ebeb94e769149):
>
> If you do a dmesg after you get the seg fault do you see
> any unusual messages ?

Just this:

  qemu-system-i38[1762]: segfault at 14 ip 000000005675842e sp 00000000f621d000 error 4 in qemu-system-i386[565e2000+b3d000]

Ludo’.