* aarch64: Crash with qemu master when starting Jailhouse
@ 2020-07-21 7:21 Jan Kiszka
2020-07-21 9:28 ` Peter Maydell
0 siblings, 1 reply; 2+ messages in thread
From: Jan Kiszka @ 2020-07-21 7:21 UTC (permalink / raw)
To: qemu-devel
Hi,
I've seen this first a couple of weeks ago, ignored it, but it's still there today with master:
Thread 13 "qemu-system-aar" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f90e2ffd700 (LWP 26883)]
0x0000560ef0bddda7 in get_phys_addr_lpae (env=<optimized out>, address=address@entry=1095261192, access_type=access_type@entry=MMU_DATA_LOAD, mmu_idx=mmu_idx@entry=ARMMMUIdx_Stage2, s1_is_el0=s1_is_el0@entry=false,
phys_ptr=phys_ptr@entry=0x7f90e2ffc200, txattrs=0x7f90e2ffc1ec, prot=0x7f90e2ffc1f0, page_size_ptr=0x7f90e2ffc1f8, fi=0x7f90e2ffc530, cacheattrs=0x0) at /data/qemu/target/arm/helper.c:11106
11106 cacheattrs->attrs = convert_stage2_attrs(env, extract32(attrs, 0, 4));
(gdb) bt
#0 0x0000560ef0bddda7 in get_phys_addr_lpae
(env=<optimized out>, address=address@entry=1095261192, access_type=access_type@entry=MMU_DATA_LOAD, mmu_idx=mmu_idx@entry=ARMMMUIdx_Stage2, s1_is_el0=s1_is_el0@entry=false, phys_ptr=phys_ptr@entry=0x7f90e2ffc200, txattrs=0x7f90e2ffc1ec, prot=0x7f90e2ffc1f0, page_size_ptr=0x7f90e2ffc1f8, fi=0x7f90e2ffc530, cacheattrs=0x0) at /data/qemu/target/arm/helper.c:11106
#1 0x0000560ef0bde3c6 in S1_ptw_translate (env=env@entry=0x560ef32742b0, mmu_idx=mmu_idx@entry=ARMMMUIdx_Stage1_E1, addr=1095261192, txattrs=..., fi=fi@entry=0x7f90e2ffc530) at /data/qemu/target/arm/helper.c:10218
#2 0x0000560ef0bdd7f0 in arm_ldq_ptw (fi=0x7f90e2ffc530, mmu_idx=ARMMMUIdx_Stage1_E1, is_secure=false, addr=<optimized out>, cs=0x560ef326ac10) at /data/qemu/target/arm/helper.c:10284
#3 0x0000560ef0bdd7f0 in get_phys_addr_lpae
(env=env@entry=0x560ef32742b0, address=address@entry=18446674270391351284, access_type=access_type@entry=MMU_INST_FETCH, mmu_idx=mmu_idx@entry=ARMMMUIdx_Stage1_E1, s1_is_el0=s1_is_el0@entry=false, phys_ptr=phys_ptr@entry=0x7f90e2ffc490, txattrs=0x7f90e2ffc518, prot=0x7f90e2ffc514, page_size_ptr=0x7f90e2ffc528, fi=0x7f90e2ffc530, cacheattrs=0x7f90e2ffc51c) at /data/qemu/target/arm/helper.c:11014
#4 0x0000560ef0bdfacb in get_phys_addr (env=env@entry=0x560ef32742b0, address=<optimized out>, address@entry=18446674270391351284, access_type=access_type@entry=MMU_INST_FETCH, mmu_idx=<optimized out>,
mmu_idx@entry=ARMMMUIdx_Stage1_E1, phys_ptr=phys_ptr@entry=0x7f90e2ffc490, attrs=attrs@entry=0x7f90e2ffc518, prot=0x7f90e2ffc514, page_size=0x7f90e2ffc528, fi=0x7f90e2ffc530, cacheattrs=0x7f90e2ffc51c)
at /data/qemu/target/arm/helper.c:12115
#5 0x0000560ef0bdf5ca in get_phys_addr
(env=env@entry=0x560ef32742b0, address=address@entry=18446674270391351284, access_type=access_type@entry=MMU_INST_FETCH, mmu_idx=<optimized out>, phys_ptr=phys_ptr@entry=0x7f90e2ffc520, attrs=attrs@entry=0x7f90e2ffc518, prot=0x7f90e2ffc514, page_size=0x7f90e2ffc528, fi=0x7f90e2ffc530, cacheattrs=0x7f90e2ffc51c) at /data/qemu/target/arm/helper.c:11950
#6 0x0000560ef0bef669 in arm_cpu_tlb_fill (cs=0x560ef326ac10, address=18446674270391351284, size=<optimized out>, access_type=MMU_INST_FETCH, mmu_idx=2, probe=<optimized out>, retaddr=0) at /data/qemu/target/arm/tlb_helper.c:177
#7 0x0000560ef0adbd85 in tlb_fill (cpu=0x560ef326ac10, addr=18446674270391351284, size=0, access_type=MMU_INST_FETCH, mmu_idx=2, retaddr=0) at /data/qemu/accel/tcg/cputlb.c:1032
#8 0x0000560ef0adf216 in get_page_addr_code_hostp (env=<optimized out>, addr=addr@entry=18446674270391351284, hostp=hostp@entry=0x0) at /data/qemu/accel/tcg/cputlb.c:1211
#9 0x0000560ef0adf287 in get_page_addr_code (env=<optimized out>, addr=addr@entry=18446674270391351284) at /data/qemu/accel/tcg/cputlb.c:1243
#10 0x0000560ef0af21c4 in tb_htable_lookup (cpu=cpu@entry=0x560ef326ac10, pc=18446674270391351284, cs_base=<optimized out>, flags=2182107137, cf_mask=4278714368) at /data/qemu/accel/tcg/cpu-exec.c:337
#11 0x0000560ef0af2fd6 in tb_lookup__cpu_state (cf_mask=<optimized out>, flags=0x7f90e2ffc718, cs_base=0x7f90e2ffc720, pc=0x7f90e2ffc728, cpu=0x0) at /data/qemu/include/exec/tb-lookup.h:43
#12 0x0000560ef0af2fd6 in tb_find (cf_mask=524288, tb_exit=0, last_tb=0x0, cpu=0x0) at /data/qemu/accel/tcg/cpu-exec.c:404
#13 0x0000560ef0af2fd6 in cpu_exec (cpu=cpu@entry=0x560ef326ac10) at /data/qemu/accel/tcg/cpu-exec.c:748
#14 0x0000560ef0bb779f in tcg_cpu_exec (cpu=0x560ef326ac10) at /data/qemu/softmmu/cpus.c:1356
#15 0x0000560ef0bb980b in qemu_tcg_cpu_thread_fn (arg=arg@entry=0x560ef326ac10) at /data/qemu/softmmu/cpus.c:1664
#16 0x0000560ef10aaf76 in qemu_thread_start (args=<optimized out>) at /data/qemu/util/qemu-thread-posix.c:521
#17 0x00007f919e9434f9 in start_thread () at /lib64/libpthread.so.0
#18 0x00007f919e67bf2f in clone () at /lib64/libc.so.6
I've reproduced that with a local Jailhouse installation, but I suspect
(do not have the time right now to check) that a vanilla jailhouse-
images [1] build for qemu-arm64 will trigger it as well. Once time
permits, I could try to generate and share such an image.
qemu 3.1.1.1 of my distro is fine, also f4d8cf148e43.
Any ideas?
Jan
[1] https://github.com/siemens/jailhouse-images
--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: aarch64: Crash with qemu master when starting Jailhouse
2020-07-21 7:21 aarch64: Crash with qemu master when starting Jailhouse Jan Kiszka
@ 2020-07-21 9:28 ` Peter Maydell
0 siblings, 0 replies; 2+ messages in thread
From: Peter Maydell @ 2020-07-21 9:28 UTC (permalink / raw)
To: Jan Kiszka; +Cc: Richard Henderson, qemu-devel
On Tue, 21 Jul 2020 at 08:22, Jan Kiszka <jan.kiszka@siemens.com> wrote:
>
> Hi,
>
> I've seen this first a couple of weeks ago, ignored it, but it's still there today with master:
Richard, this looks like an issue with your recent rearrangement
of the cacheattrs handling: we get into get_phys_addr_lpae() with
a NULL cacheattrs pointer that we weren't expecting.
> Thread 13 "qemu-system-aar" received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7f90e2ffd700 (LWP 26883)]
> 0x0000560ef0bddda7 in get_phys_addr_lpae (env=<optimized out>, address=address@entry=1095261192, access_type=access_type@entry=MMU_DATA_LOAD, mmu_idx=mmu_idx@entry=ARMMMUIdx_Stage2, s1_is_el0=s1_is_el0@entry=false,
> phys_ptr=phys_ptr@entry=0x7f90e2ffc200, txattrs=0x7f90e2ffc1ec, prot=0x7f90e2ffc1f0, page_size_ptr=0x7f90e2ffc1f8, fi=0x7f90e2ffc530, cacheattrs=0x0) at /data/qemu/target/arm/helper.c:11106
> 11106 cacheattrs->attrs = convert_stage2_attrs(env, extract32(attrs, 0, 4));
> (gdb) bt
> #0 0x0000560ef0bddda7 in get_phys_addr_lpae
> (env=<optimized out>, address=address@entry=1095261192, access_type=access_type@entry=MMU_DATA_LOAD, mmu_idx=mmu_idx@entry=ARMMMUIdx_Stage2, s1_is_el0=s1_is_el0@entry=false, phys_ptr=phys_ptr@entry=0x7f90e2ffc200, txattrs=0x7f90e2ffc1ec, prot=0x7f90e2ffc1f0, page_size_ptr=0x7f90e2ffc1f8, fi=0x7f90e2ffc530, cacheattrs=0x0) at /data/qemu/target/arm/helper.c:11106
> #1 0x0000560ef0bde3c6 in S1_ptw_translate (env=env@entry=0x560ef32742b0, mmu_idx=mmu_idx@entry=ARMMMUIdx_Stage1_E1, addr=1095261192, txattrs=..., fi=fi@entry=0x7f90e2ffc530) at /data/qemu/target/arm/helper.c:10218
> #2 0x0000560ef0bdd7f0 in arm_ldq_ptw (fi=0x7f90e2ffc530, mmu_idx=ARMMMUIdx_Stage1_E1, is_secure=false, addr=<optimized out>, cs=0x560ef326ac10) at /data/qemu/target/arm/helper.c:10284
> #3 0x0000560ef0bdd7f0 in get_phys_addr_lpae
> (env=env@entry=0x560ef32742b0, address=address@entry=18446674270391351284, access_type=access_type@entry=MMU_INST_FETCH, mmu_idx=mmu_idx@entry=ARMMMUIdx_Stage1_E1, s1_is_el0=s1_is_el0@entry=false, phys_ptr=phys_ptr@entry=0x7f90e2ffc490, txattrs=0x7f90e2ffc518, prot=0x7f90e2ffc514, page_size_ptr=0x7f90e2ffc528, fi=0x7f90e2ffc530, cacheattrs=0x7f90e2ffc51c) at /data/qemu/target/arm/helper.c:11014
> #4 0x0000560ef0bdfacb in get_phys_addr (env=env@entry=0x560ef32742b0, address=<optimized out>, address@entry=18446674270391351284, access_type=access_type@entry=MMU_INST_FETCH, mmu_idx=<optimized out>,
> mmu_idx@entry=ARMMMUIdx_Stage1_E1, phys_ptr=phys_ptr@entry=0x7f90e2ffc490, attrs=attrs@entry=0x7f90e2ffc518, prot=0x7f90e2ffc514, page_size=0x7f90e2ffc528, fi=0x7f90e2ffc530, cacheattrs=0x7f90e2ffc51c)
> at /data/qemu/target/arm/helper.c:12115
> #5 0x0000560ef0bdf5ca in get_phys_addr
> (env=env@entry=0x560ef32742b0, address=address@entry=18446674270391351284, access_type=access_type@entry=MMU_INST_FETCH, mmu_idx=<optimized out>, phys_ptr=phys_ptr@entry=0x7f90e2ffc520, attrs=attrs@entry=0x7f90e2ffc518, prot=0x7f90e2ffc514, page_size=0x7f90e2ffc528, fi=0x7f90e2ffc530, cacheattrs=0x7f90e2ffc51c) at /data/qemu/target/arm/helper.c:11950
> #6 0x0000560ef0bef669 in arm_cpu_tlb_fill (cs=0x560ef326ac10, address=18446674270391351284, size=<optimized out>, access_type=MMU_INST_FETCH, mmu_idx=2, probe=<optimized out>, retaddr=0) at /data/qemu/target/arm/tlb_helper.c:177
> #7 0x0000560ef0adbd85 in tlb_fill (cpu=0x560ef326ac10, addr=18446674270391351284, size=0, access_type=MMU_INST_FETCH, mmu_idx=2, retaddr=0) at /data/qemu/accel/tcg/cputlb.c:1032
> #8 0x0000560ef0adf216 in get_page_addr_code_hostp (env=<optimized out>, addr=addr@entry=18446674270391351284, hostp=hostp@entry=0x0) at /data/qemu/accel/tcg/cputlb.c:1211
> #9 0x0000560ef0adf287 in get_page_addr_code (env=<optimized out>, addr=addr@entry=18446674270391351284) at /data/qemu/accel/tcg/cputlb.c:1243
> #10 0x0000560ef0af21c4 in tb_htable_lookup (cpu=cpu@entry=0x560ef326ac10, pc=18446674270391351284, cs_base=<optimized out>, flags=2182107137, cf_mask=4278714368) at /data/qemu/accel/tcg/cpu-exec.c:337
> #11 0x0000560ef0af2fd6 in tb_lookup__cpu_state (cf_mask=<optimized out>, flags=0x7f90e2ffc718, cs_base=0x7f90e2ffc720, pc=0x7f90e2ffc728, cpu=0x0) at /data/qemu/include/exec/tb-lookup.h:43
> #12 0x0000560ef0af2fd6 in tb_find (cf_mask=524288, tb_exit=0, last_tb=0x0, cpu=0x0) at /data/qemu/accel/tcg/cpu-exec.c:404
> #13 0x0000560ef0af2fd6 in cpu_exec (cpu=cpu@entry=0x560ef326ac10) at /data/qemu/accel/tcg/cpu-exec.c:748
> #14 0x0000560ef0bb779f in tcg_cpu_exec (cpu=0x560ef326ac10) at /data/qemu/softmmu/cpus.c:1356
> #15 0x0000560ef0bb980b in qemu_tcg_cpu_thread_fn (arg=arg@entry=0x560ef326ac10) at /data/qemu/softmmu/cpus.c:1664
> #16 0x0000560ef10aaf76 in qemu_thread_start (args=<optimized out>) at /data/qemu/util/qemu-thread-posix.c:521
> #17 0x00007f919e9434f9 in start_thread () at /lib64/libpthread.so.0
> #18 0x00007f919e67bf2f in clone () at /lib64/libc.so.6
>
> I've reproduced that with a local Jailhouse installation, but I suspect
> (do not have the time right now to check) that a vanilla jailhouse-
> images [1] build for qemu-arm64 will trigger it as well. Once time
> permits, I could try to generate and share such an image.
>
> qemu 3.1.1.1 of my distro is fine, also f4d8cf148e43.
>
> Any ideas?
>
> Jan
>
> [1] https://github.com/siemens/jailhouse-images
thanks
-- PMM
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-07-21 9:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-21 7:21 aarch64: Crash with qemu master when starting Jailhouse Jan Kiszka
2020-07-21 9:28 ` Peter Maydell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.