Segfault while booting Windows XP x64

Segfault while booting Windows XP x64

[Mike Kelly]

[-- Attachment #1: Type: text/plain, Size: 511 bytes --]

I'm on a Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz, using a 2.6.29
vanilla kernel, x86_64. kvm userland version 84.

When I try to boot my x64 Windows XP, it gets partway through the
windows booting process, with the progress bar and what not. Then, I
get the attached backtrace.

The various -no-kvm options don't seem to make a difference.

I created, and was able to boot, this image using linux 2.6.28. I'll
give it a shot again later to confirm that is still the case.

Thanks in advance.

-- 
Mike Kelly

[-- Attachment #2: kvm-winxp-x64-backtrace.txt --]
[-- Type: text/plain, Size: 6680 bytes --]

GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu"...
Starting program: /usr/bin/kvm -usb -usbdevice tablet -name winxp-x64 winxp-x64.kvm
[Thread debugging using libthread_db enabled]
[New Thread 0x7fe4d978b740 (LWP 29948)]
[New Thread 0x7fe4ccf9d950 (LWP 29951)]
[New Thread 0x7fe4cb6d5950 (LWP 29955)]
[Thread 0x7fe4cb6d5950 (LWP 29955) exited]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fe4ccf9d950 (LWP 29951)]
qemu_paio_cancel (fd=<value optimized out>, aiocb=0x2909230) at posix-aio-compat.c:184
184	        TAILQ_REMOVE(&request_list, aiocb, node);

Thread 2 (Thread 0x7fe4ccf9d950 (LWP 29951)):
#0  qemu_paio_cancel (fd=<value optimized out>, aiocb=0x2909230) at posix-aio-compat.c:184
	ret = <value optimized out>
#1  0x000000000041acf8 in raw_aio_cancel (blockacb=<value optimized out>) at block-raw-posix.c:681
	ret = <value optimized out>
	acb = (RawAIOCB *) 0x2909210
#2  0x0000000000433790 in ide_dma_cancel (bm=0x27dfe60) at /var/tmp/paludis/build/app-virtualization-kvm-84/work/kvm-84/qemu/hw/ide.c:2973
No locals.
#3  0x00000000004337f5 in bmdma_cmd_writeb (opaque=0x27dfe60, addr=0, val=<value optimized out>)
    at /var/tmp/paludis/build/app-virtualization-kvm-84/work/kvm-84/qemu/hw/ide.c:2987
No locals.
#4  0x0000000000520d5d in kvm_outb (opaque=<value optimized out>, addr=0, data=0 '\0')
    at /var/tmp/paludis/build/app-virtualization-kvm-84/work/kvm-84/qemu/qemu-kvm.c:684
No locals.
#5  0x000000000054cfa5 in kvm_run (kvm=0x2716010, vcpu=0, env=0x2725f90) at libkvm.c:722
	r = <value optimized out>
	fd = 12
	run = (struct kvm_run *) 0x7fe4cc799000
#6  0x0000000000521529 in kvm_cpu_exec (env=<value optimized out>) at /var/tmp/paludis/build/app-virtualization-kvm-84/work/kvm-84/qemu/qemu-kvm.c:205
	r = <value optimized out>
#7  0x0000000000521818 in ap_main_loop (_env=<value optimized out>) at /var/tmp/paludis/build/app-virtualization-kvm-84/work/kvm-84/qemu/qemu-kvm.c:414
	env = (CPUX86State *) 0x2725f90
	signals = {__val = {18446744067267100671, 18446744073709551615 <repeats 15 times>}}
	data = (struct ioperm_data *) 0x0
#8  0x00007fe4d89eff97 in start_thread () from /lib/libpthread.so.0
No locals.
#9  0x00007fe4d792bdfd in clone () from /lib/libc.so.6
No symbol table info available.

Thread 1 (Thread 0x7fe4d978b740 (LWP 29948)):
#0  0x00007fe4d7925452 in select () from /lib/libc.so.6
No symbol table info available.
#1  0x0000000000409eab in main_loop_wait (timeout=0) at /var/tmp/paludis/build/app-virtualization-kvm-84/work/kvm-84/qemu/vl.c:3647
	ioh = <value optimized out>
	rfds = {fds_bits = {164992, 0 <repeats 15 times>}}
	wfds = {fds_bits = {0 <repeats 16 times>}}
	xfds = {fds_bits = {0 <repeats 16 times>}}
	ret = <value optimized out>
	nfds = 17
	tv = {tv_sec = 0, tv_usec = 999644}
#2  0x0000000000520fea in kvm_main_loop () at /var/tmp/paludis/build/app-virtualization-kvm-84/work/kvm-84/qemu/qemu-kvm.c:596
	fds = {15, 16}
	mask = {__val = {268443648, 0 <repeats 15 times>}}
	sigfd = 17
#3  0x000000000040e4db in main (argc=<value optimized out>, argv=0x7fffe17aa448, envp=<value optimized out>)
    at /var/tmp/paludis/build/app-virtualization-kvm-84/work/kvm-84/qemu/vl.c:3809
	use_gdbstub = 0
	gdbstub_port = 0x54f5ef "1234"
	boot_devices_bitmap = 0
	i = <value optimized out>
	snapshot = 0
	linux_boot = <value optimized out>
	net_boot = <value optimized out>
	initrd_filename = 0x0
	kernel_filename = 0x0
	kernel_cmdline = 0x58cc6b ""
	boot_devices = 0x54f881 "cad"
	ds = <value optimized out>
	dcl = <value optimized out>
	cyls = 0
	heads = 0
	secs = 0
	translation = 0
	net_clients = {0x54f45d "nic", 0x54f885 "user", 0x0, 0x7fe4d95972ee "\205À\017\217z\001", 0x0, 
  0x7fe4d9596bec "\205Àt\"A\213D$\f\205Àu\027\205í\017\037D", 0x7fe400000001 <Address 0x7fe400000001 out of bounds>, 0x7fe4d97a95b8 "\220\225zÙä\177", 
  0x0, 0x1 <Address 0x1 out of bounds>, 0x71dd557f <Address 0x71dd557f out of bounds>, 0x7fe4d9596ffa "L\213D$\020H\205ÀD\213L$\bt¯éäþÿÿ1Ò\213\216ì\002", 
  0x1e17fe2e8 <Address 0x1e17fe2e8 out of bounds>, 0x7fe40000003f <Address 0x7fe40000003f out of bounds>, 0x1c77555 <Address 0x1c77555 out of bounds>, 
  0x7fffe17aa140 "", 0x7fffe17aa2c8 "\005\017þ\a\001", 0x7fffe17fe158 "", 0x0, 0x7fffe17aa350 "", 0x7fe4d97a9590 "", 0x7fe4d7976adb "clock_gettime", 
  0x7fffe17fe230 "", 0x7fe4d9596bec "\205Àt\"A\213D$\f\205Àu\027\205í\017\037D", 0x0, 0x7fe4d978eb20 "", 0xc <Address 0xc out of bounds>, 
  0x17 <Address 0x17 out of bounds>, 0xf63d4e2e <Address 0xf63d4e2e out of bounds>, 
  0x7fe4d95970a4 "L\213D$\020H\205ÀD\213L$\bL\213\034$\017\2057þÿÿA\213\023ë\214I\203?", 
  0x7fe4d7861974 "/N=öÎ\030L\017ùÄ-×øÔ\217Ó\204\"\233|\205\"\233|ìûÀ=°\"\225Ã8Ç\031uÿ\001Ä\022ÉBY\020ÜÏ쵶w\035\rGÞÍ%µV1ýÇr1\035\a;úL\214\t)\020\t~\222\0348µï0jÝù{\004\\H±Ô¡\034 \002êÙ\0179µï0X?\227|\030\034sìT\200ÌsÙ\202c\002;H\205\0336\rfý2vàÕ¨§Ká¼\234#\217Ö\036h\233£\230Ëò\234\002Y1\n´\006ß½èe\235J\032\223¨Pµ¨\020\205)%~\016|\030¹Ñ8\a\221\222þ\206ï¦:VÓñIµ$\202¡7äQhoìð¤\017l"..., 0x7fff0000002e <Address 0x7fff0000002e out of bounds>}
	nb_net_clients = 2
	bt_opts = {0x0, 0x7fe4d978ebd8 "©:@", 0x7fe400000001 <Address 0x7fe400000001 out of bounds>, 0x0, 
  0x7fe400000001 <Address 0x7fe400000001 out of bounds>, 0x7fe4d8bffc00 "ð\f\237Øä\177", 0x7fe4d97ab040 "", 0x5657f0 "", 
  0x1000000bf <Address 0x1000000bf out of bounds>, 0x7fe4d978ebd8 "©:@"}
	nb_bt_opts = 0
	hda_index = 0
	optind = <value optimized out>
	r = <value optimized out>
	optarg = <value optimized out>
	monitor_hd = <value optimized out>
	monitor_device = 0x54f5f4 "vc"
	serial_devices = {0x54f5d9 "vc:80Cx24C", 0x0, 0x0, 0x0}
	serial_device_index = 0
	parallel_devices = {0x54f5e4 "vc:640x480", 0x0, 0x0}
	parallel_device_index = 0
	virtio_console_index = 0
	loadvm = 0x0
	machine = (QEMUMachine *) 0x7dad00
	cpu_model = 0x0
	usb_devices = {0x7fffe17aaff5 "tablet", 0x7fffe17aa3c0 "", 0x7fe4d97a9000 "", 0x403a35 "__libc_start_main", 0x0, 
  0x107fe0f05 <Address 0x107fe0f05 out of bounds>, 0x2cb4304900000001 <Address 0x2cb4304900000001 out of bounds>, 0x7fe4d9791000 ""}
	usb_devices_index = 1
	fds = {-512056248, 32767}
	tb_size = 0
	pid_file = 0x0
	autostart = 1
	incoming = 0x0
184	        TAILQ_REMOVE(&request_list, aiocb, node);
Kill the program being debugged? (y or n) 

Re: Segfault while booting Windows XP x64

[Gleb Natapov]

On Mon, Mar 30, 2009 at 11:26:52PM -0400, Mike Kelly wrote:
> I'm on a Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz, using a 2.6.29
> vanilla kernel, x86_64. kvm userland version 84.
> 
> When I try to boot my x64 Windows XP, it gets partway through the
> windows booting process, with the progress bar and what not. Then, I
> get the attached backtrace.
> 
> The various -no-kvm options don't seem to make a difference.
> 
> I created, and was able to boot, this image using linux 2.6.28. I'll
> give it a shot again later to confirm that is still the case.
> 
Are you sure you have write permission to that image?

--
			Gleb.

Re: Segfault while booting Windows XP x64

[Mike Kelly]

On Tue, 31 Mar 2009 08:54:48 +0300
Gleb Natapov <gleb@redhat.com> wrote:

> On Mon, Mar 30, 2009 at 11:26:52PM -0400, Mike Kelly wrote:
> > I'm on a Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz, using a 2.6.29
> > vanilla kernel, x86_64. kvm userland version 84.
> > 
> > When I try to boot my x64 Windows XP, it gets partway through the
> > windows booting process, with the progress bar and what not. Then, I
> > get the attached backtrace.
> > 
> > The various -no-kvm options don't seem to make a difference.
> > 
> > I created, and was able to boot, this image using linux 2.6.28. I'll
> > give it a shot again later to confirm that is still the case.
> > 
> Are you sure you have write permission to that image?

Hmm, I thought I did, but looks like I messed up my mount this time
around. Dang.

That still shouldn't cause a segfault, though. But, yes, fixing my
mount fixes the crash.

-- 
Mike Kelly

Re: Segfault while booting Windows XP x64

[Gleb Natapov]

On Tue, Mar 31, 2009 at 08:50:25AM -0400, Mike Kelly wrote:
> On Tue, 31 Mar 2009 08:54:48 +0300
> Gleb Natapov <gleb@redhat.com> wrote:
> 
> > On Mon, Mar 30, 2009 at 11:26:52PM -0400, Mike Kelly wrote:
> > > I'm on a Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz, using a 2.6.29
> > > vanilla kernel, x86_64. kvm userland version 84.
> > > 
> > > When I try to boot my x64 Windows XP, it gets partway through the
> > > windows booting process, with the progress bar and what not. Then, I
> > > get the attached backtrace.
> > > 
> > > The various -no-kvm options don't seem to make a difference.
> > > 
> > > I created, and was able to boot, this image using linux 2.6.28. I'll
> > > give it a shot again later to confirm that is still the case.
> > > 
> > Are you sure you have write permission to that image?
> 
> Hmm, I thought I did, but looks like I messed up my mount this time
> around. Dang.
> 
> That still shouldn't cause a segfault, though. But, yes, fixing my
> mount fixes the crash.
> 
This crash is known and fix is been working on. It happens on IO
cancellation path and usually you get there if you don't have write
permission to you image.

--
			Gleb.

Re: Segfault while booting Windows XP x64

[Mike Kelly]

On Tue, 31 Mar 2009 15:53:06 +0300
Gleb Natapov <gleb@redhat.com> wrote:

> This crash is known and fix is been working on. It happens on IO
> cancellation path and usually you get there if you don't have write
> permission to you image.

Ok, cool. Thanks for the help w/ my stupidity.

-- 
Mike Kelly