Skip to content

qemu-system-x86_64 segfaults in iotlb_to_section() on riscv64

Host environment

  • Operating system: Arch Linux RISC-V
  • OS/kernel version: Linux centiskorch.felixc.at 6.1.42-1-sophgo-05620-gf3e0e4527b17 #1 SMP Wed, 16 Aug 2023 11:11:48 +0000 riscv64 GNU/Linux
  • Architecture: riscv64
  • QEMU flavor: qemu-system-x86_64
  • QEMU version: 8.1.1
  • QEMU command line: 
    qemu-system-x86_64 -M q35 -smp 8 -m 4096 -hda archlinux-2023.09.01-x86_64.iso

Emulated/Virtualized environment

  • Operating system: Arch Linux
  • OS/kernel version: Linux archiso 6.4.12-arch1-1 #1 SMP PREEMPT_DYNAMIC Thu, 24 Aug 2023 00:38:14 +0000 x86_64 GNU/Linux
  • Architecture: x86_64

Description of problem

QEMU segfaults when booting up the Arch Linux x86_64 installation ISO. The ISO could be downloaded from https://geo.mirror.pkgbuild.com/iso/2023.09.01/archlinux-2023.09.01-x86_64.iso or any other Arch Linux mirrors.

The crash often happens after "Probing EDD...". It's more reliably reproducible with higher -smp numbers, and may hang with "rcu_preempt detected stalls" without the -smp option.

Additional information

I have reproduced the same issues with different RISC-V hardware, including SG2042 and TH1520.

Errors:

qemu-system-x86_64: ../qemu-8.1.1/softmmu/physmem.c:2419: iotlb_to_section: Assertion `section_index < d->map.sections_nb' failed.

Backtrace:

#0  0x0000003fa74f0ece in __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x0000003fa74f0f0e in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x0000003fa74ba912 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x0000003fa74aa164 in __GI_abort () at abort.c:79
#4  0x0000003fa74b54a4 in __assert_fail_base
    (fmt=0x3fa7594c10 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x2ae1de0458 "section_index < d->map.sections_nb", file=file@entry=0x2ae1ddf980 "../qemu-8.1.1/softmmu/physmem.c", line=line@entry=2419, function=function@entry=0x2ae1f05f20 <__PRETTY_FUNCTION__.11> "iotlb_to_section") at assert.c:92
#5  0x0000003fa74b54f8 in __assert_fail (assertion=0x2ae1de0458 "section_index < d->map.sections_nb", file=0x2ae1ddf980 "../qemu-8.1.1/softmmu/physmem.c", line=2419, function=0x2ae1f05f20 <__PRETTY_FUNCTION__.11> "iotlb_to_section") at assert.c:101
#6  0x0000002ae1b69788 in iotlb_to_section () at ../qemu-8.1.1/softmmu/physmem.c:2419
#7  0x0000002ae1b9d774 in io_writex () at ../qemu-8.1.1/accel/tcg/cputlb.c:1432
#8  0x0000002ae1b9d924 in do_st_mmio_leN () at ../qemu-8.1.1/accel/tcg/cputlb.c:2755
#9  0x0000002ae1ba127c in do_st_4 () at ../qemu-8.1.1/accel/tcg/cputlb.c:2921
#10 do_st4_mmu () at ../qemu-8.1.1/accel/tcg/cputlb.c:3006
#11 0x0000003f600dd7ec in code_gen_buffer ()
#12 0x5f085e2755518600 in  ()
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information