Skip to content

GitLab

Closed
Created by Viktor Ashirov@vashirov👾

qemu-system-s390x segfaults in do_tb_phys_invalidate at ../accel/tcg/translate-all.c:1482

Description of problem:

I'm trying to run RHEL s390x image on x86_64 host. QEMU starts the VM, but before it is fully booted, it crashes:

Thread 4 "IO iothread1" received signal SIGSEGV, Segmentation fault.
[Switching to LWP 2424630]
0x000055725b95057e in do_tb_phys_invalidate (tb=tb@entry=0x7f25c5c71fc0 <code_gen_buffer+499589011>, 
    rm_from_page_list=rm_from_page_list@entry=true) at ../accel/tcg/translate-all.c:1482
1482        qatomic_set(&tcg_ctx->tb_phys_invalidate_count,
(gdb) bt
#0  0x000055725b95057e in do_tb_phys_invalidate (tb=tb@entry=0x7f25c5c71fc0 <code_gen_buffer+499589011>, 
    rm_from_page_list=rm_from_page_list@entry=true) at ../accel/tcg/translate-all.c:1482
#1  0x000055725b950927 in tb_phys_invalidate__locked (tb=0x7f25c5c71fc0 <code_gen_buffer+499589011>) at ../accel/tcg/translate-all.c:1488
#2  tb_invalidate_phys_page_range__locked (p=0x7f239ca57cf0, start=start@entry=2308218880, end=end@entry=2308222976, retaddr=0, 
    pages=0x7f25e8093ff0) at ../accel/tcg/translate-all.c:1994
#3  0x000055725b951f03 in tb_invalidate_phys_range (start=2308218880, end=2308222976) at ../accel/tcg/translate-all.c:2070
#4  0x000055725b95c2d6 in invalidate_and_set_dirty (mr=<optimized out>, addr=2308218880, length=4096) at ../softmmu/physmem.c:2678
#5  0x000055725b96127f in address_space_unmap (as=as@entry=0x55725bd73a60 <address_space_memory>, buffer=<optimized out>, len=<optimized out>, 
    is_write=is_write@entry=true, access_len=access_len@entry=4096) at ../softmmu/physmem.c:3208
#6  0x000055725b8f3ad6 in dma_memory_unmap (access_len=4096, dir=DMA_DIRECTION_FROM_DEVICE, len=<optimized out>, buffer=<optimized out>, 
    as=0x55725bd73a60 <address_space_memory>) at /usr/src/debug/qemu-5.2.0-8.fc34.x86_64/include/sysemu/dma.h:145
#7  virtqueue_unmap_sg (elem=elem@entry=0x7f25e8003990, len=len@entry=258049, vq=<optimized out>, vq=<optimized out>)
    at ../hw/virtio/virtio.c:684
#8  0x000055725b8f5be3 in virtqueue_fill (vq=vq@entry=0x7f25f424c010, elem=0x7f25e8003990, len=258049, idx=idx@entry=0)
    at ../hw/virtio/virtio.c:845
#9  0x000055725b8f5fa0 in virtqueue_push (vq=0x7f25f424c010, elem=elem@entry=0x7f25e8003990, len=<optimized out>) at ../hw/virtio/virtio.c:919
#10 0x000055725b8b81fb in virtio_blk_req_complete (req=req@entry=0x7f25e8003990, status=status@entry=0 '\000') at ../hw/block/virtio-blk.c:85
#11 0x000055725b8b8a1d in virtio_blk_rw_complete (opaque=<optimized out>, ret=0) at ../hw/block/virtio-blk.c:152
#12 0x000055725b9cce78 in blk_aio_complete (acb=0x7f25e8041640) at ../block/block-backend.c:1412
#13 blk_aio_complete (acb=0x7f25e8041640) at ../block/block-backend.c:1409
#14 blk_aio_complete_bh (opaque=0x7f25e8041640) at ../block/block-backend.c:1422
#15 0x000055725ba7c524 in aio_bh_call (bh=0x55725ccf0130) at ../util/async.c:136
#16 aio_bh_poll (ctx=ctx@entry=0x55725cceb3d0) at ../util/async.c:164
#17 0x000055725ba88d6d in aio_poll (ctx=0x55725cceb3d0, blocking=blocking@entry=true) at ../util/aio-posix.c:659
#18 0x000055725b993c9a in iothread_run (opaque=0x55725cc9df20) at ../iothread.c:73
#19 0x000055725ba75873 in qemu_thread_start (args=0x55725ccf2820) at ../util/qemu-thread-posix.c:521
#20 0x00007f25f7ab9299 in start_thread () from target:/lib64/libpthread.so.0
#21 0x00007f25f79df353 in ?? () from target:/lib64/libc.so.6

Version-Release number of selected component (if applicable): qemu-system-s390x-5.2.0-8.fc34.x86_64 Also tested with 6.0.0-7 from F35 with the same results.

How reproducible: always

Steps to Reproduce:

  1. Create s390x vm with xml attached and run it. rhel8-s390x.xml For reference here's my cmd line
/usr/bin/qemu-system-s390x -name guest=rhel8-s390x,debug-threads=on -S -object secret,id=maste
rKey0,format=raw,file=/var/lib/libvirt/qemu/domain-31-rhel8-s390x/master-key.aes -machine s390-ccw-virtio-5.2,accel=tcg,usb=off,dump-guest-core=of
f,memory-backend=s390.ram -cpu qemu -m 8192 -object memory-backend-ram,id=s390.ram,size=8589934592 -overcommit mem-lock=off -smp 2,sockets=2,cores
=1,threads=1 -object iothread,id=iothread1 -uuid bb6e0a0c-4cd9-458c-b7fd-60be7cff000c -display none -no-user-config -nodefaults -chardev socket,id
=charmonitor,fd=44,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -boot strict=on -blockdev {"driver":"
file","filename":"/var/lib/libvirt/images/rhel-guest-image-8.5-latest.s390x.qcow2","aio":"native","node-name":"libvirt-1-storage","cache":{"direct":t
rue,"no-flush":false},"auto-read-only":true,"discard":"unmap"} -blockdev {"node-name":"libvirt-1-format","read-only":false,"cache":{"direct":true,
"no-flush":false},"driver":"qcow2","file":"libvirt-1-storage","backing":null} -device virtio-blk-ccw,iothread=iothread1,devno=fe.0.0000,drive=libv
irt-1-format,id=virtio-disk0,bootindex=2,write-cache=on -netdev tap,fd=46,id=hostnet0 -device virtio-net-ccw,netdev=hostnet0,id=net0,mac=52:51:00:
11:22:33,devno=fe.0.0001 -chardev pty,id=charconsole0 -device sclpconsole,chardev=charconsole0,id=console0 -device virtio-balloon-ccw,id=balloon0,
devno=fe.0.0002 -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny -msg timestamp=on

Actual results:

qemu-system-s390x segfaults

Expected results:

qemu-system-s390x should not segfault

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information