[Qemu-devel] Segmentation fault when running qemu-system-s390x

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] Segmentation fault when running qemu-system-s390x

From:	Philipp Kern
Subject:	[Qemu-devel] Segmentation fault when running qemu-system-s390x
Date:	Sun, 1 Nov 2015 15:28:51 +0100
User-agent:	Mutt/1.5.23 (2014-03-12)

[Resent with the correct list address]

Hi,

I get a segmentation fault when trying to run qemu-system-s390x with a
simple Debian kernel and initrd.

According to git bisect:

0a1c71cec63e95f9b8d0dc96d049d2daa00c5210 is the first bad commit
commit 0a1c71cec63e95f9b8d0dc96d049d2daa00c5210
Author: Peter Maydell <address@hidden>
Date:   Thu Oct 1 15:29:48 2015 +0100

    exec.c: Don't call cpu_reload_memory_map() from cpu_exec_init()
    
    Currently we call cpu_reload_memory_map() from cpu_exec_init(),
    but this is not necessary:
     * KVM doesn't use the data structures maintained by
       cpu_reload_memory_map() (the TLB and cpu->memory_dispatch)
     * for TCG, we will call this function via tcg_commit() either
       as soon as tcg_cpu_address_space_init() registers the listener,
       or when the first MemoryRegion is added to the AddressSpace
       if the AS is empty when we register the listener
    
    The unnecessary call is awkward for adding support for multiple
    address spaces per CPU, so drop it.
    
    Signed-off-by: Peter Maydell <address@hidden>
    Reviewed-by: Edgar E. Iglesias <address@hidden>
    Message-Id: <address@hidden>
    Signed-off-by: Paolo Bonzini <address@hidden>

:100644 100644 7d90a522524b64a86a09c71dd54da804380ad803 
ab5d8a8061252899f04aaa6d83723b139a11597a M      exec.c

Backtrace at the bad revision (with -O0):

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffdc07d700 (LWP 23112)]
0x00005555555dd0f1 in address_space_lookup_region (d=0x0, addr=65536, 
resolve_subpage=false) at /home/pkern/src/qemu/exec.c:333
333         section = phys_page_find(d->phys_map, addr, d->map.nodes, 
d->map.sections);
(gdb) bt full
#0  0x00005555555dd0f1 in address_space_lookup_region (d=0x0, addr=65536, 
resolve_subpage=false)
    at /home/pkern/src/qemu/exec.c:333
        section = 0x0
        subpage = 0x5555577096f0
#1  0x00005555555dd1b7 in address_space_translate_internal (d=0x0, addr=65536, 
xlat=0x7fffdc07c588, plen=0x7fffdc07c590, 
    resolve_subpage=false) at /home/pkern/src/qemu/exec.c:350
        section = 0x0
        mr = 0x0
        diff = {lo = 140736884884752, hi = 1}
#2  0x00005555555dd4d5 in address_space_translate_for_iotlb 
(cpu=0x555557858a80, addr=65536, xlat=0x7fffdc07c588, 
    plen=0x7fffdc07c590) at /home/pkern/src/qemu/exec.c:434
        section = 0x5555558b1868
        __PRETTY_FUNCTION__ = "address_space_translate_for_iotlb"
#3  0x000055555562b786 in tlb_set_page_with_attrs (cpu=0x555557858a80, 
vaddr=65536, paddr=65536, attrs=..., prot=7, mmu_idx=0, 
    size=4096) at /home/pkern/src/qemu/cputlb.c:366
        env = 0x555557860d00
        section = 0x7
        index = 712983228
        address = 12281431504
        code_address = 16
        addend = 65536
        te = 0x100010000
        iotlb = 93825004614208
        xlat = 93824994779868
        sz = 4096
        vidx = 0
        __PRETTY_FUNCTION__ = "tlb_set_page_with_attrs"
#4  0x000055555562bb0a in tlb_set_page (cpu=0x555557858a80, vaddr=65536, 
paddr=65536, prot=7, mmu_idx=0, size=4096)
    at /home/pkern/src/qemu/cputlb.c:436
No locals.
#5  0x000055555569b915 in s390_cpu_handle_mmu_fault (cs=0x555557858a80, 
orig_vaddr=65536, rw=2, mmu_idx=0)
    at /home/pkern/src/qemu/target-s390x/helper.c:146
        cpu = 0x555557858a80
        __func__ = "s390_cpu_handle_mmu_fault"
        env = 0x555557860d00
        asc = 0
        vaddr = 65536
        raddr = 65536
        prot = 7
#6  0x00005555556a2a9e in tlb_fill (cs=0x555557858a80, addr=65536, is_write=2, 
mmu_idx=0, retaddr=0)
    at /home/pkern/src/qemu/target-s390x/mem_helper.c:39
        ret = 21845
#7  0x0000555555631b39 in helper_ret_ldb_cmmu (env=0x555557860d00, addr=65536, 
oi=0, retaddr=0)
    at /home/pkern/src/qemu/softmmu_template.h:189
        mmu_idx = 0
        index = 16
        tlb_addr = 18446744073709551615
        haddr = 0
        res = 0 '\000'
#8  0x000055555562aa82 in cpu_ldub_code_ra (env=0x555557860d00, ptr=65536, 
retaddr=0)
    at /home/pkern/src/qemu/include/exec/cpu_ldst_template.h:89
        page_index = 16
        res = 0
        addr = 65536
        mmu_idx = 0
        oi = 0
#9  0x000055555562aaf8 in cpu_ldub_code (env=0x555557860d00, ptr=65536)
    at /home/pkern/src/qemu/include/exec/cpu_ldst_template.h:101
No locals.
#10 0x000055555562bba6 in get_page_addr_code (env1=0x555557860d00, addr=65536) 
at /home/pkern/src/qemu/cputlb.c:456
        mmu_idx = 0
        page_index = 16
        pd = 0
        p = 0x7fffdc07d700
        mr = 0x5555558927ff
        cpu = 0x555557858a80
        __func__ = "get_page_addr_code"
#11 0x00005555555e6ec9 in tb_find_physical (cpu=0x555557858a80, pc=65536, 
cs_base=0, flags=4097)
    at /home/pkern/src/qemu/cpu-exec.c:222
        env = 0x555557860d00
        tb = 0x5555560e7710
        ptb1 = 0x5555560de0b0
        h = 257
        phys_pc = 93824994775183
        phys_page1 = 93825004369680
        virt_page2 = 140736884885760
#12 0x00005555555e7033 in tb_find_slow (cpu=0x555557858a80, pc=65536, 
cs_base=0, flags=4097)
    at /home/pkern/src/qemu/cpu-exec.c:266
        tb = 0x10400
#13 0x00005555555e7186 in tb_find_fast (cpu=0x555557858a80) at 
/home/pkern/src/qemu/cpu-exec.c:314
        env = 0x555557860d00
        tb = 0x0
        cs_base = 0
        pc = 65536
        flags = 4097
#14 0x00005555555e7594 in cpu_s390x_exec (cpu=0x555557858a80) at 
/home/pkern/src/qemu/cpu-exec.c:463
        cc = 0x5555560f4b20
        __func__ = "cpu_s390x_exec"
        ret = 21845
        interrupt_request = 0
        tb = 0x7fffdc07c9a0
        tc_ptr = 0x5555556c0f65 <runstate_is_running+14> 
"\017\266\300]\303UH\211\345\277\002"
        next_tb = 0
        sc = {diff_clk = 140736884885952, last_cpu_icount = 40087115959, 
realtime_clock = 140736884885952}
#15 0x00005555556100ef in tcg_cpu_exec (cpu=0x555557858a80) at 
/home/pkern/src/qemu/cpus.c:1450
        ret = 21845
#16 0x00005555556101cd in tcg_exec_all () at /home/pkern/src/qemu/cpus.c:1482
        cpu = 0x555557858a80
        r = 32767
#17 0x000055555560f721 in qemu_tcg_cpu_thread_fn (arg=0x555557858a80) at 
/home/pkern/src/qemu/cpus.c:1128
        cpu = 0x0
#18 0x00007ffff258e0a4 in start_thread (arg=0x7fffdc07d700) at 
pthread_create.c:309
        __res = <optimized out>
        pd = 0x7fffdc07d700
        now = <optimized out>
---Type <return> to continue, or q <return> to quit---
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140736884889344, 
-5613847576358200238, 1, 140737354125408, 0, 
                140736884889344, 5613775766303759442, 5613877598567357522}, 
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 
              0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#19 0x00007ffff22c304d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:111
No locals.

Kind regards and thanks
Philipp Kern

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] Segmentation fault when running qemu-system-s390x, Philipp Kern <=
- Re: [Qemu-devel] Segmentation fault when running qemu-system-s390x, Peter Maydell, 2015/11/02

Prev by Date: [Qemu-devel] Periodic timer for VIRTUAL_CLOCK causes deadlock in icount mode
Next by Date: Re: [Qemu-devel] Periodic timer for VIRTUAL_CLOCK causes deadlock in icount mode
Previous by thread: [Qemu-devel] Periodic timer for VIRTUAL_CLOCK causes deadlock in icount mode
Next by thread: Re: [Qemu-devel] Segmentation fault when running qemu-system-s390x
Index(es):
- Date
- Thread