Bug#785018: "KVM internal error" and emulation failure

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#785018: "KVM internal error" and emulation failure
From: Josh Triplett <josh@joshtriplett.org>
Date: Mon, 11 May 2015 09:09:08 -0700
Message-id: <[🔎] 20150511160907.GA12987@x>
Reply-to: Josh Triplett <josh@joshtriplett.org>, 785018@bugs.debian.org

Package: qemu-system-x86
Version: 1:2.1+dfsg-11
Severity: important

I don't know if this bug lies in qemu or in the kernel.  I can reproduce it
with the latest kernel from git (4.1-rc3), as well as with 3.16 (Debian package
3.16.7-ckt9-3).  I can also reproduce this bug with the latest qemu from git
(commit 266745cacb848d7cd0ae8889ae262e8718ace4d4).

I can reliably reproduce the following error on a Broadwell system
(/proc/cpuinfo attached) with KVM acceleration enabled, when booting a
self-built OVMF BIOS image with -bios.  The same image works fine on other
systems, or on this system with KVM acceleration disabled.

KVM internal error. Suberror: 1
emulation failure
RAX=00000000fffe75cc RBX=00000000fffe60e4 RCX=0000000000000402 RDX=0000000000000402
RSI=00000000fffe62c4 RDI=0000000000005042 RBP=000000000007ffd0 RSP=000000000007fd08
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=00000000fffe75cc RFL=00010046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0008 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
CS =0018 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0008 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0008 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
FS =0008 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
GS =0008 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
LDT=0000 0000000000000000 0000ffff 00008200 DPL=0 LDT
TR =0000 0000000000000000 0000ffff 00008b00 DPL=0 TSS64-busy
GDT=     00000000ffffff80 0000001f
IDT=     0000000000000000 0000ffff
CR0=c0000033 CR2=0000000000000000 CR3=00000000ffffe000 CR4=00000660
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000500
Code=00 00 00 48 b8 50 7c fe ff 00 00 00 00 ff d0 c9 c3 90 90 90 <9b> db e3 68 7f 03 00 00 48 8d 04 24 d9 28 58 0f 20 e0 48 0d 00 02 00 00 0f 22 e0 68 80 1f

(qemu then stops emulation.)

Decoding that instruction stream (either from those bytes, or via the
'x' command in the qemu console) shows (starting with the failing
instruction):

   0:   9b db e3                finit
   3:   68 7f 03 00 00          pushq  $0x37f
   8:   48 8d 04 24             lea    (%rsp),%rax
   c:   d9 28                   fldcw  (%rax)
   e:   58                      pop    %rax
   f:   0f 20 e0                mov    %cr4,%rax
  12:   48 0d 00 02 00 00       or     $0x200,%rax
  18:   0f 22 e0                mov    %rax,%cr4

If I disable kvm acceleration, this failure does not occur.  The failure still
occurs with other values for the -cpu option.

Happy to collect additional information about the crash, or try with
other options, to help debug this.  I can also run a qemu binary under
gdb and collect information that way, if that helps.

- Josh Triplett

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.1.0-rc3 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages qemu-system-x86 depends on:
ii  ipxe-qemu           1.0.0+git-20150424.a25a16d-1
ii  libaio1             0.3.110-1
ii  libasound2          1.0.28-1
ii  libbluetooth3       5.23-2+b1
ii  libbrlapi0.6        5.2~20141018-5
ii  libc6               2.19-18
ii  libcurl3-gnutls     7.42.1-2
ii  libfdt1             1.4.0+dfsg-1
ii  libgcc1             1:5.1.1-5
ii  libglib2.0-0        2.44.0-2
ii  libgnutls-deb0-28   3.3.15-2
ii  libiscsi2           1.12.0-2
ii  libjpeg62-turbo     1:1.3.1-12
ii  libncurses5         5.9+20140913-1+b1
ii  libpixman-1-0       0.32.6-3
ii  libpng12-0          1.2.50-2+b2
ii  libpulse0           6.0-2
ii  librados2           0.80.9-2
ii  librbd1             0.80.9-2
ii  libsasl2-2          2.1.26.dfsg1-13
ii  libsdl1.2debian     1.2.15-11
ii  libseccomp2         2.1.1-1
ii  libspice-server1    0.12.5-1+b1
ii  libssh2-1           1.5.0-2+b1
ii  libtinfo5           5.9+20140913-1+b1
ii  libusb-1.0-0        2:1.0.19-1
ii  libusbredirparser1  0.7-1
ii  libuuid1            2.26.2-2
ii  libvdeplug2         2.3.2+r586-2
ii  libx11-6            2:1.6.3-1
ii  libxen-4.4          4.4.1-9
ii  libxenstore3.0      4.4.1-9
ii  qemu-system-common  1:2.1+dfsg-11
ii  seabios             1.8.1-2
ii  zlib1g              1:1.2.8.dfsg-2+b1

Versions of packages qemu-system-x86 recommends:
ii  qemu-utils  1:2.1+dfsg-11

Versions of packages qemu-system-x86 suggests:
ii  kmod     20-1
pn  ovmf     <none>
pn  samba    <none>
pn  sgabios  <none>
pn  vde2     <none>

-- no debconf information

Reply to:

Prev by Date: Bug#782442: USB3 external HDD not recognized [regression]
Next by Date: Processing of firmware-nonfree_0.44_i386.changes
Previous by thread: linux-latest_64_i386.changes ACCEPTED into unstable
Next by thread: Processing of firmware-nonfree_0.44_i386.changes
Index(es):
- Date
- Thread