Bug 1386102

Summary: KVM internal error. Suberror: 1 emulation failure
Product: Red Hat Enterprise Linux 7 Reporter: Xu Tian <xutian>
Component: ovmfAssignee: Laszlo Ersek <lersek>
Status: CLOSED CURRENTRELEASE QA Contact: FuXiangChun <xfu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: bsd, chayang, fedora-bugs, juzhang, knoel, lersek, michen, pbonzini, virt-maint, xutian
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-01-18 17:12:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
VM boot log none

Description Xu Tian 2016-10-18 07:29:25 UTC 
Created attachment 1211623 [details]
VM boot log

Description of problem:

Qemu-kvm report emulation failure when booting up a guest from uefi rom, below information print to terminal, hope it will helpful to do bug analysis.

13:31:10 ERROR| RAX=00000000fee00020 RBX=0000000000000000 RCX=00000000fee00020 RDX=0000000000000020
13:31:10 ERROR| RSI=0000000000000003 RDI=000000007ef38328 RBP=000000007e96be70 RSP=000000007e96be40
13:31:10 ERROR| R8 =000000000000000b R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
13:31:10 ERROR| R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
13:31:10 ERROR| RIP=000000007f5d0fb7 RFL=00010046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
13:31:10 ERROR| ES =0030 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
13:31:10 ERROR| CS =0038 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
13:31:10 ERROR| SS =0030 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
13:31:10 ERROR| DS =0030 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
13:31:10 ERROR| FS =0030 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
13:31:10 ERROR| GS =0030 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
13:31:10 ERROR| LDT=0000 0000000000000000 0000ffff 00008200 DPL=0 LDT
13:31:10 ERROR| TR =0000 0000000000000000 0000ffff 00008b00 DPL=0 TSS64-busy
13:31:10 ERROR| GDT=     000000007f6ebf18 00000047
13:31:10 ERROR| IDT=     0000000000000000 0000ffff
13:31:10 ERROR| CR0=80000033 CR2=0000000000000000 CR3=000000007f709000 CR4=00000660
13:31:10 ERROR| DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
13:31:10 ERROR| DR6=00000000ffff0ff0 DR7=0000000000000400
13:31:10 ERROR| EFER=0000000000000500
13:31:10 ERROR| Code=00 00 ff d0 48 b8 af 7e 5c 7f 00 00 00 00 ff d0 48 8b 45 10 <8b> 00 89 45 fc 48 b8 af 7e 5c 7f 00 00 00 00 ff d0 8b 45 fc c9 c3 55 48 89 e5 48 83 ec 20



Version-Release number of selected component (if applicable):

qemu-kvm-rhev-2.6.0-28.el7.x86_64
OVMF-20160608b-1.git988715a.el7.noarch.rpm
kernel-3.10.0-512.el7.x86_64

How reproducible:

3 / 100

Steps to Reproduce:
1. boot a guest form uefi rom, command line likes:

/usr/libexec/qemu-kvm \
    -S  \
    -name 'avocado-vt-vm1'  \
    -sandbox off  \
    -machine q35  \
    -nodefaults  \
    -vga qxl \
    -device ioh3420,id=root_port,bus=pcie.0,addr=02 \
    -device x3130-upstream,id=pcie_switch,bus=root_port,addr=00 \
    -device i82801b11-bridge,id=dmi2pci_bridge,bus=pcie.0,addr=03 \
    -device pci-bridge,id=pci_bridge,bus=dmi2pci_bridge,addr=01,chassis_nr=1 \
    -device intel-hda,bus=pci_bridge,addr=01 \
    -device hda-duplex  \
    -chardev socket,id=qmp_id_qmpmonitor1,path=/var/tmp/avocado_3EovO8/monitor-qmpmonitor1-20161014-133031-yhq0s777,server,nowait \
    -mon chardev=qmp_id_qmpmonitor1,mode=control  \
    -chardev socket,id=qmp_id_catch_monitor,path=/var/tmp/avocado_3EovO8/monitor-catch_monitor-20161014-133031-yhq0s777,server,nowait \
    -mon chardev=qmp_id_catch_monitor,mode=control \
    -device pvpanic,ioport=0x505,id=idYzETT1  \
    -chardev socket,id=serial_id_serial0,path=/var/tmp/avocado_3EovO8/serial-serial0-20161014-133031-yhq0s777,server,nowait \
    -device isa-serial,chardev=serial_id_serial0 \
    -device xio3130-downstream,bus=pcie_switch,id=pcie_switch.0,addr=00,chassis=1 \
    -device virtio-serial-pci,id=virtio_serial_pci0,bus=pcie_switch.0,addr=00 \
    -chardev socket,path=/var/tmp/avocado_3EovO8/virtio_port-vs-20161014-133031-yhq0s777,nowait,id=idWWTEbO,server \
    -device virtserialport,bus=virtio_serial_pci0.0,name=vs,chardev=idWWTEbO,id=id6ceu5D  \
    -chardev socket,id=seabioslog_id_20161014-133031-yhq0s777,path=/var/tmp/avocado_3EovO8/seabios-20161014-133031-yhq0s777,server,nowait \
    -device isa-debugcon,chardev=seabioslog_id_20161014-133031-yhq0s777,iobase=0x402 \
    -device nec-usb-xhci,id=usb1,bus=pcie.0,addr=04 \
    -drive id=drive_image1,if=none,snapshot=off,aio=native,cache=none,format=qcow2,file=/usr/share/avocado/data/avocado-vt/images/RHEL-Server-7.3-64-virtio.qcow2 \
    -device xio3130-downstream,bus=pcie_switch,id=pcie_switch.1,addr=01,chassis=2 \
    -device virtio-blk-pci,id=image1,drive=drive_image1,bootindex=0,bus=pcie_switch.1,addr=00 \
    -device xio3130-downstream,bus=pcie_switch,id=pcie_switch.2,addr=02,chassis=3 \
    -device virtio-net-pci,mac=9a:c2:c3:c4:c5:c6,id=idfmAFdt,vectors=4,netdev=id5oN0Gk,bus=pcie_switch.2,addr=00  \
    -netdev tap,id=id5oN0Gk,vhost=on,vhostfd=18,fd=17 \
    -m 2048  \
    -smp 8,maxcpus=8,cores=4,threads=1,sockets=2  \
    -cpu 'Nehalem',+kvm_pv_unhalt \
    -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1  \
    -spice port=3000,password=123456,addr=0,image-compression=auto_glz,zlib-glz-wan-compression=auto,streaming-video=all,agent-mouse=on,playback-compression=on,ipv4  \
    -rtc base=utc,clock=host,driftfix=slew  \
    -boot order=cdn,once=c,menu=off,strict=off \
    -drive if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF_CODE.fd \
    -drive if=pflash,format=raw,file=/usr/share/avocado/data/avocado-vt/images/RHEL-Server-7.3-64-virtio.qcow2.fd \
    -enable-kvm

Actual results:

qemu-kvm process quit with error message


Expected results:

Guest boot up successful, user can login via console.

Additional info:
see boot log in attachment
Comment 2 Radim Krčmář 2016-11-10 11:28:39 UTC 
KVM fails when emulating "8b 00", which is "mov (%rax),%eax".
%rax is 0xfee00020, the address of the APIC ID register, but there is no indication why the emulator couldn't read the APIC ID.

I ran about 2000 tries and never hit the bug ...
Please provide access to a machine with the reproducer or give more detailed instructions for the reproducer.

Thanks.
Comment 7 Tobias Mueller 2017-06-20 18:42:40 UTC 
I think I'm hitting a very similar issue.

I run these command in a KVM virtualised VM. I'm on a i5-4300U CPU @ 1.90GHz and I'm running a virtual Ubuntu machine using QEmu (through libvirt):

/usr/bin/qemu-system-x86_64 -name libvirt_default -S -machine pc-i440fx-xenial,accel=kvm,usb=off -m 512 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid 3d7d5d31-5321-4468-8ee4-22637f748dea -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-libvirt_default/monitor.sock,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -boot strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=/var/lib/libvirt/images/libvirt_default.img,format=qcow2,if=none,id=drive-virtio-disk0 -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x3,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,fd=26,id=hostnet0 -device e1000,netdev=hostnet0,id=net0,mac=11:22:33:44:55:66,bus=pci.0,addr=0x5 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -vnc 127.0.0.1:0 -k en-us -device cirrus-vga,id=video0,bus=pci.0,addr=0x2 -device usb-host,hostbus=2,hostaddr=4,id=hostdev0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4 -msg timestamp=on

(MAC address obfuscated)

In the virtual machine, I'm running the following command:

$ qemu-system-x86_64 -enable-kvm -name test -cpu host    -m 1 -realtime mlock=off  -no-user-config -nodefaults  -no-shutdown    -drive file=/var/tmp/ubuntu-16.04-server-cloudimg-amd64-disk2.img,format=qcow2,if=none,id=drive-virtio-disk1 -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x9,drive=drive-virtio-disk1,id=virtio-disk1,bootindex=1   -monitor stdio -snapshot
QEMU 2.5.0 monitor - type 'help' for more information
(qemu) KVM internal error. Suberror: 1
emulation failure
EAX=00000000 EBX=00000417 ECX=96067cad EDX=d8ee3aed
ESI=00007c09 EDI=000081f7 EBP=00000000 ESP=770760bc
EIP=0000e2ea EFL=00010046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0010 00000000 ffffffff 00c09300 DPL=0 DS   [-WA]
CS =0008 00000000 ffffffff 00c09b00 DPL=0 CS32 [-RA]
SS =0010 00000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0010 00000000 ffffffff 00c09300 DPL=0 DS   [-WA]
FS =0010 00000000 ffffffff 00c09300 DPL=0 DS   [-WA]
GS =0010 00000000 ffffffff 00c09300 DPL=0 DS   [-WA]
LDT=0000 00000000 0000ffff 00008200 DPL=0 LDT
TR =0000 00000000 0000ffff 00008b00 DPL=0 TSS32-busy
GDT=     00008280 00000027
IDT=     00000000 00000000
CR0=00000011 CR2=00000000 CR3=00000000 CR4=00000000
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000000
Code=51 2d fb 9e df 91 47 47 ad 20 6f 68 3e b9 ad 7c 06 96 58 ef <df> 2c 74 6d cf ef a7 ce 21 2b f2 8a d4 d8 e3 2a 62 28 08 76 c5 c1 09 8f e8 46 a8 a4 d7 86
qemu-system-x86_64: terminating on signal 2

This message doesn't appear instantaneously, but relatively quickly. Maybe after a minute or two.


If I remove the  -enable-kvm -name test -cpu host  flags, the error goes away:

$ qemu-system-x86_64 -m 1 -realtime mlock=off  -no-user-config -nodefaults  -no-shutdown    -drive file=/var/tmp/ubuntu-16.04-server-cloudimg-amd64-disk2.img,format=qcow2,if=none,id=drive-virtio-disk1 -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x9,drive=drive-virtio-disk1,id=virtio-disk1,bootindex=1   -monitor stdio -snapshot
QEMU 2.5.0 monitor - type 'help' for more information
(qemu) warning: TCG doesn't support requested feature: CPUID.01H:ECX.vmx [bit 5]
qemu-system-x86_64: terminating on signal 2


Not that the virtual machine would boot, though...  The qemu process consumes all the CPU without it appearing to be doing anything useful.


Likewise, removing the last argument seems to make error go away:
$ qemu-system-x86_64 -enable-kvm -name test -cpu host    -m 1 -realtime mlock=off  -no-user-config -nodefaults  -no-shutdown    -drive file=/var/tmp/ubuntu-16.04-server-cloudimg-amd64-disk2.img,format=qcow2,if=none,id=drive-virtio-disk1    -monitor stdio -snapshot
QEMU 2.5.0 monitor - type 'help' for more information
(qemu) 


Again, the machine doesn't seem to boot... The same happens when I remove the -m 1 argument:

$ qemu-system-x86_64 -enable-kvm -name test -cpu host  -realtime mlock=off  -no-user-config -nodefaults  -no-shutdown    -drive file=/var/tmp/ubuntu-16.04-server-cloudimg-amd64-disk2.img,format=qcow2,if=none,id=drive-virtio-disk1 -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x9,drive=drive-virtio-disk1,id=virtio-disk1,bootindex=1   -monitor stdio -snapshot
QEMU 2.5.0 monitor - type 'help' for more information
(qemu) 


I may have not waited long enough for the error message to appear, though.
Comment 8 Radim Krčmář 2017-06-21 15:27:04 UTC 
Tobias,

you setup doesn't execute the "fildll (%esp,%esi,2)" instruction inside nested virtualization, which is likely due to a different cause.

"-m 1" is very radical and I don't expect any modern OS to boot with 1 MB of memory.  Without "-m 1" is the same as "-m 128", which might not work depending on the OS configuration ... don't expect GUI. :)

Do you see some output on the serial console when you add as much memory as possible?

Thanks.
Comment 9 Tobias Mueller 2017-06-22 08:12:18 UTC 
Ah, sorry then. Feel free to ignore me.  I was lead by your comment "KVM fails when emulating "8b 00", which is "mov (%rax),%eax"". I searched for that instruction in comment #1 and found this line:
13:31:10 ERROR| TR =0000 0000000000000000 0000ffff 00008b00 DPL=0 TSS64-busy

Because mine looks very similar I assumed to have reasonably similar issue.


Regarding "-m 1" I actually wanted to invoke with "-m 1G" instead of "-m 1". Increasing memory does indeed make the error go away. I invoked

qemu-system-x86_64 -enable-kvm -name test -cpu host    -m 1G -realtime mlock=off  -no-user-config -nodefaults  -no-shutdown    -drive file=/var/tmp/ubuntu-16.04-server-cloudimg-amd64-disk2.img,format=qcow2,if=none,id=drive-virtio-disk1 -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x9,drive=drive-virtio-disk1,id=virtio-disk1,bootindex=1    -snapshot -serial mon:stdio

and it does indeed seem to work, i.e. the serial output on stdout indicates a booting image. The QEMU screen stays black though. Weird.
Again, sorry for the noise.
Comment 10 Paolo Bonzini 2017-06-23 12:40:29 UTC 
CCing Laszlo just to be safe, but I think the OVMF package here is too old.  These patches are missing:

https://www.mail-archive.com/edk2-devel@lists.01.org/msg19535.html

(and probably others).

Laszlo, this looks like the races that we found while working on S3.
Comment 11 Laszlo Ersek 2018-01-03 11:23:33 UTC 
(I haven't been ignoring this BZ -- Paolo meant to CC me in comment 10, but I think he must have forgotten about it ultimately. Also, the Assignee field is still set to Radim. I've just learned about this BZ from another topic.)

So, I suggest retrying with the latest OVMF build:

  OVMF-20171011-4.git92d07e48907f.el7.noarch

also using the latest qemu-kvm-rhev build (and Q35 machine type).

Thanks
Laszlo
Comment 12 Laszlo Ersek 2018-01-03 12:14:37 UTC 
Please also make sure you are not hitting bug 1348092.
Comment 13 Laszlo Ersek 2018-01-18 17:12:32 UTC 
This BZ has been stuck in NEEDINFO (with my request to retry with the latest virt components) for 15 days. At this stage, I agree with Paolo's assessment in comment 10, and state that the issue should be fixed at the latest with bug 1412313, hence with the RHEL-7.4 GA release (ovmf-20170228-5.gitc325e41585e3.el7).
Comment 14 juzhang 2018-01-18 22:56:32 UTC 
(In reply to Laszlo Ersek from comment #13)
> This BZ has been stuck in NEEDINFO (with my request to retry with the latest
> virt components) for 15 days. At this stage, I agree with Paolo's assessment
> in comment 10, and state that the issue should be fixed at the latest with
> bug 1412313, hence with the RHEL-7.4 GA release
> (ovmf-20170228-5.gitc325e41585e3.el7).

Ok, the original reproduce ratio is very low, QE will update the result once we hit again.

Best Regards,
Junyi