[regression] iPXE kills kvm with KVM: entry failed, hardware error 0x80000021

hmm, works when the host is running 3.5.0-12-generic #12-Ubuntu SMP Fri Aug 24 18:28:43
            fails with 3.5.0-13-generic #14-Ubuntu SMP Wed Aug 29 16:48:44

This looks like it's kernel not qemu:
works when the host is running 3.5.0-12-generic #12-Ubuntu SMP Fri Aug 24 18:28:43
            fails with 3.5.0-13-generic #14-Ubuntu SMP Wed Aug 29 16:48:44

Works correctly with the linux-headers-3.6.0-030600rc4_3.6.0-030600rc4.201209011435_all.deb kernel (3.6.0-030600rc4-generic #201209011435 SMP Sat Sep 1 18:36:00) from http://kernel.ubuntu.com/~kernel-ppa/mainline/

I picked this up when trying to run iscsi tests for beta-1 quantal

reverting to the previous kernel version fixed this problem.

For information I can reproduce this on demand using the scripts that I use for iscsi root testing.

I'd like to perform a "Reverse" bisect to identify the commit that fixed this bug in v3.6-rc4. Would it be possible for folks affected by this bug to assist in the reverse bisect by testing some kernels?

If so, we first need to identify which release candidate in v3.6 introduced the fix. If you can reproduce this bug, it would be great if you can test the following kernels and report back the first release candidate that fixes the bug:

v3.6-rc1: http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.6-rc1-quantal/
v3.6-rc2: http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.6-rc2-quantal/
v3.6-rc3: http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.6-rc3-quantal/

You will need to install both the linux-image and linux-image-extra .deb packages.

There no need to test all of those kernels, just up until you find the first one that does not have the bug.

Thanks in advance!

Joe - The big difference from 3.5.0-12 to 3.5.0-13 is the rebase from stable v3.5.2 to v3.5.3. These commits from v3.5.3 jump out at me as possible root cause:

KVM: VMX: Fix KVM_SET_SREGS with big real mode segments
KVM: x86 emulator: fix byte-sized MOVZX/MOVSX
KVM: VMX: Fix ds/es corruption on i386 with preemption
KVM: x86: apply kvmclock offset to guest wall clock time
KVM: PIC: call ack notifiers for irqs that are dropped form irr

Thanks, Tim.

Can folks first test the following two kernels instead of the one's mentioned in comment #7?

v3.5.2: http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.5.2-quantal/
v3.5.3: http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.5.3-quantal/

I can then build some test kernels if we find that the bug is fixed in v3.5.3.

I am seeing this same error message when I start kvm with an empty disk attached right when pxe kicks in. With kernel v3.6-rc3 it works fine, with v3.5.3it still fails.
I found a comment from the upstream developer at http://<email address hidden>/msg73419.html:
"We'll try to get emulate_invalid_guest_state=1 to be the default for 3.6."

3.6-rc3 indeed has emulate_invalid_guest_state enabled, with 3.5.3 and 3.5.0-13-generic it is disabled (as shown with cat /sys/module/kvm_intel/parameters/emulate_invalid_guest_state).
Unloading kvm_intel and reloading it with emulate_invalid_guest_state=y gives me a working kvm again, not crashing when pxe kicks in.

Dave, could you test if setting emulate_invalid_guest_state=y solves the issue for you too? (sudo rmmod kvm_intel and sudo modprobe kvm-intel emulate_invalid_guest_state=y)

If that works for Dave as well, I guess the winning upstream commit is "KVM: VMX: Emulate invalid guest state by default" (a27685c33a on main tree from kernel.org).

Albert:
  Still on 3.5.0-13, if I use the emulate_invalid_guest_state=y it does survive the iPXE boot,
although if I leave it to fall through iPXE to the DVD boot it fails differently below.

Dave

KVM internal error. Suberror: 1
emulation failure
EAX=00000000 EBX=0000a715 ECX=00000000 EDX=00004e8c
ESI=000057fc EDI=000058c8 EBP=00007b9e ESP=00007b9e
EIP=0000a72b EFL=00010046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 0000ffff 0000f300 DPL=3 DS16 [-WA]
CS =0020 00000000 ffffffff 00c09b00 DPL=0 CS32 [-RA]
SS =0000 00000000 0000ffff 0000f300 DPL=3 DS16 [-WA]
DS =0000 00000000 0000ffff 0000f300 DPL=3 DS16 [-WA]
FS =0000 00000000 00000000 00000000
GS =0000 00000000 00000000 00000000
LDT=0000 00000000 0000ffff 00008200 DPL=0 LDT
TR =0000 feffd000 00002088 00008b00 DPL=0 TSS32-busy
GDT= 0000aa80 0000002f
IDT= 000030b8 000007ff
CR0=00000011 CR2=00000000 CR3=00000000 CR4=00000000
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000000
Code=29 02 74 01 fb ff 55 2e 66 bb 26 9d eb 20 31 c0 8e e0 8e e8 <0f> 00 d0 b0 28 8e c0 8e d8 8e d0 b0 08 0f 00 d8 8b 25 bc ae 00 00 89 e8 ff e3 fa fc 89 25
qemu: terminating on signal 15 from pid 1699

Joseph:
  From comment #9
     3.5.2 version works
     3.5.3 fails

Dave

As both the error message and the commit message refer to "big real mode" I tried a locally build 3.5.3 kernel with commit "KVM: VMX: Fix KVM_SET_SREGS with big real mode segments" reverted.
With an unmodified local build 3.5.3 I could reproduce the original error.
With the local build 3.5.3 with the reverted commit the vm boots fine. It passes pxe and boots successfully from cdrom (server beta1 iso). Also the installed server boots fine with the revert.
NB: I left the module parameters at their default values, so especially emulate_invalid_guest_state=n for this test.

Thanks for testing, Dave. I will start a bisect between 3.5.2 and 3.5.3. I'll post a test kernel shortly.

I just re-read comment #13. I'll first build a Quantal test kernel with commit "KVM: VMX: Fix KVM_SET_SREGS with big real mode segments" reverted.

Thanks for finding that, Albert!

I'll post it shortly.

I built a Quantal test kernel with commit b398aa31 reverted. The kernel is available at:
http://people.canonical.com/~jsalisbury/lp1045027/

Can folks affected by this bug test that kernel, and post back if it fixes the issue or not?

Thanks in advance!

Hi Joseph,
  Linux major 3.5.0-15-generic #22~lp1045027v1 SMP Thu Sep 20 19:26:02 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

That seems to work; Thanks!

I guess one thought is that since 3.6-rc3 works fine, it would probably be better to pick whatever fixed it from the newer one.

Dave

linux-image-3.5.0-15-generic_3.5.0-15.22~lp1045027v1_amd64.deb works fine for me too.

Thanks for testing, Dave and Albert.

I'll take a look at the 3.5-rc3 changelog and see if I can spot the fix for this.

Just to confirm, can you test upstream v3.6-rc2[0], and confirm it has the bug. Then test v3.6-rc3[1] and confirm it is fixed?

If that is the case, I can perform a reverse bisect to identify the commit that fixes the bug.

[0] http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.6-rc2-quantal/
[1] http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.6-rc3-quantal/

nack - both 3.6.-rc2 and 3.6-rc3 work.

  Linux major 3.6.0-030600rc3-generic #201208221735 SMP Wed Aug 22 21:36:32 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
  Linux major 3.6.0-030600rc2-generic #201208161835 SMP Thu Aug 16 22:36:32 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Dave

and 3.6-rc1 is good as well:

Linux major 3.6.0-030600rc1-generic #201208022056 SMP Fri Aug 3 00:57:36 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Dave

@Dave,

Thanks for testing. That is an interesting test result, since the commit that causes this bug in v3.5.3 has also been applied against v3.6-rc1:

commit b246dd5df139501b974bd6b28f7815e53b3a792f
Author: Orit Wasserman <email address hidden>
Date: Thu May 31 14:49:22 2012 +0300

    KVM: VMX: Fix KVM_SET_SREGS with big real mode segments

However, this bug does not seem to happen in v3.6.

For completeness, can you test v3.5.4:

http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.5.4-quantal/

Yeh, already tested 3.5.4 - it's broken ( Linux major 3.5.4-030504-generic #201209142010 SMP Sat Sep 15 00:11:50 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux )

There are a heck of a lot of differences in the kvm code between 3.5.x and 3.6.x (about 400 patches from what I can see), so it's a bit of a big job to find it.

Dave

@Albert,

Can you also confirm that v3.6-rc2[0] and v3.6-rc1[1] do not have the bug?

[0] http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.6-rc1-quantal/
[1] http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.6-rc2-quantal/

removed tag, since was already accepted to series.

Joseph,

with default module parameters for 3.6, meaning emulate_invalid_guest_state=Y, both 3.6-rc1 and -rc2 are good.
However, with emulate_invalid_guest_state=N, like it is with 3.5 kernels, both rc1 and rc2 are bad. Also 3.6-rc7 from the mainline ppa is bad with this module parameter setting.
So I don't think there is currently a fix available for the quantal kernel where emulate_invalid_guest_state=N.

Upstream has provided some feedback. 3.6 has had a lot more (unbackportable) work in this area. Upstream will see if this can be fixed, if not, they will revert it.

Since an upstream fix is not scheduled to happen soon, a revert of commit b398aa31 will be requested for Quantal.

This bug was fixed in the package linux - 3.5.0-16.24

---------------
linux (3.5.0-16.24) quantal-proposed; urgency=low

  [ Andy Whitcroft ]

  * SAUCE: ata_piix: add a disable_driver option
    - LP: #994870

  [ Christian König ]

  * (pre-stable) drm/radeon: make 64bit fences more robust v3 (3.5 stable)
    - LP: #1029582

  [ David Henningsson ]

  * SAUCE: ALSA: hda - use both input paths on Conexant auto parser
    - LP: #1037642
  * SAUCE: ALSA: hda - fix control names for multiple speaker out on
    IDT/STAC
    - LP: #1046734

  [ Herton Ronaldo Krzesinski ]

  * SAUCE: ALSA: hda/via - don't report presence on HPs with no presence
    support
    - LP: #1052499
  * SAUCE: ext4: fix crash when accessing /proc/mounts concurrently
    - LP: #1053019
  * SAUCE: ALSA: hda/realtek - Fix detection of ALC271X codec
    - LP: #1006690

  [ Kyle Fazzari ]

  * SAUCE: input: Cypress PS/2 Trackpad fix disabling tap-to-click
    - LP: #1048816

  [ Leann Ogasawara ]

  * [Config] Disable CONFIG_DRM_AST
    - LP: #1053290

  [ Stefan Bader ]

  * [Config] Disable the Cirrus QEMU drm driver
    - LP: #1038055

  [ Upstream Kernel Changes ]

  * Revert "KVM: VMX: Fix KVM_SET_SREGS with big real mode segments"
    - LP: #1045027
  * x86, efi: Handover Protocol
  * drm/i915: HDMI - Clear Audio Enable bit for Hot Plug
    - LP: #1056729
  * UBUNTU SAUCE: apparmor: fix IRQ stack overflow
    - LP: #1056078
  * drm/nouveau: fix booting with plymouth + dumb support
    - LP: #1043518
  * ALSA: hda - Add DeviceID for Haswell HDA
    - LP: #1057698
  * ALSA: hda - add Haswell HDMI codec id
    - LP: #1057698
  * ALSA: hda - Fix driver type of Haswell controller to AZX_DRIVER_SCH
    - LP: #1057698
  * ALSA: hda_intel: Add Device IDs for Intel Lynx Point-LP PCH
    - LP: #1011438, #1057698

  [ Wang Xingchao ]

  * SAUCE: ALSA: hda - Add another pci id for Haswell board
    - LP: #1057698

  [ Wen-chien Jesse Sung ]

  * SAUCE: drm/i915: Explicitly disable RC6 for certain models
    - LP: #1002170, #1008867
 -- Leann Ogasawara <email address hidden> Thu, 27 Sep 2012 13:55:52 -0700

Looks good:

Linux major 3.5.0-16-generic #24-Ubuntu SMP Thu Sep 27 23:57:26 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Thanks all!

Dave

This bug can be reproduced in Raring (kernel: 3.8.0-6-generic ) on a Laptop with core duo processor T2300 (32-bit).

Hi GONG-Yi,
  I've just tested it on the same machine I originally reported this with and it seems fine to me; so whatever it is it seems like a separate variation; can you submit a new bug stating the version of linux, qemu and iPXE your using and including the log from /var/log/libvirt/qemu for your quest.

  Please add a comment here stating your new bug number.

I am not sure if this is caused by different CPU, I have almost exactly the same setting on another laptop (Thinkpad T61, CPU T7500 64-bit Ubuntu Raring), the KVM quest runs without any problems. But the same setting on the laptop with CPU T2300 32-bit Ubuntu Raring, KVM just pauses.

the following are the logs from the 32-bit T2300 laptop:
---------------------------------------------------------------------------------------

W: kvm binary is deprecated, please use qemu-system-x86_64 instead
char device redirected to /dev/pts/2
KVM: entry failed, hardware error 0x80000021

If you're running a guest on an Intel machine without unrestricted mode
support, the failure can be most likely due to the guest entering an invalid
state for Intel VT. For example, the guest maybe running in big real mode
which is not supported on less recent Intel processors.

EAX=00000000 EBX=00195e13 ECX=fffff000 EDX=fffff000
ESI=00000000 EDI=00000000 EBP=f71eaf44 ESP=f6c31f90
EIP=c1022487 EFL=00010246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =007b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA]
CS =0060 00000000 ffffffff 00c09b00 DPL=0 CS32 [-RA]
SS =0068 00000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =007b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA]
FS =00d8 35d5b000 ffffffff 00809300 DPL=0 DS16 [-WA]
GS =00e0 f71ef980 00000018 00409100 DPL=0 DS [--A]
LDT=0000 ffff0000 f0000fff 00f0ff00 DPL=3 CS64 [CRA]
TR =0080 f71ed7c0 0000206b 00008b00 DPL=0 TSS32-busy
GDT= f71e8000 000000ff
IDT= c13ec000 000007ff
CR0=8005003b CR2=ffffffff CR3=0149d000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000700000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000800
Code=ff ff 89 10 c3 8b 15 c8 42 3f c1 8d 84 10 00 c0 ff ff 8b 00 <c3> 8b 15 5c 3c 3f c1 53 89 c3 b8 30 00 00 00 ff 92 9c 00 00 00 3c 13 77 0c a1 e4 3e 42 c1
qemu: terminating on signal 15 from pid 2825
------------------------------------------------------------------------------------

Hi Gong-Yi,
  OK, as I say it's probably best to open as a new bug and then add the comment back here to state the bug number you got.
Also, is it happening when doing the same thing - i.e. when starting iPXE?

Reproduced in Quantal with the last kernel (3.5.0-30-generic):

2013-05-23 15:39:27.176+0000: starting up
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin QEMU_AUDIO_DRV=none /usr/bin/kvm-spice -name windows1 -S -M pc-1.2 -enable-kvm -m 3500
 -smp 2,sockets=2,cores=1,threads=1 -uuid d170225e-7367-4ece-4338-6b1811c10c0c -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/q
emu/windows1.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=localtime -no-shutdown -device piix3-usb-uhci,id=usb,bus=pci.0,addr
=0x1.0x2 -drive file=/srv/kvm/windows1.img,if=none,id=drive-ide0-0-0,format=qcow2 -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -d
rive file=/srv/iso/windows7ultimate.iso,if=none,id=drive-ide0-1-0,readonly=on,format=raw -device ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -netdev
 tap,fd=30,id=hostnet0,vhost=on,vhostfd=31 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:49:32:cc,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -d
evice isa-serial,chardev=charserial0,id=serial0 -device usb-tablet,id=input0 -vnc 127.0.0.1:0 -vga std -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4
char device redirected to /dev/pts/1
KVM: entry failed, hardware error 0x80000021

If you're running a guest on an Intel machine without unrestricted mode
support, the failure can be most likely due to the guest entering an invalid
state for Intel VT. For example, the guest maybe running in big real mode
which is not supported on less recent Intel processors.

EAX=00000010 EBX=00000080 ECX=00000000 EDX=00000080
ESI=0025da4a EDI=0007da4a EBP=00001f20 ESP=00000200
EIP=0000009b EFL=00000002 [-------] CPL=3 II=0 A20=1 SMM=0 HLT=0
ES =0020 00000200 0000ffff 00009300
CS =b000 002b0000 0000ffff 0000f300
SS =0020 00000200 0000ffff 0000f300
DS =0020 00000200 0000ffff 00009300
FS =0020 00000200 0000ffff 00009300
GS =0020 00000200 0000ffff 00009300
LDT=0000 00000000 0000ffff 00008200
TR =0000 00000000 0000ffff 00008b00
GDT= 002b0000 00000027
IDT= 00000000 000003ff
CR0=00000010 CR2=00000000 CR3=00000000 CR4=00000000
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000000
Code=02 00 00 ea 91 00 00 00 18 00 0f 20 c0 66 83 e0 fe 0f 22 c0 <66> 31 c0 8e d8 8e c0 8e d0 66 bc 00 04 00 00 8e e0 8e e8 ea 00 00 00 20 00 00 00 20 4a da

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

This bug still exists in 12.04.4