QEMU

qemu-system-sparc64 -M sun4v aborts on tribblix-sparc-0m16.iso

Bug #1699824 reported by Michal Nowak
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QEMU
Expired
Undecided
Unassigned

Bug Description

qemu-system-sparc64 qemu-2.9.0-3.10.x86_64 on openSUSE Leap 42.3 using 'sun4v' machine aborts with tribblix. With 2048 MB of RAM it takes considerably more time to abort (but the core is always truncated).

> qemu-system-sparc64 -m 1024 -cdrom tribblix-sparc-0m16.iso -boot d -nographic -M sun4v
qemu: fatal: Trap 0x0010 while trap level (6) >= MAXTL (6), Error state
pc: 0000000000000200 npc: 0000000000000204
%g0-3: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%g4-7: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%o0-3: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%o4-7: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%l0-3: 000000003ff00000 000001ff00000000 000001fff0080000 0000000000000000
%l4-7: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%i0-3: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%i4-7: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f24: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f32: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f40: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f48: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f56: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
pstate: 00000014 ccr: 44 (icc: -Z-- xcc: -Z--) asi: 00 tl: 6 pil: 0 gl: 8
tbr: 0000000000000000 hpstate: 0000000000000004 htba: 0000000000000000
cansave: 6 canrestore: 0 otherwin: 0 wstate: 0 cleanwin: 6 cwp: 7
fsr: 0000000000000000 y: 0000000000000000 fprs: 0000000000000000

Aborted (core dumped)

           PID: 26999 (qemu-system-spa)
           UID: 1000 (newman)
           GID: 100 (users)
        Signal: 6 (ABRT)
     Timestamp: Thu 2017-06-22 16:19:02 CEST (1min 5s ago)
  Command Line: qemu-system-sparc64 -m 1024 -cdrom tribblix-sparc-0m16.iso -boot d -nographic -M sun4v
    Executable: /usr/bin/qemu-system-sparc64
 Control Group: /
         Slice: -.slice
       Boot ID: aa7431274f854fb7a02a773eefa8a9bb
    Machine ID: 89c660865c00403a9bacef32b6828556
      Hostname: assam.suse.cz
      Coredump: /var/lib/systemd/coredump/core.qemu-system-spa.1000.aa7431274f854fb7a02a773eefa8a9bb.26999.1498141142000000.xz
       Message: Process 26999 (qemu-system-spa) of user 1000 dumped core.

(gdb) thread apply all bt full

Thread 4 (Thread 0x7f3896aca700 (LWP 27001)):
#0 0x00007f38bb983295 in do_futex_wait () at /lib64/libpthread.so.0
#1 0x00007f38bb983349 in __new_sem_wait_slow () at /lib64/libpthread.so.0
#2 0x00007f38bb9833f7 in sem_timedwait () at /lib64/libpthread.so.0
#3 0x00005599ec6a1147 in qemu_sem_timedwait (sem=sem@entry=0x5599ef168628, ms=ms@entry=10000) at util/qemu-thread-posix.c:255
        rc = <optimized out>
        ts = {tv_sec = 1498141152, tv_nsec = 280531000}
        __func__ = "qemu_sem_timedwait"
#4 0x00005599ec69c83c in worker_thread (opaque=0x5599ef1685c0) at util/thread-pool.c:92
        req = <optimized out>
        ret = <optimized out>
        pool = 0x5599ef1685c0
#5 0x00007f38bb97c744 in start_thread () at /lib64/libpthread.so.0
#6 0x00007f38b79bdd3d in clone () at /lib64/libc.so.6

Thread 3 (Thread 0x7f38bee01c40 (LWP 26999)):
#0 0x00007f38b79b555f in ppoll () at /lib64/libc.so.6
#1 0x00005599ec69d289 in ppoll (__ss=0x0, __timeout=0x7ffd1dcf2a20, __nfds=<optimized out>, __fds=<optimized out>) at /usr/include/bits/poll2.h:77
        ts = {tv_sec = 1, tv_nsec = 0}
Python Exception <class 'gdb.error'> That operation is not available on integers of more than 8 bytes.:
#2 0x00005599ec69d289 in qemu_poll_ns (fds=<optimized out>, nfds=<optimized out>, timeout=timeout@entry=1000000000) at util/qemu-timer.c:334
        ts = {tv_sec = 1, tv_nsec = 0}
Python Exception <class 'gdb.error'> That operation is not available on integers of more than 8 bytes.:
#3 0x00005599ec69dff8 in os_host_main_loop_wait (timeout=1000000000) at util/main-loop.c:255
        context = 0x5599ef147470
        ret = <optimized out>
        spin_counter = 0
        ret = -283872144
        timeout = 1000
#4 0x00005599ec69dff8 in main_loop_wait (nonblocking=<optimized out>) at util/main-loop.c:517
        ret = -283872144
        timeout = 1000
#5 0x00005599ec3c8c5f in main_loop () at vl.c:1900
        i = <optimized out>
        snapshot = <optimized out>
        linux_boot = <optimized out>
        initrd_filename = <optimized out>
        kernel_filename = <optimized out>
        kernel_cmdline = <optimized out>
        boot_order = <optimized out>
        boot_once = 0x0
        ds = <optimized out>
        cyls = <optimized out>
        heads = <optimized out>
        secs = <optimized out>
        translation = <optimized out>
        opts = <optimized out>
        hda_opts = <optimized out>
        icount_opts = <optimized out>
        accel_opts = <optimized out>
        olist = <optimized out>
        optind = 10
        optarg = 0x7ffd1dcf51d2 "sun4v"
        loadvm = <optimized out>
        machine_class = 0x5599ec6d6f6f
        cpu_model = <optimized out>
        vga_model = 0x5599ec6d6f81 "std"
        qtest_chrdev = <optimized out>
        qtest_log = <optimized out>
        pid_file = <optimized out>
        incoming = <optimized out>
        defconfig = <optimized out>
        userconfig = <optimized out>
        nographic = <optimized out>
        display_type = <optimized out>
        display_remote = <optimized out>
        log_mask = <optimized out>
        log_file = <optimized out>
        trace_file = <optimized out>
        maxram_size = <optimized out>
        ram_slots = <optimized out>
        vmstate_dump_file = <optimized out>
        main_loop_err = 0x0
        err = 0x0
        list_data_dirs = <optimized out>
        bdo_queue = {sqh_first = 0x0, sqh_last = 0x7ffd1dcf2ba0}
        rlimit_as = {rlim_cur = 18446744073709551615, rlim_max = 18446744073709551615}
        __func__ = "main"
        __FUNCTION__ = "main"
#6 0x00005599ec3c8c5f in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4730
        i = <optimized out>
        snapshot = <optimized out>
        linux_boot = <optimized out>
        initrd_filename = <optimized out>
        kernel_filename = <optimized out>
        kernel_cmdline = <optimized out>
        boot_order = <optimized out>
        boot_once = 0x0
        ds = <optimized out>
        cyls = <optimized out>
        heads = <optimized out>
        secs = <optimized out>
        translation = <optimized out>
        opts = <optimized out>
        hda_opts = <optimized out>
        icount_opts = <optimized out>
        accel_opts = <optimized out>
        olist = <optimized out>
        optind = 10
        optarg = 0x7ffd1dcf51d2 "sun4v"
        loadvm = <optimized out>
        machine_class = 0x5599ec6d6f6f
        cpu_model = <optimized out>
        vga_model = 0x5599ec6d6f81 "std"
        qtest_chrdev = <optimized out>
        qtest_log = <optimized out>
        pid_file = <optimized out>
        incoming = <optimized out>
        defconfig = <optimized out>
        userconfig = <optimized out>
        nographic = <optimized out>
        display_type = <optimized out>
        display_remote = <optimized out>
        log_mask = <optimized out>
        log_file = <optimized out>
        trace_file = <optimized out>
        maxram_size = <optimized out>
        ram_slots = <optimized out>
        vmstate_dump_file = <optimized out>
        main_loop_err = 0x0
        err = 0x0
        list_data_dirs = <optimized out>
        bdo_queue = {sqh_first = 0x0, sqh_last = 0x7ffd1dcf2ba0}
        rlimit_as = {rlim_cur = 18446744073709551615, rlim_max = 18446744073709551615}
        __func__ = "main"
        __FUNCTION__ = "main"

Thread 2 (Thread 0x7f38abf99700 (LWP 27000)):
#0 0x00007f38b79b98e9 in syscall () at /lib64/libc.so.6
#1 0x00005599ec6a12d6 in qemu_futex_wait (val=<optimized out>, f=<optimized out>) at /usr/src/debug/qemu-2.9.0/include/qemu/futex.h:26
        value = <optimized out>
#2 0x00005599ec6a12d6 in qemu_event_wait (ev=ev@entry=0x5599ed0f1e40 <rcu_gp_event>) at util/qemu-thread-posix.c:399
        value = <optimized out>
#3 0x00005599ec6b0a78 in wait_for_readers () at util/rcu.c:131
        qsreaders = {lh_first = 0x7f38abf99588}
        index = <optimized out>
        tmp = <optimized out>
#4 0x00005599ec6b0a78 in synchronize_rcu () at util/rcu.c:162
#5 0x00005599ec6b0c79 in call_rcu_thread (opaque=<optimized out>) at util/rcu.c:256
        tries = 0
        n = 565
        node = <optimized out>
#6 0x00007f38bb97c744 in start_thread () at /lib64/libpthread.so.0
#7 0x00007f38b79bdd3d in clone () at /lib64/libc.so.6

Thread 1 (Thread 0x7f38962c9700 (LWP 27002)):
#0 0x00007f38b79088d7 in raise () at /lib64/libc.so.6
#1 0x00007f38b7909caa in abort () at /lib64/libc.so.6
#2 0x00005599ec3d1125 in cpu_abort (cpu=cpu@entry=0x5599ef16f800, fmt=fmt@entry=0x5599ec6d3388 "Trap 0x%04x while trap level (%d) >= MAXTL (%d), Error state") at /usr/src/debug/qemu-2.9.0/exec.c:962
        ap = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7f38962c88b0, reg_save_area = 0x7f38962c87d0}}
        ap2 = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7f38962c88b0, reg_save_area = 0x7f38962c87d0}}
#3 0x00005599ec4790b8 in sparc_cpu_do_interrupt (cs=0x5599ef16f800) at /usr/src/debug/qemu-2.9.0/target/sparc/int64_helper.c:119
        cpu = 0x5599ef16f800
        __func__ = "sparc_cpu_do_interrupt"
        env = 0x5599ef177a98
        intno = 16
        tsptr = 0x6
#4 0x00005599ec3dcf54 in cpu_handle_exception (ret=<synthetic pointer>, cpu=0x5599ef12e000) at /usr/src/debug/qemu-2.9.0/cpu-exec.c:463
        cc = 0x5599ef12e000
        cc = <optimized out>
        __func__ = "cpu_exec"
        ret = <optimized out>
        sc = {diff_clk = 0, last_cpu_icount = 0, realtime_clock = <optimized out>}
        __FUNCTION__ = "cpu_exec"
#5 0x00005599ec3dcf54 in cpu_exec (cpu=cpu@entry=0x5599ef16f800) at /usr/src/debug/qemu-2.9.0/cpu-exec.c:668
        cc = <optimized out>
        __func__ = "cpu_exec"
        ret = <optimized out>
        sc = {diff_clk = 0, last_cpu_icount = 0, realtime_clock = <optimized out>}
        __FUNCTION__ = "cpu_exec"
#6 0x00005599ec40796d in tcg_cpu_exec (cpu=0x5599ef16f800) at /usr/src/debug/qemu-2.9.0/cpus.c:1260
        ret = <optimized out>
        r = -1775462656
        cpu = 0x5599ef16f800
#7 0x00005599ec40796d in qemu_tcg_rr_cpu_thread_fn (arg=<optimized out>) at /usr/src/debug/qemu-2.9.0/cpus.c:1355
        r = -1775462656
        cpu = 0x5599ef16f800
#8 0x00007f38bb97c744 in start_thread () at /lib64/libpthread.so.0
#9 0x00007f38b79bdd3d in clone () at /lib64/libc.so.6

Revision history for this message
Michal Nowak (michal-nowak-b) wrote :
Revision history for this message
Mark Cave-Ayland (mark-cave-ayland) wrote :

Hi Michal,

Currently the sun4v machine is still at an alpha stage. Artyom has made some good progress on the niagara machine which was merged for the 2.9 release and is able to run several OSs, so please try that and let us know how you get on.

Note that I generally try and keep the wiki page at http://wiki.qemu.org/Documentation/Platforms/SPARC up-to-date with the latest information so do have a look there to see examples of how to use the niagara machine.

ATB,

Mark.

Revision history for this message
Thomas Huth (th-huth) wrote :

The QEMU project is currently considering to move its bug tracking to another system. For this we need to know which bugs are still valid and which could be closed already. Thus we are setting older bugs to "Incomplete" now.
If you still think this bug report here is valid, then please switch the state back to "New" within the next 60 days, otherwise this report will be marked as "Expired". Thank you and sorry for the inconvenience.

Changed in qemu:
status: New → Incomplete
Revision history for this message
mike@papersolve.com (mike-papersolve) wrote :

Still occurs with latest qemu built as of today.
 ✘  ~/qemu  qemu-system-sparc64 -cdrom ./tribblix-sparc-0m16.iso -boot d -m 1024 -nographic -machine sun4v
qemu: fatal: Trap 0x0010 while trap level (6) >= MAXTL (6), Error state
pc: 0000000000000200 npc: 0000000000000204
%g0-3: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%g4-7: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%o0-3: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%o4-7: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%l0-3: 000000003ff00000 000001ff00000000 000001fff0080000 0000000000000000
%l4-7: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%i0-3: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%i4-7: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f24: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f32: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f40: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f48: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%f56: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
pstate: 00000014 ccr: 44 (icc: -Z-- xcc: -Z--) asi: 00 tl: 6 pil: 0 gl: 8
tbr: 0000000000000000 hpstate: 0000000000000004 htba: 0000000000000000
cansave: 6 canrestore: 0 otherwin: 0 wstate: 0 cleanwin: 6 cwp: 7
fsr: 0000000000000000 y: 0000000000000000 fprs: 0000000000000000

fish: “qemu-system-sparc64 -cdrom ./tr…” terminated by signal SIGABRT (Abort)

Changed in qemu:
status: Incomplete → Confirmed
Revision history for this message
Thomas Huth (th-huth) wrote : Moved bug report

This is an automated cleanup. This bug report has been moved to QEMU's
new bug tracker on gitlab.com and thus gets marked as 'expired' now.
Please continue with the discussion here:

 https://gitlab.com/qemu-project/qemu/-/issues/260

Changed in qemu:
status: Confirmed → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.