QEMU

qemu-system-arm snapshot loadvm core dumped

Bug #1739371 reported by Gustavo Moreira on 2017-12-20

This bug report is a duplicate of: Bug #1739378: migration state save/load of sdcard device is broken. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	QEMU	New	Undecided	Unassigned

Bug Description

Ubuntu Qemu is crashing trying to restore saved snapshot in qemu-system-arm.
I've tried different guests kernels, but I wasn't lucky with any of them.

The guest vm boots and I can use it normally. The issue is when I save the snapshot using "savevm Base0", "quit" and then I restore that snapshot using "-loadvm Base0" from the cmd line.

The only difference I've noticed is tweaking the guest memory:
* With -m 512 or 1024 it crashes as you can see below.
* With -m 2048 it doesn't crash, it restores the vm and I can see the screen as it was, but the OS is halted. And it's not just the keyboard. I've tried saving the snapshot while it's booting with lot of lines being printed on screen and after restoring it, the OS is frozen.

I also tried limiting the guest kernel memory using the mem parameter (mem=2048M) and disabling the kernel address space randomization (nokaslr) with the same results.

OS: Ubuntu 16.04.3 LTS (xenial)

$ qemu-system-arm --version
QEMU emulator version 2.5.0 (Debian 1:2.5+dfsg-5ubuntu10.16), Copyright (c) 2003-2008 Fabrice Bellard

$ qemu-system-arm -kernel kernel/vmlinuz-4.10.0-42-generic -initrd kernel/initrd.img-4.10.0-42-generic -M vexpress-a15 -m 512 -append 'root=/dev/mmcblk0 rootwait console=tty0' -sd vexpress-4G.qcow2 -dtb device-tree/vexpress-v2p-ca15-tc1.dtb -loadvm Base0
pulseaudio: set_sink_input_volume() failed
pulseaudio: Reason: Invalid argument
pulseaudio: set_sink_input_mute() failed
pulseaudio: Reason: Invalid argument
qemu: fatal: Trying to execute code outside RAM or ROM at 0xc0321568

R00=00000001 R01=00000000 R02=00000000 R03=c0321560
R04=c1500000 R05=c150529c R06=c1505234 R07=c14384d0
R08=00000000 R09=00000000 R10=c1501f50 R11=c1501f3c
R12=c1501f40 R13=c1501f30 R14=c030a184 R15=c0321568
PSR=60070093 -ZC- A S svc32
s00=6374652f s01=636f6c2f d00=636f6c2f6374652f
s02=7273752f s03=6962732f d01=6962732f7273752f
s04=6e612f6e s05=6f726361 d02=6f7263616e612f6e
s06=7c7c206e s07=63202820 d03=632028207c7c206e
s08=202f2064 s09=72202626 d04=72202626202f2064
s10=702d6e75 s11=73747261 d05=73747261702d6e75
s12=722d2d20 s13=726f7065 d06=726f7065722d2d20
s14=652f2074 s15=632f6374 d07=632f6374652f2074
s16=00000000 s17=00000000 d08=0000000000000000
s18=00000000 s19=00000000 d09=0000000000000000
s20=00000000 s21=00000000 d10=0000000000000000
s22=00000000 s23=00000000 d11=0000000000000000
s24=00000000 s25=00000000 d12=0000000000000000
s26=00000000 s27=00000000 d13=0000000000000000
s28=00000000 s29=00000000 d14=0000000000000000
s30=00000000 s31=00000000 d15=0000000000000000
s32=00000000 s33=00000000 d16=0000000000000000
s34=00000000 s35=00000000 d17=0000000000000000
s36=00000000 s37=00000000 d18=0000000000000000
s38=00000000 s39=00000000 d19=0000000000000000
s40=00000000 s41=00000000 d20=0000000000000000
s42=00000000 s43=00000000 d21=0000000000000000
s44=00000000 s45=00000000 d22=0000000000000000
s46=00000000 s47=00000000 d23=0000000000000000
s48=00000000 s49=00000000 d24=0000000000000000
s50=00000000 s51=00000000 d25=0000000000000000
s52=00000000 s53=00000000 d26=0000000000000000
s54=00000000 s55=00000000 d27=0000000000000000
s56=00000000 s57=00000000 d28=0000000000000000
s58=00000000 s59=00000000 d29=0000000000000000
s60=00000000 s61=00000000 d30=0000000000000000
s62=00000000 s63=00000000 d31=0000000000000000
FPSCR: 00000000
Aborted (core dumped)

As I said above, the same happens when -m 1024 is used.

I have a different issue when I use the qemu git master version, but I'm submiting a different ticket for that.

Cheers,
Gus

Tags:

Gustavo Moreira (gmoreira) on 2017-12-20

tags:	added: qemu-system-arm snapshot snapshots vexpress-a15
tags:	added: arm

Revision history for this message

Peter Maydell (pmaydell) wrote on 2017-12-20:

I suspect this is the same underlying state save/restore bug as your other LP:1739378 -- it's just that since 2.5.0 we've improved the error reporting for cases where the incoming migration state doesn't match what we're expecting, so we report an error message rather than just mangling the simulation state and causing the guest to crash on restart.

Revision history for this message

Gustavo Moreira (gmoreira) wrote on 2017-12-20: Re: [Bug 1739371] Re: qemu-system-arm snapshot loadvm core dumped

Download full text (4.7 KiB)

Thanks Peter for your prompt response.

I wonder if you have any plan of fixing it. Also if there is any workaround.

Is the bug limited to arm? Is there any main ticket where I can follow the
progress of this issue?

On Thu., 21 Dec. 2017, 2:50 am Peter Maydell, <email address hidden>
wrote:

Thanks Peter for your prompt response.

I wonder if you have any plan of fixing it. Also if there is any workaround.

Is the bug limited to arm? Is there any main ticket where I can follow the
progress of this issue?

On Thu., 21 Dec. 2017, 2:50 am Peter Maydell, <peter.maydell@linaro.org>
wrote:

> I suspect this is the same underlying state save/restore bug as your
> other LP:1739378 -- it's just that since 2.5.0 we've improved the error
> reporting for cases where the incoming migration state doesn't match
> what we're expecting, so we report an error message rather than just
> mangling the simulation state and causing the guest to crash on restart.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1739371
>
> Title:
>   qemu-system-arm snapshot loadvm core dumped
>
> Status in QEMU:
>   New
>
> Bug description:
>   Ubuntu Qemu is crashing trying to restore saved snapshot in
> qemu-system-arm.
>   I've tried different guests kernels, but I wasn't lucky with any of them.
>
>   The guest vm boots and I can use it normally. The issue is when I save
>   the snapshot using "savevm Base0", "quit" and then I restore that
>   snapshot using "-loadvm Base0" from the cmd line.
>
>   The only difference I've noticed is tweaking the guest memory:
>   * With -m 512 or 1024 it crashes as you can see below.
>   * With -m 2048 it doesn't crash, it restores the vm and I can see the
> screen as it was, but the OS is halted. And it's not just the keyboard.
> I've tried saving the snapshot while it's booting with lot of lines being
> printed on screen and after restoring it, the OS is frozen.
>
>   I also tried limiting the guest kernel memory using the mem parameter
>   (mem=2048M) and disabling the kernel address space randomization
>   (nokaslr) with the same results.
>
>   OS: Ubuntu 16.04.3 LTS (xenial)
>
>   $ qemu-system-arm --version
>   QEMU emulator version 2.5.0 (Debian 1:2.5+dfsg-5ubuntu10.16), Copyright
> (c) 2003-2008 Fabrice Bellard
>
>   $ qemu-system-arm -kernel kernel/vmlinuz-4.10.0-42-generic -initrd
> kernel/initrd.img-4.10.0-42-generic -M vexpress-a15 -m 512 -append
> 'root=/dev/mmcblk0 rootwait console=tty0' -sd vexpress-4G.qcow2 -dtb
> device-tree/vexpress-v2p-ca15-tc1.dtb  -loadvm Base0
>   pulseaudio: set_sink_input_volume() failed
>   pulseaudio: Reason: Invalid argument
>   pulseaudio: set_sink_input_mute() failed
>   pulseaudio: Reason: Invalid argument
>   qemu: fatal: Trying to execute code outside RAM or ROM at 0xc0321568
>
>   R00=00000001 R01=00000000 R02=00000000 R03=c0321560
>   R04=c1500000 R05=c150529c R06=c1505234 R07=c14384d0
>   R08=00000000 R09=00000000 R10=c1501f50 R11=c1501f3c
>   R12=c1501f40 R13=c1501f30 R14=c030a184 R15=c0321568
>   PSR=60070093 -ZC- A S svc32
>   s00=6374652f s01=636f6c2f d00=636f6c2f6374652f
>   s02=7273752f s03=6962732f d01=6962732f7273752f
>   s04=6e612f6e s05=6f726361 d02=6f7263616e612f6e
>   s06=7c7c206e s07=63202820 d03=632028207c7c206e
>   s08=202f2064 s09=72202626 d04=72202626202f2064
>   s10=702d6e75 s11=73747261 d05=73747261702d6e75
>   s12=722d2d20 s13=726f7065 d06=726f7065722d2d20
>   s14=652f2074 s15=632f6374 d07=632f6374652f2074
>   s16=00000000 s17=00000000 d08=0000000000000000
>   s18=00000000 s19=00000000 d09=0000000000000000
>   s20=00000000 s21=00000000 d10=0000000000000000
>   s22=00000000 s23=00000000 d11=0000000000000000
>   s24=00000000 s25=00000000 d12=0000000000000000
>   s26=00000000 s27=00000000 d13=0000000000000000
>   s28=00000000 s29=00000000 d14=0000000000000000
>   s30=00000000 s31=00000000 d15=0000000000000000
>   s32=00000000 s33=00000000 d16=0000000000000000
>   s34=00000000 s35=00000000 d17=0000000000000000
>   s36=00000000 s37=00000000 d18=0000000000000000
>   s38=00000000 s39=00000000 d19=0000000000000000
>   s40=00000000 s41=00000000 d20=0000000000000000
>   s42=00000000 s43=00000000 d21=0000000000000000
>   s44=00000000 s45=00000000 d22=0000000000000000
>   s46=00000000 s47=00000000 d23=0000000000000000
>   s48=00000000 s49=00000000 d24=0000000000000000
>   s50=00000000 s51=00000000 d25=0000000000000000
>   s52=00000000 s53=00000000 d26=0000000000000000
>   s54=00000000 s55=00000000 d27=0000000000000000
>   s56=00000000 s57=00000000 d28=0000000000000000
>   s58=00000000 s59=00000000 d29=0000000000000000
>   s60=00000000 s61=00000000 d30=0000000000000000
>   s62=00000000 s63=00000000 d31=0000000000000000
>   FPSCR: 00000000
>   Aborted (core dumped)
>
>   As I said above, the same happens when -m 1024 is used.
>
>   I have a different issue when I use the qemu git master version, but
>   I'm submiting a different ticket for that.
>
>   Cheers,
>   Gus
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1739371/+subscriptions
>

Revision history for this message

Peter Maydell (pmaydell) wrote on 2018-03-02:

I'm going to close this bug as a duplicate of #1739378 (as noted in my earlier comment).

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1739378 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.