Since qemu 3.1, I get a VCPU shutdown request with more than 1 vCPU

[mifritscher]

Since qemu 3.1, I get a VCPU shutdown request with more than 1 vCPU

Summary:
Since qemu 3.1 (and HAXM 7.4.1), I get a VCPU shutdown request with more than 1 vCPU. Happens also with qemu 4.0 and HAXM 7.5.1.

Host Environment

• HAXM version: 7.5.1

• Host OS version: WIndows 7

• Host OS architecture: x86_64

• Host CPU model: Intel Core i7-6820HQ

• Host RAM size: 16 GB

• Host computer model: Dell Precision 7510

Guest Environment

• Android Emulator or QEMU version:

Qemu 4.0

• Guest OS version: Ubuntu 18.04.2

• Guest OS architecture: x86_64

To Reproduce

Steps to reproduce the behavior:

1. Start it with qemu-system-x86_64.exe -machine q35,accel=hax -m 1024 -smp 2
2. Also occours with qemu-system-x86_64.exe -machine q35,accel=hax -m 1024 -smp 2 -nodefaults
3. Bumm. In the "Not default case" it doesn't even initialize the Video BIOS.

Expected Behavior

Expectation: Qemu BIOS starts

Reproducibility

100%

Diagnostic Information

Host crash dump:

HAXM log:
haxm_error:gpa_space_map_range: start_gpa=0x40000000 is reserved for MMIO
haxm_error:gpa_space_map_page: gpa_space_map_range() returned -22
haxm_error:mmio_map_guest_virtual_page_slow: gpa_space_map_page() failed: vcpu_id=1, gva=0x40000a00, gpa=0x40000000
haxm_panic:vcpu_emulate_insn: mmio_fetch_instruction() failed: vcpu_id=1, gva=0x40000a00 (CS:IP=0x0:0x40000a00)
haxm_warning:4000 VMX_PIN_CONTROLS: 1f
haxm_warning:4002 VMX_PRIMARY_PROCESSOR_CONTROLS: 969861fe
haxm_warning:401e VMX_SECONDARY_PROCESSOR_CONTROLS: aa
haxm_warning:4004 VMX_EXCEPTION_BITMAP: 40000
haxm_warning:4006 VMX_PAGE_FAULT_ERROR_CODE_MASK: 0
haxm_warning:4008 VMX_PAGE_FAULT_ERROR_CODE_MATCH: 0
haxm_warning:400c VMX_EXIT_CONTROLS: 236fff
haxm_warning:400e VMX_EXIT_MSR_STORE_COUNT: 0
haxm_warning:4010 VMX_EXIT_MSR_LOAD_COUNT: 0
haxm_warning:4012 VMX_ENTRY_CONTROLS: 11ff
haxm_warning:4014 VMX_ENTRY_MSR_LOAD_COUNT: 0
haxm_warning:4016 VMX_ENTRY_INTERRUPT_INFO: 0
haxm_warning:4018 VMX_ENTRY_EXCEPTION_ERROR_CODE: 0
haxm_warning:401a VMX_ENTRY_INSTRUCTION_LENGTH: 0
haxm_warning:401c VMX_TPR_THRESHOLD: 0
haxm_warning:6000 VMX_CR0_MASK: ffffffffe0000020
haxm_warning:6002 VMX_CR4_MASK: ffffffffffc8f860
haxm_warning:6004 VMX_CR0_READ_SHADOW: 11
haxm_warning:6006 VMX_CR4_READ_SHADOW: 0
haxm_warning:400a VMX_CR3_TARGET_COUNT: 0
haxm_warning:6008 VMX_CR3_TARGET_VAL_BASE: 0
haxm_warning:0000 VMX_VPID: 2
haxm_warning:2000 VMX_IO_BITMAP_A: 47c18f000
haxm_warning:2002 VMX_IO_BITMAP_B: 47c188000
haxm_warning:2004 VMX_MSR_BITMAP: 47c167000
haxm_warning:2006 VMX_EXIT_MSR_STORE_ADDRESS: 0
haxm_warning:2008 VMX_EXIT_MSR_LOAD_ADDRESS: 0
haxm_warning:200a VMX_ENTRY_MSR_LOAD_ADDRESS: 0
haxm_warning:2010 VMX_TSC_OFFSET: ffff27ecc96160f2
haxm_warning:2012 VMX_VAPIC_PAGE: 0
haxm_warning:2014 VMX_APIC_ACCESS_PAGE: 0
haxm_warning:201a VMX_EPTP: 2403c701e
haxm_warning:482e VMX_PREEMPTION_TIMER: 0
haxm_warning:4400 VMX_INSTRUCTION_ERROR_CODE: 0
haxm_warning:4402 VM_EXIT_INFO_REASON: 30
haxm_warning:4404 VM_EXIT_INFO_INTERRUPT_INFO: 0
haxm_warning:4406 VM_EXIT_INFO_EXCEPTION_ERROR_CODE: 0
haxm_warning:4408 VM_EXIT_INFO_IDT_VECTORING: 0
haxm_warning:440a VM_EXIT_INFO_IDT_VECTORING_ERROR_CODE: 0
haxm_warning:440c VM_EXIT_INFO_INSTRUCTION_LENGTH: 1
haxm_warning:440e VM_EXIT_INFO_INSTRUCTION_INFO: 0
haxm_warning:6400 VM_EXIT_INFO_QUALIFICATION: 184
haxm_warning:6402 VM_EXIT_INFO_IO_ECX: 0
haxm_warning:6404 VM_EXIT_INFO_IO_ESI: 0
haxm_warning:6406 VM_EXIT_INFO_IO_EDI: 0
haxm_warning:6408 VM_EXIT_INFO_IO_EIP: ec0ab
haxm_warning:640a VM_EXIT_INFO_GUEST_LINEAR_ADDRESS: 40000a00
haxm_warning:2400 VM_EXIT_INFO_GUEST_PHYSICAL_ADDRESS: 40000a00
haxm_warning:6c16 HOST_RIP: fffff88024654a63
haxm_warning:6c14 HOST_RSP: fffff880311a9630
haxm_warning:6c00 HOST_CR0: 80050033
haxm_warning:6c02 HOST_CR3: 185916000
haxm_warning:6c04 HOST_CR4: 526f8
haxm_warning:0c02 HOST_CS_SELECTOR: 10
haxm_warning:0c06 HOST_DS_SELECTOR: 28
haxm_warning:0c00 HOST_ES_SELECTOR: 28
haxm_warning:0c08 HOST_FS_SELECTOR: 0
haxm_warning:0c0a HOST_GS_SELECTOR: 0
haxm_warning:0c04 HOST_SS_SELECTOR: 18
haxm_warning:0c0c HOST_TR_SELECTOR: 40
haxm_warning:6c06 HOST_FS_BASE: fffd7000
haxm_warning:6c08 HOST_GS_BASE: fffff80004c36000
haxm_warning:6c0a HOST_TR_BASE: fffff88003bcf000
haxm_warning:6c0c HOST_GDTR_BASE: fffff88003bd0000
haxm_warning:6c0e HOST_IDTR_BASE: fffff88003bce000
haxm_warning:4c00 HOST_SYSENTER_CS: 0
haxm_warning:6c10 HOST_SYSENTER_ESP: 0
haxm_warning:6c12 HOST_SYSENTER_EIP: 0
haxm_warning:681e GUEST_RIP: 40000a00
haxm_warning:6820 GUEST_RFLAGS: 10006
haxm_warning:681c GUEST_RSP: 6fc0
haxm_warning:6800 GUEST_CR0: 31
haxm_warning:6802 GUEST_CR3: 0
haxm_warning:6804 GUEST_CR4: 2040
haxm_warning:0800 GUEST_ES_SELECTOR: 10
haxm_warning:0802 GUEST_CS_SELECTOR: 8
haxm_warning:0804 GUEST_SS_SELECTOR: 10
haxm_warning:0806 GUEST_DS_SELECTOR: 10
haxm_warning:0808 GUEST_FS_SELECTOR: 10
haxm_warning:080a GUEST_GS_SELECTOR: 10
haxm_warning:080c GUEST_LDTR_SELECTOR: 0
haxm_warning:080e GUEST_TR_SELECTOR: 0
haxm_warning:4814 GUEST_ES_AR: c093
haxm_warning:4816 GUEST_CS_AR: c09b
haxm_warning:4818 GUEST_SS_AR: c093
haxm_warning:481a GUEST_DS_AR: c093
haxm_warning:481c GUEST_FS_AR: c093
haxm_warning:481e GUEST_GS_AR: c093
haxm_warning:4820 GUEST_LDTR_AR: 82
haxm_warning:4822 GUEST_TR_AR: 8b
haxm_warning:6806 GUEST_ES_BASE: 0
haxm_warning:6808 GUEST_CS_BASE: 0
haxm_warning:680a GUEST_SS_BASE: 0
haxm_warning:680c GUEST_DS_BASE: 0
haxm_warning:680e GUEST_FS_BASE: 0
haxm_warning:6810 GUEST_GS_BASE: 0
haxm_warning:6812 GUEST_LDTR_BASE: 0
haxm_warning:6814 GUEST_TR_BASE: 0
haxm_warning:6816 GUEST_GDTR_BASE: f60c0
haxm_warning:6818 GUEST_IDTR_BASE: f60fe
haxm_warning:4800 GUEST_ES_LIMIT: ffffffff
haxm_warning:4802 GUEST_CS_LIMIT: ffffffff
haxm_warning:4804 GUEST_SS_LIMIT: ffffffff
haxm_warning:4806 GUEST_DS_LIMIT: ffffffff
haxm_warning:4808 GUEST_FS_LIMIT: ffffffff
haxm_warning:480a GUEST_GS_LIMIT: ffffffff
haxm_warning:480c GUEST_LDTR_LIMIT: ffff
haxm_warning:480e GUEST_TR_LIMIT: ffff
haxm_warning:4810 GUEST_GDTR_LIMIT: 37
haxm_warning:4812 GUEST_IDTR_LIMIT: 0
haxm_warning:2800 GUEST_VMCS_LINK_PTR: ffffffffffffffff
haxm_warning:2802 GUEST_DEBUGCTL: 0
haxm_warning:2804 GUEST_PAT: 0
haxm_warning:2806 GUEST_EFER: 0
haxm_warning:2808 GUEST_PERF_GLOBAL_CTRL: 0
haxm_warning:280a GUEST_PDPTE0: 100000001
haxm_warning:280c GUEST_PDPTE1: 200000000
haxm_warning:280e GUEST_PDPTE2: 200000000
haxm_warning:2810 GUEST_PDPTE3: 6f800050018
haxm_warning:681a GUEST_DR7: 400
haxm_warning:6822 GUEST_PENDING_DBE: 0
haxm_warning:482a GUEST_SYSENTER_CS: 0
haxm_warning:6824 GUEST_SYSENTER_ESP: 0
haxm_warning:6826 GUEST_SYSENTER_EIP: 0
haxm_warning:4828 GUEST_SMBASE: 0
haxm_warning:4824 GUEST_INTERRUPTIBILITY: 0
haxm_warning:4826 GUEST_ACTIVITY_STATE: 0
haxm_error:vcpu has panicked, id:1
haxm_error:log_host_cr4_vmxe: 0
haxm_error:log_host_cr4 0
haxm_error:log_vmxon_res 0
haxm_error:log_vmxon_addr 47c15e000
haxm_error:log_vmxon_err_type1 0
haxm_error:log_vmxon_err_type2 0
haxm_error:log_vmxon_err_type3 0
haxm_error:log_vmclear_err 0
haxm_error:log_vmptrld_err 0
haxm_error:log_vmoff_no 0
haxm_error:log_vmxoff_res 0
haxm_error:vcpu has panicked, id:1
haxm_error:log_host_cr4_vmxe: 0
haxm_error:log_host_cr4 0
haxm_error:log_vmxon_res 0
haxm_error:log_vmxon_addr 47c15e000
haxm_error:log_vmxon_err_type1 0
haxm_error:log_vmxon_err_type2 0
haxm_error:log_vmxon_err_type3 0
haxm_error:log_vmclear_err 0
haxm_error:log_vmptrld_err 0
haxm_error:log_vmoff_no 0
haxm_error:log_vmxoff_res 0
haxm_error:vcpu has panicked, id:1
haxm_error:log_host_cr4_vmxe: 0
haxm_error:log_host_cr4 0
haxm_error:log_vmxon_res 0
haxm_error:log_vmxon_addr 47c13b000
haxm_error:log_vmxon_err_type1 0
haxm_error:log_vmxon_err_type2 0
haxm_error:log_vmxon_err_type3 0
haxm_error:log_vmclear_err 0
haxm_error:log_vmptrld_err 0
haxm_error:log_vmoff_no 0
haxm_error:log_vmxoff_res 0
haxm_error:vcpu has panicked, id:1
haxm_error:log_host_cr4_vmxe: 0
haxm_error:log_host_cr4 0
haxm_error:log_vmxon_res 0
haxm_error:log_vmxon_addr 47c13b000
haxm_error:log_vmxon_err_type1 0
haxm_error:log_vmxon_err_type2 0
haxm_error:log_vmxon_err_type3 0
haxm_error:log_vmclear_err 0
haxm_error:log_vmptrld_err 0
haxm_error:log_vmoff_no 0
haxm_error:log_vmxoff_res 0
haxm_error:vcpu has panicked, id:1
haxm_error:log_host_cr4_vmxe: 0
haxm_error:log_host_cr4 0
haxm_error:log_vmxon_res 0
haxm_error:log_vmxon_addr 47c13b000
haxm_error:log_vmxon_err_type1 0
haxm_error:log_vmxon_err_type2 0
haxm_error:log_vmxon_err_type3 0
haxm_error:log_vmclear_err 0
haxm_error:log_vmptrld_err 0
haxm_error:log_vmoff_no 0
haxm_error:log_vmxoff_res 0
haxm_error:vcpu has panicked, id:1
haxm_error:log_host_cr4_vmxe: 0
haxm_error:log_host_cr4 0
haxm_error:log_vmxon_res 0
haxm_error:log_vmxon_addr 47c13b000
haxm_error:log_vmxon_err_type1 0
haxm_error:log_vmxon_err_type2 0
haxm_error:log_vmxon_err_type3 0
haxm_error:log_vmclear_err 0
haxm_error:log_vmptrld_err 0
haxm_error:log_vmoff_no 0
haxm_error:log_vmxoff_res 0
haxm_error:
...........hax_teardown_vm

Android Emulator or QEMU log:
(only HAX is working and emulator runs in fast virt mode. and lots of VCPU shutdown requests)

Screenshots:

Additional context

I thought I had already create a bug report here (with haxm 7.4.1 & Qemu 3.1), and it started t happen at the first. 3.0.x after the 3.0.0 relaese, and the BIOS files were not the culprit. But I can't find the report anymore ...

[krytarowski]

Duplicate of #171

[HaHoYou]

The fix patch has been upstreamed to QEMU: 6f38dca615286796df9a967117f3ce42b918c8db. FYI, if you need higher version of qemu.