4 files changed, 740 insertions, 0 deletions

diff --git a/results/classifier/005/graphic/22219210 b/results/classifier/005/graphic/22219210
new file mode 100644
index 000000000..f05331491
--- /dev/null
+++ b/results/classifier/005/graphic/22219210
@@ -0,0 +1,51 @@
+graphic: 0.701
+device: 0.489
+mistranslation: 0.472
+semantic: 0.387
+other: 0.345
+network: 0.323
+instruction: 0.261
+socket: 0.244
+vnc: 0.204
+KVM: 0.099
+assembly: 0.078
+boot: 0.070
+
+[BUG][CPU hot-plug]CPU hot-plugs cause the qemu process to coredump
+
+Hello,Recently, when I was developing CPU hot-plugs under the loongarch
+architecture,
+I found that there was a problem with qemu cpu hot-plugs under x86
+architecture,
+which caused the qemu process coredump when repeatedly inserting and
+unplugging
+the CPU when the TCG was accelerated.
+
+
+The specific operation process is as follows:
+
+1.Use the following command to start the virtual machine
+
+qemu-system-x86_64 \
+-machine q35  \
+-cpu Broadwell-IBRS \
+-smp 1,maxcpus=4,sockets=4,cores=1,threads=1 \
+-m 4G \
+-drive file=~/anolis-8.8.qcow2  \
+-serial stdio   \
+-monitor telnet:localhost:4498,server,nowait
+
+
+2.Enter QEMU Monitor via telnet for repeated CPU insertion and unplugging
+
+telnet 127.0.0.1 4498
+(qemu) device_add
+Broadwell-IBRS-x86_64-cpu,socket-id=1,core-id=0,thread-id=0,id=cpu1
+(qemu) device_del cpu1
+(qemu) device_add
+Broadwell-IBRS-x86_64-cpu,socket-id=1,core-id=0,thread-id=0,id=cpu1
+3.You will notice that the QEMU process has a coredump
+
+# malloc(): unsorted double linked list corrupted
+Aborted (core dumped)
+
diff --git a/results/classifier/005/graphic/30680944 b/results/classifier/005/graphic/30680944
new file mode 100644
index 000000000..f0d07b115
--- /dev/null
+++ b/results/classifier/005/graphic/30680944
@@ -0,0 +1,603 @@
+graphic: 0.965
+semantic: 0.953
+other: 0.944
+assembly: 0.940
+device: 0.935
+instruction: 0.919
+socket: 0.864
+boot: 0.840
+vnc: 0.815
+network: 0.813
+mistranslation: 0.799
+KVM: 0.701
+
+[BUG]QEMU jump into interrupt when single-stepping on aarch64
+
+Dear, folks,
+
+I try to debug Linux kernel with QEMU in single-stepping mode on aarch64 
+platform,
+the added breakpoint hits but after I type `step`, the gdb always jumps into 
+interrupt.
+
+My env:
+
+        gdb-10.2
+        qemu-6.2.0
+        host kernel: 5.10.84
+        VM kernel: 5.10.84
+
+The steps to reproduce:
+        # host console: run a VM with only one core, the import arg: <qemu:arg 
+value='-s'/>
+        # details can be found here:
+https://www.redhat.com/en/blog/debugging-kernel-qemulibvirt
+virsh create dev_core0.xml
+        
+        # run gdb client
+        gdb ./vmlinux
+
+        # gdb client on host console
+        (gdb) dir 
+./usr/src/debug/kernel-5.10.84/linux-5.10.84-004.alpha.ali5000.alios7.aarch64
+        (gdb) target remote localhost:1234
+        (gdb) info b
+        Num     Type           Disp Enb Address            What
+        1       breakpoint     keep y   <MULTIPLE>
+        1.1                         y   0xffff800010361444 
+mm/memory-failure.c:1318
+        1.2                         y   0xffff800010361450 in memory_failure
+                                                   at mm/memory-failure.c:1488
+        (gdb) c
+        Continuing.
+
+        # console in VM, use madvise to inject a hwposion at virtual address 
+vaddr,
+        # which will hit the b inmemory_failur: madvise(vaddr, pagesize, 
+MADV_HWPOISON);
+        # and the VM pause
+        ./run_madvise.c
+
+        # gdb client on host console
+        (gdb)
+        Continuing.
+        Breakpoint 1, 0xffff800010361444 in memory_failure () at 
+mm/memory-failure.c:1318
+        1318                    res = -EHWPOISON;
+        (gdb) n
+        vectors () at arch/arm64/kernel/entry.S:552
+        552             kernel_ventry   1, irq                          // IRQ 
+EL1h
+        (gdb) n
+        (gdb) n
+        (gdb) n
+        (gdb) n
+        gic_handle_irq (regs=0xffff8000147c3b80) at 
+drivers/irqchip/irq-gic-v3.c:721
+        # after several step, I got the irqnr
+        (gdb) p irqnr
+        $5 = 8262
+
+Sometimes, the irqnr is 27， which is used for arch_timer.
+
+I was wondering do you have any comments on this? And feedback are welcomed.
+
+Thank you.
+
+Best Regards.
+Shuai
+
+On 4/6/22 09:30, Shuai Xue wrote:
+Dear, folks,
+
+I try to debug Linux kernel with QEMU in single-stepping mode on aarch64 
+platform,
+the added breakpoint hits but after I type `step`, the gdb always jumps into 
+interrupt.
+
+My env:
+
+        gdb-10.2
+        qemu-6.2.0
+        host kernel: 5.10.84
+        VM kernel: 5.10.84
+
+The steps to reproduce:
+        # host console: run a VM with only one core, the import arg: <qemu:arg 
+value='-s'/>
+        # details can be found here:
+https://www.redhat.com/en/blog/debugging-kernel-qemulibvirt
+virsh create dev_core0.xml
+        
+        # run gdb client
+        gdb ./vmlinux
+
+        # gdb client on host console
+        (gdb) dir 
+./usr/src/debug/kernel-5.10.84/linux-5.10.84-004.alpha.ali5000.alios7.aarch64
+        (gdb) target remote localhost:1234
+        (gdb) info b
+        Num     Type           Disp Enb Address            What
+        1       breakpoint     keep y   <MULTIPLE>
+        1.1                         y   0xffff800010361444 
+mm/memory-failure.c:1318
+        1.2                         y   0xffff800010361450 in memory_failure
+                                                    at mm/memory-failure.c:1488
+        (gdb) c
+        Continuing.
+
+        # console in VM, use madvise to inject a hwposion at virtual address 
+vaddr,
+        # which will hit the b inmemory_failur: madvise(vaddr, pagesize, 
+MADV_HWPOISON);
+        # and the VM pause
+        ./run_madvise.c
+
+        # gdb client on host console
+        (gdb)
+        Continuing.
+        Breakpoint 1, 0xffff800010361444 in memory_failure () at 
+mm/memory-failure.c:1318
+        1318                    res = -EHWPOISON;
+        (gdb) n
+        vectors () at arch/arm64/kernel/entry.S:552
+        552             kernel_ventry   1, irq                          // IRQ 
+EL1h
+The 'n' command is not a single-step: use stepi, which will suppress interrupts.
+Anyway, not a bug.
+
+r~
+
+在 2022/4/7 AM12:57, Richard Henderson 写道:
+>
+On 4/6/22 09:30, Shuai Xue wrote:
+>
+> Dear, folks,
+>
+>
+>
+> I try to debug Linux kernel with QEMU in single-stepping mode on aarch64
+>
+> platform,
+>
+> the added breakpoint hits but after I type `step`, the gdb always jumps into
+>
+> interrupt.
+>
+>
+>
+> My env:
+>
+>
+>
+>     gdb-10.2
+>
+>     qemu-6.2.0
+>
+>     host kernel: 5.10.84
+>
+>     VM kernel: 5.10.84
+>
+>
+>
+> The steps to reproduce:
+>
+>     # host console: run a VM with only one core, the import arg: <qemu:arg
+>
+> value='-s'/>
+>
+>     # details can be found here:
+>
+>
+https://www.redhat.com/en/blog/debugging-kernel-qemulibvirt
+>
+>     virsh create dev_core0.xml
+>
+>    Â
+>
+>     # run gdb client
+>
+>     gdb ./vmlinux
+>
+>
+>
+>     # gdb client on host console
+>
+>     (gdb) dir
+>
+> ./usr/src/debug/kernel-5.10.84/linux-5.10.84-004.alpha.ali5000.alios7.aarch64
+>
+>     (gdb) target remote localhost:1234
+>
+>     (gdb) info b
+>
+>     Num     Type           Disp Enb Address            What
+>
+>     1       breakpoint     keep y   <MULTIPLE>
+>
+>     1.1                         y   0xffff800010361444
+>
+> mm/memory-failure.c:1318
+>
+>     1.2                         y   0xffff800010361450 in memory_failure
+>
+>                                                     at
+>
+> mm/memory-failure.c:1488
+>
+>     (gdb) c
+>
+>     Continuing.
+>
+>
+>
+>     # console in VM, use madvise to inject a hwposion at virtual address
+>
+> vaddr,
+>
+>     # which will hit the b inmemory_failur: madvise(vaddr, pagesize,
+>
+> MADV_HWPOISON);
+>
+>     # and the VM pause
+>
+>     ./run_madvise.c
+>
+>
+>
+>     # gdb client on host console
+>
+>     (gdb)
+>
+>     Continuing.
+>
+>     Breakpoint 1, 0xffff800010361444 in memory_failure () at
+>
+> mm/memory-failure.c:1318
+>
+>     1318                    res = -EHWPOISON;
+>
+>     (gdb) n
+>
+>     vectors () at arch/arm64/kernel/entry.S:552
+>
+>     552             kernel_ventry   1, irq                          // IRQ
+>
+> EL1h
+>
+>
+The 'n' command is not a single-step: use stepi, which will suppress
+>
+interrupts.
+>
+Anyway, not a bug.
+>
+>
+r~
+Hi, Richard,
+
+Thank you for your quick reply, I also try `stepi`, but it does NOT work either.
+
+        (gdb) c
+        Continuing.
+
+        Breakpoint 1, memory_failure (pfn=1273982, flags=1) at 
+mm/memory-failure.c:1488
+        1488    {
+        (gdb) stepi
+        vectors () at arch/arm64/kernel/entry.S:552
+        552             kernel_ventry   1, irq                          // IRQ 
+EL1h
+
+According to QEMU doc[1]: the default single stepping behavior is step with the 
+IRQs
+and timer service routines off. I checked the MASK bits used to control the 
+single
+stepping IE on my machine as bellow:
+
+        # gdb client on host (x86 plafrom)
+        (gdb) maintenance packet qqemu.sstepbits
+        sending: "qqemu.sstepbits"
+        received: "ENABLE=1,NOIRQ=2,NOTIMER=4"
+
+The sstep MASK looks as expected, but does not work as expected.
+
+I also try the same kernel and qemu version on X86 platform:
+>
+>     gdb-10.2
+>
+>     qemu-6.2.0
+>
+>     host kernel: 5.10.84
+>
+>     VM kernel: 5.10.84
+The command `n` jumps to the next instruction.
+
+        # gdb client on host (x86 plafrom)
+        (gdb) b memory-failure.c:1488
+        Breakpoint 1, memory_failure (pfn=1128931, flags=1) at 
+mm/memory-failure.c:1488
+        1488    {
+        (gdb) n
+        1497            if (!sysctl_memory_failure_recovery)
+        (gdb) stepi
+        0xffffffff812efdbc      1497            if 
+(!sysctl_memory_failure_recovery)
+        (gdb) stepi
+        0xffffffff812efdbe      1497            if 
+(!sysctl_memory_failure_recovery)
+        (gdb) n
+        1500            p = pfn_to_online_page(pfn);
+        (gdb) l
+        1496
+        1497            if (!sysctl_memory_failure_recovery)
+        1498                    panic("Memory failure on page %lx", pfn);
+        1499
+        1500            p = pfn_to_online_page(pfn);
+        1501            if (!p) {
+
+Best Regrades,
+Shuai
+
+
+[1]
+https://github.com/qemu/qemu/blob/master/docs/system/gdb.rst
+
+在 2022/4/7 PM12:10, Shuai Xue 写道:
+>
+在 2022/4/7 AM12:57, Richard Henderson 写道:
+>
+> On 4/6/22 09:30, Shuai Xue wrote:
+>
+>> Dear, folks,
+>
+>>
+>
+>> I try to debug Linux kernel with QEMU in single-stepping mode on aarch64
+>
+>> platform,
+>
+>> the added breakpoint hits but after I type `step`, the gdb always jumps
+>
+>> into interrupt.
+>
+>>
+>
+>> My env:
+>
+>>
+>
+>>     gdb-10.2
+>
+>>     qemu-6.2.0
+>
+>>     host kernel: 5.10.84
+>
+>>     VM kernel: 5.10.84
+>
+>>
+>
+>> The steps to reproduce:
+>
+>>     # host console: run a VM with only one core, the import arg: <qemu:arg
+>
+>> value='-s'/>
+>
+>>     # details can be found here:
+>
+>>
+https://www.redhat.com/en/blog/debugging-kernel-qemulibvirt
+>
+>>     virsh create dev_core0.xml
+>
+>>    Â
+>
+>>     # run gdb client
+>
+>>     gdb ./vmlinux
+>
+>>
+>
+>>     # gdb client on host console
+>
+>>     (gdb) dir
+>
+>> ./usr/src/debug/kernel-5.10.84/linux-5.10.84-004.alpha.ali5000.alios7.aarch64
+>
+>>     (gdb) target remote localhost:1234
+>
+>>     (gdb) info b
+>
+>>     Num     Type           Disp Enb Address            What
+>
+>>     1       breakpoint     keep y   <MULTIPLE>
+>
+>>     1.1                         y   0xffff800010361444
+>
+>> mm/memory-failure.c:1318
+>
+>>     1.2                         y   0xffff800010361450 in memory_failure
+>
+>>                                                     at
+>
+>> mm/memory-failure.c:1488
+>
+>>     (gdb) c
+>
+>>     Continuing.
+>
+>>
+>
+>>     # console in VM, use madvise to inject a hwposion at virtual address
+>
+>> vaddr,
+>
+>>     # which will hit the b inmemory_failur: madvise(vaddr, pagesize,
+>
+>> MADV_HWPOISON);
+>
+>>     # and the VM pause
+>
+>>     ./run_madvise.c
+>
+>>
+>
+>>     # gdb client on host console
+>
+>>     (gdb)
+>
+>>     Continuing.
+>
+>>     Breakpoint 1, 0xffff800010361444 in memory_failure () at
+>
+>> mm/memory-failure.c:1318
+>
+>>     1318                    res = -EHWPOISON;
+>
+>>     (gdb) n
+>
+>>     vectors () at arch/arm64/kernel/entry.S:552
+>
+>>     552             kernel_ventry   1, irq                          // IRQ
+>
+>> EL1h
+>
+>
+>
+> The 'n' command is not a single-step: use stepi, which will suppress
+>
+> interrupts.
+>
+> Anyway, not a bug.
+>
+>
+>
+> r~
+>
+>
+Hi, Richard,
+>
+>
+Thank you for your quick reply, I also try `stepi`, but it does NOT work
+>
+either.
+>
+>
+(gdb) c
+>
+Continuing.
+>
+>
+Breakpoint 1, memory_failure (pfn=1273982, flags=1) at
+>
+mm/memory-failure.c:1488
+>
+1488    {
+>
+(gdb) stepi
+>
+vectors () at arch/arm64/kernel/entry.S:552
+>
+552             kernel_ventry   1, irq                          // IRQ
+>
+EL1h
+>
+>
+According to QEMU doc[1]: the default single stepping behavior is step with
+>
+the IRQs
+>
+and timer service routines off. I checked the MASK bits used to control the
+>
+single
+>
+stepping IE on my machine as bellow:
+>
+>
+# gdb client on host (x86 plafrom)
+>
+(gdb) maintenance packet qqemu.sstepbits
+>
+sending: "qqemu.sstepbits"
+>
+received: "ENABLE=1,NOIRQ=2,NOTIMER=4"
+>
+>
+The sstep MASK looks as expected, but does not work as expected.
+>
+>
+I also try the same kernel and qemu version on X86 platform:
+>
+>>     gdb-10.2
+>
+>>     qemu-6.2.0
+>
+>>     host kernel: 5.10.84
+>
+>>     VM kernel: 5.10.84
+>
+>
+>
+The command `n` jumps to the next instruction.
+>
+>
+# gdb client on host (x86 plafrom)
+>
+(gdb) b memory-failure.c:1488
+>
+Breakpoint 1, memory_failure (pfn=1128931, flags=1) at
+>
+mm/memory-failure.c:1488
+>
+1488    {
+>
+(gdb) n
+>
+1497            if (!sysctl_memory_failure_recovery)
+>
+(gdb) stepi
+>
+0xffffffff812efdbc      1497            if
+>
+(!sysctl_memory_failure_recovery)
+>
+(gdb) stepi
+>
+0xffffffff812efdbe      1497            if
+>
+(!sysctl_memory_failure_recovery)
+>
+(gdb) n
+>
+1500            p = pfn_to_online_page(pfn);
+>
+(gdb) l
+>
+1496
+>
+1497            if (!sysctl_memory_failure_recovery)
+>
+1498                    panic("Memory failure on page %lx", pfn);
+>
+1499
+>
+1500            p = pfn_to_online_page(pfn);
+>
+1501            if (!p) {
+>
+>
+Best Regrades,
+>
+Shuai
+>
+>
+>
+[1]
+https://github.com/qemu/qemu/blob/master/docs/system/gdb.rst
+Hi, Richard,
+
+I was wondering that do you have any comments to this?
+
+Best Regrades,
+Shuai
+
diff --git a/results/classifier/005/graphic/55961334 b/results/classifier/005/graphic/55961334
new file mode 100644
index 000000000..3bd906bbb
--- /dev/null
+++ b/results/classifier/005/graphic/55961334
@@ -0,0 +1,47 @@
+graphic: 0.909
+KVM: 0.881
+instruction: 0.803
+semantic: 0.775
+device: 0.764
+mistranslation: 0.718
+other: 0.715
+vnc: 0.709
+network: 0.697
+socket: 0.636
+boot: 0.569
+assembly: 0.395
+
+[Bug] "-ht" flag ignored under KVM - guest still reports HT
+
+Hi Community,
+We have observed that the 'ht' feature bit cannot be disabled when QEMU runs
+with KVM acceleration.
+qemu-system-x86_64 \
+  --enable-kvm \
+  -machine q35 \
+  -cpu host,-ht \
+  -smp 4 \
+  -m 4G \
+  -drive file=rootfs.img,format=raw \
+  -nographic \
+  -append 'console=ttyS0 root=/dev/sda rw'
+Because '-ht' is specified, the guest should expose no HT capability
+(cpuid.1.edx[28] = 0), and /proc/cpuinfo shouldn't show HT feature, but we still
+saw ht in linux guest when run 'cat /proc/cpuinfo'.
+XiaoYao mentioned that:
+
+It has been the behavior of QEMU since
+
+  commit 400281af34e5ee6aa9f5496b53d8f82c6fef9319
+  Author: Andre Przywara <andre.przywara@amd.com>
+  Date:   Wed Aug 19 15:42:42 2009 +0200
+
+    set CPUID bits to present cores and threads topology
+
+that we cannot remove HT CPUID bit from guest via "-cpu xxx,-ht" if the
+VM has >= 2 vcpus.
+I'd like to know whether there's a plan to address this issue, or if the current
+behaviour is considered acceptable.
+Best regards,
+Ewan.
+
diff --git a/results/classifier/005/graphic/73660729 b/results/classifier/005/graphic/73660729
new file mode 100644
index 000000000..37e839f99
--- /dev/null
+++ b/results/classifier/005/graphic/73660729
@@ -0,0 +1,39 @@
+graphic: 0.858
+instruction: 0.753
+semantic: 0.698
+device: 0.697
+mistranslation: 0.633
+other: 0.620
+network: 0.598
+socket: 0.556
+vnc: 0.467
+assembly: 0.393
+boot: 0.367
+KVM: 0.272
+
+[BUG]The latest qemu crashed when I tested cxl
+
+I test cxl with the patch:[v11,0/2] arm/virt:
+ CXL support via pxb_cxl.
+https://patchwork.kernel.org/project/cxl/cover/20220616141950.23374-1-Jonathan.Cameron@huawei.com/
+But the qemu crashed,and showing an error:
+qemu-system-aarch64: ../hw/arm/virt.c:1735: virt_get_high_memmap_enabled:
+ Assertion `ARRAY_SIZE(extended_memmap) - VIRT_LOWMEMMAP_LAST == ARRAY_SIZE(enabled_array)' failed.
+Then I modify the patch to fix the bug:
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index ea2413a0ba..3d4cee3491 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -1710,6 +1730,7 @@ static inline bool *virt_get_high_memmap_enabled(VirtMachineState
+ *vms,
+&vms->highmem_redists,
+&vms->highmem_ecam,
+&vms->highmem_mmio,
++ &vms->cxl_devices_state.is_enabled,
+};
+Now qemu works good.
+Could you tell me when the patch(
+arm/virt:
+ CXL support via pxb_cxl
+) will be merged into upstream?
+