On 08/14/2012 02:12 PM, Markus Armbruster wrote: > Avi Kivity <a...@redhat.com> writes: > >> On 08/14/2012 11:44 AM, Markus Armbruster wrote: > [...] >>> And another one: >>> >>> $ qemu-system-x86_64 -nodefaults --enable-kvm -vnc :0 -monitor >>> stdio -m 900k >>> QEMU 1.1.50 monitor - type 'help' for more information >>> (qemu) KVM internal error. Suberror: 1 >>> emulation failure >>> EAX=000fdb78 EBX=00000000 ECX=00000000 EDX=000fdb64 >>> ESI=00000000 EDI=000fdb64 EBP=00000000 ESP=00006f98 >>> EIP=000e3492 EFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 >>> ES =0010 00000000 ffffffff 00c09300 DPL=0 DS [-WA] >>> CS =0008 00000000 ffffffff 00c09b00 DPL=0 CS32 [-RA] >>> SS =0010 00000000 ffffffff 00c09300 DPL=0 DS [-WA] >>> DS =0010 00000000 ffffffff 00c09300 DPL=0 DS [-WA] >>> FS =0010 00000000 ffffffff 00c09300 DPL=0 DS [-WA] >>> GS =0010 00000000 ffffffff 00c09300 DPL=0 DS [-WA] >>> LDT=0000 00000000 0000ffff 00008200 DPL=0 LDT >>> TR =0000 00000000 0000ffff 00008b00 DPL=0 TSS32-busy >>> GDT= 000fcd68 00000037 >>> IDT= 000fdb60 00000000 >>> CR0=00000011 CR2=00000000 CR3=00000000 CR4=00000000 >>> DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 >>> DR3=0000000000000000 >>> DR6=00000000ffff0ff0 DR7=0000000000000400 >>> EFER=0000000000000000 >>> Code=00 00 b8 26 00 00 00 eb 95 83 c8 ff 83 c4 4c 5b 5e 5f 5d c3 >>> <57> 56 53 89 d6 39 c2 72 06 89 c7 f3 a4 eb 1b 8d 51 ff 01 d0 01 d6 >>> 89 cf 31 d2 eb 08 8a 1c >>> q >>> >> >> Not sure what's the problem. 57 is a push reg instruction which we >> ought to emulate fine. >> >> 900k is 0xe1000, just below eip, but we ought to execute just fine from >> unshadowed ROM. >> >> >>> Breakpoint on kvm_handle_internal_error() yields backtrace: >>> >>> #0 kvm_handle_internal_error (env=0x1389b30, run=0x7ffff7ffa000) >>> at /work/armbru/qemu/kvm-all.c:1424 >>> #1 0x0000000000674c5a in kvm_cpu_exec (env=0x1389b30) >>> at /work/armbru/qemu/kvm-all.c:1586 >>> #2 0x000000000060e0b4 in qemu_kvm_cpu_thread_fn (arg=0x1389b30) >>> at /work/armbru/qemu/cpus.c:757 >>> #3 0x0000003b0ea07d14 in start_thread () from /lib64/libpthread.so.0 >>> #4 0x0000003b0def197d in clone () from /lib64/libc.so.6 >>> >>> Also seen with 904k, 908k, 964k, 968k, 972k 976k, and a whole lot more. >> >> Same EIP in the dump with those? > > Offenders within 1s in range 868k..1028k step 4: > > 900 > EIP=000e3492 EFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 > 904 > EIP=000e3492 EFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 > 908 > EIP=000e3492 EFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 > 916 > EIP=000e570e EFL=00000012 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 > 964 > EIP=000f2b76 EFL=00000012 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 > 968 > EIP=000f2b76 EFL=00000012 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 > 972 > EIP=000fc6db EFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 > 976 > EIP=000fc6db EFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 > 980 > EIP=000fc6db EFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 > 984 > EIP=000fc6db EFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 > 988 > EIP=000fc6db EFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 > 992 > EIP=000fc6db EFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 > 996 > EIP=000fc6db EFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 > 1000 > EIP=000fc6db EFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 > 1004 > EIP=000fc6db EFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 > 1008 > EIP=000fc6db EFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 > 1012 > EIP=000fe69f EFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 > 1016 > EIP=000fe69f EFL=00000083 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0 > 1020 > EIP=0000f000 EFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 >
Seems like crash eip always > end of memory. It's the new flash firmware: it's set up as rom_device, and we can't execute from that (yet). There's a patchset to allow that, but it's not merged yet. If you set pc-sysfw.rom_only, it should work. -- error compiling committee.c: too many arguments to function
