All of lore.kernel.org
 help / color / mirror / Atom feed
From: Launchpad Bug Tracker <1587211@bugs.launchpad.net>
To: qemu-devel@nongnu.org
Subject: [Bug 1587211] Re: qemu-system-i386/x86_64 crash with 1 MB guest RAM
Date: Tue, 22 Jun 2021 04:17:37 -0000	[thread overview]
Message-ID: <162433545745.20423.5867486727177771422.malone@loganberry.canonical.com> (raw)
In-Reply-To: 20160531022309.17459.89128.malonedeb@soybean.canonical.com

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1587211

Title:
  qemu-system-i386/x86_64 crash with 1 MB guest RAM

Status in QEMU:
  Expired

Bug description:
  When launching qemu-system-i386 or qemu-system-x86_64 with 1 MB of RAM
  allocated to the guest (-m 1) and no guest image specified, QEMU will
  crash while trying to "execute code outside of RAM or ROM" after
  approximately 10 minutes. I discovered this while using QEMU 2.5.0,
  but I verified that it also occurs with 2.5.1.1 and the latest source
  available in git (2.6.50, commit
  d6550e9ed2e1a60d889dfb721de00d9a4e3bafbe). I built all of these
  different versions of QEMU on the same 64-bit Ubuntu 14.04.3 host
  using the distro's default GCC 4.8.4.

  Two observations:

  1. This only occurs when allocating 1 MB of RAM to the guest. When I
  allocate 2 MB, this does not happen. I tried running both i386/x86_64
  QEMUs for hours with 2 MB and didn't observe this crash.

  2. This may be a SeaBIOS bug, as there is no guest code to execute.
  After enabling the SeaBIOS debug at the ISA 0x402 port and redirecting
  it to stdio, the last SeaBIOS state transition reported ("Booting from
  ROM... Booting from c980:0361") occurs immediately at QEMU startup
  with no further logging messages seen prior to the crash ten minutes
  later. My captured SeaBIOS debug output is here:
  http://pastebin.com/GXm2L44E

  To reproduce, use the following command lines:

  ./i386-softmmu/qemu-system-i386 -display none -m 1 -monitor stdio
  ./x86_64-softmmu/qemu-system-x86_64 -display none -m 1 -monitor stdio

  For both 32/64-bit QEMUs, the output is the same. After running for
  about 10 minutes (I've seen it take between 7m 15s (v2.5.1.1) to 10m
  25s (v2.6.50) of runtime to occur by using the "time" command), the
  following output is shown:

  --- OUTPUT BEGINS ---
  e1000: Reading register at offset: 0x00002410. It is not fully implemented.
  e1000: Reading register at offset: 0x00002410. It is not fully implemented.
  e1000: Reading register at offset: 0x00002410. It is not fully implemented.
  e1000: Reading register at offset: 0x00002410. It is not fully implemented.
  e1000: Reading register at offset: 0x00002418. It is not fully implemented.
  e1000: Reading register at offset: 0x00002418. It is not fully implemented.
  e1000: Reading register at offset: 0x00002418. It is not fully implemented.
  e1000: Reading register at offset: 0x00002418. It is not fully implemented.
  e1000: Reading register at offset: 0x00002420. It is not fully implemented.
  e1000: Reading register at offset: 0x00002420. It is not fully implemented.
  e1000: Reading register at offset: 0x00002420. It is not fully implemented.
  e1000: Reading register at offset: 0x00002420. It is not fully implemented.
  e1000: Reading register at offset: 0x00002428. It is not fully implemented.
  e1000: Reading register at offset: 0x00002428. It is not fully implemented.
  e1000: Reading register at offset: 0x00002428. It is not fully implemented.
  e1000: Reading register at offset: 0x00002428. It is not fully implemented.
  e1000: Reading register at offset: 0x00002430. It is not fully implemented.
  e1000: Reading register at offset: 0x00002430. It is not fully implemented.
  e1000: Reading register at offset: 0x00002430. It is not fully implemented.
  e1000: Reading register at offset: 0x00002430. It is not fully implemented.
  e1000: Reading register at offset: 0x00003410. It is not fully implemented.
  e1000: Reading register at offset: 0x00003410. It is not fully implemented.
  e1000: Reading register at offset: 0x00003410. It is not fully implemented.
  e1000: Reading register at offset: 0x00003410. It is not fully implemented.
  e1000: Reading register at offset: 0x00003418. It is not fully implemented.
  e1000: Reading register at offset: 0x00003418. It is not fully implemented.
  e1000: Reading register at offset: 0x00003418. It is not fully implemented.
  e1000: Reading register at offset: 0x00003418. It is not fully implemented.
  e1000: Reading register at offset: 0x00003420. It is not fully implemented.
  e1000: Reading register at offset: 0x00003420. It is not fully implemented.
  e1000: Reading register at offset: 0x00003420. It is not fully implemented.
  e1000: Reading register at offset: 0x00003420. It is not fully implemented.
  e1000: Reading register at offset: 0x00003428. It is not fully implemented.
  e1000: Reading register at offset: 0x00003428. It is not fully implemented.
  e1000: Reading register at offset: 0x00003428. It is not fully implemented.
  e1000: Reading register at offset: 0x00003428. It is not fully implemented.
  e1000: Reading register at offset: 0x00003430. It is not fully implemented.
  e1000: Reading register at offset: 0x00003430. It is not fully implemented.
  e1000: Reading register at offset: 0x00003430. It is not fully implemented.
  e1000: Reading register at offset: 0x00003430. It is not fully implemented.
  e1000: Reading register at offset: 0x00010000. It is not fully implemented.
  e1000: Reading register at offset: 0x00010000. It is not fully implemented.
  e1000: Reading register at offset: 0x00010000. It is not fully implemented.
  e1000: Reading register at offset: 0x00010000. It is not fully implemented.
  qemu: fatal: Trying to execute code outside RAM or ROM at 0x000a0063

  EAX=00100000 EBX=00000018 ECX=00002c06 EDX=0009cde0
  ESI=000caa20 EDI=00100000 EBP=ffffffff ESP=00007bcc
  EIP=000038e3 EFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
  ES =0000 00000000 ffffffff 00cf9300
  CS =9c78 0009c780 ffffffff 008f9b00
  SS =0000 00000000 ffffffff 008f9300
  DS =9cf3 0009cf30 ffffffff 00cf9300
  FS =0000 00000000 ffffffff 00cf9300
  GS =0000 00000000 ffffffff 00cf9300
  LDT=0000 00000000 0000ffff 00008200
  TR =0000 00000000 0000ffff 00008b00
  GDT=     00000000 00000000
  IDT=     00000000 000003ff
  CR0=00000010 CR2=00000000 CR3=00000000 CR4=00000000
  DR0=00000000 DR1=00000000 DR2=00000000 DR3=00000000 
  DR6=ffff0ff0 DR7=00000400
  CCS=000000c2 CCD=00002c06 CCO=CLR     
  EFER=0000000000000000
  FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
  FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
  FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
  FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
  FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
  XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
  XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
  XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
  XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
  --- OUTPUT ENDS ---

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1587211/+subscriptions


      parent reply	other threads:[~2021-06-22  5:07 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-05-31  2:23 [Qemu-devel] [Bug 1587211] [NEW] qemu-system-i386/x86_64 crash with 1 MB guest RAM Andrew Henderson
2016-05-31  2:40 ` [Qemu-devel] [Bug 1587211] " Andrew Henderson
2021-04-22  5:11 ` Thomas Huth
2021-06-22  4:17 ` Launchpad Bug Tracker [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=162433545745.20423.5867486727177771422.malone@loganberry.canonical.com \
    --to=1587211@bugs.launchpad.net \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.