Bug 659196

Summary: KVM crashes inside gPXE after calling the video BIOS
Product: [Fedora] Fedora Reporter: H. Peter Anvin <hpa>
Component: qemuAssignee: Justin M. Forbes <jforbes>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 14CC: amit.shah, berrange, clalance, dwmw2, ehabkost, extras-orphan, gcosta, itamar, jaswinder, jforbes, knoel, markmc, notting, ondrejj, quintela, scottt.tw, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-09 21:33:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description H. Peter Anvin 2010-12-02 06:22:01 UTC 
Description of problem:

KVM crashes during initialization on one specific system.

The failure happens inside an expansion ROM immediately upon return from INT 10h:

QEMU 0.13.0 monitor - type 'help' for more information
(qemu) KVM internal error. Suberror: 2
extra data[0]: 80000010
extra data[1]: 80000b0d
EAX=00000e0a EBX=00000007 ECX=00000000 EDX=0000ffff
ESI=000002ce EDI=00000000 EBP=00000000 ESP=00006e70
EIP=000004a7 EFL=00010002 [-------] CPL=3 II=0 A20=1 SMM=0 HLT=0
ES =f000 000f0000 0000ffff 0000f300
CS =ca00 000ca000 0000ffff 0000f300
SS =0000 00000000 0000ffff 0000f300
DS =ca00 000ca000 0000ffff 0000f300
FS =0000 00000000 0000ffff 0000f300
GS =ffff 000ffff0 0000ffff 0000f300
LDT=0000 00000000 0000ffff 00008200
TR =0000 feffd000 00002088 00008b00
GDT=     000f7240 00000037
IDT=     00000000 000003ff
CR0=00000010 CR2=00000000 CR3=00000000 CR4=00000000
DR0=00000000 DR1=00000000 DR2=00000000 DR3=00000000 
DR6=ffff0ff0 DR7=00000400
EFER=0000000000000000

A memory dump of the 0xca000 segment shows:

00000490  50                push ax
00000491  53                push bx
00000492  55                push bp
00000493  85FF              test di,di
00000495  7405              jz 0x49c
00000497  8805              mov [di],al
00000499  47                inc di
0000049A  EB0F              jmp short 0x4ab
0000049C  BB0700            mov bx,0x7
0000049F  B40E              mov ah,0xe
000004A1  3C0A              cmp al,0xa
000004A3  7504              jnz 0x4a9
000004A5  CD10              int 0x10
000004A7  B00D              mov al,0xd    <--- crash here
000004A9  CD10              int 0x10
000004AB  5D                pop bp
000004AC  5B                pop bx
000004AD  58                pop ax
000004AE  C3                ret


Version-Release number of selected component (if applicable):

kernel-2.6.35.6-48.fc14.x86_64
qemu-common-0.13.0-1.fc14.x86_64
qemu-system-x86-0.13.0-1.fc14.x86_64
gpxe-roms-qemu-1.0.1-1.fc14.noarch
seabios-bin-0.6.0-1.fc14.noarch
vgabios-0.6c-2.fc14.noarch


How reproducible:

This is 100% reproducible on this one system.  KVM worked once upon a time on this system (and I used it regularly), I'm not sure, however, when it started to break.

This is a fairly early Nehalem system, but with the latest production BIOS.

processor       : 0..7
vendor_id       : GenuineIntel
cpu family      : 6
model           : 26
model name      : Genuine Intel(R) CPU           @ 0000 @ 2.93GHz
stepping        : 2
cpu MHz         : 1596.000
cache size      : 8192 KB
physical id     : 0
siblings        : 8
core id         : 0
cpu cores       : 4
apicid          : 0
initial apicid  : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 11
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm dca sse4_1 sse4_2 x2apic popcnt lahf_lm ida tpr_shadow vnmi flexpriority ept vpid
bogomips        : 5945.51
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:


Steps to Reproduce:
1. Run any VM.
2. Failure during initialization as shown above.
Comment 1 H. Peter Anvin 2010-12-09 21:33:56 UTC 
I'm a doofus; I forgot I had already reported this once.

*** This bug has been marked as a duplicate of bug 639208 ***