qemu-kvm 0.12.1.2 crashes booting Ubuntu 9.10 with "-vga std"

Clarification: Qemu doesn't quite crash. The process is still running, and I can attach a VNC client (which gives me a black screen). It's just not DOING anything. I can get into the monitor, so if there's some diagnostic thing you'd like me to enter into the monitor, please let me know.

since this morning (probably since i installed kernel 2.6.32-12 in host and guest) the behavior changed.
the guest does not crash any more with 'unaligned pointer error' but gets into an endless loop when loading grub, see attachment

this happens only with '-vga std' option, standard cirrus emulation works fine.

sorry for the wrong attachment, here is the correct one

Confirmed, I'm seeing the same thing.

Since the last update, the behavior has changed for me and returned to the previous one.
No more boot-loop but instead unaligned pointer error, see screenshot. This happens immediately after Grub takes control (Grub loading).

Again, this happens only with '-vga std' option. Without vga-switch the virtual machine boots fine.

This is still the case with version 0.12.3. Crash when booting Ubuntu (after grub), but no crash with Windows.

still not resolved: guest=Ubuntu 10.10, host=Fedora14

crashes with -vga std or -vga vmware

works with -vga cirrus

PS: qemu-kvm -version = 0.13.0

PPS: Ubuntu 10.10 crashes also with qemu-kvm -vga qxl -spice ...

Some notes of interest:

- the unaligned pointer error also seems to happen in real systems with certain ATI cards.
- rebuilding grub with mm-debug makes Ubuntu boot without unaligned/out of range pointer messages with -vga std.
- adding debug messages (with grub_printf()) to grub memalign/free functions in kern/mm.c triggers other reported behaviors including the boot loop, and more worrisomely, KVM_INTERNAL_ERROR_EMULATION.

These results obtained with stock Ubuntu 10.10 grub2 in guest (1.98+20100804-5ubuntu3) and 3.1.6-1.fc16.x86_64 host.

see also http://bugs.debian.org/616487 and http://bugs.debian.org/653068 - it appears this prob happens with grub with qxl (spice) and vmware "adaptors"

and it still happens even in version 1.0

It turns out that my previous attempt to reproduce the vga crash using an image generated by grub-mkrescue (which is easier to work with than dealing with a full Ubuntu image) is invalid due to bad instrumentation in the "normal" module init and a stack overflow produced similar results including the boot loop and internal emulation error. It suggests, however, that the vga problem and other grub-related crashes are also caused by memory corruption in guest.

See also LP#717445:

 https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/717445

which is exactly the same issue but reported against grub. And I tend to think more and more it is a grub bug after all, not qemu/kvm/bios bug.

Yes, memory corruption in guest explains the unaligned/out of range pointer error (issued when grub2 releases a block of memory, and grub uses dynamic allocation quite a lot) and the boot loop. This corruption most likely originates in the vga code fixed in revision 2470 as reported in Bug #717445. So the real issue seems to be the crash in case of memory corruption instead of handling the issue in a more graceful way (for instance, no error is displayed if qemu/virt-manager is not launched from a terminal). Regardless of the circumstances that caused the kvm internal emulation error, I believe qemu should notify and recover instead of simply crash and burn.

Note: this is already marked as FIXME in kvm-all.c:

    if (run->internal.suberror == KVM_INTERNAL_ERROR_EMULATION) {
        fprintf(stderr, "emulation failure\n");
        if (!kvm_arch_stop_on_emulation_error(env)) {
            cpu_dump_state(env, stderr, fprintf, CPU_DUMP_CODE);
            return EXCP_INTERRUPT;
        }
    }
    /* FIXME: Should trigger a qmp message to let management know
     * something went wrong.
     */

Triaging old bug tickets ... can you still reproduce this problem with the latest version of QEMU (v2.8)?

There hasn't been a reply to my question in the last comment within months, so I assume nobody cares about this anymore. So I'm closing this ticket now...