TCG: 0.977
i386: 0.973
files: 0.842
x86: 0.782
device: 0.760
user-level: 0.743
graphic: 0.730
architecture: 0.713
socket: 0.633
performance: 0.629
PID: 0.606
register: 0.587
semantic: 0.561
network: 0.547
ppc: 0.545
permissions: 0.534
vnc: 0.505
boot: 0.464
kernel: 0.458
peripherals: 0.452
risc-v: 0.433
arm: 0.431
mistranslation: 0.399
hypervisor: 0.390
VMM: 0.343
virtual: 0.257
debug: 0.248
KVM: 0.233
assembly: 0.152
--------------------
i386: 0.980
TCG: 0.976
x86: 0.946
debug: 0.275
files: 0.104
register: 0.012
user-level: 0.011
hypervisor: 0.009
assembly: 0.008
virtual: 0.006
network: 0.006
PID: 0.006
kernel: 0.005
performance: 0.004
semantic: 0.004
device: 0.002
architecture: 0.001
graphic: 0.001
socket: 0.001
boot: 0.001
VMM: 0.001
peripherals: 0.000
permissions: 0.000
risc-v: 0.000
vnc: 0.000
ppc: 0.000
mistranslation: 0.000
KVM: 0.000
arm: 0.000

qemu commit 80422b0: tcg.c crash in temp_load

As discussed in #1803160 I'm opening a new ticket for the new bug.

QEMU version:
-------------

qemu from git, master branch commit 80422b00196a7af4c6efb628fae0ad8b644e98af

Summary:
--------

TCG crashes in i386 and x86_64 when it tries to execute some specific illegal instructions. When running full OS emulation, both the guest system and QEMU crash.

$ qemu-i386 tcg_crash1.elf
/home/alberto/Documents/qemu/tcg/tcg.c:2863: tcg fatal error
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
zsh: segmentation fault (core dumped) ./qemu/build/i386-linux-user/qemu-i386 tcg_crash1.elf

Invalid instructions:

f0 invalid
40 inc eax
a7 cmpsd dword [esi], dword ptr es:[edi]
48 dec eax

Testcase:
---------

Find ELF file attached.



(Still repros as of commit d37bfe142382fa82585.)


I've sent patch https://patchwork.ozlabs.org/patch/1068003/ to the list which fixes this. (There might be other failures to check for bogus LOCK prefixes elsewhere, though.)


The patch from comment #3 is now in git master and will be in the 4.0 release.