[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Bug: QEMU segfault within vnc



Hi,

QEMU segfault while running a Xen guest, the guest is a WinXP.

To reproduce, I start the guest, I don't connect to vnc, and after
about 2min, QEMU segv. I think it's around the time it take for windows to
boot and reach the desktop.

The first commit where this happen is:
vnc: fix local state init
2e0c90af0a33451498d333d72c06e5429c7cd168

The backtrace associated with this commit:
#0  0x00007f8be2035680 in pixman_image_get_width () from 
/usr/lib/libpixman-1.so.0
#1  0x00005576b9cd1fc7 in vnc_refresh_server_surface (vd=0x7f8be2dd9010) at 
ui/vnc.c:2873
#2  0x00005576b9ccd413 in vnc_dpy_copy (dcl=0x7f8be2dd9048, src_x=116, 
src_y=379, dst_x=116, dst_y=367, w=16, h=3) at ui/vnc.c:934
#3  0x00005576b9cc1761 in dpy_gfx_copy (con=0x5576bccbbc50, src_x=116, 
src_y=379, dst_x=116, dst_y=367, w=16, h=3) at ui/console.c:1533
#4  0x00005576b9cc2b26 in qemu_console_copy (con=0x5576bccbbc50, src_x=116, 
src_y=379, dst_x=116, dst_y=367, w=16, h=3) at ui/console.c:2040
#5  0x00005576b9b9baf8 in cirrus_do_copy (s=0x5576bcb5a100, dst=1127772, 
src=1164636, w=16, h=3) at hw/display/cirrus_vga.c:772
#6  0x00005576b9b9bbcc in cirrus_bitblt_videotovideo_copy (s=0x5576bcb5a100) at 
hw/display/cirrus_vga.c:791
#7  0x00005576b9b9c0a1 in cirrus_bitblt_videotovideo (s=0x5576bcb5a100) at 
hw/display/cirrus_vga.c:913
#8  0x00005576b9b9c80f in cirrus_bitblt_start (s=0x5576bcb5a100) at 
hw/display/cirrus_vga.c:1054
#9  0x00005576b9b9c898 in cirrus_write_bitblt (s=0x5576bcb5a100, reg_value=2) 
at hw/display/cirrus_vga.c:1075
#10 0x00005576b9b9d588 in cirrus_vga_write_gr (s=0x5576bcb5a100, reg_index=49, 
reg_value=2) at hw/display/cirrus_vga.c:1577
#11 0x00005576b9b9de03 in cirrus_mmio_blt_write (s=0x5576bcb5a100, address=64, 
value=2 '\002') at hw/display/cirrus_vga.c:1931
#12 0x00005576b9b9e32b in cirrus_vga_mem_write (opaque=0x5576bcb5a100, 
addr=98368, mem_value=2, size=1) at hw/display/cirrus_vga.c:2099
#13 0x00005576b99e2bc5 in memory_region_write_accessor (mr=0x5576bcb6b0a0, 
addr=98368, value=0x7fff47d22618, size=1, shift=0, mask=255, attrs=...)
    at /root/work/qemu/memory.c:450
#14 0x00005576b99e2d64 in access_with_adjusted_size (addr=98368, 
value=0x7fff47d22618, size=1, access_size_min=1, access_size_max=1, 
    access=0x5576b99e2b54 <memory_region_write_accessor>, mr=0x5576bcb6b0a0, 
attrs=...) at /root/work/qemu/memory.c:506
#15 0x00005576b99e55cb in memory_region_dispatch_write (mr=0x5576bcb6b0a0, 
addr=98368, data=2, size=1, attrs=...) at /root/work/qemu/memory.c:1158
#16 0x00005576b999eba2 in address_space_rw (as=0x5576ba2a0ec0 
<address_space_memory>, addr=753728, attrs=..., buf=0x7fff47d22818 "\002", 
len=1, is_write=true)
    at /root/work/qemu/exec.c:2497
#17 0x00005576b999eed9 in cpu_physical_memory_rw (addr=753728, 
buf=0x7fff47d22818 "\002", len=1, is_write=1) at /root/work/qemu/exec.c:2580
#18 0x00005576b9a024b2 in rw_phys_req_item (addr=753728, req=0x7fff47d22810, 
i=0, val=0x7fff47d22818, rw=1) at /root/work/qemu/xen-hvm.c:797
#19 0x00005576b9a02520 in write_phys_req_item (addr=753728, req=0x7fff47d22810, 
i=0, val=0x7fff47d22818) at /root/work/qemu/xen-hvm.c:808
#20 0x00005576b9a0285c in cpu_ioreq_move (req=0x7fff47d22810) at 
/root/work/qemu/xen-hvm.c:862
#21 0x00005576b9a02cec in handle_ioreq (state=0x5576bb888960, 
req=0x7fff47d22810) at /root/work/qemu/xen-hvm.c:944
#22 0x00005576b9a02ffa in handle_buffered_iopage (state=0x5576bb888960) at 
/root/work/qemu/xen-hvm.c:1026
#23 0x00005576b9a030d1 in cpu_handle_ioreq (opaque=0x5576bb888960) at 
/root/work/qemu/xen-hvm.c:1052
#24 0x00005576b9d03123 in aio_dispatch (ctx=0x5576bb856470) at aio-posix.c:160
#25 0x00005576b9cf3421 in aio_ctx_dispatch (source=0x5576bb856470, 
callback=0x0, user_data=0x0) at async.c:226
#26 0x00007f8bdeb78dc7 in g_main_context_dispatch () from 
/usr/lib/libglib-2.0.so.0
#27 0x00005576b9d01805 in glib_pollfds_poll () at main-loop.c:211
#28 0x00005576b9d018e0 in os_host_main_loop_wait (timeout=477440) at 
main-loop.c:256
#29 0x00005576b9d0198d in main_loop_wait (nonblocking=0) at main-loop.c:504
#30 0x00005576b9ade524 in main_loop () at vl.c:1890
#31 0x00005576b9ae63f8 in main (argc=44, argv=0x7fff47d22df8, 
envp=0x7fff47d22f60) at vl.c:4644

QEMU also segfault if I connect briefly to VNC at guest boot time and
disconnect before it finishes booting.

You may find a report from osstest here:
http://lists.xen.org/archives/html/xen-devel/2015-11/msg02688.html

Thanks,

-- 
Anthony PERARD

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.