Xen project Mailing List

[Xen-devel] Bug: QEMU segfault within vnc

To: QEMU-devel <qemu-devel@xxxxxxxxxx>, Xen Devel <xen-devel@xxxxxxxxxxxxx>

From: Anthony PERARD <anthony.perard@xxxxxxxxxx>

Date: Tue, 24 Nov 2015 17:36:40 +0000

Cc: Gerd Hoffmann <kraxel@xxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>

Delivery-date: Tue, 24 Nov 2015 17:37:06 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Hi, QEMU segfault while running a Xen guest, the guest is a WinXP. To reproduce, I start the guest, I don't connect to vnc, and after about 2min, QEMU segv. I think it's around the time it take for windows to boot and reach the desktop. The first commit where this happen is: vnc: fix local state init 2e0c90af0a33451498d333d72c06e5429c7cd168 The backtrace associated with this commit: #0 0x00007f8be2035680 in pixman_image_get_width () from /usr/lib/libpixman-1.so.0 #1 0x00005576b9cd1fc7 in vnc_refresh_server_surface (vd=0x7f8be2dd9010) at ui/vnc.c:2873 #2 0x00005576b9ccd413 in vnc_dpy_copy (dcl=0x7f8be2dd9048, src_x=116, src_y=379, dst_x=116, dst_y=367, w=16, h=3) at ui/vnc.c:934 #3 0x00005576b9cc1761 in dpy_gfx_copy (con=0x5576bccbbc50, src_x=116, src_y=379, dst_x=116, dst_y=367, w=16, h=3) at ui/console.c:1533 #4 0x00005576b9cc2b26 in qemu_console_copy (con=0x5576bccbbc50, src_x=116, src_y=379, dst_x=116, dst_y=367, w=16, h=3) at ui/console.c:2040 #5 0x00005576b9b9baf8 in cirrus_do_copy (s=0x5576bcb5a100, dst=1127772, src=1164636, w=16, h=3) at hw/display/cirrus_vga.c:772 #6 0x00005576b9b9bbcc in cirrus_bitblt_videotovideo_copy (s=0x5576bcb5a100) at hw/display/cirrus_vga.c:791 #7 0x00005576b9b9c0a1 in cirrus_bitblt_videotovideo (s=0x5576bcb5a100) at hw/display/cirrus_vga.c:913 #8 0x00005576b9b9c80f in cirrus_bitblt_start (s=0x5576bcb5a100) at hw/display/cirrus_vga.c:1054 #9 0x00005576b9b9c898 in cirrus_write_bitblt (s=0x5576bcb5a100, reg_value=2) at hw/display/cirrus_vga.c:1075 #10 0x00005576b9b9d588 in cirrus_vga_write_gr (s=0x5576bcb5a100, reg_index=49, reg_value=2) at hw/display/cirrus_vga.c:1577 #11 0x00005576b9b9de03 in cirrus_mmio_blt_write (s=0x5576bcb5a100, address=64, value=2 '\002') at hw/display/cirrus_vga.c:1931 #12 0x00005576b9b9e32b in cirrus_vga_mem_write (opaque=0x5576bcb5a100, addr=98368, mem_value=2, size=1) at hw/display/cirrus_vga.c:2099 #13 0x00005576b99e2bc5 in memory_region_write_accessor (mr=0x5576bcb6b0a0, addr=98368, value=0x7fff47d22618, size=1, shift=0, mask=255, attrs=...) at /root/work/qemu/memory.c:450 #14 0x00005576b99e2d64 in access_with_adjusted_size (addr=98368, value=0x7fff47d22618, size=1, access_size_min=1, access_size_max=1, access=0x5576b99e2b54 <memory_region_write_accessor>, mr=0x5576bcb6b0a0, attrs=...) at /root/work/qemu/memory.c:506 #15 0x00005576b99e55cb in memory_region_dispatch_write (mr=0x5576bcb6b0a0, addr=98368, data=2, size=1, attrs=...) at /root/work/qemu/memory.c:1158 #16 0x00005576b999eba2 in address_space_rw (as=0x5576ba2a0ec0 <address_space_memory>, addr=753728, attrs=..., buf=0x7fff47d22818 "\002", len=1, is_write=true) at /root/work/qemu/exec.c:2497 #17 0x00005576b999eed9 in cpu_physical_memory_rw (addr=753728, buf=0x7fff47d22818 "\002", len=1, is_write=1) at /root/work/qemu/exec.c:2580 #18 0x00005576b9a024b2 in rw_phys_req_item (addr=753728, req=0x7fff47d22810, i=0, val=0x7fff47d22818, rw=1) at /root/work/qemu/xen-hvm.c:797 #19 0x00005576b9a02520 in write_phys_req_item (addr=753728, req=0x7fff47d22810, i=0, val=0x7fff47d22818) at /root/work/qemu/xen-hvm.c:808 #20 0x00005576b9a0285c in cpu_ioreq_move (req=0x7fff47d22810) at /root/work/qemu/xen-hvm.c:862 #21 0x00005576b9a02cec in handle_ioreq (state=0x5576bb888960, req=0x7fff47d22810) at /root/work/qemu/xen-hvm.c:944 #22 0x00005576b9a02ffa in handle_buffered_iopage (state=0x5576bb888960) at /root/work/qemu/xen-hvm.c:1026 #23 0x00005576b9a030d1 in cpu_handle_ioreq (opaque=0x5576bb888960) at /root/work/qemu/xen-hvm.c:1052 #24 0x00005576b9d03123 in aio_dispatch (ctx=0x5576bb856470) at aio-posix.c:160 #25 0x00005576b9cf3421 in aio_ctx_dispatch (source=0x5576bb856470, callback=0x0, user_data=0x0) at async.c:226 #26 0x00007f8bdeb78dc7 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #27 0x00005576b9d01805 in glib_pollfds_poll () at main-loop.c:211 #28 0x00005576b9d018e0 in os_host_main_loop_wait (timeout=477440) at main-loop.c:256 #29 0x00005576b9d0198d in main_loop_wait (nonblocking=0) at main-loop.c:504 #30 0x00005576b9ade524 in main_loop () at vl.c:1890 #31 0x00005576b9ae63f8 in main (argc=44, argv=0x7fff47d22df8, envp=0x7fff47d22f60) at vl.c:4644 QEMU also segfault if I connect briefly to VNC at guest boot time and disconnect before it finishes booting. You may find a report from osstest here: http://lists.xen.org/archives/html/xen-devel/2015-11/msg02688.html Thanks, -- Anthony PERARD _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.