All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Pavel Dovgalyuk" <dovgaluk@ispras.ru>
To: qemu-devel@nongnu.org
Cc: pbonzini@redhat.com, peter.maydell@linaro.org,
	'Pavel Dovgalyuk' <pavel.dovgaluk@ispras.ru>
Subject: Re: [Qemu-devel] qemu-2.8-rc4 is broken
Date: Tue, 20 Dec 2016 10:45:44 +0300	[thread overview]
Message-ID: <000601d25a95$12b1b9f0$38152dd0$@ru> (raw)
In-Reply-To: <000301d259dc$f9d097c0$ed71c740$@ru>

It also fails much earlier when I enable logs with "-d int -D log".

Here is backtrace for this failure:

 

#0  0x0000000076e79e52 in ntdll!EtwpCreateEtwThread ()

   from /c/Windows/SYSTEM32/ntdll.dll

#1  0x0000000076e56965 in ntdll!EtwEventSetInformation ()

   from /c/Windows/SYSTEM32/ntdll.dll

#2  0x0000000076e942d9 in ntdll!RtlLogStackBackTrace ()

   from /c/Windows/SYSTEM32/ntdll.dll

#3  0x0000000076e3797c in ntdll!TpAlpcRegisterCompletionList ()

   from /c/Windows/SYSTEM32/ntdll.dll

#4  0x000007fefdc810c8 in msvcrt!free () from /c/Windows/system32/msvcrt.dll

#5  0x000000000040b6b4 in invalidate_page_bitmap (p=0x10c33498, p=0x10c33498)

    at D:/Projects/QEMU/qemu/translate-all.c:880

#6  page_flush_tb_1 (level=level@entry=0, lp=0x54f4fb0)

    at D:/Projects/QEMU/qemu/translate-all.c:899

#7  0x000000000040b6ee in page_flush_tb_1 (level=1, lp=0xac8ac0 <l1_map>)

    at D:/Projects/QEMU/qemu/translate-all.c:905

#8  0x000000000040b7b3 in page_flush_tb ()

    at D:/Projects/QEMU/qemu/translate-all.c:915

#9  do_tb_flush (cpu=<optimized out>, tb_flush_count=...)

    at D:/Projects/QEMU/qemu/translate-all.c:953

#10 0x0000000000519ac1 in process_queued_cpu_work (cpu=0x5412fd0)

    at cpus-common.c:338

#11 0x0000000000439761 in qemu_wait_io_event_common (cpu=0x5412fd0)

    at D:/Projects/QEMU/qemu/cpus.c:942

#12 qemu_tcg_wait_io_event (cpu=<optimized out>)

    at D:/Projects/QEMU/qemu/cpus.c:957

#13 qemu_tcg_cpu_thread_fn (arg=arg@entry=0x5412fd0)

    at D:/Projects/QEMU/qemu/cpus.c:1216

#14 0x000000000072c285 in win32_start_routine (arg=0x543ba70)

    at util/qemu-thread-win32.c:406

#15 0x000007fefdc8415f in srand () from /c/Windows/system32/msvcrt.dll

#16 0x000007fefdc86ebd in msvcrt!_ftime64_s ()

   from /c/Windows/system32/msvcrt.dll

#17 0x0000000076cc59cd in KERNEL32!BaseThreadInitThunk ()

   from /c/Windows/system32/kernel32.dll

#18 0x0000000076dfa561 in ntdll!RtlUserThreadStart ()

   from /c/Windows/SYSTEM32/ntdll.dll

#19 0x0000000000000000 in ?? ()

 

 

 

Another example of backtrace is the following:

 

#0  0x0000000076e8f3b0 in ntdll!RtlUnhandledExceptionFilter ()

   from /c/Windows/SYSTEM32/ntdll.dll

#1  0x0000000076e8f9c6 in ntdll!EtwEnumerateProcessRegGuids ()

   from /c/Windows/SYSTEM32/ntdll.dll

#2  0x0000000076e90592 in ntdll!RtlQueryProcessLockInformation ()

   from /c/Windows/SYSTEM32/ntdll.dll

#3  0x0000000076e92204 in ntdll!RtlLogStackBackTrace ()

   from /c/Windows/SYSTEM32/ntdll.dll

#4  0x0000000076e2d21c in ntdll!RtlIsDosDeviceName_U ()

   from /c/Windows/SYSTEM32/ntdll.dll

#5  0x000007fefdc810c8 in msvcrt!free () from /c/Windows/system32/msvcrt.dll

#6  0x000000000040c57d in invalidate_page_bitmap (p=<optimized out>,

    p=<optimized out>) at D:/Projects/QEMU/qemu/translate-all.c:880

#7  tb_invalidate_phys_page_range (start=826113, end=end@entry=826116,

    is_cpu_write_access=is_cpu_write_access@entry=0)

    at D:/Projects/QEMU/qemu/translate-all.c:1526

#8  0x000000000040c5ed in tb_invalidate_phys_range_1 (end=826116,

    start=<optimized out>) at D:/Projects/QEMU/qemu/translate-all.c:1413

#9  tb_invalidate_phys_range (start=start@entry=826113, end=end@entry=826116)

    at D:/Projects/QEMU/qemu/translate-all.c:1423

#10 0x0000000000402e5f in invalidate_and_set_dirty (mr=mr@entry=0x53fe980,

    addr=<optimized out>, length=<optimized out>)

    at D:/Projects/QEMU/qemu/exec.c:2511

#11 0x0000000000406af7 in cpu_physical_memory_write_rom_internal (

    type=WRITE_DATA, len=3, buf=0x22f141 "", addr=826113,

    as=0xab4280 <address_space_memory>) at D:/Projects/QEMU/qemu/exec.c:2795

#12 cpu_physical_memory_write_rom (as=0xab4280 <address_space_memory>,

    addr=<optimized out>, buf=<optimized out>, len=<optimized out>)

    at D:/Projects/QEMU/qemu/exec.c:2813

#13 0x0000000000470a35 in apic_sync_vapic (s=s@entry=0x507f0a0,

    sync_type=sync_type@entry=4) at D:/Projects/QEMU/qemu/hw/intc/apic.c:125

#14 0x000000000047163e in apic_set_irq (s=0x507f0a0,

    vector_num=<optimized out>, trigger_mode=0)

    at D:/Projects/QEMU/qemu/hw/intc/apic.c:396

#15 0x0000000000471aa3 in apic_bus_deliver (deliver_bitmask=<optimized out>,

    delivery_mode=<optimized out>, vector_num=<optimized out>,

    trigger_mode=<optimized out>) at D:/Projects/QEMU/qemu/hw/intc/apic.c:234

#16 0x0000000000471b1e in apic_deliver_irq (dest=1 '\001',

    dest_mode=1 '\001', delivery_mode=1 '\001', vector_num=163 '\243',

    trigger_mode=0 '\000') at D:/Projects/QEMU/qemu/hw/intc/apic.c:284

#17 0x0000000000471bf2 in apic_send_msi (msi=msi@entry=0x22f320)

    at D:/Projects/QEMU/qemu/hw/intc/apic.c:753

#18 0x0000000000471f76 in apic_mem_writel (opaque=<optimized out>, addr=4100,

    val=419) at D:/Projects/QEMU/qemu/hw/intc/apic.c:768

#19 0x000000000044bcbd in memory_region_oldmmio_write_accessor (mr=0x507f110,

    addr=4100, value=<optimized out>, size=4, shift=0, mask=4294967295,

    attrs=...) at D:/Projects/QEMU/qemu/memory.c:500

#20 0x0000000000448576 in access_with_adjusted_size (addr=addr@entry=4100,

    value=value@entry=0x22f620, size=size@entry=4,

    access_size_min=access_size_min@entry=1,

    access_size_max=access_size_max@entry=4,

    access=access@entry=0x44bc20 <memory_region_oldmmio_write_accessor>,

    mr=mr@entry=0x507f110, attrs=attrs@entry=...)

    at D:/Projects/QEMU/qemu/memory.c:592

#21 0x000000000044cdae in memory_region_dispatch_write (mr=<optimized out>,

    mr@entry=0x507f110, addr=4100, data=data@entry=419, size=<optimized out>,

    size@entry=4, attrs=attrs@entry=...)

    at D:/Projects/QEMU/qemu/memory.c:1336

#22 0x0000000000409f63 in address_space_stl_internal (

    endian=DEVICE_LITTLE_ENDIAN, result=0x0, attrs=..., val=419,

    addr=1756135440, as=0x0) at D:/Projects/QEMU/qemu/exec.c:3433

#23 address_space_stl_le (result=0x0, attrs=..., val=419, addr=1756135440,

    as=0x0) at D:/Projects/QEMU/qemu/exec.c:3470

#24 stl_le_phys (as=as@entry=0xab4280 <address_space_memory>,

    addr=addr@entry=4276097028, val=419) at D:/Projects/QEMU/qemu/exec.c:3488

#25 0x0000000000473941 in ioapic_service (s=0x1182e1d0)

    at D:/Projects/QEMU/qemu/hw/intc/ioapic.c:144

#26 0x000000000059062a in ps2_queue (b=24, opaque=0x11c809d0)

    at hw/input/ps2.c:549

#27 ps2_mouse_send_packet (s=s@entry=0x11c809d0) at hw/input/ps2.c:839

#28 0x0000000000590b51 in ps2_mouse_sync (dev=0x11c809d0)

    at hw/input/ps2.c:927

#29 0x000000000066515a in qemu_input_event_sync_impl () at ui/input.c:351

#30 0x0000000000666917 in sdl_send_mouse_event (dx=<optimized out>,

    dy=<optimized out>, x=<optimized out>, y=<optimized out>, state=0,

    scon=<optimized out>, scon=<optimized out>) at ui/sdl2.c:315

#31 0x0000000000667112 in handle_mousemotion (ev=0x22f970) at ui/sdl2.c:482

#32 sdl2_poll_events (scon=0x1230c260) at ui/sdl2.c:619

#33 0x000000000065f622 in dpy_refresh (s=0x119ba030) at ui/console.c:1560

#34 gui_update (opaque=opaque@entry=0x119ba030) at ui/console.c:200

#35 0x000000000068d60c in timerlist_run_timers (timer_list=0x5022d40)

    at qemu-timer.c:528

#36 0x000000000068d823 in qemu_clock_run_timers (type=<optimized out>)

    at qemu-timer.c:539

#37 qemu_clock_run_all_timers () at qemu-timer.c:653

#38 0x000000000068c94e in main_loop_wait (nonblocking=<optimized out>)

    at main-loop.c:516

#39 0x00000000005023b0 in main_loop () at vl.c:1966

#40 qemu_main (argc=argc@entry=12, argv=argv@entry=0x3a0130,

    envp=envp@entry=0x0) at vl.c:4684

#41 0x00000000005033c8 in SDL_main (argc=argc@entry=12,

    argv=argv@entry=0x3a0130) at vl.c:45

#42 0x000000000074088a in main_utf8 (argv=0x3a0130, argc=<optimized out>)

    at ../src/main/windows/SDL_windows_main.c:126

#43 WinMain (hInst=<optimized out>, hPrev=hPrev@entry=0x0,

    szCmdLine=<optimized out>, sw=<optimized out>)

    at ../src/main/windows/SDL_windows_main.c:189

#44 0x0000000000754862 in main (flags=<optimized out>,

    cmdline=<optimized out>, inst=<optimized out>)

    at C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crt0_c.c:18

#45 0x00000000004013ed in __tmainCRTStartup ()

    at C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:334

#46 0x00000000004014fb in WinMainCRTStartup ()

    at C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:184

 

Pavel Dovgalyuk

 

From: Pavel Dovgalyuk [mailto:dovgaluk@ispras.ru] 
Sent: Monday, December 19, 2016 12:48 PM
To: qemu-devel@nongnu.org
Cc: pbonzini@redhat.com; peter.maydell@linaro.org; 'Pavel Dovgalyuk'
Subject: qemu-2.8-rc4 is broken

 

Hi!

 

I encountered the following bug with the latest version of QEMU.

I use windows host and start qemu with the following command line:

qemu-system-i386.exe -soundhw ac97 -snapshot -hda disk.qcow2 -net none

 

Guest system is Windows XP 32-bit. It founds new hardware (including audio controller)

and I start playing mp3 file.

After seconds of playing qemu fails with an exception.

 

I tried to bisect between 2.7 and 2.8, but bug is not stable.

It manifested itself at commits "68701de1362b29fd6941a2021e9393ddbe60edd8" and
"6a928d25b6d8bc3729c3d28326c6db13b9481059".

 

Pavel Dovgalyuk

 

  reply	other threads:[~2016-12-20  7:46 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-12-19  9:47 [Qemu-devel] qemu-2.8-rc4 is broken Pavel Dovgalyuk
2016-12-20  7:45 ` Pavel Dovgalyuk [this message]
2016-12-20 10:21   ` Stefan Hajnoczi
2016-12-20 11:10     ` Pavel Dovgalyuk
2016-12-20 13:20       ` Stefan Hajnoczi
2016-12-20 14:02       ` Stefan Hajnoczi
2016-12-20 16:02         ` Alex Bennée
2016-12-20 16:13           ` Stefan Hajnoczi
2016-12-21  5:57         ` Pavel Dovgalyuk
2016-12-21 11:05           ` Stefan Hajnoczi
2017-01-11  7:10             ` Pavel Dovgalyuk
2017-01-11 11:41               ` Alex Bennée
2017-01-12  8:07                 ` Pavel Dovgalyuk
2017-01-20 17:33                   ` Alex Bennée
2017-01-23  7:50                     ` Pavel Dovgalyuk
2017-01-23  9:38                       ` Alex Bennée

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='000601d25a95$12b1b9f0$38152dd0$@ru' \
    --to=dovgaluk@ispras.ru \
    --cc=pavel.dovgaluk@ispras.ru \
    --cc=pbonzini@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.