From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41474) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fllFO-00080N-ME for qemu-devel@nongnu.org; Fri, 03 Aug 2018 21:20:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fllFL-0000pS-Dp for qemu-devel@nongnu.org; Fri, 03 Aug 2018 21:20:46 -0400 Received: from indium.canonical.com ([91.189.90.7]:41754) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fllFL-0000or-3b for qemu-devel@nongnu.org; Fri, 03 Aug 2018 21:20:43 -0400 Received: from loganberry.canonical.com ([91.189.90.37]) by indium.canonical.com with esmtp (Exim 4.86_2 #2 (Debian)) id 1fllFJ-0001zp-MY for ; Sat, 04 Aug 2018 01:20:41 +0000 Received: from loganberry.canonical.com (localhost [127.0.0.1]) by loganberry.canonical.com (Postfix) with ESMTP id 91ACE2E80CB for ; Sat, 4 Aug 2018 01:20:41 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Date: Sat, 04 Aug 2018 01:09:32 -0000 From: changlimin Reply-To: Bug 1785197 <1785197@bugs.launchpad.net> Sender: bounces@canonical.com References: <153328835680.29549.10888277891028750813.malonedeb@chaenomeles.canonical.com> Message-Id: <153334497260.28572.666042225176109532.malone@chaenomeles.canonical.com> Errors-To: bounces@canonical.com Subject: [Qemu-devel] [Bug 1785197] Re: qemu 2.12.0 crash during install windows 10 with vga List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org I have tried many times to reproduce the issue. 1. Add a breakpoint (gdb) b memory_region_snapshot_and_clear_dirty if size=3D=3D0 Breakpoint 1 at 0x55ef37b7d450: file /qemu-2.12/memory.c, line 1986. 2. Occasionally the breakpoint hited, size is 0 (gdb) c Continuing. Thread 1 "kvm" hit Breakpoint 1, memory_region_snapshot_and_clear_dirty (mr= =3Dmr@entry=3D0x55ef3aff1b40, addr=3Daddr@entry=3D0, size=3Dsize@entry=3D0,= client=3Dclient@entry=3D0) at /qemu-2.12/memory.c:1986 (gdb) bt #0 memory_region_snapshot_and_clear_dirty (mr=3Dmr@entry=3D0x55ef3aff1b40,= addr=3Daddr@entry=3D0, size=3Dsize@entry=3D0, client=3Dclient@entry=3D0) at /qemu-2.12/memory.c:1986 #1 0x000055ef37ba6d0f in vga_draw_graphic (full_update=3D0, s=3D0x55ef3aff= 1b30) at /qemu-2.12/hw/display/vga.c:1642 #2 vga_update_display (opaque=3D0x55ef3aff1b30) at /qemu-2.12/hw/display/v= ga.c:1767 #3 0x000055ef37e2ba8f in qemu_spice_display_refresh (ssd=3D0x55ef3aff1760)= at /qemu-2.12/ui/spice-display.c:478 #4 0x000055ef37e20d72 in dpy_refresh (s=3D0x55ef3b1290b0) at /qemu-2.12/ui= /console.c:1629 #5 gui_update (opaque=3D0x55ef3b1290b0) at /qemu-2.12/ui/console.c:203 #6 0x000055ef37f2533c in timerlist_run_timers (timer_list=3D0x55ef396fbc60= ) at /qemu-2.12/util/qemu-timer.c:536 #7 0x000055ef37f255a3 in qemu_clock_run_timers (type=3DQEMU_CLOCK_REALTIME= ) at /qemu-2.12/util/qemu-timer.c:547 #8 qemu_clock_run_all_timers () at /qemu-2.12/util/qemu-timer.c:674 #9 0x000055ef37f25aa4 in main_loop_wait (nonblocking=3D) at= /qemu-2.12/util/main-loop.c:528 #10 0x000055ef37b14f8a in main_loop () at /qemu-2.12/vl.c:1973 #11 main (argc=3D, argv=3D, envp=3D) at /qemu-2.12/vl.c:4804 3. Why the size is 0 ? Why region_start is identical to region_end ? region_end =3D region_start + (ram_addr_t)s->line_offset * height; region_end +=3D width * s->get_bpp(s) / 8; /* scanline length */ region_end -=3D s->line_offset; (gdb) p s->line_offset $4 =3D 0 (gdb) p width $5 =3D 1024 (gdb) p/x s->vbe_regs $10 =3D {0xb0c0, 0x400, 0x300, 0x20, 0x0, 0x0, 0x400, 0x1000, 0x0, 0x0} Because s->vbe_regs[VBE_DISPI_INDEX_ENABLE] is 0, vbe_enabled is false, so vga_get_bpp return 0, and region_end +=3D 0 4. Why s->vbe_regs[VBE_DISPI_INDEX_ENABLE] is 0 ? -- = You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1785197 Title: qemu 2.12.0 crash during install windows 10 with vga Status in QEMU: New Bug description: Same issue as https://www.qubes-os.org/doc/windows-vm/ , it's not easy to= reproduced. cpu_physical_memory_snapshot_get_dirty: Assertion `start + length <=3D sn= ap->end=E2=80=99 failed Qemu version is 2.12.0. = (gdb) bt #0 0x00007f504ed6fc37 in raise () from /lib/x86_64-linux-gnu/libc.so.6 #1 0x00007f504ed73028 in abort () from /lib/x86_64-linux-gnu/libc.so.6 #2 0x00007f504ed68bf6 in ?? () from /lib/x86_64-linux-gnu/libc.so.6 #3 0x00007f504ed68ca2 in __assert_fail () from /lib/x86_64-linux-gnu/lib= c.so.6 #4 0x00005585bbdc9641 in cpu_physical_memory_snapshot_get_dirty (snap=3D= snap@entry=3D0x5585bfdc2ff0, start=3D, length=3D) at /qemu-2.12/exec.c:1264 #5 0x00005585bbe2b4de in memory_region_snapshot_get_dirty (mr=3Dmr@entry= =3D0x5585c06e3d10, snap=3Dsnap@entry=3D0x5585bfdc2ff0, addr=3D, size=3D) at /qemu-2.12/memory.c:1997 #6 0x00005585bbe552a4 in vga_draw_graphic (full_update=3D0, s=3D0x5585c0= 6e3d00) at /qemu-2.12/hw/display/vga.c:1671 #7 vga_update_display (opaque=3D0x5585c06e3d00) at /qemu-2.12/hw/display= /vga.c:1767 #8 0x00005585bc0d9a8f in qemu_spice_display_refresh (ssd=3D0x5585c06e393= 0) at /qemu-2.12/ui/spice-display.c:478 #9 0x00005585bc0ced72 in dpy_refresh (s=3D0x5585c081b2a0) at /qemu-2.12/= ui/console.c:1629 #10 gui_update (opaque=3D0x5585c081b2a0) at /qemu-2.12/ui/console.c:203 #11 0x00005585bc1d333c in timerlist_run_timers (timer_list=3D0x5585bee1f9= 50) at /qemu-2.12/util/qemu-timer.c:536 #12 0x00005585bc1d35a3 in qemu_clock_run_timers (type=3DQEMU_CLOCK_REALTI= ME) at /qemu-2.12/util/qemu-timer.c:547 #13 qemu_clock_run_all_timers () at /qemu-2.12/util/qemu-timer.c:674 #14 0x00005585bc1d3aa4 in main_loop_wait (nonblocking=3D) = at /qemu-2.12/util/main-loop.c:528 #15 0x00005585bbdc2f8a in main_loop () at /qemu-2.12/vl.c:1973 #16 main (argc=3D, argv=3D, envp=3D) at /qemu-2.12/vl.c:4804 = (gdb) frame 5 (gdb) p/x *snap $1 =3D {start =3D 0x1000c0000, end =3D 0x1000c0000, dirty =3D 0x5585bfdc3= 000} Here the snap->start is identical to snap->end , I think something is wro= ng. = In function vga_draw_graphic, the snap is allocated from region_start/reg= ion_end. snap =3D memory_region_snapshot_and_clear_dirty(&s->vram, region_= start, region_end - region= _start, DIRTY_MEMORY_VGA); Is that possible for region_start=3D=3D region_end ? = Commandline: /usr/bin/kvm -name guest=3Dwin10-2,debug-threads=3Don -S -object secret,i= d=3DmasterKey0,format=3Draw,file=3D/run/lib/libvirt/qemu/domain-51-win10-2/= master-key.aes -machine pc-i440fx-2.12,accel=3Dkvm,usb=3Doff,system=3Dwindo= ws,dump-guest-core=3Doff -cpu qemu64,hv_time,hv_relaxed,hv_spinlocks=3D0x20= 00 -m size=3D4194304k,slots=3D10,maxmem=3D34359738368k -realtime mlock=3Dof= f -smp 2,maxcpus=3D24,sockets=3D24,cores=3D1,threads=3D1 -numa node,nodeid= =3D0,cpus=3D0-23,mem=3D4096 -uuid cb871760-e684-4926-8f0b-270f7ff35539 -no-= user-config -nodefaults -chardev socket,id=3Dcharmonitor,path=3D/run/lib/li= bvirt/qemu/domain-51-win10-2/monitor.sock,server,nowait -mon chardev=3Dchar= monitor,id=3Dmonitor,mode=3Dcontrol -chardev socket,id=3Dcharmonitor_cas,pa= th=3D/run/lib/libvirt/qemu/domain-51-win10-2/monitor.sock.cas,server,nowait= -mon chardev=3Dcharmonitor_cas,id=3Dmonitor_cas,mode=3Dcontrol -rtc base= =3Dlocaltime,clock=3Dvm,driftfix=3Dslew -no-hpet -no-shutdown -global PIIX4= _PM.disable_s3=3D1 -global PIIX4_PM.disable_s4=3D1 -boot strict=3Don -devic= e piix3-usb-uhci,id=3Dusb,bus=3Dpci.0,addr=3D0x1.0x2 -device usb-ehci,id=3D= usb1,bus=3Dpci.0,addr=3D0x4 -device nec-usb-xhci,id=3Dusb2,bus=3Dpci.0,addr= =3D0x5 -device virtio-scsi-pci,id=3Dscsi1,bus=3Dpci.0,addr=3D0x6 -device vi= rtio-serial-pci,id=3Dvirtio-serial0,bus=3Dpci.0,addr=3D0x7 -device usb-hub,= id=3Dhub0,bus=3Dusb.0,port=3D1 -drive file=3D/vms/images/win10-2,format=3Dq= cow2,if=3Dnone,id=3Ddrive-virtio-disk0,cache=3Ddirectsync,aio=3Dnative -dev= ice virtio-blk-pci,scsi=3Doff,bus=3Dpci.0,addr=3D0x8,pci_hotpluggable=3Don,= drive=3Ddrive-virtio-disk0,id=3Dvirtio-disk0,bootindex=3D1 -drive file=3D/v= ms/isos/virtio-win10.vfd,format=3Draw,if=3Dnone,id=3Ddrive-fdc0-0-0,readonl= y=3Don,cache=3Ddirectsync,aio=3Dnative -global isa-fdc.driveA=3Ddrive-fdc0-= 0-0 -global isa-fdc.bootindexA=3D4 -drive file=3D/vms/nfs/windows_msdn_iso/= cn_windows_10_multi-edition_version_1709_updated_sept_2017_x64_dvd_10009080= 4.iso,format=3Draw,if=3Dnone,id=3Ddrive-ide0-0-0,readonly=3Don -device ide-= cd,bus=3Dide.0,unit=3D0,drive=3Ddrive-ide0-0-0,id=3Dide0-0-0,bootindex=3D2 = -netdev tap,fd=3D62,id=3Dhostnet0,vhost=3Don,vhostfd=3D63 -device virtio-ne= t-pci,pci_hotpluggable=3Don,netdev=3Dhostnet0,id=3Dnet0,mac=3D0c:da:41:1d:1= 1:5b,bus=3Dpci.0,addr=3D0x3,bootindex=3D3 -chardev pty,id=3Dcharserial0 -de= vice isa-serial,chardev=3Dcharserial0,id=3Dserial0 -chardev socket,id=3Dcha= rchannel0,path=3D/var/lib/libvirt/qemu/win10-2.agent,server,nowait -device = virtserialport,bus=3Dvirtio-serial0.0,nr=3D1,chardev=3Dcharchannel0,id=3Dch= annel0,name=3Dorg.qemu.guest_agent.0 -device usb-tablet,id=3Dinput0,bus=3Du= sb.0,port=3D2 -vnc 0.0.0.0:0 -spice port=3D5901,tls-port=3D5902,addr=3D0.0.= 0.0,disable-ticketing,x509-dir=3D/etc/pki/libvirt-spice,seamless-migration= =3Don -device qxl-vga,id=3Dvideo0,ram_size=3D67108864,vram_size=3D16777216,= vram64_size_mb=3D0,vgamem_mb=3D16,bus=3Dpci.0,addr=3D0x2 -device virtio-bal= loon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x9 -msg timestamp=3Don To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1785197/+subscriptions