All of lore.kernel.org
 help / color / mirror / Atom feed
* [Qemu-devel] Bug: QEMU segfault within vnc
@ 2015-11-24 17:36 Anthony PERARD
  0 siblings, 0 replies; only message in thread
From: Anthony PERARD @ 2015-11-24 17:36 UTC (permalink / raw)
  To: QEMU-devel, Xen Devel; +Cc: Gerd Hoffmann, Stefano Stabellini

Hi,

QEMU segfault while running a Xen guest, the guest is a WinXP.

To reproduce, I start the guest, I don't connect to vnc, and after
about 2min, QEMU segv. I think it's around the time it take for windows to
boot and reach the desktop.

The first commit where this happen is:
vnc: fix local state init
2e0c90af0a33451498d333d72c06e5429c7cd168

The backtrace associated with this commit:
#0  0x00007f8be2035680 in pixman_image_get_width () from /usr/lib/libpixman-1.so.0
#1  0x00005576b9cd1fc7 in vnc_refresh_server_surface (vd=0x7f8be2dd9010) at ui/vnc.c:2873
#2  0x00005576b9ccd413 in vnc_dpy_copy (dcl=0x7f8be2dd9048, src_x=116, src_y=379, dst_x=116, dst_y=367, w=16, h=3) at ui/vnc.c:934
#3  0x00005576b9cc1761 in dpy_gfx_copy (con=0x5576bccbbc50, src_x=116, src_y=379, dst_x=116, dst_y=367, w=16, h=3) at ui/console.c:1533
#4  0x00005576b9cc2b26 in qemu_console_copy (con=0x5576bccbbc50, src_x=116, src_y=379, dst_x=116, dst_y=367, w=16, h=3) at ui/console.c:2040
#5  0x00005576b9b9baf8 in cirrus_do_copy (s=0x5576bcb5a100, dst=1127772, src=1164636, w=16, h=3) at hw/display/cirrus_vga.c:772
#6  0x00005576b9b9bbcc in cirrus_bitblt_videotovideo_copy (s=0x5576bcb5a100) at hw/display/cirrus_vga.c:791
#7  0x00005576b9b9c0a1 in cirrus_bitblt_videotovideo (s=0x5576bcb5a100) at hw/display/cirrus_vga.c:913
#8  0x00005576b9b9c80f in cirrus_bitblt_start (s=0x5576bcb5a100) at hw/display/cirrus_vga.c:1054
#9  0x00005576b9b9c898 in cirrus_write_bitblt (s=0x5576bcb5a100, reg_value=2) at hw/display/cirrus_vga.c:1075
#10 0x00005576b9b9d588 in cirrus_vga_write_gr (s=0x5576bcb5a100, reg_index=49, reg_value=2) at hw/display/cirrus_vga.c:1577
#11 0x00005576b9b9de03 in cirrus_mmio_blt_write (s=0x5576bcb5a100, address=64, value=2 '\002') at hw/display/cirrus_vga.c:1931
#12 0x00005576b9b9e32b in cirrus_vga_mem_write (opaque=0x5576bcb5a100, addr=98368, mem_value=2, size=1) at hw/display/cirrus_vga.c:2099
#13 0x00005576b99e2bc5 in memory_region_write_accessor (mr=0x5576bcb6b0a0, addr=98368, value=0x7fff47d22618, size=1, shift=0, mask=255, attrs=...)
    at /root/work/qemu/memory.c:450
#14 0x00005576b99e2d64 in access_with_adjusted_size (addr=98368, value=0x7fff47d22618, size=1, access_size_min=1, access_size_max=1, 
    access=0x5576b99e2b54 <memory_region_write_accessor>, mr=0x5576bcb6b0a0, attrs=...) at /root/work/qemu/memory.c:506
#15 0x00005576b99e55cb in memory_region_dispatch_write (mr=0x5576bcb6b0a0, addr=98368, data=2, size=1, attrs=...) at /root/work/qemu/memory.c:1158
#16 0x00005576b999eba2 in address_space_rw (as=0x5576ba2a0ec0 <address_space_memory>, addr=753728, attrs=..., buf=0x7fff47d22818 "\002", len=1, is_write=true)
    at /root/work/qemu/exec.c:2497
#17 0x00005576b999eed9 in cpu_physical_memory_rw (addr=753728, buf=0x7fff47d22818 "\002", len=1, is_write=1) at /root/work/qemu/exec.c:2580
#18 0x00005576b9a024b2 in rw_phys_req_item (addr=753728, req=0x7fff47d22810, i=0, val=0x7fff47d22818, rw=1) at /root/work/qemu/xen-hvm.c:797
#19 0x00005576b9a02520 in write_phys_req_item (addr=753728, req=0x7fff47d22810, i=0, val=0x7fff47d22818) at /root/work/qemu/xen-hvm.c:808
#20 0x00005576b9a0285c in cpu_ioreq_move (req=0x7fff47d22810) at /root/work/qemu/xen-hvm.c:862
#21 0x00005576b9a02cec in handle_ioreq (state=0x5576bb888960, req=0x7fff47d22810) at /root/work/qemu/xen-hvm.c:944
#22 0x00005576b9a02ffa in handle_buffered_iopage (state=0x5576bb888960) at /root/work/qemu/xen-hvm.c:1026
#23 0x00005576b9a030d1 in cpu_handle_ioreq (opaque=0x5576bb888960) at /root/work/qemu/xen-hvm.c:1052
#24 0x00005576b9d03123 in aio_dispatch (ctx=0x5576bb856470) at aio-posix.c:160
#25 0x00005576b9cf3421 in aio_ctx_dispatch (source=0x5576bb856470, callback=0x0, user_data=0x0) at async.c:226
#26 0x00007f8bdeb78dc7 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#27 0x00005576b9d01805 in glib_pollfds_poll () at main-loop.c:211
#28 0x00005576b9d018e0 in os_host_main_loop_wait (timeout=477440) at main-loop.c:256
#29 0x00005576b9d0198d in main_loop_wait (nonblocking=0) at main-loop.c:504
#30 0x00005576b9ade524 in main_loop () at vl.c:1890
#31 0x00005576b9ae63f8 in main (argc=44, argv=0x7fff47d22df8, envp=0x7fff47d22f60) at vl.c:4644

QEMU also segfault if I connect briefly to VNC at guest boot time and
disconnect before it finishes booting.

You may find a report from osstest here:
http://lists.xen.org/archives/html/xen-devel/2015-11/msg02688.html

Thanks,

-- 
Anthony PERARD

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2015-11-24 17:37 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-11-24 17:36 [Qemu-devel] Bug: QEMU segfault within vnc Anthony PERARD

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.