QEMU-Devel Archive on lore.kernel.org
 help / color / Atom feed
* qxl - spice crash, memslot_get_virt: address generation is not valid
@ 2019-11-08 13:17 Vladimir Sementsov-Ogievskiy
  0 siblings, 0 replies; only message in thread
From: Vladimir Sementsov-Ogievskiy @ 2019-11-08 13:17 UTC (permalink / raw)
  To: qemu-devel; +Cc: Denis Lunev, spice-devel, Gerd Hoffmann, cfergeau, fziglio

Hi all!

Hope someone could help me with the following.

Seems we've faced https://bugzilla.redhat.com/show_bug.cgi?id=1540919 Qemu bug. It was
(AFAIU) workarounded in spice, in https://bugzilla.redhat.com/show_bug.cgi?id=1567944 ,
which marked is fixed in spice-0.14.0-4..

Still, our crash is on spice-server-0.14.0-7 , which is higher..
Qemu is based on rhev-2.12.0-33, and I don't see in upstream any related fixes.

1567944 discussions has fixes in attachments by Christophe and Frediano.. But I can't find
anything in Qemu mailing list archives. What is the problem with the patch?

===
backtrace

#0  0x00007fd1785f8337 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:55
#1  0x00007fd1785f9a28 in __GI_abort () at abort.c:90
#2  0x00007fd179e3ecfc in spice_logv (log_domain=0x7fd179eafbf1 "Spice", args=0x7fd12561e460, format=0x7fd179eb6d30 "address generation is not valid, group_id %d, slot_id %d, gen %d, slot_gen %d\n",
     function=0x7fd179eb6f30 <__FUNCTION__.16041> "memslot_get_virt", strloc=0x7fd179eb6e26 "memslot.c:122", log_level=G_LOG_LEVEL_CRITICAL) at log.c:183
#3  spice_log (log_level=log_level@entry=G_LOG_LEVEL_CRITICAL, strloc=strloc@entry=0x7fd179eb6e26 "memslot.c:122", function=function@entry=0x7fd179eb6f30 <__FUNCTION__.16041> "memslot_get_virt",
     format=format@entry=0x7fd179eb6d30 "address generation is not valid, group_id %d, slot_id %d, gen %d, slot_gen %d\n") at log.c:196
#4  0x00007fd179e0579f in memslot_get_virt (info=info@entry=0x556f209c44f0, addr=addr@entry=844424930131968, add_size=add_size@entry=20, group_id=group_id@entry=1, error=error@entry=0x7fd12561e5d4)
     at memslot.c:121
#5  0x00007fd179e0e007 in red_get_data_chunks_ptr (slots=slots@entry=0x556f209c44f0, group_id=group_id@entry=1, memslot_id=0, red=red@entry=0x7fd12561e630, qxl=0x7fd128e04016) at red-parse-qxl.c:146
#6  0x00007fd179e106ae in red_get_cursor (addr=72057594044235776, red=0x556f209d8d48, group_id=1, slots=0x556f209c44f0) at red-parse-qxl.c:1441
#7  red_get_cursor_cmd (slots=slots@entry=0x556f209c44f0, group_id=1, red=red@entry=0x556f209d8d20, addr=<optimized out>) at red-parse-qxl.c:1482
#8  0x00007fd179e2138f in red_process_cursor_cmd (worker=worker@entry=0x556f209c4460, ext=ext@entry=0x556f22f58000) at red-worker.c:111
#9  0x00007fd179e2152b in loadvm_command (ext=0x556f22f58000, worker=0x556f209c4460) at red-worker.c:980
#10 handle_dev_loadvm_commands (opaque=0x556f209c4460, payload=<optimized out>) at red-worker.c:1002
#11 0x00007fd179ded65d in dispatcher_handle_single_read (dispatcher=0x556f21b6b8d0) at dispatcher.c:284
#12 dispatcher_handle_recv_read (dispatcher=0x556f21b6b8d0) at dispatcher.c:304
#13 0x00007fd179df3e6b in watch_func (source=<optimized out>, condition=<optimized out>, data=0x556f208dc090) at event-loop.c:128
#14 0x00007fd190742049 in g_main_dispatch (context=0x556f2095efd0) at gmain.c:3175
#15 g_main_context_dispatch (context=context@entry=0x556f2095efd0) at gmain.c:3828
#16 0x00007fd1907423a8 in g_main_context_iterate (context=0x556f2095efd0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3901
#17 0x00007fd19074267a in g_main_loop_run (loop=0x556f22aeea00) at gmain.c:4097
#18 0x00007fd179e225da in red_worker_main (arg=0x556f209c4460) at red-worker.c:1372
#19 0x00007fd178997e65 in start_thread (arg=0x7fd125621700) at pthread_create.c:307
#20 0x00007fd1786c088d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

(gdb) fr 2
#2  0x00007fd179e3ecfc in spice_logv (log_domain=0x7fd179eafbf1 "Spice", args=0x7fd12561e460, format=0x7fd179eb6d30 "address generation is not valid, group_id %d, slot_id %d, gen %d, slot_gen %d\n",
     function=0x7fd179eb6f30 <__FUNCTION__.16041> "memslot_get_virt", strloc=0x7fd179eb6e26 "memslot.c:122", log_level=G_LOG_LEVEL_CRITICAL) at log.c:183
183             abort();
(gdb) list
178         g_log(log_domain, log_level, "%s", log_msg->str);
179         g_string_free(log_msg, TRUE);
180
181         if ((abort_mask & log_level) != 0) {
182             spice_backtrace();
183             abort();
184         }
185     }
186
187     void spice_log(GLogLevelFlags log_level,
(gdb) fr 4
#4  0x00007fd179e0579f in memslot_get_virt (info=info@entry=0x556f209c44f0, addr=addr@entry=844424930131968, add_size=add_size@entry=20, group_id=group_id@entry=1, error=error@entry=0x7fd12561e5d4)
     at memslot.c:121
121             spice_critical("address generation is not valid, group_id %d, slot_id %d, gen %d, slot_gen %d\n",
(gdb) list
116         slot = &info->mem_slots[group_id][slot_id];
117
118         generation = memslot_get_generation(info, addr);
119         if (generation != slot->generation) {
120             print_memslots(info);
121             spice_critical("address generation is not valid, group_id %d, slot_id %d, gen %d, slot_gen %d\n",
122                   group_id, slot_id, generation, slot->generation);
123             *error = 1;
124             return 0;
125         }
(gdb) p group_id
$1 = 1
(gdb) p slot_id
$2 = 0
(gdb) p generation
$3 = 3
(gdb) p slot->generation
$4 = 0


-- 
Best regards,
Vladimir

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-08 13:17 qxl - spice crash, memslot_get_virt: address generation is not valid Vladimir Sementsov-Ogievskiy

QEMU-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/qemu-devel/0 qemu-devel/git/0.git
	git clone --mirror https://lore.kernel.org/qemu-devel/1 qemu-devel/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 qemu-devel qemu-devel/ https://lore.kernel.org/qemu-devel \
		qemu-devel@nongnu.org
	public-inbox-index qemu-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.nongnu.qemu-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git