From: Fabio Fantoni <fabio.fantoni@m2r.biz>
To: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: Anthony PERARD <anthony.perard@citrix.com>,
spice-devel@lists.freedesktop.org,
Gerd Hoffmann <kraxel@redhat.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
xen-devel@lists.xen.org
Subject: Re: [Qemu-devel] Regression: qemu crash of hvm domUs with spice (backtrace included)
Date: Mon, 11 May 2015 17:04:55 +0200 [thread overview]
Message-ID: <5550C517.70602@m2r.biz> (raw)
In-Reply-To: <alpine.DEB.2.02.1504211351580.3112@kaball.uk.xensource.com>
Il 21/04/2015 14:53, Stefano Stabellini ha scritto:
> On Tue, 21 Apr 2015, Fabio Fantoni wrote:
>> Il 21/04/2015 12:49, Stefano Stabellini ha scritto:
>>> On Mon, 20 Apr 2015, Fabio Fantoni wrote:
>>>> I updated xen and qemu from xen 4.5.0 with its upstream qemu included to
>>>> xen
>>>> 4.5.1-pre with qemu upstream from stable-4.5 (changed Config.mk to use
>>>> revision "master").
>>>> After few minutes I booted windows 7 64 bit domU qemu crash, tried 2 times
>>>> with same result.
>>>>
>>>> In the domU's qemu log:
>>>>> qemu-system-i386: malloc.c:3096: sYSMALLOc: Assertion `(old_top ==
>>>>> (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) -
>>>>> __builtin_offsetof
>>>>> (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long)
>>>>> (old_size) >= (unsigned long)((((__builtin_offsetof (struct
>>>>> malloc_chunk,
>>>>> fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) -
>>>>> 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask)
>>>>> ==
>>>>> 0)' failed.
>>>>> Killing all inferiors
>>>> In attachment the full backtrace of qemu crash.
>>>>
>>>> With a fast search after I saw the backtrace I found a probable cause of
>>>> regression (I'm not sure):
>>>> http://xenbits.xen.org/gitweb/?p=staging/qemu-upstream-4.5-testing.git;a=commit;h=5c3402816aaddb15156c69df73c54abe4e1c76aa
>>>> spice: make sure we don't overflow ssd->buf
>>>>
>>>> Added also qemu-devel and spice-devel as cc.
>>>>
>>>> If you need more informations/tests tell me and I'll post them.
>>> Maybe you could try to revert the offending commit
>>> (5c3402816aaddb15156c69df73c54abe4e1c76aa)? Or even better bisect the
>>> crash?
>> Thanks for your reply.
>>
>> I reverted to 4.5.0 on dom0 for now on that system because I'm busy trying to
>> found another problem that cause very bad performance without errors or
>> nothing in logs :( I don't know if if xen related, kernel related or other for
>> now.
>>
>> About this regression with spice I'll do further tests in next days (probably
>> starting reverting the spice patch in qemu) but any help is appreciated.
>> Based on data I have for now is possible that the problem is that qemu try to
>> allocate other ram or videoram after domU create but with xen is not possible?
>> In the spice related patch I saw something about dynamic allocation for
>> example.
> It is probably caused by a commit in the range:
>
> 1ebb75b1fee779621b63e84fefa7b07354c43a99..0b8fb1ec3d666d1eb8bbff56c76c5e6daa2789e4
>
> there are only 10 commits in that range. By using git bisect you should
> be able to narrow it down in just 3 tests.
Sorry for delay, I was busy with many things, today I retried with
updated stable-4.5 and also reverting "spice: make sure we don't
overflow ssd->buf" (in a second test) but in both case regression remain :(
Tomorrow probably I'll do other tests.
next prev parent reply other threads:[~2015-05-11 15:05 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-20 14:10 [Qemu-devel] Regression: qemu crash of hvm domUs with spice (backtrace included) Fabio Fantoni
2015-04-21 10:49 ` Stefano Stabellini
2015-04-21 11:38 ` Fabio Fantoni
2015-04-21 12:53 ` Stefano Stabellini
2015-04-21 12:53 ` [Qemu-devel] " Stefano Stabellini
2015-05-11 15:04 ` Fabio Fantoni [this message]
2015-05-12 9:23 ` Fabio Fantoni
2015-05-12 9:23 ` [Qemu-devel] " Fabio Fantoni
2015-05-12 10:26 ` Fabio Fantoni
2015-05-12 13:54 ` Fabio Fantoni
2015-05-12 13:54 ` [Qemu-devel] " Fabio Fantoni
2015-05-12 14:38 ` Stefano Stabellini
2015-05-12 14:44 ` Stefano Stabellini
2015-05-13 13:29 ` Fabio Fantoni
2015-05-15 10:26 ` Stefano Stabellini
2015-05-15 10:26 ` Stefano Stabellini
2015-10-08 15:58 ` Andreas Kinzler
2015-10-08 16:24 ` Andreas Kinzler
2015-10-09 7:56 ` Fabio Fantoni
2015-10-16 12:09 ` Regression: qemu crash of hvm domUs with spice (backtrace included) - patch backport propose Fabio Fantoni
2015-10-16 14:01 ` Stefano Stabellini
2015-10-19 15:06 ` Stefano Stabellini
2015-05-13 13:29 ` Regression: qemu crash of hvm domUs with spice (backtrace included) Fabio Fantoni
2015-05-12 14:44 ` Stefano Stabellini
2015-05-12 14:38 ` Stefano Stabellini
2015-05-12 10:26 ` Fabio Fantoni
2015-05-11 15:04 ` Fabio Fantoni
2015-04-21 11:38 ` Fabio Fantoni
2015-04-21 10:49 ` Stefano Stabellini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5550C517.70602@m2r.biz \
--to=fabio.fantoni@m2r.biz \
--cc=anthony.perard@citrix.com \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=spice-devel@lists.freedesktop.org \
--cc=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.