From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.186.70.92] (port=42960 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PxFbN-0006lt-3q for qemu-devel@nongnu.org; Wed, 09 Mar 2011 04:22:45 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PxFbL-0001IB-Vu for qemu-devel@nongnu.org; Wed, 09 Mar 2011 04:22:40 -0500 Received: from moutng.kundenserver.de ([212.227.126.187]:63657) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PxFbL-0001Hs-KG for qemu-devel@nongnu.org; Wed, 09 Mar 2011 04:22:39 -0500 Message-ID: <4D7746D7.3000303@mail.berlios.de> Date: Wed, 09 Mar 2011 10:22:31 +0100 From: Stefan Weil MIME-Version: 1.0 Subject: Re: [Qemu-devel] segmentation fault in qemu-kvm-0.14.0 References: <2640D58E-2101-47FA-99B6-28815666651E@dlh.net> <4D772BBC.4040603@mail.berlios.de> <4D772EA5.8030809@msgid.tls.msk.ru> In-Reply-To: <4D772EA5.8030809@msgid.tls.msk.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Michael Tokarev Cc: Peter Lieven , qemu-devel , kvm@vger.kernel.org Am 09.03.2011 08:39, schrieb Michael Tokarev: > 09.03.2011 10:26, Stefan Weil wrote: >> Am 08.03.2011 23:53, schrieb Peter Lieven: >>> Hi, >>> >>> during testing of qemu-kvm-0.14.0 i can reproduce the following >>> segfault. i have seen similar crash already in 0.13.0, but had no time >>> to debug. >>> my guess is that this segfault is related to the threaded vnc server >>> which was introduced in qemu 0.13.0. the bug is only triggerable if a vnc >>> client is attached. it might also be connected to a resolution change >>> in the guest. i have a backtrace attached. the debugger is still >>> running if someone >>> needs more output >>> > [] >> Hi Peter, >> >> did you apply this patch which fixes one of the known vnc problems >> (but is still missing in qemu git master): >> >> http://lists.nongnu.org/archive/html/qemu-devel/2011-03/msg00256.html > This patch is not suitable for 0.14 since in current qemu/master quite > alot of stuff were changed in this area (bitmaps added), there's no > similar infrastructure in 0.14. > >> Then you can read this thread: >> >> http://lists.nongnu.org/archive/html/qemu-devel/2011-03/msg00313.html >> >> And finally the following modifications of ui/vnc.c might help to see >> whether you experience the same kind of crash as I get here in >> my environment. They add assertions for bad memory access >> which occurs sometimes when a vnc client-server connection exists and >> the screen is refreshed after a resolution change. >> The code line with the //~ comment also includes a fix which >> works for me. > The same is true for this patch, but of a less extent: it can be applied > manually (the bitmap_empty context line). > > I wonder if something similar actually exists in 0.13/0.14 too and needs > to be backported to -stable. > >> Regards, >> Stefan W. > Thanks! > > /mjt I just tested stable-0.14. It shows the same kind of bug. Output of qemu run with valgrind: ==18143== Conditional jump or move depends on uninitialised value(s) ==18143== at 0x4027022: bcmp (mc_replace_strmem.c:541) ==18143== by 0x80EEF96: vnc_refresh_server_surface (vnc.c:2292) ==18143== by 0x80EF0F1: vnc_refresh (vnc.c:2322) ==18143== by 0x80FA026: qemu_run_timers (qemu-timer.c:503) ==18143== by 0x80FA34E: qemu_run_all_timers (qemu-timer.c:634) ==18143== by 0x816BBB6: main_loop_wait (vl.c:1383) ==18143== by 0x816BC36: main_loop (vl.c:1424) ==18143== by 0x816FEAF: main (vl.c:3136) Stefan