Re: [Qemu-devel] [BUG] qemu-kvm: memory_region_add_subregion_common: Assertion `!subregion->parent' failed.

[Jan Kiszka <jan.kiszka@siemens.com>]

On 2011-10-25 11:42, Lai Jiangshan wrote:
> This bug is triggered for my Windows XP guest, but not for my linux guests.
> 
> The gdb result shows that a "vga.vram" memoryregion is added twice.
> 
> ------------libvirt log -------
> 
> 2011-10-25 16:18:58.117: starting up
> LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin QEMU_AUDIO_DRV=none /home/laijs/bin/qemu.sh -S -M pc-0.13 -enable-kvm -m 256 -smp 1,sockets=1,cores=1,threads=1 -name Windows -uuid 3b0f4f29-1ca1-c199-a080-3ccac8f745a9 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/Windows.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=localtime -no-shutdown -drive file=/home/laijs/Windows/windows.img,if=none,id=drive-ide0-0-0,format=qcow2,cache=none -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -drive file=/home/laijs/OFFICE2003_STD_EN.ISO,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -netdev tap,fd=17,id=hostnet0 -device pcnet
>  ,netdev=hostnet0,id=net0,mac=52:54:00:a5:d2:ea,bus=pci.0,multifunction=on,addr=0x3.0x0 -usb -vnc 127.0.0.1:0 -vga std -device virtio-balloon-pci,id=balloon0,bus=pci.0,multifunction=on,addr=0
> x5.0x0
> Domain id=45 is tainted: high-privileges
> qemu-system-x86_64: /home/laijs/work/qemu-kvm/memory.c:1083: memory_region_add_subregion_common: Assertion `!subregion->parent' failed.
> 2011-10-25 16:18:58.380: shutting down
> 
> 
> 
> -------------git bisect result
> 
> 
> 
> 
> 
> b195043003d90ea4027ea01cc7a6c974ac915108 is the first bad commit
> commit b195043003d90ea4027ea01cc7a6c974ac915108
> Author: Avi Kivity <avi@redhat.com>
> Date:   Mon Aug 8 16:08:57 2011 +0300
> 
>     vga: convert vga and its derivatives to the memory API
>     
>     Convert all vga memory to the memory API.  Note we need to fall back to
>     get_system_memory(), since the various buses don't pass the vga window
>     as a memory region.
>     
>     We no longer need to sync the dirty bitmap of the cirrus mapped memory
>     banks, since the memory API takes care of that for us.
>     
>     [jan: fix vga-pci logging]
>     
>     Reviewed-by: Richard Henderson <rth@twiddle.net>
>     Signed-off-by: Avi Kivity <avi@redhat.com>
>     Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
> 
> :040000 040000 e8faf8e539a4ec814ef212ce97040046363a67f3 917701ddf6a42f49204a5b2adfa9654c03c0d6f6 M	hw
> 
> -----------------------gdb result(b19504300)--------
> 
> 
> (gdb) bt
> #0  0x000000000042995a in memory_region_add_subregion_common (mr=0x2a799a0, offset=4026531840, 
>     subregion=0x2d17250) at /home/laijs/work/qemu-kvm/memory.c:1083
> #1  0x0000000000590408 in pci_update_mappings (d=0x2d16f40)
>     at /home/laijs/work/qemu-kvm/hw/pci.c:1123
> #2  0x0000000000590846 in pci_default_write_config (d=0x2d16f40, addr=4, 
>     val=<value optimized out>, l=<value optimized out>) at /home/laijs/work/qemu-kvm/hw/pci.c:1173
> #3  0x0000000000427616 in kvm_handle_io (env=0x2bdf500) at /home/laijs/work/qemu-kvm/kvm-all.c:837
> #4  kvm_cpu_exec (env=0x2bdf500) at /home/laijs/work/qemu-kvm/kvm-all.c:976
> #5  0x000000000040c308 in cpu_exec_all () at /home/laijs/work/qemu-kvm/cpus.c:1102
> #6  0x0000000000587281 in main_loop (argc=<value optimized out>, argv=<value optimized out>, 
>     envp=<value optimized out>) at /home/laijs/work/qemu-kvm/vl.c:1392
> #7  main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
>     at /home/laijs/work/qemu-kvm/vl.c:3356
> (gdb) p mr->name
> $1 = 0x2a79a70 "system"
> (gdb) p subregion->name
> $2 = 0x2c02960 "vga.vram"
> (gdb) p *subregion
> $3 = {ops = 0x0, opaque = 0x0, parent = 0x2a799a0, size = 8388608, addr = 3758096384, offset = 0, 
>   backend_registered = true, ram_addr = 268697600, iorange = {ops = 0x0, base = 0, len = 0}, 
>   terminates = true, alias = 0x0, alias_offset = 0, priority = 1, may_overlap = true, subregions = 
>     {tqh_first = 0x0, tqh_last = 0x2d172c8}, subregions_link = {tqe_next = 0x2b7d610, tqe_prev = 
>     0x2b7d788}, coalesced = {tqh_first = 0x0, tqh_last = 0x2d172e8}, name = 0x2c02960 "vga.vram", 
>   dirty_log_mask = 1 '\001', ioeventfd_nb = 0, ioeventfds = 0x0}
> (gdb) p subregion->parent
> $4 = (MemoryRegion *) 0x2a799a0
> (gdb) p *subregion->parent
> $5 = {ops = 0x0, opaque = 0x0, parent = 0x0, size = 9223372036854775807, addr = 0, offset = 0, 
>   backend_registered = false, ram_addr = 0, iorange = {ops = 0x0, base = 0, len = 0}, terminates = 
>     false, alias = 0x0, alias_offset = 0, priority = 0, may_overlap = false, subregions = {
>     tqh_first = 0x2acc120, tqh_last = 0x2b4d168}, subregions_link = {tqe_next = 0x0, tqe_prev = 
>     0x0}, coalesced = {tqh_first = 0x0, tqh_last = 0x2a79a38}, name = 0x2a79a70 "system", 
>   dirty_log_mask = 0 '\000', ioeventfd_nb = 0, ioeventfds = 0x0}
> 

That's likely vga_init_vbe vs. pci_register_bar with vga.vram. Either
the PCI bar or the VBE mapping should be wrapped by an alias region
pointing to the original vram. And vmware_vga seems to be affected as well.

Jan

-- 
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux