[Spice-devel] [Xen-devel] [Qemu-devel] Qemu 2.0 regression with xen: qemu crash on any domUs S.O. start

Fabio Fantoni fabio.fantoni at m2r.biz
Mon Apr 7 02:59:06 PDT 2014 

Il 03/04/2014 12:13, Fabio Fantoni ha scritto:
> Il 03/04/2014 10:45, Ian Campbell ha scritto:
>> On Thu, 2014-04-03 at 10:15 +0200, Fabio Fantoni wrote:
>>> Seems that do segfault when I connect to vnc or spice, in the test of
>>> this backtrace after connect to vnc, spice and other things of my
>>> patches are disabled, so do not think it is a problem caused by my 
>>> patches.
>> The last spice patch of yours I saw was incorrectly accessing the wrong
>> half of various unions which is liable to cause all sorts of corruption
>> or strange behaviour. Please can you reproduce this issue without any
>> patches applied.
>>
>> Ian.
>>
>
> After saw the full backtrace I saw on qemu git recent patches with fix 
> on input, than I tried to update qemu to latest commit 
> (82c6f513735297ad76acaaf2e87f0c5a0b3647a7) and now the segfault seems 
> solve, I did some fast test with vnc and spice on same pv domUs 
> without qemu crashes.
> About libxl patch of spice support for pv domUs I'll improve it 
> following your reply and also try to find more details about pointer 
> not visible but working with spice on pv domUs.
> Thanks to all for your help.


Today I did some tests also with hvm and spice and I found another 
segfault with different backtrace to solve:
> (gdb) c
> Continuing.
>
> *Program received signal SIGSEGV, Segmentation fault.**
> **0x0000555555855d30 in interface_client_monitors_config 
> (sin=0x5555563b0260, **
> **    mc=0x0) at ui/spice-display.c:557**
> **557         if (mc->num_of_monitors > 0) {*

> (gdb) bt full
> #0  0x0000555555855d30 in interface_client_monitors_config (
>     sin=0x5555563b0260, mc=0x0) at ui/spice-display.c:557
>         ssd = 0x5555563b0210
>         info = {xoff = 0, yoff = 0, width = 0, height = 0}
>         rc = 32767
>         __func__ = "interface_client_monitors_config"
> #1  0x00007ffff4af5113 in ?? ()
>    from /usr/lib/x86_64-linux-gnu/libspice-server.so.1
> No symbol table info available.
> #2  0x00007ffff4ad87f5 in ?? ()
>    from /usr/lib/x86_64-linux-gnu/libspice-server.so.1
> No symbol table info available.
> #3  0x00007ffff4b1af76 in ?? ()
>    from /usr/lib/x86_64-linux-gnu/libspice-server.so.1
> No symbol table info available.
> #4  0x00007ffff4ae989a in ?? ()
>    from /usr/lib/x86_64-linux-gnu/libspice-server.so.1
> No symbol table info available.
> #5  0x00007ffff4aee470 in ?? ()
>    from /usr/lib/x86_64-linux-gnu/libspice-server.so.1
> No symbol table info available.
> #6  0x00007ffff4af0d8c in ?? ()
>    from /usr/lib/x86_64-linux-gnu/libspice-server.so.1
> No symbol table info available.
> #7  0x0000555555851f82 in watch_read (opaque=0x55555666a8d0)
> ---Type <return> to continue, or q <return> to quit---
>     at ui/spice-core.c:101
>         watch = 0x55555666a8d0
> #8  0x00005555557ce1f8 in qemu_iohandler_poll (pollfds=0x5555562e8e00, 
> ret=2)
>     at iohandler.c:143
>         revents = 1
>         pioh = 0x55555634e080
>         ioh = 0x55555666adb0
> #9  0x00005555557cf2a4 in main_loop_wait (nonblocking=0) at 
> main-loop.c:485
>         ret = 2
>         timeout = 4294967295
>         timeout_ns = 25664603
> #10 0x000055555587acd8 in main_loop () at vl.c:2051
>         nonblocking = false
>         last_io = 3
> #11 0x00005555558826b2 in main (argc=36, argv=0x7fffffffe368,
>     envp=0x7fffffffe490) at vl.c:4507
>         i = 64
>         snapshot = 0
>         linux_boot = 0
>         icount_option = 0x0
>         initrd_filename = 0x0
>         kernel_filename = 0x0
>         kernel_cmdline = 0x555555a1b5c4 ""
>         boot_order = 0x5555562e7ee0 "dc"
>         ds = 0x5555563d8fd0
> ---Type <return> to continue, or q <return> to quit---
>         cyls = 0
>         heads = 0
>         secs = 0
>         translation = 0
>         hda_opts = 0x0
>         opts = 0x5555562e7e30
>         machine_opts = 0x5555562e84b0
>         olist = 0x555555e00e00
>         optind = 36
>         optarg = 0x7fffffffe923 
> "if=ide,index=1,media=cdrom,cache=writeback,id=ide-832"
>         loadvm = 0x0
>         machine_class = 0x5555562e02a0
>         machine = 0x555555e067e0
>         cpu_model = 0x0
>         vga_model = 0x0
>         qtest_chrdev = 0x0
>         qtest_log = 0x0
>         pid_file = 0x0
>         incoming = 0x0
>         show_vnc_port = 0
>         defconfig = true
>         userconfig = true
>         log_mask = 0x0
>         log_file = 0x0
> ---Type <return> to continue, or q <return> to quit---
>         mem_trace = {malloc = 0x55555587e56a <malloc_and_trace>,
>           realloc = 0x55555587e5c2 <realloc_and_trace>,
>           free = 0x55555587e629 <free_and_trace>, calloc = 0, 
> try_malloc = 0,
>           try_realloc = 0}
>         trace_events = 0x0
>         trace_file = 0x0
>         __func__ = "main"
>         args = {machine = 0x555555e067e0, ram_size = 2130706432,
>           boot_order = 0x5555562e7ee0 "dc", kernel_filename = 0x0,
>           kernel_cmdline = 0x555555a1b5c4 "", initrd_filename = 0x0,
>           cpu_model = 0x0}
> (gdb)

qemu from source git/master commit 82c6f513735297ad76acaaf2e87f0c5a0b3647a7
spice server packages is version 0.12.4-0nocelt2 recompiled from debian 
unstable source.

If you need more informations/tests tell me and I'll post them.

Thanks for any reply.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20140407/fa810186/attachment.html>

More information about the Spice-devel mailing list