[Spice-devel] Regression: qemu crash of hvm domUs with spice (backtrace included)

Fabio Fantoni fabio.fantoni at m2r.biz
Tue Apr 21 04:38:39 PDT 2015 

Il 21/04/2015 12:49, Stefano Stabellini ha scritto:
> On Mon, 20 Apr 2015, Fabio Fantoni wrote:
>> I updated xen and qemu from xen 4.5.0 with its upstream qemu included to xen
>> 4.5.1-pre with qemu upstream from stable-4.5 (changed Config.mk to use
>> revision "master").
>> After few minutes I booted windows 7 64 bit domU qemu crash, tried 2 times
>> with same result.
>>
>> In the domU's qemu log:
>>> qemu-system-i386: malloc.c:3096: sYSMALLOc: Assertion `(old_top ==
>>> (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof
>>> (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long)
>>> (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk,
>>> fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) -
>>> 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) ==
>>> 0)' failed.
>>> Killing all inferiors
>> In attachment the full backtrace of qemu crash.
>>
>> With a fast search after I saw the backtrace I found a probable cause of
>> regression (I'm not sure):
>> http://xenbits.xen.org/gitweb/?p=staging/qemu-upstream-4.5-testing.git;a=commit;h=5c3402816aaddb15156c69df73c54abe4e1c76aa
>> spice: make sure we don't overflow ssd->buf
>>
>> Added also qemu-devel and spice-devel as cc.
>>
>> If you need more informations/tests tell me and I'll post them.
>   
> Maybe you could try to revert the offending commit
> (5c3402816aaddb15156c69df73c54abe4e1c76aa)? Or even better bisect the
> crash?
Thanks for your reply.

I reverted to 4.5.0 on dom0 for now on that system because I'm busy 
trying to found another problem that cause very bad performance without 
errors or nothing in logs :( I don't know if if xen related, kernel 
related or other for now.

About this regression with spice I'll do further tests in next days 
(probably starting reverting the spice patch in qemu) but any help is 
appreciated.
Based on data I have for now is possible that the problem is that qemu 
try to allocate other ram or videoram after domU create but with xen is 
not possible?
In the spice related patch I saw something about dynamic allocation for 
example.

More information about the Spice-devel mailing list