1. Add breakpoint at vga.c:790 s->vbe_regs[VBE_DISPI_INDEX_ENABLE] =
val;
(gdb) b vga.c:790
Breakpoint 2 at 0x56100ad10521: file /qemu-2.12/hw/display/vga.c, line 790.
(gdb) c
Continuing.
2. When breakpoint is hited , val is 0
Thread 5 "CPU 1/KVM" hit Breakpoint 2, vbe_ioport_write_data
(opaque=0x56100e6e7b30, addr=<optimized out>, val=0) at
/qemu-2.12/hw/display/vga.c:790
(gdb) bt
#0 vbe_ioport_write_data (opaque=0x56100e6e7b30, addr=<optimized out>, val=0)
at /qemu-2.12/hw/display/vga.c:790
#1 0x000056100ace521b in memory_region_write_accessor (mr=0x56100e74e590,
addr=1, value=<optimized out>, size=2, shift=<optimized out>, mask=<optimized
out>, attrs=...)
at /qemu-2.12/memory.c:530
#2 0x000056100ace266e in access_with_adjusted_size (addr=addr@entry=1,
value=value@entry=0x7fb2aeffc9a8, size=size@entry=2, access_size_min=<optimized
out>, access_size_max=<optimized out>,
access_fn=0x56100ace51a0 <memory_region_write_accessor>, mr=0x56100e74e590,
attrs=...) at /qemu-2.12/memory.c:597
#3 0x000056100ace72ca in memory_region_dispatch_write
(mr=mr@entry=0x56100e74e590, addr=1, data=<optimized out>, size=size@entry=2,
attrs=attrs@entry=...)
at /qemu-2.12/memory.c:1487
#4 0x000056100ac85807 in flatview_write_continue (mr=0x56100e74e590,
l=<optimized out>, addr1=<optimized out>, len=2, buf=0x7fb2bf3e2000 "",
attrs=..., addr=463, fv=0x7fb2a458fea0)
at /qemu-2.12/exec.c:3166
#5 flatview_write (fv=0x7fb2a458fea0, addr=<optimized out>, attrs=...,
buf=<optimized out>, len=<optimized out>) at /qemu-2.12/exec.c:3216
#6 0x000056100ac8a2af in address_space_write (as=<optimized out>,
addr=<optimized out>, attrs=..., buf=<optimized out>, len=<optimized out>)
at /qemu-2.12/exec.c:3332
#7 0x000056100ac8a345 in address_space_rw (as=<optimized out>,
addr=addr@entry=463, attrs=..., attrs@entry=..., buf=buf@entry=0x7fb2bf3e2000
"", len=len@entry=2, is_write=is_write@entry=true)
at /qemu-2.12/exec.c:3343
#8 0x000056100acf66f2 in kvm_handle_io (count=1, size=2, direction=<optimized
out>, data=<optimized out>, attrs=..., port=463)
at /qemu-2.12/accel/kvm/kvm-all.c:1730
#9 kvm_cpu_exec (cpu=cpu@entry=0x56100cecc810) at
/qemu-2.12/accel/kvm/kvm-all.c:1970
#10 0x000056100acd0ab6 in qemu_kvm_cpu_thread_fn (arg=0x56100cecc810) at
/qemu-2.12/cpus.c:1229
#11 0x00007fb2bc1dc184 in start_thread () from
/lib/x86_64-linux-gnu/libpthread.so.0
#12 0x00007fb2bbf09bed in clone () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) c
Continuing.
3. size is 0, region_start is identical to region_end
Thread 1 "kvm" hit Breakpoint 1, memory_region_snapshot_and_clear_dirty
(mr=mr@entry=0x56100e6e7b40, addr=addr@entry=0, size=size@entry=0,
client=client@entry=0)
at /qemu-2.12/memory.c:1986
(gdb) c
Continuing.
4. Abort
Thread 1 "kvm" received signal SIGABRT, Aborted.
0x00007fb2bbe42c37 in raise () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0 0x00007fb2bbe42c37 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007fb2bbe46028 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007fb2bbe3bbf6 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007fb2bbe3bca2 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
#4 0x000056100ac86641 in cpu_physical_memory_snapshot_get_dirty
(snap=snap@entry=0x56100d6b0de0, start=<optimized out>, length=<optimized out>)
at /qemu-2.12/exec.c:1264
#5 0x000056100ace84de in memory_region_snapshot_get_dirty
(mr=mr@entry=0x56100e6e7b40, snap=snap@entry=0x56100d6b0de0, addr=<optimized
out>, size=<optimized out>)
at /qemu-2.12/memory.c:1997
#6 0x000056100ad122a4 in vga_draw_graphic (full_update=0, s=0x56100e6e7b30) at
/qemu-2.12/hw/display/vga.c:1671
#7 vga_update_display (opaque=0x56100e6e7b30) at
/qemu-2.12/hw/display/vga.c:1767
#8 0x000056100af96a8f in qemu_spice_display_refresh (ssd=0x56100e6e7760) at
/qemu-2.12/ui/spice-display.c:478
#9 0x000056100af8bd72 in dpy_refresh (s=0x56100e81f0b0) at
/qemu-2.12/ui/console.c:1629
#10 gui_update (opaque=0x56100e81f0b0) at /qemu-2.12/ui/console.c:203
#11 0x000056100b09033c in timerlist_run_timers (timer_list=0x56100cdf1c60) at
/qemu-2.12/util/qemu-timer.c:536
#12 0x000056100b0905a3 in qemu_clock_run_timers (type=QEMU_CLOCK_REALTIME) at
/qemu-2.12/util/qemu-timer.c:547
#13 qemu_clock_run_all_timers () at /qemu-2.12/util/qemu-timer.c:674
#14 0x000056100b090aa4 in main_loop_wait (nonblocking=<optimized out>) at
/qemu-2.12/util/main-loop.c:528
#15 0x000056100ac7ff8a in main_loop () at /qemu-2.12/vl.c:1973
#16 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at
/qemu-2.12/vl.c:4804
5. When guest vga driver set the s->vbe_regs[VBE_DISPI_INDEX_ENABLE] to 0, then
if the vga_draw_graphic be called , the qemu crash.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1785197
Title:
qemu 2.12.0 crash during install windows 10 with vga
Status in QEMU:
New
Bug description:
Same issue as https://www.qubes-os.org/doc/windows-vm/ , it's not easy to
reproduced.
cpu_physical_memory_snapshot_get_dirty: Assertion `start + length <=
snap->end’ failed
Qemu version is 2.12.0.
(gdb) bt
#0 0x00007f504ed6fc37 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007f504ed73028 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007f504ed68bf6 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007f504ed68ca2 in __assert_fail () from
/lib/x86_64-linux-gnu/libc.so.6
#4 0x00005585bbdc9641 in cpu_physical_memory_snapshot_get_dirty
(snap=snap@entry=0x5585bfdc2ff0, start=<optimized out>, length=<optimized out>)
at /qemu-2.12/exec.c:1264
#5 0x00005585bbe2b4de in memory_region_snapshot_get_dirty
(mr=mr@entry=0x5585c06e3d10, snap=snap@entry=0x5585bfdc2ff0, addr=<optimized
out>,
size=<optimized out>) at /qemu-2.12/memory.c:1997
#6 0x00005585bbe552a4 in vga_draw_graphic (full_update=0, s=0x5585c06e3d00)
at /qemu-2.12/hw/display/vga.c:1671
#7 vga_update_display (opaque=0x5585c06e3d00) at
/qemu-2.12/hw/display/vga.c:1767
#8 0x00005585bc0d9a8f in qemu_spice_display_refresh (ssd=0x5585c06e3930) at
/qemu-2.12/ui/spice-display.c:478
#9 0x00005585bc0ced72 in dpy_refresh (s=0x5585c081b2a0) at
/qemu-2.12/ui/console.c:1629
#10 gui_update (opaque=0x5585c081b2a0) at /qemu-2.12/ui/console.c:203
#11 0x00005585bc1d333c in timerlist_run_timers (timer_list=0x5585bee1f950) at
/qemu-2.12/util/qemu-timer.c:536
#12 0x00005585bc1d35a3 in qemu_clock_run_timers (type=QEMU_CLOCK_REALTIME) at
/qemu-2.12/util/qemu-timer.c:547
#13 qemu_clock_run_all_timers () at /qemu-2.12/util/qemu-timer.c:674
#14 0x00005585bc1d3aa4 in main_loop_wait (nonblocking=<optimized out>) at
/qemu-2.12/util/main-loop.c:528
#15 0x00005585bbdc2f8a in main_loop () at /qemu-2.12/vl.c:1973
#16 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>)
at /qemu-2.12/vl.c:4804
(gdb) frame 5
(gdb) p/x *snap
$1 = {start = 0x1000c0000, end = 0x1000c0000, dirty = 0x5585bfdc3000}
Here the snap->start is identical to snap->end , I think something is wrong.
In function vga_draw_graphic, the snap is allocated from
region_start/region_end.
snap = memory_region_snapshot_and_clear_dirty(&s->vram, region_start,
region_end -
region_start,
DIRTY_MEMORY_VGA);
Is that possible for region_start== region_end ?
Commandline:
/usr/bin/kvm -name guest=win10-2,debug-threads=on -S -object
secret,id=masterKey0,format=raw,file=/run/lib/libvirt/qemu/domain-51-win10-2/master-key.aes
-machine pc-i440fx-2.12,accel=kvm,usb=off,system=windows,dump-guest-core=off
-cpu qemu64,hv_time,hv_relaxed,hv_spinlocks=0x2000 -m
size=4194304k,slots=10,maxmem=34359738368k -realtime mlock=off -smp
2,maxcpus=24,sockets=24,cores=1,threads=1 -numa
node,nodeid=0,cpus=0-23,mem=4096 -uuid cb871760-e684-4926-8f0b-270f7ff35539
-no-user-config -nodefaults -chardev
socket,id=charmonitor,path=/run/lib/libvirt/qemu/domain-51-win10-2/monitor.sock,server,nowait
-mon chardev=charmonitor,id=monitor,mode=control -chardev
socket,id=charmonitor_cas,path=/run/lib/libvirt/qemu/domain-51-win10-2/monitor.sock.cas,server,nowait
-mon chardev=charmonitor_cas,id=monitor_cas,mode=control -rtc
base=localtime,clock=vm,driftfix=slew -no-hpet -no-shutdown -global
PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device
piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device
usb-ehci,id=usb1,bus=pci.0,addr=0x4 -device
nec-usb-xhci,id=usb2,bus=pci.0,addr=0x5 -device
virtio-scsi-pci,id=scsi1,bus=pci.0,addr=0x6 -device
virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x7 -device
usb-hub,id=hub0,bus=usb.0,port=1 -drive
file=/vms/images/win10-2,format=qcow2,if=none,id=drive-virtio-disk0,cache=directsync,aio=native
-device
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x8,pci_hotpluggable=on,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1
-drive
file=/vms/isos/virtio-win10.vfd,format=raw,if=none,id=drive-fdc0-0-0,readonly=on,cache=directsync,aio=native
-global isa-fdc.driveA=drive-fdc0-0-0 -global isa-fdc.bootindexA=4 -drive
file=/vms/nfs/windows_msdn_iso/cn_windows_10_multi-edition_version_1709_updated_sept_2017_x64_dvd_100090804.iso,format=raw,if=none,id=drive-ide0-0-0,readonly=on
-device ide-cd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=2
-netdev tap,fd=62,id=hostnet0,vhost=on,vhostfd=63 -device
virtio-net-pci,pci_hotpluggable=on,netdev=hostnet0,id=net0,mac=0c:da:41:1d:11:5b,bus=pci.0,addr=0x3,bootindex=3
-chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0
-chardev
socket,id=charchannel0,path=/var/lib/libvirt/qemu/win10-2.agent,server,nowait
-device
virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0
-device usb-tablet,id=input0,bus=usb.0,port=2 -vnc 0.0.0.0:0 -spice
port=5901,tls-port=5902,addr=0.0.0.0,disable-ticketing,x509-dir=/etc/pki/libvirt-spice,seamless-migration=on
-device
qxl-vga,id=video0,ram_size=67108864,vram_size=16777216,vram64_size_mb=0,vgamem_mb=16,bus=pci.0,addr=0x2
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x9 -msg timestamp=on
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1785197/+subscriptions
