On Mon, 20 Apr 2015, Fabio Fantoni wrote: > I updated xen and qemu from xen 4.5.0 with its upstream qemu included to xen > 4.5.1-pre with qemu upstream from stable-4.5 (changed Config.mk to use > revision "master"). > After few minutes I booted windows 7 64 bit domU qemu crash, tried 2 times > with same result. > > In the domU's qemu log: > > qemu-system-i386: malloc.c:3096: sYSMALLOc: Assertion `(old_top == > > (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof > > (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) > > (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, > > fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - > > 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == > > 0)' failed. > > Killing all inferiors > > In attachment the full backtrace of qemu crash. > > With a fast search after I saw the backtrace I found a probable cause of > regression (I'm not sure): > http://xenbits.xen.org/gitweb/?p=staging/qemu-upstream-4.5-testing.git;a=commit;h=5c3402816aaddb15156c69df73c54abe4e1c76aa > spice: make sure we don't overflow ssd->buf > > Added also qemu-devel and spice-devel as cc. > > If you need more informations/tests tell me and I'll post them. Maybe you could try to revert the offending commit (5c3402816aaddb15156c69df73c54abe4e1c76aa)? Or even better bisect the crash? _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel