Re: Regression: qemu crash of hvm domUs with spice (backtrace included)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 20 Apr 2015, Fabio Fantoni wrote:
> I updated xen and qemu from xen 4.5.0 with its upstream qemu included to xen
> 4.5.1-pre with qemu upstream from stable-4.5 (changed Config.mk to use
> revision "master").
> After few minutes I booted windows 7 64 bit domU qemu crash, tried 2 times
> with same result.
> 
> In the domU's qemu log:
> > qemu-system-i386: malloc.c:3096: sYSMALLOc: Assertion `(old_top ==
> > (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof
> > (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long)
> > (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk,
> > fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) -
> > 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) ==
> > 0)' failed.
> > Killing all inferiors
> 
> In attachment the full backtrace of qemu crash.
> 
> With a fast search after I saw the backtrace I found a probable cause of
> regression (I'm not sure):
> http://xenbits.xen.org/gitweb/?p=staging/qemu-upstream-4.5-testing.git;a=commit;h=5c3402816aaddb15156c69df73c54abe4e1c76aa
> spice: make sure we don't overflow ssd->buf
> 
> Added also qemu-devel and spice-devel as cc.
> 
> If you need more informations/tests tell me and I'll post them.
 
Maybe you could try to revert the offending commit
(5c3402816aaddb15156c69df73c54abe4e1c76aa)? Or even better bisect the
crash?
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]