Hide Forgot
Description of problem: Too small value of ram_size cause the guest core dumped and the guest fail to boot, this is not accepted. Version-Release number of selected component (if applicable): host info: # uname -r && rpm -q qemu-kvm 2.6.32-221.el6.x86_64 qemu-kvm-0.12.1.2-2.213.el6.x86_64 How reproducible: 100% Steps to Reproduce: 1.boot a guest with a small value of command line parameter ram_size. eg: ...-spice disable-ticketing,port=5912 -vga qxl -global qxl-vga.ram_size=15555555 2.connect to the Server by using spice. 3.check the value of ram_size with info qtree. Actual results: The guest fail to boot, and core dumped. (gdb) bt #0 0x00007ffff5010885 in raise () from /lib64/libc.so.6 #1 0x00007ffff5012065 in abort () from /lib64/libc.so.6 #2 0x00007ffff7e6c943 in qxl_phys2virt (qxl=<value optimized out>, pqxl=<value optimized out>, group_id=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:1028 #3 0x00007ffff7e6cb43 in qxl_track_command (qxl=0x7ffff9292840, ext=0x7fffeccc5890) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:390 #4 0x00007ffff7e6dcdb in interface_get_command (sin=0x7ffff9292ad0, ext=0x7fffeccc5890) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:560 #5 0x00007ffff64b0c77 in red_process_commands (worker=0x7fffeccc5c00, ring_is_empty=0x7fffeccc593c, max_pipe_size=50) at red_worker.c:4351 #6 0x00007ffff64b1c0b in flush_display_commands (worker=0x7fffeccc5c00) at red_worker.c:8740 #7 flush_all_qxl_commands (worker=0x7fffeccc5c00) at red_worker.c:8820 #8 0x00007ffff64b1f34 in handle_dev_destroy_surfaces (listener=0x7fffeccc5c00, events=<value optimized out>) at red_worker.c:9818 #9 handle_dev_input (listener=0x7fffeccc5c00, events=<value optimized out>) at red_worker.c:10013 #10 0x00007ffff64b1865 in red_worker_main (arg=<value optimized out>) at red_worker.c:10304 #11 0x00007ffff77617f1 in start_thread () from /lib64/libpthread.so.0 #12 0x00007ffff50c370d in clone () from /lib64/libc.so.6 (gdb) After the step 3, the value of the ram_size info: ... dev: qxl-vga, id "" dev-prop: ram_size = 33554432 ... Expected results: The guest shouldn't core dumped, while display a error message. Additional info:
QXL has a few places where a misbehaving guest can trigger assert(), so this this could be a guest driver bug too. The assert() should leave an error message, does qemu print anything before it dumps core? What guest you are testing with?
(In reply to comment #2) > QXL has a few places where a misbehaving guest can trigger assert(), > so this this could be a guest driver bug too. > > The assert() should leave an error message, does qemu print anything > before it dumps core? > > What guest you are testing with? Hi Gerd Hoffman, I have retest this issue again with the same steps as # Description. The guest info: # uname -r 2.6.32-235.el6.x86_64 The host info: # uname -r & rpm -q qemu-kvm 2.6.32-235.el6.x86_64 qemu-kvm-0.12.1.2-2.231.el6.x86_64 Before it dumps core, the qemu print some thing as following: (qemu) qxl_phys2virt: PANIC offset > qxl->guest_slots[slot].size failed Aborted (core dumped) Take the core dumped log as following: (gdb) r -smp 4 -m 4G -usbdevice tablet -name RHEL-Server-6.3-64 -drive file=/home/RHEL6.3_64_sluo.qcow2,if=none,id=drive-virtio-disk-0,format=qcow2,cache=none,werror=stop,rerror=stop -device virtio-blk-pci,drive=drive-virtio-disk-0,id=virtio0,bootindex=1 -netdev tap,id=hostnet0,vhost=on -device virtio-net-pci,netdev=hostnet0,id=net0,mac=00:1a:4a:12:0b:10,bus=pci.0 -monitor stdio -spice disable-ticketing,port=5910 -vga qxl -global qxl-vga.ram_size=15555555 Starting program: /usr/libexec/qemu-kvm -smp 4 -m 4G -usbdevice tablet -name RHEL-Server-6.3-64 -drive file=/home/RHEL6.3_64_sluo.qcow2,if=none,id=drive-virtio-disk-0,format=qcow2,cache=none,werror=stop,rerror=stop -device virtio-blk-pci,drive=drive-virtio-disk-0,id=virtio0,bootindex=1 -netdev tap,id=hostnet0,vhost=on -device virtio-net-pci,netdev=hostnet0,id=net0,mac=00:1a:4a:12:0b:10,bus=pci.0 -monitor stdio -spice disable-ticketing,port=5910 -vga qxl -global qxl-vga.ram_size=15555555 [Thread debugging using libthread_db enabled] Detaching after fork from child process 11107. [New Thread 0x7ffff05ec700 (LWP 11115)] do_spice_init: starting 0.8.3 spice_server_add_interface: SPICE_INTERFACE_MIGRATION spice_server_add_interface: SPICE_INTERFACE_KEYBOARD spice_server_add_interface: SPICE_INTERFACE_MOUSE [New Thread 0x7fffeea4e700 (LWP 11116)] [New Thread 0x7fffe7fff700 (LWP 11117)] [New Thread 0x7fffee04d700 (LWP 11118)] [New Thread 0x7fffed64c700 (LWP 11119)] spice_server_add_interface: SPICE_INTERFACE_QXL [New Thread 0x7ffecfbfd700 (LWP 11120)] red_worker_main: begin handle_dev_input: start spice_server_add_interface: SPICE_INTERFACE_TABLET [New Thread 0x7ffecf1fc700 (LWP 11121)] [New Thread 0x7ffece7fb700 (LWP 11122)] [New Thread 0x7ffecddfa700 (LWP 11123)] [New Thread 0x7ffecd3f9700 (LWP 11124)] [New Thread 0x7ffec7fff700 (LWP 11125)] [New Thread 0x7ffec75fe700 (LWP 11126)] [New Thread 0x7ffec6bfd700 (LWP 11127)] [New Thread 0x7ffec61fc700 (LWP 11128)] [New Thread 0x7ffec57fb700 (LWP 11129)] [New Thread 0x7ffec4dfa700 (LWP 11130)] [New Thread 0x7ffebffff700 (LWP 11131)] [New Thread 0x7ffebf5fe700 (LWP 11132)] qxl_phys2virt: PANIC offset > qxl->guest_slots[slot].size failed Program received signal SIGABRT, Aborted. [Switching to Thread 0x7ffecfbfd700 (LWP 11120)] 0x00007ffff500e885 in raise () from /lib64/libc.so.6 Missing separate debuginfos, use: debuginfo-install alsa-lib-1.0.22-3.el6.x86_64 celt051-0.5.1.3-0.el6.x86_64 cyrus-sasl-lib-2.1.23-13.el6.x86_64 cyrus-sasl-md5-2.1.23-13.el6.x86_64 cyrus-sasl-plain-2.1.23-13.el6.x86_64 db4-4.7.25-16.el6.x86_64 dbus-libs-1.2.24-5.el6_1.x86_64 flac-1.2.1-6.1.el6.x86_64 glibc-2.12-1.47.el6.x86_64 gnutls-2.8.5-4.el6.x86_64 keyutils-libs-1.4-3.el6.x86_64 krb5-libs-1.9-22.el6.x86_64 libICE-1.0.6-1.el6.x86_64 libSM-1.1.0-7.1.el6.x86_64 libX11-1.3-2.el6.x86_64 libXau-1.0.5-1.el6.x86_64 libXext-1.1-3.el6.x86_64 libXi-1.3-3.el6.x86_64 libXtst-1.0.99.2-3.el6.x86_64 libaio-0.3.107-10.el6.x86_64 libasyncns-0.8-1.1.el6.x86_64 libcom_err-1.41.12-11.el6.x86_64 libgcrypt-1.4.5-9.el6.x86_64 libgpg-error-1.7-4.el6.x86_64 libjpeg-6b-46.el6.x86_64 libogg-1.1.4-2.1.el6.x86_64 libselinux-2.0.94-5.2.el6.x86_64 libsndfile-1.0.20-5.el6.x86_64 libtasn1-2.3-3.el6.x86_64 libuuid-2.17.2-12.4.el6.x86_64 libvorbis-1.2.3-4.el6.x86_64 libxcb-1.5-1.el6.x86_64 nss-softokn-freebl-3.12.9-11.el6.x86_64 openssl-1.0.0-20.el6.x86_64 pixman-0.18.4-1.el6_0.1.x86_64 pulseaudio-libs-0.9.21-13.el6.x86_64 tcp_wrappers-libs-7.6-57.el6.x86_64 zlib-1.2.3-27.el6.x86_64 (gdb) bt #0 0x00007ffff500e885 in raise () from /lib64/libc.so.6 #1 0x00007ffff5010065 in abort () from /lib64/libc.so.6 #2 0x00007ffff7f7b1b3 in qxl_phys2virt (qxl=<value optimized out>, pqxl=<value optimized out>, group_id=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:1028 #3 0x00007ffff7f7b3b3 in qxl_track_command (qxl=0x7ffff9cb2840, ext=0x7ffecfa28890) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:390 #4 0x00007ffff7f7c54b in interface_get_command (sin=0x7ffff9cb2ad0, ext=0x7ffecfa28890) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:560 #5 0x00007ffff64aec77 in red_process_commands (worker=0x7ffecfa28c00, ring_is_empty=0x7ffecfa2893c, max_pipe_size=50) at red_worker.c:4351 #6 0x00007ffff64afc0b in flush_display_commands (worker=0x7ffecfa28c00) at red_worker.c:8740 #7 flush_all_qxl_commands (worker=0x7ffecfa28c00) at red_worker.c:8820 #8 0x00007ffff64aff34 in handle_dev_destroy_surfaces (listener=0x7ffecfa28c00, events=<value optimized out>) at red_worker.c:9818 #9 handle_dev_input (listener=0x7ffecfa28c00, events=<value optimized out>) at red_worker.c:10013 #10 0x00007ffff64af865 in red_worker_main (arg=<value optimized out>) at red_worker.c:10304 #11 0x00007ffff775f7f1 in start_thread () from /lib64/libpthread.so.0 #12 0x00007ffff50c170d in clone () from /lib64/libc.so.6 (gdb) q
Ok, rhel6 guest. When does it crash? As soon as the X-Server starts? "(qemu) qxl_phys2virt: PANIC offset > qxl->guest_slots[slot].size failed" This indicates a guest bug, seems the qxl driver tries to use 64M (default size) although only 32M are available.
(In reply to comment #4) > Ok, rhel6 guest. > > When does it crash? As soon as the X-Server starts? > Hi Gerd, I use the serial ports to output the setup information, It is just that as soon as the X-Server starts, the guest crash, and the serial ports cann't output anything.
What does rpm -q xorg-x11-drv-qxl say on the guest? Also, it should be noted that with less than 16MB of video memory, the experience won't be very good, so I'd be inclined to just print an error message and exit in that case.
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux.
This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development. This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.
No activity for a year, closing as low priority bug. Please re-open if you believe this is an issue.