Bug 836260 - crashes with -vga vmware and Ubuntu guest
Summary: crashes with -vga vmware and Ubuntu guest
Alias: None
Product: Fedora
Classification: Fedora
Component: qemu
Version: 17
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Fedora Virtualization Maintainers
QA Contact: Fedora Extras Quality Assurance
: 905657 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2012-06-28 13:56 UTC by Jan Kratochvil
Modified: 2013-04-11 23:37 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2013-04-11 23:37:32 UTC
Type: Bug

Attachments (Terms of Use)

Description Jan Kratochvil 2012-06-28 13:56:25 UTC
Description of problem:
Tried to reproduce some issue on Ubuntu buggy BIOSes but qemu-kvm keeps crashing.

Version-Release number of selected component (if applicable):

How reproducible:
Tried 3 times, always.

Steps to Reproduce:
Install ubuntu-12.04-dvd-amd64.iso.
qemu-kvm -drive file=/xxx/ubuntu12.04.qcow2,index=0,media=disk,snapshot=on,if=virtio,boot=on -vga vmware -net none -m 1024 -vnc :10

Actual results:
Program terminated with signal 11, Segmentation fault.
#0  set_bit (addr=<optimized out>, nr=-4) at ./bitops.h:122
122		*p  |= mask;
#0  set_bit (addr=<optimized out>, nr=-4) at ./bitops.h:122
#1  vnc_dpy_update (ds=<optimized out>, x=-64, y=<optimized out>, w=2359, h=<optimized out>) at ui/vnc.c:396
#2  0x00007feb3b66a13f in dpy_update (s=0x7feb3d95ebb0, h=1770, w=2360, y=0, x=-65) at ../console.h:240
#3  vmsvga_update_rect (h=1770, w=2360, y=0, x=-65, s=0x7feb3dcfea20) at /usr/src/debug/qemu-kvm-0.15.1/hw/vmware_vga.c:330
#4  vmsvga_update_rect_flush (s=0x7feb3dcfea20) at /usr/src/debug/qemu-kvm-0.15.1/hw/vmware_vga.c:369
#5  vmsvga_update_display (opaque=0x7feb3dcfea20) at /usr/src/debug/qemu-kvm-0.15.1/hw/vmware_vga.c:985
#6  0x00007feb3b55f415 in vnc_refresh (opaque=0x7feb3e3b5010) at ui/vnc.c:2444
#7  0x00007feb3b5761e8 in qemu_run_timers (clock=<optimized out>) at qemu-timer.c:599
#8  0x00007feb3b576625 in qemu_run_timers (clock=<optimized out>) at qemu-timer.c:584
#9  qemu_run_all_timers () at qemu-timer.c:735
#10 0x00007feb3b4b8bb2 in main_loop_wait (nonblocking=<optimized out>) at /usr/src/debug/qemu-kvm-0.15.1/vl.c:1351
#11 0x00007feb3b4a2c89 in main_loop () at /usr/src/debug/qemu-kvm-0.15.1/vl.c:1392
#12 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /usr/src/debug/qemu-kvm-0.15.1/vl.c:3378

Expected results:
No crash.

Additional info:
I do not know why but Ubuntu creates with -vga vmware huge screen (2360x1770 may be the size).
Unaware why qemu crashes.
I have the core file here but (uncompressed) it is 758M, I may upload it somewhere.

Comment 2 Fedora End Of Life 2013-01-16 20:44:36 UTC
This message is a reminder that Fedora 16 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 16. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '16'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 16's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 16 is end of life. If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora, you are encouraged to click on 
"Clone This Bug" and open it against that version of Fedora.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 

Comment 3 Jan Kratochvil 2013-01-17 14:18:18 UTC

vmsvga_update_rect: update width too large x: 1991, w: 372

Program received signal SIGSEGV, Segmentation fault.
set_bit (addr=<optimized out>, nr=-4) at ./bitops.h:122
122		*p  |= mask;
Missing separate debuginfos, use: debuginfo-install bluez-libs-4.99-2.fc17.x86_64 brlapi-0.5.6-4.fc17.x86_64 gsm-1.0.13-6.fc17.x86_64 json-c-0.10-2.fc17.x86_64
(gdb) bt
#0  set_bit (addr=<optimized out>, nr=-4) at ./bitops.h:122
#1  vnc_dpy_update (ds=<optimized out>, x=-64, y=0, w=2359, h=1770) at ui/vnc.c:427
#2  0x0000555555685864 in dpy_update (s=0x5555563eb3b0, h=1770, w=2360, y=0, x=-65) at /usr/src/debug/qemu-kvm-1.0.1/console.h:240
#3  vmsvga_update_rect (h=1770, w=2360, y=0, x=-65, s=0x555556acc630) at /usr/src/debug/qemu-kvm-1.0.1/hw/vmware_vga.c:325
#4  vmsvga_update_rect_flush (s=0x555556acc630) at /usr/src/debug/qemu-kvm-1.0.1/hw/vmware_vga.c:358
#5  vmsvga_update_display (opaque=0x555556acc630) at /usr/src/debug/qemu-kvm-1.0.1/hw/vmware_vga.c:961
#6  0x00005555556e6c24 in vnc_refresh (opaque=0x555557182010) at ui/vnc.c:2475
#7  0x00005555556aeb75 in qemu_run_timers (clock=0x5555563b2fc0) at qemu-timer.c:420
#8  qemu_run_timers (clock=0x5555563b2fc0) at qemu-timer.c:400
#9  0x00005555556aedec in qemu_run_all_timers () at qemu-timer.c:483
#10 0x000055555568884a in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:468
#11 0x00005555555c9729 in main_loop () at /usr/src/debug/qemu-kvm-1.0.1/vl.c:1482
#12 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /usr/src/debug/qemu-kvm-1.0.1/vl.c:3528
(gdb) p p
$1 = (long unsigned int *) 0x2000555557182068

Comment 4 Cole Robinson 2013-04-01 20:17:28 UTC
Sounds like this fixes it:

commit 8cb6bfb54e91b1a31a6ae704def595c2099efde1
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Fri Jan 25 21:23:24 2013 +0400

    vmware_vga: fix out of bounds and invalid rects updating

Comment 5 Cole Robinson 2013-04-02 00:39:04 UTC
*** Bug 905657 has been marked as a duplicate of this bug. ***

Comment 6 Fedora Update System 2013-04-02 17:00:13 UTC
qemu-1.0.1-5.fc17 has been submitted as an update for Fedora 17.

Comment 7 Jan Kratochvil 2013-04-02 17:05:57 UTC
As I run on F-18 I have the crash reproducible with
as reported in the Bug 905657.

Comment 8 Cole Robinson 2013-04-02 21:02:36 UTC
Jan, I backported this patch to F18 as well, it's in 1.2.2-8 which was just built today.

Comment 9 Fedora Update System 2013-04-03 04:50:40 UTC
Package qemu-1.0.1-5.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing qemu-1.0.1-5.fc17'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).

Comment 10 Fedora Update System 2013-04-11 23:37:34 UTC
qemu-1.0.1-5.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.