[Qemu-devel] [Bug 1829242] Re: qemu on windows host exits after savevm command

[Alex]

Running the operation under debugger catches this error:
Critical error detected c0000374
(2314.a54): Break instruction exception - code 80000003 (first chance)
ntdll!RtlIsNonEmptyDirectoryReparsePointAllowed+0x72:
00007ffe`0780b2d2 cc              int     3

This error means that a heap corruption was detected. To find the place where 
the corruption occured, I've ran qemu under appverifier, which is some kind of 
ASAN\MSAN for windows.
The tool caught an access violation, the callstack seems to be not full, 
save_snapshot calls qemu_savevm_state_iterate, then a call to ram_save_iterate, 
then ram_find_and_save_block. But the address of the exception does not 
correspond to this function.
Disassembling qemu and searching for this address, I've found that it probably 
corresponds to this snippet in ram_save_host_page:
    do {
        /* Check the pages is dirty and if it is send it */
        if (!migration_bitmap_clear_dirty(rs, pss->block, pss->page)) {
            pss->page++;
            continue;
        }

The missing callstack part is probably ram_find_and_save_block calling 
ram_save_host_page at this place:
        if (found) {
            pages = ram_save_host_page(rs, &pss, last_stage);
        }

It seems that the compiler inlined several functions to ram_find_and_save_block 
and that is the reason for the partial stack.
Since I am still unable to see local variable values during debugging, I can't 
give more info now. 
I think the bug can be found when running qemu on linux with ASAN\MSAN. When 
this does not find the bug, I do more debugging.
I want mention that the caught access violation is due to reading an invalid 
address. The bug found without appverifier is due to writing to an invalid 
address, so there may be several bugs.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1829242

Title:
  qemu on windows host exits after savevm command

Status in QEMU:
  New

Bug description:
  I'm running qemu-system-i386.exe 3.1.0 with this command line:
  "C:\Program Files\qemu\qemu-system-i386.exe"  -L C:\user\qemu\pc-bios\ -name 
win7 -m 4G -uuid 564db62e-e031-b5cf-5f34-a75f8cefa98e -rtc base=localtime 
-accel hax -hdd C:\VirtualMachines\Dev\Win10x64_VS17\swap.qcow 
"C:\VirtualMachines\qemu\qemu_win7.qcow"
  Host OS Windows 10 x64, guest OS Wondows 7 x86.

  Wait till the OS loads, go to compat_monitor0 tab and enter command:
  savevm loaded_win
  After a few seconds qemu exits, running it another time and entering command:
  info snapshots
  says "There is no snapshot available". I've tried rinning it with -accel tcg, 
with same results. I've tried less memory (1G), same results.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1829242/+subscriptions