1 files changed, 54 insertions, 0 deletions

diff --git a/gitlab/issues/target_i386/host_missing/accel_missing/2244.toml b/gitlab/issues/target_i386/host_missing/accel_missing/2244.toml
new file mode 100644
index 000000000..c87471a92
--- /dev/null
+++ b/gitlab/issues/target_i386/host_missing/accel_missing/2244.toml
@@ -0,0 +1,54 @@
+id = 2244
+title = "Regression in 8.2.90: cpu_physical_memory_snapshot_get_dirty: assertion failed"
+state = "closed"
+created_at = "2024-03-24T08:59:26.554Z"
+closed_at = "2024-04-03T16:45:37.265Z"
+labels = ["device:graphics", "kind::Bug", "target: i386", "workflow::Patch available"]
+url = "https://gitlab.com/qemu-project/qemu/-/issues/2244"
+host-os = "Debian Bookworm (and Windows 10 22H2, too)"
+host-arch = "x86_64"
+qemu-version = "8.2.90 - commit determined by git bisect: 973a724eb006f674301a0c45f34b3c08dee0fe49"
+guest-os = "ETH Native Oberon"
+guest-arch = "i386"
+description = """On executing the image from QEMU advent calendar 2014, door 12 the following error is shown and QEMU exists.
+
+On Debian (built on git-repo)
+```
+$ qemu-system-i386 oberon/oberon.qcow2
+qemu-system-i386: ../system/physmem.c:948: cpu_physical_memory_snapshot_get_dirty: Zusicherung »start + length <= snap->end« nicht erfüllt.
+Abgebrochen
+```
+On Windows (built on qemu-9.0.0-rc0.tar.xz)
+```
+$ qemu-system-i386 oberon/oberon.qcow2
+ERROR:../qemu-9.0.0-rc0/system/physmem.c:946:cpu_physical_memory_snapshot_get_dirty: assertion failed: (start + length <= snap->end)
+Bail out! ERROR:../qemu-9.0.0-rc0/system/physmem.c:946:cpu_physical_memory_snapshot_get_dirty: assertion failed: (start + length <= snap->end)
+```"""
+reproduce = """1. Retrieve oberon.tar.xz with `wget http://qemu-advent-calendar.org/2014/download/oberon.tar.xz`
+2. Extract with `tar -xf oberon.tar.xz`
+3. Execute with `qemu-system-i386 oberon/oberon.qcow2`"""
+additional = """The same error is shown for QEMU advent calendar 2014, door 15 (Plan 9 from Bell Labs) soon after switch to graphical mode.
+
+git bisect result:
+```
+973a724eb006f674301a0c45f34b3c08dee0fe49 is the first bad commit
+commit 973a724eb006f674301a0c45f34b3c08dee0fe49
+Author: Paolo Bonzini <pbonzini@redhat.com>
+Date:   Mon Dec 29 14:48:14 2014 +0100
+
+    vga: implement horizontal pel panning in graphics modes
+    
+    This implements smooth scrolling, as used for example by Commander Keen
+    and Second Reality.
+    
+    Unfortunately, this is not enough to avoid tearing in Commander Keen,
+    because sometimes the wrong start address is used for a frame.
+    On real EGA, the panning register is sampled on every line, while
+    the display start is latched for the next frame at the start of the
+    vertical retrace.  On real VGA, the panning register is also latched,
+    but at the end of the vertical retrace.  It looks like Keen exploits
+    this by only waiting for horizontal retrace when setting the display
+    start, but implementing it breaks the 256-color Keen games...
+    
+    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+```"""