Bug 808936
| Summary: | various spice crashes using Visio on Windows XP | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | John L Magee <jlmagee> | ||||||
| Component: | spice | Assignee: | Gerd Hoffmann <kraxel> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 16 | CC: | alevy, alexl, cfergeau, hdegoede, jforbes, jonstanley, kraxel, marcandre.lureau, techtonik | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | x86_64 | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | |||||||||
| : | 821235 (view as bug list) | Environment: | |||||||
| Last Closed: | 2012-07-08 20:52:39 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 821235 | ||||||||
| Attachments: |
|
||||||||
|
Description
John L Magee
2012-04-01 21:26:52 UTC
Created attachment 574392 [details]
abrt directory, qemu log, spice logs, guest vd* logs
Hi John, Thanks for reporting. Unfortunately I haven't managed to get a stack trace yet, I am running F17 which makes this a bit of a problem to do fast (AFAICT I need to downgrade to the F16 version and install it's debug symbols). If you could reproduce with the F17, or maybe there is a free version of Visio I could download to run, it would help. The F17 latest version of qemu-kvm I have right now is: Name : qemu-kvm Epoch : 2 Version : 1.0 Release : 10.fc17 Thanks, Alon Alon- I got the same failures on F17 Beta RC2. It was just easier to report from my F16 system. Are there debuginfo packages for F17? Let me know exactly what you'd like. Perhaps I could send you a vm image for testing. It would be 7 or 8 GB probably. OK. A VM could be nice, but seems a bit overkill - but if you can put it somewhere and give me a url it would be good. Actually I'm mostly interested in the stacktrace of the faulting qemu process (all threads), so you could just post that here if possible. The 200-300 MB abrt package is also easier/faster to download, and this time I could look at it in a timely manner, since it will be for F17, which I'm running on here. Thanks. Alon Created attachment 575951 [details]
qemu log spicec log cegui log and package list
This is a backtrace and memory map in the qemu log. even with qemu debuginfo I don't get abrt on F17
Can reproduce on an image provided by John L Magee, using his instructions, reproduced here: Open visio file provided. Select all by pressing Ctrl-A view->zoom 200% press ok scroll horizontally left wise get segmentation fault at red_put_image, on double free: (gdb) bt #0 __GI___libc_free (mem=0x5000000000d) at malloc.c:2973 #1 0x00007ffff3037d06 in red_put_image (red=0x7fffacc65d30) at red_parse_qxl.c:451 #2 0x00007ffff303da98 in put_red_drawable (worker=0x7fffac0008c0, drawable=0x7fffacc79f20, group_id=1, self_bitmap=0x7fffacc65d30) at red_worker.c:1682 #3 0x00007ffff30479f7 in red_display_free_glz_drawable_instance (dcc=0x7fffac269be0, glz_drawable_instance=0x7fffac99b7d0) at red_worker.c:5154 #4 0x00007ffff3048d04 in glz_usr_free_image (usr=0x7fffac26e6c0, image=0x7fffac99b7d0) at red_worker.c:5507 #5 0x00007ffff3025fa8 in __glz_dictionary_window_free_image (dict=0x7fffe27fe010, image=0x7fffacb18380) at glz_encoder_dictionary.c:362 #6 0x00007ffff30262fa in glz_dictionary_window_remove_head (dict=0x7fffe27fe010, encoder_id=0, end_image=0x7fffac93fb20) at glz_encoder_dictionary.c:449 #7 0x00007ffff302676f in glz_dictionary_pre_encode (encoder_id=0, usr=0x7fffac26e6c0, dict=0x7fffe27fe010, image_type=LZ_IMAGE_TYPE_RGB32, image_width=995, image_height=741, image_stride=3980, first_lines=0x0, num_first_lines=0, usr_image_context=0x7fffac99a060, image_head_dist=0x7fffe8dde6ac) at glz_encoder_dictionary.c:570 #8 0x00007ffff302502b in glz_encode (opaque_encoder=0x7fffac2c5610, type=LZ_IMAGE_TYPE_RGB32, width=995, height=741, top_down=0, lines=0x0, num_lines=0, stride=3980, io_ptr=0x7fffac3f16c0 " ZL", num_io_bytes=6 5536, usr_context=0x7fffac99a060, o_enc_dict_context=0x7fffac99a080) at glz_encoder.c:255 #9 0x00007ffff304a500 in red_glz_compress_image (dcc=0x7fffac269be0, dest=0x7fffe8dde8c0, src=0x7fffac2ca678, drawable=0x7fffac198050, o_comp_data=0x7fffe8dde8a0) at red_worker.c:5781 #10 0x00007ffff304b630 in red_compress_image (dcc=0x7fffac269be0, dest=0x7fffe8dde8c0, src=0x7fffac2ca678, drawable=0x7fffac198050, can_lossy=0, o_comp_data=0x7fffe8dde8a0) at red_worker.c:6241 #11 0x00007ffff304bcd0 in fill_bits (dcc=0x7fffac269be0, m=0x7fffac99cc40, simage=0x7fffac2ca660, drawable=0x7fffac198050, can_lossy=0) at red_worker.c:6378 #12 0x00007ffff304da5c in red_marshall_qxl_draw_copy (worker=0x7fffac0008c0, rcc=0x7fffac269be0, base_marshaller=0x7fffac2acf70, dpi=0x7fffac339580, src_allowed_lossy=0) at red_worker.c:7083 #13 0x00007ffff304f842 in red_marshall_qxl_drawable (worker=0x7fffac0008c0, rcc=0x7fffac269be0, m=0x7fffac2acf70, dpi=0x7fffac339580) at red_worker.c:7760 #14 0x00007ffff305078e in marshall_qxl_drawable (rcc=0x7fffac269be0, m=0x7fffac2acf70, dpi=0x7fffac339580) at red_worker.c:8087 #15 0x00007ffff3051fc3 in display_channel_send_item (rcc=0x7fffac269be0, pipe_item=0x7fffac339590) at red_worker.c:8553 #16 0x00007ffff302ddbe in red_channel_client_send_item (rcc=0x7fffac269be0, item=0x7fffac339590) at red_channel.c:423 #17 0x00007ffff302f598 in red_channel_client_push (rcc=0x7fffac269be0) at red_channel.c:883 #18 0x00007ffff302f642 in red_channel_push (channel=0x7fffac23d120) at red_channel.c:899 #19 0x00007ffff3052402 in red_push (worker=0x7fffac0008c0) at red_worker.c:8665 #20 0x00007ffff30598b3 in red_worker_main (arg=0x7fffffffcfa0) at red_worker.c:11209 #21 0x00007ffff6bbad14 in start_thread (arg=0x7fffe8ddf700) at pthread_create.c:309 #22 0x00007ffff283e94d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 I'm running into a backtrace that looks very similar, interestingly I was using Visio 2010 on Win7 at the time.
Let me know if more info is required.
[root@hawtness ~]# rpm -q qemu-kvm
qemu-kvm-0.15.1-4.fc16.x86_64
(gdb) thread apply all bt
Thread 5 (Thread 0x7fa224f04700 (LWP 4109)):
#0 0x00007fa22df5bce7 in ioctl () at ../sysdeps/unix/syscall-template.S:82
#1 0x00007fa231cabde9 in kvm_vcpu_ioctl (env=<optimized out>, type=<optimized out>) at /usr/src/debug/qemu-kvm-0.15.1/kvm-all.c:1090
#2 0x00007fa231cabf2f in kvm_cpu_exec (env=0x7fa2336e4480) at /usr/src/debug/qemu-kvm-0.15.1/kvm-all.c:976
#3 0x00007fa231c88237 in qemu_kvm_cpu_thread_fn (arg=0x7fa2336e4480) at /usr/src/debug/qemu-kvm-0.15.1/cpus.c:811
#4 0x00007fa22f118d90 in start_thread (arg=0x7fa224f04700) at pthread_create.c:309
#5 0x00007fa22df62f5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
Thread 4 (Thread 0x7fa1159f4700 (LWP 6084)):
#0 pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:216
#1 0x00007fa231cbdabe in cond_timedwait (ts=0x7fa1159f3bd0, mutex=0x7fa2322314c0, cond=0x7fa232231520) at posix-aio-compat.c:104
#2 aio_thread (unused=<optimized out>) at posix-aio-compat.c:326
#3 0x00007fa22f118d90 in start_thread (arg=0x7fa1159f4700) at pthread_create.c:309
#4 0x00007fa22df62f5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
Thread 3 (Thread 0x7fa1151f3700 (LWP 6071)):
#0 pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:216
#1 0x00007fa231cbdabe in cond_timedwait (ts=0x7fa1151f2bd0, mutex=0x7fa2322314c0, cond=0x7fa232231520) at posix-aio-compat.c:104
#2 aio_thread (unused=<optimized out>) at posix-aio-compat.c:326
#3 0x00007fa22f118d90 in start_thread (arg=0x7fa1151f3700) at pthread_create.c:309
#4 0x00007fa22df62f5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
Thread 2 (Thread 0x7fa231bd39c0 (LWP 4090)):
#0 0x00007fa22df5c403 in select () at ../sysdeps/unix/syscall-template.S:82
#1 0x00007fa231c97b30 in main_loop_wait (nonblocking=<optimized out>) at /usr/src/debug/qemu-kvm-0.15.1/vl.c:1345
#2 0x00007fa231c81c39 in main_loop () at /usr/src/debug/qemu-kvm-0.15.1/vl.c:1392
#3 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /usr/src/debug/qemu-kvm-0.15.1/vl.c:3378
Thread 1 (Thread 0x7fa116ff8700 (LWP 4110)):
#0 0x00007fa22dea8285 in __GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007fa22dea9b9b in __GI_abort () at abort.c:91
#2 0x00007fa22dee9a7e in __libc_message (do_abort=2, fmt=0x7fa22dfe8678 "*** glibc detected *** %s: %s: 0x%s ***\n")
at ../sysdeps/unix/sysv/linux/libc_fatal.c:198
#3 0x00007fa22deefda6 in malloc_printerr (action=3, str=0x7fa22dfe8818 "double free or corruption (!prev)", ptr=<optimized out>) at malloc.c:5021
#4 0x00007fa22def108e in _int_free (av=0x7fa22e223700, p=0x7fa110cb5bb0, have_lock=0) at malloc.c:3942
#5 0x00007fa22e901a3f in put_red_drawable (self_bitmap=<optimized out>, group_id=1, drawable=0x7fa110cc0f80, worker=0x7fa116e20670) at red_worker.c:1684
#6 red_display_free_glz_drawable_instance (dcc=<optimized out>, glz_drawable_instance=<optimized out>) at red_worker.c:5148
#7 0x00007fa22e8ef9b1 in __glz_dictionary_window_free_image (image=0x7fa11095ca60, dict=0x7fa115ff7010) at glz_encoder_dictionary.c:362
#8 glz_dictionary_window_remove_head (dict=0x7fa115ff7010, encoder_id=<optimized out>, end_image=0x7fa110c4f8c0) at glz_encoder_dictionary.c:449
#9 0x00007fa22e8efefe in glz_dictionary_pre_encode (encoder_id=0, usr=<optimized out>, dict=0x7fa115ff7010, image_type=LZ_IMAGE_TYPE_RGBA,
image_width=<optimized out>, image_height=817, image_stride=5564, first_lines=0x0, num_first_lines=0, usr_image_context=0x7fa110846f50,
image_head_dist=0x7fa116e1ffcc) at glz_encoder_dictionary.c:570
#10 0x00007fa22e8ed80b in glz_encode (opaque_encoder=0x7fa110085bd0, type=LZ_IMAGE_TYPE_RGBA, width=1391, height=817, top_down=0, lines=<optimized out>,
num_lines=0, stride=5564, io_ptr=0x7fa11019f080 " ZL", num_io_bytes=65536, usr_context=0x7fa110846f50, o_enc_dict_context=0x7fa110846f70)
at glz_encoder.c:255
#11 0x00007fa22e9043f9 in red_glz_compress_image (o_comp_data=0x7fa116e200a0, drawable=0x7fa116fac6e8, src=0x7fa1109f9c48, dest=0x7fa116e20060,
---Type <return> to continue, or q <return> to quit---
dcc=0x7fa231a2a010) at red_worker.c:5771
#12 red_compress_image (o_comp_data=0x7fa116e200a0, can_lossy=0, drawable=0x7fa116fac6e8, src=0x7fa1109f9c48, dest=0x7fa116e20060, dcc=0x7fa231a2a010)
at red_worker.c:6230
#13 fill_bits (dcc=0x7fa231a2a010, m=0x7fa110cc0180, simage=0x7fa1109f9c30, drawable=0x7fa116fac6e8, can_lossy=0) at red_worker.c:6367
#14 0x00007fa22e904cb2 in red_marshall_qxl_draw_copy (worker=<optimized out>, rcc=0x7fa231a2a010, base_marshaller=0x7fa11006d4b0, dpi=<optimized out>,
src_allowed_lossy=<optimized out>) at red_worker.c:7070
#15 0x00007fa22e90db26 in red_marshall_qxl_drawable (worker=0x7fa116e20670, dpi=<optimized out>, m=0x7fa11006d4b0, rcc=0x7fa231a2a010) at red_worker.c:7747
#16 marshall_qxl_drawable (dpi=<optimized out>, m=<optimized out>, rcc=<optimized out>) at red_worker.c:8073
#17 display_channel_send_item (rcc=<optimized out>, pipe_item=<optimized out>) at red_worker.c:8540
#18 0x00007fa22e8f52e3 in red_channel_client_send_item (item=0x7fa1106e0030, rcc=0x7fa231a2a010) at red_channel.c:421
#19 red_channel_client_push (rcc=0x7fa231a2a010) at red_channel.c:887
#20 red_channel_client_push (rcc=0x7fa231a2a010) at red_channel.c:867
#21 0x00007fa22e911586 in red_push (worker=0x7fa116e20670) at red_worker.c:8652
#22 red_worker_main (arg=<optimized out>) at red_worker.c:11206
#23 0x00007fa22f118d90 in start_thread (arg=0x7fa116ff8700) at pthread_create.c:309
#24 0x00007fa22df62f5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
Hi Jon, I'm having trouble with fedora package upload, so would you please test the following package and report if it solves your problem: http://people.freedesktop.org/~alon/spice-808936/ Alon spice-0.10.1-5.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/spice-0.10.1-5.fc17 Well, those are F17 packages you provided, but I rebuilt it locally for F16 (thanks for the SRPM!) and in my (admittedly hasty and unscientific) testing it seems to solve the issue - I opened Visio and scrolled around a bit and it didn't blow up. So I think we can call this bug squashed for now. Package spice-0.10.1-5.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing spice-0.10.1-5.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-7860/spice-0.10.1-5.fc17 then log in and leave karma (feedback). Is something broken with updates? $ su -c 'yum update --enablerepo=updates-testing spice-0.10.1-5.fc17' Password: Loaded plugins: langpacks, presto, refresh-packagekit No Match for argument: spice-0.10.1-5.fc17 No package spice-0.10.1-5.fc17 available. No Packages marked for Update (In reply to comment #12) > Is something broken with updates? > > $ su -c 'yum update --enablerepo=updates-testing spice-0.10.1-5.fc17' > Password: > Loaded plugins: langpacks, presto, refresh-packagekit > No Match for argument: spice-0.10.1-5.fc17 > No package spice-0.10.1-5.fc17 available. > No Packages marked for Update try spice-server instead of spice. spice-0.10.1-5.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. |