[Spice-devel] repeatable xorg qxl crash inside qxl_image_create()
David Mansfield
spice at dm.cobite.com
Tue May 13 13:01:32 PDT 2014
Hi All:
I'd like help tracking down the solution to a very repeatable xorg
crash. I can cause the crash by either:
1) logging in and opening the second monitor without having removed
~/.config/monitors.xml first.
2) using "shutter" (screen capture utility) to capture a "selection"
I have a few coredumps with what seem like valid backtraces. (see below
for an example).
The xorg crash is caused by an assert is happening in frame#4, function
qxl_bo_output_bo_reloc():
if (qxl->cmds.n_reloc_bos >= MAX_RELOCS || qxl->cmds.n_relocs >=
MAX_RELOCS)
assert(0);
According to GDB, both n_reloc_bos = 96 and n_relocs = 96. (MAX_RELOCS=96).
It seems that the "loop" in qxl_image_create (qxl_image.c) is "chunking"
the the create into pieces no bigger than "chunk_size" and that this
size is not big enough (or MAX_RELOCS is too small).
From GDB (inside qxl_image_create() on or about line 174):
(gdb) print h
$13 = 31
(gdb) print height
$14 = 847
(gdb) print chunk_size
$15 = 262144
(gdb) print n_lines
$16 = 17
So we have 31 lines left to go (out of 847), and we're copying 17 lines
at a time. Close but no cigar.
Is the fix to increase the chunk_size or to increase MAX_RELOCS or is
something else broken here?
FYI: I'm running F20 fully updated guest, host and client (all same
box). I'm running "dual head" 1920x1200 (3840x1200 total FB resolution).
Thanks,
David Mansfield
Cobite, INC.
Thread 1 (Thread 0x7f35578169c0 (LWP 1256)):
#0 0x0000003810c35c39 in __GI_raise (sig=sig at entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
resultvar = 0
pid = 1256
selftid = 1256
#1 0x0000003810c37348 in __GI_abort () at abort.c:89
save_stage = 2
act = {__sigaction_handler = {sa_handler = 0x7fff57866f2a,
sa_sigaction = 0x7fff57866f2a}, sa_mask = {__val = {240800730995,
139867066025450, 482, 4294967295, 240799384819, 4,
140734661805968, 49, 0, 140734661806112, 0, 0, 0, 21474836480,
139867078164480, 240800742792}}, sa_flags = 1456027411,
sa_restorer = 0x7f3556c94720 <__PRETTY_FUNCTION__.25149>}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x0000003810c2eb96 in __assert_fail_base (fmt=0x3810d7bd88
"%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
assertion=assertion at entry=0x7f3556c93713 "0",
file=file at entry=0x7f3556c945ea "qxl_kms.c", line=line at entry=482,
function=function at entry=0x7f3556c94720 <__PRETTY_FUNCTION__.25149>
"qxl_bo_output_bo_reloc") at assert.c:92
str = 0x2832860 ""
total = 4096
#3 0x0000003810c2ec42 in __GI___assert_fail
(assertion=assertion at entry=0x7f3556c93713 "0",
file=file at entry=0x7f3556c945ea "qxl_kms.c",
line=line at entry=482, function=function at entry=0x7f3556c94720
<__PRETTY_FUNCTION__.25149> "qxl_bo_output_bo_reloc") at assert.c:101
No locals.
#4 0x00007f3556c80005 in qxl_bo_output_bo_reloc (qxl=<optimized out>,
dst_offset=<optimized out>, _dst_bo=<optimized out>,
_src_bo=<optimized out>) at qxl_kms.c:482
qxl = <optimized out>
dst_offset = <optimized out>
_dst_bo = <optimized out>
_src_bo = <optimized out>
dst_bo = <optimized out>
src_bo = <optimized out>
r = <optimized out>
#5 0x00007f3556c76e31 in qxl_image_create (qxl=qxl at entry=0x2226900,
data=0x39338a0 "", data at entry=0x2d3f8a0 "", x=x at entry=0, y=y at entry=0,
width=width at entry=3840, height=height at entry=847,
stride=stride at entry=15360, Bpp=4, fallback=fallback at entry=0) at
qxl_image.c:174
chunk_size = 262144
n_lines = 17
bo = 0x2621080
chunk = 0x7f354fc1c000
hash = <optimized out>
image = <optimized out>
head_bo = 0x2668620
tail_bo = 0x2621030
image_bo = <optimized out>
dest_stride = 15360
h = 31
#6 0x00007f3556c77546 in qxl_surface_put_image_for_reals
(dest=dest at entry=0x2244fb0, x=x at entry=0, y=y at entry=162,
width=width at entry=3840,
height=height at entry=847, src=src at entry=0x2d3f8a0 "",
src_pitch=src_pitch at entry=15360) at qxl_surface.c:794
drawable_bo = 0x26204a0
drawable = <optimized out>
qxl = 0x2226900
rect = {top = 162, left = 0, bottom = 1009, right = 3840}
image_bo = <optimized out>
#7 0x00007f3556c7888c in qxl_surface_put_image (dest=0x2244fb0, x=0,
y=162, width=<optimized out>, height=<optimized out>,
src=0x2d3f8a0 "", src_pitch=15360) at qxl_surface.c:824
gross = 847
h2 = 191
use_hack = 1
#8 0x00007f3556c84c6d in uxa_copy_n_to_n
(pSrcDrawable=pSrcDrawable at entry=0x2ae0040, pDstDrawable=0x283e120,
pGC=0x266c110,
pbox=0x2a50358, pbox at entry=0x2a50350, nbox=0, nbox at entry=2,
dx=dx at entry=0, dy=dy at entry=0, reverse=0, upsidedown=0,
bitplane=bitplane at entry=0, closure=0x0) at uxa-accel.c:582
stride = <optimized out>
bpp = 4
src = <optimized out>
screen = 0x2230280
src_off_x = 0
src_off_y = 0
dst_off_x = 0
dst_off_y = 0
pSrcPixmap = <optimized out>
pDstPixmap = 0x226a580
src_region = {extents = {x1 = 32, y1 = 0, x2 = 0, y2 = 0}, data
= 0x48000000e00}
dst_region = {extents = {x1 = 1, y1 = 0, x2 = 0, y2 = 0}, data
= 0x40000002}
__FUNCTION__ = "uxa_copy_n_to_n"
#9 0x00000000005818ed in miCopyRegion
(pSrcDrawable=pSrcDrawable at entry=0x2ae0040,
pDstDrawable=pDstDrawable at entry=0x283e120,
pGC=pGC at entry=0x266c110,
pDstRegion=pDstRegion at entry=0x7fff57864cb0, dx=dx at entry=0, dy=dy at entry=0,
copyProc=copyProc at entry=0x7f3556c84650 <uxa_copy_n_to_n>,
bitPlane=bitPlane at entry=0, closure=closure at entry=0x0) at micopy.c:121
careful = <optimized out>
reverse = <optimized out>
upsidedown = <optimized out>
pbox = 0x2a50350
nbox = 2
pboxNew1 = <optimized out>
pboxNew2 = 0x0
pboxBase = <optimized out>
pboxNext = <optimized out>
pboxTmp = <optimized out>
#10 0x0000000000581eb0 in miDoCopy (pSrcDrawable=0x2ae0040,
pDstDrawable=0x283e120, pGC=0x266c110, xIn=0, yIn=0, widthSrc=3840,
heightSrc=heightSrc at entry=1200, xOut=xOut at entry=0,
yOut=yOut at entry=0, copyProc=copyProc at entry=0x7f3556c84650
<uxa_copy_n_to_n>,
bitPlane=bitPlane at entry=0, closure=closure at entry=0x0) at micopy.c:297
prgnSrcClip = 0x0
freeSrcClip = 0
prgnExposed = 0x0
rgnDst = {extents = {x1 = 0, y1 = 0, x2 = 3840, y2 = 1200},
data = 0x2a50340}
dx = 0
dy = 0
box_x1 = <optimized out>
box_y1 = <optimized out>
box_x2 = <optimized out>
box_y2 = <optimized out>
fastSrc = <optimized out>
fastDst = <optimized out>
fastExpose = <optimized out>
#11 0x00007f3556c839be in uxa_copy_area (pSrcDrawable=<optimized out>,
pDstDrawable=<optimized out>, pGC=<optimized out>,
srcx=<optimized out>, srcy=<optimized out>, width=<optimized out>,
height=1200, dstx=0, dsty=0) at uxa-accel.c:642
dsty = 0
srcx = <optimized out>
pSrcDrawable = <optimized out>
dstx = 0
height = 1200
width = <optimized out>
srcy = <optimized out>
pGC = <optimized out>
pDstDrawable = <optimized out>
#12 0x00000000004361c6 in ProcCopyArea (client=0x2612d30) at dispatch.c:1626
pDst = 0x283e120
pSrc = 0x2ae0040
pGC = 0x266c110
stuff = 0x293c3ac
pRgn = <optimized out>
rc = <optimized out>
#13 0x000000000043a327 in Dispatch () at dispatch.c:432
clientReady = 0x24a9c70
result = <optimized out>
client = 0x2612d30
nready = 0
icheck = 0x822670 <checkForInput>
start_tick = 740
#14 0x00000000004288da in main (argc=12, argv=0x7fff57864f68,
envp=<optimized out>) at main.c:298
i = <optimized out>
alwaysCheckForInput = {0, 1}
More information about the Spice-devel
mailing list