[Qemu-devel] VNC crash (double-free, maybe)

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] VNC crash (double-free, maybe)

From:	Andrew Lutomirski
Subject:	[Qemu-devel] VNC crash (double-free, maybe)
Date:	Fri, 23 Apr 2010 16:40:40 -0400

Hi all-

Running Windows 7 in KVM with -vga std, I often get VNC-related
crashes.  This is easiest to trigger by changing the screen
resolution, but I sometimes get it disconnecting VNC as well.

(This is qemu-kvm.  I can't get plain old qemu to work.)

This occurs in all the Fedora builds I've tried as well as in Avi's
qemu-kvm git from today.

Here's a crash from git:

Here's the crash from upstream qemu-kvm:

*** glibc detected ***
/home/luto/apps/qemu-kvm/x86_64-softmmu/qemu-system-x86_64: double
free or corruption (!pre
v): 0x00000000019d8570 ***


backtrace:

#3  0x00007ffff722fa56 in malloc_printerr () from /lib64/libc.so.6
#4  0x00000000004a3c7d in vnc_dpy_resize (ds=0x1939ed0) at vnc.c:525
#5  0x0000000000582437 in dpy_resize (opaque=0x1929318) at
/home/luto/apps/qemu-kvm/console.h:224
#6  vga_draw_graphic (opaque=0x1929318) at
/home/luto/apps/qemu-kvm/hw/vga.c:1725
#7  vga_update_display (opaque=0x1929318) at
/home/luto/apps/qemu-kvm/hw/vga.c:1937
#8  0x00000000004a5ed4 in vnc_refresh (opaque=0x197a410) at vnc.c:2362
#9  0x00000000004a882e in qemu_run_timers (clock=<value optimized
out>) at qemu-timer.c:579
#10 0x00000000004a88a8 in qemu_run_all_timers () at qemu-timer.c:711
#11 0x0000000000418739 in main_loop_wait (nonblocking=<value optimized out>)
    at /home/luto/apps/qemu-kvm/vl.c:2027
#12 0x000000000042a757 in kvm_main_loop () at
/home/luto/apps/qemu-kvm/qemu-kvm.c:2033
#13 0x000000000041c659 in main_loop (argc=<value optimized out>,
argv=<value optimized out>,
    envp=<value optimized out>) at /home/luto/apps/qemu-kvm/vl.c:2055
#14 main (argc=<value optimized out>, argv=<value optimized out>,
envp=<value optimized out>)
    at /home/luto/apps/qemu-kvm/vl.c:4010

The crash was at qemu_free(vd->server->data) in vnc_dpy_resize.

I can't get a valgrind trace because valgrind crashes when I log into
my Windows account, which is too early for me to trigger the VNC
crash.

This is also in Red Hat bugzilla at:
https://bugzilla.redhat.com/show_bug.cgi?id=583850

I'm not subscribed, so please email me directly, and I'll be happy to
test patches or try debugging things.

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] VNC crash (double-free, maybe), Andrew Lutomirski <=

Prev by Date: [Qemu-devel] Re: [PATCH v3 11/12] monitor/net: Convert do_info_network() to QObject/QMP
Next by Date: Re: [Qemu-devel] [PATCH 2/2] VirtIO RNG
Previous by thread: [Qemu-devel] Re: [PATCH] target-sparc: Fix address masking in ldqf and stqf.
Next by thread: [Qemu-devel] [PATCH 1/2] qemu-img: Add 'resize' command to grow/shrink disk images
Index(es):
- Date
- Thread