Skip to content

crash when taking a screenshot with EGL enabled

Submitted by Jonathon Jongsma @jjongsma

Assigned to Spice Bug List

Link to original bug (#101823)

Description

I was connected to a virgl guest and tried to take a screenshot. The client crashed with the following backtrace.

Thread 1 "virt-viewer" received signal SIGSEGV, Segmentation fault. 0x00007fffaaf3936c in intel_miptree_attach_map (mode=1, h=768, w=1024, y=114, x=0, slice=0, level=0, mt=0x0) at intel_mipmap_tree.c:3010 3010 mt->level[level].slice[slice].map = map;

(gdb) bt
#0  0x00007fffaaf3936c in intel_miptree_attach_map (mode=1, h=768, w=1024, y=114, x=0, slice=0, level=0, mt=0x0)
    at intel_mipmap_tree.c:3010
#1  0x00007fffaaf3936c in intel_miptree_map (brw=brw@entry=0xe57420, mt=0x0, level=0, slice=0, x=x@entry=0, y=y@entry=114, w=1024, h=768, mode=1, out_ptr=0x7fffffffccd8, out_stride=0x7fffffffcce0) at intel_mipmap_tree.c:3107
#2  0x00007fffaaf3528f in intel_map_renderbuffer (ctx=0xe57420, rb=0xd13d90, x=0, y=114, w=<optimized out>, h=<optimized out>, mode=1, out_map=0x7fffffffcdb8, out_stride=0x7fffffffcdb0) at intel_fbo.c:169
#3  0x00007fffaac26efa in read_rgba_pixels (packing=0x7fffffffcf00, pixels=<optimized out>, type=5121, format=6408, height=768, width=1024, y=0, x=0, ctx=0xe57420) at main/readpix.c:457
#4  0x00007fffaac26efa in _mesa_readpixels (ctx=ctx@entry=0xe57420, x=x@entry=0, y=y@entry=0, width=width@entry=1024, height=height@entry=768, format=format@entry=6408, type=5121, packing=0x7fffffffcf00, pixels=<optimized out>)
    at main/readpix.c:889
#5  0x00007fffaaf3c628 in intelReadPixels (ctx=0xe57420, x=0, y=0, width=1024, height=768, format=6408, type=5121, pack=0x7fffffffcf00, pixels=0x19f4e90) at intel_pixel_read.c:264
#6  0x00007fffaac283df in _mesa_ReadnPixelsARB (x=<optimized out>, y=<optimized out>, width=<optimized out>, height=<optimized out>, format=6408, type=5121, bufSize=2147483647, pixels=0x19f4e90) at main/readpix.c:1116
#7  0x00007fffaac28562 in _mesa_ReadPixels (x=<optimized out>, y=<optimized out>, width=<optimized out>, height=<optimized out>, format=<optimized out>, type=<optimized out>, pixels=0x19f4e90) at main/readpix.c:1124
#8  0x00007ffff6871bb7 in spice_display_get_pixbuf (display=<optimized out>) at spice-widget.c:3146
#9  0x000000000042c3b6 in virt_viewer_display_spice_get_pixbuf (display=0x989320 [VirtViewerDisplaySpice])
    at ../../src/virt-viewer-display-spice.c:158
#10 0x000000000041fe0e in virt_viewer_display_get_pixbuf (display=0x989320 [VirtViewerDisplaySpice])
    at ../../src/virt-viewer-display.c:526
#11 0x00000000004235b5 in virt_viewer_window_save_screenshot (self=0x7fffc8003670 [VirtViewerWindow], file=0x14b3da0 "/home/jjongsma/Pictures/Screenshot") at ../../src/virt-viewer-window.c:946
#12 0x00000000004238e9 in virt_viewer_window_menu_file_screenshot (menu=0x6b7710 [GtkMenuItem], self=0x7fffc8003670 [VirtViewerWindow]) at ../../src/virt-viewer-window.c:999
#16 0x00007ffff3e8943f in <emit signal ??? on instance 0x6b7710 [GtkMenuItem]> (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3447
    #13 0x00007ffff3e6e3e5 in g_closure_invoke (closure=0x73be80, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7fffffffd2a0, invocation_hint=invocation_hint@entry=0x7fffffffd220)
    at gclosure.c:804
    #14 0x00007ffff3e80432 in signal_emit_unlocked_R (node=node@entry=0x6fe2f0, detail=detail@entry=0, instance=instance@entry=0x6b7710, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7fffffffd2a0) at gsignal.c:3635
    #15 0x00007ffff3e8905f in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7fffffffd460) at gsignal.c:3391
#17 0x00007ffff62da78e in gtk_widget_activate () at /lib64/libgtk-3.so.0
#18 0x00007ffff61a7e16 in gtk_menu_shell_activate_item () at /lib64/libgtk-3.so.0
#19 0x00007ffff61a814b in gtk_menu_shell_button_release () at /lib64/libgtk-3.so.0
#20 0x00007ffff618b081 in _gtk_marshal_BOOLEAN__BOXEDv () at /lib64/libgtk-3.so.0
#21 0x00007ffff3e6e614 in _g_closure_invoke_va (closure=closure@entry=0x6d0be0, return_value=return_value@entry=0x7fffffffd7c0, instance=instance@entry=0x8f0590, args=args@entry=0x7fffffffd890, n_params=<optimized out>, param_types=0x6f3dc0) at gclosure.c:867
#22 0x00007ffff3e888b3 in g_signal_emit_valist (instance=0x8f0590, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7fffffffd890) at gsignal.c:3300
#23 0x00007ffff3e8943f in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>)
    at gsignal.c:3447
#24 0x00007ffff62d829c in gtk_widget_event_internal () at /lib64/libgtk-3.so.0
#25 0x00007ffff618805e in propagate_event () at /lib64/libgtk-3.so.0
#26 0x00007ffff618a0ce in gtk_main_do_event () at /lib64/libgtk-3.so.0
#27 0x00007ffff5c9f605 in _gdk_event_emit () at /lib64/libgdk-3.so.0
#28 0x00007ffff5cfb262 in gdk_event_source_dispatch () at /lib64/libgdk-3.so.0
#29 0x00007ffff3b95e52 in g_main_dispatch (context=0x698c60) at gmain.c:3203
#30 0x00007ffff3b95e52 in g_main_context_dispatch (context=context@entry=0x698c60) at gmain.c:3856
#31 0x00007ffff3b961d0 in g_main_context_iterate (context=context@entry=0x698c60, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3929
#32 0x00007ffff3b9627c in g_main_context_iteration (context=context@entry=0x698c60, may_block=may_block@entry=1)
    at gmain.c:3990
#33 0x00007ffff414eb9d in g_application_run (application=0x694330 [VirtViewer], argc=4, argv=0x7fffffffdd28)
    at gapplication.c:2381
#34 0x0000000000414371 in main (argc=4, argv=0x7fffffffdd28) at ../../src/virt-viewer-main.c:41