[Bug 716220] New: Tumbleweed: Xorg crash (reproducable) xorg-x11-server-7.6_1.9.3-15.24.2.x86_64
https://bugzilla.novell.com/show_bug.cgi?id=716220 https://bugzilla.novell.com/show_bug.cgi?id=716220#c0 Summary: Tumbleweed: Xorg crash (reproducable) xorg-x11-server-7.6_1.9.3-15.24.2.x86_64 Classification: openSUSE Product: openSUSE 11.4 Version: Factory Platform: x86-64 OS/Version: openSUSE 11.4 Status: NEW Severity: Normal Priority: P5 - None Component: X.Org AssignedTo: bnc-team-xorg-bugs@forge.provo.novell.com ReportedBy: haveaniceday@cv-sv.de QAContact: xorg-maintainer-bugs@forge.provo.novell.com Found By: --- Blocker: --- Created an attachment (id=449453) --> (http://bugzilla.novell.com/attachment.cgi?id=449453) Script to do the crash. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20110815 Firefox/6.0 SeaMonkey/2.3 I can crash my X-server with a reproducable scenario. I have prepared a script. A core dump is also available (on request, gdb-gcore-created, bzip: ~6 MB. Reproducible: Always Steps to Reproduce: (from head of the script) # To reproduce the error: # - dual head/display configuration ( 1920x1200 ) # - configured as one display only # - configure with xrandr as dual screen # xrandr --fb 3840x1200 --output DVI-0 --output VGA-0 --mode 1920x1200 --pos 1920x0 # => Run this script ( uses display to view some images) # on the left screen: use right click on images to choose "next" # Result: some images with overwrite the other screen # X might crash # ( remote ssh to system might still be possible to recover) # - Sometimes it doesn't crash. E.g. second log in after a crash. # - A try on a 1680x1050 dual head configuration gave no crash. Actual Results: X-server crashes. No keyboard action is possible (except Sysrq). Remote login (ssh) is possible. Program received signal SIGABRT, Aborted. 0x00007f4625fc3ab5 in raise (sig=6) at ./nptl/sysdeps/unix/sysv/linux/raise.c:64 64 ../nptl/sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden. in ../nptl/sysdeps/unix/sysv/linux/raise.c (gdb) bt #0 0x00007f4625fc3ab5 in raise (sig=6) at ./nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00007f4625fc4fb6 in abort () at abort.c:92 #2 0x00007f4625ffedd3 in __libc_message (do_abort=2, fmt=0x7f46260bf9b0 "*** glibc detected *** %s: %s: 0x%s ***\n") at ./sysdeps/unix/sysv/linux/libc_fatal.c:186 #3 0x00007f46260043b6 in malloc_printerr (action=3, str=0x7f46260bcc9a "realloc(): invalid next size", ptr=<value optimized out>) at malloc.c:6261 #4 0x00007f4626007ccc in _int_realloc (av=0x7f46262f9e80, oldp=0x1fc5d80, oldsize=2512, nb=2512) at malloc.c:5216 #5 0x00007f4626009452 in __libc_realloc (oldmem=0x1fc5d90, bytes=2496) at malloc.c:3816 #6 0x000000000044569a in AllocColor (pmap=0x83fdc0, pred=<value optimized out>, pgreen=<value optimized out>, pblue=<value optimized out>, pPix=0x7fff8646e230, client=41) at colormap.c:878 #7 0x0000000000450088 in ProcAllocColor (client=0xf3efb0) at dispatch.c:2545 #8 0x0000000000452561 in Dispatch () at dispatch.c:432 #9 0x0000000000425ace in main (argc=8, argv=<value optimized out>, envp=<value optimized out>) at main.c:2 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=716220 https://bugzilla.novell.com/show_bug.cgi?id=716220#c Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED AssignedTo|bnc-team-xorg-bugs@forge.pr |sndirsch@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=716220 https://bugzilla.novell.com/show_bug.cgi?id=716220#c1 --- Comment #1 from Christian Volkmann <haveaniceday@cv-sv.de> 2011-09-07 18:59:05 UTC --- Created an attachment (id=449654) --> (http://bugzilla.novell.com/attachment.cgi?id=449654) valgrind of the error situation I did some valgrind on the bug. (see attachment). It looks like the (frame?)buffer allocated at exa_migration_mixed.c 205 is too small. I guess the size 9216000 comes from 1920*1200* 4(byte for color) and is not increased from the command "xrandr --fb 3840x1200 --output DVI-0 --output VGA-0 --mode 1920x1200 --pos 1920x0" ==19465== Invalid write of size 8 ==19465== at 0x4C27EDB: memcpy (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==19465== by 0x8CC7474: ??? (in /usr/lib64/xorg/modules/drivers/radeon_drv.so) ==19465== by 0x9B44306: exaCopyDirty (exa_migration_classic.c:220) ==19465== by 0x9B46F69: exaPrepareAccessReg_mixed (exa_migration_mixed.c:263) ==19465== by 0x9B4FB52: ExaFallbackPrepareReg (exa_unaccel.c:192) ==19465== by 0x9B50BC2: ExaCheckCopyPlane (exa_unaccel.c:232) ==19465== by 0x4E67E1: damageCopyPlane (damage.c:991) ==19465== by 0x428482: ProcCopyPlane (dispatch.c:1704) ==19465== by 0x42C410: Dispatch (dispatch.c:432) ==19465== by 0x425ACD: main (main.c:291) ==19465== Address 0x17a58040 is 0 bytes after a block of size 9,216,000 alloc'd ==19465== at 0x4C2683D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==19465== by 0x9B46FA3: exaPrepareAccessReg_mixed (exa_migration_mixed.c:205) ==19465== by 0x9B4FB52: ExaFallbackPrepareReg (exa_unaccel.c:192) ==19465== by 0x9B50BC2: ExaCheckCopyPlane (exa_unaccel.c:232) ==19465== by 0x4E67E1: damageCopyPlane (damage.c:991) ==19465== by 0x428482: ProcCopyPlane (dispatch.c:1704) ==19465== by 0x42C410: Dispatch (dispatch.c:432) ==19465== by 0x425ACD: main (main.c:291) ==19465== --19465-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting --19465-- si_code=80; Faulting address: 0x0; sp: 0x4031c0df0 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=716220 https://bugzilla.novell.com/show_bug.cgi?id=716220#c2 --- Comment #2 from Christian Volkmann <haveaniceday@cv-sv.de> 2011-09-07 19:40:08 UTC --- I have doubled the allocated memory at exa_migration_mixed.c line 205 for a test. The crash is gone. There are now copy of the images (shown by display) on the other screen. => The problems are more complex than missing increased buffers. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=716220 https://bugzilla.novell.com/show_bug.cgi?id=716220#c3 Christian Volkmann <haveaniceday@cv-sv.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |WORKSFORME --- Comment #3 from Christian Volkmann <haveaniceday@cv-sv.de> 2011-09-12 19:34:17 UTC --- xorg-x11-server-7.6_1.10.4-166.2.x86_64 solves the problem. <http://download.opensuse.org/repositories/X11:/XOrg/openSUSE_11.4> So this bug is already resolved. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=716220 https://bugzilla.novell.com/show_bug.cgi?id=716220#c4 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|WORKSFORME |FIXED --- Comment #4 from Stefan Dirsch <sndirsch@suse.com> 2011-09-13 01:42:32 UTC --- Thanks. Fixed with openSUSE 12.1. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com