Bug 26836

Summary: Memory read error in KMS VT switching
Product: xorg Reporter: Pauli <suokkos>
Component: Driver/RadeonAssignee: xf86-video-ati maintainers <xorg-driver-ati>
Status: RESOLVED INVALID QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: medium    
Version: git   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description Pauli 2010-03-02 06:16:08 UTC 
==25379== Invalid read of size 1
==25379==    at 0x4024CF2: strncpy (mc_replace_strmem.c:329)
==25379==    by 0x516F589: drmmode_set_mode_major (string3.h:122)
==25379==    by 0x5171561: drmmode_set_desired_modes (drmmode_display.c:1274)
==25379==    by 0x516CF47: RADEONEnterVT_KMS (radeon_kms.c:852)
==25379==    by 0x80D93C0: xf86XVEnterVT (xf86xv.c:1228)
==25379==    by 0x80CC653: CMapEnterVT (xf86cmap.c:455)
==25379==    by 0x4C417F3: glxDRIEnterVT (glxdri2.c:520)
==25379==    by 0x80C1BC4: xf86Wakeup (xf86Events.c:634)
==25379==    by 0x8091671: WakeupHandler (dixutils.c:418)
==25379==    by 0x81317F9: WaitForSomething (WaitFor.c:231)
==25379==    by 0x808CEE7: Dispatch (dispatch.c:386)
==25379==    by 0x8072514: main (main.c:397)
==25379==  Address 0x4cd71c8 is not stack'd, malloc'd or (recently) free'd
==25379==
^C ddxSigGiveUp: Closing log


I had a fast look to code. mode->name looks like pointing to incorrect memory address. Is the EnterVT called long time after X has freed the mode objecs?

Valgrind should note that there used to be something in this address even if there was quite a lot frees and mallocs in between. (this time I sued the default that is 10M)
Comment 1 Pauli 2010-03-02 06:28:37 UTC 
Ok. It was real VT switches that caused the read error. And i could capture the free trace too now.

==26198== Invalid read of size 1
==26198==    at 0x4024CF2: strncpy (mc_replace_strmem.c:329)
==26198==    by 0x516F589: drmmode_set_mode_major (string3.h:122)
==26198==    by 0x5171561: drmmode_set_desired_modes (drmmode_display.c:1274)
==26198==    by 0x516CF47: RADEONEnterVT_KMS (radeon_kms.c:852)
==26198==    by 0x80D93C0: xf86XVEnterVT (xf86xv.c:1228)
==26198==    by 0x80CC653: CMapEnterVT (xf86cmap.c:455)
==26198==    by 0x4C417F3: glxDRIEnterVT (glxdri2.c:520)
==26198==    by 0x80C1BC4: xf86Wakeup (xf86Events.c:634)
==26198==    by 0x8091671: WakeupHandler (dixutils.c:418)
==26198==    by 0x81317F9: WaitForSomething (WaitFor.c:231)
==26198==    by 0x808CEE7: Dispatch (dispatch.c:386)
==26198==    by 0x8072514: main (main.c:397)
==26198==  Address 0x4cd71c8 is 0 bytes inside a block of size 9 free'd
==26198==    at 0x4023836: free (vg_replace_malloc.c:325)
==26198==    by 0x8137A70: Xfree (utils.c:1165)
==26198==    by 0x80D28F7: xf86DeleteMode (xf86Mode.c:1795)
==26198==    by 0x80EF6F3: xf86ProbeOutputModes (xf86Crtc.c:1526)
==26198==    by 0x80F759F: xf86RandR12GetInfo12 (xf86RandR12.c:1482)
==26198==    by 0x8164A10: RRGetInfo (rrinfo.c:204)
==26198==    by 0x81695A3: rrGetScreenResources (rrscreen.c:343)
==26198==    by 0x8160D24: ProcRRDispatch (randr.c:483)
==26198==    by 0x808D1AE: Dispatch (dispatch.c:456)
==26198==    by 0x8072514: main (main.c:397)
==26198==
==26198== Invalid read of size 1
==26198==    at 0x4024D08: strncpy (mc_replace_strmem.c:329)
==26198==    by 0x516F589: drmmode_set_mode_major (string3.h:122)
==26198==    by 0x5171561: drmmode_set_desired_modes (drmmode_display.c:1274)
==26198==    by 0x516CF47: RADEONEnterVT_KMS (radeon_kms.c:852)
==26198==    by 0x80D93C0: xf86XVEnterVT (xf86xv.c:1228)
==26198==    by 0x80CC653: CMapEnterVT (xf86cmap.c:455)
==26198==    by 0x4C417F3: glxDRIEnterVT (glxdri2.c:520)
==26198==    by 0x80C1BC4: xf86Wakeup (xf86Events.c:634)
==26198==    by 0x8091671: WakeupHandler (dixutils.c:418)
==26198==    by 0x81317F9: WaitForSomething (WaitFor.c:231)
==26198==    by 0x808CEE7: Dispatch (dispatch.c:386)
==26198==    by 0x8072514: main (main.c:397)
==26198==  Address 0x4cd71c9 is 1 bytes inside a block of size 9 free'd
==26198==    at 0x4023836: free (vg_replace_malloc.c:325)
==26198==    by 0x8137A70: Xfree (utils.c:1165)
==26198==    by 0x80D28F7: xf86DeleteMode (xf86Mode.c:1795)
==26198==    by 0x80EF6F3: xf86ProbeOutputModes (xf86Crtc.c:1526)
==26198==    by 0x80F759F: xf86RandR12GetInfo12 (xf86RandR12.c:1482)
==26198==    by 0x8164A10: RRGetInfo (rrinfo.c:204)
==26198==    by 0x81695A3: rrGetScreenResources (rrscreen.c:343)
==26198==    by 0x8160D24: ProcRRDispatch (randr.c:483)
==26198==    by 0x808D1AE: Dispatch (dispatch.c:456)
==26198==    by 0x8072514: main (main.c:397)
Comment 2 Adam Jackson 2018-06-12 19:09:43 UTC 
Mass closure: This bug has been untouched for more than six years, and is not
obviously still valid. Please reopen this bug or file a new report if you continue to experience issues with current releases.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.