Summary: | SegFault in miDCSaveUnderCursor | ||||||
---|---|---|---|---|---|---|---|
Product: | xorg | Reporter: | Lee Leahu <6khRTwRnE3AB> | ||||
Component: | Server/General | Assignee: | Xorg Project Team <xorg-team> | ||||
Status: | RESOLVED MOVED | QA Contact: | Xorg Project Team <xorg-team> | ||||
Severity: | normal | ||||||
Priority: | medium | CC: | hramrach | ||||
Version: | git | ||||||
Hardware: | x86-64 (AMD64) | ||||||
OS: | Linux (All) | ||||||
Whiteboard: | |||||||
i915 platform: | i915 features: | ||||||
Attachments: |
|
Description
Lee Leahu
2010-05-02 14:27:59 UTC
> There’s another bug (#24181) that appears to be the same (or very very close) > to this. https://bugs.freedesktop.org/show_bug.cgi?id=24181 > Git Tag 1.8.0.901 contains a patch (and it’s revert) about not thrashing > resources when displaying the software cursor across screens. It’s not clear > if that patch is intended to resolve this problem, but it needs to be tested if > Git Tag 1.8.0.901 resolves this problem. If that doesn’t, then it needs to be > tested if Git Master resolves this problem. Any help would be appreciated. The Patch: http://cgit.freedesktop.org/xorg/xserver/commit/?h=server-1.8-branch&id=049a36cd402da9219e60221f5671f94a8f8f687f The Revert: http://cgit.freedesktop.org/xorg/xserver/commit/?h=server-1.8-branch&id=feb39870e0d2c5917c8da1951c721f6f72cb4d39 I've confirmed that Git Tag 1.8.0.901 does not resolve this problem. I've not tried un-reverting the revert commit however.
>
> > Git Tag 1.8.0.901 contains a patch (and it’s revert) about not thrashing
> > resources when displaying the software cursor across screens. It’s not clear
> > if that patch is intended to resolve this problem, but it needs to be tested if
> > Git Tag 1.8.0.901 resolves this problem. If that doesn’t, then it needs to be
> > tested if Git Master resolves this problem. Any help would be appreciated.
>
> The Patch:
>
> http://cgit.freedesktop.org/xorg/xserver/commit/?h=server-1.8-branch&id=049a36cd402da9219e60221f5671f94a8f8f687f
>
>
> The Revert:
>
> http://cgit.freedesktop.org/xorg/xserver/commit/?h=server-1.8-branch&id=feb39870e0d2c5917c8da1951c721f6f72cb4d39
From the git sources, It appears that the patch in question had been revised and applied to the master branch (518f3b189b6c8aa28b62837d14309fd06163ccbb). However, even after applying that patch to the 1.8.0.901, X still segfaults. Please help, this bug makes using X.org remotely difficult. -- Current Observations -- The function miDCSaveUnderCursor is never called until the crash. This seems to be the first time it's called. -- Occurrences of miDCSpriteKey -- static defs: ./mi/midispcur.c:63:static int miDCSpriteKeyIndex; ./mi/midispcur.c:64:static DevPrivateKey miDCSpriteKey = &miDCSpriteKeyIndex; macro MIDCBUFFER: ./mi/midispcur.c:80: (miDCBufferPtr)dixLookupPrivate(&dev->devPrivates, miDCSpriteKey) : \ ./mi/midispcur.c:81: (miDCBufferPtr)dixLookupPrivate(&dev->u.master->devPrivates, miDCSpriteKey)) from function miDCDeviceInitialize: ./mi/midispcur.c:883: dixSetPrivate(&pDev->devPrivates, miDCSpriteKey, pBuffer); from function miDCDeviceCleanup: ./mi/midispcur.c:925: dixSetPrivate(&pDev->devPrivates, miDCSpriteKey, NULL); -- Questions -- what calls miDCDeviceInitialize? -- Occurrences of miDCDeviceInitialize -- function prototype: ./mi/midispcur.c:123:static Bool miDCDeviceInitialize(DeviceIntPtr pDev, ScreenPtr pScreen); static defs: ./mi/midispcur.c:134: miDCDeviceInitialize, function itself: ./mi/midispcur.c:878:miDCDeviceInitialize(DeviceIntPtr pDev, ScreenPtr pScreen) -- Questions -- What calls how about miDCFuncs? -- Occurrences of miDCFuncs -- static defs: ./mi/midispcur.c:126:static miSpriteCursorFuncRec miDCFuncs = { from function miDCInitialize: ./mi/midispcur.c:153: if (!miSpriteInitialize (pScreen, &miDCFuncs, screenFuncs)) -- Questions -- What calls how about miDCInitialize? -- Occurrences of miDCInitialize -- function itself: ./mi/midispcur.c:139:miDCInitialize (ScreenPtr pScreen, miPointerScreenFuncPtr screenFuncs) function prototype: ./mi/mipointer.h:94:extern _X_EXPORT Bool miDCInitialize( from KdScreenInit: ./hw/kdrive/src/kdrive.c:1050: miDCInitialize(pScreen, &kdPointerScreenFuncs); others calls to the function: ./hw/vfb/InitOutput.c:928: miDCInitialize(pScreen, &vfbPointerCursorFuncs); ./hw/xnest/Screen.c:312: miDCInitialize(pScreen, &xnestPointerCursorFuncs); /* init SW rendering */ ./hw/dmx/dmxscrinit.c:295: miDCInitialize(pScreen, &dmxPointerCursorFuncs); ./hw/xwin/winscrinit.c:422: miDCInitialize (pScreen, &g_winPointerCursorFuncs); ./hw/xwin/winscrinit.c:753: if (!miDCInitialize (pScreen, &g_winPointerCursorFuncs)) ./hw/xquartz/xpr/xprCursor.c:360: if (!miDCInitialize(pScreen, &quartzScreenFuncsRec)) -- Contents of pBuffer and pDev->devPrivates[*miDCSpriteKey] in miDCSaveUnderCursor -- (gdb) Continuing. Breakpoint 1, miDCSaveUnderCursor (pDev=0x228a3a0, pScreen=0x1ef8f00, x=203, y=813, w=26, h=32) at midispcur.c:532 532 pScreenPriv = (miDCScreenPtr)dixLookupPrivate(&pScreen->devPrivates, (gdb) print pDev $1 = (DeviceIntPtr) 0x228a3a0 (gdb) print pBuffer $2 = (miDCBufferPtr) 0x100000000a (gdb) print pDev->devPrivates $3 = (PrivateRec *) 0x228a810 (gdb) print pDev->devPrivates[*miDCSpriteKey] $4 = {state = 0, value = 0x0} (gdb) n 534 pBuffer = MIDCBUFFER(pDev); (gdb) print pDev->devPrivates[*miDCSpriteKey] $5 = {state = 0, value = 0x0} (gdb) n 536 pSave = pBuffer->pSave; (gdb) print pDev->devPrivates[*miDCSpriteKey] $6 = {state = 0, value = 0x0} (gdb) n Program received signal SIGSEGV, Segmentation fault. 0x00000000005e078f in miDCSaveUnderCursor (pDev=0x228a3a0, pScreen=0x1ef8f00, x=203, y=813, w=26, h=32) at midispcur.c:536 536 pSave = pBuffer->pSave; (gdb) print pDev->devPrivates[*miDCSpriteKey] $7 = {state = 0, value = 0x0} (gdb) print pBuffer $8 = (miDCBufferPtr) 0x0 -- Possible Theory of this Bug -- From the above list of calls to miDCInitialize, only certain parts of X call miDCInitialize to initialize the SW rendering engine. However, something with Xinerama triggers a call to miDCSaveUnderCursor. Since miDCInitialize had not yet been called, the miDCSprintKey private had not been setup yet. So when miDCSaveUnderCursor calls dixLookupPrivate, it sees that the private doesn't exist and then creates it, returning back a new private with a NULL value. It then tries to call the pSave method on that private resulting in the segfault we have. I've just posted bug 29212 which looks to be a very similar segfault but in miDCRestoreUnderCursor and occured for use while using Xvfb. I have same crashes after connect bluetooth keyboard With bluetooth mouse everything ok, crash only when i connect keyboard. After connecting, the keyboard works and i can use it. Failure occurs in the interval between 30 seconds and 5 minutes after connecting. It does not depend on whether I'm typing on a keyboard or not. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: xserver-xorg 1:7.6+7ubuntu7.1 ProcVersionSignature: Ubuntu 3.0.0-15.26-generic 3.0.13 Uname: Linux 3.0.0-15-generic i686 NonfreeKernelModules: nvidia ApportVersion: 1.23-0ubuntu4 Architecture: i386 Date: Sun Feb 12 16:08:39 2012 InstallationMedia: Ubuntu 11.10 "Oneiric" - Build i386 LIVE Binary 20120208-10:12 ProcEnviron: PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: xorg UpgradeStatus: No upgrade log present (probably fresh install) Created attachment 57140 [details]
dgb log
-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/xserver/issues/396. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.