[Bug 100086] xorg server 1.19.2: Crash with PRIME and multiple displays

Fri Nov 15 15:27:26 UTC 2019

https://bugs.freedesktop.org/show_bug.cgi?id=100086

--- Comment #24 from Peter Wu <peter at lekensteyn.nl> ---
The crash can still be reproduced with Intel + modesetting. On Arch Linux with
xf86-video-intel 1:2.99.917+893+gbff5eca4-1 and xorg-server 1.20.5-4 it
resulted in an instant segfault on connecting an external monitor. That instant
occurrence is likely due to the "autobind GPUs to the screen" patch.

With pristine xorg-server 1.20.5 + a glvnd build patch, and xf86-video-intel
2.99.917-893-gbff5eca4 from git, the following ASAN trace is observable after:

    xrandr --setprovideroutputsource modesetting Intel
    xrandr --output HDMI-1-1 --mode 2560x1440  # should not crash

I'll submit the updated patch to the list.

==369074==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6120001ad918 at pc 0x7f33f0a08153 bp 0x7ffd89f50630 sp 0x7ffd89f50620
READ of size 8 at 0x6120001ad918 thread T0
    #0 0x7f33f0a08152 in to_sna_from_pixmap ../../../src/sna/sna.h:521
    #1 0x7f33f0a08152 in sna_pixmap_move_to_gpu
../../../src/sna/sna_accel.c:4222
    #2 0x7f33f0a57f3f in sna_accel_post_damage
../../../src/sna/sna_accel.c:17773
    #3 0x7f33f0a5c561 in sna_accel_block ../../../src/sna/sna_accel.c:18414
    #4 0x7f33f0acce2e in sna_block_handler ../../../src/sna/sna_driver.c:777
    #5 0x55bc9c56e97c in BlockHandler ../xorg-server-1.20.5/dix/dixutils.c:388
    #6 0x55bc9c80ecc0 in WaitForSomething
../xorg-server-1.20.5/os/WaitFor.c:201
    #7 0x55bc9c55edb7 in Dispatch ../xorg-server-1.20.5/dix/dispatch.c:421
    #8 0x55bc9c56cd9c in dix_main ../xorg-server-1.20.5/dix/main.c:276
    #9 0x7f33f4c21152 in __libc_start_main (/usr/lib/libc.so.6+0x27152)
    #10 0x55bc9c4b264d in _start (/tmp/nv/xprefix2/bin/Xorg.bin+0xdd64d)

0x6120001ad918 is located 56 bytes to the right of 288-byte region
[0x6120001ad7c0,0x6120001ad8e0)
allocated by thread T0 here:
    #0 0x7f33f5432aca in __interceptor_malloc
/build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
    #1 0x55bc9c5bedbf in _dixAllocateScreenObjectWithPrivates
../xorg-server-1.20.5/dix/privates.c:709
    #2 0x55bc9c5df890 in CreateRootWindow
../xorg-server-1.20.5/dix/window.c:571
    #3 0x55bc9c56cb12 in dix_main ../xorg-server-1.20.5/dix/main.c:220
    #4 0x7f33f4c21152 in __libc_start_main (/usr/lib/libc.so.6+0x27152)

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-gfx-bugs/attachments/20191115/5ef4a4e7/attachment.html>