Double free corruption on Xorg

Mitch Mitch at HasBox.COM
Sun Sep 10 05:09:36 PDT 2006


Hi i just git pulled on xserver and i'm getting double free corruption on my

% strace -f -s 255 Xorg

shows

...
16751 write(0, "(WW) (2048x1536,CRT2 Monitor) mode clock 388.04MHz 
exceeds DDC maximum 140MHz\n", 78) = 78
16751 write(0, "(II) RADEON(0): Not using default mode \"2048x1536\" 
(hsync out of range)\n", 72) = 72
16751 write(0, "(II) RADEON(0): Not using default mode \"1024x768\" (bad 
mode clock/interlace/doublescan)\n", 88) = 88
16751 write(0, "(II) RADEON(0): Total of 23 CRTC2 modes found for 
MergedFB------------ \n", 72) = 72
16751 open("/dev/tty", O_RDWR|O_NONBLOCK|O_NOCTTY) = 7
16751 writev(7, [{"*** glibc detected *** ", 23}, {"double free or 
corruption (out)", 31}, {": 0x", 4}, {"0820f488", 8}, {" ***\n", 5}], 5) 
= 71
16751 rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
16751 getpid()                          = 16751
16751 kill(16751, SIGABRT)              = 0
16751 --- SIGABRT (Aborted) @ 0 (0) ---
16751 +++ killed by SIGABRT +++

gdb'ing it shows

# DISPLAY=:0 gdb Xorg
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...Using host libthread_db 
library "/lib/libthread_db.so.1".

(gdb) r
Starting program: /usr/X11R6/bin/Xorg
_XSERVTransSocketOpenCOTSServer: Unable to open socket for inet6
_XSERVTransOpen: transport open failed for inet6/home:0
_XSERVTransMakeAllCOTSServerListeners: failed to open listener for inet6

This is a pre-release version of the X server from The X.Org Foundation.
It is not supported in any way.
Bugs may be filed in the bugzilla at http://bugs.freedesktop.org/.
Select the "xorg" product for bugs you find in this release.
Before reporting bugs in pre-release versions please check the
latest version in the X.Org Foundation CVS repository.
See http://wiki.x.org/wiki/CvsPage for CVS access instructions.

X Window System Version 7.1.99.2
Release Date: 21 December 2005
X Protocol Version 11, Revision 0, Release 7.1.99.2
Build Operating System: Linux 2.6.17 i686
Current Operating System: Linux home 2.6.17 #19 PREEMPT Sun Jun 18 
11:53:12 GST 2006 i686
Build Date: 10 September 2006
         Before reporting problems, check http://wiki.x.org
         to make sure that you have the latest version.
Module Loader present
Markers: (--) probed, (**) from config file, (==) default setting,
         (++) from command line, (!!) notice, (II) informational,
         (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Sun Sep 10 15:03:38 2006
(==) Using config file: "/etc/X11/xorg.conf"
[tcsetpgrp failed in terminal_inferior: Operation not permitted]
(WW) RADEON: No matching Device section for instance (BusID PCI:1:0:1) found
(**) RADEON(0): RADEONPreInit

Program received signal SIGABRT, Aborted.
0xb7dad651 in kill () from /lib/libc.so.6
(gdb) where
#0  0xb7dad651 in kill () from /lib/libc.so.6
#1  0xb7dad265 in raise () from /lib/libc.so.6
#2  0xb7dae9e0 in abort () from /lib/libc.so.6
#3  0xb7de146e in __libc_message () from /lib/libc.so.6
#4  0xb7de7206 in malloc_printerr () from /lib/libc.so.6
#5  0xb7de7c7f in free () from /lib/libc.so.6
#6  0x081a8cf1 in Xfree (ptr=0x0) at utils.c:1464
#7  0x080d2757 in xf86DeleteMode (modeList=0xb7e9fff4, mode=0xbff51570) 
at xf86Mode.c:1981
#8  0xb7c8dcac in RADEONPreInitModes (pScrn=0x81f4cc8, pInt10=<value 
optimized out>) at radeon_driver.c:4384
#9  0xb7c9b86f in RADEONPreInit (pScrn=0x81f4cc8, flags=<value optimized 
out>) at radeon_driver.c:5288
#10 0x080a107b in InitOutput (pScreenInfo=0x81e3560, argc=1, 
argv=0xbff51a84) at xf86Init.c:599
#11 0x0806de43 in main (argc=1, argv=0xbff51a84, envp=0x0) at main.c:369
(gdb)


So it looks like the modelist line is being double freed.

My xorg.conf has no modelines, but i *am* using MergedFB on my radeon 
9200SE. Anyone seen this before ?? Maybe there is race condition in the 
dual screen probing as the line 1464 in utils.c should never have gotten 
there as it is protected

     if (ptr)
         free((char *)ptr);

and as you can see in frame #6, ptr is NULL, so we should never have got 
to that line...

Anyone else ?







More information about the xorg mailing list