X11 crashes with seg fault when running QT5 based applications on a Pandaboard with the SGX driver
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-omap4-extras-graphics |
New
|
Undecided
|
Unassigned | ||
pvr-omap4 (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Precise |
Won't Fix
|
Undecided
|
Unassigned | ||
Quantal |
Invalid
|
High
|
Unassigned | ||
xf86-video-omap (Ubuntu) |
Fix Released
|
High
|
Ricardo Salveti | ||
Precise |
Invalid
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
High
|
Ricardo Salveti | ||
xorg-server (Ubuntu) |
Fix Released
|
High
|
Ricardo Salveti | ||
Precise |
Fix Released
|
High
|
Ricardo Salveti | ||
Quantal |
Fix Released
|
High
|
Ricardo Salveti |
Bug Description
[Impact]
Segmentation fault at X11 where the randr code could use the randr screen private data without checking for null first. This happens when the X server is running with multiple screens, some of which are randr enabled and some of which are not. Applications making protocol requests to the non-randr screens can cause segfaults where the server touches the unset private structure.
This happened initially while running Precise on a Pandaboard, as with the driver auto-load, it starts 2 different screens, one backed up by the PVR SGX driver, and the other by fbdev. In this case, the issue can easily be reproduced by running any QT5 based application, as by default it'll try to initialize the internal structures for all screens available at the system.
The bug can also happen on cases where the user is running one screen with the nvidia/ati driver, and the other with fbdev (external usb video device, for example).
[Test Case]
How to reproduce the issue, on a Pandaboard:
1) Install Precise at a Pandaboard;
2) Enable the PVR SGX driver from the "Additional Driver" screen;
1) Enable https:/
2) Install 'snowshoe-mobile' package
3) Run snowshoe: $ PATH=/opt/
Broken Behavior: X11 will exit with a seg fault
Fixed Behavior: The QT5 based application (snowshoe) will open without crashing X11.
[Regression Potential]
Both patches are already applied at upstream, and they are simply just checking the pointers for NULL results, which would already cause a seg fault in case of NULL value, so it's safe to be applied as SRU.
[Original Report]
While testing Qt 5 support on Ubuntu, and validating the support for OpenGL ES2.0 with Pandaboard, I couldn't start Snowshoe (Qt 5 - webkit based browser) as it gives a segmentation fault and also breaks the X11 server (with the pvr driver).
After a quick check with Snowball (Mali 400), it worked properly and as expected, so this could probably be related with the current SGX driver available for Pandaboard.
How to reproduce the issue:
1) Enable https:/
2) Install 'snowshoe-mobile' package
3) Run snowshoe: $ PATH=/opt/
This is with Ubuntu 12.04 with pvr-omap4 1.7.10.
Changed in xorg-server (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Ricardo Salveti (rsalveti) |
description: | updated |
tags: |
added: verification-done removed: verification-needed |
Trace from the core dump (with qt enabled with dbg symbols):
root@ubuntu- desktop: /home/ubuntu/ qt5/snowshoe- 1.0~git+ 20120608# gdb ./snowshoe core 04-0ubuntu2) 7.4-2012.04 gnu.org/ licenses/ gpl.html> gnueabihf" . bugs.launchpad. net/gdb- linaro/>... qt5/snowshoe- 1.0~git+ 20120608/ snowshoe. ..done. linux-gnueabihf /libthread_ db.so.1" . :initializeXFix es (this=0x210bc70) at qxcbconnection. cpp:1045 :initializeXFix es() extension_ reply_t *reply = xcb_get_ extension_ data(m_ connection, &xcb_xfixes_id); query_version_ cookie_ t xfixes_query_cookie = xcb_xfixes_ query_version( m_connection, MAJOR_VERSION, MINOR_VERSION) ; :initializeXFix es (this=0x210bc70) at qxcbconnection. cpp:1045
xfixes_ query_cookie = {sequence = 0}
xfixes_ query = 0xffffffff
__PRETTY_ FUNCTION_ _ = "void QXcbConnection: :initializeXFix es()" :QXcbConnection (this=0x210bc70, nativeInterface =0x210bc08, displayName=0x0) at qxcbconnection. cpp:180
screenNumber = 2 ::QXcbIntegrati on (this=0x21047e8, parameters=...) at qxcbintegration .cpp:101 Plugin: :create (this=0x21005e8, system=..., parameters=...) at main.cpp:66 QPlatformIntegr ation, QPlatformIntegr ationFactoryInt erface, QStringList> (loader=0x2100408, key=..., parameter1=...) QtCore/ 5.0.0/QtCore/ private/ ../../. ./../.. /src/corelib/ plugin/ qfactoryloader_ p.h:118
factoryObject = 0x21005e8 ationFactory: :create (key=..., platformPluginP ath=... ) at kernel/ qplatformintegr ationfactory_ qpa.cpp: 72
GNU gdb (Ubuntu/Linaro 7.4-2012.
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-linux-
For bug reporting instructions, please see:
<http://
Reading symbols from /home/ubuntu/
[New LWP 8591]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-
Core was generated by `./snowshoe'.
Program terminated with signal 11, Segmentation fault.
#0 0xb2453698 in QXcbConnection:
1045 xfixes_first_event = reply->first_event;
(gdb) l
1040
1041 void QXcbConnection:
1042 {
1043 xcb_generic_error_t *error = 0;
1044 const xcb_query_
1045 xfixes_first_event = reply->first_event;
1046
1047 xcb_xfixes_
1048 XCB_XFIXES_
1049 XCB_XFIXES_
(gdb) bt full
#0 0xb2453698 in QXcbConnection:
error = 0x0
reply = 0x0
#1 0xb2451d70 in QXcbConnection:
dpy = 0x210bf38
it = {data = 0x211286c, rem = 0, index = 1632}
#2 0xb24558ac in QXcbIntegration
No locals.
#3 0xb24663be in QXcbIntegration
No locals.
#4 0xb49db386 in qLoadPlugin1<
at ../../include/
result = 0xbecd8650
factory = 0x21005f0
index = 3
#5 0xb49dac0e in QPlatformIntegr
ret = 0xbecd8464
paramList = {<QList<QString>> = {{p = {static shared_null = {ref = {atomic = {_q_value = -1}}, alloc = 0, begin = 0, end = 0, array = {0x0}},
d = 0x21003b0}, d = 0x...