Ubuntu
xorg-server package

  1. Bug #670016
  2. Comment #12

Comment 12 for bug 670016

Revision history for this message
Chase Douglas (chasedouglas) wrote : Re: Xorg crashes when performing gesture

The backtrace from the core dump shows:

#0 0xb75bcb69 in ?? () from /lib/libc.so.6
#1 0xb75be682 in calloc () from /lib/libc.so.6
#2 0x080abb2c in AllocateOutputBuffer (who=0x978ae48, count=32, __buf=0xbfda255c) at ../../os/io.c:1044
#3 WriteToClient (who=0x978ae48, count=32, __buf=0xbfda255c) at ../../os/io.c:758
#4 0x0806515f in WriteEventsToClient (pClient=0x978ae48, count=1, events=0xbfda255c) at ../../dix/events.c:5705
#5 0x08067b72 in TryClientEvents (client=0x978ae48, dev=0xbfda21e8, pEvents=0xbfda255c, count=1, mask=4325376, filter=131072, grab=0x0)
    at ../../dix/events.c:1953
#6 0x0806ab60 in DeliverEventsToWindow (pDev=0xbfda21e8, pWin=0x98cae40, pEvents=0xbfda255c, count=1, filter=131072, grab=0x0) at ../../dix/events.c:2053
#7 0x0806b728 in DeliverEvents (pWin=0x98cae40, xE=0xbfda255c, count=1, otherParent=0x0) at ../../dix/events.c:2530
#8 0x080987ab in DeleteWindow (value=0x98cae40, wid=88080385) at ../../dix/window.c:943
#9 0x080711ad in FreeClientResources (client=0x9c07a60) at ../../dix/resource.c:859
#10 0x08072bc9 in CloseDownClient (client=0x9c07a60) at ../../dix/dispatch.c:3490
#11 0x08077b65 in Dispatch () at ../../dix/dispatch.c:442
#12 0x080625ba in main (argc=4, argv=0xbfda2794, envp=0xbfda27a8) at ../../dix/main.c:291

The odd thing here is that it segfaulted from AllocateOutputBuffer. The function takes no arguments (it's inlined, so it has args in the backtrace, but it doesn't really) and returns a pointer to freshly allocated data. I also added debugging symbols for calloc from libc6-dbg=2.12.1-0ubuntu10 and everything looks sane in terms of the stack. I think it's unlikely this is a stack corruption based on this data. However, it's even more unlikely, imo, that this is a bug in eglibc. Unfortunately, it's hard to tell what is going on through remote debugging.

Gustavo, can you try to reproduce again and see if the backtrace is the same? If so, it would point the finger towards eglibc. If not, then there really may be some weird stack corruption going on. Maybe something odd is occurring due to input handling in a signal handler?