Bug 356151 - i810switch crashes 100% of the time on x86_64 Thinkpad x60
i810switch crashes 100% of the time on x86_64 Thinkpad x60
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: i810switch (Show other bugs)
7
All Linux
medium Severity high
: ---
: ---
Assigned To: Matt Domsch
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-28 22:59 EDT by Bryan O'Sullivan
Modified: 2008-01-27 02:21 EST (History)
1 user (show)

See Also:
Fixed In Version: 0.6.5-7.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-27 02:21:07 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
strace -f -s 1024 -o strace.out i810switch probe (240.65 KB, text/plain)
2007-10-29 13:41 EDT, Bryan O'Sullivan
no flags Details
test.c (482 bytes, text/plain)
2007-11-02 10:15 EDT, Matt Domsch
no flags Details
Bugfix (875 bytes, patch)
2007-11-02 12:25 EDT, Bryan O'Sullivan
no flags Details | Diff

  None (edit)
Description Bryan O'Sullivan 2007-10-28 22:59:54 EDT
Description of problem:

Every invocation of i810switch results in a segfault.

$ i810switch probe
Segmentation fault
$ i810switch lcd on
Segmentation fault
$ i810switch crt on
Segmentation fault

Version-Release number of selected component (if applicable):

i810switch-0.6.5-6.fc7.x86_64

How reproducible:

100%

Additional info:

$ uname -r
2.6.22.9-91.fc7
$ gdb i810switch
GNU gdb Red Hat Linux (6.6-16.fc7rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...
Using host libthread_db library "/lib64/libthread_db.so.1".
(gdb) run probe
[Detaching after fork from child process 9853. (Try `set detach-on-fork off'.)]
[Detaching after fork from child process 9854.]

Program received signal SIGSEGV, Segmentation fault.
0x00000030f566fd50 in _int_free (av=0x30f594c960, mem=0x603010)
    at malloc.c:4659
4659            unlink(nextchunk, bck, fwd);
Comment 1 Matt Domsch 2007-10-28 23:13:51 EDT
Can you provide a backtrace?  It looks like it's in free(), however i810switch
code never calls free().
Comment 2 Bryan O'Sullivan 2007-10-29 00:00:28 EDT
Oops, thought I'd pasted the backtrace.

(gdb) bt
#0  0x00000030f566fd50 in _int_free (av=0x30f594c960, mem=0x603010)
    at malloc.c:4659
#1  0x00000030f5673b1c in *__GI___libc_free (mem=0x2079726f6d654d09)
    at malloc.c:3622
#2  0x00000030f565f1eb in _IO_new_fclose (fp=0x603010) at iofclose.c:88
#3  0x00000000004011db in main (argc=<value optimized out>, 
    argv=<value optimized out>) at i810switch.c:394
#4  0x00000030f561dab4 in __libc_start_main (main=0x400fc0 <main>, argc=2, 
    ubp_av=0x7fff86d0e378, init=<value optimized out>, 
    fini=<value optimized out>, rtld_fini=<value optimized out>, 
    stack_end=0x7fff86d0e368) at libc-start.c:222
#5  0x00000000004008d9 in _start ()
Comment 3 Matt Domsch 2007-10-29 13:33:21 EDT
Line 394 is a pclose().  Is there any chance you've got a bad copy of lspci
installed in your path?

        pci_f = popen(lspcistr, "r");
        if (!pci_f) {
                fprintf(stderr, "Something is wrong with lspci.\n");
                exit(1);
        }
        addr = i810_addr(&buff, &len, pci_f);
        if (addr == 0) {
                fprintf(stderr, "Something is wrong with lspci.\n");
                exit(1);
        }
        pclose(pci_f);
Comment 4 Matt Domsch 2007-10-29 13:34:16 EDT
and what version is your glibc pls?
Comment 5 Bryan O'Sullivan 2007-10-29 13:39:42 EDT
I don't have any funnies with pciutils or a broken lspci, alas.

pciutils-2.2.4-3.fc7.x86_64
glibc-2.6-4.x86_64
Comment 6 Bryan O'Sullivan 2007-10-29 13:41:11 EDT
Created attachment 242181 [details]
strace -f -s 1024 -o strace.out i810switch probe
Comment 7 Derek Atkins 2007-10-29 13:49:56 EDT
Not sure why I'm on the CC here.  i810switch-0.6.5-6.fc7.i386 works for me.  I
don't have an x86_64.  But I suppose I can leave myself CC'd since I must've
been copied for a reason.
Comment 8 Matt Domsch 2007-10-29 13:54:02 EDT
warlord, I was hoping you'd have an x86_64 system and could independently
confirm this.  I don't.  You can remove yourself if you like.
Comment 9 Matt Domsch 2007-10-29 13:57:00 EDT
Changing component to glibc to see if those folks have any ideas.  Failing in
pclose() is just plain odd given it had just finished reading from the same FILE *.
Comment 10 Matt Domsch 2007-11-02 10:15:02 EDT
Created attachment 246751 [details]
test.c

Please test with this trimmed-down application.  You can compile it with:

export CFLAGS='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'
gcc -o test test.c
./test
Comment 11 Bryan O'Sullivan 2007-11-02 11:54:38 EDT
That program runs perfectly happily.
Comment 12 Bryan O'Sullivan 2007-11-02 12:25:10 EDT
Gaaaaaah.   Stupid, stupid i810switch author.  Stupid, stupid C programming
language.

It's a size_t * / int * mismatch in the parameters to getline.
Comment 13 Bryan O'Sullivan 2007-11-02 12:25:53 EDT
Created attachment 246891 [details]
Bugfix

This patch fixes the bug.  Sigh.
Comment 14 Matt Domsch 2008-01-05 14:15:11 EST
indeed, looks like it'll fix it. Sorry for the delay, I'll get a build into F-7
testing.
Comment 15 Fedora Update System 2008-01-06 20:20:46 EST
i810switch-0.6.5-7.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update i810switch'
Comment 16 Fedora Update System 2008-01-27 02:21:05 EST
i810switch-0.6.5-7.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.