Description of problem: Xvfb segfaults when run with IDV (http://www.unidata.ucar.edu/software/idv/). Version-Release number of selected component (if applicable): xorg-x11-server-Xvfb-1.1.1-48.41.el5_2.1 How reproducible: always on x86_64 Steps to Reproduce: 1) Download ftp://ftp.unidata.ucar.edu/pub/idv/2_5/idv_2_5_linux-i386_installer.sh and run the installer choosing the defaults 2) Start an Xvfb display: # /usr/bin/Xvfb :3 -screen 3 1280x1024x24 -fbdir /var/tmp 3) Download ~/kpit.isl and ~/bundles/kpit.xidv 4) Run the application in the Xvfb display: # export DISPLAY=:3.3 # mkdir ~/images # cp /usr/share/pixmaps/gnome-cromagnon.png ~/images/kpit_thumb.png # cp /usr/share/backgrounds/tiles/only_k.jpg ~/logo.jpg # ~/IDV_2.5/runIDV ~/kpit.isl Actual results: segv Expected results: no segv Additional info: looks very similar to - https://bugs.freedesktop.org/show_bug.cgi?id=16758 (gdb) bt #0 0x0000003b77477aa0 in memcpy () from /lib64/libc.so.6 #1 0x000000000045d296 in fbBlt (srcLine=<value optimized out>, srcStride=<value optimized out>, srcX=<value optimized out>, dstLine=<value optimized out>, dstStride=1, dstX=dwarf2_read_address: Corrupted DWARF expression. ) at /usr/include/bits/string3.h:51 #2 0x000000000045d780 in fbBltStip (src=0x7fff3f732cd0, srcStride=-1422343604, srcX=4, dst=0x4, dstStride=4, dstX=0, width=32, height=1, alu=3, pm=4294967295, bpp=32) at fbblt.c:950 #3 0x000000000046b4d4 in fbGetImage (pDrawable=<value optimized out>, x=107, y=1025, w=32, h=1, format=2, planeMask=18446744073709551615, d=0x7fff3f732cd0 "") at fbimage.c:331 #4 0x000000000048598e in miBSGetImage (pDrawable=0x17b1c030, sx=29, sy=891, w=1, h=1, format=2, planemask=18446744073709551615, pdstLine=0x7fff3f732cd0 "") at mibstore.c:617 #5 0x00000000006aa149 in cwGetImage (pSrc=<value optimized out>, x=29, y=891, w=1, h=1, format=2, planemask=18446744073709551615, pdstLine=0x7fff3f732cd0 "") at cw.c:357 #6 0x000000000049374c in miSpriteGetImage (pDrawable=0x17b1c030, sx=29, sy=891, w=1, h=1, format=2, planemask=18446744073709551615, pdstLine=0x7fff3f732cd0 "") at misprite.c:301 #7 0x000000000064c408 in read_pixel (dpy=0x7fff3f732cd0, d=0x7fff3f732cd0, x=-1422343604, y=4) at xm_span.c:117 #8 0x000000000064d676 in get_values_rgba (ctx=<value optimized out>, rb=0x17b0f950, n=1, x=0x1748c290, y=0x17490290, values=0x0) at xm_span.c:4341 #9 0x00000000005c1579 in _swrast_blend_span (ctx=0x17442440, rb=0x2aaaab38c24c, span=0x7fff3f73afb0, rgba=0x17480290) at s_blend.c:861 #10 0x00000000005bb026 in _swrast_write_rgba_span (ctx=0x17442440, span=0x7fff3f73afb0) at s_span.c:1365 #11 0x00000000005d727e in general_rgba_line (ctx=0x17442440, vert0=<value optimized out>, vert1=0x4) at s_linetemp.h:430 #12 0x00000000005fce1a in clip_render_line_strip_verts (ctx=0x17442440, start=785, count=848, flags=<value optimized out>) at t_vb_rendertmp.h:107 #13 0x0000000000600cda in run_render (ctx=0x17442440, stage=<value optimized out>) at t_vb_render.c:320 #14 0x000000000060556b in _tnl_run_pipeline (ctx=0x17442440) at t_pipeline.c:159 #15 0x0000000000687ed4 in _tnl_playback_vertex_list (ctx=0x17442440, data=<value optimized out>) at t_save_playback.c:209 #16 0x0000000000525687 in execute_list (ctx=0x17442440, list=<value optimized out>) at dlist.c:5783 #17 0x0000000000528097 in _mesa_CallList (list=1) at dlist.c:6875 #18 0x00000000004d0727 in __glXRender (cl=<value optimized out>, pc=<value optimized out>) at glxcmds.c:1739 #19 0x00000000004ce938 in __glXDispatch (client=<value optimized out>) at glxext.c:522 #20 0x000000000042ecda in Dispatch () at dispatch.c:459 #21 0x000000000043f87e in main (argc=7, argv=0x7fff3f73c0e8, envp=<value optimized out>) at main.c:447 #22 0x0000003b7741d8a4 in __libc_start_main (main=0x43f430 <main>, argc=7, ubp_av=0x7fff3f73c0e8, init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=0x7fff3f73c0d8) at libc-start.c:231 #23 0x000000000041e679 in _start () ------------------------------------------------------------------------------ (gdb) bt full #0 0x0000003b77477aa0 in memcpy () from /lib64/libc.so.6 mallstream = (FILE *) 0x0 tr_old_memalign_hook = (void *(*)(size_t, size_t, const void *)) 0 tr_old_malloc_hook = (void *(*)(size_t, const void *)) 0 tr_old_realloc_hook = (void *(*)(void *, size_t, const void *)) 0 lock = 0 mallenv = "MALLOC_TRACE" malloc_trace_buffer = 0x0 tr_old_free_hook = (void (*)(void *, const void *)) 0 mallwatch = (void *) 0x0 #1 0x000000000045d296 in fbBlt (srcLine=<value optimized out>, srcStride=<value optimized out>, srcX=<value optimized out>, dstLine=<value optimized out>, dstStride=1, dstX=dwarf2_read_address: Corrupted DWARF expression. ) at /usr/include/bits/string3.h:51 i = 1 src = (CARD8 *) 0x2aaaab38c24c <Address 0x2aaaab38c24c out of bounds> dst = (CARD8 *) 0x7fff3f732cd0 "" src = <value optimized out> dst = <value optimized out> leftShift = <value optimized out> rightShift = <value optimized out> startmask = <value optimized out> endmask = <value optimized out> bits = <value optimized out> bits1 = <value optimized out> nmiddle = <value optimized out> destInvarient = <value optimized out> startbyte = <value optimized out> endbyte = <value optimized out> _ca1 = <value optimized out> _cx1 = <value optimized out> _ca2 = <value optimized out> _cx2 = <value optimized out> #2 0x000000000045d780 in fbBltStip (src=0x7fff3f732cd0, srcStride=-1422343604, srcX=4, dst=0x4, dstStride=4, dstX=0, width=32, height=1, alu=3, pm=4294967295, bpp=32) at fbblt.c:950 No locals. #3 0x000000000046b4d4 in fbGetImage (pDrawable=<value optimized out>, x=107, y=1025, w=32, h=1, format=2, planeMask=18446744073709551615, d=0x7fff3f732cd0 "") at fbimage.c:331 pm = 4294967295 src = (FbBits *) 0x2aaaaae8aca0 srcStride = 1280 srcBpp = 32 srcXoff = 0 srcYoff = 0 dst = (FbStip *) 0x4 dstStride = 4 #4 0x000000000048598e in miBSGetImage (pDrawable=0x17b1c030, sx=29, sy=891, w=1, h=1, format=2, planemask=18446744073709551615, pdstLine=0x7fff3f732cd0 "") at mibstore.c:617 subWindowMode = 0 x = <value optimized out> y = <value optimized out> pPixmap = (PixmapPtr) 0x0 ---Type <return> to continue, or q <return> to quit--- Border = {extents = {x1 = 19018, y1 = -182, x2 = 31611, y2 = -133}, data = 0xff000000ff000000} pBox = <value optimized out> pSrcWin = <value optimized out> xoff = 2 n = <value optimized out> pGC = (GCPtr) 0x0 pWin = <value optimized out> yoff = 1 Remaining = {extents = {x1 = 107, y1 = 1025, x2 = 108, y2 = 1026}, data = 0x0} Inside = {extents = {x1 = 18761, y1 = -183, x2 = 19275, y2 = -181}, data = 0xff464646ff4a4a4a} pScreen = (ScreenPtr) 0x172e03c0 bounds = {x1 = 29, y1 = 891, x2 = 30, y2 = 892} depth = 24 '\030' #5 0x00000000006aa149 in cwGetImage (pSrc=<value optimized out>, x=29, y=891, w=1, h=1, format=2, planemask=18446744073709551615, pdstLine=0x7fff3f732cd0 "") at cw.c:357 pScreen = (ScreenPtr) 0x172e03c0 pBackingDrawable = (DrawablePtr) 0x7fff3f732cd0 src_off_x = 0 src_off_y = 0 #6 0x000000000049374c in miSpriteGetImage (pDrawable=0x17b1c030, sx=29, sy=891, w=1, h=1, format=2, planemask=18446744073709551615, pdstLine=0x7fff3f732cd0 "") at misprite.c:301 pScreen = (ScreenPtr) 0x172e03c0 #7 0x000000000064c408 in read_pixel (dpy=0x7fff3f732cd0, d=0x7fff3f732cd0, x=-1422343604, y=4) at xm_span.c:117 p = 0 #8 0x000000000064d676 in get_values_rgba (ctx=<value optimized out>, rb=0x17b0f950, n=1, x=0x1748c290, y=0x17490290, values=0x0) at xm_span.c:4341 p = <value optimized out> rgba = (GLubyte (*)[4]) 0x7fff3f732df0 dpy = (XMesaDisplay *) 0x172e03c0 source = <value optimized out>
Thanks for the bug report. We have reviewed the information you have provided above, and there is some additional information we require that will be helpful in our diagnosis of this issue. Please attach your X server config file (/etc/X11/xorg.conf) and X server log file (/var/log/Xorg.*.log) to the bug report as individual uncompressed file attachments using the bugzilla file attachment link below. We will review this issue again once you've had a chance to attach this information. Thanks in advance.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
I was diggin this up further, seems to be weird as seen #7 0x0000000000672568 in read_pixel (dpy=0x3, d=0x7fff4b0c0220, x=1613476428, y=4) at xm_span.c:117 #8 0x00000000006737d6 in get_values_rgba (ctx=<value optimized out>, rb=0x168fdb90, n=1, x=0x167663d0, y=0x1676a3d0, values=0x0) at xm_span.c:4341 -------------------------- from inspecting var values, we know from frame #8 ( get_values_rgba ) (gdb) p n $15 = 1 (gdb) p x[0] // 0x167663d0 $16 = 29 (gdb) p x[1] //0x167663d4 $17 = 23 -------------------------- as seen from code static void get_values_rgba(GLcontext *ctx, struct gl_renderbuffer *rb, GLuint n, const GLint x[], const GLint y[], void *values) { ... case PF_8R8G8B: for (i=0;i<n;i++) { unsigned long p = read_pixel( dpy, buffer, x[i], YFLIP(xrb, y[i]) ); rgba[i][RCOMP] = (GLubyte) ((p >> 16) & 0xff); rgba[i][GCOMP] = (GLubyte) ((p >> 8) & 0xff); rgba[i][BCOMP] = (GLubyte) ( p & 0xff); rgba[i][ACOMP] = 255; } /* * Read a pixel from an X drawable. */ static unsigned long read_pixel( XMesaDisplay *dpy, XMesaDrawable d, int x, int y ) the values being passed to read_pixel are apparently being twisted ? GLint is defined as int. This event sent from IssueTracker by rkhadgar issue 192402
1808166 build (dist-5E-qu-candidate, RHEL-5:xorg-x11-server-1_1_1-48_61_el5): open (spark.z900.redhat.com) -> closed MODIFIED
This event sent from IssueTracker by jruemker issue 192402 it_file 222576
~~ Attention Partners RHEL 5.4 Partner Alpha Released! ~~ RHEL 5.4 Partner Alpha has been released on partners.redhat.com. There should be a fix present that addresses this particular request. Please test and report back your results here, at your earliest convenience. Our Public Beta release is just around the corner! If you encounter any issues, please set the bug back to the ASSIGNED state and describe the issues you encountered. If you have verified the request functions as expected, please set your Partner ID in the Partner field above to indicate successful test results. Do not flip the bug status to VERIFIED. Further questions can be directed to your Red Hat Partner Manager. Thanks!
Move back to ASSIGNED so this actually shows up as a work item.
This bug is for a crash in PutImage. The crash described in comment #19 is in the software GL rendering code, and is tracked in bug #508923. MODIFIED
~~ Attention - RHEL 5.4 Beta Released! ~~ RHEL 5.4 Beta has been released! There should be a fix present in the Beta release that addresses this particular request. Please test and report back results here, at your earliest convenience. RHEL 5.4 General Availability release is just around the corner! If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity. Please do not flip the bug status to VERIFIED. Only post your verification results, and if available, update Verified field with the appropriate value. Questions can be posted to this bug or your customer or partner representative.
~~ Attention Partners - RHEL 5.4 Snapshot 1 Released! ~~ RHEL 5.4 Snapshot 1 has been released on partners.redhat.com. If you have already reported your test results, you can safely ignore this request. Otherwise, please notice that there should be a fix available now that addresses this particular request. Please test and report back your results here, at your earliest convenience. The RHEL 5.4 exception freeze is quickly approaching. If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity. Do not flip the bug status to VERIFIED. Instead, please set your Partner ID in the Verified field above if you have successfully verified the resolution of this issue. Further questions can be directed to your Red Hat Partner Manager or other appropriate customer representative.
~~ Attention Partners - RHEL 5.4 Snapshot 5 Released! ~~ RHEL 5.4 Snapshot 5 is the FINAL snapshot to be release before RC. It has been released on partners.redhat.com. If you have already reported your test results, you can safely ignore this request. Otherwise, please notice that there should be a fix available now that addresses this particular issue. Please test and report back your results here, at your earliest convenience. If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity. If it is urgent, escalate the issue to your partner manager as soon as possible. There is /very/ little time left to get additional code into 5.4 before GA. Partners, after you have verified, do not flip the bug status to VERIFIED. Instead, please set your Partner ID in the Verified field above if you have successfully verified the resolution of this issue. Further questions can be directed to your Red Hat Partner Manager or other appropriate customer representative.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-1373.html