Ubuntu
xorg-server package

[sna] Xorg crashed with SIGABRT in memcpy_blt() - <Address 0xb8070f48 out of bounds> when using ReText with Qt5

Bug #1170384 reported by Dmitry Shachnev
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
qtbase-opensource-src (Ubuntu)
Fix Released
High
Dmitry Shachnev
xorg-server (Ubuntu)
Triaged
High
Unassigned

Bug Description

Xorg crashes every time when I try to run ReText with PyQt built against Qt 5.

#10 <signal handler called>
#11 0xb6eabb55 in memcpy (__len=261580, __src=0xb1871020, __dest=0xb8070f48)
    at /usr/include/i386-linux-gnu/bits/string3.h:51
#12 memcpy_blt (src=src@entry=0xb1871020, dst=0xb66ff000, bpp=1, src_stride=src_stride@entry=820,
    dst_stride=820, src_x=0, src_y=0, dst_x=0, dst_y=32538, width=820, height=1)
    at ../../../src/sna/blt.c:208
        src_bytes = 0xb1871020 ""
        dst_bytes = 0xb8070f48 <Address 0xb8070f48 out of bounds>
        byte_width = 261580
#13 0xb6ed27cb in sna_put_zpixmap_blt (stride=<optimized out>, bits=0xb1871020 "", y=32538, x=0,
    region=0xbffaada4, drawable=0xb962e8f8, gc=<optimized out>, w=<optimized out>, h=<optimized out>)
    at ../../../src/sna/sna_accel.c:3562
        box = 0xbffaada4
        n = 1
#14 sna_put_image (drawable=0xb962e8f8, gc=0xb964f248, depth=8, x=0, y=32538, w=820, h=319, left=0,
    format=2, bits=0xb1871020 "") at ../../../src/sna/sna_accel.c:3907
        sna = 0xb6dcf008
        priv = 0x0
        region = {extents = {x1 = 0, y1 = 32538, x2 = 820, y2 = -32679}, data = 0x0}
        dx = 0
        dy = 32538
#15 0xb76bb494 in damagePutImage (pDrawable=0xb962e8f8, pGC=0xb964f248, depth=8, x=0, y=32538, w=820, h=319,
    leftPad=0, format=2, pImage=0xb1871020 "") at ../../../miext/damage/damage.c:792
        pGCPriv = 0xb964f2d0
        oldFuncs = 0xb77b6da0 <damageGCFuncs>
#16 0xb75c470f in ProcPutImage (client=0xb9482bc8) at ../../dix/dispatch.c:1962
        pGC = 0xb964f248
        pDraw = 0xb962e8f8
        tmpImage = 0xb1871020 ""
        stuff = 0xb1871008

ProblemType: Crash
DistroRelease: Ubuntu 13.04
Package: xserver-xorg-core 2:1.13.3-0ubuntu6
ProcVersionSignature: Ubuntu 3.8.0-17.27-generic 3.8.6
Uname: Linux 3.8.0-17-generic i686
.tmp.unity.support.test.0:

ApportVersion: 2.9.2-0ubuntu8
Architecture: i386
CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins'
CompositorRunning: None
Date: Thu Apr 18 18:47:23 2013
DistUpgraded: 2013-03-08 18:38:15,983 DEBUG enabling apt cron job
DistroCodename: raring
DistroVariant: ubuntu
ExecutablePath: /usr/bin/Xorg
ExtraDebuggingInterest: Yes
GraphicsCard:
 Intel Corporation Mobile 945GM/GMS, 943/940GML Express Integrated Graphics Controller [8086:27a2] (rev 03) (prog-if 00 [VGA controller])
   Subsystem: Fujitsu Technology Solutions Device [1734:10c7]
   Subsystem: Fujitsu Technology Solutions Device [1734:10c7]
InstallationDate: Installed on 2010-03-20 (1125 days ago)
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Beta i386 (20100318)
MachineType: FUJITSU SIEMENS AMILO Li 1818
MarkForUpload: True
ProcCmdline: /usr/bin/X :0 -core -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
ProcCwd: /etc/X11
ProcEnviron:

ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.8.0-17-generic root=UUID=2e8fd81a-2a9c-4223-b8cb-19c24f99764e ro quiet splash vt.handoff=7
Signal: 6
SourcePackage: xorg-server
StacktraceTop:
 ?? () from /usr/lib/xorg/modules/drivers/intel_drv.so
 ?? () from /usr/lib/xorg/modules/drivers/intel_drv.so
 ?? ()
 ?? ()
 ?? ()
Title: Xorg crashed with SIGABRT
UpgradeStatus: Upgraded to raring on 2013-03-08 (41 days ago)
UserGroups:

dmi.bios.date: 07/30/2007
dmi.bios.vendor: FUJITSU SIEMENS
dmi.bios.version: 1.14C
dmi.board.name: AMILO Li 1818
dmi.board.vendor: FUJITSU SIEMENS
dmi.chassis.type: 10
dmi.chassis.vendor: FUJITSU SIEMENS
dmi.modalias: dmi:bvnFUJITSUSIEMENS:bvr1.14C:bd07/30/2007:svnFUJITSUSIEMENS:pnAMILOLi1818:pvr:rvnFUJITSUSIEMENS:rnAMILOLi1818:rvr:cvnFUJITSUSIEMENS:ct10:cvr:
dmi.product.name: AMILO Li 1818
dmi.sys.vendor: FUJITSU SIEMENS
version.compiz: compiz N/A
version.libdrm2: libdrm2 2.4.43-0ubuntu1
version.libgl1-mesa-dri: libgl1-mesa-dri 9.1.1-0ubuntu2
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 9.1.1-0ubuntu2
version.xserver-xorg-core: xserver-xorg-core 2:1.13.3-0ubuntu6
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.7.3-0ubuntu2b2
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:7.1.0-0ubuntu2
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.21.6-0ubuntu3
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.7-0ubuntu1
xserver.bootTime: Thu Apr 18 18:47:27 2013
xserver.configfile: default
xserver.errors:

xserver.logfile: /var/log/Xorg.0.log
xserver.version: 2:1.13.3-0ubuntu6
xserver.video_driver: intel

See original description

Related branches

lp:~mitya57/kubuntu-packaging/qtbase-resync-and-disable-scrollbars
Timo Jyrinki: Approve
Kubuntu Packagers: Pending requested
Diff: 1479 lines (+478/-205)
21 files modified
debian/changelog (+57/-1)
debian/control (+7/-13)
debian/copyright (+0/-58)
debian/libqt5concurrent5.symbols (+4/-4)
debian/libqt5core5.symbols (+122/-42)
debian/libqt5dbus5.symbols (+7/-4)
debian/libqt5gui5.symbols (+59/-20)
debian/libqt5network5.symbols (+30/-8)
debian/libqt5opengl5.symbols (+1/-1)
debian/libqt5printsupport5.symbols (+1/-1)
debian/libqt5sql5.symbols (+1/-1)
debian/libqt5test5.symbols (+1/-1)
debian/libqt5widgets5.symbols (+75/-40)
debian/libqt5xml5.symbols (+7/-7)
debian/patches/build_examples.patch (+23/-0)
debian/patches/deppath_gnu.diff (+18/-0)
debian/patches/disable_overlay_scrollbars.diff (+50/-0)
debian/patches/series (+7/-0)
debian/qtbase5-dev.install (+0/-1)
debian/qtbase5-private-dev.install (+1/-0)
debian/rules (+7/-3)
lp:ubuntu/saucy-proposed/qtbase-opensource-src
lp:ubuntu/saucy/qtbase-opensource-src
Revision history for this message
Dmitry Shachnev (mitya57) wrote :
Revision history for this message
Dmitry Shachnev (mitya57) wrote :

From my xsession-errors:

Window manager warning: Log level 16: Native children wider or taller than 65535 pixels are not supported
gnome-session[6512]: WARNING: Detected that screensaver has left the bus
gnome-session[6512]: CRITICAL: gsm_manager_set_phase: assertion `GSM_IS_MANAGER (manager)' failed
metacity: ../../src/xcb_io.c:528: _XAllocID: Assertion "ret != inval_id" failed.

Revision history for this message
Dmitry Shachnev (mitya57) wrote :

The log (attached) contains this:

[ 9730.555] (EE) Backtrace:
[ 9730.575] (EE) 0: /usr/bin/X (xorg_backtrace+0x49) [0xb7737f49]
[ 9730.575] (EE) 1: /usr/bin/X (0xb758a000+0x1b1e86) [0xb773be86]
[ 9730.575] (EE) 2: (vdso) (__kernel_rt_sigreturn+0x0) [0xb756740c]
[ 9730.575] (EE) 3: /usr/lib/xorg/modules/drivers/intel_drv.so (0xb6e78000+0x33b55) [0xb6eabb55]
[ 9730.575] (EE) 4: /usr/lib/xorg/modules/drivers/intel_drv.so (0xb6e78000+0x5a7cb) [0xb6ed27cb]
[ 9730.575] (EE) 5: /usr/bin/X (0xb758a000+0x131494) [0xb76bb494]
[ 9730.575] (EE) 6: /usr/bin/X (0xb758a000+0x3a70f) [0xb75c470f]
[ 9730.576] (EE) 7: /usr/bin/X (0xb758a000+0x3e035) [0xb75c8035]
[ 9730.576] (EE) 8: /usr/bin/X (0xb758a000+0x2b525) [0xb75b5525]
[ 9730.576] (EE) 9: /lib/i386-linux-gnu/libc.so.6 (__libc_start_main+0xf5) [0xb7178935]
[ 9730.576] (EE) 10: /usr/bin/X (0xb758a000+0x2b8f9) [0xb75b58f9]
[ 9730.576] (EE)
[ 9730.576] (EE) Segmentation fault at address 0xb8070f48
[ 9730.576]
Fatal server error:
[ 9730.576] Caught signal 11 (Segmentation fault). Server aborting

Revision history for this message
Dmitry Shachnev (mitya57) wrote :

Starting ReText with LIBOVERLAY_SCROLLBAR=0 helps, so looks like we have bug 1005677 again.

Revision history for this message
Bryce Harrington (bryce) wrote :

Not necessarily the same bug, this one appears to be crashing in SNA xserver code. We may be able to fix this on the X side.

A local workaround might be to run with UXA instead of SNA.

description: updated
summary: - Xorg crashed with SIGABRT
+ [sna] Xorg crashed with SIGABRT in memcpy_blt() - <Address 0xb8070f48
+ out of bounds>
Changed in xorg-server (Ubuntu):
status: New → Triaged
importance: Undecided → High
summary: [sna] Xorg crashed with SIGABRT in memcpy_blt() - <Address 0xb8070f48
- out of bounds>
+ out of bounds> when using ReText with Qt5
Revision history for this message
Dmitry Shachnev (mitya57) wrote :

For those who want to reproduce this bug, simply constructing a QTextEdit (using Qt 5) and showing it should do.

Revision history for this message
Dmitry Shachnev (mitya57) wrote :

While a fix on Xorg side will be a good thing, we anyway need to patch Qt to make apps working, so adding a task.

Changed in qtbase-opensource-src (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Dmitry Shachnev (mitya57)
Apport retracing service (apport)
tags: removed: need-i386-retrace
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.3 KiB)

This bug was fixed in the package qtbase-opensource-src - 5.0.2+dfsg1-4ubuntu1

---------------
qtbase-opensource-src (5.0.2+dfsg1-4ubuntu1) saucy; urgency=low

  [ Ken VanDine ]
  * debian/patches/0001-Implement-XEmbed-protocol.patch
    - Backport patch that adds xembed support, needed for Ubuntu Online
      Accounts in gnome-control-center

  [ Michael Terry ]
  * debian/control, debian/rules:
    - Enable gles support even when not on arm. We still use
      full GL on non-arm platforms, but we still offer the EGL API.

  [ Timo Jyrinki ]
  * New upstream version
  * Add patches contributed to upstream Gerrit:
    - debian/patches/add_since_52_to_new_QColor_features.patch (LP: #1174589)
    - debian/patches/inputmethod_fix_focusout.patch (LP: #1174547)
    - debian/patches/make_QColor_understand_AARRGGBB.patch (LP: #1174589)
  * Cherry-pick a fix from upstream to build with GCC 4.8
    - debian/patches/rename_qabs_function_for_timeval.patch
  * Build-depend on libxkbcommon-dev (LP: #1177496)
  * Update XEmbed patch from upstream Gerrit
  * Make sqlite the first recommended SQL plugin, remove ibase

  [ Dmitry Shachnev ]
  * Re-sync with current Debian packaging Git.
  * Add debian/patches/disable_overlay_scrollbars.diff, forward-ported
    from qt4-x11 packaging (LP: #1170384).

  [ Scott Kitterman ]
  * Revert debian/patches/enable_appmenu_support.diff for saucy as agreed
    since appmenu for saucy will use qpa

  [ Timo Jyrinki ]
  * Re-syncs until Debian experimental 5.0.2+dfsg1-4, remaining changes:
    - Remove firebird dependency and ibase
    - Maintainer fields and Vcs-Bzr
    - Provides: qt-default to qt5-default
    - Build depend on libxkbcommon-dev
    - 7 upstream and Ubuntu patches mentioned above
  * As requested, temporarily re-add the appmenu support until qpa
    plugin support is ready. Easily revertable.

qtbase-opensource-src (5.0.2+dfsg1-4) experimental; urgency=low

  [ Pino Toscano ]
  * Update lintian overrides.
  * Drop check of old hppa kernel bug, which has been fixed many years ago.
  * Update Vcs-Browser and Vcs-Git headers.

  [ Timo Jyrinki ]
  * libqt5sql5-sqlite listed as first in recommends, being the lightest.

  [ Lisandro Damián Nicanor Pérez Meyer ]
  * Add qt5-triplet.conf and arch-qualified qt5.conf. See qtchooser's
    README.Debian for more details.
  * Fix typo in qtbase5-private-dev's Breaks+Replaces.
  * Changed qt5-default to arch: all. Should have been like this from start, as
    it contains arch-qualified paths in it.
  * Update symbols files.

qtbase-opensource-src (5.0.2+dfsg1-3) experimental; urgency=low

  [ Pino Toscano ]
  * debian/control: remove extra ${misc:Pre-Depends} from qt5-qmake.
  * debian/control: remove extra qtbase5-dev suggest from libqt5sql5,
    libqt5sql5-mysql, libqt5sql5-odbc, libqt5sql5-psql, libqt5sql5-sqlite,
    libqt5sql5-tds.
  * debian/control: make libqt5printsupport5 recommend libcups2 (which is
    dlopen'ed).
  * Move the private qsqlresult_p.h from qtbase5-dev to qtbase5-private-dev,
    adding proper breaks/replaces in the latter.
  * Use LD_LIBRARY_PATH on any GNU system; patch deppath_gnu.diff.
  * debian/control: remove extra ${shlibs:Depends} fr...

Read more...

Changed in qtbase-opensource-src (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.