[kde] [Bug 461723] New: konsole (or other applications) crash at disabling second screen
Bernhard Übelacker
bugzilla_noreply at kde.org
Sat Nov 12 10:37:49 GMT 2022
https://bugs.kde.org/show_bug.cgi?id=461723
Bug ID: 461723
Summary: konsole (or other applications) crash at disabling
second screen
Classification: I don't know
Product: kde
Version: unspecified
Platform: Debian testing
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: unassigned-bugs at kde.org
Reporter: bernhardu at mailbox.org
Target Milestone: ---
Hello, I received a crash of konsole when I disabled a second screen via
systemsettings.
This screen is left of my main screen and has a lower resolution.
The crash looks like caused by a calculation in copy_unswapped,
which does some pointer arithmetic, but unfortunately the
offset gets negative, and therefore unmapped memory is tried to be accessed.
Otherwise it looks like yy might be related to a pixel resolution,
but my screens are nowhere near a height of 8256 pixel.
I received this crash two weeks ago also in konsole and dolphin.
This bug might be a duplicate of Bug 461563 and/or Bug 451110.
I collected the cores of the three crashes, so I can lookup somthing if needed.
STEPS TO REPRODUCE
Unfortunately I did not yet try to reproduce it this time.
Last time I could not get it crash when I tried to reproduce it.
SOFTWARE/OS VERSIONS
Operating System: Debian GNU/Linux
KDE Plasma Version: 5.26.0
KDE Frameworks Version: 5.98.0
Qt Version: 5.15.6
Kernel Version: 6.0.0-2-amd64 (64-bit)
Graphics Platform: X11
Processors: 16 × AMD Ryzen 7 1700 Eight-Core Processor
Memory: 31.1 GiB of RAM
Graphics Processor: AMD Radeon RX 460 Graphics
ADDITIONAL INFORMATION
(gdb) bt
#0 0x00007f009bcfe32f in __GI___poll (fds=0x7ffc26bb9058, nfds=1,
timeout=1000) at ../sysdeps/unix/sysv/linux/poll.c:29
#1 0x00007f009d975160 in ?? () from /lib/x86_64-linux-gnu/libKF5Crash.so.5
#2 0x00007f009d975b67 in KCrash::defaultCrashHandler(int) () from
/lib/x86_64-linux-gnu/libKF5Crash.so.5
#3 <signal handler called>
#4 __memcpy_avx_unaligned () at
../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:228
#5 0x00007f00962f142a in memmove (__len=262112, __src=0x7efb8bbe8810,
__dest=<optimized out>) at
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:36
#6 copy_unswapped (rect=<synthetic pointer>..., img=...,
dstBytesPerLine=262112, dst=<optimized out>) at
./src/plugins/platforms/xcb/qxcbbackingstore.cpp:547
#7 native_sub_image (swap=false, rect=<synthetic pointer>..., src=...,
dstStride=262112, buffer=0x5557a9af9130) at
./src/plugins/platforms/xcb/qxcbbackingstore.cpp:590
#8 QXcbBackingStoreImage::flushPixmap (this=0x5557a9af90b0, region=...,
fullRegion=<optimized out>) at
./src/plugins/platforms/xcb/qxcbbackingstore.cpp:669
#9 0x00007f00962f1a29 in QXcbBackingStoreImage::flushPixmap (fullRegion=false,
region=..., this=0x5557a9af90b0) at
./src/plugins/platforms/xcb/qxcbbackingstore.cpp:627
#10 QXcbBackingStoreImage::put (this=0x5557a9af90b0, dst=85983245, region=...,
offset=...) at ./src/plugins/platforms/xcb/qxcbbackingstore.cpp:741
#11 0x00007f00962f2369 in QXcbBackingStore::flush
(this=this at entry=0x5557a9a3b4d0, window=window at entry=0x5557a98d7c10,
region=..., offset=...) at ./src/plugins/platforms/xcb/qxcbwindow.h:128
#12 0x00007f009cd017b2 in QBackingStore::flush (this=this at entry=0x5557a9a4f510,
region=..., window=0x5557a98d7c10, offset=...) at
painting/qbackingstore.cpp:252
#13 0x00007f009d37059f in QWidgetRepaintManager::flush
(this=this at entry=0x5557a9d8fad0, widget=0x5557a98df320, region=...,
widgetTextures=<optimized out>) at kernel/qwidgetrepaintmanager.cpp:1184
#14 0x00007f009d372129 in QWidgetRepaintManager::flush (this=0x5557a9d8fad0) at
kernel/qwidgetrepaintmanager.cpp:1082
#15 0x00007f009d374270 in QWidgetRepaintManager::paintAndFlush
(this=0x5557a9d8fad0) at kernel/qwidgetrepaintmanager.cpp:1014
#16 0x00007f009d3bd341 in QWidgetWindow::handleResizeEvent
(this=0x5557a98d7c10, event=0x7ffc26bba560) at kernel/qwidgetwindow.cpp:841
#17 0x00007f009d3c10db in QWidgetWindow::event (this=0x5557a98d7c10,
event=0x7ffc26bba560) at kernel/qwidgetwindow.cpp:322
#18 0x00007f009d362f5e in QApplicationPrivate::notify_helper (this=<optimized
out>, receiver=0x5557a98d7c10, e=0x7ffc26bba560) at
kernel/qapplication.cpp:3637
#19 0x00007f009c6b1718 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
() from /lib/x86_64-linux-gnu/libQt5Core.so.5
#20 0x00007f009cb39bac in QGuiApplicationPrivate::processGeometryChangeEvent
(e=<optimized out>) at kernel/qguiapplication.cpp:2610
#21 0x00007f009cb11e1c in QWindowSystemInterface::sendWindowSystemEvents
(flags=flags at entry=...) at kernel/qwindowsysteminterface.cpp:1169
#22 0x00007f00962fc0fa in xcbSourceDispatch (source=<optimized out>) at
./src/plugins/platforms/xcb/qxcbeventdispatcher.cpp:105
#23 0x00007f009a9da799 in g_main_context_dispatch () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#24 0x00007f009a9daa28 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#25 0x00007f009a9daabc in g_main_context_iteration () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#26 0x00007f009c7094b6 in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
from /lib/x86_64-linux-gnu/libQt5Core.so.5
#27 0x00007f009c6b019b in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from
/lib/x86_64-linux-gnu/libQt5Core.so.5
#28 0x00007f009c6b8306 in QCoreApplication::exec() () from
/lib/x86_64-linux-gnu/libQt5Core.so.5
#29 0x00005557a933ee4c in ?? ()
#30 0x00007f009bc2920a in __libc_start_call_main
(main=main at entry=0x5557a933e690, argc=argc at entry=4,
argv=argv at entry=0x7ffc26bbab08) at ../sysdeps/nptl/libc_start_call_main.h:58
#31 0x00007f009bc292bc in __libc_start_main_impl (main=0x5557a933e690, argc=4,
argv=0x7ffc26bbab08, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7ffc26bbaaf8) at ../csu/libc-start.c:389
#32 0x00005557a933f301 in ?? ()
(gdb) up
(gdb) up
(gdb) up
(gdb) up
#4 __memcpy_avx_unaligned () at
../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:228
228 ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: Datei oder
Verzeichnis nicht gefunden.
(gdb) display/i $pc
1: x/i $pc
=> 0x7f009bd5457d <__memcpy_avx_unaligned+13>: vmovdqu (%rsi),%ymm0
(gdb) print/x $rsi
$1 = 0x7efb8bbe8810
(gdb) up
#5 0x00007f00962f142a in memmove (__len=262112, __src=0x7efb8bbe8810,
__dest=<optimized out>) at
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:36
36 return __builtin___memmove_chk (__dest, __src, __len,
(
(gdb) up
#6 copy_unswapped (rect=<synthetic pointer>..., img=...,
dstBytesPerLine=262112, dst=<optimized out>) at
./src/plugins/platforms/xcb/qxcbbackingstore.cpp:547
547 ::memmove(dst, src, dstBytesPerLine);
https://sources.debian.org/src/qtbase-opensource-src/5.15.6+dfsg-2/src/plugins/platforms/xcb/qxcbbackingstore.cpp/#L547
https://github.com/qt/qtbase/blob/7c4b3648cad7faf990397af0b8a81664658c2d4f/src/plugins/platforms/xcb/qxcbbackingstore.cpp#L514
https://github.com/qt/qtbase/blob/dev/src/plugins/platforms/xcb/qxcbbackingstore.cpp#L514
537 static inline void copy_unswapped(char *dst, int dstBytesPerLine, const
QImage &img, const QRect &rect)
538 {
539 const uchar *srcData = img.constBits();
540 const int srcBytesPerLine = img.bytesPerLine();
541
542 const int leftOffset = rect.left() * img.depth() >> 3;
543 const int bottom = rect.bottom() + 1;
544
545 for (int yy = rect.top(); yy < bottom; ++yy) {
546 const uchar *src = srcData + yy * srcBytesPerLine + leftOffset;
547 ::memmove(dst, src, dstBytesPerLine);
548 dst += dstBytesPerLine;
549 }
550 }
(gdb) print img.d->data
$2 = (uchar *) 0x7efc0ac29010 "\361\360\357\377\361...
(gdb) print bottom
$3 = 8320
(gdb) print yy
$4 = 8256
(gdb) print srcBytesPerLine
$5 = 262112
(gdb) print yy * srcBytesPerLine
$7 = -2130970624
# if calculation uses int, it overflows and the offset gets negative
(gdb) print/x 0x7efc0ac29010 + yy * srcBytesPerLine
$9 = 0x7efb8bbe8810
# the resulting pointer 0x7efb8bbe8810 is smaller than img.d->data
0x7efc0ac29010
(gdb) up
(gdb) up
(gdb) up
#8 QXcbBackingStoreImage::flushPixmap (this=0x5557a9af90b0, region=...,
fullRegion=<optimized out>) at
./src/plugins/platforms/xcb/qxcbbackingstore.cpp:669
669 const QImage subImage = native_sub_image(&m_flushBuffer,
stride, m_qimage, subRect, needsByteSwap);
(gdb) print x
$12 = 0
(gdb) print y
$13 = 8256
(gdb) print width
$14 = <optimized out>
(gdb) print rows
$15 = <optimized out>
(gdb) print rect
$16 = (const QRect &) @0x5557aad282d0: {x1 = 0, y1 = 0, x2 = 65527, y2 = 65504}
(gdb) print stride
$17 = 262112
(gdb) print rows_per_put
$18 = 64
$ xrandr
Screen 0: minimum 320 x 200, current 1920 x 1080, maximum 16384 x 16384
DisplayPort-0 disconnected (normal left inverted right x axis y axis)
HDMI-A-0 connected primary 1920x1080+0+0 (normal left inverted right x axis y
axis) 476mm x 268mm
1920x1080 60.00*+ 50.00 59.94
...
DVI-D-0 connected (normal left inverted right x axis y axis)
1280x1024 60.02 + 75.02
...
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Unassigned-bugs
mailing list