https://bugs.kde.org/show_bug.cgi?id=440778
--- Comment #5 from Jiri Slaby <jirisl...@gmail.com> ---
(In reply to Nate Graham from comment #4)
> Feel free to submit a merge request to fix it!
If I only knew what the root cause is -- I only described the symptoms... The
Display is callocated (so zeroed) and lock_fns explicitly set to NULL in
OpenDisplay. lock_fns is then touched (Xmalloc-ed) only in _XInitDisplayLock.
Anyway, whole _XDisplay structure seems to be mangled:
> $4 = {ext_data = 0x7f169265d0a0 <wl_display_interface>, free_funcs =
> 0x7f1692509d70, fd = 1, conn_checker = 0, proto_major_version = 904794160,
> proto_minor_version = 21891, vendor = 0x558335ee1100 "", resource_base =
> 4294967296, resource_mask = 94022033870896, resource_id = 0, resource_shift =
> 0,
> resource_alloc = 0x0, byte_order = 904802176, bitmap_unit = 21891,
> bitmap_pad = 0, bitmap_bit_order = 0, nformats = 0, pixmap_format = 0x0,
> vnumber = 0,
> release = 0, head = 0x3, tail = 0xf8, qlen = 256, last_request_read =
> 94022033919856, request = 0, last_req = 0x0, buffer = 0x0,
> bufptr = 0x1 <error: Cannot access memory at address 0x1>, bufmax =
> 0x558335ee10e8 "\350\020\356\065\203U", max_request_size = 904794344,
> db = 0x558335ee1030, synchandler = 0x558335ee1100, display_name =
> 0x558335ee1100 "", default_screen = 904794160, nscreens = 21891, screens =
> 0x0,
> motion_buffer = 0, flags = 0, min_keycode = 0, max_keycode = 0, keysyms =
> 0x0, modifiermap = 0xdd00000000, keysyms_per_keycode = 0, xdefaults = 0x0,
> scratch_buffer = 0x0, scratch_length = 0, ext_number = 0, ext_procs = 0x0,
> event_vec = {0xe1, 0x7f16903b4640, 0x558335f569e0, 0x6400000001,
> 0x7f16903b3c68,
> 0x7f1695fa7680 <QMapDataBase::shared_null>, 0x1, 0x0, 0x0, 0x0,
> 0x7f16903b3c68, 0x7f1695fa7680 <QMapDataBase::shared_null>, 0x1, 0x0, 0x0,
> 0x0,
> 0x7f16903b3c68, 0x7f1695fa7680 <QMapDataBase::shared_null>, 0x1, 0x0,
> 0x0, 0x0, 0x7f16903b3c68, 0x7f1695fa7680 <QMapDataBase::shared_null>, 0x1,
> 0x0,
> 0x0, 0x0, 0x21,
> 0x7f16925aa460
> <QtWaylandClient::QWaylandWindowManagerIntegration::wlHandleListenerGlobal(void*,
> wl_registry*, unsigned int, QString const&, unsigned int)>, 0x558335edacc0,
> 0x0, 0x31, 0x7f16959c1a00 <main_arena>, 0x558335ee0ed0, 0x5583357d3840
> <QHashData::shared_null>, 0x0, 0x0, 0x31, 0x200000001, 0x100000000,
> 0x558335ee1260, 0x0, 0x0, 0x31, 0x558335ed97e0, 0x0, 0x626b782f6769666e,
> 0x558335ee1200, 0x0, 0x31, 0x73782f656d6f682f, 0x6f632e2f7962616c,
> 0x626b782f6769666e, 0x0, 0x0, 0x31, 0x558335ee1310, 0x558335ed97a0,
> 0x558335ee1410, 0x0, 0x0, 0x41, 0x6168732f7273752f, 0x6c61636f6c2f6572,
> 0x5f434c2f73632f65, 0x534547415353454d, 0x6f6d2e6362696c2f, 0x0, 0x0,
> 0x41, 0x558335ee1370, 0x7f1600000001, 0x558335edba20, 0x5583363fd630, 0x0,
> 0x0,
> 0x0, 0x21, 0x558335edca90, 0xffffffffffffffff, 0x0, 0x21,
> 0x626b782f6374652f, 0x0, 0x62, 0x21, 0x558335eb2e40, 0x0, 0x0, 0x71,
> 0x2700000001, 0x28, 0x18,
> 0x5f00700077007a, 0x6d006900720070, 0x5f007900720061, 0x65006c00650073,
> 0x6f006900740063, 0x650064005f006e, 0x65006300690076, 0x6e0061006d005f,
> 0x72006500670061, 0x310076005f, 0x31, 0x558335f6d710, 0x400,
> 0x558335f4b830, 0x200000001bd, 0x0, 0x31, 0x100000001, 0x2, 0x18,
> 0xde78c2c000000034, 0x30,
> 0x21, 0x31646f4d, 0x0, 0x0, 0x61, 0x7f1696190750 <vtable for
> QObjectPrivate+16>, 0x558335eb5570, 0x0, 0x5583357d38f0
> <QListData::shared_null>,
> 0x35ee1130, 0x0, 0x0}, wire_vec = {0x558335eb4ba0, 0x0, 0x0, 0x0, 0x21,
> 0x7f169265de18 <vtable for QtWaylandClient::QWaylandTabletManagerV2+16>,
> 0x558335eec340, 0x0, 0x101, 0xc00000001, 0xe, 0x18, 0x24, 0xa00000060,
> 0x2c, 0xa00000060, 0x74, 0xa00000060, 0x558336020de0, 0x1000000a0, 0x18,
> 0xa00000060, 0x0, 0x0, 0x48, 0xa00000060, 0x58, 0xa00000060, 0xc,
> 0xa00000060, 0x0, 0x114, 0x0, 0xa00000060, 0x50f00, 0x0, 0x558336020480,
> 0x558336011de0, 0x0, 0x100003176, 0x101, 0xa00000001, 0xe, 0x18, 0x0,
> 0xa00000060, 0x558335f759b0, 0x1000000a0, 0xc, 0xa00000060, 0x28, 0xa00000060,
> 0x44, 0xa00000060, 0x5c, 0xa00000060, 0x78, 0xa00000060, 0x0, 0x114,
> 0x90, 0xa00000060, 0x0, 0x115, 0x224, 0xa00000060, 0x240, 0x600000060, 0x2ac,
> 0xa00000060, 0x2c0, 0x600000060, 0x21, 0x7f169265dfa0 <vtable for
> QtWaylandClient::QWaylandShm+16>, 0x558335eec750, 0x558335eeca40, 0x31,
> 0x700000001,
> 0x8, 0x18, 0x75006e0069006c, 0x6200660078, 0x111, 0xac00000001,
> 0x7f16000000e8, 0x18, 0x7372657600000007, 0x5006e6f69, 0x6775626564,
> 0x6863726100000007,
> 0x300716572, 0x3e00444949, 0x702d74712e67726f, 0x512e7463656a6f72,
> 0x50512e4150512e74, 0x496d726f6674616c, 0x697461726765746e,
> 0x726f746361466e6f,
> 0x61667265746e4979, 0x332e352e6563, 0x73616c6300000009, 0x656d614e73,
> 0x6e694c5100000019, 0x65746e4962467875, 0x506e6f6974617267, 0x42006e6967756c,
> 0x6174654d00000008, 0x7f0061746144, 0x558335ed9688, 0x7fff8b1f4660,
> 0x558335eb4840, 0x7fff8b1f46d8, 0x0, 0x5583357d38c0 <QArrayData::shared_null>,
> 0x5583357d38c0 <QArrayData::shared_null>, 0x5583357d38c0
> <QArrayData::shared_null>, 0x31, 0x558335ee2091, 0x0, 0x0, 0x558335ed9680,
> 0x558335ee19d0, 0x21,
> 0xa100000001, 0x558335eda830, 0x558335eda630, 0x31, 0x700000001},
> lock_meaning = 8, lock = 0x18, async_handlers = 0x6c007900610077,
> bigreq_size = 429503938657, lock_fns = 0x31, idlist_alloc = 0x800000001,
> key_bindings = 0x7f1600000009, cursor_font = 24, atoms = 0x7379654b00000004,
> mode_switch = 3473408, num_lock = 7340079, context_db = 0x71, error_vec =
> 0x558335ed9680, cms = {
> defaultCCCs = 0x5583357d38c0 <QArrayData::shared_null>
> "\377\377\377\377", clientCmaps = 0x0, perVisualIntensityMaps = 0x0},
> im_filters = 0x0,
> qfree = 0x0, next_event_serial_num = 0, flushes = 0x0, im_fd_info =
> 0x558335ee29a0, im_fd_length = 897398976,
> conn_watchers = 0x5583357d38c0 <QArrayData::shared_null>, watcher_count =
> 8, filedes = 0x0, savedsynchandler = 0x71, resource_max = 94022033877024,
> xcmisc_opcode = 897398976, xkb_info = 0x0, trans_conn = 0x0, xcb = 0x0,
> next_cookie = 0, generic_event_vec = {0x0, 0x0, 0x558335ee1950,
> 0x5583357d38c0 <QArrayData::shared_null>, 0x5583357d38c0
> <QArrayData::shared_null>, 0x100000008, 0x0, 0x41, 0x100000001, 0x2, 0x18,
> 0x0, 0xa00000060,
> 0x756c506e6f697461, 0x6f006e6967, 0x41, 0x100000001, 0x2, 0x18, 0x0,
> 0xa00000060, 0x10a00000006c0067, 0x100000080, 0x31, 0x558335ee28b1, 0x0, 0x0,
> 0x558335eda4e0, 0x558335eda7c0, 0x51, 0x558335ede290, 0x558335edf100,
> 0x7f169546b0c0, 0x7f16962c9400, 0x0, 0x558335ede290, 0x558335edf100,
> 0x7f169546b0c0, 0x7f16962c9400, 0x71, 0x558335eb91e0, 0x5583357d38c0
> <QArrayData::shared_null>, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x558335ed97c0,
> 0x5583357d38c0 <QArrayData::shared_null>, 0x5583357d38c0
> <QArrayData::shared_null>, 0x100000008, 0x0, 0x71, 0x558335ee2db0,
> 0x5583357d38c0 <QArrayData::shared_null>, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
> 0x558335ee2e40, 0x5583357d38c0 <QArrayData::shared_null>,
> 0x5583357d38c0 <QArrayData::shared_null>, 0x100000008, 0x0, 0x81,
> 0x2b00000002, 0x2d, 0x18, 0x7200730075002f, 0x620069006c002f,
> 0x71002f00340036,
> 0x70002f00350074, 0x6900670075006c, 0x70002f0073006e, 0x6600740061006c,
> 0x73006d0072006f, 0x620069006c002f, 0x63006e00760071, 0x6f0073002e,
> 0x100000000,
> 0x21, 0x6c2f343662696c2f, 0x2e74617078656269, 0x312e6f73, 0x21,
> 0x6c00343662696c2f, 0x2e74617078656269, 0x7f00312e6f73, 0x21,
> 0xffffffff00000003,
> 0x558335ed9790, 0x20, 0x31, 0xb00000001, 0x0, 0x558335eda570, 0x0,
> 0x558335ed9770, 0xa1, 0x7f169265def0, 0x558335eeb670, 0x558335ee0ed0, 0x0,
> 0x0,
> 0x71002f00000000, 0x5583357d38f0 <QListData::shared_null>, 0x5583357d38c0
> <QArrayData::shared_null>, 0x70002f00000000, 0x0,
> 0x5583357d38c0 <QArrayData::shared_null>, 0x620069006c0000, 0x0, 0x0,
> 0x0, 0x0, 0x558335ed90e0, 0x32007800000002, 0x0, 0xa1, 0x3e00000002, 0x40,
> 0x18,
> 0x7200730075002f, 0x620069006c002f, 0x71002f00340036},
> generic_event_copy_vec = {0x70002f00350074, 0x6900670075006c,
> 0x70002f0073006e, 0x6600740061006c,
> 0x73006d0072006f, 0x620069006c002f, 0x79006100770071, 0x64006e0061006c,
> 0x6f00630078002d, 0x73006f0070006d, 0x2d006500740069, 0x2e006c00670065,
> 0x6f0073,
> 0x51, 0x1600000001, 0x17, 0x18, 0x6100740053002f, 0x4e007300750074,
> 0x6600690074006f, 0x57007200650069, 0x68006300740061, 0x720065, 0x51,
> 0x558335edddc0,
> 0x558335ede290, 0x7f169546b0c0, 0x7f16962c9400, 0x0, 0x558335edddc0,
> 0x558335ede290, 0x7f169546b0c0, 0x7f16962c9400, 0x111, 0xa800000001,
> 0x7f16000000e8,
> 0x18, 0x7372657600000007, 0x5006e6f69, 0x6775626564, 0x6863726100000007,
> 0x300716572, 0x3e00444949, 0x702d74712e67726f, 0x512e7463656a6f72,
> 0x50512e4150512e74, 0x496d726f6674616c, 0x697461726765746e,
> 0x726f746361466e6f, 0x61667265746e4979, 0x332e352e6563, 0x73616c6300000009,
> 0x656d614e73,
> 0x6c67455100000017, 0x726765746e495346, 0x756c506e6f697461, 0x8006e6967,
> 0x617461446174654d, 0x7fff8b1f4800, 0x7f1695d18213
> <QListData::realloc_grow(int)+51>, 0x7fff8b1f47f0, 0x7fff8b1f47e0, 0x2,
> 0x0, 0x5583357d38c0 <QArrayData::shared_null>,
> 0x5583357d38c0 <QArrayData::shared_null>, 0x5583357d38c0
> <QArrayData::shared_null>, 0x31, 0x5583362e8071, 0x558335ed9410,
> 0x558335ee1920, 0x558335ee2db0,
> 0x558335ee1c20, 0x41, 0x200000001, 0x2, 0x18, 0x0, 0xa00000060,
> 0x558335ee2d90, 0x100000080, 0x81, 0x2900000001, 0x2a, 0x18, 0x5f00700077007a,
> 0x6200790065006b, 0x6400720061006f, 0x6f00680073005f, 0x75006300740072,
> 0x69005f00730074, 0x6200690068006e, 0x6d005f00740069, 0x670061006e0061,
> 0x76005f00720065, 0x558300000031, 0x1000000a0, 0x101, 0xc00000001,
> 0x7f160000000e, 0x18, 0x24, 0xa00000060, 0x2c, 0xa00000060, 0xa0, 0xa00000060,
> 0x558335ed9710, 0x1000000a0, 0x18, 0xa00000060, 0x0, 0x0, 0x70,
> 0xa00000060, 0x80, 0xa00000060, 0xc, 0xa00000060, 0x0, 0x114, 0x0,
> 0xa00000060, 0x50f00,
> 0x0, 0x7fff8b1f47e0, 0x10, 0x0}, cookiejar = 0x5583357d38c0
> <QArrayData::shared_null>, error_threads = 0x111, exit_handler = 0xac00000001,
> exit_handler_data = 0xe8}
dpy->lock is 0x18
dpy->lock_meaning is 0x8
(gdb) p *dpy->screens
Cannot access memory at address 0x0
(gdb) p dpy->nscreens
$16 = 21891
OTOH, for example dpy->im_fd_info looks to be correct:
> (gdb) p *dpy->im_fd_info
> $15 = {fd = 1, read_callback = 0x558335ee2280, call_data = 0x558335ee2180
> "\001", watch_data = 0x31, next = 0xb00000001}
For another crash:
(gdb) p *dpy->screens
Cannot access memory at address 0x0
(gdb) p dpy->nscreens
$1 = 22056
(gdb) p dpy->lock
$2 = (struct _XLockInfo *) 0x18
(gdb) p/x dpy->lock_meaning
$3 = 0x8
(gdb) p *dpy->im_fd_info
$4 = {fd = 1, read_callback = 0x5628d28ab280, call_data = 0x5628d28ab180
"\001", watch_data = 0x31, next = 0xb00000001}
--
You are receiving this mail because:
You are watching all bug changes.
