Xorg crashing in pci_device_vgaarb_set_target

Peter Kasza peter.kasza at itinsight.hu
Mon Oct 9 11:07:56 UTC 2017


Hi all,

I'm getting itermittent crashes on a vfio enabled machine. I'm not
able to recreate it on purpose, but it seems to be occurring when
virtualbox VMs and Firefox are running.

>From the backtrace I suspect that some bogus parameter is passed to
the snprintf call, but other than that I'm not sure.

The crash occurs in libpciaccess - pci_device_vgaarb_set_target. I
have the latest release installed (0.13.5).

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f17082667a3 in __GI__IO_default_xsputn () from /usr/lib/libc.so.6
[Current thread is 1 (Thread 0x7f170aa11940 (LWP 491))]
(gdb) bt
#0  0x00007f17082667a3 in __GI__IO_default_xsputn () at /usr/lib/libc.so.6
#1  0x00007f1708259b2d in __GI__IO_padn () at /usr/lib/libc.so.6
#2  0x00007f1708239938 in vfprintf () at /usr/lib/libc.so.6
#3  0x00007f17082efcbb in __vsnprintf_chk () at /usr/lib/libc.so.6
#4  0x00007f17082efbe5 in __snprintf_chk () at /usr/lib/libc.so.6
#5  0x00007f1709a966b8 in pci_device_vgaarb_set_target () at /usr/lib/libpciaccess.so.0
#6  0x00005616427d1fc8 in  ()

>From common_vgaarb.c:

int
pci_device_vgaarb_set_target(struct pci_device *dev)
{
    int len;
    char buf[BUFSIZE + 1]; /* reading BUFSIZE characters, + 1 for NULL */
    int ret;

    if (!dev)
        dev = pci_sys->vga_default_dev;
    if (!dev)
        return -1;

    // Crash is here:
    len = snprintf(buf, BUFSIZE, "target PCI:%04x:%02x:%02x.%x",
                   dev->domain, dev->bus, dev->dev, dev->func);

    ret = vgaarb_write(pci_sys->vgaarb_fd, buf, len);
    if (ret)
        return ret;
    ...
}

Other people seem to get the same error too:
https://bbs.archlinux.org/viewtopic.php?id=224824
https://www.redhat.com/archives/vfio-users/2017-July/msg00001.html

Any help is appreciated.

-- 
Best Regards,
Peter Kasza

http://www.itinsight.hu
peter.kasza at itinsight.hu

()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments


More information about the xorg mailing list