Bug 23742

Summary: memory corruption on ati/radeon driver or xorg core
Product: xorg Reporter: Matti Aarnio <matti.aarnio>
Component: Driver/RadeonAssignee: xf86-video-ati maintainers <xorg-driver-ati>
Status: RESOLVED WORKSFORME QA Contact: Xorg Project Team <xorg-team>
Severity: major    
Priority: medium    
Version: git   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments:
Description Flags
sample copy of /var/log/Xorg.0.log none

Description Matti Aarnio 2009-09-06 06:52:14 UTC
Created attachment 29267 [details]
sample copy of /var/log/Xorg.0.log

Running bleeding edge Fedora 12 Rawhide  xorg  server with modules
loaded from following packages:

  xorg-x11-server-Xorg-1.6.99-45.20090903.fc12.x86_64
  xorg-x11-drv-ati-6.13.0-0.2.20090821gitb1b77a4d6.fc12.x86_64
  xorg-x11-drv-evdev-2.2.99-6.20090814.fc12.x86_64

Crashes either back to text console, or wedges so badly, that graphics stays on without other recovery, than reboot (on Linux done with SysReq keys, thankfully)
Sometimes it just wedges without any hint of problems on the log files.

Some sample backtraces from my saved case logs, malloc()/realloc()/free()
does appear in them more often than not.

Backtrace:
0: /usr/bin/X (xorg_backtrace+0x28) [0x46b1c8]
1: /usr/bin/X (0x400000+0x65b79) [0x465b79]
2: /lib64/libpthread.so.0 (0x7f1ce9957000+0xf320) [0x7f1ce9966320]
3: /usr/bin/X (FreeResource+0xae) [0x430dde]
4: /usr/bin/X (0x400000+0x2bafb) [0x42bafb]
5: /usr/bin/X (0x400000+0x2dfac) [0x42dfac]
6: /usr/bin/X (0x400000+0x21d1a) [0x421d1a]
7: /lib64/libc.so.6 (__libc_start_main+0xfd) [0x7f1ce8129b4d]
8: /usr/bin/X (0x400000+0x218c9) [0x4218c9]
Segmentation fault at address (nil)

Fatal server error:
Caught signal 11 (Segmentation fault). Server aborting


This is easy-ish to provoke with repeatedly poking left-control,
which is then drawing concentric rings around the cursor.  Usually
at that time the system crashes with following kind of reports,
but unfortunately not always.


[mi] EQ overflowing. The server is probably stuck in an infinite loop.

Backtrace:
0: /usr/bin/X (xorg_backtrace+0x28) [0x46b1c8]
1: /usr/bin/X (mieqEnqueue+0x1f4) [0x456cc4]
2: /usr/bin/X (xf86PostMotionEventP+0xde) [0x47894e]
3: /usr/lib64/xorg/modules/input/evdev_drv.so (0x7f584932f000+0x3dff) [0x7f5849332dff]
4: /usr/bin/X (0x400000+0x6bb17) [0x46bb17]
5: /usr/bin/X (0x400000+0xfcd13) [0x4fcd13]
6: /lib64/libpthread.so.0 (0x7f58609d8000+0xf320) [0x7f58609e7320]
7: /lib64/libc.so.6 (0x7f585f18c000+0xeff8e) [0x7f585f27bf8e]
8: /lib64/libc.so.6 (0x7f585f18c000+0x7d3da) [0x7f585f2093da]
9: /lib64/libc.so.6 (__libc_malloc+0x67) [0x7f585f206f57]
10: /lib64/libc.so.6 (0x7f585f18c000+0x6fe65) [0x7f585f1fbe65]
11: /lib64/libc.so.6 (0x7f585f18c000+0x75876) [0x7f585f201876]
12: /lib64/libc.so.6 (0x7f585f18c000+0x7a803) [0x7f585f206803]
13: /lib64/libc.so.6 (0x7f585f18c000+0x7c5e2) [0x7f585f2085e2]
14: /lib64/libc.so.6 (realloc+0xe5) [0x7f585f208cb5]
15: /usr/bin/X (miRectAlloc+0x37) [0x458647]
16: /usr/lib64/xorg/modules/libfb.so (fbPixmapToRegion+0x46f) [0x7f585b9ae6cf]
17: /usr/bin/X (0x400000+0x9abc9) [0x49abc9]
18: /usr/bin/X (0x400000+0x9be65) [0x49be65]
19: /usr/bin/X (0x400000+0x2dfac) [0x42dfac]
20: /usr/bin/X (0x400000+0x21d1a) [0x421d1a]
21: /lib64/libc.so.6 (__libc_start_main+0xfd) [0x7f585f1aab4d]
22: /usr/bin/X (0x400000+0x218c9) [0x4218c9]

[mi] EQ overflowing. The server is probably stuck in an infinite loop.

Backtrace:
0: /usr/bin/X (xorg_backtrace+0x28) [0x46b1c8]
1: /usr/bin/X (mieqEnqueue+0x1f4) [0x456cc4]
2: /usr/bin/X (xf86PostMotionEventP+0xde) [0x47894e]
3: /usr/lib64/xorg/modules/input/evdev_drv.so (0x7fad872dc000+0x3dff) [0x7fad872dfdff]
4: /usr/bin/X (0x400000+0x6bb17) [0x46bb17]
5: /usr/bin/X (0x400000+0xfcd13) [0x4fcd13]
6: /lib64/libpthread.so.0 (0x7fad9e985000+0xf320) [0x7fad9e994320]
7: /lib64/libc.so.6 (0x7fad9d139000+0xeff8e) [0x7fad9d228f8e]
8: /lib64/libc.so.6 (0x7fad9d139000+0x7d3da) [0x7fad9d1b63da]
9: /lib64/libc.so.6 (__libc_malloc+0x67) [0x7fad9d1b3f57]
10: /lib64/libc.so.6 (0x7fad9d139000+0x6fe65) [0x7fad9d1a8e65]
11: /lib64/libc.so.6 (0x7fad9d139000+0x75876) [0x7fad9d1ae876]
12: /lib64/libc.so.6 (0x7fad9d139000+0x79e16) [0x7fad9d1b2e16]
13: /lib64/libc.so.6 (__libc_malloc+0x72) [0x7fad9d1b3f62]
14: /usr/bin/X (miRegionCreate+0x23) [0x458e93]
15: /usr/bin/X (miValidatePicture+0x1ab) [0x560d9b]
16: /usr/bin/X (0x400000+0xb643a) [0x4b643a]
17: /usr/bin/X (ValidatePicture+0x9) [0x4b6459]
18: /usr/bin/X (CompositePicture+0xad) [0x4b697d]
19: /usr/bin/X (miTrapezoids+0x21e) [0x55e9fe]
20: /usr/bin/X (0x400000+0xb2f47) [0x4b2f47]
21: /usr/bin/X (0x400000+0x2dfac) [0x42dfac]
22: /usr/bin/X (0x400000+0x21d1a) [0x421d1a]
23: /lib64/libc.so.6 (__libc_start_main+0xfd) [0x7fad9d157b4d]
24: /usr/bin/X (0x400000+0x218c9) [0x4218c9]
Comment 1 Matti Aarnio 2009-09-06 07:38:27 UTC
The mouse position indication is actually a Gnome feature possible to turn off with  gnome-mouse-properties, and ticking off "Locate Pointer".
I just turned it off, and will commence testing, if it could save me from crashes.
Comment 2 daniel 2009-09-06 08:03:24 UTC
(In reply to comment #0)
> 
> Crashes either back to text console, or wedges so badly, that graphics stays on
> without other recovery, than reboot (on Linux done with SysReq keys,
> thankfully)
maybe related:
http://bugzilla.kernel.org/show_bug.cgi?id=14064
http://bugzilla.kernel.org/show_bug.cgi?id=14065
http://bugzilla.kernel.org/show_bug.cgi?id=13925
Comment 3 Matti Aarnio 2009-09-06 09:30:19 UTC
> maybe related:
> http://bugzilla.kernel.org/show_bug.cgi?id=14064
> http://bugzilla.kernel.org/show_bug.cgi?id=14065
> http://bugzilla.kernel.org/show_bug.cgi?id=13925

No.  The problem is not in kernel, always in the X server itself,
which crashes with backtraces.

Kernel has never reported anything being wrong, and non-X-consoled
service application do continue to work.

I have been able to reduce this likelyhood by DISABLING the Gnome
mouse setting "Locate Pointer".  In fact it has not happened since
I turned that feature off.

I have never had problems with mplayer, like those quoted cases show.
Comment 4 Matti Aarnio 2009-09-10 02:17:45 UTC
Apparently this got fixed when Fedora updated ATI driver to new svn snapshot.
These work:

 xorg-x11-drv-ati-6.13.0-0.3.20090908git651fe5a47.fc12.x86_64
 xorg-x11-server-Xorg-1.6.99.900-1.fc12.x86_64


Status "Probably fixed" should exist...

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.