Bug 32453

Summary: SIGABRT caused by malloc around exaPrepareAccessReg_mixed
Product: xorg Reporter: Brandon Philips <brandon>
Component: Driver/nouveauAssignee: Nouveau Project <nouveau>
Status: RESOLVED INVALID QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: medium    
Version: git   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments:
Description Flags
Xorg.1.log from the machine
none
dmesg
none
gdb backtrace
none
/var/log/gdm/:0.log.2
none
Latest backtrace
none
gdm capture of latest Xorg crash none

Description Brandon Philips 2010-12-16 13:27:18 UTC
Created attachment 41187 [details]
Xorg.1.log from the machine

Using git nouveau kernel, libdrm, and nouveau xorg driver as of today on top of openSUSE Factory Xorg. 

Backtrace from gdb:
#0  0x00007ff87fbb6ad5 in raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ff87fbb7fd6 in abort () at abort.c:92
#2  0x00007ff87fbf75da in __malloc_assert (assertion=<value optimized out>, 
    file=<value optimized out>, line=<value optimized out>, 
    function=<value optimized out>) at malloc.c:352
#3  0x00007ff87fbf97a6 in sYSMALLOc (av=0x7ff87feece80, bytes=15335424)
    at malloc.c:3094
#4  _int_malloc (av=0x7ff87feece80, bytes=15335424) at malloc.c:4747
#5  0x00007ff87fbfbc69 in __libc_malloc (bytes=15335424) at malloc.c:3661
#6  0x00007ff87d146ef4 in exaPrepareAccessReg_mixed (pPixmap=0x1aef1a0, 
    index=1, pReg=0x0) at exa_migration_mixed.c:203
#7  0x00007ff87d143602 in exaChangeWindowAttributes (pWin=0x1ad5dc0, mask=1)
    at exa.c:652
#8  0x00000000005602d7 in compChangeWindowAttributes (pWin=0x1ad5dc0, mask=1)
    at compinit.c:114
#9  0x0000000000436c4d in ChangeWindowAttributes (pWin=<value optimized out>, 
    vmask=1, vlist=<value optimized out>, client=0xb870d0) at window.c:1459
#10 0x000000000043cb78 in ProcChangeWindowAttributes (client=0xb870d0)
    at dispatch.c:693
#11 0x00000000004428f1 in Dispatch () at dispatch.c:432
#12 0x0000000000425b5e in main (argc=9, argv=<value optimized out>, 
    envp=<value optimized out>) at main.c:291

If I use the vesa driver the system comes up fine. Reproducing by launching emacs inside of a gnome session.

If I use MALLOC_CHECK_=3 /etc/init.d/xdm restart I can sometimes get Xorg w/ nouveau to work for a few days before crashing. But, that isn't a real solution.
Comment 1 Brandon Philips 2010-12-16 13:27:48 UTC
Created attachment 41188 [details]
dmesg
Comment 2 Brandon Philips 2010-12-16 13:28:14 UTC
Created attachment 41189 [details]
gdb backtrace
Comment 3 Michel Dänzer 2011-01-04 02:05:13 UTC
Is there more information about the malloc failure in the X server stderr output? Should be captured in the gdm/kdm log file.
Comment 4 Michel Dänzer 2011-01-06 00:57:24 UTC
Does the patch from bug 32803 happen to help for this as well?
Comment 5 Brandon Philips 2011-01-13 11:27:41 UTC
Created attachment 41982 [details]
/var/log/gdm/:0.log.2

Here is the gdm capture from Xorg. NOTE: I had to add export LIBC_FATAL_STDERR_=1 to get this.
Comment 6 Brandon Philips 2011-01-13 11:48:45 UTC
(In reply to comment #4)
> Does the patch from bug 32803 happen to help for this as well?

Yes, I have the patch from 32803 and I am still hitting the bug. I am running the latest xorg-x11-server from openSUSE: 
 https://build.opensuse.org/package/show?package=xorg-x11-server&project=X11%3AXOrg

Thanks, Brandon
Comment 7 Brandon Philips 2011-01-13 11:52:41 UTC
Created attachment 41985 [details]
Latest backtrace

With the latest Xorg available to me the backtrace has changed abit and is around malloc in exaPrepareAccessReg_mixed().

Starting with MALLOC_CHECK=3 still works around the issue.
Comment 8 Brandon Philips 2011-01-13 11:59:58 UTC
Created attachment 41986 [details]
gdm capture of latest Xorg crash

Here is what gdm captured from the latest Xorg when it crashes.
Comment 9 Michel Dänzer 2011-01-14 01:01:31 UTC
Well, the backtraces from the Xorg and gdm log files and from gdb all look different. :} So as in bug 32453, the real problem could be memory corruption somewhere else which is only caught in these places.

Apart from running the X server in valgrind, getting a gdb backtrace for the free() failure in the gdm log file might be useful.
Comment 11 Ilia Mirkin 2013-08-18 18:09:21 UTC
It appears that this bug report has laid dormant for quite a while. Sorry we haven't gotten to it. Since we fix bugs all the time, chances are pretty good that your issue has been fixed with the latest software. Please give it a shot. (Linux kernel 3.10.7, xf86-video-nouveau 1.0.9, mesa 9.1.6, or their git versions.) If upgrading to the latest isn't an option for you, your distro's bugzilla is probably the right destination for your bug report.

In an effort to clean up our bug list, we're pre-emptively closing all bugs that haven't seen updates since 2011. If the original issue remains, please make sure to provide fresh info, see http://nouveau.freedesktop.org/wiki/Bugs/ for what we need to see, and re-open this one.

Thanks,

The Nouveau Team

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.