50946 – pixman-0.26.0: Dragging cursor over moving background corrupts pointer area and locks machine up

Bug 50946 - pixman-0.26.0: Dragging cursor over moving background corrupts pointer area and locks machine up

Summary: pixman-0.26.0: Dragging cursor over moving background corrupts pointer area a...

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	pixman
Classification:	Unclassified
Component:	pixman (show other bugs)
Version:	other
Hardware:	Other Linux (All)

Importance:	medium normal
Assignee:	Matt Turner
QA Contact:	Søren Sandmann Pedersen

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-06-10 11:59 UTC by Petr Pisar
Modified:	2013-01-13 10:49 UTC (History)
CC List:	1 user (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Petr Pisar 2012-06-10 11:59:07 UTC

I experience a bug in pixman 0.26.0 on Linux n32 MIPS64 with SMI graphics card and Loongson 2F processor.

If I try to move a window by dragging it by a pointer or moving a slit bar between bookmark area and document area in xpdf, the rectangle area under the pointer gets corrupted (some dark horizontal lines appear there) and the machine usually crashes (complete lock-up, no IP or SysRq responsible).

The 0.24.4 version of pixman is Ok.

Comment 1 Matt Turner 2012-06-11 10:37:38 UTC

Interesting. Thanks for the report. I'll take a look.

Comment 2 Matt Turner 2012-06-11 11:04:43 UTC

If you configure pixman-0.26.0 with --disable-loongson-mmi, can you reproduce your problem?

Comment 3 Petr Pisar 2012-06-11 11:52:16 UTC

Good point. Disabling the FPU vector optimizations specific for Loongson helped. (I thought they have been merged after 0.26.0 release.)

I compile with CFLAGS="-O2 -march=loongson2f -mabi=n32 -pipe -mplt -Wa,-mfix-loongson2f-nop" LDFLAGS="-Wl,-O1 -Wl,--as-needed" using GCC-4.6.3 and binutils-2.22. I have "ICT Loongson-2 V0.3  FPU V0.1" processor.

Comment 4 Siarhei Siamashka 2012-06-11 14:09:05 UTC

To Petr Pisar: Could you try to compile and run the following simple test program (with -O2 optimizations)?

    #include <stdio.h>
    #include <stdlib.h>
    #include <unistd.h>
    #include <time.h>
    #include <signal.h>
    #include <string.h>
    #include <sys/time.h>
     
    void alarm_handler(int a)
    {
            volatile double d1 = 1.1, d2 = 2.2, d3;
            d3 = d1 + d2;
            printf(".\n");
            alarm(1);
    }
     
    int main(int argc, char **argv)
    {
            volatile double d = 1.5;
            signal(SIGALRM, alarm_handler);
            alarm(1);
            while (d == 1.5) {}
            printf("we should not be here\n");
            return 0;
    }

Comment 5 Petr Pisar 2012-06-12 11:03:08 UTC

(In reply to comment #4)
> To Petr Pisar: Could you try to compile and run the following simple test
> program (with -O2 optimizations)?
> 
It works flawlessly.

Comment 6 Petr Pisar 2012-08-06 18:26:22 UTC

I cannot reproduce this issue with pixman-0.27.2.

Notice 1: It's possible the lock-up was caused by X server killed by kernel due to the bug in the pixman. This puts the virtual console into dead state usually.

Notice 2: If I find SIGILLing application on the Loongson, it usually turn outs the compiler optimizes float arithmetics to multiply-and-add instruction which causes FPU exception if the factor register contains not-a-number (e.g. a result of previous division by zero).

Comment 7 Siarhei Siamashka 2012-10-26 02:47:56 UTC

(In reply to comment #6)
> I cannot reproduce this issue with pixman-0.27.2.
> 
> Notice 1: It's possible the lock-up was caused by X server killed by kernel
> due to the bug in the pixman.

It's more like the lock-up is caused by the kernel failing to correctly save/restore FPU state on context switches, causing FPU registers to contain unpredictable/corrupted values and various bad things happening. If 'make check' test passes for pixman on your machine, then the culprit is almost certainly your kernel.

The X server itself is a bit unique in the way it does input handling: http://ajaxxx.livejournal.com/62378.html
The code from comment 4 was an adapted variant of the testcase intended to reproduce the issue with *very* similar symptoms on ARM a long time ago (dragging cursor means that a lot of input handling and drawing via pixman is happening at the same time): https://bugs.launchpad.net/ubuntu/+source/linux-fsl-imx51/+bug/507503
Even though the test seemed to work on your machine, no real conclusions can be made yet. In any case you need to debug the issue and identify the root cause of it yourself. Or wait for somebody else to successfully reproduce the problem. Good luck.

Comment 8 Søren Sandmann Pedersen 2013-01-13 10:49:08 UTC

Nobody can reproduce this anymore, so I'm closing the bug. If the issue resurfaces, feel free to reopen.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.