Bug 181467

Summary: kudzu Segmentation fault [x86_64/x86emu]
Product: [Fedora] Fedora Reporter: Ronald Warsow <rwarsow>
Component: kudzuAssignee: Bill Nottingham <notting>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: ivg231, olen.e.boydstun, oliva, orion, prigault, rvokal, scop
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: 1.2.31-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 19:36:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
output from gdb kudzu
none
strace for 1.2.29
none
strace for 1.2.25
none
test program none

Description Ronald Warsow 2006-02-14 14:14:26 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.1) Gecko/20060210 Fedora/1.5.0.1-3 Firefox/1.5.0.1

Description of problem:
kudzu Segmentation fault on startup or if you do service kudzu start

Version-Release number of selected component (if applicable):
kudzu-1.2.28-1 kernel-2.6.15-1.1948_FC5

How reproducible:
Always

Steps to Reproduce:
1.service kudzu start
2.
3.
  

Actual Results:  Checking for hardware changes/etc/init.d/kudzu: line 23:  3377 Segmentation fault      /sbin/kudzu $KUDZU_ARGS
                                                           [FAILED]


Expected Results:  find new hardware, if there one. if not exits normal. maybe writes hwconf, modprobe.conf if exists

Additional info:

searching bugzilla gives some hints running gdb kudzu
s. attachement for output
Comment 1 Ronald Warsow 2006-02-14 14:16:49 UTC 
Created attachment 124615 [details]
output from gdb kudzu

maybe it's usefull
Comment 2 Sammy 2006-02-14 14:57:26 UTC 
I can confirm this on my x86_64 as well. Going back to yesterday fixes the
problem.
Comment 3 Bill Nottingham 2006-02-14 17:07:28 UTC 
Can you get a backtrace with kudzu-debuginfo installed? That one looks odd.
Comment 4 Ronald Warsow 2006-02-15 11:17:17 UTC 
yes, I can get a backtrace, but how do I do this ?
Comment 5 Sammy 2006-02-15 15:23:58 UTC 
I have some additional info. kudzu-1.2.29 is also segfaulting. I rebuilt the
rpms using today's gcc-4.1.0-0.27 and it still segfaults. The gdb output sais:

===================================================
Program received signal SIGSEGV, Segmentation fault.

rdb (addr=13610) at sys.c: 232
232          HALT_SYS();
====================================================

I rebuilt kudzu 1.2.25 using the same compiler and it works fine, so it does
not seem to be gcc.

I also did two straces of "strace -o file ./kudzu start" in /etc/rc.d/init.d.
There are some differences, may be it will make sense to you.
Comment 6 Sammy 2006-02-15 15:25:07 UTC 
Created attachment 124686 [details]
strace for 1.2.29
Comment 7 Sammy 2006-02-15 15:25:40 UTC 
Created attachment 124687 [details]
strace for 1.2.25
Comment 8 Bill Nottingham 2006-02-15 17:46:40 UTC 
I'm assuming downloading and running http://people.redhat.com/notting/ddc-fu
also segfaults?

For getting a stack trace, please see http://fedoraproject.org/wiki/StackTraces
Comment 9 Sammy 2006-02-15 19:06:01 UTC 
Yes ddc-fu segfaults AND both ddc-fu and running ./kudzu start in init.d
result in the whole screen filled with some garbled image. Doing ctrl+alt+f1
and back ctrl+alt+f7 clears the screen.
Comment 10 Bill Nottingham 2006-02-15 22:03:10 UTC 
For those seeing this, what sort of video hardware do you have?
Comment 11 Sammy 2006-02-16 01:17:18 UTC 
Happens on x86_64 only. Hardware:

Graphics card: NVIDIA Quadro FX 1400
=====================================================================
Monitor: Dell 2405FP (24 inch LCD, connected to dvi, mouse and keyboard 
                      connected to monitor usb ports)

    HorizSync       30.0 - 81.0
    VertRefresh     56.0 - 76.0
    ModeLine       "1920x1200" 154.0 1920 1968 2000 2080 1200 1203 1209 1235
+hsync -vsync
    ModeLine       "1600x1200" 161.0 1600 1704 1880 2160 1200 1201 1204 1242
-hsync +vsync
    ModeLine       "1280x1024" 138.5 1280 1368 1504 1728 1024 1025 1028 1069
-hsync +vsync
============================================================================

lspci -vvv output for video
01:00.0 VGA compatible controller: nVidia Corporation NV41GL [Quadro FX 1400]
(rev a2) (prog-if 00 [VGA])
        Subsystem: nVidia Corporation Unknown device 0243
        Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
        Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort-
<MAbort- >SERR- <PERR-
        Latency: 0
        Interrupt: pin A routed to IRQ 169
        Region 0: Memory at fc000000 (32-bit, non-prefetchable) [size=16M]
        Region 1: Memory at f0000000 (64-bit, prefetchable) [size=128M]
        Region 3: Memory at fd000000 (64-bit, non-prefetchable) [size=16M]
        [virtual] Expansion ROM at fea00000 [disabled] [size=128K]
        Capabilities: [60] Power Management version 2
                Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot-,D3cold-)
                Status: D0 PME-Enable- DSel=0 DScale=0 PME-
        Capabilities: [68] Message Signalled Interrupts: 64bit+ Queue=0/0 Enable-
                Address: 0000000000000000  Data: 0000
        Capabilities: [78] Express Endpoint IRQ 0
                Device: Supported: MaxPayload 128 bytes, PhantFunc 0, ExtTag-
                Device: Latency L0s <512ns, L1 <4us
                Device: AtnBtn- AtnInd- PwrInd-
                Device: Errors: Correctable- Non-Fatal+ Fatal+ Unsupported-
                Device: RlxdOrd+ ExtTag- PhantFunc- AuxPwr- NoSnoop+
                Device: MaxPayload 128 bytes, MaxReadReq 512 bytes
                Link: Supported Speed 2.5Gb/s, Width x16, ASPM L0s, Port 0
                Link: Latency L0s <256ns, L1 <16us
                Link: ASPM Disabled RCB 128 bytes CommClk+ ExtSynch-
                Link: Speed 2.5Gb/s, Width x16
        Capabilities: [100] Virtual Channel
        Capabilities: [128] Power Budgeting
Comment 12 Alexandre Oliva 2006-02-16 06:09:08 UTC 
NV17 [nVidia Geforce4 420 Go 32M (rev a3)], 1280x800 notebook display.
Comment 13 Ronald Warsow 2006-02-16 11:19:42 UTC 
here is my trace:
(gdb) run
Starting program: /sbin/kudzu

Program received signal SIGSEGV, Segmentation fault.
rdb (addr=12288) at sys.c:232
232                     HALT_SYS();


my video hardware is (lspci -vvv): 
01:00.0 VGA compatible controller: nVidia Corporation NV34 [GeForce FX 5200]
(rev a1) (prog-if 00 [VGA])
        Subsystem: ASUSTeK Computer Inc. Unknown device 8180
        Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop+ ParErr-
Stepping- SERR- FastB2B-
        Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
        Latency: 64 (1250ns min, 250ns max)
        Interrupt: pin A routed to IRQ 11
        Region 0: Memory at fb000000 (32-bit, non-prefetchable) [size=16M]
        Region 1: Memory at f0000000 (32-bit, prefetchable) [size=128M]
        Expansion ROM at faf00000 [disabled] [size=128K]
        Capabilities: [60] Power Management version 2
                Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot-,D3cold-)
                Status: D0 PME-Enable- DSel=0 DScale=0 PME-
        Capabilities: [44] AGP version 3.0
                Status: RQ=32 Iso- ArqSz=0 Cal=3 SBA+ ITACoh- GART64- HTrans-
64bit- FW+ AGP3+ Rate=x4,x8
                Command: RQ=1 ArqSz=0 Cal=0 SBA- AGP- GART64- 64bit- FW- Rate=<none>
Comment 14 Sammy 2006-02-16 20:25:19 UTC 
I am not sure whether 1.2.30 was expected to resolve this but it is still
segfaulting.
Comment 15 Ville Skyttä 2006-02-17 16:24:50 UTC 
Reproduced here too.  Hardware is MSI K8NGM2-FID motherboard (nForce 6150/430)
with integrated video, HP f2105 connected via DVI:

00:05.0 VGA compatible controller: nVidia Corporation C51 PCI Express Bridge
(rev a2) (prog-if 00 [VGA])
	Subsystem: Micro-Star International Co., Ltd. Unknown device 7207
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping-
SERR- FastB2B-
	Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort-
<MAbort- >SERR- <PERR-
	Latency: 0
	Interrupt: pin A routed to IRQ 18
	Region 0: Memory at fd000000 (32-bit, non-prefetchable) [size=16M]
	Region 1: Memory at d0000000 (64-bit, prefetchable) [size=256M]
	Region 3: Memory at fc000000 (64-bit, non-prefetchable) [size=16M]
	[virtual] Expansion ROM at feae0000 [disabled] [size=128K]
	Capabilities: [48] Power Management version 2
		Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
		Status: D0 PME-Enable- DSel=0 DScale=0 PME-
	Capabilities: [50] Message Signalled Interrupts: 64bit+ Queue=0/0 Enable-
		Address: 0000000000000000  Data: 0000
Comment 16 Ville Skyttä 2006-02-17 23:22:39 UTC 
By the way, ddcprobe (unsurprisingly?) crashes the same way in _kudzumodule.so.
Comment 17 Alexandre Oliva 2006-02-17 23:39:16 UTC 
backtrace from ddcprobe:

#0  rdw (addr=12288) at sys.c:257
#1  0x00002aacaa09f9ca in fetch_data_word (offset=Variable "offset" is not
available.
) at decode.c:327
#2  0x00002aacaa0a71ac in x86emuOp_sbb_word_RM_R (op1=Variable "op1" is not
available.
) at ops.c:1498
#3  0x00002aacaa0a0421 in X86EMU_exec () at decode.c:123
#4  0x00002aacaa09f40e in real_call (registers=0x7fffffe01e70) at thunk.c:200
#5  0x00002aacaa09e920 in get_edid_supported () at vbe.c:262
#6  0x00002aacaa09c517 in ddcProbe (probeClass=CLASS_MONITOR,
probeFlags=Variable "probeFlags" is not available.
)
    at ddc.c:423
#7  0x00002aacaa093d8e in probeDevices (probeClass=CLASS_MONITOR,
    probeBus=BUS_DDC, probeFlags=1) at kudzu.c:806
#8  0x00002aacaa091441 in doProbe (self=Variable "self" is not available.
) at kudzumodule.c:461
#9  0x0000003748d950c8 in PyEval_EvalFrame ()
   from /usr/lib64/libpython2.4.so.1.0

get_data_offset(), called from fetch_data_word(), returns 0.  registers->ds is
indeed zero in X86EMU_exec().
Comment 18 Bill Nottingham 2006-02-20 20:21:25 UTC 
Created attachment 124905 [details]
test program

Here's a new test program build - does this a) segfault b) print useful
information about your monitor?
Comment 19 Ville Skyttä 2006-02-20 20:59:05 UTC 
Doesn't segfault, and prints some useful info, but not about the monitor.

# ./ddc-fu
-
class: VIDEO
bus: DDC
detached: 0
desc: "NVIDIA Corporation Crush50 Board - c51pv0"
mem: 65536
Comment 20 Ivan Gyurdiev 2006-02-21 01:51:13 UTC 
[root@cobra downloads]# ./ddc-fu
-
class: VIDEO
bus: DDC
detached: 0
desc: "NVIDIA Corporation nv41 Board - p317h20"
mem: 262144
Comment 21 Alexandre Oliva 2006-02-21 03:37:20 UTC 
[root@livre ~]# /l/tmp/build/ddc-fu
-
class: VIDEO
bus: DDC
detached: 0
desc: "NVIDIA Corporation NV17 Board - m17refnz"
mem: 65536
[root@livre ~]#
Comment 22 Bill Nottingham 2006-02-21 19:36:45 UTC 
Shouldn't crash any more in 1.2.31-1.
Comment 23 Ivan Gyurdiev 2006-02-21 19:51:36 UTC 
Why isn't monitor information displayed?
My monitor wasn't properly detected during -test*.
Is this relevant?
Comment 24 Bill Nottingham 2006-02-21 19:53:23 UTC 
It's not displayed because the EDID block returned isn't valid.
Comment 25 Ville Skyttä 2006-02-21 20:28:41 UTC 
FWIW, a few weeks ago I was able to grab an EDID block using the NVIDIA
proprietary nvidia-settings tool, feed it to a perl script found in Mandriva and
get useful data out of it (in order to verify the HP f2105 entry I was about to
submit for inclusion in MonitorsDB).
Comment 26 Bill Nottingham 2006-02-21 20:30:09 UTC 
Interesting. What does the tool do? ioctl? vm86 code? Something else? (You
should be able to get an idea with strace).
Comment 27 Ville Skyttä 2006-02-21 20:50:26 UTC 
strace output and the grabbed edid are at http://koti.welho.com/vskytta/edid/ ,
I clicked the "Acquire EDID" button in the app around line 3330 in the strace
file.  Quite a few ioctl's there it seems.
Comment 28 Bill Nottingham 2006-02-21 20:54:41 UTC 
Hm, yeah, but that looks like mainly X noise. strace -f any more enlightening?
Comment 29 Ville Skyttä 2006-02-21 21:19:51 UTC 
strace-f.txt uploaded to the same place, and the aqcuire edid click again around
line 3300 through it.
Comment 30 Bill Nottingham 2006-02-22 18:00:20 UTC 
*** Bug 182353 has been marked as a duplicate of this bug. ***
Comment 31 Orion Poplawski 2006-02-22 18:13:03 UTC 
-
class: VIDEO
bus: DDC
detached: 0
desc: "NVIDIA Corporation Crush50 Board - c51pv0"
mem: 65536
-
class: MONITOR
bus: DDC
detached: 0
desc: "Radius"
id: RDS1546
horizSyncMin: 30
horizSyncMax: 63
vertRefreshMin: 50
vertRefreshMax: 75
Comment 32 Orion Poplawski 2006-02-22 18:15:46 UTC 
Sorry, the above is the output of ddc-fu.2
Comment 33 Alexandre Oliva 2006-02-23 18:12:22 UTC 
Confirmed not crashing any more.  ddcprobe still fails to detect the LCD
monitor, but I guess that's still expected :-(
Comment 34 Bill Nottingham 2006-02-24 16:35:54 UTC 
Well, it would be interesting to know if a 32-bit install can probe it, as that
would show a difference between the LRMI-using real-mode code, as opposed to the
code run through x86emu. However, not-crashing is the main goal. :)
Comment 35 Alexandre Oliva 2006-02-24 18:00:03 UTC 
That I can easily tell, but from a different notebook (PIII) with a different
nvidia card:

[root@vapaa ~]# ddcprobe

Videocard autoprobe results
Description:  NVidia Corporation NV10 Reference Board
Memory (MB):  32

Monitor autoprobe results
Monitor autoprobe failed.
Comment 36 Bill Nottingham 2006-02-27 19:12:23 UTC 
*** Bug 183128 has been marked as a duplicate of this bug. ***
Comment 37 Bill Nottingham 2006-03-09 16:25:26 UTC 
*** Bug 184397 has been marked as a duplicate of this bug. ***