Bug 435739
| Summary: | X Crashes after some time | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jan Arne Petersen <janarne> | ||||||
| Component: | xorg-x11-server | Assignee: | Peter Hutterer <peter.hutterer> | ||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||||
| Severity: | low | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | 9 | CC: | xgl-maint | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | 9 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2008-07-18 05:51:19 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 296637 [details]
/etc/X11/xorg.conf
Created attachment 296638 [details]
/var/log/Xorg.0.log.old
The last two lines are related to the crash.
Hm, I think it is more related to the bluetooth mouse/keyboard input than to the radeon video driver. After the crash and the X restart the keyboard doesn't work (the mouse is still working). I have to switch the bluetooth device from HCI into USB HID mode to make the keyboard work again. dmesg output:
------------[ cut here ]------------
WARNING: at kernel/mutex.c:134 mutex_lock_nested+0xba/0x271() (Not tainted)
Modules linked in: vfat fat hidp hci_usb rfcomm l2cap bluetooth sunrpc ib_iser
rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi
scsi_transport_iscsi dm_mirror dm_multipath dm_mod radeon drm ipv6 parport_pc
parport floppy pcspkr serio_raw via_ircc snd_emu10k1_synth snd_emux_synth irda
snd_seq_virmidi snd_seq_midi_emul crc_ccitt i2c_viapro i2c_core usb_storage
snd_emu10k1 snd_rawmidi snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss
snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_device
snd_timer snd_page_alloc snd_util_mem button joydev 8139cp emu10k1_gp snd_hwdep
firewire_ohci snd firewire_core gameport 8139too soundcore crc_itu_t sr_mod sg
via_rhine mii cdrom pata_acpi ata_generic pata_via libata sd_mod scsi_mod ext3
jbd mbcache uhci_hcd ohci_hcd ehci_hcd [last unloaded: scsi_wait_scan]
Pid: 2621, comm: Xorg Not tainted 2.6.25-0.95.rc4.fc9 #1
[<c042862b>] warn_on_slowpath+0x47/0x75
[<c040a2f8>] ? native_sched_clock+0xb5/0xd1
[<c0444673>] ? mark_held_locks+0x4e/0x66
[<c0638e93>] ? _spin_unlock_irq+0x22/0x2f
[<c04447fb>] ? trace_hardirqs_on+0xe9/0x10a
[<c0638e93>] ? _spin_unlock_irq+0x22/0x2f
[<c0636f9f>] ? wait_for_common+0xf8/0x102
[<c0422464>] ? default_wake_function+0x0/0xd
[<c0637820>] mutex_lock_nested+0xba/0x271
[<c058eabb>] ? input_release_device+0x19/0x2b
[<c0437a6e>] ? wakeme_after_rcu+0x0/0xe
[<c058eabb>] input_release_device+0x19/0x2b
[<c05920e1>] evdev_release+0x40/0xb0
[<c048925c>] __fput+0xb3/0x157
[<c0489317>] fput+0x17/0x19
[<c04869af>] filp_close+0x50/0x5a
[<c0486a2c>] sys_close+0x73/0xad
[<c0405d16>] syscall_call+0x7/0xb
=======================
---[ end trace 6d242f93cf8d82b2 ]---
BUG: unable to handle kernel paging request at 6b6b6b6b
IP: [<c0500af4>] __list_add+0x21/0x4a
*pde = 00000000
Oops: 0000 [#1] SMP
Modules linked in: vfat fat hidp hci_usb rfcomm l2cap bluetooth sunrpc ib_iser
rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi
scsi_transport_iscsi dm_mirror dm_multipath dm_mod radeon drm ipv6 parport_pc
parport floppy pcspkr serio_raw via_ircc snd_emu10k1_synth snd_emux_synth irda
snd_seq_virmidi snd_seq_midi_emul crc_ccitt i2c_viapro i2c_core usb_storage
snd_emu10k1 snd_rawmidi snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss
snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_device
snd_timer snd_page_alloc snd_util_mem button joydev 8139cp emu10k1_gp snd_hwdep
firewire_ohci snd firewire_core gameport 8139too soundcore crc_itu_t sr_mod sg
via_rhine mii cdrom pata_acpi ata_generic pata_via libata sd_mod scsi_mod ext3
jbd mbcache uhci_hcd ohci_hcd ehci_hcd [last unloaded: scsi_wait_scan]
Pid: 2621, comm: Xorg Not tainted (2.6.25-0.95.rc4.fc9 #1)
EIP: 0060:[<c0500af4>] EFLAGS: 00013046 CPU: 0
EIP is at __list_add+0x21/0x4a
EAX: 6b6b6b6b EBX: f29adf14 ECX: f40ba6e4 EDX: 6b6b6b6b
ESI: f40ba6c0 EDI: 00003246 EBP: f29adeec ESP: f29adee8
DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process Xorg (pid: 2621, ti=f29ad000 task=f2548000 task.ti=f29ad000)
Stack: f40ba6c4 f29adf34 c0637864 00000000 00000002 c058eabb c058eabb 00000000
f2548000 f40ba6e4 f40ba6f8 f29adf14 f29adf14 11111111 f40ba6c0 f29adf14
f2904b7c f40ba6c0 f26f3f00 f29adf44 c058eabb f2904b60 f35b3120 f29adf5c
Call Trace:
[<c0637864>] ? mutex_lock_nested+0xfe/0x271
[<c058eabb>] ? input_release_device+0x19/0x2b
[<c058eabb>] ? input_release_device+0x19/0x2b
[<c058eabb>] ? input_release_device+0x19/0x2b
[<c05920e1>] ? evdev_release+0x40/0xb0
[<c048925c>] ? __fput+0xb3/0x157
[<c0489317>] ? fput+0x17/0x19
[<c04869af>] ? filp_close+0x50/0x5a
[<c0486a2c>] ? sys_close+0x73/0xad
[<c0405d16>] ? syscall_call+0x7/0xb
=======================
Code: 02 00 01 10 00 8b 5d fc c9 c3 55 89 e5 53 89 c3 8b 41 04 39 d0 74 14 51 50
52 68 d3 ab 6e c0 e8 25 c3 13 00 0f 0b 83 c4 10 eb fe <8b> 10 39 ca 74 14 50 52
51 68 23 ac 6e c0 e8 0b c3 13 00 0f 0b
EIP: [<c0500af4>] __list_add+0x21/0x4a SS:ESP 0068:f29adee8
---[ end trace 6d242f93cf8d82b2 ]---
agpgart: Found an AGP 2.0 compliant device at 0000:00:00.0.
agpgart: Putting AGP V2 device at 0000:00:00.0 into 4x mode
agpgart: Putting AGP V2 device at 0000:01:00.0 into 4x mode
[drm] Setting GART location based on new memory map
[drm] Loading R200 Microcode
[drm] writeback test succeeded in 1 usecs
=============================================================================
BUG kmalloc-4096 (Tainted: G D ): Poison overwritten
-----------------------------------------------------------------------------
INFO: 0xf40ba6c5-0xf40ba6c5. First byte 0x6c instead of 0x6b
INFO: Allocated in input_allocate_device+0x13/0x8b age=1943783 cpu=0 pid=3121
INFO: Freed in input_dev_release+0x1a/0x24 age=118958 cpu=0 pid=3173
INFO: Slab 0xc1b62840 used=4294967295 fp=0xf40bc0c0 flags=0x40004002
INFO: Object 0xf40ba060 @offset=8288 fp=0xf40bd0f0
Bytes b4 0xf40ba050: 65 0c 00 00 5e 92 1a 00 5a 5a 5a 5a 5a 5a 5a 5a
e...^...ZZZZZZZZ
Object 0xf40ba060: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
Object 0xf40ba070: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
Object 0xf40ba080: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
Object 0xf40ba090: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
Object 0xf40ba0a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
Object 0xf40ba0b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
Object 0xf40ba0c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
Object 0xf40ba0d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
Redzone 0xf40bb060: bb bb bb bb ����
Padding 0xf40bb088: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ
Pid: 3408, comm: khidpd_046db003 Tainted: G D 2.6.25-0.95.rc4.fc9 #1
[<c0483442>] print_trailer+0x111/0x119
[<c04834cb>] check_bytes_and_report+0x81/0xa4
[<c04835bc>] check_object+0xa4/0x184
[<c04831fb>] ? slab_pad_check+0x20/0xaf
[<c04836d3>] __free_slab+0x37/0x94
[<c0483763>] discard_slab+0x33/0x35
[<c04848b2>] __slab_free+0xae/0x265
[<c0484c46>] kfree+0xb3/0xec
[<c05ac970>] ? hid_free_device+0x83/0x8b
[<c05ac970>] ? hid_free_device+0x83/0x8b
[<c05ac970>] hid_free_device+0x83/0x8b
[<f8c19472>] hidp_session+0x475/0x54f [hidp]
[<c0638e93>] ? _spin_unlock_irq+0x22/0x2f
[<c0405d85>] ? restore_nocheck+0x12/0x15
[<c0422464>] ? default_wake_function+0x0/0xd
[<c0422464>] ? default_wake_function+0x0/0xd
[<f8c18ffd>] ? hidp_session+0x0/0x54f [hidp]
[<c04069f3>] kernel_thread_helper+0x7/0x10
=======================
FIX kmalloc-4096: Restoring 0xf40ba6c5-0xf40ba6c5=0x6b
BUG: unable to handle kernel paging request at 6b6b6b6b
IP: [<c0500af4>] __list_add+0x21/0x4a
*pde = 00000000
Oops: 0000 [#2] SMP
Modules linked in: vfat fat hidp hci_usb rfcomm l2cap bluetooth sunrpc ib_iser
rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi
scsi_transport_iscsi dm_mirror dm_multipath dm_mod radeon drm ipv6 parport_pc
parport floppy pcspkr serio_raw via_ircc snd_emu10k1_synth snd_emux_synth irda
snd_seq_virmidi snd_seq_midi_emul crc_ccitt i2c_viapro i2c_core usb_storage
snd_emu10k1 snd_rawmidi snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss
snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_device
snd_timer snd_page_alloc snd_util_mem button joydev 8139cp emu10k1_gp snd_hwdep
firewire_ohci snd firewire_core gameport 8139too soundcore crc_itu_t sr_mod sg
via_rhine mii cdrom pata_acpi ata_generic pata_via libata sd_mod scsi_mod ext3
jbd mbcache uhci_hcd ohci_hcd ehci_hcd [last unloaded: scsi_wait_scan]
Pid: 4690, comm: Xorg Tainted: G D (2.6.25-0.95.rc4.fc9 #1)
EIP: 0060:[<c0500af4>] EFLAGS: 00013046 CPU: 0
EIP is at __list_add+0x21/0x4a
EAX: 6b6b6b6b EBX: f3fdbf14 ECX: f40bb714 EDX: 6b6b6b6b
ESI: f40bb6f0 EDI: 00003246 EBP: f3fdbeec ESP: f3fdbee8
DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process Xorg (pid: 4690, ti=f3fdb000 task=f37fe000 task.ti=f3fdb000)
Stack: f40bb6f4 f3fdbf34 c0637864 00000000 00000002 c058eabb c058eabb 00000000
f37fe000 f40bb714 f40bb728 f3fdbf14 f3fdbf14 11111111 f40bb6f0 f3fdbf14
f2903eec f40bb6f0 f34c4800 f3fdbf44 c058eabb f2903ed0 f35b49b0 f3fdbf5c
Call Trace:
[<c0637864>] ? mutex_lock_nested+0xfe/0x271
[<c058eabb>] ? input_release_device+0x19/0x2b
[<c058eabb>] ? input_release_device+0x19/0x2b
[<c058eabb>] ? input_release_device+0x19/0x2b
[<c05920e1>] ? evdev_release+0x40/0xb0
[<c048925c>] ? __fput+0xb3/0x157
[<c0489317>] ? fput+0x17/0x19
[<c04869af>] ? filp_close+0x50/0x5a
[<c0486a2c>] ? sys_close+0x73/0xad
[<c0405d16>] ? syscall_call+0x7/0xb
=======================
Code: 02 00 01 10 00 8b 5d fc c9 c3 55 89 e5 53 89 c3 8b 41 04 39 d0 74 14 51 50
52 68 d3 ab 6e c0 e8 25 c3 13 00 0f 0b 83 c4 10 eb fe <8b> 10 39 ca 74 14 50 52
51 68 23 ac 6e c0 e8 0b c3 13 00 0f 0b
EIP: [<c0500af4>] __list_add+0x21/0x4a SS:ESP 0068:f3fdbee8
---[ end trace 6d242f93cf8d82b2 ]---
agpgart: Found an AGP 2.0 compliant device at 0000:00:00.0.
agpgart: Putting AGP V2 device at 0000:00:00.0 into 4x mode
agpgart: Putting AGP V2 device at 0000:01:00.0 into 4x mode
[drm] Setting GART location based on new memory map
[drm] Loading R200 Microcode
[drm] writeback test succeeded in 1 usecs
input: Logitech MX1000 mouse as
/devices/pci0000:00/0000:00:10.1/usb3/3-1/3-1.1/3-1.1:1.0/hci0/acl00076140075C/input/input11
input: Logitech MX5000 Keyboard as
/devices/pci0000:00/0000:00:10.1/usb3/3-1/3-1.1/3-1.1:1.0/hci0/acl0007613A204A/input/input12
agpgart: Found an AGP 2.0 compliant device at 0000:00:00.0.
agpgart: Putting AGP V2 device at 0000:00:00.0 into 4x mode
agpgart: Putting AGP V2 device at 0000:01:00.0 into 4x mode
[drm] Loading R200 Microcode
It seems to be this bug: http://readlist.com/lists/lists.freedesktop.org/xorg/3/15883.html It doesn't crash with current rawhide (I don't know if the bug is fixed or only hidden). Changing version to '9' as part of upcoming Fedora 9 GA. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping I vaguely remember that this bug was caused by the DDX having statically allocated memory that didn't like to be freed. This bug was fixed upstream a while ago. Been doing keyboard hotplugging for a few months without problems now. Closing as fixed for F9. |
Description of problem: X crashes after some time (~30 min) dmesg: ============================================================================= BUG kmalloc-4096 (Tainted: G D ): Poison overwritten ----------------------------------------------------------------------------- INFO: 0xf7336785-0xf7336785. First byte 0x6c instead of 0x6b INFO: Allocated in input_allocate_device+0x13/0x8b age=1974495 cpu=0 pid=14984 INFO: Freed in input_dev_release+0x1a/0x24 age=30407 cpu=0 pid=15059 INFO: Slab 0xc1ceff40 used=6 fp=0xf7336120 flags=0x400040c3 INFO: Object 0xf7336120 @offset=24864 fp=0xf7330001 Bytes b4 0xf7336110: d3 3a 00 00 dc aa 7b 00 5a 5a 5a 5a 5a 5a 5a 5a �:..ܪ{.ZZZZZZZZ Object 0xf7336120: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xf7336130: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xf7336140: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xf7336150: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xf7336160: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xf7336170: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xf7336180: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xf7336190: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Redzone 0xf7337120: bb bb bb bb ���� Padding 0xf7337148: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ Pid: 127, comm: khubd Tainted: G D 2.6.25-0.80.rc3.git2.fc9 #1 [<c0483d88>] print_trailer+0x10e/0x116 [<c0483e11>] check_bytes_and_report+0x81/0xa4 [<c0483f02>] check_object+0xa4/0x185 [<c0485269>] __slab_alloc+0x377/0x475 [<c0484eba>] ? __slab_free+0x22e/0x266 [<c04853ca>] kmem_cache_alloc+0x63/0xc5 [<c05b5053>] ? hid_probe+0x323/0xc84 [<c05b5053>] ? hid_probe+0x323/0xc84 [<c05b5053>] hid_probe+0x323/0xc84 [<c0639622>] ? mutex_unlock+0x8/0xa [<c0584271>] ? usb_autopm_do_device+0xb8/0xc0 [<c058488a>] usb_probe_interface+0xc9/0x10b [<c056df36>] driver_probe_device+0xa0/0x13c [<c056e08f>] __device_attach+0x8/0xa [<c056d5d3>] bus_for_each_drv+0x3f/0x69 [<c056e120>] device_attach+0x70/0x90 [<c056e087>] ? __device_attach+0x0/0xa [<c056d444>] bus_attach_device+0x2b/0x5c [<c056c6d2>] device_add+0x2fe/0x473 [<c0583a81>] usb_set_configuration+0x40a/0x453 [<c0589da9>] generic_probe+0x4b/0x82 [<c0583c86>] usb_probe_device+0x32/0x38 [<c056df36>] driver_probe_device+0xa0/0x13c [<c056e08f>] __device_attach+0x8/0xa [<c056d5d3>] bus_for_each_drv+0x3f/0x69 [<c056e120>] device_attach+0x70/0x90 [<c056e087>] ? __device_attach+0x0/0xa [<c056d444>] bus_attach_device+0x2b/0x5c [<c056c6d2>] device_add+0x2fe/0x473 [<c057eee3>] usb_new_device+0x56/0x12f [<c057ffbc>] hub_thread+0x852/0xc80 [<c0439957>] ? autoremove_wake_function+0x0/0x33 [<c057f76a>] ? hub_thread+0x0/0xc80 [<c0439706>] kthread+0x3b/0x61 [<c04396cb>] ? kthread+0x0/0x61 [<c04069f3>] kernel_thread_helper+0x7/0x10 ======================= FIX kmalloc-4096: Restoring 0xf7336785-0xf7336785=0x6b FIX kmalloc-4096: Marking all objects used