Bug 572231

Summary: [abrt] crash in kdeartwork-screensavers-4.4.0-1.fc12: Process /usr/bin/keuphoria.kss was killed by signal 6 (SIGABRT)
Product: [Fedora] Fedora Reporter: Boaz Harrosh <boazharrosh>
Component: kdeartworkAssignee: Than Ngo <than>
Status: CLOSED WORKSFORME QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: fedora, jghobrial, jreznik, kevin, ltinkl, rdieter, smparrish, than
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: abrt_hash:ec7e222ad280519a337127aefc4c239f4e4efd8c
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-11-04 09:34:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace none

Description Boaz Harrosh 2010-03-10 15:44:16 UTC
abrt 1.0.8 detected a crash.

architecture: x86_64
Attached file: backtrace
cmdline: keuphoria.kss -root
comment: Fully updated FC12 KDE system, nvidia from RPMFusion none-free
component: kdeartwork
executable: /usr/bin/keuphoria.kss
kernel: 2.6.32.9-70.fc12.x86_64
package: kdeartwork-screensavers-4.4.0-1.fc12
rating: 3
reason: Process /usr/bin/keuphoria.kss was killed by signal 6 (SIGABRT)
release: Fedora release 12 (Constantine)

How to reproduce
-----
1. Set Euphoria as screen saver
2. Go to lunch (Or other wise very idle system that will triger a screensaver
3. ...

Comment 1 Boaz Harrosh 2010-03-10 15:44:19 UTC
Created attachment 399116 [details]
File: backtrace

Comment 2 Boaz Harrosh 2010-03-10 15:48:20 UTC
OK It also happen with SolarWinds I guess any GL screen saver.
Yes all "Desktop effects" are on

Thanks
Boaz

Comment 3 Rex Dieter 2010-03-10 16:01:45 UTC
Looks like an nvidia driver issue to me.  the backtrace is deep into

#4  0x00000039ce788e46 in ?? () from /usr/lib64/nvidia/libGLcore.so.1
No symbol table info available.
#5  0x00000039ce4b6792 in ?? () from /usr/lib64/nvidia/libGLcore.so.1
No symbol table info available.
#6  0x00000039ce4b7707 in ?? () from /usr/lib64/nvidia/libGLcore.so.1
No symbol table info available.
#7  0x00000039ce4bbe2d in ?? () from /usr/lib64/nvidia/libGLcore.so.1
No symbol table info available.
#8  0x00000039ce49c99a in ?? () from /usr/lib64/nvidia/libGLcore.so.1
No symbol table info available.
#9  0x00000039ce7a9839 in ?? () from /usr/lib64/nvidia/libGLcore.so.1
No symbol table info available.
#10 0x00000039ce523c51 in ?? () from /usr/lib64/nvidia/libGLcore.so.1
No symbol table info available.
#11 0x00000039ce7db65a in ?? () from /usr/lib64/nvidia/libGLcore.so.1

that's out of our hands.

Comment 4 Boaz Harrosh 2010-03-10 16:12:20 UTC
Well yes I guess so.

It was fine up until the last big update where I received both a new KDE, and a new nvidia driver. The later maybe because the Kernel changed to 2.6.32.

So perhaps someone at nvidia is watching over FC bugzilla. But just wanted to make sure it's not a new KDE thing with all compositing on and GL screensavers.

Thanks anyway
Boaz

Comment 5 Boaz Harrosh 2010-03-11 07:15:46 UTC
Hi.

I have some new information. The crash happens when we go out of the screen saver at shot down. (Every time almost)

So I was looking at the code (In google/codesearch) and it looks like it is possible that the wind:update() which is on a timer, might be racing with the wind destructor. And then glXXX crashes on a garbage particles[] pointer. The
trace is a bit different every time, always in wind:update() from the timer.

(I'm un-closing the bug, if that's me bad. Please forgive me)

Never say never
Boaz

Comment 6 Kevin Kofler 2010-03-11 08:59:29 UTC
Please:
* provide evidence for that theory, such as a Valgrind memcheck log which shows the use-after-free and/or
* try to reproduce this crash with one of the drivers in Fedora (but Nouveau 3D is only available in F13 Alpha at this time).

Comment 7 Kevin Kofler 2010-03-11 09:09:43 UTC
I have tried reproducing this with keuphoria.kss in the windowed demo mode on the Free radeon driver. I didn't get a crash so far, but I consistently get these when closing the window:
X Error: RenderBadPicture (invalid Picture parameter) 156
  Extension:    147 (RENDER)
  Minor opcode: 7 (RenderFreePicture)
  Resource id:  0x106
X Error: BadWindow (invalid Window parameter) 3
  Major opcode: 18 (X_ChangeProperty)
  Resource id:  0x540002d
X Error: BadWindow (invalid Window parameter) 3
  Major opcode: 4 (X_DestroyWindow)
  Resource id:  0x540002d

This may be related to a use-after-free like the one you hypothize.

Comment 8 Kevin Kofler 2010-03-11 09:12:42 UTC
Valgrind doesn't detect a use-after-free when the above errors are produced though, so this may be entirely unrelated.

Comment 9 Boaz Harrosh 2010-03-11 13:18:40 UTC
OK It might not be a use-after-free per-se but that the GL resources or window
were destroyed while the "update" timer is in progress. To me it looks very related. It seems like the Radeon driver is more resilient to errors then the nvidia, but there is certainly some short-comings with these kde-savers.

I did not compile and am not a KDE programmer, just your regular devoted FC user. I think it is worth while to documenting this in Bugzilla and have some KDE person have a look.

Thanks
Boaz

Comment 10 Rex Dieter 2010-04-28 15:26:58 UTC
*** Bug 579901 has been marked as a duplicate of this bug. ***

Comment 11 Bug Zapper 2010-11-03 20:12:29 UTC
This message is a reminder that Fedora 12 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 12.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '12'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 12's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 12 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 12 Boaz Harrosh 2010-11-04 09:34:30 UTC
In latest FC12 updates this bug is fixed. I cannot say when exactly but lately it does not happen at all. As before It would every morning.

So something fixed it in the last month or two

Thanks
Boaz