Bug 485686 - [radeon] reproductible crash with gl-117
[radeon] reproductible crash with gl-117
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: xorg-x11-drv-ati (Show other bugs)
10
All Linux
medium Severity high
: ---
: ---
Assigned To: Dave Airlie
Fedora Extras Quality Assurance
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-16 05:19 EST by François Cami
Modified: 2009-12-18 02:55 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-12-18 02:55:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Xorg.0.log of working system (131.82 KB, text/plain)
2009-02-16 05:19 EST, François Cami
no flags Details
dmesg of working system (32.58 KB, text/plain)
2009-02-16 05:20 EST, François Cami
no flags Details

  None (edit)
Description François Cami 2009-02-16 05:19:15 EST
Created attachment 332016 [details]
Xorg.0.log of working system

Description of problem:
When using the radeon driver on my X800XT (FireGL V7100), gl-117 can freeze Xorg.

Version-Release number of selected component (if applicable):
xorg-x11-drv-ati-6.10.0-2.fc10.x86_64
mesa-libGL-7.2-0.15.fc10.x86_64
kernel-2.6.27.12-170.2.5.fc10.x86_64
xorg-x11-server-Xorg-1.5.3-6.fc10.x86_64

How reproducible:
always

Steps to Reproduce:
1. boot F10 with nomodeset (pci=noaer is needed on my hw as well)
2. launch gl-117
3. playing the game without "looking" at the sun is OK ; once the sun enters the screen, the game locks up.
  
Actual results:
Xorg lock-up.

Expected results:
Gameplay :)

Additional info:
Xorg.0.log of working system attached.
Comment 1 François Cami 2009-02-16 05:20:02 EST
Created attachment 332017 [details]
dmesg of working system
Comment 2 François Cami 2009-02-16 05:47:40 EST
* nothing is written to Xorg.0.log after / during the crash ;

* top shows neither Xorg nor gl-117 using any CPU time whatsoever ;

* killing gl-117 remotely makes X responsive again ;

* this does not happen when the game uses the software renderer with the
  same exact graphic settings :
  LIBGL_ALWAYS_SOFTWARE=1 gl-117
Comment 3 François Cami 2009-02-16 14:31:18 EST
The gl-117 is in S+ (interruptible sleep) state, so gdb
can't attach to it. Additionally, the process does not
honour SIGSEGV but coredumps on SIGQUIT, hence the
following backtrace :

#0  0x0000000005e0af05 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
	pid = <value optimized out>
	selftid = <value optimized out>
#1  0x0000000005e0ca73 in abort () at abort.c:88
	act = {__sigaction_handler = {sa_handler = 0x7fffee598d50, sa_sigaction = 0x7fffee598d50}, sa_mask = {__val = {140737192234464, 34063621608, 140737192234528, 140737192281729, 6, 99691678, 1, 4201445, 20, 99687322, 3, 140737192234509, 3, 99686570, 1, 
      99691698}}, sa_flags = 3, sa_restorer = 0x7fffee598e1a}
	sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x0000000005e4a438 in __libc_message (do_abort=2, fmt=0x5f14428 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
	ap = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffee599770, reg_save_area = 0x7fffee599680}}
	ap_copy = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffee599770, reg_save_area = 0x7fffee599680}}
	fd = 7
	on_2 = <value optimized out>
	list = <value optimized out>
	nlist = <value optimized out>
	cp = <value optimized out>
	written = 6
#3  0x0000000005e4fec8 in malloc_printerr (action=2, str=0x5f144c8 "double free or corruption (fasttop)", ptr=<value optimized out>) at malloc.c:5994
	buf = "0000000001735230"
	cp = <value optimized out>
#4  0x0000000005e52486 in __libc_free (mem=0x2) at malloc.c:3625
	ar_ptr = (struct malloc_state *) 0x6145a00
	p = <value optimized out>
	hook = <value optimized out>
#5  0x0000000000da70c4 in SDL_StopEventThread () at src/events/SDL_events.c:196
No locals.
#6  SDL_StopEventLoop () at src/events/SDL_events.c:210
No locals.
#7  0x0000000000dc85e6 in SDL_VideoQuit () at src/video/SDL_video.c:1331
	ready_to_go = <value optimized out>
#8  0x0000000000da0f45 in SDL_QuitSubSystem (flags=65535) at src/SDL.c:202
No locals.
#9  0x0000000000da0fce in SDL_Quit () at src/SDL.c:222
No locals.
#10 0x0000000000da186f in SDL_Parachute (sig=3) at src/SDL_fatal.c:41
No locals.
#11 <signal handler called>
No locals.
#12 0x0000000005eb6aa2 in select () from /lib64/libc-2.9.so
No symbol table info available.
#13 0x00007f0fe52eda96 in _xcb_conn_wait (c=0x1706d90, cond=<value optimized out>, vector=0x0, count=0x0) at xcb_conn.c:340
	ret = 162
	xlib_locked = 0
	rfds = {__fds_bits = {16, 0 <repeats 15 times>}}
	wfds = {__fds_bits = {0 <repeats 16 times>}}
#14 0x00007f0fe52ef2ad in xcb_wait_for_reply (c=0x1706d90, request=162, e=0x7fffee599c98) at xcb_in.c:366
	cond = {__data = {__lock = 0, __futex = 0, __total_seq = 0, __wakeup_seq = 0, __woken_seq = 0, __mutex = 0x0, __nwaiters = 0, __broadcast_seq = 0}, __size = '\0' <repeats 47 times>, __align = 0}
	reader = {request = 162, data = 0x7fffee599c10, next = 0x0}
	prev_reader = (reader_list **) 0x1707e80
	ret = (void *) 0x0
#15 0x000000000108318e in _XReply (dpy=0x1706230, rep=0x7fffee599ce0, extra=0, discard=1) at xcb_io.c:366
	error = <value optimized out>
	c = (xcb_connection_t *) 0x1706d90
	current = (PendingRequest *) 0x17352a0
	__PRETTY_FUNCTION__ = "_XReply"
#16 0x0000000001076ce3 in XSync (dpy=0x1706230, discard=0) at Sync.c:48
	rep = {type = 11 '\v', revertTo = 0 '\0', sequenceNumber = 832, length = 0, focus = 17310688, pad1 = 0, pad2 = 24142384, pad3 = 0, pad4 = 17157363, pad5 = 0}
#17 0x0000000000dd923d in X11_FreeWMCursor (this=0x1705b70, cursor=0x171e3b0) at src/video/x11/SDL_x11mouse.c:45
No locals.
#18 0x0000000000dc40b3 in SDL_FreeCursor (cursor=0x1735260) at src/video/SDL_cursor.c:257
	video = (SDL_VideoDevice *) 0x1705b70
#19 0x0000000000dc43f4 in SDL_CursorQuit () at src/video/SDL_cursor.c:57
No locals.
#20 0x0000000000dc8607 in SDL_VideoQuit () at src/video/SDL_video.c:1337
	ready_to_go = <value optimized out>
#21 0x0000000000da0f45 in SDL_QuitSubSystem (flags=65535) at src/SDL.c:202
No locals.
#22 0x0000000000da0fce in SDL_Quit () at src/SDL.c:222
No locals.
#23 0x0000000000da186f in SDL_Parachute (sig=11) at src/SDL_fatal.c:41
No locals.
#24 <signal handler called>
No locals.
#25 0x00007f0fddf73e37 in radeonReadDepthSpan_z24_s8 (ctx=<value optimized out>, rb=0x1a07c10, n=1, x=431, y=<value optimized out>, values=<value optimized out>) at ../../../../../src/mesa/drivers/dri/common/depthtmp.h:201
	i = <value optimized out>
	minx = <value optimized out>
	maxx = <value optimized out>
	_nc = <value optimized out>
	depth = (GLuint *) 0x7fffee59a280
	dPriv = (const __DRIdrawablePrivate *) 0x1a074e0
	buf = (GLubyte *) 0x0
	x1 = <value optimized out>
	n1 = 0
	xo = 0
#26 0x00007f0fddc89401 in _swrast_read_depth_span_float (ctx=0x17af1c0, rb=0x1a07c10, n=1, x=431, y=479, depth=0x7fffee59e2f0) at swrast/s_depth.c:1248
	temp = {0 <repeats 522 times>, 3842909800, 32527, 10, 0, 24, 0, 1423468550, 0, 9691008, 0, 17008200, 0, 6, 0, 22241696, 0, 3998853888, 32767, 3998854312, 32767, 17008920, 0, 0, 0, 0, 0, 3864589512, 32527, 17052230, 0, 17041752, 0, 17037432, 0, 0, 1, 
  1188, 1, 0, 0, 3864590368, 32527, 3998854368, 32767, 1423468550, 0, 3998854288, 32767, 0, 0, 3998854312, 32767, 9691598, 0, 0, 0, 0, 0, 3998854063, 32767, 3998854080, 32767, 3998854079, 32767, 3998854096, 32767, 3998854080, 32767, 101997144, 0, 128, 0, 
  3998854175, 32767, 3998854127, 32767, 3998854144, 32767, 3998854128, 32767, 101997144, 0, 101997056, 0, 12208, 0, 24213600, 0, 101997056, 0, 8208, 6, 1024, 0, 101997056, 0, 128, 0, 24311536, 0, 101997056, 0, 80, 0, 3998854303, 32767, 3998854320, 32767, 
  3998854304, 32767, 25, 0, 24321520, 3, 1072, 0, 3998854351, 32767, 3998854368, 32767, 3998854352, 32767, 1024, 3, 24305856, 64, 101997056, 0, 80, 0, 1, 0, 0, 0, 3998854672, 65, 25, 0, 101997056, 0, 24237248, 0, 24237248, 0, 3998855088, 32767, 3998854672, 
  32767, 98912824, 0, 24237248, 0, 24309952, 0, 24237248, 0, 17303277, 0, 24277145, 0, 24279488, 0, 3998855504, 32767, 101997056, 0, 10, 0, 24297458, 0, 58, 0, 1, 0, 24279478, 0, 98903174, 0, 0, 0, 17304350, 0, 17754048, 0, 15, 0, 0, 0, 3998855536, 32767...}
	scale = 5.96046519e-08
#27 0x00007f0fddc9275a in read_depth_pixels (ctx=0x17af1c0, x=431, y=479, width=1, height=1, type=5126, pixels=0x7fffee5a26c0, packing=0x7fffee5a2360) at swrast/s_readpix.c:156
	depthValues = {1.26116862e-44, 0, -4.19552459e+22, 4.55800351e-41, 1.26116862e-44, 0, 3.36311631e-44, 0, -1.59670189e+37, 0, 1.35799946e-38, 0, 2.08399536e-35, 0, 6.30584309e-44, 4.59163468e-41, 1.43999852e-36, 0, -1.68582628e+28, 4.59163468e-41, 
  -1.68587633e+28, 4.59163468e-41, 2.08516397e-35, 0, 0, 0, -4.19561106e+22, 4.55800351e-41, -2.56114595e+23, 4.55800351e-41, 5.88776569e-39, 0, 2.09246145e-35, 0, 5.8820568e-39, 0, 0, 1.40129846e-45, 1.17709071e-43, 1.40129846e-45, -1.68588106e+28, 
  4.59163468e-41, -2.57753329e+23, 4.55800351e-41, -1.68588295e+28, 4.59163468e-41, -1.59670189e+37, 0, -1.6858735e+28, 4.59163468e-41, 0, 0, -1.68587633e+28, 4.59163468e-41, 1.35808214e-38, 0, 0, 0, -4.19561106e+22, 4.55800351e-41, 1.40129846e-45, 
  4.59163468e-41, 0, 0, 1.40129846e-45, 4.59163468e-41, -1.68785123e+28, 4.59163468e-41, -1.68785123e+28, 4.59163468e-41, -1.68785666e+28, 1.40129846e-45, -4.19560025e+22, 4.55800351e-41, -2.57753329e+23, 1.40129846e-45, -4.19561106e+22, 4.55800351e-41, 
  -2.57753329e+23, 4.55800351e-41, -1.68588861e+28, 4.59163468e-41, -2.57737908e+23, 4.55800351e-41, 5.88776569e-39, 0, 0, 0, -1.68589239e+28, 5.60519386e-45, -2.57737908e+23, 4.55800351e-41, 5.87747175e-39, 0 <repeats 13 times>, 2.78882361e-35, 0, 
  -3.50805191e+22, 4.55800351e-41, 4.37499281e-38, 0, 4.37958683e-38, 0, 4.37843889e-38, 0, 1.40129846e-45, 0, 2.23155693e-35, 0, 4.48415509e-44, 6.72623263e-44, -1.68589995e+28, 4.59163468e-41, 2.08545325e-35, 0, -2.56114595e+23, 4.55800351e-41, 
  4.37499281e-38, 0, -nan(0x7fffff), 0, -1.68736766e+28, 4.59163468e-41, 9.5250965e-39, 0, -1.68736766e+28, 4.59163468e-41, 4.37499281e-38, 0, 4.37958683e-38, 0, 4.37843889e-38, 0, 0, 0, 2.15258012e-35, 0, 0, 0, -1.68610962e+28, 4.59163468e-41, 
  -1.68611151e+28, 4.59163468e-41, 2.62698452e-38, 0, 2.62698452e-38, 0, 2.12406706e-35, 0, -1.68785123e+28, 4.59163468e-41, 1.36447711e-38, 0, 7.42688186e-44, 0, 1.43492963e-42, 0, 2.79016441e-35, 3.86197857e-42, -1.68609356e+28, 4.59163468e-41, 
  -1.68609734e+28, 4.59163468e-41, -1.68608695e+28, 4.59163468e-41, -1.6860964e+28, 4.59163468e-41, 2.14425581e-35, 0, 5.60519386e-45, 0, 6.27690347e-39, 0, -1.69473963e+38, 1.69473953e+38, 4.38188272e-38, 0, -1.68595661e+28, 4.59163468e-41, 6.27847153e-39, 
  0, -1.6861474e+28, 4.59163468e-41, 2.62698312e-38, 0, 4.37729094e-38, 0, 0, 0, -1.68905555e+28, 4.59163468e-41, 0...}
	dest = (GLvoid *) 0x7fffee5a26c0
	j = 1
	fb = <value optimized out>
	rb = (struct gl_renderbuffer *) 0x1a07c10
	biasOrScale = 188 '�'
#28 0x00007f0fddc933b0 in _swrast_ReadPixels (ctx=0x17af1c0, x=431, y=479, width=1, height=1, format=6402, type=5126, packing=<value optimized out>, pixels=0x6bc) at swrast/s_readpix.c:591
	swrast = (SWcontext *) 0x17e1f40
	clippedPacking = {Alignment = 4, RowLength = 1, SkipPixels = 0, SkipRows = 0, ImageHeight = 0, SkipImages = 0, SwapBytes = 0 '\0', LsbFirst = 0 '\0', ClientStorage = 0 '\0', Invert = 0 '\0', BufferObj = 0x1735b60}
#29 0x00007f0fddc1478b in _mesa_ReadPixels (x=431, y=479, width=1, height=1, format=6402, type=5126, pixels=0x7fffee5a26c0) at main/readpix.c:188
No locals.
#30 0x0000000000417077 in game_display () at main.cpp:3487
	zbuf = {0}
	i = 0
	sunx = 431.09448647939121
	suny = 479.79205787499177
	sunz = 0.96838297218621383
	sunvisible = true
	pseudoview = 100
	mycamtheta = 11.8064156
	mycamphi = 320.918091
	mycamgamma = -86.5335693
	mylight = <value optimized out>
	buf = '\0' <repeats 24 times>
	write = <value optimized out>
#31 0x000000000041a91d in myDisplayFunc () at main.cpp:5079
No locals.
#32 sdlMainLoop () at main.cpp:5382
	event = {type = 4 '\004', active = {type = 4 '\004', gain = 0 '\0', state = 0 '\0'}, key = {type = 4 '\004', which = 0 '\0', state = 0 '\0', keysym = {scancode = 89 'Y', sym = 65536, mod = KMOD_NONE, unicode = 0}}, motion = {type = 4 '\004', 
    which = 0 '\0', state = 0 '\0', x = 345, y = 199, xrel = 0, yrel = 1}, button = {type = 4 '\004', which = 0 '\0', button = 0 '\0', state = 0 '\0', x = 345, y = 199}, jaxis = {type = 4 '\004', which = 0 '\0', axis = 0 '\0', value = 345}, jball = {
    type = 4 '\004', which = 0 '\0', ball = 0 '\0', xrel = 345, yrel = 199}, jhat = {type = 4 '\004', which = 0 '\0', hat = 0 '\0', value = 0 '\0'}, jbutton = {type = 4 '\004', which = 0 '\0', button = 0 '\0', state = 0 '\0'}, resize = {type = 4 '\004', 
    w = 13042009, h = 65536}, expose = {type = 4 '\004'}, quit = {type = 4 '\004'}, user = {type = 4 '\004', code = 13042009, data1 = 0x10000, data2 = 0x0}, syswm = {type = 4 '\004', msg = 0x10000}}
Comment 4 François Cami 2009-02-17 20:01:36 EST
the crash is gone in rawhide with the following packages :

kernel-2.6.29-0.124.rc5.fc11.x86_64
mesa-libGL-7.3-2.fc11.x86_64
xorg-x11-drv-ati-6.10.0-3.fc11.x86_64
xorg-x11-server-Xorg-1.5.99.902-12.fc11.x86_64
gl-117-1.3.2-7.fc10.x86_64
Comment 5 Bug Zapper 2009-11-18 03:02:00 EST
This message is a reminder that Fedora 10 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 10.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '10'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 10's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 10 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 6 Bug Zapper 2009-12-18 02:55:53 EST
Fedora 10 changed to end-of-life (EOL) status on 2009-12-17. Fedora 10 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.