663507 – mesa r300_dri.so segfaults when going into a "full screen mode"

Bug 663507 - mesa r300_dri.so segfaults when going into a "full screen mode"

Summary: mesa r300_dri.so segfaults when going into a "full screen mode"

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	mesa
Sub Component:
Version:	14
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Jérôme Glisse
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-12-16 00:25 UTC by Michal Jaegermann
Modified:	2012-08-16 18:26 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2012-08-16 18:25:58 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
abrt produced backtrace for /usr/lib64/xulrunner-1.9.2/plugin-container (41.73 KB, text/plain) 2010-12-22 22:59 UTC, Michal Jaegermann	no flags	Details
View All

Description Michal Jaegermann 2010-12-16 00:25:14 UTC

Description of problem:

The following show up in logs:

plugin-containe[23826]: segfault at 28 ip 00007fb9944905f9 sp 00007fb9ae905630 error 4 in r300_dri.so[7fb994461000+230000]

I am getting these as follows.  With an installed 64-bit libflashplayer.so from Adobe flashplayer10_2_p3_64bit_linux_111710 go to http://www.cbc.ca/news/ and try to play any videos to be found on that site.  So far so good but there is there a "full screen" play option. Trying it is causing an immediate crash with results as above.

I am pretty convinced that the same problem is behind 'impressive' troubles (http://koji.fedoraproject.org/koji/packageinfo?packageID=7734).  Both versions 0.10.2 and 0.10.3.  Only in this case if you try to use 'demo.pdf' from that package everything immediately freezes with no access neither direct nor by network and later no any log traces whatsoever. 'impressive' with a full-screen mode deactivated ('-f' toggle to turn off a default) runs just fine. 

Both a "full screen flash" and a demo from 'impressive' work without a hitch on another machine, both under Fedora 13 and 14, but where r200_dri.so module is in use.  I am afraid that I do not have another machine with Fedora 14 and r300_dri.so handy to try there but I do not really expect anything different.


Version-Release number of selected component (if applicable):
mesa-dri-drivers-7.8.2-1.fc13.x86_64

How reproducible:
always as described above

Additional info:

With few tries I collected one /var/spool/abrt/ccpp-... but, curiously enough, there is nothing in /var/spool/abrt/abrt-db so 'abrt' does not see it. With 
mesa-debuginfo and xulrunner-debuginfo installed gdb comes with the following:

Core was generated by `/usr/lib64/xulrunner-1.9.2/plugin-container /usr/lib64/mozilla/plugins/libflash'.
Program terminated with signal 11, Segmentation fault.

Backtrace starts with:

#0  0x00007fa35bbe55f9 in bo_vram_validate (bo=0x7fa380ddc4b0, 
    soffset=0x7fa386b5c71c, eoffset=0x7fa386b5c708) at radeon_bo_legacy.c:614
#1  radeon_bo_legacy_validate (bo=0x7fa380ddc4b0, soffset=0x7fa386b5c71c, 
    eoffset=0x7fa386b5c708) at radeon_bo_legacy.c:732
#2  0x00007fa35bbe8e91 in cs_process_relocs (cs=0x7fa380db3350)
    at radeon_cs_legacy.c:234
#3  cs_emit (cs=0x7fa380db3350) at radeon_cs_legacy.c:304
#4  0x00007fa35bbe765c in rcommonFlushCmdBufLocked (rmesa=0x7fa3802a61a0, 
    caller=<value optimized out>) at radeon_common.c:1207
#5  0x00007fa35bbe76e1 in rcommonFlushCmdBuf (rmesa=0x7fa3802a61a0, 
    caller=<value optimized out>) at radeon_common.c:1227
#6  0x00007fa35bbe7821 in radeonFlush (ctx=0x7fa380a05f30)
    at radeon_common.c:1126
#7  0x0000003b8aa243a2 in glXSwapBuffers (dpy=0x7fa380020600, 
    drawable=46143397) at glxcmds.c:1083
#8  0x00007fa3850006b1 in ?? ()
   from /usr/lib64/mozilla/plugins/libflashplayer.so

Nothing usable after that but that backtrace eventually ends on frame #42 with:

Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Source listing for frame #0 looks like this:

613             }
614             bo_legacy->offset = boml->texture_offset +
615                                 bo_legacy->tobj->base.memBlock->ofs;
616             bo_legacy->dirty = 1;
617         }

and bo_legacy->tobj->base.memBlock is reported as a NULL pointer.
According to gdb bo_legacy->tobj points to the following structure:

{base = {next = 0x7fa380dfd220, prev = 0x7fa380dfd220, heap = 0x0, 
tObj = 0x0, memBlock = 0x0, reserved = 0, bound = 0, totalSize = 17498112, 
dirty_images = {0, 0, 0, 0, 0, 0}, timestamp = 0, firstLevel = 0, 
lastLevel = 0}, parent = 0x7fa380ddc4b0}

Hm, that really should segfault if gdb is correct.

'coredump' file is 184M long if anybody is interested in it.

Comment 1 Michal Jaegermann 2010-12-17 22:30:27 UTC

Just a note that impressive-0.10.3, which is a possible "canary" application tripped by r300_dri.so, is now in updates to Fedora 13 and 14.

Comment 2 Michal Jaegermann 2010-12-22 22:59:45 UTC

Created attachment 470329 [details]
abrt produced backtrace for /usr/lib64/xulrunner-1.9.2/plugin-container

That seems to be a backtrace from the same event but how abrt sees it.  Why in a corresponding /var/spool/abrt/ccpp-... showed up files with datestamps from today I am no so sure.  In the first moment I though that this is something entirely new.

Comment 3 Eddie Lania 2011-02-11 21:44:46 UTC

I can reproduce this with the mame package from rpmfusion on fc14:

Feb 11 22:17:30 p3000fedora yum[10854]: Updated: mame-0.141u2-1.fc14.i686
Feb 11 22:17:31 p3000fedora yum[10854]: Updated: mame-tools-0.141u2-1.fc14.i686
Feb 11 22:18:08 p3000fedora kernel: [ 5315.048259] TCP lp registered
Feb 11 22:19:40 p3000fedora kernel: [ 5406.566165] mame[11566]: segfault at 34 ip 00f38aa0 sp bffcb430 error 4 in r300_dri.so[f0e000+2f9000]
Feb 11 22:19:41 p3000fedora abrt[11574]: saved core dump of pid 11566 (/usr/bin/mame) to /var/spool/abrt/ccpp-1297459180-11566.new/coredump (70901760 bytes)
Feb 11 22:19:41 p3000fedora abrtd: Directory 'ccpp-1297459180-11566' creation detected
Feb 11 22:19:41 p3000fedora abrtd: Package 'mame' isn't signed with proper key
Feb 11 22:19:41 p3000fedora abrtd: Corrupted or bad crash /var/spool/abrt/ccpp-1297459180-11566 (res:5), deleting
Feb 11 22:20:02 p3000fedora auditd[907]: Audit daemon rotating log files
Feb 11 22:36:55 p3000fedora kernel: [ 6441.792050] mame[15791]: segfault at 34 ip 00f2baa0 sp bf934050 error 4 in r300_dri.so[f01000+2f9000]
Feb 11 22:36:56 p3000fedora abrt[15799]: saved core dump of pid 15791 (/usr/bin/mame) to /var/spool/abrt/ccpp-1297460215-15791.new/coredump (70283264 bytes)
Feb 11 22:36:56 p3000fedora abrtd: Directory 'ccpp-1297460215-15791' creation detected
Feb 11 22:36:56 p3000fedora abrtd: Package 'mame' isn't signed with proper key
Feb 11 22:36:56 p3000fedora abrtd: Corrupted or bad crash /var/spool/abrt/ccpp-1297460215-15791 (res:5), deleting

Comment 4 Bug Zapper 2011-05-30 12:43:26 UTC

This message is a reminder that Fedora 13 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 13.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '13'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 13's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 13 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 5 Michal Jaegermann 2011-05-30 21:12:38 UTC

See comment #3 where this bug was reproduced on Fedora 14.

Myself I am away and will not see a machine with a suitable hardware/software before a middle of July.

Comment 6 Fedora End Of Life 2012-08-16 18:26:00 UTC

This message is a notice that Fedora 14 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 14. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained.  At this time, all open bugs with a Fedora 'version'
of '14' have been closed as WONTFIX.

(Please note: Our normal process is to give advanced warning of this 
occurring, but we forgot to do that. A thousand apologies.)

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, feel free to reopen 
this bug and simply change the 'version' to a later Fedora version.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we were unable to fix it before Fedora 14 reached end of life. If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora, you are encouraged to click on 
"Clone This Bug" (top right of this page) and open it against that 
version of Fedora.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Note You need to log in before you can comment on or make changes to this bug.