Ubuntu
xserver-xorg-video-ati package

Xorg crashed with SIGSEGV in RADEONInit3DEngineMMIO()

Bug #435559 reported by Brian Murray
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
xserver-xorg-driver-ati
Fix Released
High
xserver-xorg-video-ati (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: xserver-xorg-video-radeon

Bug 434685 is likely a duplicate of this one.

I've had this occur semi-regularly and probably could make it happen again if more information is need.

This information also appears in dmesg after it happens:

[91522.826463] [drm:radeon_ib_schedule] *ERROR* radeon: couldn't schedule IB(2).
[91522.826467] [drm:radeon_cs_ioctl] *ERROR* Faild to schedule IB !
[91522.826526] [drm:radeon_ib_schedule] *ERROR* radeon: couldn't schedule IB(2).
[91522.826529] [drm:radeon_cs_ioctl] *ERROR* Faild to schedule IB !
[91582.827185] [drm:radeon_bo_move] *ERROR* CP is not ready use memcpy.

ProblemType: Crash
Architecture: amd64
Date: Wed Sep 23 15:32:32 2009
DistroRelease: Ubuntu 9.10
ExecutablePath: /usr/bin/Xorg
MachineType: Dell Inc. Dell DXP051
Package: xserver-xorg-core 2:1.6.3-1ubuntu6
ProcCmdLine: root=/dev/md1 ro radeon.modeset=1
ProcCmdline: /usr/bin/X :0 -br -verbose -auth /var/run/gdm/auth-for-gdm-DGBOB6/database -nolisten tcp vt7
ProcCwd: /etc/X11
ProcEnviron:
 LANG=en_US.UTF-8
 PATH=(custom, no user)
ProcVersionSignature: Ubuntu 2.6.31-10.35-generic
RelatedPackageVersions:
 xserver-xorg 1:7.4+3ubuntu5
 libgl1-mesa-glx 7.6.0~git20090817.7c422387-0ubuntu5
 libdrm2 2.4.13-1ubuntu1
 xserver-xorg-video-intel 2:2.8.1-1ubuntu1
 xserver-xorg-video-ati 1:6.12.99+git20090825.fc74e119-0ubuntu2
SegvAnalysis:
 Segfault happened at: 0x7f9907bf81ed <RADEONInit3DEngine+15901>: cmpl $0x1,(%rcx)
 PC (0x7f9907bf81ed) ok
 source "$0x1" ok
 destination "(%rcx)" (0x00000000) not located in a known VMA region (needed writable region)!
SegvReason: writing NULL VMA
Signal: 11
SourcePackage: xorg-server
StacktraceTop:
 RADEONInit3DEngineMMIO (pScrn=0xeb3a80)
 RADEONInit3DEngine (pScrn=0xeb3a80) at ../../src/radeon_accel.c:1129
 R300DisplayTexturedVideoMMIO (
 RADEONPutImageTextured (pScrn=0xeb3a80,
 ?? ()
Title: Xorg crashed with SIGSEGV in RADEONInit3DEngineMMIO()
Uname: Linux 2.6.31-10-generic x86_64
UserGroups:

dmi.bios.date: 10/28/2005
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A02
dmi.board.name: 0YC523
dmi.board.vendor: Dell Inc.
dmi.chassis.type: 7
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvrA02:bd10/28/2005:svnDellInc.:pnDellDXP051:pvr:rvnDellInc.:rn0YC523:rvr:cvnDellInc.:ct7:cvr:
dmi.product.name: Dell DXP051
dmi.sys.vendor: Dell Inc.
fglrx: Not loaded
system:
 distro: Ubuntu
 architecture: x86_64kernel: 2.6.31-10-generic

Revision history for this message
Brian Murray (brian-murray) wrote :
Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt (retraced)

StacktraceTop:RADEONInit3DEngine (pScrn=0xeb3a80)
R300DisplayTexturedVideoMMIO (
RADEONPutImageTextured (pScrn=0xeb3a80,
xf86XVPutImage (client=<value optimized out>,
ProcXvShmPutImage (client=0x1b7e5b0)

Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt (retraced)
Changed in xserver-xorg-video-ati (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Bryce Harrington (bryce)
tags: added: crash
Changed in xserver-xorg-video-ati (Ubuntu):
status: New → Confirmed
Brian Murray (brian-murray)
visibility: private → public
Revision history for this message
In , Bryce Harrington (bryce) wrote :

Forwarding this bug report from Ubuntu reporter Brian Murray:
https://bugs.edge.launchpad.net/ubuntu/+source/xserver-xorg-video-ati/+bug/435559

[Problem]
Segfault in RADEONInit3DEngineMMIO.

src/radeon_commonfuncs.c:85 indicates perhaps this line is at fault?

        if (info->dri->pKernelDRMVersion->version_major < 2) {

Perhaps dri and pKernelDRMVersion need checks for NULL prior to being dereferenced?

[Original Bug Report]
I've had this occur semi-regularly and probably could make it happen again if more information is need.

This information also appears in dmesg after it happens:

[91522.826463] [drm:radeon_ib_schedule] *ERROR* radeon: couldn't schedule IB(2).
[91522.826467] [drm:radeon_cs_ioctl] *ERROR* Faild to schedule IB !
[91522.826526] [drm:radeon_ib_schedule] *ERROR* radeon: couldn't schedule IB(2).
[91522.826529] [drm:radeon_cs_ioctl] *ERROR* Faild to schedule IB !
[91582.827185] [drm:radeon_bo_move] *ERROR* CP is not ready use memcpy.

ProblemType: Crash
Architecture: amd64
Date: Wed Sep 23 15:32:32 2009
DistroRelease: Ubuntu 9.10
ExecutablePath: /usr/bin/Xorg
MachineType: Dell Inc. Dell DXP051
Package: xserver-xorg-core 2:1.6.3-1ubuntu6
ProcCmdLine: root=/dev/md1 ro radeon.modeset=1
ProcCmdline: /usr/bin/X :0 -br -verbose -auth /var/run/gdm/auth-for-gdm-DGBOB6/database -nolisten tcp vt7
ProcCwd: /etc/X11
ProcEnviron:
 LANG=en_US.UTF-8
 PATH=(custom, no user)
ProcVersionSignature: Ubuntu 2.6.31-10.35-generic
RelatedPackageVersions:
 xserver-xorg 1:7.4+3ubuntu5
 libgl1-mesa-glx 7.6.0~git20090817.7c422387-0ubuntu5
 libdrm2 2.4.13-1ubuntu1
 xserver-xorg-video-intel 2:2.8.1-1ubuntu1
 xserver-xorg-video-ati 1:6.12.99+git20090825.fc74e119-0ubuntu2
SegvAnalysis:
 Segfault happened at: 0x7f9907bf81ed <RADEONInit3DEngine+15901>: cmpl $0x1,(%rcx)
 PC (0x7f9907bf81ed) ok
 source "$0x1" ok
 destination "(%rcx)" (0x00000000) not located in a known VMA region (needed writable region)!
SegvReason: writing NULL VMA
Signal: 11
SourcePackage: xorg-server
StacktraceTop:
 RADEONInit3DEngineMMIO (pScrn=0xeb3a80)
 RADEONInit3DEngine (pScrn=0xeb3a80) at ../../src/radeon_accel.c:1129
 R300DisplayTexturedVideoMMIO (
 RADEONPutImageTextured (pScrn=0xeb3a80,
 ?? ()
Title: Xorg crashed with SIGSEGV in RADEONInit3DEngineMMIO()
Uname: Linux 2.6.31-10-generic x86_64
UserGroups:

dmi.bios.date: 10/28/2005
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A02
dmi.board.name: 0YC523
dmi.board.vendor: Dell Inc.
dmi.chassis.type: 7
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvrA02:bd10/28/2005:svnDellInc.:pnDellDXP051:pvr:rvnDellInc.:rn0YC523:rvr:cvnDellInc.:ct7:cvr:
dmi.product.name: Dell DXP051
dmi.sys.vendor: Dell Inc.
fglrx: Not loaded
system:
 distro: Ubuntu
 architecture: x86_64kernel: 2.6.31-10-generic

Revision history for this message
In , Bryce Harrington (bryce) wrote :

Created an attachment (id=29854)
Lspci.txt

Revision history for this message
In , Bryce Harrington (bryce) wrote :

Created an attachment (id=29855)
BootDmesg.txt

Revision history for this message
In , Bryce Harrington (bryce) wrote :

Created an attachment (id=29856)
CurrentDmesg.txt

Revision history for this message
In , Bryce Harrington (bryce) wrote :

Created an attachment (id=29857)
Stacktrace.txt

Revision history for this message
In , Bryce Harrington (bryce) wrote :

Created an attachment (id=29858)
ThreadStacktrace.txt

Revision history for this message
In , agd5f (agd5f) wrote :

should be fixed in 7968e1fb89f6b59d1654df48249bf4b81990c008

Revision history for this message
Bryce Harrington (bryce) wrote :

Hmm, line 85 is this:

        if (info->dri->pKernelDRMVersion->version_major < 2) {

Perhaps one element in that change is null, and resuts in a null pointer deref?

Revision history for this message
Bryce Harrington (bryce) wrote :

Brian, I've forwarded this bug upstream to https://bugs.freedesktop.org/show_bug.cgi?id=24158 - please subscribe to this bug in case upstream needs more information or wishes you to test something. Thanks ahead of time.

Bug Watch Updater (bug-watch-updater)
Changed in xserver-xorg-driver-ati:
status: Unknown → Confirmed
Revision history for this message
Bryce Harrington (bryce) wrote :

here's the patch from upstream

Bug Watch Updater (bug-watch-updater)
Changed in xserver-xorg-driver-ati:
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xserver-xorg-video-ati - 1:6.12.99+git20090825.fc74e119-0ubuntu3

---------------
xserver-xorg-video-ati (1:6.12.99+git20090825.fc74e119-0ubuntu3) karmic; urgency=low

  * Add 100_radeoninit3dengine_crash.patch: Fix segfault in MMIO path in
    RADEONInit3DEngine.
    (LP: #435559)

 -- Bryce Harrington <email address hidden> Wed, 07 Oct 2009 00:29:04 -0700

Changed in xserver-xorg-video-ati (Ubuntu):
status: Confirmed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in xserver-xorg-driver-ati:
importance: Unknown → High
Bug Watch Updater (bug-watch-updater)
Changed in xserver-xorg-driver-ati:
importance: High → Unknown
Bug Watch Updater (bug-watch-updater)
Changed in xserver-xorg-driver-ati:
importance: Unknown → High
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.