Ubuntu
rss-glx package

solarwinds crashed with SIGFPE in vbo_exec_vtx_flush()

Bug #346072 reported by Martin Olsson
284
This bug affects 66 people
Affects Status Importance Assigned to Milestone
Mesa
Fix Released
Medium
mesa (Ubuntu)
Fix Released
Undecided
Unassigned
rss-glx (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

Binary package hint: rss-glx

crash

I was running in UXA mode using xorg-edgers as of march 20th and a vanilla 2.6.29-rc8 kernel compiled with ubuntu's kernel config.

ProblemType: Crash
Architecture: amd64
CrashCounter: 1
DistroRelease: Ubuntu 9.04
ExecutablePath: /usr/lib/xscreensaver/solarwinds
Package: rss-glx 0.8.2-1ubuntu3
ProcCmdline: solarwinds -r
ProcEnviron:
 PATH=(custom, no user)
 LANG=en_US.UTF-8
Signal: 8
SourcePackage: rss-glx
StacktraceTop:
 vbo_exec_vtx_flush (exec=0x18a4a40, unmap=0 '\0')
 ?? ()
 ?? ()
 ?? ()
 ?? ()
Title: solarwinds crashed with SIGFPE in vbo_exec_vtx_flush()
Uname: Linux 2.6.29-020629rc8-generic x86_64
UserGroups: adm admin cdrom dialout fuse lpadmin plugdev sambashare

Revision history for this message
Martin Olsson (mnemo) wrote :
Revision history for this message
Apport retracing service (apport) wrote : Symbolic stack trace

StacktraceTop:?? () from /usr/lib/dri/i965_dri.so
wind::update ()
hack_draw ()
mainLoop ()
main ()

Revision history for this message
Apport retracing service (apport) wrote : Symbolic threaded stack trace
Changed in rss-glx:
importance: Undecided → Medium
Brian Murray (brian-murray)
visibility: private → public
Changed in rss-glx (Ubuntu):
status: New → Triaged
Revision history for this message
Daniel Hermansson (daniel.h) wrote :

Also happens on ati (radeon-kms ppa)

Jonathan Thomas (echidnaman)
affects: rss-glx (Ubuntu) → mesa (Ubuntu)
Changed in mesa (Ubuntu):
status: Triaged → Confirmed
Bryce Harrington (bryce)
affects: mesa (Ubuntu) → xscreensaver (Ubuntu)
Changed in xscreensaver (Ubuntu):
status: Confirmed → New
Revision history for this message
Tormod Volden (tormodvolden) wrote :

Can you please try again with Karmic?

affects: xscreensaver (Ubuntu) → mesa (Ubuntu)
Changed in mesa (Ubuntu):
assignee: nobody → Tormod Volden (tormodvolden)
status: New → Incomplete
Revision history for this message
Martin Olsson (mnemo) wrote :

Yes I just repro'd it on karmic. I just had to open the screensaver dialog and then I selected solarwinds and press "Preview". I let the apport crash submit from karmic and I marked that bug (417855) as a duplicate of this one in case the fresh logs contains additional clues.

As of right now, Karmic still has "mesa 7.5-1ubuntu1" though. I wonder if this repros on the 7.6 branch (I don't have time to check this right now though).

Revision history for this message
Martin Olsson (mnemo) wrote :

Here is a gdb log showing /usr/lib/xscreensaver/solarwinds being executing succesfully a couple of times in karmic-as-of-aug-23rd and then on the 4th time the program is started, it hits a SIGFPE almost right away. The log includes "bt full" and "info registers".

Changed in mesa (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Martin Olsson (mnemo) wrote :
Revision history for this message
Tormod Volden (tormodvolden) wrote : Re: [i965] solarwinds crashed with SIGFPE in vbo_exec_vtx_flush()

Thanks. The 7.6 snapshot should get into the archive within the next days, so let's see then.

summary: - solarwinds crashed with SIGFPE in vbo_exec_vtx_flush()
+ [i965] solarwinds crashed with SIGFPE in vbo_exec_vtx_flush()
Revision history for this message
Tormod Volden (tormodvolden) wrote :

In fact I can reproduce it on r300 also (M26 card) with 7.6.0~git20090817.7c422387-0ubuntu0sarvatt.
Presets 2, 3 and 4 are crashing here: /usr/lib/xscreensaver/solarwinds --preset 2

summary: - [i965] solarwinds crashed with SIGFPE in vbo_exec_vtx_flush()
+ solarwinds crashed with SIGFPE in vbo_exec_vtx_flush()
Changed in mesa (Ubuntu):
assignee: Tormod Volden (tormodvolden) → nobody
Revision history for this message
Tormod Volden (tormodvolden) wrote :
Revision history for this message
Tormod Volden (tormodvolden) wrote :

It seems that vbo_exec_vtx_flush gets called with exec->vtx.vertex_size=0 and we get a division by zero. Not sure I understand this, but since this happens when linelist[i][1] = -1 in wind::update, I thought it was a bit strange that an empty GL_LINES block is run. This patch seems to avoid the crash at least.

affects: mesa (Ubuntu) → rss-glx (Ubuntu)
Revision history for this message
Tormod Volden (tormodvolden) wrote :

I am pretty sure this just exposes a bug in mesa though.

Revision history for this message
In , Bugzi09-fdo-tormod (bugzi09-fdo-tormod) wrote :

Created an attachment (id=28886)
test case

If for instance,
       glBegin(GL_LINES);
       glEnd();
is repeated (64 times here) mesa will crash with

Program received signal SIGFPE, Arithmetic exception.
0x0109d5a0 in vbo_exec_vtx_flush (exec=0x809fc98, unmap=0 '\0')

because exec->vtx.vertex_size = 0 and we get a division by zero. Not that this is a useful construct, but it happens in some programs and did not crash before. http://www.opengl.org/documentation/specs/man_pages/hardcopy/GL/html/gl/begin.html says "Lines, triangles, quadrilaterals, and polygons that are incompletely specified are not drawn."

The attached test program demonstrates the crash (it is based on the example in http://glprogramming.com/red/chapter01.html :) )

Revision history for this message
In , Brian-paul (brian-paul) wrote :

Fixed with commit b9b04872d526ed7955f647542399e110ace0325c.
This'll be in Mesa 7.5.1 and later.

Bryce Harrington (bryce)
tags: added: crash
Revision history for this message
Martin Olsson (mnemo) wrote :

Wow.. great work narrowing that down Tormod!

Bug Watch Updater (bug-watch-updater)
Changed in mesa:
status: Unknown → Fix Released
Revision history for this message
Tormod Volden (tormodvolden) wrote :

Fixed upstream in http://cgit.freedesktop.org/mesa/mesa/commit/?id=93aa0fd81c44c7a5f29f30e8f730e060597b06ad

Revision history for this message
In , Bugzi09-fdo-tormod (bugzi09-fdo-tormod) wrote :

*** Bug 20850 has been marked as a duplicate of this bug. ***

Tormod Volden (tormodvolden)
Changed in mesa (Ubuntu):
status: New → Confirmed
Revision history for this message
Tormod Volden (tormodvolden) wrote :

My patch above was sent to and accepted by the upstream rss-glx author, so we might consider applying it until we have it through an upstream release. When it comes to SRU, the rss-glx workaround is trivial, whereas we might be more cautious about touching the mesa libraries.

Bryce Harrington (bryce)
tags: added: jaunty
LEKE316 (leke316)
Changed in mesa:
status: Fix Released → Incomplete
status: Incomplete → Fix Released
Revision history for this message
spbrereton (simon-brereton) wrote :

I suppose it makes sense for me to add I'm on a MacBook Pro 2.2 - and running Karmic..

Revision history for this message
Bryce Harrington (bryce) wrote :

Confirmed that the fix for the mesa aspect of this bug is already present in Karmic now.

Changed in mesa (Ubuntu):
status: Confirmed → Fix Released
David Futcher (bobbo)
tags: added: patch-accepted-upstream
Bug Watch Updater (bug-watch-updater)
Changed in mesa:
importance: Unknown → Medium
Bug Watch Updater (bug-watch-updater)
Changed in mesa:
importance: Medium → Unknown
Bug Watch Updater (bug-watch-updater)
Changed in mesa:
importance: Unknown → Medium
Revision history for this message
resolv_25 (elcondor1008-hotmail) wrote :

Problem with this screensaver (actually, the other screensaver from the same package), system gets frozen, and brute force restart is the only way out.
This is on Natty Ubuntu - 32-bit.
Version of rss-glx is 0.9.1-3ubuntu1

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.