OOPS: kernel NULL pointer dereference in _ZN20CMMHeap_SystemMemory8pushPoolEP7CMMPool+0x11/0x40

Bug #1023916 reported by dlebauer on 2012-07-12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
fglrx-installer (Ubuntu)

Bug Description

[828569.267569] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
[828569.267575] IP: [<ffffffffa019e291>] _ZN20CMMHeap_SystemMemory8pushPoolEP7CMMPool+0x11/0x40 [fglrx]
[828569.267625] PGD 0
[828569.267627] Oops: 0002 [#1] SMP
[828569.267629] CPU 1
[828569.267630] Modules linked in: pci_stub vboxpci(O) vboxnetadp(O) vboxnetflt(O) vboxdrv(O) dm_crypt snd_hda_codec_analog snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq dcdbas bnep fglrx(P) snd_timer snd_seq_device mac_hid rfcomm mei(C) snd psmouse serio_raw ppdev bluetooth soundcore snd_page_alloc parport_pc binfmt_misc lp parport vesafb usbhid hid e1000e usb_storage
[828569.267653] Pid: 1398, comm: Xorg Tainted: P C O 3.2.0-25-generic #40-Ubuntu Dell Inc. OptiPlex 755 /0PU052
[828569.267656] RIP: 0010:[<ffffffffa019e291>] [<ffffffffa019e291>] _ZN20CMMHeap_SystemMemory8pushPoolEP7CMMPool+0x11/0x40 [fglrx]
[828569.267687] RSP: 0018:ffff8802297a79c0 EFLAGS: 00010297
[828569.267689] RAX: ffff8801c660a008 RBX: ffffc900120f4150 RCX: 0000000000000000
[828569.267690] RDX: 0000000000000000 RSI: ffffc900120f4018 RDI: ffff8801c660ae30
[828569.267692] RBP: 0000000000000002 R08: ffffffffa01ceeb0 R09: ffff8801c660a008
[828569.267693] R10: ffffc900120f4090 R11: ffff8801c660a008 R12: ffff8801c660ae30
[828569.267695] R13: 0000000000000040 R14: 0000000000000000 R15: 0000000000000000
[828569.267697] FS: 00007fb6287e0880(0000) GS:ffff880237c40000(0000) knlGS:0000000000000000
[828569.267699] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[828569.267700] CR2: 0000000000000008 CR3: 00000001e507d000 CR4: 00000000000006e0
[828569.267702] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[828569.267703] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[828569.267705] Process Xorg (pid: 1398, threadinfo ffff8802297a6000, task ffff880014802de0)
[828569.267707] Stack:
[828569.267708] ffffffffa019dcb6 0000000000000000 ffff8801c660ae30 ffff8801c660aec8
[828569.267711] 0000000000000200 0000000000000000 ffffffffa0136c55 0000000000080000
[828569.267714] ffff8801c660ae30 ffffffffa01ceeb0 ffffffffa0136fb8 ffffc9001b606fc0
[828569.267717] Call Trace:
[828569.267749] [<ffffffffa019dcb6>] ? _ZN7CMMHeap15createPoolSpaceI21CMMPoolAsicAccessibleEEbj+0xb6/0xc0 [fglrx]
[828569.267789] [<ffffffffa0136c55>] ? _ZN20CMMHeap_SystemMemory10obtainPoolEv+0x85/0xc0 [fglrx]
[828569.267825] [<ffffffffa0136fb8>] ? _ZN16CMMHeap_PAGEABLE10expandHeapEm+0x18/0xb0 [fglrx]
[828569.267856] [<ffffffffa019daaa>] ? _ZN7CMMHeap10expandHeapEmRmPv+0xa/0x10 [fglrx]
[828569.267892] [<ffffffffa01359af>] ? _ZN7CMMHeap21allocateMorePoolSpaceEmPv+0x8f/0x1b0 [fglrx]
[828569.267929] [<ffffffffa013437e>] ? _ZN14CMMHeapManager13allocPageableEjR14CMM_ALLOCATION+0xbe/0x100 [fglrx]
[828569.267966] [<ffffffffa013e8b7>] ? _ZN9CMMObjectnwEmP8CMM_CORE+0x37/0x70 [fglrx]
[828569.268002] [<ffffffffa0142462>] ? _ZN8MSF_CORE21get_surface_structureEv+0xc2/0xe0 [fglrx]
[828569.268002] [<ffffffffa012c63f>] ? _ZN3MSF11create_surfEP9CMMClientP9CMMDriverPvRA4_K14CMM_ALLOCATIONP16MSF_SURF_ATTRIBS+0x1f/0x1c0 [fglrx]
[828569.268002] [<ffffffffa012dd43>] ? _ZN3MSF21handle_shared_surfaceEP9CMMClientP9CMMDriverP10CMMSurfaceP16MSF_SURF_ATTRIBSP15_CMM_RETURNCODE+0x113/0x280 [fglrx]
[828569.268002] [<ffffffffa0128216>] ? CMMAllocSurface_WA+0x656/0xba0 [fglrx]
[828569.268002] [<ffffffffa014c589>] ? _Z27cmmGetHeapTotalAndFreeBytesP9CMMDriver9_CMM_HEAPjRxS2_+0x69/0xe0 [fglrx]
[828569.268002] [<ffffffffa00ab90e>] ? KCL_STR_Memcpy+0xe/0x10 [fglrx]
[828569.268002] [<ffffffffa00d6262>] ? firegl_trace+0x72/0x1e0 [fglrx]
[828569.268002] [<ffffffff8116304d>] ? __kmalloc+0x13d/0x190
[828569.268002] [<ffffffffa0139899>] ? _Z8uCWDDEQCmjjPvjS_+0xb59/0x10c0 [fglrx]
[828569.268002] [<ffffffff8109056e>] ? down+0x2e/0x50
[828569.268002] [<ffffffffa00d8b6f>] ? firegl_cmmqs_CWDDE_32+0x36f/0x480 [fglrx]
[828569.268002] [<ffffffffa00d72de>] ? firegl_cmmqs_CWDDE32+0x6e/0x100 [fglrx]
[828569.268002] [<ffffffff8129d061>] ? security_capable+0x21/0x30
[828569.268002] [<ffffffffa00d7270>] ? firegl_cmmqs_createdriver+0x170/0x170 [fglrx]
[828569.268002] [<ffffffffa00b412d>] ? firegl_ioctl+0x1ed/0x250 [fglrx]
[828569.268002] [<ffffffffa00a49be>] ? ip_firegl_unlocked_ioctl+0xe/0x20 [fglrx]
[828569.268002] [<ffffffff8118a01a>] ? do_vfs_ioctl+0x8a/0x340
[828569.268002] [<ffffffff811780fd>] ? vfs_read+0x10d/0x180
[828569.268002] [<ffffffff8118a361>] ? sys_ioctl+0x91/0xa0
[828569.268002] [<ffffffff81665c42>] ? system_call_fastpath+0x16/0x1b
[828569.268002] Code: 00 00 00 00 00 00 00 00 00 00 48 8d 47 68 c3 00 00 00 00 00 00 00 00 00 00 00 31 c9 48 8b 97 98 00 00 00 83 7e 18 02 48 0f 44 ce <48> 89 51 08 ff 87 a0 00 00 00 48 89 8f 98 00 00 00 c3 00 00 00
[828569.268002] RIP [<ffffffffa019e291>] _ZN20CMMHeap_SystemMemory8pushPoolEP7CMMPool+0x11/0x40 [fglrx]
[828569.268002] RSP <ffff8802297a79c0>
[828569.268002] CR2: 0000000000000008
[828569.268429] ---[ end trace 43afacb06736f0b1 ]---

Answers to important questions on https://wiki.ubuntu.com/X/Troubleshooting/Freeze

Q: Have you experienced just one or a series of lockups?
A: I have had several freezes. They occur approximately once a week. They seem to be randomly distributed (e.g. freeze ~ poisson(rate = 1/week)) although I can not rule out that there may be some auto-correlation.

Q: Under what conditions does it seem most likely to reproduce?
* only at boot time: NO
* when resuming from suspend or hibernate: NO
* only when compositing: NO (also occurs in "classic mode")
* when changing resolution or enabling/disabling monitors: NO
* when screensaver or power saving mode kicks in: NO
* visiting particular web pages or loading particular files: PERHAPS, but I can not reproduce it. It has definitely happened multiple times when I was using the web browser (both firefox and chrome at the same time) and it has also happened more than once when a) editing/asking questions at stackexchange site and b) editing figures at lucidchart.com
* switching betwen desktops: NO
* when performing a specific sequence of actions: NO. I have not been able to reliably reproduce this freeze; as suggested at http://askubuntu.com/q/156925/8039, I have been unsuccessful trying to reproduce the freeze by a) doing a lot of rapid work combined with changing the zoom levels at lucidchart.com; by rapidly opening / closing apps and switching desktops, and also by runing do_chws_loop, do_glx_loop, do_monitor_disable_loop, do_screensaver_loop, do_video_loop, and do_vtswitch_loop in /usr/share/xdiagnose/workloads/.

Additional steps:

The file regdump_good.txt has the output from "avivotool regs all"
I tried gathering the output from this command during the freeze (via ssh) but did not realize that I needed to run as root, so the file is empty.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: xorg 1:7.6+12ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-25.40-generic 3.2.18
Uname: Linux 3.2.0-25-generic x86_64
NonfreeKernelModules: fglrx

ApportVersion: 2.0.1-0ubuntu8
Architecture: amd64
CompizPlugins: [core,bailer,detection,composite,opengl,decor,mousepoll,vpswitch,regex,animation,snap,expo,move,compiztoolbox,place,grid,imgpng,gnomecompat,wall,ezoom,workarounds,resize,fade,unitymtgrabhandles,scale,session,unityshell]
CompositorRunning: None
Date: Thu Jul 12 09:31:15 2012
DistUpgraded: Fresh install
DistroCodename: precise
DistroVariant: ubuntu
 fglrx, 8.960, 3.2.0-25-generic, x86_64: installed
 vboxhost, 4.1.10, 3.2.0-24-generic, x86_64: installed
 vboxhost, 4.1.10, 3.2.0-25-generic, x86_64: installed
ExtraDebuggingInterest: Yes, whatever it takes to get this fixed in Ubuntu
GpuHangFrequency: Once a week
GpuHangReproducibility: Seems to happen randomly
GpuHangStarted: Immediately after installing this version of Ubuntu
 Advanced Micro Devices [AMD] nee ATI RV610 [Radeon HD 2400 XT] [1002:94c1] (prog-if 00 [VGA controller])
   Subsystem: Dell Optiplex 755 [1028:0d02]
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
 xorg:fglrx_updates - ATI/AMD proprietary FGLRX graphics driver (post-release updates) (Proprietary, Disabled, Not in use)
 xorg:fglrx - ATI/AMD proprietary FGLRX graphics driver (Proprietary, Enabled, In use)
MachineType: Dell Inc. OptiPlex 755
 PATH=(custom, no user)
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.2.0-25-generic root=UUID=a602f70d-99c6-43bc-a8d3-32a723a6904c ro quiet splash vt.handoff=7
SourcePackage: xorg
Symptom: display
Title: Xorg freeze
UnitySupportTest: Error: command ['/usr/lib/nux/unity_support_test', '-p', '-f'] failed with exit code 1: Error: no composite extension
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/04/2008
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A11
dmi.board.name: 0PU052
dmi.board.vendor: Dell Inc.
dmi.chassis.type: 15
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvrA11:bd08/04/2008:svnDellInc.:pnOptiPlex755:pvr:rvnDellInc.:rn0PU052:rvr:cvnDellInc.:ct15:cvr:
dmi.product.name: OptiPlex 755
dmi.sys.vendor: Dell Inc.
version.compiz: compiz 1:
version.fglrx-installer: fglrx-installer N/A
version.ia32-libs: ia32-libs 20090808ubuntu36
version.libdrm2: libdrm2 2.4.32-1ubuntu1
version.libgl1-mesa-dri: libgl1-mesa-dri 8.0.2-0ubuntu3.1
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 8.0.2-0ubuntu3.1
version.xserver-xorg-core: xserver-xorg-core 2:1.11.4-0ubuntu10.2
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.7.0-0ubuntu1
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:6.14.99~git20111219.aacbd629-0ubuntu2
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.17.0-1ubuntu4
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:0.0.16+git20111201+b5534a1-1build2

dlebauer (dlebauer) wrote :
dlebauer (dlebauer) wrote :

This is the output from "dmesg > dmesg.txt"

dlebauer (dlebauer) wrote :
dlebauer (dlebauer) wrote :

It happened another time, so now I have the output from avivotool during a lockup

as an update, it does seem to occur in clusters (twice today)

This time, only chrome was open, but I was working in gnome-terminal when this happened.

bugbot (bugbot) on 2012-07-19
tags: added: kubuntu
bugbot (bugbot) on 2012-07-19
affects: xorg (Ubuntu) → fglrx-installer (Ubuntu)
Bryce Harrington (bryce) wrote :

@tseliot, please pass this bug up to AMD. Looks like the driver is oopsing in the fglrx kernel code.

description: updated
summary: - Xorg freeze
+ OOPS: kernel NULL pointer dereference in
+ _ZN20CMMHeap_SystemMemory8pushPoolEP7CMMPool+0x11/0x40
Changed in fglrx-installer (Ubuntu):
status: New → Triaged
importance: Undecided → High
assignee: nobody → Alberto Milone (albertomilone)
assignee: Alberto Milone (albertomilone) → nobody
Aaron Haviland (aaron-haviland) wrote :

I had this same bug and it appears to have been fixed already in the latest version. I have upgraded to 8.98 from xorg-edgers and have not had an OOPS recurrence in over a week. It was previously a couple times a day, often triggered by interaction with a flash plugin.

As a reference point: I did not experience this OOPS until I added a second video card to support a dual-head setup.
Both cards are HD 6870.

$ apt-cache policy fglrx
  Installed: 2:8.980-0ubuntu1~xedgers~precise1
  Candidate: 2:8.980-0ubuntu1~xedgers~precise1
  Version table:
 *** 2:8.980-0ubuntu1~xedgers~precise1 0
        100 /var/lib/dpkg/status
     2:8.960-0ubuntu1.1 0
        900 http://mirrors.rit.edu/ubuntu/ precise-updates/restricted amd64 Packages
     2:8.960-0ubuntu1 0
        500 http://mirrors.rit.edu/ubuntu/ precise/restricted amd64 Packages

To post a comment you must log in.