Heap corruption regression in 2.15.0

Heap corruption regression in 2.15.0

[Ian Pilcher]

With the recently pushed Fedora 15 update to 2.15.0, I'm getting a hard
X hang every time I log out.  gdb backtrace reveals that glibc is dead-
locking trying to report a heap corruption:

#0  __lll_lock_wait_private () at
../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:100
#1  0x00007fb07f8c7c11 in _L_lock_10461 () at malloc.c:6486
#2  0x00007fb07f8c59d7 in __libc_malloc (bytes=140396034138592) at
malloc.c:3657
#3  0x00007fb07f8bb35d in __libc_message (do_abort=2,
    fmt=0x7fb07f9a6fb8 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:137
#4  0x00007fb07f8c196a in malloc_printerr (action=3,
    str=0x7fb07f9a3f92 "corrupted double-linked list", ptr=<optimized
out>) at
malloc.c:6283
#5  0x00007fb07f8c1d48 in malloc_consolidate (av=0x7fb07fbe21e0) at
malloc.c:5161
#6  0x00007fb07f8c2669 in malloc_consolidate (av=0x7fb07fbe21e0) at
malloc.c:5115
#7  _int_free (av=0x7fb07fbe21e0, p=<optimized out>, have_lock=0) at
malloc.c:5034
#8  0x000000351360c01f in FontFileFreeDir (dir=0x1fef3d0) at fontdir.c:166
#9  0x000000351360ce18 in FontFileFreeFPE (fpe=0x1fef360) at fontfile.c:139
#10 0x000000351360f89e in CatalogueUnrefFPEs (fpe=<optimized out>) at
catalogue.c:116
#11 0x000000351360fe41 in CatalogueFreeFPE (fpe=0x1fb8f00) at
catalogue.c:272
#12 0x000000000042f09d in FreeFPE (fpe=0x1fb8f00) at dixfonts.c:218
#13 FreeFPE (fpe=0x1fb8f00) at dixfonts.c:214
#14 0x000000000042f107 in FreeFontPath (list=0x1fb54b0, n=2, force=1) at
dixfonts.c:1628
#15 0x0000000000432257 in FreeFonts () at dixfonts.c:1998
#16 0x0000000000422f1e in main (argc=<optimized out>, argv=0x7fff89fd3fb8,
envp=<optimized out>)
    at main.c:329

This does not happen with the 2.14.0 package (verified by downgrading).

Anyone have any ideas for potential suspect commits?

Thanks!

-- 
========================================================================
Ian Pilcher                                         arequipeno@gmail.com
"If you're going to shift my paradigm ... at least buy me dinner first."
========================================================================

Re: Heap corruption regression in 2.15.0

[Chris Wilson]

On Tue, 17 May 2011 23:17:01 -0500, Ian Pilcher <arequipeno@gmail.com> wrote:
> With the recently pushed Fedora 15 update to 2.15.0, I'm getting a hard
> X hang every time I log out.  gdb backtrace reveals that glibc is dead-
> locking trying to report a heap corruption:

What sort of tasks do you do during the sessions that encounter this
corruption? Is it limited to a single chipset?

When I valgrind, I tend to stick to the automated tests, i.e. those that I
can run remotely and leave running, for the obvious reasons.... If you can
narrow done the circumstances under which it occurs, I can then hopefully
reproduce it and capture the error.

Thanks,
-Chris

-- 
Chris Wilson, Intel Open Source Technology Centre

Re: Heap corruption regression in 2.15.0

[Ian Pilcher]

On 05/18/2011 02:43 AM, Chris Wilson wrote:
> What sort of tasks do you do during the sessions that encounter this
> corruption? Is it limited to a single chipset?

It doesn't seem to take much ... I basically log in to KDE (startx), do
a bit of work, and logout.  I haven't been able to reproduce the problem
with anything less than full-on KDE started from startx, however.

I'm in the process of trying to bisect 2.14.0 - 2.15.0.

One thing I just noticed.  I'm using glxgears as part of my test work-
load, and I noticed that the vsync seems very messed up with 2.15.0 --
lots of "flickering"; doesn't happen with 2.14.0.  I have no idea if
this is related or not ...

Thanks for the response.  I will let you know if the bisect turns up
anything useful.

-- 
========================================================================
Ian Pilcher                                         arequipeno@gmail.com
"If you're going to shift my paradigm ... at least buy me dinner first."
========================================================================

Re: Heap corruption regression in 2.15.0

[Ian Pilcher]

On 05/18/2011 10:54 AM, Ian Pilcher wrote:
> I'm in the process of trying to bisect 2.14.0 - 2.15.0.

It looks like the problematic commit is one of:

e1ff5182304e00c0d392092069422cae7626cf8d  Handle drawable/client
    destruction in pending swaps/flips

86f23f21ab57fcbc031bcd2b8f432a08ff4cc320  Skip client and drawable
   resource delete calls when deleting frame event

I wasn't able to test with only the first commit, because KDE gets stuck
on its "splash screen".

I'm not sure what to do next ...

-- 
========================================================================
Ian Pilcher                                         arequipeno@gmail.com
"If you're going to shift my paradigm ... at least buy me dinner first."
========================================================================

Re: Heap corruption regression in 2.15.0

[Ian Pilcher]

On 05/18/2011 01:23 PM, Ian Pilcher wrote:
> 
> It looks like the problematic commit is one of:
> 
> e1ff5182304e00c0d392092069422cae7626cf8d  Handle drawable/client
>     destruction in pending swaps/flips
> 
> 86f23f21ab57fcbc031bcd2b8f432a08ff4cc320  Skip client and drawable
>    resource delete calls when deleting frame event
> 

I have bugzilla'ed this at:

    https://bugs.freedesktop.org/show_bug.cgi?id=37420

Any thoughts on how I can further debug this?  It's gonna suck to be
stuck on 2.14.0 forever ...

-- 
========================================================================
Ian Pilcher                                         arequipeno@gmail.com
"If you're going to shift my paradigm ... at least buy me dinner first."
========================================================================