<html> <head> <base href="https://bugs.freedesktop.org/" /> </head> <body><table border="1" cellspacing="0" cellpadding="8"> <tr> <th>Priority</th> <td>medium </td> </tr> <tr> <th>Bug ID</th> <td><a class="bz_bug_link bz_status_NEW " title="NEW --- - Image decoding corruption and linux kernel crash with hardware reset" href="https://bugs.freedesktop.org/show_bug.cgi?id=67209">67209</a> </td> </tr> <tr> <th>Assignee</th> <td>chris@chris-wilson.co.uk </td> </tr> <tr> <th>Summary</th> <td>Image decoding corruption and linux kernel crash with hardware reset </td> </tr> <tr> <th>QA Contact</th> <td>intel-gfx-bugs@lists.freedesktop.org </td> </tr> <tr> <th>Severity</th> <td>normal </td> </tr> <tr> <th>Classification</th> <td>Unclassified </td> </tr> <tr> <th>OS</th> <td>Linux (All) </td> </tr> <tr> <th>Reporter</th> <td>carstenmattner@gmail.com </td> </tr> <tr> <th>Hardware</th> <td>x86 (IA32) </td> </tr> <tr> <th>Status</th> <td>NEW </td> </tr> <tr> <th>Version</th> <td>unspecified </td> </tr> <tr> <th>Component</th> <td>Driver/intel </td> </tr> <tr> <th>Product</th> <td>xorg </td> </tr></table> <p> <div> <pre>Related bugs filed earlier: <a href="https://bugs.archlinux.org/task/36105">https://bugs.archlinux.org/task/36105</a> <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=892567">https://bugzilla.mozilla.org/show_bug.cgi?id=892567</a> Steps to reproduce: Opening a jpeg like <a href="http://blather.michaelwlucas.com/wp-content/uploads/2013/07/ao2e-index.jpg">http://blather.michaelwlucas.com/wp-content/uploads/2013/07/ao2e-index.jpg</a> first gets decoded correctly and once it's done the bottom half of the image gets corrupted. In one test the corrupted part displayed small snapshots of the Firefox window. When I clicked reload twice the kernelcrashed and reset the machine. The corruption happens with Firefox 22 to 25 and with 24 and 25 I was able to reliably make it crash while at least 22 doesn't crash the kernel. A workaround is to either set Firefox's gfx.xrender.enabled to false or disable SNA in /etc/X11/xorg.conf.d. SNA used to work without corrupted images or any other issues before a couple months ago and the bug must have slipped in one of the kernel or xf86-video-intel release of the last 3 months or so. Also of interest is that with SNA enabled presumably caused by the same bug Gtk+ 2.x widgets sometimes sporadically draw the inner part of button or scroll bars rectangles corrupted but that never caused an instant crash with hardware reset. This looks like a critical memory corruption bug in the xorg or kernel code. Software and hardware info: * Core2Duo in Mac Mini 2,1 running in 32bit mode * linux 3.10.2 * xf86-video-intel 2.21.11 * mesa 9.1.5 * Intel 945GM Actual results: Corrupted image and kernel crash with reset upon hitting reload button. Expected results: Image should be decoded and displayed correctly without resetting the machine. >From Xorg.log with SNA enabled: [ 73.948] (==) Depth 24 pixmap format is 32 bpp [ 73.948] (II) intel(0): SNA initialized with Alviso (gen3) backend [ 73.948] (==) intel(0): Backing store disabled [ 73.948] (==) intel(0): Silken mouse enabled [ 73.948] (II) intel(0): HW Cursor enabled [ 73.948] (II) intel(0): RandR 1.2 enabled, ignore the following RandR disabled message. [ 73.948] (==) intel(0): DPMS enabled [ 73.948] (II) intel(0): [XvMC] i915_xvmc driver initialized. [ 73.948] (II) intel(0): [DRI2] Setup complete [ 73.948] (II) intel(0): [DRI2] DRI driver: i915 [ 73.948] (II) intel(0): direct rendering: DRI2 Enabled [ 73.948] (==) intel(0): hotplug detection: "enabled" [ 73.949] (--) RandR disabled [ 73.968] (II) AIGLX: enabled GLX_MESA_copy_sub_buffer [ 73.968] (II) AIGLX: enabled GLX_INTEL_swap_event [ 73.968] (II) AIGLX: enabled GLX_ARB_create_context [ 73.968] (II) AIGLX: enabled GLX_ARB_create_context_profile [ 73.968] (II) AIGLX: enabled GLX_EXT_create_context_es2_profile [ 73.968] (II) AIGLX: enabled GLX_SGI_swap_control and GLX_MESA_swap_control [ 73.968] (II) AIGLX: GLX_EXT_texture_from_pixmap backed by buffer objects [ 73.969] (II) AIGLX: Loaded and initialized i915 [ 73.969] (II) GLX: Initialized DRI2 GL provider for screen 0 >From Xorg.log without SNA enabled: [ 4731.653] (==) Depth 24 pixmap format is 32 bpp [ 4731.653] (II) intel(0): [DRI2] Setup complete [ 4731.653] (II) intel(0): [DRI2] DRI driver: i915 [ 4731.653] (II) UXA(0): Driver registered support for the following operations: [ 4731.653] (II) solid [ 4731.653] (II) copy [ 4731.653] (II) composite (RENDER acceleration) [ 4731.654] (II) put_image [ 4731.654] (II) get_image [ 4731.654] (==) intel(0): Backing store disabled [ 4731.654] (==) intel(0): Silken mouse enabled [ 4731.654] (II) intel(0): Initializing HW Cursor [ 4731.654] (II) intel(0): RandR 1.2 enabled, ignore the following RandR disabled message. [ 4731.654] (==) intel(0): DPMS enabled [ 4731.654] (==) intel(0): Intel XvMC decoder disabled [ 4731.654] (II) intel(0): Set up textured video [ 4731.654] (II) intel(0): Set up overlay video [ 4731.654] (II) intel(0): direct rendering: DRI2 Enabled [ 4731.654] (==) intel(0): hotplug detection: "enabled" [ 4731.683] (--) RandR disabled [ 4731.703] (II) AIGLX: enabled GLX_MESA_copy_sub_buffer [ 4731.703] (II) AIGLX: enabled GLX_INTEL_swap_event [ 4731.703] (II) AIGLX: enabled GLX_ARB_create_context [ 4731.703] (II) AIGLX: enabled GLX_ARB_create_context_profile [ 4731.703] (II) AIGLX: enabled GLX_EXT_create_context_es2_profile [ 4731.703] (II) AIGLX: enabled GLX_SGI_swap_control and GLX_MESA_swap_control [ 4731.703] (II) AIGLX: GLX_EXT_texture_from_pixmap backed by buffer objects [ 4731.703] (II) AIGLX: Loaded and initialized i915 [ 4731.703] (II) GLX: Initialized DRI2 GL provider for screen 0</pre> </div> </p> <hr> <span>You are receiving this mail because:</span> <ul> <li>You are the QA Contact for the bug.</li> </ul> </body> </html>