<html> <head> <base href="https://bugs.freedesktop.org/" /> </head> <body><table border="1" cellspacing="0" cellpadding="8"> <tr> <th>Bug ID</th> <td><a class="bz_bug_link bz_status_NEW " title="NEW - vmwgfx null ptr dereference at vmw_screen_ioctl.c:76 due to ioctl failure" href="https://bugs.freedesktop.org/show_bug.cgi?id=91098">91098</a> </td> </tr> <tr> <th>Summary</th> <td>vmwgfx null ptr dereference at vmw_screen_ioctl.c:76 due to ioctl failure </td> </tr> <tr> <th>Product</th> <td>Mesa </td> </tr> <tr> <th>Version</th> <td>10.6 </td> </tr> <tr> <th>Hardware</th> <td>Other </td> </tr> <tr> <th>OS</th> <td>All </td> </tr> <tr> <th>Status</th> <td>NEW </td> </tr> <tr> <th>Severity</th> <td>normal </td> </tr> <tr> <th>Priority</th> <td>medium </td> </tr> <tr> <th>Component</th> <td>Other </td> </tr> <tr> <th>Assignee</th> <td>mesa-dev@lists.freedesktop.org </td> </tr> <tr> <th>Reporter</th> <td>freedesktop@pargon.nl </td> </tr> <tr> <th>QA Contact</th> <td>mesa-dev@lists.freedesktop.org </td> </tr></table> <p> <div> <pre>I'm experiencing occasional crashes of gnome-shell (3.16) due to failed ioctls requested by Mesa's vmware DRI backend. Any pointers on where I should take the apparent root issue would be appreciated - I have no idea whether Mesa or the kernel driver is at fault for the ioctl failing in the first place. Kernel logs (v4.0.5) report an ioctl failure: [15949.294396] [drm:vmw_generic_ioctl [vmwgfx]] *ERROR* Dropped master trying to access ioctl that requires authentication. [15949.294400] [drm] IOCTL ERROR Command 65, Error -13. [15949.296209] [drm:vmw_generic_ioctl [vmwgfx]] *ERROR* Dropped master trying to access ioctl that requires authentication. [15949.296214] [drm] IOCTL ERROR Command 65, Error -13. [15949.296468] [drm:vmw_generic_ioctl [vmwgfx]] *ERROR* Dropped master trying to access ioctl that requires authentication. [15949.296470] [drm] IOCTL ERROR Command 87, Error -13. [15949.296478] gnome-shell[337]: segfault at 20 ip 00007ff502cb4680 sp 00007ffeaeea96e8 error 4 in vmwgfx_dri.so[7ff50293f000+506000] Followed by a crash of gnome-shell, due to an apparent null pointer dereference: Core was generated by `gnome-shell --mode=gdm --wayland --display-server'. Program terminated with signal SIGSEGV, Segmentation fault. #0 vmw_region_size (region=0x0) at vmw_screen_ioctl.c:76 76 return region->size; (gdb) bt #0 vmw_region_size (region=0x0) at vmw_screen_ioctl.c:76 #1 0x00007ff502cb65cc in vmw_svga_winsys_surface_create (sws=0x145aaa0, flags=(SVGA3D_SURFACE_HINT_TEXTURE | SVGA3D_SURFACE_HINT_RENDERTARGET), format=SVGA3D_A8R8G8B8, usage=0, size=..., numFaces=1, numMipLevels=1) at vmw_screen_svga.c:222 #2 0x00007ff502cc0d46 in svga_screen_surface_create (svgascreen=svgascreen@entry=0x145b9c0, key=key@entry=0x1cc8c90) at svga_screen_cache.c:449 #3 0x00007ff502cbf810 in svga_texture_create (screen=0x145b9c0, template=0x7ffeaeea9840) at svga_resource_texture.c:729 #4 0x00007ff502b0797b in st_texture_create (st=st@entry=0x1536270, target=<optimized out>, format=format@entry=PIPE_FORMAT_B8G8R8A8_UNORM, last_level=last_level@entry=0, width0=width0@entry=16, height0=height0@entry=16, depth0=1, layers=1, nr_samples=0, bind=10) at state_tracker/st_texture.c:97 #5 0x00007ff502ada27d in guess_and_alloc_texture (st=st@entry=0x1536270, stObj=stObj@entry=0x268bc00, stImage=stImage@entry=0x16b5060) at state_tracker/st_cb_texture.c:464 #6 0x00007ff502ada3a5 in st_AllocTextureImageBuffer (ctx=0x150c200, texImage=0x16b5060) at state_tracker/st_cb_texture.c:517 #7 0x00007ff502adcb9c in st_TexImage (ctx=0x150c200, dims=2, texImage=0x16b5060, format=6408, type=5121, pixels=0x1f3bc80, unpack=0x15273f8) at state_tracker/st_cb_texture.c:875 #8 0x00007ff502a72e00 in teximage (ctx=0x150c200, compressed=compressed@entry=0 '\000', dims=dims@entry=2, target=3553, level=<optimized out>, internalFormat=<optimized out>, width=16, height=16, depth=1, border=0, format=6408, type=5121, imageSize=0, pixels=0x1f3bc80) at main/teximage.c:3364 #9 0x00007ff502a740e0 in _mesa_TexImage2D (target=<optimized out>, level=<optimized out>, internalFormat=<optimized out>, width=<optimized out>, height=<optimized out>, border=<optimized out>, format=6408, type=5121, pixels=0x1f3bc80) at main/teximage.c:3403 #10 0x00007ff513f093a3 in ?? () from /usr/lib/libcogl.so.20 #11 0x00007ff513efed94 in ?? () from /usr/lib/libcogl.so.20 #12 0x00007ff513f3008b in cogl_texture_allocate () from /usr/lib/libcogl.so.20 #13 0x00007ff513f31880 in cogl_texture_2d_new_from_data () from /usr/lib/libcogl.so.20 #14 0x00007ff5191a6b98 in pixbuf_to_cogl_texture (pixbuf=pixbuf@entry=0x2779de0) at st/st-texture-cache.c:473 #15 0x00007ff5191a6bf1 in finish_texture_load (data=data@entry=0x2568a50, pixbuf=pixbuf@entry=0x2779de0) at st/st-texture-cache.c:518 #16 0x00007ff5191a6daa in on_symbolic_icon_loaded (source=0x15f20f0, result=<optimized out>, user_data=0x2568a50) at st/st-texture-cache.c:553 #17 0x00007ff516fcc1f3 in ?? () from /usr/lib/libgio-2.0.so.0 #18 0x00007ff516fcc229 in ?? () from /usr/lib/libgio-2.0.so.0 #19 0x00007ff51682490d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #20 0x00007ff516824ce0 in ?? () from /usr/lib/libglib-2.0.so.0 #21 0x00007ff516825002 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #22 0x00007ff518183326 in meta_run () from /usr/lib/libmutter.so.0 #23 0x000000000040208d in main (argc=1, argv=0x7ffeaeeaa028) at main.c:463</pre> </div> </p> <hr> <span>You are receiving this mail because:</span> <ul> <li>You are the QA Contact for the bug.</li> <li>You are the assignee for the bug.</li> </ul> </body> </html>