[Bug 104579] crash in intel_miptree_create_for_dri_image due to invalid bo

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Thu Jan 11 07:22:21 UTC 2018 

https://bugs.freedesktop.org/show_bug.cgi?id=104579

            Bug ID: 104579
           Summary: crash in intel_miptree_create_for_dri_image due to
                    invalid bo
           Product: Mesa
           Version: 17.3
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: Drivers/DRI/i965
          Assignee: intel-3d-bugs at lists.freedesktop.org
          Reporter: freedesktop at pkh.me
        QA Contact: intel-3d-bugs at lists.freedesktop.org

Running openra (20171014, mono5+SDL+OpenGL) under i3-wm and switching
workspaces 3-4 times quickly leads to a crash in the i965 code:

Thread 1 (Thread 0x7fb469096780 (LWP 25267)):
#0  0x00007fb468557697 in waitpid () from /usr/lib/libpthread.so.0
#1  0x000055bd82cc9ff0 in mono_handle_native_crash (signal=<optimized out>,
signal at entry=0x55bd82ec6333 "SIGSEGV", ctx=ctx at entry=0x7ffc61d9bd40,
info=info at entry=0x7ffc61d9be70) at mini-exceptions.c:2567
#2  0x000055bd82c3fee5 in mono_sigsegv_signal_handler (_dummy=11,
_info=0x7ffc61d9be70, context=0x7ffc61d9bd40) at mini-runtime.c:2868
#3  <signal handler called>
#4  brw_bo_get_tiling (bo=bo at entry=0x51,
tiling_mode=tiling_mode at entry=0x7ffc61d9c2f8,
swizzle_mode=swizzle_mode at entry=0x7ffc61d9c2fc) at brw_bufmgr.c:1104
#5  0x00007fb45b2198fa in intel_miptree_create_for_bo
(brw=brw at entry=0x55bd84d997e0, bo=0x51,
format=format at entry=MESA_FORMAT_B8G8R8X8_UNORM, offset=0, width=80, height=0,
depth=1, pitch=-1979489440, flags=MIPTREE_CREATE_DEFAULT) at
intel_mipmap_tree.c:850
#6  0x00007fb45b219b5a in intel_miptree_create_for_dri_image
(brw=brw at entry=0x55bd84d997e0, image=image at entry=0x55bd89c890d0,
target=target at entry=3553, format=MESA_FORMAT_B8G8R8X8_UNORM,
is_winsys_image=is_winsys_image at entry=true) at intel_mipmap_tree.c:1039
#7  0x00007fb45b1ee5c5 in intel_update_image_buffer
(intel=intel at entry=0x55bd84d997e0, rb=rb at entry=0x55bd84f4e2c0,
buffer=0x55bd89c890d0, buffer_type=buffer_type at entry=__DRI_IMAGE_BUFFER_BACK,
drawable=<optimized out>) at brw_context.c:1632
#8  0x00007fb45b1f1242 in intel_update_image_buffers (drawable=0x55bd84f3fea0,
brw=0x55bd84d997e0) at brw_context.c:1703
#9  intel_update_renderbuffers (context=context at entry=0x55bd84dc6870,
drawable=drawable at entry=0x55bd84f3fea0) at brw_context.c:1361
#10 0x00007fb45b1f1531 in intel_prepare_render (brw=brw at entry=0x55bd84d997e0)
at brw_context.c:1382
#11 0x00007fb45b1ecdee in brw_clear (ctx=0x55bd84d997e0, mask=18) at
brw_clear.c:278

Commenting out the GL.Clear() call in OpenRA leads to a similar crash somewhere
else (typically from GL draw primitives).

In the backtrace, the pointer to bo looks pretty much invalid (0x51), leading
to a crash in brw_bo_get_tiling when dereferencing it.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-3d-bugs/attachments/20180111/ae05f138/attachment.html>

More information about the intel-3d-bugs mailing list