[Bug 73108] New: crash in _sna_pixmap_move_to_cpu in 2.99.906
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sat Dec 28 15:43:30 PST 2013
https://bugs.freedesktop.org/show_bug.cgi?id=73108
Priority: medium
Bug ID: 73108
Assignee: chris at chris-wilson.co.uk
Summary: crash in _sna_pixmap_move_to_cpu in 2.99.906
QA Contact: intel-gfx-bugs at lists.freedesktop.org
Severity: normal
Classification: Unclassified
OS: All
Reporter: michael.meeks at collabora.com
Hardware: Other
Status: NEW
Version: unspecified
Component: Driver/intel
Product: xorg
Running libreoffice to render something or other, sadly this really screwed up
the middle of a 30 minute profiling run in callgrind against a deadline ... [
wow I hate Xorg bugs in production ], I got:
Program received signal SIGSEGV, Segmentation fault.
__memset_sse2 () at ../sysdeps/i386/i686/multiarch/memset-sse2.S:298
298 ../sysdeps/i386/i686/multiarch/memset-sse2.S: No such file or
directory.
(gdb) bt
#0 __memset_sse2 () at ../sysdeps/i386/i686/multiarch/memset-sse2.S:298
#1 0xb6bf0a44 in memset (__len=<optimized out>, __ch=<optimized out>,
__dest=<optimized out>) at /usr/include/bits/string3.h:84
#2 _sna_pixmap_move_to_cpu (pixmap=pixmap at entry=0x8c0aec8,
flags=flags at entry=3) at sna_accel.c:2110
#3 0xb6bf3b81 in sna_drawable_move_region_to_cpu (drawable=0x8c0aec8,
region=region at entry=0xbfb39ba8, flags=flags at entry=3) at sna_accel.c:2479
#4 0xb6c4c987 in trapezoid_span_inplace__x8r8g8b8 (op=<optimized out>,
dst=dst at entry=0x8bef1b0, src=src at entry=0x8ca6150, src_x=src_x at entry=45,
src_y=src_y at entry=6, maskFormat=maskFormat at entry=0x85c2208,
flags=flags at entry=2, ntrap=ntrap at entry=16, traps=traps at entry=0x8d4191c)
at sna_trapezoids_precise.c:2689
#5 0xb6c4ed05 in precise_trapezoid_span_inplace (sna=sna at entry=0xb5b08000,
op=op at entry=3 '\003', src=src at entry=0x8ca6150, dst=dst at entry=0x8bef1b0,
maskFormat=maskFormat at entry=0x85c2208, flags=flags at entry=2,
src_x=src_x at entry=45, src_y=src_y at entry=6, ntrap=ntrap at entry=16,
traps=traps at entry=0x8d4191c, fallback=fallback at entry=false)
at sna_trapezoids_precise.c:2926
#6 0xb6c31019 in trapezoid_span_inplace (fallback=false, traps=0x8d4191c,
ntrap=16, src_y=6, src_x=45, flags=2, maskFormat=0x85c2208, dst=0x8bef1b0,
src=0x8ca6150, op=3 '\003', sna=0xb5b08000) at sna_trapezoids.h:153
#7 sna_composite_trapezoids (op=3 '\003', src=0x8ca6150, dst=0x8bef1b0,
maskFormat=0x85c2208, xSrc=45, ySrc=6, ntrap=16, traps=0x8d4191c)
---Type <return> to continue, or q <return> to quit---
at sna_trapezoids.c:669
#8 0x0815771e in CompositeTrapezoids (op=3 '\003', pSrc=0x8ca6150,
pDst=0x8bef1b0, maskFormat=0x85c2208, xSrc=45, ySrc=6, ntrap=16,
traps=traps at entry=0x8d4191c) at picture.c:1640
#9 0x0815c82b in ProcRenderTrapezoids (client=0x8b81178) at render.c:759
#10 0x08157b7d in ProcRenderDispatch (client=0x8b81178) at render.c:1989
#11 0x0807eecd in Dispatch () at dispatch.c:432
#12 0x0806cf6a in main (argc=12, argv=0xbfb3c464, envp=0xbfb3c498)
at main.c:298
(gdb) l
293 in ../sysdeps/i386/i686/multiarch/memset-sse2.S
(gdb) up
#1 0xb6bf0a44 in memset (__len=<optimized out>, __ch=<optimized out>,
__dest=<optimized out>) at /usr/include/bits/string3.h:84
warning: Source file is more recent than executable.
84 return __builtin___memset_chk (__dest, __ch, __len, __bos0 (__dest));
(gdb) l
79 && (!__builtin_constant_p (__ch) || __ch != 0))
80 {
81 __warn_memset_zero_len ();
82 return __dest;
83 }
84 return __builtin___memset_chk (__dest, __ch, __len, __bos0 (__dest));
85 }
86
87 #ifdef __USE_BSD
88 __fortify_function void
(gdb) p __dest
$1 = <optimized out>
(gdb) up
#2 _sna_pixmap_move_to_cpu (pixmap=pixmap at entry=0x8c0aec8,
flags=flags at entry=3) at sna_accel.c:2110
2110 memset(pixmap->devPrivate.ptr,
priv->clear_color,
(gdb) l
2105 }
2106
2107 if (priv->clear_color == 0 ||
2108 pixmap->drawable.bitsPerPixel == 8 ||
2109 priv->clear_color == (1 << pixmap->drawable.depth)
- 1) {
2110 memset(pixmap->devPrivate.ptr,
priv->clear_color,
2111 pixmap->devKind *
pixmap->drawable.height);
2112 } else {
2113 pixman_fill(pixmap->devPrivate.ptr,
2114 pixmap->devKind/sizeof(uint32_t),
(gdb) p pixmap
$2 = (struct _Pixmap *) 0x8c0aec8
(gdb) p *pixmap
$3 = {drawable = {type = 1 '\001', class = 0 '\000', depth = 32 ' ',
bitsPerPixel = 32 ' ', id = 67111130, x = 0, y = 0, width = 60,
height = 60, pScreen = 0x85cb738, serialNumber = 761839},
devPrivates = 0x8c0aefc, refcnt = 3, devKind = 240, devPrivate = {
ptr = 0xb4517000, val = -1269731328, uval = 3025235968,
fptr = 0xb4517000}, screen_x = 0, screen_y = 0, usage_hint = 0,
master_pixmap = 0x8dde2c0}
(gdb) p pixmap->devKind
$4 = 240
(gdb) p pixmap->drawable.height
$5 = 60
this is the openSUSE 13.1 package with this recent changelog:
* Sun Dec 01 2013 hrvoje.senjan at gmail.com
- U_sna-Add-the-missing-braces-around-the-conditional-bl.patch:
fixes regression from 2.99.906 release (fdo#71605, bnc#853085)
* Sat Nov 30 2013 hrvoje.senjan at gmail.com
- U_sna_correct_handling_of_cropped_images.patch:
Fix X crashes triggered by wrong handling of cropped
XvImages (bnc#852531)
* Wed Nov 27 2013 tiwai at suse.de
- U_sna-Process-Damage-relative-to-dst-pDrawable-not-its.patch:
Fix corrupted output with Emacs and others (bnc#852620)
* Thu Nov 14 2013 hrvoje.senjan at gmail.com
- Update to 3.0 prerelease 2.99.906
+ Fix damage handling when rendering to a partially damaged GPU
surface. Regression in 2.99.905 (fdo#70527)
+ Use asprintf() instead of sprintf()
Regression in 2.99.905 (fdo#70835), (bnc#847762)
+ Improve accounting for fence overallocation on older gen2/3, and
improve the tiling mechanism to fit into the same aperture
constraints (fdo#70924)
+ Add an extra GPU flush on Sandybridge to fix some rare font
corruption
+ Rasterise lines through all clip boxes
(fdo#70802
+ Fix regression from stricter handling of failures to move a
GC to the GPU. Regression in 2.99.905. (fdo#71415), (bnc#847941)
+ Fix various fail along the memcpy_xor paths, including
inadequate error handling and integer overflow (fdo#70527)
+ Fix outside-of-target stipple uploads (lp#1247785)
+ Fix clip detection for long glyphs
Incomplete bug fix (causing a regression) in 2.99.905
(fdo#70527)
+ Fix VSync for the render engine (Xv) on Haswell (fdo#70527)
--
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/intel-gfx-bugs/attachments/20131228/ad851c73/attachment.html>
More information about the intel-gfx-bugs
mailing list