[Bug 99887] New: Random segfault in intel driver in __kgem_busy() with Xorg 1.19.x

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue Feb 21 14:40:04 UTC 2017 

https://bugs.freedesktop.org/show_bug.cgi?id=99887

            Bug ID: 99887
           Summary: Random segfault in intel driver in __kgem_busy() with
                    Xorg 1.19.x
           Product: xorg
           Version: git
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: Driver/intel
          Assignee: chris at chris-wilson.co.uk
          Reporter: fourdan at xfce.org
        QA Contact: intel-gfx-bugs at lists.freedesktop.org

Created attachment 129794
  --> https://bugs.freedesktop.org/attachment.cgi?id=129794&action=edit
Reproducer helper

Description:

Xorg 1.19.x crashes in intel driver with an abort in some random cases.

Steps to reproduce:

1. Build and run the attached test program 
2. Hover the stylus of a wacom tablet to cause the map/unmaps of the window
   (the test app hides and show a window after n X events)

Actual result:

After some time, Xorg crashes with a segfault:

(EE) Segmentation fault at address 0x80

#0  0x00000000071b491f in __GI_raise (sig=sig at entry=6) at
../sysdeps/unix/sysv/linux/raise.c:58
#1  0x00000000071b651a in __GI_abort () at abort.c:89
#2  0x00000000005a15ce in OsAbort () at utils.c:1355
#3  0x00000000005a7203 in AbortServer () at log.c:877
#4  0x00000000005a7fed in FatalError (f=f at entry=0x5d56f0 "Caught signal %d
(%s). Server aborting\n") at log.c:1015
#5  0x000000000059e86e in OsSigHandler (signo=11, sip=<optimized out>,
unused=<optimized out>) at osinit.c:154
#6  0x0000000006f725c0 in <signal handler called> () at /lib64/libpthread.so.0
Python Exception <class 'gdb.MemoryError'> Cannot access memory at address
0x80: 
#7  0x000000000ab8bade in __kgem_busy (handle=#8  0x000000000ab8bade in
kgem_retire__requests_ring (ring=<optimized out>, kgem=<optimized out>) at
kgem.c:3226
#9  0x000000000ab8bade in kgem_retire__requests (kgem=0x9841000) at kgem.c:3260
#10 0x000000000ab8bade in kgem_retire (kgem=0x9841000) at kgem.c:3276
#11 0x000000000abc2b45 in sna_accel_block (sna=0x9841000,
tv=tv at entry=0xfff0007a8) at sna_accel.c:18312
#12 0x000000000abe10ad in sna_block_handler (data=<optimized out>,
_timeout=0xfff000814) at sna_driver.c:761
#13 0x000000000043b9de in BlockHandler (pTimeout=pTimeout at entry=0xfff000814) at
dixutils.c:388
#14 0x0000000000598361 in WaitForSomething (are_ready=<optimized out>) at
WaitFor.c:219
#15 0x0000000000436dca in Dispatch () at dispatch.c:422
#16 0x000000000043b018 in dix_main (argc=15, argv=0xfff0009f8, envp=<optimized
out>) at main.c:287
#17 0x000000000719f401 in __libc_start_main (main=
    0x424cc0 <main>, argc=15, argv=0xfff0009f8, init=<optimized out>,
fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0xfff0009e8) at
../csu/libc-start.c:289
#18 0x0000000000424cfa in _start ()

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-gfx-bugs/attachments/20170221/4ff76765/attachment-0001.html>

More information about the intel-gfx-bugs mailing list