[Bug 99358] New: Xorg crashes with SIGSEGV in sna_set_cursor_position()
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed Jan 11 10:25:21 UTC 2017
https://bugs.freedesktop.org/show_bug.cgi?id=99358
Bug ID: 99358
Summary: Xorg crashes with SIGSEGV in sna_set_cursor_position()
Product: xorg
Version: git
Hardware: x86-64 (AMD64)
OS: Linux (All)
Status: NEW
Severity: major
Priority: medium
Component: Driver/intel
Assignee: chris at chris-wilson.co.uk
Reporter: qwerty0987654321 at mail.ru
QA Contact: intel-gfx-bugs at lists.freedesktop.org
Created attachment 128887
--> https://bugs.freedesktop.org/attachment.cgi?id=128887&action=edit
Xorg log
Crash happens randomly and it could take from half an hour to 2 days.
It seems that crash happens when moving cursor.
I've used xorg-x11-drv-intel from the latest git at commit 028c946df08 but
crash happens anyway.
Here is crash backtrace:
Process 1715 (Xorg) of user 16585 dumped core.
Stack trace of thread 1728:
#0 0x00007fdd4e5f0d54 sna_set_cursor_position (intel_drv.so)
#1 0x00000000004bbea2 xf86MoveCursor (Xorg)
#2 0x0000000000585eb3 miPointerMoveNoEvent (Xorg)
#3 0x0000000000586cb4 miPointerSetPosition (Xorg)
#4 0x000000000044d64e positionSprite.part.7 (Xorg)
#5 0x000000000044de53 fill_pointer_events (Xorg)
#6 0x000000000044f6df GetPointerEvents (Xorg)
#7 0x000000000044fc90 QueuePointerEvents (Xorg)
#8 0x00007fdd4c101cb5 xf86libinput_handle_motion
(libinput_drv.so)
#9 0x00007fdd4c102880 xf86libinput_read_input
(libinput_drv.so)
#10 0x000000000059cb1c InputReady (Xorg)
#11 0x000000000059f181 ospoll_wait (Xorg)
#12 0x000000000059c976 InputThreadDoWork (Xorg)
#13 0x00007fdd530ac6ca start_thread (libpthread.so.0)
#14 0x00007fdd52de6f7f __clone (libc.so.6)
Stack trace of thread 1715:
#0 0x00007fdd530b538d __lll_lock_wait (libpthread.so.0)
#1 0x00007fdd530aeeca pthread_mutex_lock (libpthread.so.0)
#2 0x000000000059c860 input_lock (Xorg)
#3 0x00000000004bc386 xf86SetCursor (Xorg)
#4 0x00000000004babf5 xf86CursorSetCursor (Xorg)
#5 0x000000000058654b miPointerUpdateSprite (Xorg)
#6 0x000000000058679a miPointerDisplayCursor (Xorg)
#7 0x00000000004c9511 CursorDisplayCursor (Xorg)
#8 0x0000000000518700 AnimCurDisplayCursor (Xorg)
#9 0x000000000043fe48 ChangeToCursor (Xorg)
#10 0x0000000000441287 WindowHasNewCursor (Xorg)
#11 0x000000000046a948 ChangeWindowDeviceCursor (Xorg)
#12 0x0000000000531dc6 ProcXIChangeCursor (Xorg)
#13 0x0000000000437055 Dispatch (Xorg)
#14 0x000000000043afd8 dix_main (Xorg)
#15 0x00007fdd52cff401 __libc_start_main (libc.so.6)
#16 0x0000000000424cfa _start (Xorg)
Stack trace of thread 1722:
#0 0x00007fdd530b2460 pthread_cond_wait@@GLIBC_2.3.2
(libpthread.so.0)
#1 0x00007fdd4e634539 __run__ (intel_drv.so)
#2 0x00007fdd530ac6ca start_thread (libpthread.so.0)
#3 0x00007fdd52de6f7f __clone (libc.so.6)
and gdb output:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 sna_set_cursor_position (scrn=<optimized out>, x=734, y=196) at
sna_display.c:6332
6332 int xhot = sna->cursor.ref->bits->xhot;
[Current thread is 1 (Thread 0x7fdd49af3700 (LWP 1728))]
(gdb) bt
#0 0x00007fdd4e5f0d54 in sna_set_cursor_position (scrn=<optimized out>, x=734,
y=196) at sna_display.c:6332
#1 0x00000000004bbea2 in xf86MoveCursor ()
#2 0x0000000000585eb3 in miPointerMoveNoEvent ()
#3 0x0000000000586cb4 in miPointerSetPosition ()
#4 0x000000000044d64e in positionSprite.part.7 ()
#5 0x000000000044de53 in fill_pointer_events ()
#6 0x000000000044f6df in GetPointerEvents ()
#7 0x000000000044fc90 in QueuePointerEvents ()
#8 0x00007fdd4c101cb5 in xf86libinput_handle_motion (pInfo=<optimized out>,
pInfo=<optimized out>, event=
0x7fdd44008b40) at xf86libinput.c:1254
#9 0x00007fdd4c101cb5 in xf86libinput_handle_event
(event=event at entry=0x7fdd44008b40) at xf86libinput.c:1910
#10 0x00007fdd4c102880 in xf86libinput_read_input (pInfo=<optimized out>) at
xf86libinput.c:1995
#11 0x000000000059cb1c in InputReady ()
#12 0x000000000059f181 in ospoll_wait ()
#13 0x000000000059c976 in InputThreadDoWork ()
#14 0x00007fdd530ac6ca in start_thread () at /lib64/libpthread.so.0
#15 0x00007fdd52de6f7f in clone () at /lib64/libc.so.6
(gdb) p sna->cursor
$1 = {cursors = 0x1cc6b80, info = 0x1712d60, ref = 0x1d9c310, serial = 5871, fg
= 4294967295, bg = 4278190080,
size = 64, disable = false, active = true, last_x = 734, last_y = 196,
max_size = 256, use_gtt = true,
num_stash = 0, stash = 0x1bd3310, scratch = 0x7fdd55411010}
(gdb) p sna->cursor.ref
$2 = (CursorPtr) 0x1d9c310
(gdb) p sna->cursor.ref->bits
$3 = (CursorBitsPtr) 0x1d9c348
(gdb) p sna->cursor.ref->bits->xhot
$4 = 4
(gdb) info locals
xhot = <optimized out>
yhot = <optimized out>
v = {v = {3.6462044663083995e-321, 2.6894028653599915e-317,
1.0000000000000444}}
hot = {v = {6.9459898994898221e-310, 2147483647, 6.9459898995133397e-310}}
crtc = 0x170a7b0
sna_crtc = 0x170a5b0
cursor = 0x1cc6bc0
arg = {flags = 0, crtc_id = 45, x = -2266, y = -601, width = 29351552, height =
0, handle = 0}
xf86_config = 0x1707af0
sna = 0x7fdd55453000
sigio = 0
c = 2
Reference to Fedora BZ https://bugzilla.redhat.com/show_bug.cgi?id=1384486 with
the same issue.
According to above BZ, the issue mainly seen with docked Lenovo Thinkpads in
multi-display setups but there is report [comment 50] where it's seen on
desktop.
xorg-x11-server-Xorg-1.19.0-3.fc25.x86_64
xorg-x11-drv-libinput-0.23.0-2.fc25.x86_64
Xorg log is in attachment.
--
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-gfx-bugs/attachments/20170111/cddcc605/attachment.html>
More information about the intel-gfx-bugs
mailing list