<html> <head> <base href="https://bugs.freedesktop.org/"> </head> <body><table border="1" cellspacing="0" cellpadding="8"> <tr> <th>Bug ID</th> <td><a class="bz_bug_link bz_status_NEW " title="NEW - Random segfault in intel driver in __kgem_busy() with Xorg 1.19.x" href="https://bugs.freedesktop.org/show_bug.cgi?id=99887">99887</a> </td> </tr> <tr> <th>Summary</th> <td>Random segfault in intel driver in __kgem_busy() with Xorg 1.19.x </td> </tr> <tr> <th>Product</th> <td>xorg </td> </tr> <tr> <th>Version</th> <td>git </td> </tr> <tr> <th>Hardware</th> <td>Other </td> </tr> <tr> <th>OS</th> <td>All </td> </tr> <tr> <th>Status</th> <td>NEW </td> </tr> <tr> <th>Severity</th> <td>normal </td> </tr> <tr> <th>Priority</th> <td>medium </td> </tr> <tr> <th>Component</th> <td>Driver/intel </td> </tr> <tr> <th>Assignee</th> <td>chris@chris-wilson.co.uk </td> </tr> <tr> <th>Reporter</th> <td>fourdan@xfce.org </td> </tr> <tr> <th>QA Contact</th> <td>intel-gfx-bugs@lists.freedesktop.org </td> </tr></table> <p> <div> <pre>Created <span class=""><a href="attachment.cgi?id=129794" name="attach_129794" title="Reproducer helper">attachment 129794</a> <a href="attachment.cgi?id=129794&action=edit" title="Reproducer helper">[details]</a></span> Reproducer helper Description: Xorg 1.19.x crashes in intel driver with an abort in some random cases. Steps to reproduce: 1. Build and run the attached test program 2. Hover the stylus of a wacom tablet to cause the map/unmaps of the window (the test app hides and show a window after n X events) Actual result: After some time, Xorg crashes with a segfault: (EE) Segmentation fault at address 0x80 #0 0x00000000071b491f in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:58 #1 0x00000000071b651a in __GI_abort () at abort.c:89 #2 0x00000000005a15ce in OsAbort () at utils.c:1355 #3 0x00000000005a7203 in AbortServer () at log.c:877 #4 0x00000000005a7fed in FatalError (f=f@entry=0x5d56f0 "Caught signal %d (%s). Server aborting\n") at log.c:1015 #5 0x000000000059e86e in OsSigHandler (signo=11, sip=<optimized out>, unused=<optimized out>) at osinit.c:154 #6 0x0000000006f725c0 in <signal handler called> () at /lib64/libpthread.so.0 Python Exception <class 'gdb.MemoryError'> Cannot access memory at address 0x80: #7 0x000000000ab8bade in __kgem_busy (handle=#8 0x000000000ab8bade in kgem_retire__requests_ring (ring=<optimized out>, kgem=<optimized out>) at kgem.c:3226 #9 0x000000000ab8bade in kgem_retire__requests (kgem=0x9841000) at kgem.c:3260 #10 0x000000000ab8bade in kgem_retire (kgem=0x9841000) at kgem.c:3276 #11 0x000000000abc2b45 in sna_accel_block (sna=0x9841000, tv=tv@entry=0xfff0007a8) at sna_accel.c:18312 #12 0x000000000abe10ad in sna_block_handler (data=<optimized out>, _timeout=0xfff000814) at sna_driver.c:761 #13 0x000000000043b9de in BlockHandler (pTimeout=pTimeout@entry=0xfff000814) at dixutils.c:388 #14 0x0000000000598361 in WaitForSomething (are_ready=<optimized out>) at WaitFor.c:219 #15 0x0000000000436dca in Dispatch () at dispatch.c:422 #16 0x000000000043b018 in dix_main (argc=15, argv=0xfff0009f8, envp=<optimized out>) at main.c:287 #17 0x000000000719f401 in __libc_start_main (main= 0x424cc0 <main>, argc=15, argv=0xfff0009f8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0xfff0009e8) at ../csu/libc-start.c:289 #18 0x0000000000424cfa in _start ()</pre> </div> </p> <hr> <span>You are receiving this mail because:</span> <ul> <li>You are the QA Contact for the bug.</li> </ul> </body> </html>