<html> <head> <base href="https://bugs.freedesktop.org/"> </head> <body> <div> <a class="bz_bug_link bz_status_RESOLVED bz_closed" title="RESOLVED FIXED - Xorg crashes while using Aegisub" href="https://bugs.freedesktop.org/show_bug.cgi?id=77074#c126">Comment # 126</a> on <a class="bz_bug_link bz_status_RESOLVED bz_closed" title="RESOLVED FIXED - Xorg crashes while using Aegisub" href="https://bugs.freedesktop.org/show_bug.cgi?id=77074">bug 77074</a> from <a class="email" href="mailto:ejpbazlv@mail.unet.to" title="Mikolaj <ejpbazlv@mail.unet.to>"> Mikolaj</a> <pre>I think this problem is fixed, as I encountered same issue on OpenBSD with GIMP. I had very easy repro case by just opening new file and navigating file browser in the recently open files. Crash each time of Xorg. More details reported here: <a href="https://marc.info/?l=openbsd-bugs&m=154706833406795&w=2">https://marc.info/?l=openbsd-bugs&m=154706833406795&w=2</a> GDB details from openbsd-bugs email: (gdb) bt #0 0x00000aeb3630ff3a in sna_blt_copy_boxes (sna=0xaeb33262000, alu=3 '\003', src_bo=0xaeb79f86400, src_dx=0, src_dy=0, dst_bo=0xaeb79f8a200, dst_dx=0, dst_dy=0, bpp=32, box=0xaeb63870000, nbox=0) at /home/mkucharski/openbsd/xenocara/driver/xf86-video-intel/src/sna/sna_blt.c:3759 #1 0x00000aeb363544e9 in no_render_copy_boxes (sna=0xaeb33262000, alu=3 '\003', src=0xaeb7ab1b080, src_bo=0xaeb79f86400, src_dx=0, src_dy=0, dst=0xaeb7ab1b080, dst_bo=0xaeb79f8a200, dst_dx=0, dst_dy=0, box=0xaeb63868010, n=2038, flags=0) at /home/mkucharski/openbsd/xenocara/driver/xf86-video-intel/src/sna/sna_render.c:137 #2 0x00000aeb362d2907 in sna_pixmap_move_to_gpu (pixmap=0xaeb7ab1b080, flags=10) at /home/mkucharski/openbsd/xenocara/driver/xf86-video-intel/src/sna/sna_accel.c:4246 #3 0x00000aeb362f375a in sna_copy_boxes (src=0xaeb7ab1b080, dst=0xaeb1507e400, gc=0xaeacb235a00, region=0x7f7ffffe9750, dx=-616, dy=-72, bitplane=0, closure=0x0) at /home/mkucharski/openbsd/xenocara/driver/xf86-video-intel/src/sna/sna_accel.c:6387 #4 0x00000aeb362f5122 in sna_do_copy (src=0xaeb7ab1b080, dst=0xaeb1507e400, gc=0xaeacb235a00, sx=0, sy=0, width=1535, height=1012, dx=616, dy=72, copy=0xaeb362f2f00 <sna_copy_boxes>, bitPlane=0, closure=0x0) at /home/mkucharski/openbsd/xenocara/driver/xf86-video-intel/src/sna/sna_accel.c:6959 #5 0x00000aeb362dd3c7 in sna_copy_area (src=0xaeb7ab1b080, dst=0xaeb1507e400, gc=0xaeacb235a00, src_x=0, src_y=0, width=1535, height=1012, dst_x=245, dst_y=71) at /home/mkucharski/openbsd/xenocara/driver/xf86-video-intel/src/sna/sna_accel.c:7041 #6 0x00000ae8a1bdd17d in damageCopyArea (pSrc=0xaeb7ab1b080, pDst=0xaeb1507e400, pGC=0xaeacb235a00, srcx=0, srcy=0, width=1535, height=1012, dstx=245, dsty=71) at /home/mkucharski/openbsd/xenocara/xserver/miext/damage/damage.c:775 #7 0x00000ae8a1a4728a in ProcCopyArea (client=0xaeb6c1f3800) at /home/mkucharski/openbsd/xenocara/xserver/dix/dispatch.c:1722 #8 0x00000ae8a1a41df0 in Dispatch () at /home/mkucharski/openbsd/xenocara/xserver/dix/dispatch.c:480 #9 0x00000ae8a1a55479 in dix_main (argc=7, argv=0x7f7ffffe9b18, envp=0x7f7ffffe9b58) at /home/mkucharski/openbsd/xenocara/xserver/dix/main.c:287 #10 0x00000ae8a1a2e357 in main (argc=7, argv=0x7f7ffffe9b18, envp=0x7f7ffffe9b58) at /home/mkucharski/openbsd/xenocara/xserver/dix/stubmain.c:34 (gdb) list /home/mkucharski/openbsd/xenocara/driver/xf86-video-intel/src/sna/sna_blt.c:3759 3754 3755 assert(box->x1 >= 0); 3756 assert(box->y1 >= 0); 3757 3758 *(uint64_t *)&b[0] = hdr; 3759 *(uint64_t *)&b[2] = *(const uint64_t *)box; 3760 *(uint64_t *)(b+4) = 3761 kgem_add_reloc64(kgem, kgem->nbatch + 4, dst_bo, 3762 I915_GEM_DOMAIN_RENDER << 16 | 3763 I915_GEM_DOMAIN_RENDER | ... (gdb) print box $2 = (const BoxRec *) 0xaeb63870000 (gdb) print *(const uint64_t *)box Cannot access memory at address 0xaeb63870000 ... (gdb) print *(const uint64_t *) 0xaeb63870000 Cannot access memory at address 0xaeb63870000 (gdb) print *(const uint64_t *) 0xaeb63868010 $5 = 568481871298560 What I see in above backtrace, inside sna_blt_copy_boxes() box=0xaeb63870000, however in no_render_copy_boxes() box=0xaeb63868010 and that results Xorg crash when accessing box variable. (gdb) bt #0 0x00000aeb3630ff3a in sna_blt_copy_boxes (sna=0xaeb33262000, alu=3 '\003', src_bo=0xaeb79f86400, src_dx=0, src_dy=0, dst_bo=0xaeb79f8a200, dst_dx=0, dst_dy=0, bpp=32, box=0xaeb63870000, nbox=0) ^^^^^^^^^^^^^^^^^ at /home/mkucharski/openbsd/xenocara/driver/xf86-video-intel/src/sna/sna_blt.c:3759 #1 0x00000aeb363544e9 in no_render_copy_boxes (sna=0xaeb33262000, alu=3 '\003', src=0xaeb7ab1b080, src_bo=0xaeb79f86400, src_dx=0, src_dy=0, dst=0xaeb7ab1b080, dst_bo=0xaeb79f8a200, dst_dx=0, dst_dy=0, box=0xaeb63868010, n=2038, flags=0) ^^^^^^^^^^^^^^^^^ at /home/mkucharski/openbsd/xenocara/driver/xf86-video-intel/src/sna/sna_render.c:137 ... Yesterday I've compiled e5ff8e1828f97891c819c919d7115c6e18b2eb1f from <a href="https://gitlab.freedesktop.org/xorg/driver/xf86-video-intel.git">https://gitlab.freedesktop.org/xorg/driver/xf86-video-intel.git</a> and only problem on the way was bugzilla id 109268 (byteswap.h not available on OpenBSD) and the crash is gone with latest code of xf86-video-intel the driver.</pre> </div> <hr> You are receiving this mail because: <ul> <li>You are the QA Contact for the bug.</li> </ul> </body> </html>