[Intel-gfx] xserver crash with linux 4.6.0-rc3 and later
John S Gruber
johnsgruber at gmail.com
Fri Apr 29 17:25:30 UTC 2016
Starting with linux 4.6.0-rc3 my Ubuntu Wily system no longer allows logons from
due to an immediate abort in xserver after just after entering my
userid and password. (lightdm drew the sign on screen OK).
The xserver problem seems to result from a null reference from
__kgem_retire_rq from package xserver-xorg-video-intel version
2:2.99.917+git20150808-0ubuntu4.
Bisecting the kernel I found that this was triggered by commit
426960bed3217f72a1b7bb94f084d79cc616ec0f. Reverting this commit based on
4.6-rc5 eliminated my crash.
The problem was specific to my HP Pavilion laptop with Intel HD 5500
integrated graphics . A desktop Acer, also using Intel graphics, was
fine. On the laptop it was completely consistent.
The laptop has:
00:02.0 VGA compatible controller: Intel Corporation Broadwell-U
Integrated Graphics (rev 09) (prog-if 00 [VGA controller])
DeviceName: Intel(R) Graphics GT2
Testing the laptop with Ubuntu xenial (with xserver-xorg-video-intel
version 2:2.99.917+git20160325-1ubuntu1) was fine, however.
Please let me know if this is problematic, and if so, if I should provide
additional information. I don't follow the list.
----------------------
The triggering commit:
drm/i915: Seal busy-ioctl uABI and prevent leaking of internal ids
Tvrtko was looking through the execbuffer-ioctl and noticed that the
uABI was tightly coupled to our internal engine identifiers. Close
inspection also revealed that we leak those internal engine identifiers
through the busy-ioctl, and those internal identifiers already do not
match the user identifiers. Fortuitiously, there is only one user of the
set of busy rings from the busy-ioctl, and they only wish to choose
between the RENDER and the BLT engines.
Let's fix the userspace ABI while we still can.
v2: Update the uAPI documentation to explain the identifiers.
Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
Testcase: igt/gem_busy
Cc: Tvrtko Ursulin <tvrtko.ursulin at intel.com>
Cc: Daniel Vetter <daniel.vetter at ffwll.ch>
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin at intel.com>
Acked-by: Daniel Vetter <daniel.vetter at ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/1452876706-21620-1-git-send-email-chris@chris-wilson.co.uk
----------------------------------
Initial part of traceback:
Signal: 6
SourcePackage: xorg-server
Stacktrace:
#0 0x00007f331d2bc267 in __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/
linux/raise.c:55
resultvar = 0
pid = 875
selftid = 875
#1 0x00007f331d2bdeca in __GI_abort () at abort.c:89
save_stage = 2
act = {__sigaction_handler = {sa_handler = 0x56062ab5d2f0, sa_sigaction
= 0x56062ab5d2f0}, sa_mask = {__val = {140729649640432, 0, 139857541861232, 0,
0, 0, 0, 0, 0, 0, 0, 0, 139857509467488, 94584488847776, 140729649640208, 0}}, s
a_flags = 493148512, sa_restorer = 0x7f331f365980}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x000056062ab2b0ee in OsAbort () at ../../os/utils.c:1342
No locals.
#3 0x000056062ab30b83 in AbortServer () at ../../os/log.c:807
No locals.
#4 0x000056062ab3199d in FatalError (f=f at entry=0x56062ab5d2f0 "Caught signal %
d (%s). Server aborting\n") at ../../os/log.c:945
args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7ffe2cc6
b4e0, reg_save_area = 0x7ffe2cc6b410}}
args2 = {{gp_offset = 8, fp_offset = 48, overflow_arg_area = 0x7ffe2cc6
b4e0, reg_save_area = 0x7ffe2cc6b410}}
beenhere = 1
#5 0x000056062ab28a4e in OsSigHandler (signo=11, sip=<optimized out>, unused=<
optimized out>) at ../../os/osinit.c:147
unused = <optimized out>
sip = <optimized out>
signo = 11
#6 <signal handler called>
No locals.
#7 _list_del (entry=0x0) at ../../../src/intel_list.h:220
No locals.
#8 list_del (entry=0x0) at ../../../src/intel_list.h:240
No locals.
#9 __kgem_retire_rq (kgem=kgem at entry=0x7f331f2cc000,
rq=rq at entry=0x7f331f2cc4d0) at ../../../src/sna/kgem.c:3077
bo = 0xffffffffffffffd8
retired = false
#10 0x00007f3319683157 in __kgem_retire_requests_upto
(kgem=0x7f331f2cc000, bo=0x56062b58d8c0) at
../../../src/sna/kgem.c:3254
rq = 0x56062b7cb5c0
tmp = 0x7f331f2cc4d0
requests = <optimized out>
#11 0x00007f33196884b1 in kgem_bo_retire (bo=0x56062b58d8c0,
kgem=0x7f331f2cc000) at ../../../src/sna/kgem.c:781
No locals.
#12 kgem_bo_sync__cpu (kgem=kgem at entry=0x7f331f2cc000, bo=bo at entry=0x56062b58d8
c0) at ../../../src/sna/kgem.c:6918
set_domain = {handle = 14, read_domains = 1, write_domain = 1}
#13 0x00007f33196dd4e4 in write_boxes_inplace__tiled
(kgem=0x7f331f2cc000, src=src at entry=0x56062b7614b0 "",
stride=stride at entry=76, bpp=bpp at entry=32, src_dx=src_dx at entry=0,
src_dy=src_dy at entry=0, bo=0x56062b58d8c0, dst_dx=0, dst_dy=0,
box=0x56062b7ad460, n=1) at ../../../src/sna/sna_io.c:687
dst = 0x7f3318f42000 ""
#14 0x00007f33196dde2c in write_boxes_inplace
(kgem=kgem at entry=0x7f331f2cc000, src=src at entry=0x56062b7614b0,
stride=stride at entry=76, bpp=bpp at entry=32, src_dx=src_dx at entry=0,
src_dy=src_dy at entry=0, bo=0x56062b58d8c0, dst_dx=0, dst_dy=0,
box=0x56062b7ad460, n=1) at ../../../src/sna/sna_io.c:732
dst = <optimized out>
#15 0x00007f33196dfe1a in sna_write_boxes
(sna=sna at entry=0x7f331f2cc000, dst=dst at entry=0x56062b761430,
dst_bo=0x56062b58d8c0, dst_dx=dst_dx at entry=0, dst_dy=dst_dy at entry=0,
src=0x56062b7614b0, stride=76, src_dx=0, src_dy=0, box=0x56062b7ad460,
nbox=1) at ../../../src/sna/sna_io.c:845
kgem = 0x7f331f2cc000
src_bo = <optimized out>
extents = <optimized out>
ptr = 0x20
offset = <optimized out>
n = <optimized out>
cmd = <optimized out>
br13 = <optimized out>
can_blt = <optimized out>
#16 0x00007f331969e97c in sna_pixmap_move_to_gpu
(pixmap=0x56062b761430, flags=67) at ../../../src/sna/sna_accel.c:4406
ok = <optimized out>
box = 0x56062b7ad460
#17 0x00007f33196b6906 in sna_accel_flush (sna=0x7f331f2cc000) at
../../../src/sna/sna_accel.c:17355
hints = <optimized out>
priv = 0x56062b761a60
#18 0x000056062a9cd654 in _CallCallbacks
(pcbl=pcbl at entry=0x56062adc76e8 <FlushCallback>,
call_data=call_data at entry=0x0) at ../../dix/dixutils.c:718
cbl = 0x56062b782b60
cbr = 0x56062b7b4840
pcbr = <optimized out>
#19 0x000056062ab282d4 in CallCallbacks (call_data=0x0,
pcbl=0x56062adc76e8 <FlushCallback>) at ../../include/callback.h:83
No locals.
#20 WriteToClient (who=who at entry=0x56062b812740,
count=count at entry=32, __buf=__buf at entry=0x7ffe2cc6c310) at
../../os/io.c:854
oc = 0x56062b5bcff0
oco = 0x56062b7649e0
buf = <optimized out>
#21 0x000056062a9d3502 in WriteEventsToClient (pClient=pClient at entry=0x56062b81
2740, count=<optimized out>, count at entry=1,
events=events at entry=0x7ffe2cc6c310) at ../../dix/events.c:5993
eventCopy = {u = {u = {type = 0 '\000', detail = 0 '\000',
sequenceNumber = 0}, keyButtonPointer = {pad00 = 0, time = 1245203,
root = 2264141056, event = 2521406665, child = 0, rootX = 0, rootY =
0, eventX = 10048, eventY = 11137, state = 22022, sameScreen = 0
'\000', pad1 = 0 '\000'}, enterLeave = {pad00 = 0, time = 1245203,
root = 2264141056, event = 2521406665, child = 0, rootX = 0, rootY =
0, eventX = 10048, eventY = 11137, state = 22022, mode = 0 '\000',
flags = 0 '\000'}, focus = {pad00 = 0, window = 1245203, mode = 0
'\000', pad1 = 13 '\r', pad2 = 244 '\364', pad3 = 134 '\206'}, expose
= {pad00 = 0, window = 1245203, x = 3328, y = 34548, width = 40137,
height = 38473, count = 0, pad2 = 0}, graphicsExposure = {pad00 = 0,
drawable = 1245203, x = 3328, y = 34548, width = 40137, height =
38473, minorEvent = 0, count = 0, majorEvent = 0 '\000', pad1 = 0
'\000', pad2 = 0 '\000', pad3 = 0 '\000'}, noExposure = {pad00 = 0,
drawable = 1245203, minorEvent = 3328, majorEvent = 244 '\364', bpad =
134 '\206'}, visibility = {pad00 = 0, window = 1245203, state = 0
'\000', pad1 = 13 '\r', pad2 = 244 '\364', pad3 = 134 '\206'},
createNotify = {pad00 = 0, parent = 1245203, window = 2264141056, x =
-25399, y = -27063, width = 0, height = 0, borderWidth = 0, override =
0 '\000', bpad = 0 '\000'}, destroyNotify = {pad00 = 0, event =
1245203, window = 2264141056}, unmapNotify = {pad00 = 0, event =
1245203, window = 2264141056, fromConfigure = 201 '\311', pad1 = 156
'\234', pad2 = 73 'I', pad3 = 150 '\226'}, mapNotify = {pad00 = 0,
event = 1245203, window = 2264141056, override = 201 '\311', pad1 =
156 '\234', pad2 = 73 'I', pad3 = 150 '\226'}, mapRequest = {pad00 =
0, parent = 1245203, window = 2264141056}, reparent = {pad00 = 0,
event = 1245203, window = 2264141056, parent = 2521406665, x = 0, y =
0, override = 0 '\000', pad1 = 0 '\000', pad2 = 0 '\000', pad3 = 0
'\000'}, configureNotify = {pad00 = 0, event = 1245203, window =
2264141056, aboveSibling = 2521406665, x = 0, y = 0, width = 0, height
= 0, borderWidth = 10048, override = 129 '\201', bpad = 43 '+'},
configureRequest = {pad00 = 0, parent = 1245203, window = 2264141056,
sibling = 2521406665, x = 0, y = 0, width = 0, height = 0, borderWidth
= 10048, valueMask = 11137, pad1 = 22022}, gravity = {pad00 = 0, event
= 1245203, window = 2264141056, x = -25399, y = -27063, pad1 = 0, pad2
= 0, pad3 = 729884480, pad4 = 22022}, resizeRequest = {pad00 = 0,
window = 1245203, width = 3328, height = 34548}, circulate = {pad00 =
0, event = 1245203, window = 2264141056, parent = 2521406665, place =
0 '\000', pad1 = 0 '\000', pad2 = 0 '\000', pad3 = 0 '\000'}, property
= {pad00 = 0, window = 1245203, atom = 2264141056, time = 2521406665,
state = 0 '\000', pad1 = 0 '\000', pad2 = 0}, selectionClear = {pad00
= 0, time = 1245203, window = 2264141056, atom = 2521406665},
selectionRequest = {pad00 = 0, time = 1245203, owner = 2264141056,
requestor = 2521406665, selection = 0, target = 0, property =
729884480}, selectionNotify = {pad00 = 0, time = 1245203, requestor =
2264141056, selection = 2521406665, target = 0, property = 0},
colormap = {pad00 = 0, window = 1245203, colormap = 2264141056, new =
201 '\311', state = 156 '\234', pad1 = 73 'I', pad2 = 150 '\226'},
mappingNotify = {pad00 = 0, request = 19 '\023', firstKeyCode = 0
'\000', count = 19 '\023', pad1 = 0 '\000'}, clientMessage = {pad00 =
0, window = 1245203, u = {l = {type = 2264141056, longs0 =
-1773560631, longs1 = 0, longs2 = 0, longs3 = 729884480, longs4 =
22022}, s = {type = 2264141056, shorts0 = -25399, shorts1 = -27063,
shorts2 = 0, shorts3 = 0, shorts4 = 0, shorts5 = 0, shorts6 = 10048,
shorts7 = 11137, shorts8 = 22022, shorts9 = 0}, b = {type =
2264141056, bytes =
"ɜI\226\000\000\000\000\000\000\000\000@'\201+\006V\000"}}}}}
eventTo = <optimized out>
eventFrom = <optimized out>
i = <optimized out>
eventlength = 32
#22 0x000056062aa6499a in ProcShmPutImage (client=0x56062b812740) at
../../Xext/shm.c:607
ev = {type = 65 'A', bpad0 = 0 '\000', sequenceNumber = 2401,
drawable = 16777302, minorEvent = 3, majorEvent = 130 '\202', bpad1 =
0 '\000', shmseg = 16777306, offset = 458752, pad0 = 0, pad1 = 0, pad2
= 0}
pGC = 0x56062b8fe030
pDraw = 0x56062b761430
length = <optimized out>
shmdesc = 0x56062b8e7ec0
stuff = <optimized out>
#23 0x000056062aa65f35 in ProcShmDispatch (client=0x56062b812740) at
../../Xext/shm.c:1298
stuff = 0x56062b78cbfc
#24 0x000056062a9c818f in Dispatch () at ../../dix/dispatch.c:432
clientReady = 0x56062b7905c0
result = <optimized out>
client = 0x56062b812740
nready = 0
icheck = 0x56062adc0450 <checkForInput>
start_tick = 15
#25 0x000056062a9cc34b in dix_main (argc=11, argv=0x7ffe2cc6c608,
envp=<optimized out>) at ../../dix/main.c:298
i = <optimized out>
alwaysCheckForInput = {0, 1}
#26 0x00007f331d2a7a40 in __libc_start_main (main=0x56062a9b6690
<main>, argc=11, argv=0x7ffe2cc6c608, init=<optimized out>,
fini=<optimized out>, rtld_fini=<optimized out>,
stack_end=0x7ffe2cc6c5f8) at libc-start.c:289
result = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0,
-467022886849562975, 94584484619936, 140729649645056, 0, 0,
-6164088944071100767, -6057726212369107295}, mask_was_saved = 0}},
priv = {pad = {0x0, 0x0, 0x56062ab358c0 <__libc_csu_init>,
0x7ffe2cc6c608}, data = {prev = 0x0, cleanup = 0x0, canceltype =
716396736}}}
not_first_call = <optimized out>
#27 0x000056062a9b66c9 in _start ()
No symbol table info available.-rc
More information about the Intel-gfx
mailing list