OpenBSD Archive openbsd dev - x11

X crash in Intel Driver

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Edd Barrett-3
Reply | Threaded
Open this post in threaded view
|

X crash in Intel Driver

Edd Barrett-3
Hi,

CC Matthieu and a couple of others who are experiencing (maybe) the same issue.

Over the past few months, I've been troubled by Xorg crashing when I am
using gvim. I am unable to reliably reproduce the crash, but the last
time I saw it, I was resizing the gvim window. Below is a trace for this
instance.

I've only had a cursory inspection, but it looks to me like a value (pt
in frame 2) is being used as a pointer (p in frame 1). The dereference
p->x is segging the X server.

Any ideas? Shall I raise this upstream?

Debug binary is here:
http://theunixzoo.co.uk/random/Xorg

Gzipped core file is here:
http://theunixzoo.co.uk/random/Xorg.core.gz

GDB session and trace:

# gdb -c /var/crash/Xorg.core /usr/X11R6/bin/Xorg
...
#0  0x000017eaa59dca49 in pt_add (cmd=1224738816, pt=0x17ea8b579000, dx=4, dy=83)
    at /usr/xenocara/driver/xf86-video-intel/src/sna/sna_blt.c:3093
3093            u.pt.x = pt->x + dx;


(gdb) bt
#0  0x000017eaa59dca49 in pt_add (cmd=1224738816, pt=0x17ea8b579000, dx=4, dy=83)
    at /usr/xenocara/driver/xf86-video-intel/src/sna/sna_blt.c:3093
#1  0x000017eaa59dca10 in sna_blt_fill_op_points (sna=0x17ea7246a000, op=0x7f7ffffbb1a0, dx=4, dy=83, p=0x17ea8b579004, n=0)
    at /usr/xenocara/driver/xf86-video-intel/src/sna/sna_blt.c:3198
#2  0x000017eaa59b7b64 in sna_poly_point_blt (drawable=0x17eaa8edd200, bo=0x17e9e8b55000, damage=0x0, gc=0x17ea2fb9ef00, mode=0,
    n=45, pt=0x17ea8b578f40, clipped=false) at /usr/xenocara/driver/xf86-video-intel/src/sna/sna_accel.c:8709
#3  0x000017eaa59b8569 in sna_poly_point (drawable=0x17eaa8edd200, gc=0x17ea2fb9ef00, mode=0, n=45, pt=0x17ea8b578f40)
    at /usr/xenocara/driver/xf86-video-intel/src/sna/sna_accel.c:8876
#4  0x000017e7c3c8e1e0 in damagePolyPoint (pDrawable=0x17eaa8edd200, pGC=0x17ea2fb9ef00, mode=0, npt=45, ppt=0x17ea8b578f40)
    at /usr/xenocara/xserver/miext/damage/damage.c:840
#5  0x000017e7c3b54d44 in ProcPolyPoint (client=0x17e9d7208200) at /usr/xenocara/xserver/dix/dispatch.c:1746
#6  0x000017e7c3b50dad in Dispatch () at /usr/xenocara/xserver/dix/dispatch.c:429
#7  0x000017e7c3b60396 in dix_main (argc=6, argv=0x7f7ffffbb648, envp=0x7f7ffffbb680) at /usr/xenocara/xserver/dix/main.c:298
#8  0x000017e7c3b412f7 in main (argc=6, argv=0x7f7ffffbb648, envp=0x7f7ffffbb680) at /usr/xenocara/xserver/dix/stubmain.c:34

(gdb) list pt_add
3082    
3083            _sna_blt_fill_boxes(sna, &op->base.u.blt, box, nbox);
3084    }
3085    
3086    static inline uint64_t pt_add(uint32_t cmd, const DDXPointRec *pt, int16_t dx, int16_t dy)
3087    {
3088            union {
3089                    DDXPointRec pt;
3090                    uint32_t i;
3091            } u;
(gdb)
3092    
3093            u.pt.x = pt->x + dx;
3094            u.pt.y = pt->y + dy;
3095    
3096            return cmd | (uint64_t)u.i<<32;
3097    }
3098    
3099    fastcall static void sna_blt_fill_op_points(struct sna *sna,
3100                                                const struct sna_fill_op *op,
3101                                                int16_t dx, int16_t dy,
(gdb) p pt
$1 = (const DDXPointRec *) 0x17ea8b579000
(gdb) p pt->x
Cannot access memory at address 0x17ea8b579000


(gdb) frame 1
#1  0x000017eaa59dca10 in sna_blt_fill_op_points (sna=0x17ea7246a000, op=0x7f7ffffbb1a0, dx=4, dy=83, p=0x17ea8b579004, n=0)
    at /usr/xenocara/driver/xf86-video-intel/src/sna/sna_blt.c:3198
3198                                    *((uint64_t *)b + 0) = pt_add(cmd, p++, dx, dy);
(gdb) list sna_blt_fill_op_points
3098    
3099    fastcall static void sna_blt_fill_op_points(struct sna *sna,
3100                                                const struct sna_fill_op *op,
3101                                                int16_t dx, int16_t dy,
3102                                                const DDXPointRec *p, int n)
...
(gdb) p p
$2 = (const DDXPointRec *) 0x17ea8b579004
(gdb) p p->x
Cannot access memory at address 0x17ea8b579004


(gdb) frame 2
#2  0x000017eaa59b7b64 in sna_poly_point_blt (drawable=0x17eaa8edd200, bo=0x17e9e8b55000, damage=0x0, gc=0x17ea2fb9ef00, mode=0,
    n=45, pt=0x17ea8b578f40, clipped=false) at /usr/xenocara/driver/xf86-video-intel/src/sna/sna_accel.c:8709
8709                            fill.points(sna, &fill, last.x, last.y, pt, n);
(gdb) list sna_poly_point_blt
8678    sna_poly_point_blt(DrawablePtr drawable,
8679                       struct kgem_bo *bo,
8680                       struct sna_damage **damage,
8681                       GCPtr gc, int mode, int n, DDXPointPtr pt,
8682                       bool clipped)
8683    {
...
8709                            fill.points(sna, &fill, last.x, last.y, pt, n);
...
(gdb) p pt.x
$6 = 38
(gdb) p pt
$7 = 0x17ea8b578f40


Xorg.0.log:


[ 64357.076]
X.Org X Server 1.17.4
Release Date: 2015-10-28
[ 64357.076] X Protocol Version 11, Revision 0
[ 64357.076] Build Operating System: OpenBSD 6.0 amd64
[ 64357.076] Current Operating System: OpenBSD wilfred.home 6.0 GENERIC.MP#12 amd64
[ 64357.076] Build Date: 23 May 2016  06:21:16PM
[ 64357.076]  
[ 64357.076] Current version of pixman: 0.32.8
[ 64357.076] Before reporting problems, check http://wiki.x.org
        to make sure that you have the latest version.
[ 64357.076] Markers: (--) probed, (**) from config file, (==) default setting,
        (++) from command line, (!!) notice, (II) informational,
        (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[ 64357.076] (==) Log file: "/var/log/Xorg.0.log", Time: Tue May 24 17:40:50 2016
[ 64357.077] (==) Using config file: "/etc/X11/xorg.conf"
[ 64357.077] (==) Using system config directory "/usr/X11R6/share/X11/xorg.conf.d"
[ 64357.078] (==) No Layout section.  Using the first Screen section.
[ 64357.078] (==) No screen section available. Using defaults.
[ 64357.078] (**) |-->Screen "Default Screen Section" (0)
[ 64357.078] (**) |   |-->Monitor "<default monitor>"
[ 64357.078] (==) No monitor specified for screen "Default Screen Section".
        Using a default monitor configuration.
[ 64357.078] (**) Option "NoTrapSignals" "true"
[ 64357.078] (==) Disabling SIGIO handlers for input devices
[ 64357.078] (==) Automatically adding devices
[ 64357.078] (==) Automatically enabling devices
[ 64357.078] (==) Not automatically adding GPU devices
[ 64357.083] (==) FontPath set to:
        /usr/X11R6/lib/X11/fonts/misc/,
        /usr/X11R6/lib/X11/fonts/TTF/,
        /usr/X11R6/lib/X11/fonts/OTF/,
        /usr/X11R6/lib/X11/fonts/Type1/,
        /usr/X11R6/lib/X11/fonts/100dpi/,
        /usr/X11R6/lib/X11/fonts/75dpi/
[ 64357.083] (==) ModulePath set to "/usr/X11R6/lib/modules"
[ 64357.083] (II) The server relies on wscons to provide the list of input devices.
        If no devices become available, reconfigure wscons or disable AutoAddDevices.
[ 64357.083] (II) Loader magic: 0x44aa2fc76c0
[ 64357.083] (II) Module ABI versions:
[ 64357.083] X.Org ANSI C Emulation: 0.4
[ 64357.083] X.Org Video Driver: 19.0
[ 64357.083] X.Org XInput driver : 21.0
[ 64357.083] X.Org Server Extension : 9.0
[ 64357.093] (WW) checkDevMem: failed to open /dev/xf86 and /dev/mem
        (Operation not permitted)
        Check that you have set 'machdep.allowaperture=1'
        in /etc/sysctl.conf and reboot your machine
        refer to xf86(4) for details
[ 64357.093] linear framebuffer access unavailable
[ 64357.093] (--) PCI:*(0:0:2:0) 8086:0166:17aa:2203 rev 9, Mem @ 0xf0000000/4194304, 0xe0000000/268435456, I/O @ 0x00005000/64
[ 64357.093] (II) LoadModule: "glx"
[ 64357.095] (II) Loading /usr/X11R6/lib/modules/extensions/libglx.so
[ 64357.098] (II) Module glx: vendor="X.Org Foundation"
[ 64357.098] compiled for 1.17.4, module version = 1.0.0
[ 64357.098] ABI class: X.Org Server Extension, version 9.0
[ 64357.098] (==) AIGLX enabled
[ 64357.098] (==) Matched intel as autoconfigured driver 0
[ 64357.098] (==) Matched vesa as autoconfigured driver 1
[ 64357.098] (==) Assigned the driver to the xf86ConfigLayout
[ 64357.098] (II) LoadModule: "intel"
[ 64357.098] (II) Loading /usr/X11R6/lib/modules/drivers/intel_drv.so
[ 64357.099] (II) Module intel: vendor="X.Org Foundation"
[ 64357.099] compiled for 1.17.4, module version = 2.99.916
[ 64357.099] Module class: X.Org Video Driver
[ 64357.099] ABI class: X.Org Video Driver, version 19.0
[ 64357.099] (II) LoadModule: "vesa"
[ 64357.099] (II) Loading /usr/X11R6/lib/modules/drivers/vesa_drv.so
[ 64357.100] (II) Module vesa: vendor="X.Org Foundation"
[ 64357.100] compiled for 1.17.4, module version = 2.3.3
[ 64357.100] Module class: X.Org Video Driver
[ 64357.100] ABI class: X.Org Video Driver, version 19.0
[ 64357.100] (II) intel: Driver for Intel(R) Integrated Graphics Chipsets:
        i810, i810-dc100, i810e, i815, i830M, 845G, 854, 852GM/855GM, 865G,
        915G, E7221 (i915), 915GM, 945G, 945GM, 945GME, Pineview GM,
        Pineview G, 965G, G35, 965Q, 946GZ, 965GM, 965GME/GLE, G33, Q35, Q33,
        GM45, 4 Series, G45/G43, Q45/Q43, G41, B43
[ 64357.100] (II) intel: Driver for Intel(R) HD Graphics: 2000-6000
[ 64357.100] (II) intel: Driver for Intel(R) Iris(TM) Graphics: 5100, 6100
[ 64357.100] (II) intel: Driver for Intel(R) Iris(TM) Pro Graphics: 5200, 6200, P6300
[ 64357.100] (II) VESA: driver for VESA chipsets: vesa
[ 64357.100] (--) Using wscons driver on /dev/ttyC4
[ 64357.100] (WW) xf86EnableIO: Failed to set IOPL for extended I/O
        Check that you have set 'machdep.allowaperture=1'
        in /etc/sysctl.conf and reboot your machine
        refer to xf86(4) for details
[ 64357.101] (II) intel(0): Using Kernel Mode Setting driver: i915, version 1.6.0 20080730
[ 64357.101] (WW) Falling back to old probe method for vesa
[ 64357.101] (--) intel(0): Integrated Graphics Chipset: Intel(R) HD Graphics 4000
[ 64357.101] (--) intel(0): CPU: x86-64, sse2, sse3, ssse3, sse4.1, sse4.2, avx
[ 64357.101] (II) intel(0): Creating default Display subsection in Screen section
        "Default Screen Section" for depth/fbbpp 24/32
[ 64357.101] (==) intel(0): Depth 24, (--) framebuffer bpp 32
[ 64357.101] (==) intel(0): RGB weight 888
[ 64357.101] (==) intel(0): Default visual is TrueColor
[ 64357.102] (II) intel(0): Output LVDS1 has no monitor section
[ 64357.103] (--) intel(0): Found backlight control interface wscons (type 'platform') for output LVDS1
[ 64357.103] (II) intel(0): Enabled output LVDS1
[ 64357.103] (II) intel(0): Output VGA1 has no monitor section
[ 64357.103] (II) intel(0): Enabled output VGA1
[ 64357.103] (II) intel(0): Output HDMI1 has no monitor section
[ 64357.103] (II) intel(0): Enabled output HDMI1
[ 64357.103] (II) intel(0): Output DP1 has no monitor section
[ 64357.103] (II) intel(0): Enabled output DP1
[ 64357.103] (II) intel(0): Output HDMI2 has no monitor section
[ 64357.103] (II) intel(0): Enabled output HDMI2
[ 64357.103] (II) intel(0): Output DP2 has no monitor section
[ 64357.103] (II) intel(0): Enabled output DP2
[ 64357.103] (--) intel(0): Using a maximum size of 64x64 for hardware cursors
[ 64357.103] (II) intel(0): Output VIRTUAL1 has no monitor section
[ 64357.103] (II) intel(0): Enabled output VIRTUAL1
[ 64357.103] (--) intel(0): Output LVDS1 using initial mode 1366x768 on pipe 0
[ 64357.103] (--) intel(0): Output HDMI1 using initial mode 1920x1080 on pipe 1
[ 64357.103] (==) intel(0): TearFree disabled
[ 64357.103] (==) intel(0): DPI set to (96, 96)
[ 64357.103] (II) Loading sub module "dri2"
[ 64357.103] (II) LoadModule: "dri2"
[ 64357.103] (II) Module "dri2" already built-in
[ 64357.103] (II) Loading sub module "present"
[ 64357.103] (II) LoadModule: "present"
[ 64357.103] (II) Module "present" already built-in
[ 64357.103] (II) UnloadModule: "vesa"
[ 64357.103] (II) Unloading vesa
[ 64357.103] (==) Depth 24 pixmap format is 32 bpp
[ 64357.104] (II) intel(0): SNA initialized with Ivybridge (gen7, gt2) backend
[ 64357.104] (==) intel(0): Backing store enabled
[ 64357.104] (==) intel(0): Silken mouse disabled
[ 64357.104] (II) intel(0): HW Cursor enabled
[ 64357.104] (II) intel(0): RandR 1.2 enabled, ignore the following RandR disabled message.
[ 64357.104] (==) intel(0): DPMS enabled
[ 64357.104] (II) intel(0): [DRI2] Setup complete
[ 64357.104] (II) intel(0): [DRI2]   DRI driver: i965
[ 64357.104] (II) intel(0): [DRI2]   VDPAU driver: i965
[ 64357.104] (II) intel(0): direct rendering: DRI2 enabled
[ 64357.104] (II) intel(0): hardware support for Present enabled
[ 64357.105] (--) RandR disabled
[ 64357.129] (II) AIGLX: enabled GLX_MESA_copy_sub_buffer
[ 64357.129] (II) AIGLX: enabled GLX_ARB_create_context
[ 64357.129] (II) AIGLX: enabled GLX_ARB_create_context_profile
[ 64357.129] (II) AIGLX: enabled GLX_EXT_create_context_es2_profile
[ 64357.129] (II) AIGLX: enabled GLX_INTEL_swap_event
[ 64357.129] (II) AIGLX: enabled GLX_SGI_swap_control and GLX_MESA_swap_control
[ 64357.129] (II) AIGLX: enabled GLX_EXT_framebuffer_sRGB
[ 64357.129] (II) AIGLX: enabled GLX_ARB_fbconfig_float
[ 64357.129] (II) AIGLX: GLX_EXT_texture_from_pixmap backed by buffer objects
[ 64357.129] (II) AIGLX: enabled GLX_ARB_create_context_robustness
[ 64357.129] (II) AIGLX: Loaded and initialized i965
[ 64357.129] (II) GLX: Initialized DRI2 GL provider for screen 0
[ 64357.132] (II) intel(0): switch to mode 1366x768@60.0 on LVDS1 using pipe 0, position (0, 0), rotation normal, reflection none
[ 64357.141] (II) intel(0): switch to mode 1920x1080@60.0 on HDMI1 using pipe 1, position (0, 0), rotation normal, reflection none
[ 64357.143] (II) intel(0): Setting screen physical size to 508 x 285
[ 64357.288] (II) config/wscons: checking input device /dev/wskbd
[ 64357.288] (II) wskbd: using layout gb
[ 64357.288] (II) LoadModule: "kbd"
[ 64357.290] (II) Loading /usr/X11R6/lib/modules/input/kbd_drv.so
[ 64357.290] (II) Module kbd: vendor="X.Org Foundation"
[ 64357.290] compiled for 1.17.4, module version = 1.8.1
[ 64357.290] Module class: X.Org XInput Driver
[ 64357.290] ABI class: X.Org XInput driver, version 21.0
[ 64357.290] (II) Using input driver 'kbd' for '/dev/wskbd'
[ 64357.290] (**) /dev/wskbd: always reports core events
[ 64357.290] (**) /dev/wskbd: always reports core events
[ 64357.290] (**) Option "Protocol" "standard"
[ 64357.290] (**) Option "XkbRules" "base"
[ 64357.290] (**) Option "XkbModel" "pc105"
[ 64357.290] (**) Option "XkbLayout" "gb"
[ 64357.290] (II) XINPUT: Adding extended input device "/dev/wskbd" (type: KEYBOARD, id 6)
[ 64357.412] (II) config/wscons: checking input device /dev/wsmouse3
[ 64357.412] (II) LoadModule: "ws"
[ 64357.413] (II) Loading /usr/X11R6/lib/modules/input/ws_drv.so
[ 64357.413] (II) Module ws: vendor="X.Org Foundation"
[ 64357.413] compiled for 1.17.4, module version = 1.3.0
[ 64357.413] Module class: X.Org XInput Driver
[ 64357.413] ABI class: X.Org XInput driver, version 21.0
[ 64357.414] (II) Using input driver 'ws' for '/dev/wsmouse3'
[ 64357.414] (**) /dev/wsmouse3: always reports core events
[ 64357.414] (II) ws: /dev/wsmouse3: debuglevel 0
[ 64357.414] (**) Option "Device" "/dev/wsmouse3"
[ 64357.414] (**) ws: /dev/wsmouse3: ZAxisMapping: buttons 4 and 5
[ 64357.414] (**) ws: /dev/wsmouse3: WAxisMapping: buttons 6 and 7
[ 64357.414] (**) ws: /dev/wsmouse3: associated screen: 0
[ 64357.414] (**) ws: /dev/wsmouse3: device will work in raw mode
[ 64357.414] (II) ws: /dev/wsmouse3: minimum x position: 0
[ 64357.414] (II) ws: /dev/wsmouse3: maximum x position: 27760
[ 64357.414] (II) ws: /dev/wsmouse3: minimum y position: 0
[ 64357.414] (II) ws: /dev/wsmouse3: maximum y position: 15694
[ 64357.414] (==) ws: /dev/wsmouse3: Buttons: 7
[ 64357.414] (**) ws: /dev/wsmouse3: YAxisMapping: buttons 4 and 5
[ 64357.414] (II) XINPUT: Adding extended input device "/dev/wsmouse3" (type: TOUCHSCREEN, id 7)
[ 64357.414] (**) /dev/wsmouse3: (accel) keeping acceleration scheme 1
[ 64357.414] (**) /dev/wsmouse3: (accel) acceleration profile 0
[ 64357.414] (**) /dev/wsmouse3: (accel) acceleration factor: 2.000
[ 64357.414] (**) /dev/wsmouse3: (accel) acceleration threshold: 4
[ 64357.414] (II) config/wscons: checking input device /dev/wsmouse
[ 64357.414] (II) Using input driver 'ws' for '/dev/wsmouse'
[ 64357.414] (**) /dev/wsmouse: always reports core events
[ 64357.414] (II) ws: /dev/wsmouse: debuglevel 0
[ 64357.414] (**) Option "Device" "/dev/wsmouse"
[ 64357.414] (**) ws: /dev/wsmouse: ZAxisMapping: buttons 4 and 5
[ 64357.414] (**) ws: /dev/wsmouse: WAxisMapping: buttons 6 and 7
[ 64357.414] (**) ws: /dev/wsmouse: associated screen: 0
[ 64357.480] (II) ws: /dev/wsmouse: minimum x position: 0
[ 64357.480] (II) ws: /dev/wsmouse: maximum x position: 1919
[ 64357.480] (II) ws: /dev/wsmouse: minimum y position: 0
[ 64357.480] (II) ws: /dev/wsmouse: maximum y position: 1079
[ 64357.480] (==) ws: /dev/wsmouse: Buttons: 7
[ 64357.485] (**) ws: /dev/wsmouse: YAxisMapping: buttons 4 and 5
[ 64357.485] (II) XINPUT: Adding extended input device "/dev/wsmouse" (type: MOUSE, id 8)
[ 64357.550] (**) /dev/wsmouse: (accel) keeping acceleration scheme 1
[ 64357.550] (**) /dev/wsmouse: (accel) acceleration profile 0
[ 64357.550] (**) /dev/wsmouse: (accel) acceleration factor: 2.000
[ 64357.550] (**) /dev/wsmouse: (accel) acceleration threshold: 4
[ 64375.884] (II) intel(0): EDID vendor "LGD", prod id 728
[ 64375.884] (II) intel(0): Printing DDC gathered Modelines:
[ 64375.884] (II) intel(0): Modeline "1366x768"x0.0   75.20  1366 1414 1478 1582  768 772 779 792 +hsync -vsync (47.5 kHz eP)

--
Best Regards
Edd Barrett

http://www.theunixzoo.co.uk
Edd Barrett-3
Reply | Threaded
Open this post in threaded view
|

Re: X crash in Intel Driver

Edd Barrett-3
On Tue, May 24, 2016 at 08:51:10PM +0100, Laurence Tratt wrote:
> so maybe I've just been lucky?!

Another crash this morning in the same location in the code. This time I
was pressing 'n' in gvim to search for the next occurrence.

Core file:
http://theunixzoo.co.uk/random/Xorg.core-1.gz

--
Best Regards
Edd Barrett

http://www.theunixzoo.co.uk
Free forum by Nabble Edit this page