| Summary: | Null pointer dereference at /usr/lib64/dri/i965_dri.so:intel_screen.c:111!intelDRI2Flush+32 when starting MythTV playback using OpenGL renderer with i965 classic driver | ||
|---|---|---|---|
| Product: | Mesa | Reporter: | bugs-fdo <bugs-fdo.8eaf7cd8e5128d8191fe> |
| Component: | Drivers/DRI/i965 | Assignee: | Ian Romanick <idr> |
| Status: | RESOLVED DUPLICATE | QA Contact: | |
| Severity: | normal | ||
| Priority: | medium | ||
| Version: | 7.11 | ||
| Hardware: | x86-64 (AMD64) | ||
| OS: | Linux (All) | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
Using mythtv-0.24.1 with the OpenGL renderer and i965 classic driver, MythTV immediately crashes when starting playback of a recorded program. The crash is a null pointer dereference at /usr/lib64/dri/i965_dri.so:intel_screen.c:111!intelDRI2Flush+32. The value of local variable 'intel' is NULL, so the attempt to read intel->gen crashes. This variable is a cast of ctx, so it looks like the context must be NULL in the faulting thread. This occurs on every recording tested. This is a new system which has never worked (i.e. not known to be a regression). There are no other GL-using programs open at the time of the crash. It is possible to run mplayer with "-vo gl" on the same mpeg stream and play back successfully. Both MythTV and mplayer can play using the Xv renderer. However, using MythTV with the Xv renderer shows tearing, which motivated the attempt to use the OpenGL renderer. Using the i965 gallium driver also fails on start playback, but with an abort instead of a segmentation fault. I can file a separate bug for that. Software versions: Kernel: Linux x86_64 3.1.6, as shipped by kernel.org MythTV: 0.24.1-27-g30993d6 Mesa: Gentoo media-libs/mesa-7.11.2 Xorg server: Gentoo x11-base/xorg-server-1.10.4-r1 Xorg video driver: Gentoo x11-drivers/xf86-video-intel-2.17.0-r3 libdrm: Gentoo x11-libs/libdrm-2.4.29 Compiler: Gentoo sys-devel/gcc-4.5.3-r2 Linker: Gentoo sys-devel/binutils-2.21.1-r1 C library: Gentoo sys-libs/glibc-2.12.2 There are no kernel modules loaded. The only kernel message on failure is the standard report that an application received a segmentation fault. gdb output from crash: Program received signal SIGSEGV, Segmentation fault. intelDRI2Flush (drawable=0x7fad5319ab00) at intel_screen.c:111 111 intel_screen.c: No such file or directory. in intel_screen.c (gdb) bt #0 intelDRI2Flush (drawable=0x7fad5319ab00) at intel_screen.c:111 #1 0x00007fad4cada43c in dri2SwapBuffers (pdraw=0x7fad5319a070, target_msc=0, divisor=0, remainder=0) at dri2_glx.c:556 #2 0x00007fad4ac5c34f in QGLContext::swapBuffers (this=<value optimized out>) at qgl_x11.cpp:978 #3 0x00007fad5235abf2 in VideoOutputOpenGL::Show(FrameScanType) () from /usr/lib64/libmythtv-0.24.so.0 #4 0x00007fad52223659 in MythPlayer::AVSync(VideoFrame_*, bool) () from /usr/lib64/libmythtv-0.24.so.0 #5 0x00007fad5221c962 in MythPlayer::DisplayNormalFrame(bool) () from /usr/lib64/libmythtv-0.24.so.0 #6 0x00007fad52227716 in MythPlayer::VideoLoop() () from /usr/lib64/libmythtv-0.24.so.0 #7 0x00007fad521a363e in TV::PlaybackLoop() () from /usr/lib64/libmythtv-0.24.so.0 #8 0x00007fad521efe4b in TV::StartTV(ProgramInfo*, unsigned int) () from /usr/lib64/libmythtv-0.24.so.0 #9 0x00007fad52c2d616 in ?? () #10 0x00007fad52c2d861 in ?? () #11 0x00007fad52c2edeb in ?? () #12 0x00007fad52da4978 in ?? () #13 0x00007fad497d166f in QMetaObject::activate (sender=0x7fad2d1a2df0, m=<value optimized out>, local_signal_index=<value optimized out>, argv=0xfffffffffffffff8) at kernel/qobject.cpp:3278 #14 0x00007fad4ff9af52 in MythUIButtonList::itemClicked(MythUIButtonListItem*) () from /usr/lib64/libmythui-0.24.so.0 #15 0x00007fad4ff15cbc in MythUIButtonList::keyPressEvent(QKeyEvent*) () from /usr/lib64/libmythui-0.24.so.0 #16 0x00007fad52c3fdd7 in ?? () #17 0x00007fad4fe8b9dc in MythMainWindow::eventFilter(QObject*, QEvent*) () from /usr/lib64/libmythui-0.24.so.0 #18 0x00007fad497b54c6 in QCoreApplicationPrivate::sendThroughObjectEventFilters ( this=<value optimized out>, receiver=0x7fad531c1ee0, event=0x7fffff3bc520) at kernel/qcoreapplication.cpp:846 #19 0x00007fad4a0121c9 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib64/qt4/libQtGui.so.4 #20 0x00007fad4a0179bd in QApplication::notify(QObject*, QEvent*) () from /usr/lib64/qt4/libQtGui.so.4 #21 0x00007fad497b5f6b in QCoreApplication::notifyInternal (this=0x7fffff3bd8c0, receiver=0x7fad531c1ee0, event=0x7fffff3bc520) at kernel/qcoreapplication.cpp:731 #22 0x00007fad4a0cc6e5 in ?? () from /usr/lib64/qt4/libQtGui.so.4 #23 0x00007fad4a0ccb8d in ?? () from /usr/lib64/qt4/libQtGui.so.4 #24 0x00007fad4a0a56ab in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib64/qt4/libQtGui.so.4 #25 0x00007fad4a0d0fd2 in ?? () from /usr/lib64/qt4/libQtGui.so.4 #26 0x00007fad48f39039 in g_main_dispatch (context=0x7fad53144c40) at gmain.c:2441 #27 g_main_context_dispatch (context=0x7fad53144c40) at gmain.c:3014 #28 0x00007fad48f3e4c8 in g_main_context_iterate (context=0x7fad53144c40, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:3092 (gdb) i args drawable = 0x7fad5319ab00 (gdb) print *drawable $1 = {hHWDrawable = 0, driverPrivate = 0x7fad54a6cd50, loaderPrivate = 0x7fad5319a070, refcount = 1, index = 0, pStamp = 0x7fad5319ab8c, lastStamp = 1, x = 0, y = 0, w = 1920, h = 1080, numClipRects = 1, pClipRects = 0x7fad5319ab90, backX = 0, backY = 0, backClipRectType = 2949174, numBackClipRects = 1, pBackClipRects = 0x7fad5319ab90, vblSeq = 0, vblFlags = 0, vblank_base = 16325797760925745, msc_base = 0, driContextPriv = 0x7fad531a6760, driScreenPriv = 0x7fad531d17d0, swap_interval = 4294967295, dri2 = {stamp = 1, clipRect = {x1 = 0, y1 = 0, x2 = 1920, y2 = 1080}}} rax 0xffffffffffffff68 -152 rbx 0x0 0 rcx 0xfffffffffffffff8 -8 rdx 0x7fad54b380f0 140382427119856 rsi 0x0 0 rdi 0x7fad5319ab00 140382400260864 rbp 0x7fad549ab8e0 0x7fad549ab8e0 rsp 0x7fffff3ba590 0x7fffff3ba590 r8 0x7fad4cada3a0 140382292517792 r9 0x754b 30027 r10 0x7 7 r11 0x246 582 r12 0x7fad53320b50 140382401858384 r13 0x0 0 r14 0x0 0 r15 0x0 0 rip 0x7fad30811cb0 0x7fad30811cb0 <intelDRI2Flush+32> eflags 0x10246 [ PF ZF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 (gdb) disas Dump of assembler code for function intelDRI2Flush: 0x00007fad30811c90 <+0>: push %rbx 0x00007fad30811c91 <+1>: sub $0x10,%rsp 0x00007fad30811c95 <+5>: mov %fs:0x28,%rax 0x00007fad30811c9e <+14>: mov %rax,0x8(%rsp) 0x00007fad30811ca3 <+19>: xor %eax,%eax 0x00007fad30811ca5 <+21>: mov 0x5ab08c(%rip),%rax # 0x7fad30dbcd38 0x00007fad30811cac <+28>: mov %fs:(%rax),%rbx => 0x00007fad30811cb0 <+32>: cmpl $0x3,0x1665c(%rbx) 0x00007fad30811cb7 <+39>: jg 0x7fad30811cca <intelDRI2Flush+58> 0x00007fad30811cb9 <+41>: mov 0x1e6c8(%rbx),%rax 0x00007fad30811cc0 <+48>: test %rax,%rax 0x00007fad30811cc3 <+51>: je 0x7fad30811cca <intelDRI2Flush+58> 0x00007fad30811cc5 <+53>: mov %rbx,%rdi 0x00007fad30811cc8 <+56>: callq *%rax 0x00007fad30811cca <+58>: movb $0x1,0x1e6b0(%rbx) 0x00007fad30811cd1 <+65>: cmpw $0x0,0x1669c(%rbx) 0x00007fad30811cd9 <+73>: jne 0x7fad30811cf8 <intelDRI2Flush+104> 0x00007fad30811cdb <+75>: mov 0x8(%rsp),%rax 0x00007fad30811ce0 <+80>: xor %fs:0x28,%rax 0x00007fad30811ce9 <+89>: jne 0x7fad30811d21 <intelDRI2Flush+145> 0x00007fad30811ceb <+91>: add $0x10,%rsp 0x00007fad30811cef <+95>: pop %rbx 0x00007fad30811cf0 <+96>: retq 0x00007fad30811cf1 <+97>: nopl 0x0(%rax) 0x00007fad30811cf8 <+104>: mov 0x8(%rsp),%rax 0x00007fad30811cfd <+109>: xor %fs:0x28,%rax 0x00007fad30811d06 <+118>: jne 0x7fad30811d21 <intelDRI2Flush+145> 0x00007fad30811d08 <+120>: mov %rbx,%rdi 0x00007fad30811d0b <+123>: add $0x10,%rsp 0x00007fad30811d0f <+127>: mov $0x75,%edx 0x00007fad30811d14 <+132>: lea 0x26eb8a(%rip),%rsi # 0x7fad30a808a5 0x00007fad30811d1b <+139>: pop %rbx 0x00007fad30811d1c <+140>: jmpq 0x7fad307fdde0 <_intel_batchbuffer_flush>