Bug 52255

Summary: X segfaults when logging out from kde4 kdm (intel SNA accel).
Product: xorg Reporter: Pawel Sikora <pawel_sikora>
Component: Driver/intelAssignee: Chris Wilson <chris>
Status: RESOLVED FIXED QA Contact: Intel GFX Bugs mailing list <intel-gfx-bugs>
Severity: normal    
Priority: medium CC: arekm
Version: unspecified   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments:
Description Flags
xorg.log with --enable-debug=full
none
xsession log for 2.20.0 with 7a3b98e git patch and enable-debug=full.
none
xsession log for pure 2.20.0 without any debug enabled. none

Description Pawel Sikora 2012-07-19 07:29:38 UTC 
during kdm logout the xserver dies inside intel driver:

Program received signal SIGSEGV, Segmentation fault.
ShmDestroyPixmap (pPixmap=0x1b3b580) at shm.c:272
272         pScreen->DestroyPixmap = screen_priv->destroyPixmap;
(gdb) bt
#0  ShmDestroyPixmap (pPixmap=0x1b3b580) at shm.c:272
#1  0x00007ff52a9a3c86 in sna_glyphs_create (sna=sna w entry=0x7ff52e0d5010) at sna_glyphs.c:227
#2  0x00007ff52a97e479 in sna_accel_create (sna=sna w entry=0x7ff52e0d5010) at sna_accel.c:12963
#3  0x00007ff52a9a1add in sna_create_screen_resources (screen=0x1cf28a0) at sna_driver.c:197
#4  0x000000000049e6c7 in xf86CrtcCreateScreenResources (screen=0x1cf28a0) at xf86Crtc.c:704
#5  0x000000000042320c in main (argc=7, argv=0x7fff6a1507d8, envp=<optimized out>) at main.c:215

installed packages:

libdrm-2.4.37-1.x86_64
xorg-driver-video-intel-2.20.0-1.x86_64
xorg-xserver-libdri-1.12.3-1.x86_64
xorg-xserver-libglx-1.12.3-1.x86_64
xorg-xserver-server-1.12.3-1.x86_64
Mesa-dri-driver-intel-i915-8.0.3-3.x86_64
Mesa-dri-driver-intel-i965-8.0.3-3.x86_64
Mesa-libEGL-8.0.3-3.x86_64
Mesa-libgbm-8.0.3-3.x86_64
Mesa-libGL-8.0.3-3.x86_64
Mesa-libglapi-8.0.3-3.x86_64
Mesa-libGLES-8.0.3-3.x86_64
Mesa-libGLU-8.0.3-3.x86_64
Mesa-libOpenVG-8.0.3-3.x86_64
kernel-3.4.5 (vanilla/git).
Comment 1 Chris Wilson 2012-07-19 07:59:41 UTC 
commit 7a3b98e05b706548527e73b2008600391c601a62
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date:   Thu Jul 19 08:42:05 2012 +0100

    sna: Re-register the SHM funcs every server generation
    
    As the SHM layer hooks into the CloseScreen chain to free its privates,
    we then need to call the registration function again on the next
    generation to ensure that the private is reallocated before use.
    
    Reported-by: Pawel Sikora <pluto@agmk.net>
    Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=52255
    Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>

Argh. Sorry you updated your email address after I already pushed the commit. :(
Comment 2 Pawel Sikora 2012-07-19 08:37:02 UTC 
(In reply to comment #1)
> commit 7a3b98e05b706548527e73b2008600391c601a62
> Author: Chris Wilson <chris@chris-wilson.co.uk>
> Date:   Thu Jul 19 08:42:05 2012 +0100
> 
>     sna: Re-register the SHM funcs every server generation


will you plan a quick 2.20.1 bugfix release?
Comment 3 Chris Wilson 2012-07-19 08:39:03 UTC 
I'm planning a fix of the brown paper bag variety this w/e. I'm still gathering the bags...
Comment 4 Pawel Sikora 2012-07-19 09:03:36 UTC 
2.20.0 with 7a3b98e.. patch crashes in different way:

Program received signal SIGSEGV, Segmentation fault.
0x00000000023da310 in ?? ()
#0  0x00000000023da310 in ?? ()
#1  0x00000000004e2d5b in ChangePicture (pPicture=pPicture@entry=0x26a9290, vmask=0, vmask@entry=4096, vlist=0x7fff0886d5d0, vlist@entry=0x7fff0886d5cc, ulist=ulist@entry=0x0, client=client@entry=0x233fb80) at picture.c:1193
#2  0x00000000004e34ee in CreatePicture (pid=pid@entry=0, pDrawable=0x2cd8e20, pFormat=pFormat@entry=0x26a6dc8, vmask=vmask@entry=4096, vlist=vlist@entry=0x7fff0886d5cc, client=0x233fb80, error=error@entry=0x7fff0886d5c8) at picture.c:763
#3  0x00007fa57127ec73 in sna_glyphs_create (sna=sna@entry=0x7fa5749ad010) at sna_glyphs.c:222
#4  0x00007fa571259481 in sna_accel_create (screen=screen@entry=0x2c99350, sna=sna@entry=0x7fa5749ad010) at sna_accel.c:12963
#5  0x00007fa57127caa2 in sna_create_screen_resources (screen=0x2c99350) at sna_driver.c:171
#6  0x000000000049e6c7 in xf86CrtcCreateScreenResources (screen=0x2c99350) at xf86Crtc.c:704
#7  0x000000000042320c in main (argc=5, argv=0x7fff0886d7b8, envp=<optimized out>) at main.c:215
Comment 5 Chris Wilson 2012-07-19 09:36:04 UTC 
Too hasty. I thought I understood the problem....

Can you please attach an Xorg.log for failure with --enable-debug=full?
Comment 6 Pawel Sikora 2012-07-19 12:41:00 UTC 
Created attachment 64388 [details]
xorg.log with --enable-debug=full
Comment 7 Pawel Sikora 2012-07-19 12:42:03 UTC 
(In reply to comment #5)
> Too hasty. I thought I understood the problem....
> 
> Can you please attach an Xorg.log for failure with --enable-debug=full?

this is weird, with --enable-debug=full i can't login into kde session.
after entering u/p kdm goes back to login prompt. xorg.log attached.
Comment 8 Chris Wilson 2012-07-19 14:16:43 UTC 
Hmm, odd. There is no clue there as to why KDE shutdown, as the Xorg closed normally. Anything in kdm.log or .xsession-errors?
Comment 9 Chris Wilson 2012-07-19 17:31:36 UTC 
Nothing I can do until I can either reproduce this locally, or I have a debug log showing the sequence triggering the crash. :|

Hmm, perhaps a valgrind run would do the trick. Compile with --enable-debug to make the code valgrind clean.

Is there anything unusual in your xorg.conf, the list of modules being loaded perhaps? Any peculiarities in how it is compiled? Anything that might give a clue.
Comment 10 Pawel Sikora 2012-07-19 19:31:42 UTC 
Created attachment 64402 [details]
xsession log for 2.20.0 with 7a3b98e git patch and enable-debug=full.
Comment 11 Pawel Sikora 2012-07-19 19:33:28 UTC 
Created attachment 64403 [details]
xsession log for pure 2.20.0 without any debug enabled.
Comment 12 Pawel Sikora 2012-07-19 19:53:23 UTC 
(In reply to comment #9)
> Nothing I can do until I can either reproduce this locally,

i can reproduce this problem (crash on kdm logout) on two different machines:

1). on classic workstation with intel-i3 cpu with integrated gpu
    and dual lcd display.

2). on asus laptop with intel-i7 cpu with integrated gpu
    and additional (unused) nvidia-optimus accelerator.

> Hmm, perhaps a valgrind run would do the trick. Compile with --enable-debug to
> make the code valgrind clean.

any hints how to run xserver under valgrind?

> Is there anything unusual in your xorg.conf,

i haven't an explicit xorg.conf on my laptop,
xserver works fine with auto-detected parts.

> Anything that might give a clue.

i've compared xorg.log, kdm.log and daemon log w/o any obvious diffs
but the xsession log shows some diffs...

for pure 2.20.0 crashing driver i see sucessfull XSyncBasedPoller attempts:

(...)
kded(8816) XSyncBasedPoller::XSyncBasedPoller: 3 1
kded(8816) XSyncBasedPoller::XSyncBasedPoller: XSync seems available and ready
kded(8816) XSyncBasedPoller::setUpPoller: XSync Inited
kded(8816) XSyncBasedPoller::setUpPoller: Supported, init completed
(...)
akonadi_nepomuk_feeder(8886) XSyncBasedPoller::XSyncBasedPoller: 3 1
akonadi_nepomuk_feeder(8886) XSyncBasedPoller::XSyncBasedPoller: XSync seems available and ready
akonadi_nepomuk_feeder(8886) XSyncBasedPoller::setUpPoller: XSync Inited
akonadi_nepomuk_feeder(8886) XSyncBasedPoller::setUpPoller: Supported, init completed
(...)

and for patched 2.20.0 with full debug enabled:

(...)
kded(6796) XSyncBasedPoller::XSyncBasedPoller: 3 1
kded(6796) XSyncBasedPoller::XSyncBasedPoller: XSync seems available and ready
kded(6796) XSyncBasedPoller::setUpPoller: XSync Inited
kded(6796) XSyncBasedPoller::setUpPoller: Supported, init completed
(...)
akonadi_nepomuk_feeder(6865) XSyncBasedPoller::XSyncBasedPoller: 3 1
kded4: Fatal IO error: client killed
(...)

after this 'client killed' kde goes down and returns into kdm login prompt.
Comment 13 Chris Wilson 2012-07-20 07:32:33 UTC 
In kdmrc there is ServerCmd=/usr/bin/X

That would look to be the best place to start X under valgrind,
try ServerCmd=valgrind --trace-children=yes --track-origins=yes /usr/bin/X

Is there anything in /var/log/kdm.log relating to the errors whilst starting under debug=full? The attached Xorg.log is a normal shutdown, yet the .xsession-errors suggests that it was rather unexpected.
Comment 14 Pawel Sikora 2012-07-31 20:36:53 UTC 
i can't start xorg under valgrind in this way but i think this is not needed
at this moment beacuse the intel driver crashes on simple null pointer deref.

current sources (2.20.2-24-gfd3a123) crashes on kdm logout:

(gdb) bt
Program received signal SIGSEGV, Segmentation fault.
ShmDestroyPixmap (pPixmap=0xd0ac80) at shm.c:272
272         pScreen->DestroyPixmap = screen_priv->destroyPixmap;
#0  ShmDestroyPixmap (pPixmap=0xd0ac80) at shm.c:272
#1  0x00007f973c735a48 in sna_glyphs_create (sna=sna@entry=0x7f973fe88010) at sna_glyphs.c:227
#2  0x00007f973c70eafc in sna_accel_create (screen=screen@entry=0x1327410, sna=sna@entry=0x7f973fe88010) at sna_accel.c:13829
#3  0x00007f973c733792 in sna_create_screen_resources (screen=0x1327410) at sna_driver.c:171
#4  0x000000000049e6c7 in xf86CrtcCreateScreenResources (screen=0x1327410) at xf86Crtc.c:704
#5  0x000000000042320c in main (argc=7, argv=0x7ffffaa61b88, envp=<optimized 

the screen_priv pointer is null:

(gdb) p screen_priv
$1 = (ShmScrPrivateRec *) 0x0

i'm not sure if the "sna: Re-register the SHM funcs every server generation"
commit fixes anything in this area...
Comment 15 Pawel Sikora 2012-08-28 08:01:37 UTC 
2.20.5 still crashes.
Comment 16 Pawel Sikora 2012-09-09 09:00:13 UTC 
with the latest 2.20.7 release and the newest xserver it seems to work for me.

xorg-driver-video-intel-2.20.7-1.x86_64
xorg-xserver-libglx-1.13.0-1.x86_64
xorg-xserver-server-1.13.0-1.x86_64
Comment 17 Pawel Sikora 2012-09-09 16:57:37 UTC 
(In reply to comment #16)
> with the latest 2.20.7 release and the newest xserver it seems to work for me.
> 
> xorg-driver-video-intel-2.20.7-1.x86_64
> xorg-xserver-libglx-1.13.0-1.x86_64
> xorg-xserver-server-1.13.0-1.x86_64

it was too optimistic. now the first kdm login-logout cycle works
but the second cycle crashes as usual:

Program received signal SIGSEGV, Segmentation fault.
0x0000000000505847 in ChangePicture (pPicture=pPicture@entry=0x7f80480a9010, vmask=0, vmask@entry=4096, vlist=0x7fff792d3050, vlist@entry=0x7fff792d304c, ulist=ulist@entry=0x0,
    client=client@entry=0x1c04930) at picture.c:1226
1226            (*ps->ChangePicture) (pPicture, maskQ);
(gdb) bt
#0  0x0000000000505847 in ChangePicture (pPicture=pPicture@entry=0x7f80480a9010, vmask=0, vmask@entry=4096, vlist=0x7fff792d3050, vlist@entry=0x7fff792d304c,
    ulist=ulist@entry=0x0, client=client@entry=0x1c04930) at picture.c:1226
#1  0x0000000000505fde in CreatePicture (pid=pid@entry=0, pDrawable=0x1f6f1b0, pFormat=pFormat@entry=0x21efa68, vmask=vmask@entry=4096, vlist=vlist@entry=0x7fff792d304c,
    client=0x1c04930, error=error@entry=0x7fff792d3048) at picture.c:796
#2  0x00007f8049c28099 in sna_glyphs_create (sna=sna@entry=0x7f804c93c010) at sna_glyphs.c:225
#3  0x00007f8049c032f9 in sna_accel_create (sna=sna@entry=0x7f804c93c010) at sna_accel.c:14486
#4  0x00007f8049c25ddd in sna_create_screen_resources (screen=0x21a19f0) at sna_driver.c:171
#5  0x00000000004ab56e in xf86CrtcCreateScreenResources (screen=0x21a19f0) at xf86Crtc.c:706
#6  0x000000000042755d in main (argc=7, argv=0x7fff792d3238, envp=<optimized out>) at main.c:222
Comment 18 Chris Wilson 2012-11-26 15:50:51 UTC 
commit 1e06d19a00f5a5a05369deeb3c5ae15b282c0f92
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date:   Mon Nov 26 15:30:09 2012 +0000

    sna: Disable shadow tracking upon regen

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.