Bugzilla – Bug 46739
[snb-m-gt2+] compiz crashed with SIGSEGV in intel_miptree_release()
Last modified: 2012-03-22 13:59:45 UTC
Forwarding this bug from Ubuntu that multiple people are hitting:
compiz crash in intel_miptree_release() at intel_mipmap_tree.c:290 called by intel_process_dri2_buffer_with_separate_stencil()
Occurs right after a fresh boot on an otherwise vanilla laptop (no external displays). Others indicate their crashes occur post-boot in compiz while switching desktops, minimizing windows, etc. but we don't have stack traces for these other cases so I can't be 100% certain.
Since moving to mesa 8.x, we've had scattered reports where compiz crashes with stacktraces terminating in intel_miptree_release().
We thought updating to 8.0.1 would resolve these crashes (and perhaps they did; the frequency of reports seems lower than before). However we've still gotten a handful of people hitting it. I don't know what graphics these other folk were running; could well be Sandybridge. I have not been able to reproduce this on my own (non-Sandybridge, non-Ironlake) hardware.
Thread 1 (Thread 0x7f80c961c780 (LWP 2324)):
#0 intel_miptree_release (mt=0x220) at intel_mipmap_tree.c:290
__FUNCTION__ = "intel_miptree_release"
#1 0x00007f80c0468421 in intel_process_dri2_buffer_with_separate_stencil (buffer_name=0x7f80c04f0d90 "dri2 hiz buffer", rb=0x3487cb0, buffer=<optimized out>, intel=0x1ce7bf0, drawable=<optimized out>) at intel_context.c:1267
buffer_width = <optimized out>
buffer_height = <optimized out>
region = 0x0
mt = <optimized out>
#2 intel_update_renderbuffers (context=<optimized out>, drawable=0x26669e0) at intel_context.c:361
fb = 0x4343720
rb = 0x3487cb0
intel = 0x1ce7bf0
buffers = <optimized out>
attachments = <optimized out>
i = <optimized out>
count = 5
region_name = 0x7f80c04f0d90 "dri2 hiz buffer"
try_separate_stencil = true
__func__ = "intel_update_renderbuffers"
#3 0x00007f80c04758bd in intelSetTexBuffer2 (pDRICtx=0x1ce1ae0, target=3553, texture_format=8410, dPriv=0x26669e0) at intel_tex_image.c:335
fb = 0x4343720
intel = 0x1ce7bf0
ctx = 0x1ce7bf0
rb = 0x1ce1ae0
texObj = 0x3f86920
texImage = <optimized out>
texFormat = <optimized out>
00:02.0 0300: 8086:0126 (rev 09) (prog-if 00 [VGA controller])
Created attachment 57783 [details]
Created attachment 57784 [details]
Created attachment 57785 [details]
I can constantly reproduce this crash by simply resizing any window with Compiz enabled and Resize plugin style set to normal (i.e., window content adjusts constantly during resize). The only requirement is to resize by a considerable amount, like doubling the size of the window. Small resizes work, though I get graphical artifacts in the resized area.
I'm using a Sandybridge desktop (i5 2400) with a 1920x1080 single monitor. I can attach the crash file if necessary.
I tried to reproduce using the specific instructions from Mihai and can't. I turned on resize, resize info, and switched default resize mode to normal. I then alt-middle-click resized various windows from big to small and back. Tested on current 8.0 and master.
Bryce and Mihai, I've created a patch that logs some extra information to stderr around the segfault location. I've applied the patch atop 8.0.1 and posted the branch:
git://people.freedesktop.org/~chadversary/mesa.git ; branch 8.0-bug-46739-log1
Could you reproduce the bug with this patch and report back with the log?
Created attachment 58129 [details]
xsession-errors file with debug info
Attached .xession-errors file resulting after a crash with mesa compiled from Chad's 8.0-bug-46739-log1 git branch.
I got the same crash and filed bug 46303 a while back. I'll try applying that patch and post the log next time it happens.
Created attachment 58789 [details]
Applied the branch to the ubuntu mesa and repro'd the bug.
In the log, compiz dies, as expected, immediately after this line:
Bryce and Mihai, I've pushed a new 8.0 branch   that should fix the bug. (The patch comes from nobled on bug 46303). Could you confirm the fix?
 git://freedesktop.org/~chadversary/mesa.git ; branch 8.0-bug-46739-v1
Assigning to self.
(In reply to comment #10)
> In the log, compiz dies, as expected, immediately after this line:
> rb->mt: 0x(nil)
> Bryce and Mihai, I've pushed a new 8.0 branch   that should fix the bug.
> (The patch comes from nobled on bug 46303). Could you confirm the fix?
>  git://freedesktop.org/~chadversary/mesa.git ; branch 8.0-bug-46739-v1
>  http://cgit.freedesktop.org/~chadversary/mesa/log/?h=8.0-bug-46739-v1
Confirming the fix. Thanks, Chad!
Awesome. Closing as dupe, anyway.
*** This bug has been marked as a duplicate of bug 46303 ***