Bug 48332 - [sna] Segfault in tor_inplace
Summary: [sna] Segfault in tor_inplace
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Driver/intel (show other bugs)
Version: git
Hardware: Other All
: medium normal
Assignee: Chris Wilson
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-05 05:03 UTC by Da Fox
Modified: 2012-04-09 02:51 UTC (History)
4 users (show)

See Also:
i915 platform:
i915 features:

Attachments
captured backtrace (13.96 KB, text/plain)
2012-04-05 05:03 UTC, Da Fox 		no flags Details
captured backtrace 2 (12.65 KB, text/plain)
2012-04-09 02:25 UTC, Da Fox 		no flags Details
View All

Description Da Fox 2012-04-05 05:03:18 UTC 
Created attachment 59517 [details]
captured backtrace

While working with eog ('the eye of gnome') suddenly X crashed. The crash appeared to happen at the exact moment of a click of the main eog-window, however I've been clicking that window for some time before and after the crash without adverse effects.

I've attached the backtrace that was captured.

My hardware is a Dell XPS 15 (L502x) laptop with:
00:02.0 VGA compatible controller: Intel Corporation Device 0116 (rev 09)
[    13.803] (II) intel(0): Integrated Graphics Chipset: Intel(R) Sandybridge
Mobile (GT2)

Running xf86-video-intel from git, commit 98ad4c3cd8647ba3ec90fb45157773c8e85e886c
Comment 1 Chris Wilson 2012-04-06 01:45:01 UTC 
That crash looks pretty inexplicable. The pointers are all valid, the indices are all within range... Meh.
Comment 2 Chris Wilson 2012-04-06 06:25:25 UTC 
Retitling as an expected SIGSEGV is unexpected.
Comment 3 Da Fox 2012-04-09 02:25:59 UTC 
Created attachment 59670 [details]
captured backtrace 2

I just hit another SIGSEGV, which although not quite identical might be related as it also passes through tor_inplace: tor_inplace() calling fill_buckets() (please see attachment). 

This happened as I was watching some youtube videos, just as I clicked on the youtube searchbar.

Intel driver is/was at commit b790ba2ec9ead51227d85fc8630bc7505eb7d7b3 .
Comment 4 Chris Wilson 2012-04-09 02:44:45 UTC 
That segfault is still collateral damage.

Can you try reproducing with

commit 2e4da00e3e03b873f5cad0cc5b1f6cc791852ca5
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date:   Mon Apr 9 10:42:18 2012 +0100

    sna/traps: Assert that the inplace row is contained before writing
    
    References: https://bugs.freedesktop.org/show_bug.cgi?id=48332
    Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Comment 5 Chris Wilson 2012-04-09 02:51:24 UTC 
commit 7f0bede3e7e3f92a637d1c886304b16afc0e34f2
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date:   Mon Apr 9 10:48:08 2012 +0100

    sna/traps: Use a temporary variable for the write pointer
    
    To avoid accumulating the write offset for wide spans, we need to reset
    the destination pointer between spans.
    
    Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=48332
    Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.