I'm getting following crash every time when opening xboard engine output window: [snip] (gdb) bt full #0 sna_copy_plane_blt (source=0x1d2f810, drawable=<optimized out>, gc=0x1acf670, region=0x7fff32bc2b00, sx=-843, sy=-7, bitplane=1, closure=0x7fff32bc2bb0) at /home/tmp/portage/x11-drivers/xf86-video-intel-2.20.9/work/xf86-video-intel-2.20.9/src/sna/sna_accel.c:6343 v = <optimized out> src = 0x401d2f8e4 src_stride = <optimized out> dst = 0x7f6a00d4c002 <Address 0x7f6a00d4c002 out of bounds> bx1 = <optimized out> bh = 13 bstride = <optimized out> bx2 = <optimized out> bw = <optimized out> b = <optimized out> upload = 0x26fede0 ptr = 0x7f6a00d4c000 dst_pixmap = 0x0 src_pixmap = 0x1d2f810 sna = 0x7f6a08e50010 arg = 0x7fff32bc2bb0 dx = 0 dy = 0 bit = 0 br00 = 1429211142 br13 = 63702784 box = 0x7fff32bc2b00 n = 1 #1 0x00007f6a0380da04 in sna_do_copy (src=0x1d2f810, dst=0x1dece60, gc=0x1acf670, sx=<optimized out>, sy=<optimized out>, width=14, height=14, dx=843, dy=7, copy=0x7f6a0380c0d0 <sna_copy_plane_blt>, bitPlane=1, closure=0x7fff32bc2bb0) at /home/tmp/portage/x11-drivers/xf86-video-intel-2.20.9/work/xf86-video-intel-2.20.9/src/sna/sna_accel.c:4960 clip = <optimized out> free_clip = <optimized out> region = {extents = {x1 = 843, y1 = 7, x2 = 856, y2 = 21}, data = 0x0} expose = true #2 0x00007f6a03821282 in sna_copy_plane (src=0x1d2f810, dst=0x1dece60, gc=0x1acf670, src_x=0, src_y=0, w=14, h=14, dst_x=4, dst_y=6, bit=1) at /home/tmp/portage/x11-drivers/xf86-video-intel-2.20.9/work/xf86-video-intel-2.20.9/src/sna/sna_accel.c:6548 pixmap = 0x1030b30 sna = 0x7f6a08e50010 region = {extents = {x1 = 843, y1 = 7, x2 = 856, y2 = 21}, data = 0x0} ret = 0x0 arg = {damage = 0x0, bo = 0x1030c30} #3 0x000000000052096d in damageCopyPlane (pSrc=0x1d2f810, pDst=0x1dece60, pGC=0x1acf670, srcx=<optimized out>, srcy=0, width=14, height=14, dstx=4, dsty=6, bitPlane=1) at /home/tmp/portage/x11-base/xorg-server-1.13.0/work/xorg-server-1.13.0/miext/damage/damage.c:854 ret = <optimized out> pGCPriv = 0x1acf758 oldFuncs = 0x813060 <damageGCFuncs> #4 0x000000000043734d in ProcCopyPlane (client=0x13fab60) at /home/tmp/portage/x11-base/xorg-server-1.13.0/work/xorg-server-1.13.0/dix/dispatch.c:1669 psrcDraw = 0x1d2f810 pdstDraw = 0x1dece60 pGC = 0x1acf670 stuff = 0x1ff5cd0 pRgn = <optimized out> rc = <optimized out> #5 0x000000000043b151 in Dispatch () at /home/tmp/portage/x11-base/xorg-server-1.13.0/work/xorg-server-1.13.0/dix/dispatch.c:428 clientReady = 0x11d0b30 result = <optimized out> client = 0x13fab60 nready = 0 icheck = 0x81ced0 <checkForInput> start_tick = 660 #6 0x0000000000429c3a in main (argc=10, argv=<optimized out>, envp=<optimized out>) at /home/tmp/portage/x11-base/xorg-server-1.13.0/work/xorg-server-1.13.0/dix/main.c:295 i = <optimized out> alwaysCheckForInput = {0, 1} [/snip] x11-base/xorg-server-1.13.0 USE="ipv6 kdrive nptl udev xorg xvfb -dmx -doc -minimal (-selinux) -static-libs -tslib -xnest" 0 kB media-libs/mesa-9.0 USE="classic egl g3dvl gallium gbm llvm nptl openvg osmesa shared-glapi xa xorg xvmc -bindist -debug -gles1 -gles2 -pax_kernel -pic -r600-llvm-compiler (-selinux) -vdpau -wayland" x11-drivers/xf86-video-intel-2.20.9 USE="dri sna udev -glamor -uxa -xvmc" 0 kB
Created attachment 68386 [details] Xorg.0.log
Can you please quickly retest with --enable-debug=full, repeating the bt and sending me the full debug log? Thanks.
OK, backtrace with newly compiled driver: (gdb) bt full #0 0x00007fae87804987 in sna_copy_plane_blt (source=0x31eea80, drawable=0x31fc240, gc=0x26c7540, region=0x7fff41c25c20, sx=-843, sy=-7, bitplane=1, closure=0x7fff41c25cd0) at /home/tmp/portage/x11-drivers/xf86-video-intel-2.20.9/work/xf86-video-int el-2.20.9/src/sna/sna_accel.c:6336 v = 0 '\000' i = 2 src = 0x4031eeb38 src_stride = 4294967294 dst = 0x7fae85a56002 <Address 0x7fae85a56002 out of bounds> bx1 = 0 bh = 13 bstride = 0 bx2 = 16 bw = 2 b = 0x3000000030 upload = 0x27e7200 ptr = 0x7fae85a56000 dst_pixmap = 0x21f4b10 src_pixmap = 0x31eea80 sna = 0x7fae8ceb1010 arg = 0x7fff41c25cd0 dx = 0 ---Type <return> to continue, or q <return> to quit--- dy = 0 bit = 0 br00 = 1429211142 br13 = 63702784 box = 0x7fff41c25c20 n = 1 __FUNCTION__ = "sna_copy_plane_blt" __PRETTY_FUNCTION__ = "sna_copy_plane_blt" #1 0x00007fae877ffad0 in sna_do_copy (src=0x31eea80, dst=0x31fc240, gc=0x26c7540, sx=0, sy=0, width=14, height=14, dx=843, dy=7, copy=0x7fae878044d0 <sna_copy_plane_blt>, bitPlane=1, closure=0x7fff41c25cd0) at /home/tmp/portage/x11-drivers/xf86-video-intel-2.20.9/work/xf86-video-intel-2.20.9/src/sna/sna_accel.c:4960 clip = 0x0 free_clip = 0x0 region = {extents = {x1 = 843, y1 = 7, x2 = 856, y2 = 21}, data = 0x0} expose = true __FUNCTION__ = "sna_do_copy" #2 0x00007fae87805763 in sna_copy_plane (src=0x31eea80, dst=0x31fc240, gc=0x26c7540, src_x=0, src_y=0, w=14, h=14, dst_x=4, dst_y=6, bit=1) at /home/tmp/portage/x11-drivers/xf86-video-intel-2.20.9/work/xf86-video-intel-2.20.9/src/sna/sna_accel.c:6548 ---Type <return> to continue, or q <return> to quit--- pixmap = 0x21f4b10 sna = 0x7fae8ceb1010 region = {extents = {x1 = 843, y1 = 7, x2 = 856, y2 = 21}, data = 0x0} ret = 0x0 arg = {damage = 0x0, bo = 0x21f4c10} __FUNCTION__ = "sna_copy_plane" __PRETTY_FUNCTION__ = "sna_copy_plane" #3 0x000000000052096d in damageCopyPlane (pSrc=0x31eea80, pDst=0x31fc240, pGC=0x26c7540, srcx=<optimized out>, srcy=0, width=14, height=14, dstx=4, dsty=6, bitPlane=1) at /home/tmp/portage/x11-base/xorg-server-1.13.0/work/xorg-server-1.13.0/miext/damage/damage.c:854 ret = <optimized out> pGCPriv = 0x26c7628 oldFuncs = 0x813060 <damageGCFuncs> #4 0x000000000043734d in ProcCopyPlane (client=0x26ca6e0) at /home/tmp/portage/x11-base/xorg-server-1.13.0/work/xorg-server-1.13.0/dix/dispatch.c:1669 psrcDraw = 0x31eea80 pdstDraw = 0x31fc240 pGC = 0x26c7540 stuff = 0x2ac1740 pRgn = <optimized out> ---Type <return> to continue, or q <return> to quit--- rc = <optimized out> #5 0x000000000043b151 in Dispatch () at /home/tmp/portage/x11-base/xorg-server-1.13.0/work/xorg-server-1.13.0/dix/dispatch.c:428 clientReady = 0x2394b10 result = <optimized out> client = 0x26ca6e0 nready = 0 icheck = 0x81ced0 <checkForInput> start_tick = 7940 #6 0x0000000000429c3a in main (argc=10, argv=<optimized out>, envp=<optimized out>) at /home/tmp/portage/x11-base/xorg-server-1.13.0/work/xorg-server-1.13.0/dix/main.c:295 i = <optimized out> alwaysCheckForInput = {0, 1} (gdb)
Created attachment 68409 [details] Xorg.0.log.xz Log itself is 38mb compressed into 1.3mb
Thanks! commit a1ea19a3edaac6e1e5d240b75b7c5fdcfea0e0a8 Author: Chris Wilson <chris@chris-wilson.co.uk> Date: Wed Oct 10 23:20:13 2012 +0100 sna: Prevent sign-extension when manipulating strides Reported-by: Priit Laes <plaes@plaes.org> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=55823 Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.