Bug 87257 - intel_drv Segfaults under OsLookupColor (again)
Summary: intel_drv Segfaults under OsLookupColor (again)
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Driver/intel (show other bugs)
Version: unspecified
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: Chris Wilson
QA Contact: Intel GFX Bugs mailing list
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-12-12 06:02 UTC by Sam
Modified: 2014-12-12 07:58 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Sam 2014-12-12 06:02:42 UTC 
I reported Bug 87207 (and got a very fast fix, thank you). Testing the fix uncovered another segfault. GDB output follows. Please see config 1 attached to Bug 87207 if the configuration is important.

[root@sfb3 drivers]# gdb /usr/libexec/Xorg.bin 
GNU gdb (GDB) Fedora 7.8.1-30.fc21
... snip...
done.
(gdb) ru
Starting program: /usr/libexec/Xorg.bin 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

X.Org X Server 1.16.2
Release Date: 2014-11-10
X Protocol Version 11, Revision 0
Build Operating System:  3.17.2-200.fc20.x86_64 
Current Operating System: Linux sfb3.samnet 3.17.4-301.fc21.x86_64 #1 SMP Thu Nov 27 19:09:10 UTC 2014 x86_64
Kernel command line: BOOT_IMAGE=/vmlinuz-3.17.4-301.fc21.x86_64 root=/dev/mapper/fedora-root ro rd.lvm.lv=fedora/swap rd.md=0 rd.dm=0 rd.luks.uuid=luks-cd76133d-e2e2-4c28-b276-14bab25a3f20 rd.lvm.lv=fedora/root rhgb quiet LANG=en_US.UTF-8
Build Date: 21 November 2014  01:15:20AM
Build ID: xorg-x11-server 1.16.2-1.fc21 
Current version of pixman: 0.32.6
        Before reporting problems, check http://wiki.x.org
        to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
        (++) from command line, (!!) notice, (II) informational,
        (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Thu Dec 11 23:46:14 2014
(==) Using config directory: "/etc/X11/xorg.conf.d"
(==) Using system config directory "/usr/share/X11/xorg.conf.d"
[tcsetpgrp failed in terminal_inferior: Operation not permitted]
[New Thread 0x7ffff2ecf700 (LWP 3444)]

Program received signal SIGSEGV, Segmentation fault.
sna_mode_set_primary (sna=sna@entry=0x7ffff2682000) at sna_display.c:5927
5927            if (rr->primaryOutput)
Missing separate debuginfos, use: debuginfo-install audit-libs-2.4.1-1.fc21.x86_64 bzip2-libs-1.0.6-14.fc21.x86_64 dbus-libs-1.8.6-3.fc21.x86_64 elfutils-libelf-0.160-1.fc21.x86_64 elfutils-libs-0.160-1.fc21.x86_64 freetype-2.5.3-11.fc21.x86_64 libXau-1.0.8-4.fc21.x86_64 libXdmcp-1.1.1-7.fc21.x86_64 libXfont-1.5.0-2.fc21.x86_64 libdrm-2.4.58-3.fc21.x86_64 libfontenc-1.1.2-3.fc21.x86_64 libgcrypt-1.6.1-7.fc21.x86_64 libgpg-error-1.13-3.fc21.x86_64 libpciaccess-0.13.3-0.3.fc21.x86_64 libpng-1.6.10-3.fc21.x86_64 libselinux-2.3-5.fc21.x86_64 libunwind-1.1-7.fc21.x86_64 libxshmfence-1.1-3.fc21.x86_64 openssl-libs-1.0.1j-1.fc21.x86_64 pcre-8.35-7.fc21.x86_64 pixman-0.32.6-4.fc21.x86_64 systemd-libs-216-12.fc21.x86_64 xz-libs-5.1.2-14alpha.fc21.x86_64 zlib-1.2.8-7.fc21.x86_64
(gdb) list
5922    #ifdef RANDR_12_INTERFACE
5923            xf86CrtcConfigPtr config = XF86_CRTC_CONFIG_PTR(sna->scrn);
5924            rrScrPrivPtr rr = rrGetScrPriv(xf86ScrnToScreen(sna->scrn));
5925            int i;
5926    
5927            if (rr->primaryOutput)
5928                    return;
5929    
5930            for (i = 0; i < sna->mode.num_real_output; i++) {
5931                    xf86OutputPtr output = config->output[i];
(gdb) bt full
#0  sna_mode_set_primary (sna=sna@entry=0x7ffff2682000) at sna_display.c:5927
        config = 0x8f8f20
        i = <optimized out>
#1  0x00007ffff35b56d9 in sna_create_screen_resources (screen=0x9dab60) at sna_driver.c:263
        new_front = 0xac8680
        hint = <optimized out>
#2  0x00000000004af39e in xf86CrtcCreateScreenResources (screen=0x9dab60) at xf86Crtc.c:709
        scrn = <optimized out>
        config = <optimized out>
#3  0x000000000043d016 in dix_main (argc=1, argv=0x7fffffffe4b8, envp=<optimized out>) at main.c:223
        pScreen = 0x9dab60
        i = 1
        alwaysCheckForInput = {0, 1}
#4  0x0000003cdac1ffe0 in __libc_start_main (main=0x4275f0 <main>, argc=1, argv=0x7fffffffe4b8, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffffe4a8) at libc-start.c:289
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -7943149856804490735, 4355573, 140737488348336, 0, 0, 7943149079959777809, -7944923151617936879}, 
              mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x5a8c20 <__libc_csu_init>, 0x7fffffffe4b8}, data = {prev = 0x0, cleanup = 0x0, 
              canceltype = 5934112}}}
        not_first_call = <optimized out>
#5  0x000000000042761e in _start ()

[sam@sfb3 ~]$
Comment 1 Chris Wilson 2014-12-12 07:58:09 UTC 
Oops, sorry should have double checked for other rrGetScrPriv() calls.

commit 60ebac591596ccb768b684b1909064570dd1cf47
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date:   Fri Dec 12 07:55:51 2014 +0000

    sna: Add another Xinerama vs RandR guard
    
    Another place used rrScrPriv without checking for its validity.
    
    Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=87257
    Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.