Ubuntu

compiz crashed with SIGSEGV in intel_miptree_release()

Reported by Diego Carrera Gallego on 2012-02-03
This bug affects 137 people
Affects Status Importance Assigned to Milestone
xf86-video-intel
Fix Released
Medium
mesa (Ubuntu)
Critical
Canonical X.org

Bug Description

i just update

<czajkowski> bryceh: alt tab through applications fast
<czajkowski> vlc thunderbird, 2 terminals and 2 chromes out
<czajkowski> seems to make it have a hissy fit

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: unity 5.2.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-12.21-ux31 3.2.2
Uname: Linux 3.2.0-12-ux31 x86_64
ApportVersion: 1.91-0ubuntu1
Architecture: amd64
CrashCounter: 1
Date: Fri Feb 3 23:10:11 2012
ExecutablePath: /usr/bin/compiz
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha amd64 (20120125)
ProcCmdline: compiz
SegvAnalysis:
 Segfault happened at: 0x7f109783fd49 <intel_miptree_release+9>: mov (%rdi),%rcx
 PC (0x7f109783fd49) ok
 source "(%rdi)" (0x00000220) not located in a known VMA region (needed readable region)!
 destination "%rcx" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: unity
StacktraceTop:
 intel_miptree_release () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
 intel_update_renderbuffers () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
 intelSetTexBuffer2 () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
 TfpTexture::bindPixmapToTexture(unsigned long, int, int, int) () from /usr/lib/compiz/libopengl.so
 boost::detail::function::function_invoker4<GLTexture::List (*)(unsigned long, int, int, int), GLTexture::List, unsigned long, int, int, int>::invoke(boost::detail::function::function_buffer&, unsigned long, int, int, int) () from /usr/lib/compiz/libopengl.so
Title: compiz crashed with SIGSEGV in intel_miptree_release()
UpgradeStatus: Upgraded to precise on 2012-02-03 (0 days ago)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

StacktraceTop:
 intel_miptree_release (mt=0x220) at intel_mipmap_tree.c:290
 intel_process_dri2_buffer_with_separate_stencil (buffer_name=0x7f10978c0090 "dri2 hiz buffer", rb=0x2d05200, buffer=<optimized out>, intel=0x1c6ba50, drawable=<optimized out>) at intel_context.c:1267
 intel_update_renderbuffers (context=<optimized out>, drawable=0x3149090) at intel_context.c:361
 intelSetTexBuffer2 (pDRICtx=0x1c65920, target=3553, texture_format=8410, dPriv=0x3149090) at intel_tex_image.c:335
 TfpTexture::bindPixmapToTexture(unsigned long, int, int, int) () from /tmp/tmpT7Z2eR/usr/lib/compiz/libopengl.so

Changed in unity (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unity (Ubuntu):
status: New → Confirmed

Created attachment 57285
compiz stacktrace

Mesa git: e86d90eb
Sandybridge

Occasionally, compiz crashes after opening a new X window and it ends up calling intelSetTexBuffer2, like in the attached stacktrace.

tags: added: bugpattern-needed
Sebastien Bacher (seb128) wrote :

That bug is getting quite some duplicates, Bryce, Chris, any clue if that's an xorg or unity issue?

visibility: private → public
Changed in unity (Ubuntu):
importance: Medium → High
Changed in xserver-xorg-video-intel (Ubuntu):
importance: Undecided → High
status: New → Confirmed
Bryce Harrington (bryce) wrote :

Crashing in mesa around here:

mesa-git-ubuntu/src/mesa/drivers/dri/i915/intel_context.c:
   /* Release the buffer storage now in case we have to return early
    * due to failure to allocate new storage.
    */
   if (buffer->attachment == __DRI_BUFFER_HIZ) {
      intel_miptree_release(&rb->mt->hiz_mt);
   } else {
      intel_miptree_release(&rb->mt);
   }

Guess it's a regression in mesa 8? Probably should go upstream; would be helpful to know steps to reproduce first though.

Changed in xserver-xorg-video-intel (Ubuntu):
status: Confirmed → Triaged
description: updated
Bryce Harrington (bryce) on 2012-02-20
affects: xserver-xorg-video-intel (Ubuntu) → mesa (Ubuntu)

Created attachment 57365
full compiz stacktrace

(With all debug symbols this time.)

Bryce Harrington (bryce) wrote :

Diego and czajkowski,

So far I've been unable to reproduce this bug on Intel. However, this may well be one of the infamous HiZ bugs in mesa 8.0, which are believed should be solved with a patch included in 8.0.1:

http://cgit.freedesktop.org/mesa/mesa/patch/?id=e1f9820b47e3f124c49cd2ab4e09328e0cc3e638

Since it sounds like you guys are able to reproduce this relatively easily, would you mind doing a test? I've verified we include this patch in current xorg-edgers, so can you install that PPA and verify that the problems go away?

https://launchpad.net/~xorg-edgers/+archive/ppa

Changed in mesa (Ubuntu):
status: Triaged → Incomplete

Created attachment 57425
Piglit test case

Reproduced this issue on SNB. Attaching the piglit test case to reproduce the issue. Test case will also be posted on piglit mailing list for review.

Bryce Harrington (bryce) wrote :

Here, this is a cleaner PPA with *just* mesa. Use this rather than xorg-edgers:

  https://launchpad.net/~ubuntu-x-swat/+archive/mesa-8.0.1

Laura Czajkowski (czajkowski) wrote :

Added the PPA so far no issues, have opened up numerous applications and switched between them and no crash occurred.

Download full text (3.2 KiB)

Intel driver is unable to map large textures. which generates GL_OUT_OF_MEMORY error and a segfault/assertion failure later on. This issue is closely related to Bug:44970.

Piglit test case error log:

GL_TEXTURE_2D, Maximum allowable texture size = 8192
Mesa: User error: GL_OUT_OF_MEMORY in glTexSubImage2D
GL error 1 while testing GL_TEXTURE_2D, texture size = 4097, internal format = GL_RGBA8
intel-miptree-release: intel_regions.c:310: intel_region_release: Assertion `region->map_refcount == 0' failed.

Program received signal SIGABRT, Aborted.
0x00110416 in __kernel_vsyscall ()
(gdb) bt
#0 0x00110416 in __kernel_vsyscall ()
#1 0x4dc3698f in __GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2 0x4dc382d5 in __GI_abort () at abort.c:91
#3 0x4dc2f6a5 in __assert_fail_base (fmt=0x4dd6fc48 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x29a949 "region->map_refcount == 0",
    file=0x29a85f "intel_regions.c", line=310, function=0x29a9b1 "intel_region_release") at assert.c:94
#4 0x4dc2f757 in __GI___assert_fail (assertion=0x29a949 "region->map_refcount == 0", file=0x29a85f "intel_regions.c", line=310,
    function=0x29a9b1 "intel_region_release") at assert.c:103
#5 0x001f4b52 in intel_region_release (region_handle=0x83203bc) at intel_regions.c:310
#6 0x001f1def in intel_miptree_release (mt=0x8328d2c) at intel_mipmap_tree.c:299
#7 0x001f1cab in intel_miptree_reference (dst=0x8328d2c, src=0x831f1f8) at intel_mipmap_tree.c:276
#8 0x001fa117 in intel_alloc_texture_image_buffer (ctx=0x80c8aa0, image=0x831d3b8, format=MESA_FORMAT_ARGB8888, width=4098, height=4098, depth=1) at intel_tex.c:104
#9 0x003f9815 in _mesa_store_teximage3d (ctx=0x80c8aa0, texImage=0x831d3b8, internalFormat=32856, width=4098, height=4098, depth=1, border=0, format=6408,
    type=5126, pixels=0x0, packing=0x80ce530) at main/texstore.c:4280
#10 0x001fb3ac in intelTexImage (ctx=0x80c8aa0, dims=2, texImage=0x831d3b8, internalFormat=32856, width=4098, height=4098, depth=1, format=6408, type=5126,
    pixels=0x0, unpack=0x80ce530, imageSize=0) at intel_tex_image.c:227
#11 0x001fb479 in intelTexImage2D (ctx=0x80c8aa0, texImage=0x831d3b8, internalFormat=32856, width=4098, height=4098, border=0, format=6408, type=5126, pixels=0x0,
    unpack=0x80ce530) at intel_tex_image.c:256
#12 0x003e16ec in teximage (ctx=0x80c8aa0, dims=2, target=3553, level=0, internalFormat=32856, width=4098, height=4098, depth=1, border=0, format=6408, type=5126,
    pixels=0x0) at main/teximage.c:2535
#13 0x003e193c in _mesa_TexImage2D (target=3553, level=0, internalFormat=32856, width=4098, height=4098, border=0, format=6408, type=5126, pixels=0x0)
    at main/teximage.c:2587
#14 0x0806bedb in piglit_display () at /home/anuj/projects/piglit/tests/bugs/intel-miptree-release.c:109
#15 0x0806c6d7 in display () at /home/anuj/projects/piglit/tests/util/piglit-framework.c:56
#16 0x4d13a3c3 in ?? () from /usr/lib/libglut.so.3
#17 0x4d13ddc7 in fgEnumWindows () from /usr/lib/libglut.so.3
#18 0x4d13a86e in glutMainLoopEvent () from /usr/lib/libglut.so.3
#19 0x4d13b0b8 in glutMainLoop () from /usr/lib/libglut.so.3
#20 0x0806ce59 in main (argc=1, argv=0xbffff1d4) at /home/anuj/project...

Read more...

Great, then yeah this looks like it's an HiZ issue.

We'll be updating to 8.0.1 soon enough, not worth the trouble to cherrypick the patches.

summary: - compiz crashed with SIGSEGV in intel_miptree_release()
+ compiz crashed with SIGSEGV in intel_miptree_release() (Needs
+ mesa-8.0.1)
Changed in unity (Ubuntu):
status: Confirmed → Invalid
Changed in mesa (Ubuntu):
milestone: none → ubuntu-12.04-beta-1
status: Incomplete → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mesa - 8.0.1-0ubuntu1

---------------
mesa (8.0.1-0ubuntu1) precise; urgency=low

  * Merge from Debian experimental.

mesa (8.0.1-1) UNRELEASED; urgency=low

  * New upstream bugfix release. (LP: #926379)

mesa (8.0-2) experimental; urgency=low

  [ Julien Cristau ]
  * Only build the radeon, r200, i915 and i965 dri drivers on Linux. They
    require KMS.

  [ Cyril Brulebois ]
  * Fix FTBFS on GNU/kFreeBSD with libgl1-mesa-dri.install.kfreebsd.in:
    there's no *_dri.so file left in the top directory, only swrast is
    built and shipped under gallium/. So mention it explicitly, in the
    same way as it is done in the libgl1-mesa-dri.install.linux.in file.
  * Enable wayland support again, but only on Linux. Wayland needs some
    porting (it uses *CLOEXEC flags and epoll). For that, add those files
    since EGL packages are also shipped on GNU/kFreeBSD, and we need to
    add a few files for Wayland, but only for Linux:
    - libegl1-mesa-dev.install.linux.in
    - libegl1-mesa-drivers.install.linux.in
  * Limit the wl_drm_interface symbol to arch=linux-any accordingly,
    and bump the version.
  * Limit the build-dependency on libwayland-dev to linux-any too, and
    bump it.
  * Automatically revert changes to bin/{config.{guess,sub},install-sh} in
    the clean target. The first two are modified, the last one needs to be
    turned back into a symlink.
 -- Timo Aaltonen <email address hidden> Thu, 23 Feb 2012 11:34:05 +0200

Changed in mesa (Ubuntu):
status: In Progress → Fix Released
Guilherme Salgado (salgado) wrote :

This seems to have hit me again: bug 942662

James Troup (elmo) wrote :

I also just got bitten by this - on a freshly updated + rebooted precise laptop with mesa 8.0.1-0ubuntu2 installed. Reopening...

Changed in mesa (Ubuntu):
status: Fix Released → Confirmed
Bryce Harrington (bryce) on 2012-02-28
tags: added: apport-request-retrace
removed: apport-crash bugpattern-needed
tags: added: apport-crash
Bryce Harrington (bryce) wrote :

Hmm, bummer. I wonder if it is indeed the prior bug, or just some secondary fallout.

I've re-enabled the apport collector so hopefully it can bring us another stacktrace. Meanwhile, please do whatever you can to reproduce the crash one more time, so we can get an updated stack trace for the new code.

Bryce Harrington (bryce) wrote :

Possibly is this upstream bug:
  https://www.libreoffice.org/bugzilla/show_bug.cgi?id=46303
we'll have to check once someone's posted a stacktrace.

Changed in mesa (Ubuntu):
importance: High → Critical
Bryce Harrington (bryce) wrote :

Our guess is that the 8.0.1 patch solved these crashes for the general case, but there are corner cases. The aforementioned links indicate that this crash happens when compiz renders to a large texture. If that is true, it would mean that this bug can be reproduced only on systems with large extended monitors or similar configurations with very high total resolution allocations. Something like that.

Also, sounds like this issue is believed to affect only sandybridge / ironlake, although I don't have that confirmed and can't tell from the dupes. (Unfortunately the unity apport hook doesn't attach hardware info, grr...)

Bryce Harrington (bryce) wrote :

I don't have a sandybridge/ironlake system on hand, and can't reproduce on my other intel hardware.

However if someone does have that hardware and can reproduce the issue, here's what we need right now:

a) Gather a full backtrace (see https://wiki.ubuntu.com/Backtrace)
b) Is it reproducible on any graphics other than ironlake/sandybridge?
c) What are some steps that will (semi-)reliably reproduce the crash?

Guilherme Salgado (salgado) wrote :

Bryce, do you still need me to attach dmesg/Xorg.0.log/xsession-errors?

Bryce Harrington (bryce) wrote :

There have been two patches proposed upstream (one to mesa, one to libdrm) which purportedly fix this crash, however they've not yet been reviewed or accepted into any official git trees. If someone figures out a reliable way to reproduce the crash, we can package the patches for testing (probably not worth packaging them until we have a way to definitively know whether or not they will work.)

Guilherme Salgado (salgado) wrote :

I won't be able to get a backtrace today, but will do so tomorrow if nobody beats me to it.

Bryce Harrington (bryce) wrote :

Guilherme, yes a fresh dmesg/Xorg.0.log/.xsession-errors would be helpful. The backtrace is the most important bit though so we definitely need that.

Package: unity 5.4.0-0ubuntu2
ProcCmdline: compiz

tags: removed: apport-request-retrace

From elmo's dupe bug #942966

.xsession-errors:
Gtk-WARNING **: Unable to locate theme engine in module_path: "pixmap",
ERROR:dbus.service:Unable to append ({'CanGoNext': True, 'CanPause': True, 'Shuffle': True, 'CanControl': True, 'LoopStatus': 'None', 'PlaybackStatus': 'Paused', 'Volume': 1.0, 'MinimumRate': 1.0, 'Rate': 1.0, 'CanPlay': True, 'CanSeek': True, 'Position': <function __get_position at 0x3fc47d0>, 'CanGoPrevious': True, 'MaximumRate': 1.0, 'Metadata': dbus.Dictionary({'mpris:trackid': '/org/mpris/MediaPlayer2/'}, signature=dbus.Signature('sv'))},) to message with signature a{sv}: <type 'exceptions.TypeError'>: Don't know which D-Bus type to use to encode type "function"

** WARNING **: Error calling current_status: Method "current_status" with signature "" on interface "com.ubuntuone.SyncDaemon.Status" doesn't exist

** CRITICAL **: syncdaemon_status_info_get_online: assertion `SYNCDAEMON_IS_STATUS_INFO (sinfo)' failed
gnome-session[2252]: WARNING: Application 'compiz.desktop' killed by signal
gnome-session[2252]: WARNING: App 'compiz.desktop' respawning too quickly
gnome-session[2252]: CRITICAL: We failed, but the fail whale is dead. Sorry....
Checking if settings need to be migrated ...no

Nothing in Xorg.0.log pertaining to the crash.

dmesg shows compiz crash:
[ 59.698080] [UFW BLOCK] IN=lxcbr0 OUT= MAC=01:00:5e:00:00:01:22:e2:79:01:8e:08:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
[ 59.698147] [UFW BLOCK] IN=lxcbr0 OUT= MAC=33:33:00:00:00:01:22:e2:79:01:8e:08:86:dd SRC=fe80:0000:0000:0000:20e2:79ff:fe01:8e08 DST=ff02:0000:0000:0000:0000:0000:0000:0001 LEN=72 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=130 CODE=0
[ 63.471023] [UFW BLOCK] IN=virbr0 OUT= MAC=01:00:5e:00:00:01:9e:da:ff:51:e8:e6:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
[ 65.272714] [drm] Changing LVDS panel from (-hsync, -vsync) to (-hsync, +vsync)
[ 68.500193] Valid eCryptfs headers not found in file header region or xattr region, inode 20578766
[ 68.500196] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 104.146438] compiz[2324]: segfault at 220 ip 00007f80c046e5a9 sp 00007fff153052b0 error 4 in i965_dri.so[7f80c0444000+ce000]
[ 184.765977] [UFW BLOCK] IN=lxcbr0 OUT= MAC=01:00:5e:00:00:01:22:e2:79:01:8e:08:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
[ 184.766101] [UFW BLOCK] IN=lxcbr0 OUT= MAC=33:33:00:00:00:01:22:e2:79:01:8e:08:86:dd SRC=fe80:0000:0000:0000:20e2:79ff:fe01:8e08 DST=ff02:0000:0000:0000:0000:0000:0000:0001 LEN=72 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=130 CODE=0

Forwarding this bug from Ubuntu that multiple people are hitting:
http://bugs.launchpad.net/ubuntu/+source/mesa/+bug/926379

[Problem]
compiz crash in intel_miptree_release() at intel_mipmap_tree.c:290 called by intel_process_dri2_buffer_with_separate_stencil()

Occurs right after a fresh boot on an otherwise vanilla laptop (no external displays). Others indicate their crashes occur post-boot in compiz while switching desktops, minimizing windows, etc. but we don't have stack traces for these other cases so I can't be 100% certain.

[Description]
Since moving to mesa 8.x, we've had scattered reports where compiz crashes with stacktraces terminating in intel_miptree_release().

We thought updating to 8.0.1 would resolve these crashes (and perhaps they did; the frequency of reports seems lower than before). However we've still gotten a handful of people hitting it. I don't know what graphics these other folk were running; could well be Sandybridge. I have not been able to reproduce this on my own (non-Sandybridge, non-Ironlake) hardware.

[Stacktrace top]
Thread 1 (Thread 0x7f80c961c780 (LWP 2324)):
#0 intel_miptree_release (mt=0x220) at intel_mipmap_tree.c:290
        __FUNCTION__ = "intel_miptree_release"
#1 0x00007f80c0468421 in intel_process_dri2_buffer_with_separate_stencil (buffer_name=0x7f80c04f0d90 "dri2 hiz buffer", rb=0x3487cb0, buffer=<optimized out>, intel=0x1ce7bf0, drawable=<optimized out>) at intel_context.c:1267
        buffer_width = <optimized out>
        buffer_height = <optimized out>
        region = 0x0
        mt = <optimized out>
#2 intel_update_renderbuffers (context=<optimized out>, drawable=0x26669e0) at intel_context.c:361
        fb = 0x4343720
        rb = 0x3487cb0
        intel = 0x1ce7bf0
        buffers = <optimized out>
        attachments = <optimized out>
        i = <optimized out>
        count = 5
        region_name = 0x7f80c04f0d90 "dri2 hiz buffer"
        try_separate_stencil = true
        __func__ = "intel_update_renderbuffers"
#3 0x00007f80c04758bd in intelSetTexBuffer2 (pDRICtx=0x1ce1ae0, target=3553, texture_format=8410, dPriv=0x26669e0) at intel_tex_image.c:335
        fb = 0x4343720
        intel = 0x1ce7bf0
        ctx = 0x1ce7bf0
        rb = 0x1ce1ae0
        texObj = 0x3f86920
        texImage = <optimized out>
        texFormat = <optimized out>

[lspci]
00:02.0 0300: 8086:0126 (rev 09) (prog-if 00 [VGA controller])

Created attachment 57783
dmesg

Created attachment 57784
Xorg.0.log

Created attachment 57785
ThreadStacktrace.txt

Bryce Harrington (bryce) wrote :

I've forwarded this bug upstream to: https://bugs.freedesktop.org//show_bug.cgi?id=46739

I think we have enough info now, although I wouldn't mind seeing other stacktraces in case there are more permutations on this bug.

Changed in mesa (Ubuntu):
status: Confirmed → Triaged

I can constantly reproduce this crash by simply resizing any window with Compiz enabled and Resize plugin style set to normal (i.e., window content adjusts constantly during resize). The only requirement is to resize by a considerable amount, like doubling the size of the window. Small resizes work, though I get graphical artifacts in the resized area.

I'm using a Sandybridge desktop (i5 2400) with a 1920x1080 single monitor. I can attach the crash file if necessary.

I tried to reproduce using the specific instructions from Mihai and can't. I turned on resize, resize info, and switched default resize mode to normal. I then alt-middle-click resized various windows from big to small and back. Tested on current 8.0 and master.

Martin Pitt (pitti) on 2012-03-02
Changed in mesa (Ubuntu):
milestone: ubuntu-12.04-beta-1 → ubuntu-12.04-beta-2

Bryce and Mihai, I've created a patch that logs some extra information to stderr around the segfault location. I've applied the patch atop 8.0.1 and posted the branch:
  git://people.freedesktop.org/~chadversary/mesa.git ; branch 8.0-bug-46739-log1

Could you reproduce the bug with this patch and report back with the log?

Created attachment 58129
xsession-errors file with debug info

Attached .xession-errors file resulting after a crash with mesa compiled from Chad's 8.0-bug-46739-log1 git branch.

Changed in xserver-xorg-video-intel:
importance: Unknown → Critical
status: Unknown → Confirmed

I have somewhat artificial steps but they reproduce this problem pretty easily on my Sandy Bridge laptop.
Open video with gmplayer and start switching fullscreen/windowed using 'f' key and scroll forward using right arrow simultaneously. Usually it takes less then 30 seconds before crash.

Critical bug in xorg ... I suspect the desktop team will want to look at it again, so assigning

Changed in mesa (Ubuntu):
assignee: nobody → Canonical Desktop Team (canonical-desktop-team)
Martin Pitt (pitti) on 2012-03-16
Changed in mesa (Ubuntu):
assignee: Canonical Desktop Team (canonical-desktop-team) → Canonical X.org (canonical-x)

I got the same crash and filed bug 46303 a while back. I'll try applying that patch and post the log next time it happens.

Are you sure that's the same issue? When you disable asserts, does it go on to hit a bad memory access because rb->mt == NULL and it calls intel_miptree_release(&rb->mt->hiz_mt), which then dereferences it first thing?

Created attachment 58573
log with chadv's debug branch

Here's the stderr output from a run of compiz with this branch:
http://cgit.freedesktop.org/~chadversary/mesa/log/?h=8.0-bug-46739-log1

Timo Aaltonen (tjaalton) on 2012-03-18
summary: - compiz crashed with SIGSEGV in intel_miptree_release() (Needs
- mesa-8.0.1)
+ compiz crashed with SIGSEGV in intel_miptree_release()

Created attachment 58726
intel: fix null deref processing HiZ buffer

Does this patch look fine?

Created attachment 58789
xsession-errors

Applied the branch to the ubuntu mesa and repro'd the bug.

Laura Czajkowski (czajkowski) wrote :

This keeps happening to me today when i alt tab through applications and it just randomly crashes!

The patch looks perfect. It has my
Reviewed-by: Chad Versace <email address hidden>.

Assigning to self.

In the log, compiz dies, as expected, immediately after this line:
  rb->mt: 0x(nil)

Bryce and Mihai, I've pushed a new 8.0 branch [1] [2] that should fix the bug. (The patch comes from nobled on bug 46303). Could you confirm the fix?

[1] git://freedesktop.org/~chadversary/mesa.git ; branch 8.0-bug-46739-v1
[2] http://cgit.freedesktop.org/~chadversary/mesa/log/?h=8.0-bug-46739-v1

Assigning to self.

(In reply to comment #10)
> In the log, compiz dies, as expected, immediately after this line:
> rb->mt: 0x(nil)
>
> Bryce and Mihai, I've pushed a new 8.0 branch [1] [2] that should fix the bug.
> (The patch comes from nobled on bug 46303). Could you confirm the fix?
>
> [1] git://freedesktop.org/~chadversary/mesa.git ; branch 8.0-bug-46739-v1
> [2] http://cgit.freedesktop.org/~chadversary/mesa/log/?h=8.0-bug-46739-v1

Confirming the fix. Thanks, Chad!

Robert Hooker (sarvatt) wrote :

The fix

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mesa - 8.0.2-0ubuntu2

---------------
mesa (8.0.2-0ubuntu2) precise; urgency=low

  [ Robert Hooker ]
  * Add 117_intel_fix_hiz_null_dereference.patch fixing a null deference
    when processing HiZ buffers (LP: #926379)
 -- Timo Aaltonen <email address hidden> Thu, 22 Mar 2012 21:25:52 +0200

Changed in mesa (Ubuntu):
status: Triaged → Fix Released

Awesome. Closing as dupe, anyway.

*** This bug has been marked as a duplicate of bug 46303 ***

*** Bug 46739 has been marked as a duplicate of this bug. ***

Committed to master as 8d9decb75f0df564abaf9888d9fc5c77de8059cd.

It's a day too late to make it into 8.0.2 unfortunately.

And cherry-picked to the 8.0 stable branch as 89e796aef5ca1b35ca4ff6fce9231b4125e07037.

Here's to 8.0.3?

Changed in xserver-xorg-video-intel:
status: Confirmed → Invalid
Changed in xserver-xorg-video-intel:
importance: Critical → Unknown
status: Invalid → Unknown
Changed in xserver-xorg-video-intel:
importance: Unknown → Medium
status: Unknown → Fix Released
Omer Akram (om26er) on 2012-04-06
no longer affects: unity (Ubuntu)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.