Bug 14094

Summary: [965GM] MESA/DRI GIT: Segmentation fault in intel_fbo.c:369
Product: Mesa Reporter: vaLentin <rusinante>
Component: Drivers/DRI/i965Assignee: Default DRI bug account <dri-devel>
Status: RESOLVED FIXED QA Contact:
Severity: critical    
Priority: high CC: bugzilla, michael.fu
Version: gitKeywords: NEEDINFO
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: Xorg conf file
Xorg log

Description vaLentin 2008-01-16 01:22:52 UTC 
Created attachment 13742 [details]
Xorg conf file

Hi. I have a laptop which has Intel 965GM on board video device. Recently I have reported a bug to the mesa developers:

https://bugs.freedesktop.org/show_bug.cgi?id=13492

Eric Anholt fixed it and I would like to thank him about that.

After I saw that the bug has been marked as resolved I decided to install the latest mesa and dri git versions on my system so I can test and eventually play games that need 3d ac
celeration and OpenGL with wine. Before those were failing due to a bug in the mesa library. Ok. I re-installed MESA and DRI from the _GIT_ as per instructions available on the fo
llowing web address: 

http://dri.freedesktop.org/wiki/Building

After that the glxinfo binary and the applications which were previously dying in the mesa part of the 3d handling are now crashing in the DRI part. Here we go.

In the mesa/configs/linux-dri config file I have:

OPT_FLAGS  = -pipe -O2 -march=prescott -mtune=prescott -fomit-frame-pointer -g 
DRI_DIRS = i810 i915 i965

Some other things that might be usefull:

Portage 2.1.4 (default-linux/x86/2007.0, gcc-4.1.2, glibc-2.7-r1, 2.6.23-gentoo-r5-sunshine i686)

=================================================================
System uname: 2.6.23-gentoo-r5-sunshine i686 Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz
Timestamp of tree: Wed, 16 Jan 2008 06:30:08 +0000
app-shells/bash:     3.2_p33
dev-lang/python:     2.4.4-r8, 2.5.1-r5
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23-r3
ACCEPT_KEYWORDS="x86 ~x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-pipe -O2 -march=prescott -mtune=prescott -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-pipe -O2 -march=prescott -mtune=prescott -fomit-frame-pointer"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
USE="X a52 aac acl acpi alsa amr battery berkdb bitmap-fonts bluetooth bzip2 cdr cli cpudetection cpufreq cracklib crypt doc dri dv dvd dvdnav dvdr dvdread ermt exif ffmpeg fortran gdbm gif glitz gpm gtk hal iconv imlib imlib2 isdnlog jpeg jpeg2k lame lm_sensors mad midi mmx mmxext mp2 mp3 mpeg mudflap ncurses nls nptl nptlonly ogg opengl openmp pam pcmcia
 pcre perl pmu png pppd python qt-static qt3 quicktime radio readline real realmedia reflection sdl sensord session slang smp socks5 sound spl srt sse sse2 ssl ssse3 svg symlink t
cpd tk truetype truetype-fonts truetype2 type1-fonts unicode usb vidix vorbis wifi win32codecs wxwindows x86 xgetdefault xml xorg xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp ati
ixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_P
LUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODUL
ES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache da
v dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif spel
ing status unique_id userdir usertrack vhost_alias" CAMERAS="canon" ELIBC="glibc" INPUT_DEVICES="keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk 
hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en bg" USERLAND="GNU" VIDEO_CARDS="i810 vesa vga"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

Manually compilled and installed mesa and dri from the git repo. I have restarted the X server and DRI is reported to be working correctly:

charged rusinante@sunshine:/usr/local/src$  glxinfo | grep Yes
Failed to initialize TTM buffer manager.  Falling back to classic.
direct rendering: Yes

For your reference you can also check the Xorg.log and xorg.conf files attached.

However when I try to run glxgears here is what I get:

charged rusinante@sunshine:/usr/local/src$ ./mesa/progs/xdemos/glxgears
Failed to initialize TTM buffer manager.  Falling back to classic.
Segmentation fault
charged rusinante@sunshine:/usr/local/src$

Here the crash report goes:

charged rusinante@sunshine:/usr/local/src/mesa/progs/xdemos$ gdb ./glxgears 2>&1 | tee /tmp/g,xinfo
GNU gdb 6.7.1
Copyright (C) 2007 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...
Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) handle SIG33 pass nostop noprint
Signal        Stop      Print   Pass to program Description
SIG33         No        No      Yes             Real-time event 33
(gdb) set pagination 0
(gdb) run
Starting program: /usr/local/src/mesa/progs/xdemos/glxgears 
[Thread debugging using libthread_db enabled]
[New Thread 0xb7acf6d0 (LWP 8083)]
Failed to initialize TTM buffer manager.  Falling back to classic.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7acf6d0 (LWP 8083)]
intel_renderbuffer_set_region (rb=0x8339310, region=0x0) at intel_fbo.c:369
369        rb->pfMap = region->map;
(gdb) backtrace full
#0  intel_renderbuffer_set_region (rb=0x8339310, region=0x0) at intel_fbo.c:369
        old = (struct intel_region *) 0x0
#1  0xb78b55e1 in intelMakeCurrent (driContextPriv=0x8054b70, driDrawPriv=0x8055260, driReadPriv=0x8055260) at intel_context.c:686
        irbDepth = (struct intel_renderbuffer *) 0x83393b0
        irbStencil = (struct intel_renderbuffer *) 0x83393b0
        intel = (struct intel_context *) 0x805a700
        intel_fb = (struct intel_framebuffer *) 0x8338eb0
#2  0xb78aac70 in driBindContext (ctx=0x80554cc, pdraw=0x80782e0, pread=0x80782e0) at ../common/dri_util.c:221
        __ret = <value optimized out>
        pdp = (__DRIdrawablePrivate *) 0x8055260
        prp = (__DRIdrawablePrivate *) 0x8055260
        pcp = (__DRIcontextPrivate * const) 0x8054b70
        psp = (__DRIscreenPrivate *) 0x8055048
#3  0xb7e6cc7e in MakeContextCurrent (dpy=0x804d008, draw=14680066, read=14680066, gc=0x8055418) at glxext.c:1647
        reply = {type = 16 '\020', unused = 184 '', sequenceNumber = 47093, length = 0, contextTag = 1, pad2 = 1, pad3 = 0, pad4 = 134514792, pad5 = 0, pad6 = 134529040}
        oldGC = (const GLXContext) 0xb7ead1a0
        opcode = <value optimized out>
        oldOpcode = 160 ''
        bindReturnValue = <value optimized out>
#4  0xb7e6cf63 in glXMakeCurrent (dpy=0x804d008, draw=14680066, gc=0x8055418) at glxext.c:1822
No locals.
#5  0x0804a1fb in main (argc=-1080179052, argv=0xb7f5afc4) at glxgears.c:601
        winWidth = 300
        winHeight = 0
        x = 0
        y = 0
        dpy = (Display *) 0x804d008
        win = 1
        ctx = (GLXContext) 0xe00002
        dpyName = 0x8055418 "\b\220\b\220@\217\217\003"
        printInfo = 0 '\0'
        i = <value optimized out>
(gdb) info registers
eax            0xbf9dc30c       -1080179956
ecx            0x0      0
edx            0x0      0
ebx            0xb7ab4ff4       -1213509644
esp            0xbf9dc2f0       0xbf9dc2f0
ebp            0x8055260        0x8055260
esi            0x8339310        137597712
edi            0x0      0
eip            0xb78b99c3       0xb78b99c3 <intel_renderbuffer_set_region+66>
eflags         0x210286 [ PF SF IF RF ID ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51
(gdb) thread apply all backtrace

Thread 1 (Thread 0xb7acf6d0 (LWP 8083)):
#0  intel_renderbuffer_set_region (rb=0x8339310, region=0x0) at intel_fbo.c:369
#1  0xb78b55e1 in intelMakeCurrent (driContextPriv=0x8054b70, driDrawPriv=0x8055260, driReadPriv=0x8055260) at intel_context.c:686
#2  0xb78aac70 in driBindContext (ctx=0x80554cc, pdraw=0x80782e0, pread=0x80782e0) at ../common/dri_util.c:221
#3  0xb7e6cc7e in MakeContextCurrent (dpy=0x804d008, draw=14680066, read=14680066, gc=0x8055418) at glxext.c:1647
#4  0xb7e6cf63 in glXMakeCurrent (dpy=0x804d008, draw=14680066, gc=0x8055418) at glxext.c:1822
#5  0x0804a1fb in main (argc=-1080179052, argv=0xb7f5afc4) at glxgears.c:601
(gdb) quit
The program is running.  Exit anyway? (y or n) y
xb7e6cf63 in glXMakeCurrent (dpy=0x804d008, draw=14680066, gc=0x8055418) at glxext.c:1822
#5  0x0804a1fb in main (argc=-1080179052, argv=0xb7f5afc4) at glxgears.c:601
(gdb) quit

Please do not hesitate to request more information if you need such. I am not to good in the bug reports but I did my best :)
Comment 1 vaLentin 2008-01-16 01:25:18 UTC 
Created attachment 13743 [details]
Xorg log

Xorg.log.0
Comment 2 Michael Fu 2008-01-16 17:02:19 UTC 

*** This bug has been marked as a duplicate of bug 13922 ***
Comment 3 vaLentin 2008-01-17 05:28:05 UTC 
(In reply to comment #2)
> 
> *** This bug has been marked as a duplicate of bug 13922 ***
> 

I do not think that this report is related to (In reply to comment #2)
> 
> *** This bug has been marked as a duplicate of bug 13922 ***
> 
 
Are you sure that this is related to 13922? All gl applications are dying and the crash reports for each of them are pointing to intel_fbo.c:369.

The X server itself remains stable even gl applications such as glxgears dying with Signal 11.

Moreover I can not find anything common between 13922 and this one but the following message only:

Failed to initialize TTM buffer manager.  Falling back to classic.

What do you mean in 13922? Here I will quote:

were you using the mesa tip? --> This reply is unclear. There are no references or URLs to the tip you are referring to or to any other documentation page. If you say something and you do not want to describe it in details I would like to kindly ask you to give us (the users) URLs. There we will be able to learn more about the "tip". Some of us really prefer to dig the entire Google "earth" before "bugging" you with bugreports. I really re-searched the world before contacting you guys.

Moreover the mesa FAQ/Documentation page does not have a tips section

It is kind of confusing for the normal and even average users like me. I should rather guess.

So proof me if I am wrong but here, my best guess is that you are saying that:

IF A USER WOULD LIKE TO USE MESA FROM GIT (so he/she can eventually test bug fixes etc or simply want to get the GL applications working correctly) he/she first download and install X from git. Am I right?

... Or I should first download and install X itself, the intel driver and DRM all of them from the git so I can get a working git MESA implementation?

If that's the case it is NOT mentioned in any faq/install/readme or any other documentation.

If that is not the case this means that the current mesa GIT version is failing as there is no patch provided in bug 13922 or this bug is not a duplicate of it.

I am really sorry for my language but indeed I have a lot of troubles with my video card and the mesa implementation for it. There is not much documentation available for troubleshooting.

What I am trying to say guys is that even there is no information on your web site how I should fill mesa/dri related bug reports (please think of placing instructions similar to the ones which the kernel source tree have in /path/to/kernel/source/REPORTING-BUGS) and what You would like the user to do I did my best. I provided you with all of the information that might be useful to you in order to easily pinpoint the problem and will gladly provide you with more if you tell me what I should do and what I am receiving here is an automated reply to a bug report. The bug report to where you re-directed me is UNCLEAR. Moreover the replies posted by the developers in there are even more unclear than the bug report itself.

As a network technical support team member I really know how important is to provide the end user with accurate, clear and straight forward answers. That's all what I am asking for in here.

Your detailed reply regarding this matter will be highly appreciated.

With my best regards,

vaLentin

A desperate Intel Video X3100/965GM Linux user
Comment 4 Gordon Jin 2008-01-31 18:44:32 UTC 
It's expected to use xserver git head with mesa/dri git. Could you try xserver git?
Comment 5 Timo Jyrinki 2008-02-04 03:49:09 UTC 
Valentin: please look at the explanation at bug #13922. By "tip" they mean "the latest git/master version". "tip" is a term used in some of the git applications.

Anyway, you should check if you have latest X server development branch installed, Gentoo probably doesn't have it yet. I updated the http://dri.freedesktop.org/wiki/Building document to reflect the fact that you also need X.org 7.4 / xserver 1.5 pre-release when using latest Mesa & DRM.
Comment 6 Timo Jyrinki 2008-02-04 03:54:41 UTC 
Changing summary to only mention the segmentation fault, TTM problem handled in bug #13922.
Comment 7 haihao 2008-02-04 18:15:51 UTC 
(In reply to comment #6)
> Changing summary to only mention the segmentation fault, TTM problem handled in
> bug #13922.
> 
the segment issue has been fixed in Mesa
Comment 8 jgf 2008-03-14 12:29:20 UTC 
What version of mesa has this been fixed in?
Comment 9 Alex Bennee 2009-06-22 00:59:17 UTC 
(In reply to comment #7)
> (In reply to comment #6)
> > Changing summary to only mention the segmentation fault, TTM problem handled in
> > bug #13922.
> > 
> the segment issue has been fixed in Mesa
> 

When was it fixed. I've just seen 7.4.3 crash with a similar NULL region passed to the function. See bug #22408.

Should this bug be re-opened or just left as as?
Comment 10 Brian Paul 2009-06-22 14:52:27 UTC 
Mesa commit 1dbbc39f48ce5f9aa63ab42930b14e48938b326f from today (22 June) fixes the crash in in intel_renderbuffer_set_region().  This will be in the 7.4.4 release.
Comment 11 Adam Jackson 2009-08-24 12:29:11 UTC 
Mass version move, cvs -> git

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.