Bug 46739

Summary: [snb-m-gt2+] compiz crashed with SIGSEGV in intel_miptree_release()
Product: Mesa Reporter: Bryce Harrington <bryce>
Component: Drivers/DRI/i965Assignee: Chad Versace <chadversary>
Status: RESOLVED DUPLICATE QA Contact:
Severity: critical    
Priority: highest CC: chadversary, mihai, nobled
Version: 8.0Keywords: regression
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: dmesg
Xorg.0.log
ThreadStacktrace.txt
xsession-errors file with debug info
xsession-errors

Description Bryce Harrington 2012-02-28 16:21:39 UTC 
Forwarding this bug from Ubuntu that multiple people are hitting:
http://bugs.launchpad.net/ubuntu/+source/mesa/+bug/926379

[Problem]
compiz crash in intel_miptree_release() at intel_mipmap_tree.c:290 called by intel_process_dri2_buffer_with_separate_stencil()

Occurs right after a fresh boot on an otherwise vanilla laptop (no external displays).  Others indicate their crashes occur post-boot in compiz while switching desktops, minimizing windows, etc. but we don't have stack traces for these other cases so I can't be 100% certain.

[Description]
Since moving to mesa 8.x, we've had scattered reports where compiz crashes with stacktraces terminating in intel_miptree_release().

We thought updating to 8.0.1 would resolve these crashes (and perhaps they did; the frequency of reports seems lower than before).  However we've still gotten a handful of people hitting it.  I don't know what graphics these other folk were running; could well be Sandybridge.  I have not been able to reproduce this on my own (non-Sandybridge, non-Ironlake) hardware.


[Stacktrace top]
Thread 1 (Thread 0x7f80c961c780 (LWP 2324)):
#0  intel_miptree_release (mt=0x220) at intel_mipmap_tree.c:290
        __FUNCTION__ = "intel_miptree_release"
#1  0x00007f80c0468421 in intel_process_dri2_buffer_with_separate_stencil (buffer_name=0x7f80c04f0d90 "dri2 hiz buffer", rb=0x3487cb0, buffer=<optimized out>, intel=0x1ce7bf0, drawable=<optimized out>) at intel_context.c:1267
        buffer_width = <optimized out>
        buffer_height = <optimized out>
        region = 0x0
        mt = <optimized out>
#2  intel_update_renderbuffers (context=<optimized out>, drawable=0x26669e0) at intel_context.c:361
        fb = 0x4343720
        rb = 0x3487cb0
        intel = 0x1ce7bf0
        buffers = <optimized out>
        attachments = <optimized out>
        i = <optimized out>
        count = 5
        region_name = 0x7f80c04f0d90 "dri2 hiz buffer"
        try_separate_stencil = true
        __func__ = "intel_update_renderbuffers"
#3  0x00007f80c04758bd in intelSetTexBuffer2 (pDRICtx=0x1ce1ae0, target=3553, texture_format=8410, dPriv=0x26669e0) at intel_tex_image.c:335
        fb = 0x4343720
        intel = 0x1ce7bf0
        ctx = 0x1ce7bf0
        rb = 0x1ce1ae0
        texObj = 0x3f86920
        texImage = <optimized out>
        texFormat = <optimized out>

[lspci]
00:02.0 0300: 8086:0126 (rev 09) (prog-if 00 [VGA controller])
Comment 1 Bryce Harrington 2012-02-28 16:23:04 UTC 
Created attachment 57783 [details]
dmesg
Comment 2 Bryce Harrington 2012-02-28 16:23:25 UTC 
Created attachment 57784 [details]
Xorg.0.log
Comment 3 Bryce Harrington 2012-02-28 16:23:37 UTC 
Created attachment 57785 [details]
ThreadStacktrace.txt
Comment 4 Mihai Capotă 2012-03-01 04:38:02 UTC 
I can constantly reproduce this crash by simply resizing any window with Compiz enabled and Resize plugin style set to normal (i.e., window content adjusts constantly during resize). The only requirement is to resize by a considerable amount, like doubling the size of the window. Small resizes work, though I get graphical artifacts in the resized area.

I'm using a Sandybridge desktop (i5 2400) with a 1920x1080 single monitor. I can attach the crash file if necessary.
Comment 5 Eric Anholt 2012-03-01 11:34:36 UTC 
I tried to reproduce using the specific instructions from Mihai and can't.  I turned on resize, resize info, and switched default resize mode to normal.  I then alt-middle-click resized various windows from big to small and back.  Tested on current 8.0 and master.
Comment 6 Chad Versace 2012-03-05 18:40:18 UTC 
Bryce and Mihai, I've created a patch that logs some extra information to stderr around the segfault location. I've applied the patch atop 8.0.1 and posted the branch:
  git://people.freedesktop.org/~chadversary/mesa.git ; branch 8.0-bug-46739-log1

Could you reproduce the bug with this patch and report back with the log?
Comment 7 Mihai Capotă 2012-03-07 09:46:15 UTC 
Created attachment 58129 [details]
xsession-errors file with debug info

Attached .xession-errors file resulting after a crash with mesa compiled from Chad's 8.0-bug-46739-log1 git branch.
Comment 8 nobled 2012-03-16 05:55:00 UTC 
I got the same crash and filed bug 46303 a while back. I'll try applying that patch and post the log next time it happens.
Comment 9 Bryce Harrington 2012-03-20 19:37:55 UTC 
Created attachment 58789 [details]
xsession-errors

Applied the branch to the ubuntu mesa and repro'd the bug.
Comment 10 Chad Versace 2012-03-22 09:56:25 UTC 
In the log, compiz dies, as expected, immediately after this line:
  rb->mt: 0x(nil)

Bryce and Mihai, I've pushed a new 8.0 branch [1] [2] that should fix the bug. (The patch comes from nobled on bug 46303). Could you confirm the fix?

[1] git://freedesktop.org/~chadversary/mesa.git ; branch 8.0-bug-46739-v1
[2] http://cgit.freedesktop.org/~chadversary/mesa/log/?h=8.0-bug-46739-v1
Comment 11 Chad Versace 2012-03-22 09:56:49 UTC 
Assigning to self.
Comment 12 Mihai Capotă 2012-03-22 10:22:59 UTC 
(In reply to comment #10)
> In the log, compiz dies, as expected, immediately after this line:
>   rb->mt: 0x(nil)
> 
> Bryce and Mihai, I've pushed a new 8.0 branch [1] [2] that should fix the bug.
> (The patch comes from nobled on bug 46303). Could you confirm the fix?
> 
> [1] git://freedesktop.org/~chadversary/mesa.git ; branch 8.0-bug-46739-v1
> [2] http://cgit.freedesktop.org/~chadversary/mesa/log/?h=8.0-bug-46739-v1

Confirming the fix. Thanks, Chad!
Comment 13 nobled 2012-03-22 13:59:45 UTC 
Awesome. Closing as dupe, anyway.

*** This bug has been marked as a duplicate of bug 46303 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.