Ubuntu
xserver-xorg-video-intel package

Xorg crashed after feeding nbox=0 to trapezoid emit_boxes()

Bug #1124576 reported by Scott Moser
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
xserver-xorg-video-intel (Ubuntu)
Fix Released
High
Unassigned

Bug Description

I've seen this 3 or 4 times in the past 2 days.
Normally using my desktop for terminals and web browsing and irc, and X dies.

ProblemType: Crash
DistroRelease: Ubuntu 13.04
Package: xserver-xorg-core 2:1.13.2-0ubuntu2
ProcVersionSignature: Ubuntu 3.5.0-21.32-generic 3.5.7.1
Uname: Linux 3.5.0-21-generic x86_64
.tmp.unity.support.test.0:

ApportVersion: 2.8-0ubuntu4
Architecture: amd64
CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins'
CompositorRunning: compiz
CrashCounter: 1
Date: Wed Feb 13 15:01:59 2013
DistUpgraded: 2013-01-07 15:26:03,808 DEBUG entry '# deb-src http://ppa.launchpad.net/smoser/ppa/ubuntu raring main # disabled on upgrade to raring' was disabled (unknown mirror)
DistroCodename: raring
DistroVariant: ubuntu
ExecutablePath: /usr/bin/Xorg
ExtraDebuggingInterest: Yes
GraphicsCard:
 Intel Corporation Mobile 4 Series Chipset Integrated Graphics Controller [8086:2a42] (rev 07) (prog-if 00 [VGA controller])
   Subsystem: Lenovo Device [17aa:20e4]
   Subsystem: Lenovo Device [17aa:20e4]
InstallationDate: Installed on 2011-10-19 (483 days ago)
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
MachineType: LENOVO 7417CTO
MarkForUpload: True
PccardctlIdent:
 Socket 0:
   no product info available
PccardctlStatus:
 Socket 0:
   no card
ProcCmdline: /usr/bin/X :2 -core -auth /var/run/lightdm/root/:2 -nolisten tcp vt7 -novtswitch
ProcEnviron:

ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.5.0-21-generic root=UUID=f9832678-e9fb-41c5-8edb-5edd5200ed0a ro quiet splash vt.handoff=7
Signal: 7
SourcePackage: xorg-server
StacktraceTop:
 ?? () from /usr/lib/xorg/modules/drivers/intel_drv.so
 ?? () from /usr/lib/xorg/modules/drivers/intel_drv.so
 ?? () from /usr/lib/xorg/modules/drivers/intel_drv.so
 ?? () from /usr/lib/xorg/modules/drivers/intel_drv.so
 start_thread (arg=0x7ff2c346d700) at pthread_create.c:311
Title: Xorg crashed with signal 7 in start_thread()
UpgradeStatus: Upgraded to raring on 2013-01-07 (37 days ago)
UserGroups:

dmi.bios.date: 12/06/2010
dmi.bios.vendor: LENOVO
dmi.bios.version: 7UET91WW (3.21 )
dmi.board.name: 7417CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvr7UET91WW(3.21):bd12/06/2010:svnLENOVO:pn7417CTO:pvrThinkPadT400:rvnLENOVO:rn7417CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 7417CTO
dmi.product.version: ThinkPad T400
dmi.sys.vendor: LENOVO
version.compiz: compiz 1:0.9.9~daily13.02.08-0ubuntu1
version.ia32-libs: ia32-libs N/A
version.libdrm2: libdrm2 2.4.42-0ubuntu1
version.libgl1-mesa-dri: libgl1-mesa-dri 9.0.2-0ubuntu1
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 9.0.2-0ubuntu1
version.xserver-xorg-core: xserver-xorg-core 2:1.13.2-0ubuntu2
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.7.3-0ubuntu2
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:7.1.0-0ubuntu1
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.21.2-0ubuntu1
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.6-0ubuntu2
xserver.bootTime: Wed Feb 6 10:46:51 2013
xserver.configfile: default
xserver.errors:

xserver.logfile: /var/log/Xorg.0.log
xserver.version: 2:1.13.2-0ubuntu1
xserver.video_driver: intel

Revision history for this message
Scott Moser (smoser) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 emit_span_boxes_solid (op=<optimized out>, b=0x7ff2c3468ad8, nbox=<optimized out>, v=0x7ff2c09662e4) at ../../../src/sna/gen4_vertex.c:1169
 gen4_render_composite_spans_boxes__thread (sna=0x7ff2c7320010, op=0x7fff2f172dd0, box=0x7ff2c3468ad8, nbox=0) at ../../../src/sna/gen4_render.c:2054
 span_thread (arg=0x7fff2f172cd8) at ../../../src/sna/sna_trapezoids.c:4625
 __run__ (arg=0x7ff2c89914b0) at ../../../src/sna/sna_threads.c:61
 start_thread (arg=0x7ff2c346d700) at pthread_create.c:311

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in xorg-server (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Revision history for this message
Scott Moser (smoser) wrote : Re: Xorg crashed with signal 7 in start_thread()

marking 'confirmed' i just saw this again.
admittedly its with a older X (2.21.0-0ubuntu1 xserver-xorg-video-intel) due to https://bugs.launchpad.net/ubuntu/+source/xserver-xorg-video-intel/+bug/1097315

Changed in xorg-server (Ubuntu):
importance: Medium → High
status: New → Confirmed
Timo Aaltonen (tjaalton)
information type: Private → Public
affects: xorg-server (Ubuntu) → xserver-xorg-video-intel (Ubuntu)
Chris Wilson (ickle)
summary: - Xorg crashed with signal 7 in start_thread()
+ Xorg crashed after feeding nbox=0 to trapezoid emit_boxes()
Revision history for this message
Chris Wilson (ickle) wrote :

May I ask you to recompile -intel with --enable-debug? That will narrow down were the nbox=0 crept in. Alternatively if you can narrow down the reproduction steps, that would be fantastic.

Revision history for this message
Chris Wilson (ickle) wrote :

I think the issue will be:

diff --git a/src/sna/gen4_render.c b/src/sna/gen4_render.c
index 00518d4..d08d762 100644
--- a/src/sna/gen4_render.c
+++ b/src/sna/gen4_render.c
@@ -654,9 +654,12 @@ start:
                        goto flush;
        }

- if (unlikely(sna->render.vertex_offset == 0 &&
- !gen4_rectangle_begin(sna, op)))
- goto flush;
+ if (unlikely(sna->render.vertex_offset == 0)) {
+ if (!gen4_rectangle_begin(sna, op))
+ goto flush;
+ else
+ goto start;
+ }

        assert(op->floats_per_rect >= vertex_space(sna));
        assert(rem <= vertex_space(sna));

Revision history for this message
Chris Wilson (ickle) wrote :

This is the likely fix:

commit 56fd91fc830d7a210e3a0e70ab41261a1f5baa83
Author: Chris Wilson <email address hidden>
Date: Mon Feb 25 15:18:46 2013 +0000

    sna/gen3+: Restart vertex space checks after lock contention

    If we end up contending for the vertex lock, we need to double check
    there is sufficient vertex space left for us.

    Bugzilla: https://bugs.launchpad.net/ubuntu/+source/xserver-xorg-video-intel/+bug/1124576

Revision history for this message
Scott Moser (smoser) wrote :

@Chris,
  For reproduce, I'm sorry that I can't really help much. It just happens in general use. Often times its when I'm using firefox and scrolling. My browser window is always on the second display (non-laptop display) and scrolling seems to likely trigger it.
   Sorry for being very vague.
  I can definitely try a ppa build if you or timo could get me one.
  I'm currently running a backlevel version of xserver-xorg-video-intel 2.21.0-0ubuntu1 as 2.21.2-0ubuntu1 was unusable. (comment 42 on bug 1124576), but I'm willing to try a build.

  This is my primary system, so poking around and trying to recreate bugs or test new X (rather than using something stable-ish) means completely disrupting my other work. I'm clearly interested in it all "just working" for 13.04, so I'm interested in helping, I'm just saying it is invasive.

Revision history for this message
Chris Wilson (ickle) wrote :

If my fix is the right one, then the bug will be a non-deterministic race - so unlikely to be easily reproduced. The ppa:xorg-edgers should carry the patch in the next day or so, if you can please test.

bugbot (bugbot)
tags: added: crash
Revision history for this message
Chris Wilson (ickle) wrote :

* fingers crossed.

Changed in xserver-xorg-video-intel (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xserver-xorg-video-intel - 2:2.21.4-0ubuntu1

---------------
xserver-xorg-video-intel (2:2.21.4-0ubuntu1) raring; urgency=low

  * Merge from unreleased debian git
    - new upstream release (LP: #1124576, #1135403)
 -- Timo Aaltonen <email address hidden> Mon, 11 Mar 2013 16:17:16 +0200

Changed in xserver-xorg-video-intel (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Alexandr Novel (normalex) wrote :

Would like to pin point that the I have just hit the very similar/exact bug on 2.99 version of 14.04

https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1383449

To post a comment you must log in.