https://bugs.freedesktop.org/show_bug.cgi?id=91098
Bug ID: 91098 Summary: vmwgfx null ptr dereference at vmw_screen_ioctl.c:76 due to ioctl failure Product: Mesa Version: 10.6 Hardware: Other OS: All Status: NEW Severity: normal Priority: medium Component: Other Assignee: mesa-dev@lists.freedesktop.org Reporter: freedesk...@pargon.nl QA Contact: mesa-dev@lists.freedesktop.org I'm experiencing occasional crashes of gnome-shell (3.16) due to failed ioctls requested by Mesa's vmware DRI backend. Any pointers on where I should take the apparent root issue would be appreciated - I have no idea whether Mesa or the kernel driver is at fault for the ioctl failing in the first place. Kernel logs (v4.0.5) report an ioctl failure: [15949.294396] [drm:vmw_generic_ioctl [vmwgfx]] *ERROR* Dropped master trying to access ioctl that requires authentication. [15949.294400] [drm] IOCTL ERROR Command 65, Error -13. [15949.296209] [drm:vmw_generic_ioctl [vmwgfx]] *ERROR* Dropped master trying to access ioctl that requires authentication. [15949.296214] [drm] IOCTL ERROR Command 65, Error -13. [15949.296468] [drm:vmw_generic_ioctl [vmwgfx]] *ERROR* Dropped master trying to access ioctl that requires authentication. [15949.296470] [drm] IOCTL ERROR Command 87, Error -13. [15949.296478] gnome-shell[337]: segfault at 20 ip 00007ff502cb4680 sp 00007ffeaeea96e8 error 4 in vmwgfx_dri.so[7ff50293f000+506000] Followed by a crash of gnome-shell, due to an apparent null pointer dereference: Core was generated by `gnome-shell --mode=gdm --wayland --display-server'. Program terminated with signal SIGSEGV, Segmentation fault. #0 vmw_region_size (region=0x0) at vmw_screen_ioctl.c:76 76 return region->size; (gdb) bt #0 vmw_region_size (region=0x0) at vmw_screen_ioctl.c:76 #1 0x00007ff502cb65cc in vmw_svga_winsys_surface_create (sws=0x145aaa0, flags=(SVGA3D_SURFACE_HINT_TEXTURE | SVGA3D_SURFACE_HINT_RENDERTARGET), format=SVGA3D_A8R8G8B8, usage=0, size=..., numFaces=1, numMipLevels=1) at vmw_screen_svga.c:222 #2 0x00007ff502cc0d46 in svga_screen_surface_create (svgascreen=svgascreen@entry=0x145b9c0, key=key@entry=0x1cc8c90) at svga_screen_cache.c:449 #3 0x00007ff502cbf810 in svga_texture_create (screen=0x145b9c0, template=0x7ffeaeea9840) at svga_resource_texture.c:729 #4 0x00007ff502b0797b in st_texture_create (st=st@entry=0x1536270, target=<optimized out>, format=format@entry=PIPE_FORMAT_B8G8R8A8_UNORM, last_level=last_level@entry=0, width0=width0@entry=16, height0=height0@entry=16, depth0=1, layers=1, nr_samples=0, bind=10) at state_tracker/st_texture.c:97 #5 0x00007ff502ada27d in guess_and_alloc_texture (st=st@entry=0x1536270, stObj=stObj@entry=0x268bc00, stImage=stImage@entry=0x16b5060) at state_tracker/st_cb_texture.c:464 #6 0x00007ff502ada3a5 in st_AllocTextureImageBuffer (ctx=0x150c200, texImage=0x16b5060) at state_tracker/st_cb_texture.c:517 #7 0x00007ff502adcb9c in st_TexImage (ctx=0x150c200, dims=2, texImage=0x16b5060, format=6408, type=5121, pixels=0x1f3bc80, unpack=0x15273f8) at state_tracker/st_cb_texture.c:875 #8 0x00007ff502a72e00 in teximage (ctx=0x150c200, compressed=compressed@entry=0 '\000', dims=dims@entry=2, target=3553, level=<optimized out>, internalFormat=<optimized out>, width=16, height=16, depth=1, border=0, format=6408, type=5121, imageSize=0, pixels=0x1f3bc80) at main/teximage.c:3364 #9 0x00007ff502a740e0 in _mesa_TexImage2D (target=<optimized out>, level=<optimized out>, internalFormat=<optimized out>, width=<optimized out>, height=<optimized out>, border=<optimized out>, format=6408, type=5121, pixels=0x1f3bc80) at main/teximage.c:3403 #10 0x00007ff513f093a3 in ?? () from /usr/lib/libcogl.so.20 #11 0x00007ff513efed94 in ?? () from /usr/lib/libcogl.so.20 #12 0x00007ff513f3008b in cogl_texture_allocate () from /usr/lib/libcogl.so.20 #13 0x00007ff513f31880 in cogl_texture_2d_new_from_data () from /usr/lib/libcogl.so.20 #14 0x00007ff5191a6b98 in pixbuf_to_cogl_texture (pixbuf=pixbuf@entry=0x2779de0) at st/st-texture-cache.c:473 #15 0x00007ff5191a6bf1 in finish_texture_load (data=data@entry=0x2568a50, pixbuf=pixbuf@entry=0x2779de0) at st/st-texture-cache.c:518 #16 0x00007ff5191a6daa in on_symbolic_icon_loaded (source=0x15f20f0, result=<optimized out>, user_data=0x2568a50) at st/st-texture-cache.c:553 #17 0x00007ff516fcc1f3 in ?? () from /usr/lib/libgio-2.0.so.0 #18 0x00007ff516fcc229 in ?? () from /usr/lib/libgio-2.0.so.0 #19 0x00007ff51682490d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #20 0x00007ff516824ce0 in ?? () from /usr/lib/libglib-2.0.so.0 #21 0x00007ff516825002 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #22 0x00007ff518183326 in meta_run () from /usr/lib/libmutter.so.0 #23 0x000000000040208d in main (argc=1, argv=0x7ffeaeeaa028) at main.c:463 -- You are receiving this mail because: You are the QA Contact for the bug. You are the assignee for the bug.
_______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/mesa-dev