Bug 798377

Summary: Full-screen GL games cause X server to crash
Product: [Fedora] Fedora Reporter: James <james>
Component: xorg-x11-serverAssignee: Adam Jackson <ajax>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 16CC: xgl-maint
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-13 08:15:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
dmesg from session just after Xorg crashed
none
Xorg.1.log from failed session
none
Xorg.0.log from session killed by a vavoom-based game
none
Xorg.0.log with backtrace, from crash when playing prboom
none
dmesg from prboom-related crash. Note "[drm:drm_mode_addfb] *ERROR* could not create framebuffer". none

Description James 2012-02-28 18:39:59 UTC
Created attachment 566377 [details]
dmesg from session just after Xorg crashed

Description of problem:
Switching back to the Gnome Shell overview from full-screen darkplaces-quake-glx, and then moving the cursor to the top-left hot corner, causes X to die with a segfault.

Hardware: Intel X3100 graphics on Core 2 Duo T8100 processor.

Version-Release number of selected component (if applicable):
kernel-3.2.6-3.fc16.x86_64
xorg-x11-drv-intel-2.17.0-8.fc16.x86_64
mesa-dri-drivers-7.11.2-3.fc16.x86_64
mesa-dri-drivers-7.11.2-3.fc16.i686
libdrm-2.4.30-1.fc16.x86_64
libdrm-2.4.30-1.fc16.i686
darkplaces-20091001-3.fc15.x86_64
xorg-x11-server-Xorg-1.11.4-1.fc16.x86_64

How reproducible:
Always.

Steps to Reproduce:
1. I started playing Quake by running darkplaces-quake-glx from a terminal. At this point, the cursor spontaneously moved to the top-left corner, and Gnome Shell went to the Activities overview.
2. I clicked on the terminal, Quake went full-screen.
3. I then pressed the Win key and was returned to the Activities overview.
4. I moved the cursor by hand to the top-left corner. At this point, Xorg died.

Note: might need to repeat steps 3 and 4 before the crash.

Actual results:
Xorg crashed. See attached dmesg and Xorg.1.log.

Comment 1 James 2012-02-28 18:40:32 UTC
Created attachment 566378 [details]
Xorg.1.log from failed session

Comment 2 James 2012-04-09 19:52:17 UTC
This also happens instantly with vavoom-based games -- completely unusable. Relevant log attached below.

Comment 3 James 2012-04-09 19:53:01 UTC
Created attachment 576294 [details]
Xorg.0.log from session killed by a vavoom-based game

Comment 4 James 2012-04-29 10:29:42 UTC
Caught another one, this time playing prboom. The Xorg log is more descriptive this time, with a more useful backtrace (attached below).

Comment 5 James 2012-04-29 10:30:44 UTC
Created attachment 581035 [details]
Xorg.0.log with backtrace, from crash when playing prboom

Comment 6 James 2012-04-29 10:31:34 UTC
Created attachment 581036 [details]
dmesg from prboom-related crash. Note "[drm:drm_mode_addfb] *ERROR* could not create framebuffer".

Comment 7 James 2012-04-29 10:40:44 UTC
Caught another crash while playing Warzone 2100. Found the following in Abrt (which refused to submit because it was incomplete), but it might contain something useful so it's pasted here.


Core was generated by `/usr/bin/Xorg :0 -background none -verbose -auth /var/run/gdm/auth-for-gdm-1t3i'.
Program terminated with signal 6, Aborted.
#0  0x0000003164236285 in __GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);

Thread 1 (Thread 0x7f305427f880 (LWP 1109)):
#0  0x0000003164236285 in __GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
        resultvar = 0
        pid = <optimized out>
        selftid = 1109
#1  0x0000003164237b9b in __GI_abort () at abort.c:91
        save_stage = 2
        act = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0}, sa_mask = {__val = {0, 0, 0, 0, 0, 0, 0, 140733483193376, 4615467, 0, 206158430232, 140733483193392, 140733483193200, 0, 5748873, 1}}, sa_flags = 1688266352, sa_restorer = 0x7df000}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x000000000046a75e in OsAbort ()
No symbol table info available.
#3  0x0000000000481c7c in ddxGiveUp ()
No symbol table info available.
#4  0x0000000000466c42 in ?? ()
No symbol table info available.
#5  0x0000000000466e27 in FatalError ()
No symbol table info available.
#6  0x000000000046810e in ?? ()
No symbol table info available.
#7  <signal handler called>
No symbol table info available.
#8  0x0000000000000000 in ?? ()
No symbol table info available.
#9  0x00007f3053393a15 in intel_set_pixmap_bo (pixmap=0x3338b80, bo=0x358c8d0) at intel_uxa.c:642
        scrn = <optimized out>
        intel = 0x17a6670
        priv = 0x3a57820
#10 0x00007f30533a573c in I830DRI2ScheduleFlip (intel=0x17a6670, draw=0x3dd7de0, info=0x3ae5510) at intel_dri.c:862
        priv = <optimized out>
        new_back = 0x358c8d0
        old_back = <optimized out>
#11 0x00007f30533a6b39 in I830DRI2ScheduleSwap (client=0x39b15e0, draw=0x3dd7de0, front=0x36a78e0, back=0x36598c0, target_msc=0x7fff11461c48, divisor=0, remainder=0, func=0x7f30535d5590, data=0x3dd7de0) at intel_dri.c:1173
        screen = <optimized out>
        scrn = 0x17a5960
        intel = 0x17a6670
        vbl = {request = {type = DRM_VBLANK_SECONDARY, sequence = 839103550, signal = 1335545424}, reply = {type = DRM_VBLANK_SECONDARY, sequence = 839103550, tval_sec = 1335545424, tval_usec = 256743}}
        ret = <optimized out>
        pipe = 1
        flip = <optimized out>
        swap_info = 0x3ae5510
        swap_type = <optimized out>
        current_msc = 839103550
        box = <optimized out>
        region = {extents = {x1 = 0, y1 = 8192, x2 = -19394, y2 = 12803}, data = 0x4f9ace50}
#12 0x00007f30535d4a0c in DRI2SwapBuffers () from /usr/lib64/xorg/modules/extensions/libdri2.so
No symbol table info available.
#13 0x00007f30535d5973 in ?? () from /usr/lib64/xorg/modules/extensions/libdri2.so
No symbol table info available.
#14 0x0000000000433b91 in ?? ()
No symbol table info available.
#15 0x0000000000422ea5 in ?? ()
No symbol table info available.
#16 0x000000316422169d in __libc_start_main (main=0x422b10, argc=10, ubp_av=0x7fff11461e58, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff11461e48) at libc-start.c:226
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -4465517770402343071, 4338024, 140733483195984, 0, 0, 4465716725181667169, -4438997291649902751}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fff11461eb0, 0x1}, data = {prev = 0x0, cleanup = 0x0, canceltype = 289808048}}}
        not_first_call = <optimized out>
#17 0x0000000000423191 in _start ()
No symbol table info available.
From                To                  Syms Read   Shared Object Library
0x0000003267003000  0x000000326700b298  Yes         /lib64/libudev.so.0
0x00000037df25c800  0x00000037df324758  Yes (*)     /lib64/libcrypto.so.10
0x0000003164e00de0  0x0000003164e01918  Yes         /lib64/libdl.so.2
0x000000384c202130  0x000000384c20625c  Yes         /usr/lib64/libpciaccess.so.0
0x0000003164a05700  0x0000003164a10b88  Yes         /lib64/libpthread.so.0
0x0000003263808cc0  0x0000003263873fa8  Yes         /usr/lib64/libpixman-1.so.0
0x0000003194809000  0x0000003194828628  Yes         /usr/lib64/libXfont.so.1
0x0000003167a00dd0  0x0000003167a01b2c  Yes         /usr/lib64/libXau.so.6
0x000000316aa01210  0x000000316aa02c2c  Yes         /usr/lib64/libXdmcp.so.6
0x0000003196802800  0x00000031968083d8  Yes (*)     /lib64/libaudit.so.1
0x00000031646051b0  0x0000003164643b68  Yes         /lib64/libm.so.6
0x0000003165602260  0x0000003165605758  Yes         /lib64/librt.so.1
0x000000316421ef10  0x000000316435bb70  Yes         /lib64/libc.so.6
0x000000325ec028a0  0x000000325ec120b8  Yes         /lib64/libgcc_s.so.1
0x0000003165201e90  0x000000316520e688  Yes         /lib64/libz.so.1
0x0000003163e00b20  0x0000003163e1aaaa  Yes         /lib64/ld-linux-x86-64.so.2
0x000000319440cac0  0x0000003194476668  Yes (*)     /usr/lib64/freetype-freeworld/libfreetype.so.6
0x00000031662015b0  0x000000316620346c  Yes         /usr/lib64/libfontenc.so.1
0x00007f3054062260  0x00007f30540775e8  Yes (*)     /usr/lib64/xorg/modules/extensions/libextmod.so
0x0000003165e05d00  0x0000003165e16068  Yes         /lib64/libselinux.so.1
0x00007f3053e550c0  0x00007f3053e57cf8  Yes (*)     /usr/lib64/xorg/modules/extensions/libdbe.so
0x00007f3053bf58c0  0x00007f3053c2ffd8  Yes (*)     /usr/lib64/xorg/modules/extensions/libglx.so
0x00007f30539e5440  0x00007f30539e9878  Yes (*)     /usr/lib64/xorg/modules/extensions/librecord.so
0x00007f30537dafc0  0x00007f30537e06a8  Yes (*)     /usr/lib64/xorg/modules/extensions/libdri.so
0x000000317b402f90  0x000000317b407a18  Yes         /usr/lib64/libdrm.so.2
0x00007f30535d3540  0x00007f30535d5f38  Yes (*)     /usr/lib64/xorg/modules/extensions/libdri2.so
0x00007f305338b020  0x00007f30533bc2d8  Yes         /usr/lib64/xorg/modules/drivers/intel_drv.so
0x00007f305313dc20  0x00007f305314d1d8  Yes         /usr/lib64/libdrm_intel.so.1
0x00007f3052f36180  0x00007f3052f38e28  Yes         /usr/lib64/xorg/modules/drivers/vesa_drv.so
0x00007f3052d30170  0x00007f3052d31b08  Yes         /usr/lib64/xorg/modules/drivers/fbdev_drv.so
0x00007f3052b2a4e0  0x00007f3052b2bf68  Yes (*)     /usr/lib64/xorg/modules/libfbdevhw.so
0x00007f305290b2c0  0x00007f3052923be8  Yes (*)     /usr/lib64/xorg/modules/libfb.so
0x00007f3052157580  0x00007f30523b0dc8  Yes         /usr/lib64/dri/i965_dri.so
0x0000003169203b70  0x000000316921d84c  Yes         /lib64/libexpat.so.1
0x000000325fc5a490  0x000000325fcc2f46  Yes         /usr/lib64/libstdc++.so.6
0x00007f3051ad9f00  0x00007f3051adfa98  Yes         /usr/lib64/xorg/modules/input/evdev_drv.so
0x00007f30518cac50  0x00007f30518d3258  Yes (*)     /usr/lib64/xorg/modules/input/synaptics_drv.so
0x00007f3051693130  0x00007f305169a9a8  Yes         /lib64/libnss_files.so.2
(*): Shared library is missing debugging information.
$1 = 0x0
No symbol "__glib_assert_msg" in current context.
rax            0x0	0
rbx            0x1	1
rcx            0xffffffffffffffff	-1
rdx            0x6	6
rsi            0x455	1109
rdi            0x455	1109
rbp            0x7fff11461430	0x7fff11461430
rsp            0x7fff114612f8	0x7fff114612f8
r8             0x7f305427f880	139845547063424
r9             0x1	1
r10            0x8	8
r11            0x3206	12806
r12            0x0	0
r13            0x17a6670	24798832
r14            0x3a57838	61175864
r15            0x1	1
rip            0x3164236285	0x3164236285 <__GI_raise+53>
eflags         0x3206	[ PF IF #12 #13 ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0
Dump of assembler code for function __GI_raise:
   0x0000003164236250 <+0>:	mov    %fs:0x2d4,%eax
   0x0000003164236258 <+8>:	mov    %fs:0x2d0,%esi
   0x0000003164236260 <+16>:	test   %esi,%esi
   0x0000003164236262 <+18>:	jne    0x3164236290 <__GI_raise+64>
   0x0000003164236264 <+20>:	mov    $0xba,%eax
   0x0000003164236269 <+25>:	syscall 
   0x000000316423626b <+27>:	mov    %eax,%esi
   0x000000316423626d <+29>:	mov    %eax,%fs:0x2d0
   0x0000003164236275 <+37>:	movslq %edi,%rdx
   0x0000003164236278 <+40>:	movslq %esi,%rsi
   0x000000316423627b <+43>:	movslq %eax,%rdi
   0x000000316423627e <+46>:	mov    $0xea,%eax
   0x0000003164236283 <+51>:	syscall 
=> 0x0000003164236285 <+53>:	cmp    $0xfffffffffffff000,%rax
   0x000000316423628b <+59>:	ja     0x316423629f <__GI_raise+79>
   0x000000316423628d <+61>:	repz retq 
   0x000000316423628f <+63>:	nop
   0x0000003164236290 <+64>:	test   %eax,%eax
   0x0000003164236292 <+66>:	jg     0x3164236275 <__GI_raise+37>
   0x0000003164236294 <+68>:	test   $0x7fffffff,%eax
   0x0000003164236299 <+73>:	je     0x31642362b0 <__GI_raise+96>
   0x000000316423629b <+75>:	neg    %eax
   0x000000316423629d <+77>:	jmp    0x3164236275 <__GI_raise+37>
   0x000000316423629f <+79>:	mov    0x37ab92(%rip),%rdx        # 0x31645b0e38
   0x00000031642362a6 <+86>:	neg    %eax
   0x00000031642362a8 <+88>:	mov    %eax,%fs:(%rdx)
   0x00000031642362ab <+91>:	or     $0xffffffffffffffff,%rax
   0x00000031642362af <+95>:	retq   
   0x00000031642362b0 <+96>:	mov    %esi,%eax
   0x00000031642362b2 <+98>:	jmp    0x3164236275 <__GI_raise+37>
End of assembler dump.

Comment 8 Fedora End Of Life 2013-01-16 10:02:33 UTC
This message is a reminder that Fedora 16 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 16. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '16'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 16's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 16 is end of life. If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora, you are encouraged to click on 
"Clone This Bug" and open it against that version of Fedora.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 9 Fedora End Of Life 2013-02-13 08:15:45 UTC
Fedora 16 changed to end-of-life (EOL) status on 2013-02-12. Fedora 16 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.