Description of problem: It might have something to do with bluejeans. Both myself and a colleage were in a bluejeans meeting and X crashed twice during the meeting for both of us at the same time. Version-Release number of selected component: xorg-x11-server-Xorg-1.17.1-12.fc22 Additional info: reporter: libreport-2.5.1 backtrace_rating: 4 cmdline: /usr/libexec/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -nolisten tcp -background none -noreset -keeptty -verbose 3 crash_function: kgem_end_batch executable: /usr/libexec/Xorg global_pid: 8328 kernel: 4.0.4-301.fc22.x86_64 runlevel: N 5 type: CCpp uid: 1000 Truncated backtrace: Thread no. 1 (10 frames) #0 kgem_end_batch at kgem.c:2282 #1 _kgem_submit at kgem.c:3852 #2 kgem_submit at kgem.h:378 #3 sna_accel_leave at sna_accel.c:18139 #4 sna_leave_vt at sna_driver.c:900 #5 glxDRILeaveVT at glxdri2.c:839 #11 sna_blt_copy_boxes at sna_blt.c:3861 #12 gen7_render_copy_boxes at gen7_render.c:2964 #13 __sna_dri2_copy_region at sna_dri2.c:1176 #14 dri2_copy_region at dri2.c:871
Created attachment 1032170 [details] File: backtrace
Created attachment 1032171 [details] File: cgroup
Created attachment 1032172 [details] File: core_backtrace
Created attachment 1032173 [details] File: dso_list
Created attachment 1032174 [details] File: environ
Created attachment 1032175 [details] File: limits
Created attachment 1032176 [details] File: maps
Created attachment 1032177 [details] File: mountinfo
Created attachment 1032178 [details] File: namespaces
Created attachment 1032179 [details] File: open_fds
Created attachment 1032180 [details] File: proc_pid_status
Created attachment 1032181 [details] File: var_log_messages
Another user experienced a similar problem: Crashed while loading bluejeans.com plugins in Firefox. reporter: libreport-2.5.1 backtrace_rating: 4 cmdline: /usr/libexec/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -nolisten tcp -background none -noreset -keeptty -verbose 3 crash_function: kgem_end_batch executable: /usr/libexec/Xorg global_pid: 3350 kernel: 4.0.4-303.fc22.x86_64 package: xorg-x11-server-Xorg-1.17.1-12.fc22 reason: Xorg killed by SIGSEGV runlevel: N 5 type: CCpp uid: 1000
Another user experienced a similar problem: Happened while using bluejeans (video conferencing) in Firefox. reporter: libreport-2.5.1 backtrace_rating: 4 cmdline: /usr/libexec/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -nolisten tcp -background none -noreset -keeptty -verbose 3 crash_function: kgem_end_batch executable: /usr/libexec/Xorg global_pid: 1928 kernel: 4.0.4-303.fc22.x86_64 package: xorg-x11-server-Xorg-1.17.1-14.fc22 reason: Xorg killed by SIGSEGV runlevel: N 5 type: CCpp uid: 1000
The crash can be reliably reproduced with: bjnplugin-2.100.41.8-1.x86_64 rbjnplugin-2.90.616.8-1.x86_64 To reproduce: 1. Dial-in in bluejeans conference. 2. Other person starts sharing screen. 3. Other person stops sharing screen. At this point my server crashes.
Another user experienced a similar problem: I was having a team meeting with bluejeans via firefox and the bluejeans plugin ( npbjnplugin_2.100.41.8.so ). A coworker stopped sharing his screen in the meeting and Xorg crashed. Others in the meeting also had crashes. Sometimes X crashes, sometimes it is gnome-session. This is apparently a known issue with bluejeans support. Uploading this BZ so they can have more info. reporter: libreport-2.6.0 backtrace_rating: 4 cmdline: /usr/libexec/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -nolisten tcp -background none -noreset -keeptty -verbose 3 crash_function: kgem_end_batch executable: /usr/libexec/Xorg global_pid: 1996 kernel: 4.0.5-300.fc22.x86_64 package: xorg-x11-server-Xorg-1.17.2-1.fc22 reason: Xorg killed by SIGSEGV runlevel: N 5 type: CCpp uid: 1000
Analysis by BlueJeans Dev Team## Crash seems to happen @ API glXSwapBuffers(display_, window_); in file glx_renderer.cc. Disabling glx extension (GLX_MESA_swap_control) seems to solve the crash issue, i.e. following code was disabled: PFNGLXSWAPINTERVALEXTPROC glXSwapIntervalEXT_ = NULL; PFNGLXSWAPINTERVALMESAPROC glXSwapIntervalMESA_ = NULL; std::string extString; const char* exts = glXQueryExtensionsString(display_, 0); if (exts) { extString = exts; } if (extString.find("GLX_EXT_swap_control") != std::string::npos) { glXSwapIntervalEXT_ = reinterpret_cast<PFNGLXSWAPINTERVALEXTPROC>( glXGetProcAddress((const GLubyte *)"glXSwapIntervalEXT")); } else if (extString.find("GLX_MESA_swap_control") != std::string::npos) { glXSwapIntervalMESA_ = reinterpret_cast<PFNGLXSWAPINTERVALMESAPROC>( glXGetProcAddress((const GLubyte *)"glXSwapIntervalMESA")); } if (glXSwapIntervalEXT_) { glXSwapIntervalEXT_(display_, window_, 0); } else if (glXSwapIntervalMESA_) { glXSwapIntervalMESA_(0); } else { LOG(LS_INFO) <<"GLX does not support GLX_EXT_swap_control or GLX_MESA_swap_control"; } From Red Hat Team, If we can get any details with respect to above fix, that would be helpful for our Team to better handle it in future.
This seems to be a bug in the Intel driver. Actually, there are several bugs.
Created attachment 1055505 [details] xorg-x11-drv-intel-bluejeans-crash.patch I can't reproduce the crash with this patch. * gen7_render_copy_boxes() can sometimes be called with n==0. I've included a work-around to make it handled this, but really the fix should be to avoid it being called in this situation. * kgem_batch_space() calculated space incorrectly: if there was less than the reserved amount left it would return a negative int. * sna_blt_copy_boxes() assumed there would always be space for a box. I don't think this can be guaranteed but I may be reading the code wrong. Hopefully this is enough for someone who knows the code better to fix it properly.
Created attachment 1055522 [details] xorg-x11-drv-intel-bluejeans-crash.patch The fix for kgem_batch_space() wasn't right in the last patch (which I guess means the fix isn't required to prevent this crash). I've attached a fixed version anyway.
Hello Red Hat Team, We will be delivering an updated Browser plugin version (with above fix) by end of this week. The repo will be updated with the latest plugin version.
Just to clarify: the patch above is for the Intel graphics driver for xorg-x11. Something the BlueJeans plugin does triggers this crash, but it's not the fault of the BlueJeans plugin as far as I can tell.
Note: to reproduce this now, you'll need to use an older version of the plugin package: https://swdl.bluejeans.com/repos/bluejeans/x86_64/release/rpm/bjnplugin_2.100.85.8-1.x86_64.rpm
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.