From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040515 Firefox/0.8 Description of problem: When starting GLX applications such as glxinfo, glxgears, or various xscreensavers which utilize GL, the application immediately segfaults. This happens no matter which options are passed to the application, and happens consistantly every time. Version-Release number of selected component (if applicable): xorg-x11-6.7.0-2 How reproducible: Always Steps to Reproduce: 1. Run glxinfo or glxgears Actual Results: dpn@corn:~$ glxgears zsh: segmentation fault glxgears dpn@corn:~$ glxinfo name of display: :0.0 zsh: segmentation fault glxinfo Expected Results: Program starts normally Additional info: GDB backtrace: Program received signal SIGFPE, Arithmetic exception. [Switching to Thread -150259840 (LWP 16771)] 0x00550934 in _mesa_test_os_sse_exception_support () from /usr/X11R6/lib/modules/dri/r128_dri.so (gdb) cont Continuing. Program received signal SIGSEGV, Segmentation fault. 0x005555fd in driSetTextureSwapCounterLocation () from /usr/X11R6/lib/modules/dri/r128_dri.so (gdb) bt #0 0x005555fd in driSetTextureSwapCounterLocation () from /usr/X11R6/lib/modules/dri/r128_dri.so #1 0x00556235 in r128CreateContext () from /usr/X11R6/lib/modules/dri/r128_dri.so #2 0x00442490 in driCreateContext () from /usr/X11R6/lib/modules/dri/r128_dri.so #3 0x00a2f5da in _glthread_SetTSD () from /usr/X11R6/lib/libGL.so.1 #4 0x00a2f992 in _glthread_SetTSD () from /usr/X11R6/lib/libGL.so.1 #5 0x00a2fc2e in glXCreateContext () from /usr/X11R6/lib/libGL.so.1 #6 0x08048fda in ?? () #7 0x08849008 in ?? () #8 0x088520f8 in ?? () #9 0x00000000 in ?? ()
Attach the X server log and config file, so we can proceed. Thanks in advance.
Created attachment 100888 [details] xorg.conf
Created attachment 100889 [details] Xorg.0.log
There is a NULL pointer check missing in r128CreateContext(). The call to driCreateTextureHeap() at r128_context.c:142 always returns NULL when r128scrn->texSize[i] is zero. This texture size is taken from the X server an is 0 (this can be seen from the logs). (II) R128(0): Reserved 0 kb for textures at offset 0xfff000 driSetTextureSwapCounterLocation() will then dereference the pointer it is given. I looked at the other DRI drivers to see what they do. The same bug is present in the radeon driver. The other drivers do not call driSetTextureSwapCounterLocation() and simply allow the NULL pointer to exist in the rmesa structure. As such I don't know what the most appropriate error recovery is. We could either ignore the NULL pointer but avoid the call to driSetTextureSwapCounterLocation() or we could return GL_FALSE and abandon the attempt to initialize the card. I imagine 3D is pretty useless without textures so in the absense of expert guidance I would probably choose to return GL_FALSE.
Since this bugzilla report was filed, there have been several major updates to the X Window System, which may resolve this issue. Users who have experienced this problem are encouraged to upgrade to the latest version of Fedora Core, which can be obtained from: http://fedora.redhat.com/download If this issue turns out to still be reproduceable in the latest version of Fedora Core, please file a bug report in the X.Org bugzilla located at http://bugs.freedesktop.org in the "xorg" component. Once you've filed your bug report to X.Org, if you paste the new bug URL here, Red Hat will continue to track the issue in the centralized X.Org bug tracker, and will review any bug fixes that become available for consideration in future updates. Setting status to "CURRENTRELEASE".