Bug 550752 - X server crash in libglx.so when switching workspaces due to __glXGetDrawable with glxc==NULL
Summary: X server crash in libglx.so when switching workspaces due to __glXGetDrawable...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: xorg-x11-server
Version: 12
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Adam Jackson
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-12-27 07:51 UTC by r6144
Modified: 2010-08-26 19:06 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2010-08-26 19:06:43 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
Proposed patch (1.38 KB, patch)
2010-04-05 09:43 UTC, r6144 		no flags Details | Diff
View All

Description r6144 2009-12-27 07:51:47 UTC 
Description of problem:

I'm running a x86_64 Fedora 12 system with the r600 DRI driver.

When certain 3D applications are running and I switch workspaces, the X server crashes immediately with the following messages in /var/log/Xorg.0.log:

Backtrace:
0: /usr/bin/Xorg (xorg_backtrace+0x28) [0x49e8d8]
1: /usr/bin/Xorg (0x400000+0x619c9) [0x4619c9]
2: /lib64/libpthread.so.0 (0x7fcbfc2bf000+0xefa0) [0x7fcbfc2cdfa0]
3: /usr/lib64/xorg/modules/extensions/libglx.so (0x7fcbf8bf0000+0x3253a) [0x7fcbf8c2253a]
4: /usr/lib64/xorg/modules/extensions/libglx.so (0x7fcbf8bf0000+0x327c3) [0x7fcbf8c227c3]
5: /usr/lib64/xorg/modules/extensions/libglx.so (0x7fcbf8bf0000+0x359fe) [0x7fcbf8c259fe]
6: /usr/bin/Xorg (0x400000+0x2c69c) [0x42c69c]
7: /usr/bin/Xorg (0x400000+0x21cfa) [0x421cfa]
8: /lib64/libc.so.6 (__libc_start_main+0xfd) [0x7fcbfaa99b1d]
9: /usr/bin/Xorg (0x400000+0x218a9) [0x4218a9]
Segmentation fault at address 0x48

Fatal server error:
Caught signal 11 (Segmentation fault). Server aborting

The crash does not occur if the 3D window is made to be visible in all workspaces, so I guess the problem is caused by the window being unmapped.

th08 from the Touhou Project (running under wine) is affected by this problem, while th07 isn't.  I haven't tested any other applications.

Looking at the backtrace using addr2line on the debuginfo libs, the crash seems to be caused by __glXDisp_SwapBuffers() calling __glXGetDrawable() with glxc==NULL (no tag?), and the latter dying in "if (pDraw->pScreen != glxc->pGlxScreen->pScreen)".

Version-Release number of selected component (if applicable):
xorg-x11-server-Xorg-1.7.1-7.fc12.x86_64
xorg-x11-drv-ati-6.13.0-0.11.20091119git437113124.fc12.x86_64

How reproducible:
Always with the right applications

Steps to Reproduce:
1. Start any affected 3D application
2. Switched to another workspace
  
Actual results:
X server crashes and we get back to the gdm login screen.

Expected results:
We should switch to the new workspace and the 3D window should now become invisible.

(I don't know if it is correct to call glXSwapBuffers() when the window has been unmapped due to workspace switching; if that's not allowed, the 3D application may crash and we also have a wine problem.)
Comment 1 r6144 2010-04-05 09:43:40 UTC 
Created attachment 404469 [details]
Proposed patch

This patch adds the necessary checks that seems to fix the crash; see the comments for details.  A similar check was in an earlier version of glxcmds.c, but it is somehow removed in commit 92562747 (http://cgit.freedesktop.org/xorg/xserver/commit/?id=92562747a0fdbef1dbedf734cb55dd6a9e1d2994).

Some wine games might have display and/or input issues after switching workspaces, but these are likely due to bugs in the game itself, wine or the mesa DRI driver (FBO handling in particular).  In any case they no longer crash the entire X server.
Comment 2 Adam Jackson 2010-08-26 19:06:43 UTC 
Fixed in xserver 1.9.
Note You need to log in before you can comment on or make changes to this bug.