Xorg crashed with SIGSEGV in _mesa_update_state_locked() with DRI disabled

Reported by Sébastien Valette on 2007-09-26
10
Affects Status Importance Assigned to Milestone
X.Org X server
Confirmed
Medium
mesa (Ubuntu)
Medium
Unassigned

Bug Description

X crashed while I was using a custom 3D application. I was actually investigating further this bug:

https://bugs.launchpad.net/ubuntu/+source/xserver-xorg-video-ati/+bug/144865

This crash was obtained using the following xorg parameters:
Section "Device"
 Identifier "ATI Technologies Inc RV370 5B64 [FireGL V3100 (PCIE)]"
 Driver "ati"
 BusID "PCI:1:0:0"
 Option "GARTSize" "64"
 Option "DRI" "false"

EndSection

ProblemType: Crash
Architecture: i386
CrashCounter: 1
Date: Wed Sep 26 18:44:55 2007
Disassembly: 0xaf79f0e0:
DistroRelease: Ubuntu 7.10
ExecutablePath: /usr/bin/Xorg
NonfreeKernelModules: cdrom
Package: xserver-xorg-core 2:1.3.0.0.dfsg-12ubuntu6
PackageArchitecture: i386
ProcCmdline: /usr/bin/X :0 -br -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten tcp vt10
ProcCwd: /etc/X11
ProcEnviron:
 LANGUAGE=
 PATH=/sbin:/bin:/usr/sbin:/usr/bin
 LANG=fr_FR.UTF-8
Signal: 11
SourcePackage: xorg-server
Stacktrace: #0 0xaf79f0e0 in ?? ()
StacktraceTop: ?? ()
ThreadStacktrace:

Title: Xorg crashed with SIGSEGV
Uname: Linux valette-desktop 2.6.22-12-generic #1 SMP Sun Sep 23 18:11:30 GMT 2007 i686 GNU/Linux
UserGroups:

#0 _mesa_update_framebuffer (ctx=0x98eb698) at framebuffer.c:674
        fb = (struct gl_framebuffer *) 0x0
#1 0xaf7bff91 in _mesa_update_state_locked (ctx=0x98eb698) at state.c:1152
        new_state = 4294967295
#2 0xaf7c00ea in _mesa_update_state (ctx=0x98eb698) at state.c:1218
No locals.
#3 0xaf77b860 in _mesa_GetIntegerv (pname=34018, params=0xbf8b7588)
    at get.c:3741
        ctx = (GLcontext *) 0x98eb698
#4 0xb7be90c2 in __glXDisp_GetIntegerv (cl=0x83f77d8,
    pc=0x843f4a0 "\217u\003") at ../../../GL/glx/indirect_dispatch.c:1905
        pname = 34018
        compsize = 1
        answerBuffer = {-1210730033, -1209602060, 1717986918, 20, -1081378788,
  -1210722100, 1717986918, 11, 1, 20, 0, -1209597584, -1081379352, 135490926,
  0, 0, -1081378568, 136331424, -1081378568, 0, -1081379192, 135047694,
  136419728, 136406392, -1081379304, -1212712799, 135102528, 0, -1081378568,
  0 <repeats 32 times>, 136217184, -16, 2, -1081379144, 134820522, 0, 0, 1,
  136331424, 2, 0, 134820379, 136217184, 1, 0, -1081378552, 136039487,
  -2147483648, 136331424, 0, 0, 0, 0, -1081378704, 8, 0 <repeats 68 times>,
  -1081378776, -1210488832, -1209597632, 160605608, -1081378776, 1,
  -1081378652, -1210102424, -1081378652, 31, 160605608, 136217184, 138304976,
  1, -1081378744, 136083134, 31, -1081378652, 1, -1212162056, 160605608,
---Type <return> to continue, or q <return> to quit---
  136217184, -1081378712, 136078111, 135624588, 136217184, -1081378680,
  134821386, 136307620, 0, -1081378624, 4096, 138671264, -1210135373,
  136217184, 136217184, -1081378616, 1, -1081378664, 134821040, -40, 32,
  -1212067132, -1212067136, 5, -1212018432}
        error = -1081378632
        cx = <value optimized out>
#5 0xb7bddb2c in __glXDispatch (client=0x83f76a0)
    at ../../../GL/glx/glxext.c:551
        stuff = (xGLXSingleReq *) 0x843f4a0
        opcode = 117 'u'
        proc = (__GLXdispatchSingleProcPtr) 0xb7be9020 <__glXDisp_GetIntegerv>
        cl = (__GLXclientState *) 0x83f77d8
        retval = 1

here is the xorg log

StacktraceTop:?? ()

"
I reported it upstream:

https://bugs.freedesktop.org/show_bug.cgi?id=12612"

oops, wrong bug. sorry..

Tormod Volden (tormodvolden) wrote :

Would you be able to look at https://wiki.ubuntu.com/DebuggingXorg and try to get a full stack trace?

This is the stack trace from the log:
2: /usr/lib/xorg/modules/extensions//libGLcore.so(_mesa_update_state_locked+0x7e1) [0xaf85bf91]
3: /usr/lib/xorg/modules/extensions//libGLcore.so(_mesa_update_state+0x2a) [0xaf85c0ea]
4: /usr/lib/xorg/modules/extensions//libGLcore.so(_mesa_GetIntegerv+0x280) [0xaf817860]
5: /usr/lib/xorg/modules/extensions//libglx.so [0xb7c850c2]
6: /usr/lib/xorg/modules/extensions//libglx.so [0xb7c79b2c]
7: /usr/bin/X [0x815755e]
8: /usr/bin/X(Dispatch+0x1aa) [0x808f47a]
9: /usr/bin/X(main+0x495) [0x8076f05]

Changed in xorg-server:
assignee: nobody → tormodvolden
status: New → Incomplete

here is the gdb log obtained via ssh. Hope it helps...

Tormod Volden (tormodvolden) wrote :

Thanks. Can you please install the package xserver-xorg-core-dbg and try again?

Here it is

Tormod Volden (tormodvolden) wrote :

Thanks, that's as good as it can get. Could you please file a bug upstream with this gdb log?

It would be nice to know how to reproduce this error. Is it only when you start one specific program?

Hi,

I'm trying to get a stable way to use my video card. When disabling DRI (adding Option "DRI" "false" to xorg.conf, I can trigger an X crash when running two instances of:
/usr/share/vtk/Rendering/Python/assembly.py

which is a sample programm from the package "python-vtk" on Ubuntu.
the X crash occurs this way : 1- make the windows overlap 2- move one of the two windows so that rendering is triggered on the other window.

I already had such problems, but it was my fault. I hope (and think) that this time I did nothing bad. I join my xorg.conf, xorg log and a gdb backtrace of X.

Created an attachment (id=11861)
xorg.conf

Created an attachment (id=11862)
Xorg log

Created an attachment (id=11863)
gdb backtrace

looks like a mesa bug.

Changed in xorg-server:
assignee: tormodvolden → nobody
status: Incomplete → Confirmed
Changed in xorg-server:
status: Unknown → Confirmed
Timo Aaltonen (tjaalton) on 2008-01-02
Changed in xorg-server:
importance: Undecided → Medium
Tormod Volden (tormodvolden) wrote :

The backtrace in your upstream report does not match the one in comment 10 here...

Tormod Volden (tormodvolden) wrote :

Is this still happening in Ubuntu 7.10 or Hardy Alpha 2?

Changed in mesa:
assignee: nobody → tormodvolden
status: Confirmed → Incomplete

>Is this still happening in Ubuntu 7.10 or Hardy Alpha 2?

(back from holidays...)

yes this bug is still happening with 7.10 (But it is not critical since it needs DRI=false).

there are two different gdb logs because I did the experiment twice...

Changed in mesa:
assignee: tormodvolden → nobody
status: Incomplete → Confirmed
Bryce Harrington (bryce) on 2009-08-21
description: updated
Bryce Harrington (bryce) wrote :

I see the upstream bug is sort of DOA (plus it's got a different backtrace than this one so isn't really relevant anyway), however in digging through the source code it appears the _mesa_update_framebuffer() function has been revamped a goodly bit since this trace was taken, so perhaps the issue has been fixed. There's been no other reports of this particular issue so hopefully that means this is a good assumption.

Changed in mesa (Ubuntu):
status: Confirmed → Fix Released
Changed in xorg-server:
importance: Unknown → Medium
Changed in xorg-server:
importance: Medium → Unknown
Changed in xorg-server:
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.