Bug 29091

Summary: 1.9RC5 server crash when starting GLX 1.3 app with mesa 7.8 Intel dri2 driver.
Product: Mesa Reporter: Christopher James Halse Rogers <chalserogers>
Component: Drivers/DRI/i965Assignee: Kristian Høgsberg <krh>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium CC: cousinmarc
Version: git   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Bug Depends on:    
Bug Blocks: 27592    
Attachments: The fix.

Description Christopher James Halse Rogers 2010-07-15 20:06:16 UTC 
The 1.9 RC5 server crashes when starting a GLX 1.3 app (I've tried glxgears_fbconfig or Clutter apps) with an older (I'm using mesa 7.8.1) Intel dri2 driver.

Compiz works fine, as does glxgears and other, non GLX 1.3 apps.

It seems that DRI2InvalidateDrawable is being called before the drawable is associated with a context, as in all the crashes I've seen drawable->driContextPriv is a valid pointer to a 0-initialised structure.

This does not occur with the Intel driver from mesa master.

This backtrace is from running glxgears_fbconfig, which has died at glXSwapBuffers.  Different Clutter apps die with a different backtrace, but they all terminate in the DRI2InvalidateDrawable → intelDRI2Invalidate pair, with a 0-initialised drawable->driContextPriv.

#0  0x00007f1c89c1ff18 in intelDRI2Invalidate (drawable=0x35a4fb0) at intel_screen.c:122
No locals.
#1  0x00007f1c8aee1866 in __glXDRIinvalidateBuffers (pDraw=0x36211b0, priv=0x39ae970) at ../../glx/glxdri2.c:439
        private = 0x39ae970
        screen = 0x3014f30
#2  0x00007f1c8a86778f in DRI2InvalidateDrawable (pDraw=0x36211b0) at ../../../../hw/xfree86/dri2/dri2.c:538
        pPriv = 0x34bd850
        ref = 0x3989f90
#3  0x00007f1c8a86823f in DRI2SwapBuffers (client=0x3491ae0, pDraw=0x36211b0, target_msc=0, divisor=0, remainder=0, swap_target=0x7fff48a94a48, 
    func=0x7f1c8a8697da <DRI2SwapEvent>, data=0x36211b0) at ../../../../hw/xfree86/dri2/dri2.c:866
        pScreen = 0x148e470
        ds = 0x148e810
        pPriv = 0x34bd850
        pDestBuffer = 0x354e1c0
        pSrcBuffer = 0x354dd50
        ret = 1
        i = 3
        ust = 1279249062597795
        current_msc = 570912
        __func__ = "DRI2SwapBuffers"
#4  0x00007f1c8a869980 in ProcDRI2SwapBuffers (client=0x3491ae0) at ../../../../hw/xfree86/dri2/dri2ext.c:404
        stuff = 0x3996aa0
        rep = {type = 116 't', pad1 = 74 'J', sequenceNumber = 18601, length = 32767, swap_hi = 59532288, swap_lo = 0, pad2 = 60385952, pad3 = 0, 
          pad4 = 1219054196, pad5 = 32767}
        pDrawable = 0x36211b0
        target_msc = 0
        divisor = 0
        remainder = 0
        swap_target = 1
        status = 0
#5  0x00007f1c8a869ea3 in ProcDRI2Dispatch (client=0x3491ae0) at ../../../../hw/xfree86/dri2/dri2ext.c:570
        stuff = 0x3996aa0
#6  0x0000000000452970 in Dispatch () at ../../dix/dispatch.c:432
        clientReady = 0x3427a80
        result = 0
        client = 0x3491ae0
        nready = 0
        icheck = 0x886110
        start_tick = 1060
#7  0x0000000000425b90 in main (argc=8, argv=0x7fff48a94c48, envp=0x7fff48a94c90) at ../../dix/main.c:291
        i = 1
        alwaysCheckForInput = {0, 1}
(gdb) print *drawable
$18 = {hHWDrawable = 0, driverPrivate = 0x39414f0, loaderPrivate = 0x39ae970, refcount = 1, index = 0, pStamp = 0x35a503c, lastStamp = 0, x = 0, y = 0, 
  w = 0, h = 0, numClipRects = 0, pClipRects = 0x35a5040, backX = 720907, backY = 131073, backClipRectType = 327690, numBackClipRects = 0, 
  pBackClipRects = 0x35a5040, vblSeq = 0, vblFlags = 0, vblank_base = 5910978805956615, msc_base = 0, driContextPriv = 0x3015b48, 
  driScreenPriv = 0x3015a50, swap_interval = 4294967295, dri2 = {stamp = 1, clipRect = {x1 = 160, y1 = 0, x2 = 0, y2 = 0}}}
(gdb) print *drawable->driContextPriv
$19 = {hHWContext = 0, driverPrivate = 0x0, pctx = 0x0, driDrawablePriv = 0x0, driReadablePriv = 0x0, driScreenPriv = 0x0, loaderPrivate = 0x0, dri2 = {
    draw_stamp = 0, read_stamp = 0}}
Comment 1 Christopher James Halse Rogers 2010-07-16 03:57:40 UTC 
Same crash with mesa 7.8.2
Comment 2 Chris Wilson 2010-07-16 04:28:11 UTC 
Created attachment 37123 [details] [review]
The fix.
Comment 3 Chris Wilson 2010-07-17 07:43:58 UTC 
Kristian, I got Ian's ack that this is okay to go into 7.8 on the priviso that you are happy with this band-aid.
Comment 4 Christopher James Halse Rogers 2010-07-20 04:11:47 UTC 
Shouldn't this also be fixed in the X server?  Although I couldn't see how to fix it in there, so possibly not.
Comment 5 Kristian Høgsberg 2010-07-20 04:46:53 UTC 
(In reply to comment #3)
> Kristian, I got Ian's ack that this is okay to go into 7.8 on the priviso that
> you are happy with this band-aid.

Yeah, it's fine for 7.8.
Comment 6 Marc Cousin 2010-08-26 08:21:52 UTC 
hi,

I've been having what seems to be the same bug : http://bugs.archlinux.org/task/20596

I tried this patch, which resolves the crashing. But instead, the display is extremely corrupted. Is there any information I could provide to help ?

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.