Compiz

Xorg crashes in drm_intel_bo_is_reusable() from intel_set_pixmap_bo()

Bug #1053789 reported by Daniel van Vugt on 2012-09-21

This bug affects 2 people

	Status	Importance	Assigned to
Compiz	Invalid	High	Unassigned
xf86-video-intel	Unknown	Unknown	freedesktop-bugs #55299
xorg-server (Ubuntu)	Fix Released	High	Unassigned
Precise	Won't Fix	High	Timo Aaltonen

Bug Description

re-redirecting an unredirected OpenGL window sometimes kills the X server.

Test case:
  1. Enable "Unredirect Fullscreen Windows" in CCSM > Composite.
  2. Start an OpenGL game, or video with: mplayer -vo gl ...
  3. Trigger scale (Shift+Alt+Up) or the window menu (Alt+Space)
If it doesn't crash, then repeat.

Expected: Either windows scale or the window menu appears
Observed: Sometimes, just sometimes, X crashes and I get sent back to the login screen.

Program received signal SIGSEGV, Segmentation fault.
0x00007f12ea7f1e24 in drm_intel_bo_is_reusable ()
   from /usr/lib/x86_64-linux-gnu/libdrm_intel.so.1
(gdb) bt
#0 0x00007f12ea7f1e24 in drm_intel_bo_is_reusable ()
   from /usr/lib/x86_64-linux-gnu/libdrm_intel.so.1
#1 0x00007f12eaa1ecfb in intel_set_pixmap_bo (pixmap=0x7f12efcf2370, bo=0x0)
    at ../../src/intel_uxa.c:643
#2 0x00007f12eaa1eec7 in intel_uxa_destroy_pixmap (pixmap=0x7f12efcf2370)
    at ../../src/intel_uxa.c:1108
#3 0x00007f12ee763f60 in damageDestroyPixmap (pPixmap=0x7f12efcf2370)
    at ../../../miext/damage/damage.c:1652
#4 0x00007f12eb692402 in XvDestroyPixmap (pPix=0x7f12efcf2370)
    at ../../Xext/xvmain.c:387
#5 0x00007f12ee73980a in ShmDestroyPixmap (pPixmap=0x7f12efcf2370)
    at ../../Xext/shm.c:276
#6 0x00007f12eaa3070b in I830DRI2DestroyBuffer (drawable=<optimised out>,
    buffer=<optimised out>) at ../../src/intel_dri.c:434
#7 0x00007f12eac5e97b in DRI2DrawableGone (p=0x7f12ef829d20,
    id=<optimised out>) at ../../../../hw/xfree86/dri2/dri2.c:309
#8 0x00007f12ee6be5c2 in doFreeResource (res=0x7f12ef829db0, skip=0)
    at ../../dix/resource.c:571
#9 0x00007f12ee6bf2fa in FreeClientResources (client=0x7f12efa19d80)
    at ../../dix/resource.c:853
#10 0x00007f12ee69cd2a in CloseDownClient (client=0x7f12efa19d80)
    at ../../dix/dispatch.c:3477
#11 0x00007f12ee69d8b6 in Dispatch () at ../../dix/dispatch.c:454
#12 0x00007f12ee68c7ba in main (argc=8, argv=<optimised out>,
    envp=<optimised out>) at ../../dix/main.c:287
(gdb)

---
.tmp.unity.support.test.0:

ApportVersion: 2.0.1-0ubuntu13
Architecture: amd64
CompizPlugins: [core,composite,opengl,compiztoolbox,decor,mousepoll,gnomecompat,resize,vpswitch,grid,move,imgpng,regex,animation,wall,place,fade,session,expo,workarounds,scale,ezoom,unityshell]
CompositorRunning: compiz
DistUpgraded: Fresh install
DistroCodename: precise
DistroRelease: Ubuntu 12.04
DistroVariant: ubuntu
ExtraDebuggingInterest: Yes,
GraphicsCard:
Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller [8086:0102] (rev 09) (prog-if 00 [VGA controller])
Subsystem: Dell Device [1028:047e]
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
MachineType: Dell Inc. OptiPlex 990
Package: xorg-server (not installed)
ProcEnviron:
LANGUAGE=en_AU:en
TERM=xterm
PATH=(custom, no user)
LANG=en_AU.UTF-8
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.2.0-30-generic root=UUID=9f6f99e2-1189-4bf1-bff7-af137071f572 ro quiet splash vt.handoff=7
ProcVersionSignature: Ubuntu 3.2.0-30.48-generic 3.2.27
Tags: precise running-unity ubuntu referred-by-support compiz-0.9
Uname: Linux 3.2.0-30-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
dmi.bios.date: 09/10/2011
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A07
dmi.board.name: 0D6H9T
dmi.board.vendor: Dell Inc.
dmi.board.version: A00
dmi.chassis.type: 15
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvrA07:bd09/10/2011:svnDellInc.:pnOptiPlex990:pvr01:rvnDellInc.:rn0D6H9T:rvrA00:cvnDellInc.:ct15:cvr:
dmi.product.name: OptiPlex 990
dmi.product.version: 01
dmi.sys.vendor: Dell Inc.
version.compiz: compiz 1:0.9.7.8-0ubuntu1.4
version.ia32-libs: ia32-libs N/A
version.libdrm2: libdrm2 2.4.32-1ubuntu1
version.libgl1-mesa-dri: libgl1-mesa-dri 8.0.3+8.0.2-0ubuntu3.2
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 8.0.3+8.0.2-0ubuntu3.2
version.xserver-xorg-core: xserver-xorg-core 2:1.11.4-0ubuntu10.7
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.7.0-0ubuntu1.2
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:6.14.99~git20111219.aacbd629-0ubuntu2
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.17.0-1ubuntu4.1
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:0.0.16+git20111201+b5534a1-1build2

See original description

Tags:

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: BootDmesg.txt

BootDmesg.txt Edit (55.4 KiB, text/plain)

apport information

tags:	added: apport-collected compiz-0.9 precise referred-by-support running-unity ubuntu
description:	updated

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: BootLog.gz

BootLog.gz Edit (517 bytes, application/octet-stream)

apport information

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: CurrentDmesg.txt

CurrentDmesg.txt Edit (1.6 KiB, text/plain)

apport information

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: DpkgLog.txt

DpkgLog.txt Edit (202.9 KiB, text/plain)

apport information

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: GconfCompiz.txt

GconfCompiz.txt Edit (50.1 KiB, text/plain)

apport information

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: LightdmLog.txt

LightdmLog.txt Edit (6.0 KiB, text/plain)

apport information

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: Lspci.txt

Lspci.txt Edit (9.3 KiB, text/plain)

apport information

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: Lsusb.txt

Lsusb.txt Edit (865 bytes, text/plain)

apport information

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: MonitorsUser.xml.txt

MonitorsUser.xml.txt Edit (2.9 KiB, text/plain)

apport information

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: ProcCpuinfo.txt

#10

ProcCpuinfo.txt Edit (3.6 KiB, text/plain)

apport information

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: ProcInterrupts.txt

#11

ProcInterrupts.txt Edit (2.3 KiB, text/plain)

apport information

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: ProcModules.txt

#12

ProcModules.txt Edit (3.4 KiB, text/plain)

apport information

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: UdevDb.txt

#13

UdevDb.txt Edit (128.9 KiB, text/plain)

apport information

affects:

xorg-server (Ubuntu) → xorg (Ubuntu)

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: UdevLog.txt

#14

UdevLog.txt Edit (277.5 KiB, text/plain)

apport information

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: UnitySupportTest.txt

#15

UnitySupportTest.txt Edit (601 bytes, text/plain)

apport information

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: XorgConf.txt

#16

XorgConf.txt Edit (114 bytes, text/plain)

apport information

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: XorgLog.txt

#17

XorgLog.txt Edit (44.3 KiB, text/plain)

apport information

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: XorgLogOld.txt

#18

XorgLogOld.txt Edit (62.2 KiB, text/plain)

apport information

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: Xrandr.txt

#19

Xrandr.txt Edit (6.9 KiB, text/plain)

apport information

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: xdpyinfo.txt

#20

xdpyinfo.txt Edit (9.7 KiB, text/plain)

apport information

Daniel van Vugt (vanvugt) on 2012-09-21

Changed in compiz:
assignee:	nobody → Daniel van Vugt (vanvugt)
importance:	Medium → High

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: Re: re-redirecting an unredirected OpenGL window sometimes kills the X server

#21

Backtrace:

affects:	xorg (Ubuntu) → xserver-xorg-video-intel (Ubuntu)
description:	updated
summary:	- re-redirecting an unredirected OpenGL window sometimes kills the X - server + Xorg crashes in drm_intel_bo_is_reusable() from intel_set_pixmap_bo() + from intel_uxa_destroy_pixmap() from XvDestroyPixmap() from
summary:	Xorg crashes in drm_intel_bo_is_reusable() from intel_set_pixmap_bo() - from intel_uxa_destroy_pixmap() from XvDestroyPixmap() from + from intel_uxa_destroy_pixmap() from damageDestroyPixmap() + XvDestroyPixmap()
description:	updated

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-21: Re: Xorg crashes in drm_intel_bo_is_reusable() from intel_set_pixmap_bo() from intel_uxa_destroy_pixmap() from damageDestroyPixmap() XvDestroyPixmap()

#22

The stack in comment #21 was from "glxgears -fullscreen".

Here's a similar, but different, one from "mplayer -vo gl":

Program received signal SIGSEGV, Segmentation fault.
0x00007f671bb51e24 in drm_intel_bo_is_reusable ()
   from /usr/lib/x86_64-linux-gnu/libdrm_intel.so.1
(gdb) bt
#0 0x00007f671bb51e24 in drm_intel_bo_is_reusable ()
   from /usr/lib/x86_64-linux-gnu/libdrm_intel.so.1
#1 0x00007f671bd7ecfb in intel_set_pixmap_bo (pixmap=0x7f6720240840,
    bo=0x7f6720af6230) at ../../src/intel_uxa.c:643
#2 0x00007f671bd91b5c in I830DRI2ScheduleFlip (intel=0x7f671fefab90,
    draw=0x7f67208bc960, info=0x7f6720437520) at ../../src/intel_dri.c:862
#3 0x00007f671bd920c7 in I830DRI2ScheduleSwap (client=0x7f6720443070,
    draw=0x7f67208bc960, front=0x7f6720559c50, back=0x7f67207395d0,
    target_msc=0x7fffb2b1c268, divisor=0, remainder=0,
    func=0x7f671bfc0250 <DRI2SwapEvent>, data=0x7f67208bc960)
    at ../../src/intel_dri.c:1173
#4 0x00007f671bfbf790 in DRI2SwapBuffers (client=0x7f6720443070,
    pDraw=0x7f67208bc960, target_msc=0, divisor=0, remainder=<optimised out>,
    swap_target=0x7fffb2b1c268, func=0x7f671bfc0250 <DRI2SwapEvent>,
    data=0x7f67208bc960) at ../../../../hw/xfree86/dri2/dri2.c:879
#5 0x00007f671bfc07d3 in ProcDRI2SwapBuffers (client=0x7f6720443070)
    at ../../../../hw/xfree86/dri2/dri2ext.c:404
#6 ProcDRI2Dispatch (client=0x7f6720443070)
    at ../../../../hw/xfree86/dri2/dri2ext.c:570
#7 0x00007f671f9fd8a1 in Dispatch () at ../../dix/dispatch.c:442
#8 0x00007f671f9ec7ba in main (argc=10, argv=<optimised out>,
    envp=<optimised out>) at ../../dix/main.c:287
(gdb)

mplayer itself did not crash at all.

summary:	Xorg crashes in drm_intel_bo_is_reusable() from intel_set_pixmap_bo() - from intel_uxa_destroy_pixmap() from damageDestroyPixmap() - XvDestroyPixmap()
Changed in compiz:
status:	New → Invalid

Daniel van Vugt (vanvugt) on 2012-09-24

Changed in compiz:
status:	Invalid → Triaged

Brian Murray (brian-murray) on 2012-09-24

Changed in libdrm (Ubuntu):
importance:	Undecided → High
Changed in xserver-xorg-video-intel (Ubuntu):
importance:	Undecided → High

Daniel van Vugt (vanvugt) on 2012-09-25

Changed in compiz:
status:	Triaged → Invalid
assignee:	Daniel van Vugt (vanvugt) → nobody
milestone:	0.9.8.4 → none

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-25:

#23

According to the upstream bug this is fixed already. No details yet as to where/how/when it was fixed.

Revision history for this message

Timo Aaltonen (tjaalton) wrote on 2012-09-25:

#24

the referenced fix was for xserver

commit a2d0829531249e24dbca25fc20ed30a2bb2d8ed8
Author: Michel Dänzer <email address hidden>
Date: Thu Jul 12 13:16:37 2012 +0200

glx: Free DRI2 drawable reference to destroyed GLX drawable.

Otherwise the reference can lead to use after free in
__glXDRIinvalidateBuffers().

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-09-26:

#25

Testing the same code on quantal with Intel HD 3000, I can't reproduce this or any of the other Xorg crashes.

Revision history for this message

Timo Aaltonen (tjaalton) wrote on 2012-09-26:

#26

thanks, adding a task for precise

no longer affects:	libdrm (Ubuntu)
affects:	xserver-xorg-video-intel (Ubuntu) → xorg-server (Ubuntu)
Changed in xorg-server (Ubuntu):
status:	New → Fix Released
Changed in xorg-server (Ubuntu Precise):
assignee:	nobody → Timo Aaltonen (tjaalton)
importance:	Undecided → High
status:	New → Triaged

Revision history for this message

Achim (ach1m) wrote on 2012-10-15:

#27

I am also not able to reproduce the test case with the following components:

-- unity compiz nux: # apt-cache policy unity compiz #
unity:
  Installed: 6.8.0-0ubuntu2
  Candidate: 6.8.0-0ubuntu2
  Version table:
*** 6.8.0-0ubuntu2 0
        500 http://archive.ubuntu.com/ubuntu/ quantal/main amd64 Packages
        100 /var/lib/dpkg/status
compiz:
  Installed: 1:0.9.8.4-0ubuntu2
  Candidate: 1:0.9.8.4-0ubuntu2
  Version table:
*** 1:0.9.8.4-0ubuntu2 0
        500 http://archive.ubuntu.com/ubuntu/ quantal/main amd64 Packages
        100 /var/lib/dpkg/status

-- chipset: # lspci #
00:02.0 VGA compatible controller: Intel Corporation Xeon E3-1200 v2/3rd Gen Core processor Graphics Controller (rev 09)

-- system architecture: # uname -m #
x86_64

-- libdrm version: # apt-cache policy libdrm-intel1 #
libdrm-intel1:
  Installed: 2.4.39-0ubuntu1
  Candidate: 2.4.39-0ubuntu1
  Version table:
*** 2.4.39-0ubuntu1 0
        500 http://archive.ubuntu.com/ubuntu/ quantal/main amd64 Packages
        100 /var/lib/dpkg/status

-- kernel version # uname -r #
3.5.0-17-generic

-- distribution # lsb_release -d
Description: Ubuntu 12.10

-- mobo model #
Intel DH77DF

Revision history for this message

Timo Aaltonen (tjaalton) wrote on 2017-03-06:

#28

won't happen for 12.04 anymore, it'll EOL in a few months

Changed in xorg-server (Ubuntu Precise):
status:	Triaged → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

freedesktop-bugs #55299 Edit

Bug watches keep track of this bug in other bug trackers.