Description: Ubuntu 8.04.2
Release: 8.04
xserver-xorg-core 2:1.4.1~git20080131-1ubuntu9.2
xserver-xorg-core-dbg 2:1.4.1~git20080131-1ubuntu9.2
How to reproduce the crash:
- log in to GNOME session
- make sure compiz is enabled
- open Firefox
- go to http://www.mogulus.com/amdunprocessed
- play a video
- repeatedly minimize and restore the Firefox window while the video is playing in Firefox
=> observe a segfault in the Xorg server after minimizing/restoring about 50 times
I was able to reproduce this problem with both compiz and the composite manager in metacity. In metacity the problem is also triggered by switching virtual desktops. I'm using the radeon driver from xserver-xorg-video-ati. I've been consistently able to reproduce it with www.mogulus.com. However, I was also seeing occasional crashes during day-to-day work that I blame on flash-based ads on other random web pages.
I captured the following backtrace with gdb through ssh:
Program received signal SIGSEGV, Segmentation fault.
0xb78f1412 in cwGetBackingPicture (pPicture=0x9133028, x_off=0xbfe9f908,
y_off=0xbfe9f904) at ../../../miext/cw/cw_render.c:128
128 ../../../miext/cw/cw_render.c: No such file or directory.
in ../../../miext/cw/cw_render.c
(gdb) bt
#0 0xb78f1412 in cwGetBackingPicture (pPicture=0x9133028, x_off=0xbfe9f908,
y_off=0xbfe9f904) at ../../../miext/cw/cw_render.c:128
#1 0xb78f15b9 in cwComposite (op=3 '\003', pSrcPicture=0x89a6d28,
pMskPicture=0x8923cc8, pDstPicture=0x9133028, xSrc=0, ySrc=0, xMsk=0,
yMsk=0, xDst=256, yDst=64, width=222, height=64)
at ../../../miext/cw/cw_render.c:271
#2 0x08173013 in damageComposite (op=173 '�', pSrc=0x89a6d28,
pMask=0x8923cc8, pDst=0x9133028, xSrc=<value optimized out>,
ySrc=<value optimized out>, xMask=<value optimized out>,
yMask=<value optimized out>, xDst=<value optimized out>,
yDst=<value optimized out>, width=<value optimized out>,
height=<value optimized out>) at ../../../miext/damage/damage.c:580
#3 0x0815a1f0 in CompositePicture (op=3 '\003', pSrc=0x89a6d28,
pMask=0x8923cc8, pDst=0x9133028, xSrc=<value optimized out>,
ySrc=<value optimized out>, xMask=<value optimized out>,
yMask=<value optimized out>, xDst=<value optimized out>,
yDst=<value optimized out>, width=<value optimized out>,
height=<value optimized out>) at ../../render/picture.c:1756
#4 0x081601df in ProcRenderComposite (client=0x89641e8)
at ../../render/render.c:758
#5 0x0815d085 in ProcRenderDispatch (client=0x0) at ../../render/render.c:2006
#6 0x081506ee in XaceCatchExtProc (client=0x89641e8) at ../../Xext/xace.c:299
#7 0x0808d8df in Dispatch () at ../../dix/dispatch.c:502
---Type <return> to continue, or q <return> to quit---
#8 0x0807471b in main (argc=10, argv=0xbfe9ffd4, envp=Cannot access memory at address 0x8
)
at ../../dix/main.c:452
[lspci]
00:00.0 Host bridge [0600]: Intel Corporation 82975X Memory Controller Hub [8086:277c]
Subsystem: Hewlett-Packard Company Unknown device [103c:280c]
01:00.0 VGA compatible controller [0300]: ATI Technologies Inc RV380 0x3e50 [Radeon X600] [1002:3e50] (prog-if 00 [VGA controller])
Subsystem: NEC Corporation Unknown device [1033:0268]
I downloaded the source and did some more debugging. I found that when the crash happens pPixmap is NULL. Or in other words (pWindow)
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7c0aa30 (LWP 5977)]
0xb78d6412 in cwGetBackingPicture (pPicture=
y_off=
128 ../../.
in ../../.
(gdb) print pPixmap
$4 = (PixmapPtr) 0x0
(gdb) print ((WindowPtr)
$6 = {ptr = 0x0, val = 0, uval = 0, fptr = 0}
(gdb)