Segmentation fault with glamor-egl-0.6.0, when built withtout libgbm, but with X11 platform
Submitted by Jean-Sébastien Pédron
Assigned to Zhigang Gong @gongzg
Description
Created attachment 93721 Xorg.log, when X.Org crashes
Note: the crash occurs with glamor-egl-0.6.0, but the "affected" code is still there in Git revision e734e1b621c03aeb1c7ba6b2485b7e71c8b008b6.
When Glamor is built without libgbm, eglGetDisplay() is called with a file descriptor as its argument (I guess an fd on "/dev/dri/card$i"), in src/glamor_egl.c, line 734: glamor_egl->display = eglGetDisplay((EGLNativeDisplayType)(intptr_t)fd);
This fd is stored in _EGLDisplay->PlatformDisplay as is. See src/egl/main/egldisplay.c, line 273, in Mesa 10.0.3: dpy->PlatformDisplay = plat_dpy;
The segfault occurs later, when dri2_initialize_x11_dri2() is called. This function calls XGetXCBConnection, passing _EGLDisplay->PlatformDisplay as its argument (ie. the file descriptor). See src/egl/drivers/dri2/platform_x11.c, line 1136, in Mesa 10.0.3: dri2_dpy->conn = XGetXCBConnection((Display *) disp->PlatformDisplay);
XGetXCBConnection(), defined in libX11's src/x11_xcb.c, line 7, expects a pointer to a Display (aka. struct _XDisplay, defined in include/X11/Xlibint.h) and dereferences it, leading to the crash: xcb_connection_t *XGetXCBConnection(Display *dpy) { return dpy->xcb->connection; }
Here's the complete backtrace with X.Org 1.15, xf86-video-ati 7.3.0, libX11 1.6.2, Mesa 10.0.3 and glamor-egl 0.6.0:
---8<--- (II) [KMS] Kernel modesetting enabled.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 805006400 (LWP 100711)]
0x000000080396055c in XGetXCBConnection (dpy=0xb) at x11_xcb.c:9
9 return dpy->xcb->connection;
(gdb) bt
#0 0x000000080396055c in XGetXCBConnection (dpy=0xb) at x11_xcb.c:9
#1 0x000000080541bb7e in dri2_initialize_x11_dri2 (drv=0x805058800, disp=0x8050fde00) at platform_x11.c:1136
#2 0x000000080541b9e2 in dri2_initialize_x11 (drv=0x805058800, disp=0x8050fde00) at platform_x11.c:1246
#3 0x000000080541934f in dri2_initialize (drv=0x805058800, disp=0x8050fde00) at egl_dri2.c:619
#4 0x000000080540edd3 in _eglMatchAndInitialize (dpy=0x8050fde00) at egldriver.c:608
#5 0x000000080540ebde in _eglMatchDriver (dpy=0x8050fde00, test_only=0) at egldriver.c:639
#6 0x0000000805404d01 in eglInitialize (dpy=0x8050fde00, major=0x8050953f0, minor=0x8050953f4) at eglapi.c:317
#7 0x000000080496206b in glamor_egl_init (scrn=0x8050ed400, fd=11) at glamor_egl.c:744
#8 0x0000000806162670 in radeon_glamor_pre_init (scrn=0x8050ed400) at radeon_glamor.c:125
#9 0x00000008061576e8 in RADEONPreInitAccel_KMS (pScrn=0x8050ed400) at radeon_kms.c:510
#10 0x0000000806156515 in RADEONPreInit_KMS (pScrn=0x8050ed400, flags=0) at radeon_kms.c:865
#11 0x00000000004b11e2 in InitOutput (pScreenInfo=0x90d550 <screenInfo>, argc=1, argv=0x7fffffffd9b8) at xf86Init.c:594
#12 0x000000000044c35b in dix_main (argc=1, argv=0x7fffffffd9b8, envp=0x7fffffffd9c8) at main.c:200
#13 0x00000000004294ea in main (argc=1, argv=0x7fffffffd9b8, envp=0x7fffffffd9c8) at stubmain.c:34
(gdb)
---8<---
Attachment 93721, "Xorg.log, when X.Org crashes":
Xorg.0.log