[Mesa-dev] NULL in dri_drawable.textures borking glDrawArrays

Ian Pilcher arequipeno at gmail.com
Sat Feb 26 19:54:34 PST 2011

I spent some time today looking into a KWin crash I've been experiencing
when I unlock an OpenGL screensaver.  I was able to track it down to
this bug:


Sure enough, applying the patch in that bug got rid of the crash.
Unfortunately, I'm now seeing really problematic behavior when I test an
OpenGL screen saver in the KDE "Display and Monitor" applet.

Based on the stack trace from the crash, I've tried to figure out what's
going on, but I'm unable to connect all the dots.  Here's the relevant
subset of the stack from the (now fixed) crash:

#6  radeon_r300_winsys_buffer_from_handle (rws=<optimized out>,
whandle=0x7fff73559780, stride=0x7fff73559698, size=0x7fff7355969c) at
#7  0x00007fb1e84f93d6 in r300_texture_from_handle (screen=0x10336a0,
base=0x7fff73559740, whandle=<optimized out>) at r300_texture.c:828
#8  0x00007fb1e84e94f3 in dri2_drawable_process_buffers (count=1,
buffers=0x104f748, drawable=0x104d820) at dri2.c:252
#9  dri2_allocate_textures (drawable=0x104d820, statts=<optimized out>,
count=1934989244) at dri2.c:276
#10 0x00007fb1e84ea187 in dri_st_framebuffer_validate (stfbi=<optimized
out>, statts=0x12e8650, count=1, out=0x7fff73559860) at dri_drawable.c:73
#11 0x00007fb1e8528617 in st_framebuffer_validate (stfb=0x12e8200,
st=0x1112c70) at state_tracker/st_manager.c:156
#12 0x00007fb1e8529afe in st_manager_validate_framebuffers
(st=0x1112c70) at state_tracker/st_manager.c:859
#13 0x00007fb1e865a848 in st_validate_state (st=0x1112c70) at
#14 0x00007fb1e85bde98 in st_draw_vbo (ctx=0x10e47c0, arrays=0x11164a0,
prims=0x7fff73559f90, nr_prims=1, ib=0x0, index_bounds_valid=<optimized
out>, min_index=0, max_index=11) at state_tracker/st_draw.c:649
#15 0x00007fb1e85babf3 in vbo_draw_arrays (ctx=0x10e47c0, mode=7,
start=0, count=<optimized out>, numInstances=1) at vbo/vbo_exec_array.c:588
#16 0x000000397581cffe in KWin::renderGLGeometry (region=..., count=12,
vertices=0x130ffa0, texture=0x1318f40, color=0x0, dim=2, stride=0) at

What I've been able to figure out is that KWin is calling glDrawArrays,
which is really vbo_draw_arrays.  (I assume that glDrawArrays is really
a macro or inline function.)  This makes it all the way "down" to
radeon_r300_winsys_buffer_from_handle, which calls

radeon_drm_bufmgr_create_buffer_from_handle returns NULL.  This used to
cause a crash, but the NULL is now returned by
radeon_r300_winsys_buffer_from_handle.  In turn,
r300_texture_from_handle returns NULL to
dri2_drawable_process_buffers, which puts that NULL into the textures
array of its drawable parameter.

As I said above, I'm unable to trace the impact of this NULL value back
up the call stack to vbo_draw_arrays.  Maybe it's OK for the NULL to be
there and maybe it's not.  (The fact that glDrawArrays doesn't appear to
have a way to report this sort of situation tends to make me believe
that it should be handled somehow.)

Any pointers are appreciated.


Ian Pilcher                                         arequipeno at gmail.com

More information about the mesa-dev mailing list