Closed Bug 570078 Opened 14 years ago Closed 8 years ago

abort on start with xcb assertion failure: sending nested X requests in X Error Handler

Categories

(Core Graveyard :: Widget: Qt, defect)

Product:
Core Graveyard
Component:
Widget: Qt
Platform:
x86
MeeGo
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: roger.wang, Unassigned)

References

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2) Gecko/20100305 Iceweasel/3.6 (like Firefox/3.6)
Build Identifier: mozilla-central tip

I found this issue exists in m-c tip on MeeGo platform, during developing Fennec on Qt/MTF:

it fails on start with:
--------------------------------
XError: RenderCreatePicture: BadDrawable (invalid Pixmap or Window parameter); 79 requests ago; id=0x0
Re-running with MOZ_X_SYNC=1 in the environment may give a more helpful backtrace.
fennec: ../../src/xcb_io.c:183: process_responses: Assertion `!(req && current_request && !(((long) (req->sequence) - (long) (current_request)) <= 0))' failed.
-----------------------------
so xcb is confused --it saw the response with the sequence number associated with the request it never sent. 

After I traced the packets sent between X server and the client, I found the root cause is in X11Error() in mozilla-central/toolkit/xre/nsX11ErrorHandler.cpp. It's sending X requests to the server enumerating extensions to compose a better error message. When the response for those nested X requests returned, XCB gets confused and abort.

The stack trace looks like:
#0  XQueryExtension (dpy=0x80949e0, name=0x828bea8 "XFIXES", major_opcode=0xbfff8d98, first_event=0xbfff8d94, first_error=0xbfff8d90)
    at QuExt.c:40
#1  0xb6f134d5 in X11Error (display=<value optimized out>, event=<value optimized out>)
    at /usr/src/debug/mozilla-central/toolkit/xre/nsX11ErrorHandler.cpp:91
#2  0x007cc461 in _XError (dpy=<value optimized out>, rep=<value optimized out>) at XlibInt.c:3101
#3  0x007d2c47 in process_responses (dpy=<value optimized out>, wait_for_first_event=<value optimized out>,
    current_error=<value optimized out>, current_request=<value optimized out>) at xcb_io.c:214
#4  0x007d32f6 in _XReply (dpy=<value optimized out>, rep=<value optimized out>, extra=<value optimized out>,
    discard=<value optimized out>) at xcb_io.c:464
#5  0x007c079e in XQueryPointer (dpy=<value optimized out>, w=<value optimized out>, root=<value optimized out>,
    child=<value optimized out>, root_x=<value optimized out>, root_y=<value optimized out>, win_x=<value optimized out>,
    win_y=<value optimized out>, mask=<value optimized out>) at QuPntr.c:49
#6  0x0676be30 in QCursor::pos() () from /usr/lib/libQtGui.so.4
#7  0x066ead45 in QMouseEvent::QMouseEvent(QEvent::Type, QPoint const&, Qt::MouseButton, QFlags<Qt::MouseButton>, QFlags<Qt::KeyboardModifier>) () from /usr/lib/libQtGui.so.4
#8  0x06db65b6 in QGraphicsViewPrivate::QGraphicsViewPrivate() () from /usr/lib/libQtGui.so.4
#9  0x06db6a04 in QGraphicsView::QGraphicsView(QWidget*) () from /usr/lib/libQtGui.so.4



Reproducible: Always
Is it still reproducible? does it work with normal Qt application?

do you have this bug fixed in your Qt library
http://bugreports.qt.nokia.com/browse/QTBUG-4042

try this test application:
#include <QtGui>
#include <QX11Info>
#include <X11/Xlib.h>

static int
X11Error(Display *display, XErrorEvent *event)
{
  qDebug() << "X11Error";
  abort();
  return 0;
}

int main(int argc, char **argv)
{
    QApplication app(argc, argv);
    XSetErrorHandler(X11Error);
    QGraphicsScene scene;
    scene.addText("Hello, world!");
    QGraphicsView view(&scene);
//    view.show();
    view.showFullScreen();
    return app.exec();
}
Blocks: 583135
OS: Linux → MeeGo
(In reply to comment #1)
> Is it still reproducible? does it work with normal Qt application?

It's still reproducible in MeeGo system, while normal Qt apps work well.

> 
> do you have this bug fixed in your Qt library
> http://bugreports.qt.nokia.com/browse/QTBUG-4042

Yes.
(In reply to comment #2)
> (In reply to comment #1)
> > Is it still reproducible? does it work with normal Qt application?
> 
> It's still reproducible in MeeGo system, while normal Qt apps work well.

Now it's also reproducible in Debian sid.
There are (at least) two issues here.

1. First the BadDrawable from RenderCreatePicture is a fatal error.

2. Then X11Error() makes an effort to produce some helpful output.

   This inappropriately makes requests from the error handler.
   "man XSetErrorHandler" says

      "the error handler should not call any functions (directly or
       indirectly) on the display that will generate protocol requests or that
       will look for input events"

   A possible alternative might be to use ext_procs in _XDisplay as done here:
   http://cgit.freedesktop.org/xorg/lib/libX11/tree/src/XlibInt.c?id=6de368c9aa7ccd2fcd62fca5a2b278913db4d03d#n1435

   but XLIB_ILLEGAL_ACCESS might be at least as bad as the current approach.

(In reply to comment #0)
> XError: RenderCreatePicture: BadDrawable (invalid Pixmap or Window parameter);
> 79 requests ago; id=0x0
> Re-running with MOZ_X_SYNC=1 in the environment may give a more helpful
> backtrace.
> fennec: ../../src/xcb_io.c:183: process_responses: Assertion `!(req &&
> current_request && !(((long) (req->sequence) - (long) (current_request)) <=
> 0))' failed.

> The stack trace looks like:
> #0  XQueryExtension (dpy=0x80949e0, name=0x828bea8 "XFIXES",
> major_opcode=0xbfff8d98, first_event=0xbfff8d94, first_error=0xbfff8d90)
>     at QuExt.c:40

I having trouble understanding the order of messages here if this is the point of the assertion failure.  It looks like XQueryExtension completes successfully before the assertion.  Could there be reordering due to buffering different output descriptors here?

The git code looks quite different to the xcb_io.c here.
What version of libX11 is this?
(In reply to comment #4)
 
> The git code looks quite different to the xcb_io.c here.
> What version of libX11 is this?

it's 1.3.3.

btw, this issue is Qt/Meego touch framework releated, since I updated this bug last time I have upgraded MTF and the issue is not there any more (maybe the new MTF doesn't trigger this on start). But on MeeGo system with an old MTF version it's still there.
In bug 1282866, I have removed the QT code from the Firefox tree with the approval of the active peer. That code is not currently maintained by any team.

I have looked through the bugs in the Widget: Qt bugzilla component and I believe all of these are no longer relevant because the Qt code has been removed. If you believe that this bug is still valid, please move it to another more appropriate bugzilla component as you reopen it.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.