24316 – SIGSEGV in radeon_cs_flush_indirect() with recent radeon driver and firefox.

Bug 24316 - SIGSEGV in radeon_cs_flush_indirect() with recent radeon driver and firefox.

Summary: SIGSEGV in radeon_cs_flush_indirect() with recent radeon driver and firefox.

Status:	RESOLVED FIXED

Alias:	None

Product:	xorg
Classification:	Unclassified
Component:	Driver/Radeon (show other bugs)
Version:	git
Hardware:	x86-64 (AMD64) Linux (All)

Importance:	medium critical
Assignee:	xf86-video-ati maintainers
QA Contact:	Xorg Project Team

URL:
Whiteboard:
Keywords:

Duplicates (2):	24294 24335 (view as bug list)
Depends on:
Blocks:

Reported:	2009-10-05 04:14 UTC by Lukasz Krotowski
Modified:	2009-10-05 15:39 UTC (History)
CC List:	2 users (show)

See Also:
i915 platform:
i915 features:

Attachments
Gdb log with faulty radeon driver. (1.13 KB, text/plain) 2009-10-05 04:15 UTC, Lukasz Krotowski	no flags	Details
Simple hack preventing SIGSEGV. (715 bytes, patch) 2009-10-05 04:17 UTC, Lukasz Krotowski	no flags	Details \| Splinter Review
Stderr with faulty radeon driver. (4.99 KB, text/plain) 2009-10-05 04:31 UTC, Lukasz Krotowski	no flags	Details
Xorg.0.log with SIGSEGV. (52.05 KB, text/plain) 2009-10-05 05:53 UTC, Lukasz Krotowski	no flags	Details
Gdb log with faulty radeon driver and -O0. (1.82 KB, text/plain) 2009-10-05 06:18 UTC, Lukasz Krotowski	no flags	Details
Probable fix (717 bytes, patch) 2009-10-05 06:31 UTC, Michel Dänzer	no flags	Details \| Splinter Review
Show Obsolete (3) View All

Description Lukasz Krotowski 2009-10-05 04:14:28 UTC

When opening onemanga.com (well, probably others too) in firefox Xserver segfaults. 

Radeon version: 9d596562496863d65850306d2126d8df98464de4

Considering gdb backtrace (attached) and recent commits my wild guess is it's connected to:
commit 4b4ce36081ca151c24e028c54b59986f41731a73
Author: Michel Dänzer <daenzer@vmware.com>
Date:   Sat Oct 3 16:33:32 2009 +0200

    R3/5xx EXA: Minimise number of draw primitives used for Composite operations.
    
    This should reduce the kernel CS checker overhead, if nothing else.
    
    I'll leave porting this to other chipset families to others who can test it.

Attached patch fixes SIGSEGV.

Comment 1 Lukasz Krotowski 2009-10-05 04:15:38 UTC

Created attachment 30069 [details]
Gdb log with faulty radeon driver.

Only radeon driver has debugging symbols included.

Comment 2 Lukasz Krotowski 2009-10-05 04:17:55 UTC

Created attachment 30070 [details] [review]
Simple hack preventing SIGSEGV.

I can't see any drawbacks of that patch (running it now).

Comment 3 Michel Dänzer 2009-10-05 04:26:37 UTC

Weird, I suspect it's a bug elsewhere if radeon_cs_flush_indirect() is called with NULL info->cs...

Please attach the full log file from a crash.

Comment 4 Lukasz Krotowski 2009-10-05 04:31:55 UTC

Created attachment 30071 [details]
Stderr with faulty radeon driver.

Is that enough? Or is Xorg.0.log needed?

Comment 5 Michel Dänzer 2009-10-05 05:42:34 UTC

(In reply to comment #4)
> Or is Xorg.0.log needed?

The log file would indeed be Xorg.0.log.

Comment 6 Lukasz Krotowski 2009-10-05 05:53:41 UTC

Created attachment 30073 [details]
Xorg.0.log with SIGSEGV.

Comment 7 Michel Dänzer 2009-10-05 06:01:27 UTC

Thanks. So you're not using KMS, and I'm really not sure how radeon_cs_flush_indirect() can ever be called in that case... Can you maybe try rebuilding the driver without any optimization (-O0 or no -O flags at all) and provide a gdb backtrace from that?

Comment 8 Lukasz Krotowski 2009-10-05 06:17:50 UTC

(In reply to comment #7)
> Thanks. So you're not using KMS, and I'm really not sure how
> radeon_cs_flush_indirect() can ever be called in that case... Can you maybe try
> rebuilding the driver without any optimization (-O0 or no -O flags at all) and
> provide a gdb backtrace from that?

Sure. But isn't radeon_cs_flush_indirect() called from RadeonCompositeTileCP(), radeon_exa_render.c:2160 also without KMS?

Comment 9 Lukasz Krotowski 2009-10-05 06:18:39 UTC

Created attachment 30075 [details]
Gdb log with faulty radeon driver and -O0.

Xserver symbols also included.

Comment 10 Michel Dänzer 2009-10-05 06:31:18 UTC

Created attachment 30076 [details] [review]
Probable fix

> But isn't radeon_cs_flush_indirect() called from RadeonCompositeTileCP(),
> radeon_exa_render.c:2160 also without KMS?

Ah! Of course, not sure how I managed to miss that before.

Does this patch fix it?

Comment 11 Lukasz Krotowski 2009-10-05 10:00:14 UTC

(In reply to comment #10)
> Does this patch fix it?

Yes, no segfaults here.

Comment 12 Michel Dänzer 2009-10-05 15:08:51 UTC

*** Bug 24294 has been marked as a duplicate of this bug. ***

Comment 13 Michel Dänzer 2009-10-05 15:10:34 UTC

*** Bug 24335 has been marked as a duplicate of this bug. ***

Comment 14 Michel Dänzer 2009-10-05 15:39:26 UTC

Fixed in commit e59ae08270711512e64b70f79b6476cc2c52d230 .

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.