Bug 102530

Summary: [bisected] Kodi crashes when launching a stream - commit bd2662bf
Product: Mesa Reporter: Alexandre Demers <alexandre.f.demers>
Component: Mesa coreAssignee: mesa-dev
Status: RESOLVED FIXED QA Contact: mesa-dev
Severity: normal    
Priority: medium CC: alexandre.f.demers, nhaehnle
Version: 17.2   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: Kodi's log after segfault
Kodi segfault with MESA_NO_ERROR=0
Enable KHR_NO_ERROR only if MESA_NO_ERROR's value is different from 0

Description Alexandre Demers 2017-09-03 19:02:33 UTC
I get a segfault when launching a stream (from Covenant) on Kodi. Bisecting ended up with the following culprit:

commit bd2662bfa1c8746dc29a7bad32a1647379f78532
Author: Timothy Arceri <tarceri@itsqueeze.com>
Date:   Thu Mar 30 23:22:46 2017 +1100

    mesa: add KHR_no_error support to glUniform*() functions
    
    V2: restore lost comment, add static to validate_uniform(),
        simplify array offset logic.
    
    Reviewed-by: Nicolai Hähnle <nicolai.haehnle@amd.com>

:040000 040000 4a82c824807bda025e4069be599697f2a6ccc817 0f3fc38d84e905f95f34d3b63c32d06b897ef551 M	src

This is when KHR_no_error is enabled.

Whether MESA_NO_ERROR is set or not (KHR_no_error disabled), kodi exits with a segfault.
Comment 1 Timothy Arceri 2017-09-04 02:40:00 UTC
Are you able to provide a stack trace?
Comment 2 Tapani Pälli 2017-09-04 04:46:38 UTC
Just a guess but at least it looks possible for "UniformRemapTable[location]" to access garbage, there should be a check for location value before using it.
Comment 3 Tapani Pälli 2017-09-04 07:31:29 UTC
(In reply to Tapani Pälli from comment #2)
> Just a guess but at least it looks possible for
> "UniformRemapTable[location]" to access garbage, there should be a check for
> location value before using it.

Disclaimer: I did not realize that undefined behaviour including a crash in that situation is actually OK by the no_error spec so forget about this comment :)
Comment 4 Timothy Arceri 2017-09-04 10:58:25 UTC
(In reply to Tapani Pälli from comment #3)
> (In reply to Tapani Pälli from comment #2)
> > Just a guess but at least it looks possible for
> > "UniformRemapTable[location]" to access garbage, there should be a check for
> > location value before using it.
> 
> Disclaimer: I did not realize that undefined behaviour including a crash in
> that situation is actually OK by the no_error spec so forget about this
> comment :)
Comment 5 Alexandre Demers 2017-09-04 21:36:22 UTC
Created attachment 133967 [details]
Kodi's log after segfault

This is the core dump produced by Kodi when segfaulting.
/usr/bin/kodi: line 175: 16779 Segmentation fault      (core dumped) "$LIBDIR/${bin_name}/${bin_name}.bin" $SAVED_ARGS

If you need something else, let me know.
Comment 6 Timothy Arceri 2017-09-05 00:04:05 UTC
(In reply to Alexandre Demers from comment #5)
> Created attachment 133967 [details]
> Kodi's log after segfault
> 
> This is the core dump produced by Kodi when segfaulting.
> /usr/bin/kodi: line 175: 16779 Segmentation fault      (core dumped)
> "$LIBDIR/${bin_name}/${bin_name}.bin" $SAVED_ARGS
> 
> If you need something else, let me know.

So that looks like the stack trace from having NO_ERROR enabled can you provide one for the crash that happens when NO_ERROR is disabled.
Comment 7 Erik Faye-Lund 2017-09-05 05:56:25 UTC
Timothy Arceri: In either case, it looks like the handling of location = -1 is incorrect in the no-error case. I think we should ignore the command in this case...
Comment 8 Erik Faye-Lund 2017-09-05 06:04:00 UTC
Something like this?

---8<---

diff --git a/src/mesa/main/uniform_query.cpp b/src/mesa/main/uniform_query.cpp
index c6488325a8..642c93270f 100644
--- a/src/mesa/main/uniform_query.cpp
+++ b/src/mesa/main/uniform_query.cpp
@@ -911,6 +911,9 @@ _mesa_uniform(GLint location, GLsizei count, const GLvoid *values,
 
    struct gl_uniform_storage *uni;
    if (_mesa_is_no_error_enabled(ctx)) {
+      if (location == -1)
+         return;
+
       uni = shProg->UniformRemapTable[location];
 
       /* The array index specified by the uniform location is just the

---8<---
Comment 9 Timothy Arceri 2017-09-05 08:24:08 UTC
(In reply to Erik Faye-Lund from comment #8)
> Something like this?
> 
> ---8<---
> 
> diff --git a/src/mesa/main/uniform_query.cpp
> b/src/mesa/main/uniform_query.cpp
> index c6488325a8..642c93270f 100644
> --- a/src/mesa/main/uniform_query.cpp
> +++ b/src/mesa/main/uniform_query.cpp
> @@ -911,6 +911,9 @@ _mesa_uniform(GLint location, GLsizei count, const
> GLvoid *values,
>  
>     struct gl_uniform_storage *uni;
>     if (_mesa_is_no_error_enabled(ctx)) {
> +      if (location == -1)
> +         return;
> +
>        uni = shProg->UniformRemapTable[location];
>  
>        /* The array index specified by the uniform location is just the
> 
> ---8<---

This was already fixed.
Comment 10 Alexandre Demers 2017-09-05 14:01:52 UTC
(In reply to Timothy Arceri from comment #6)
> (In reply to Alexandre Demers from comment #5)
> > Created attachment 133967 [details]
> > Kodi's log after segfault
> > 
> > This is the core dump produced by Kodi when segfaulting.
> > /usr/bin/kodi: line 175: 16779 Segmentation fault      (core dumped)
> > "$LIBDIR/${bin_name}/${bin_name}.bin" $SAVED_ARGS
> > 
> > If you need something else, let me know.
> 
> So that looks like the stack trace from having NO_ERROR enabled can you
> provide one for the crash that happens when NO_ERROR is disabled.

I'll do it later when I'll get back from work.
Comment 11 Erik Faye-Lund 2017-09-05 14:12:57 UTC
(In reply to Timothy Arceri from comment #9)
> (In reply to Erik Faye-Lund from comment #8)
> > Something like this?
> > 
> > ---8<---
> > 
> > diff --git a/src/mesa/main/uniform_query.cpp
> > b/src/mesa/main/uniform_query.cpp
> > index c6488325a8..642c93270f 100644
> > --- a/src/mesa/main/uniform_query.cpp
> > +++ b/src/mesa/main/uniform_query.cpp
> > @@ -911,6 +911,9 @@ _mesa_uniform(GLint location, GLsizei count, const
> > GLvoid *values,
> >  
> >     struct gl_uniform_storage *uni;
> >     if (_mesa_is_no_error_enabled(ctx)) {
> > +      if (location == -1)
> > +         return;
> > +
> >        uni = shProg->UniformRemapTable[location];
> >  
> >        /* The array index specified by the uniform location is just the
> > 
> > ---8<---
> 
> This was already fixed.

OK, then I guess this commit was a false positive when bisecting, because it wasn't fixed in the commit this was tested against.
Comment 12 Alexandre Demers 2017-09-05 14:22:56 UTC
(In reply to Erik Faye-Lund from comment #11)
> (In reply to Timothy Arceri from comment #9)
> > (In reply to Erik Faye-Lund from comment #8)
> > > Something like this?
> > > 
> > > ---8<---
> > > 
> > > diff --git a/src/mesa/main/uniform_query.cpp
> > > b/src/mesa/main/uniform_query.cpp
> > > index c6488325a8..642c93270f 100644
> > > --- a/src/mesa/main/uniform_query.cpp
> > > +++ b/src/mesa/main/uniform_query.cpp
> > > @@ -911,6 +911,9 @@ _mesa_uniform(GLint location, GLsizei count, const
> > > GLvoid *values,
> > >  
> > >     struct gl_uniform_storage *uni;
> > >     if (_mesa_is_no_error_enabled(ctx)) {
> > > +      if (location == -1)
> > > +         return;
> > > +
> > >        uni = shProg->UniformRemapTable[location];
> > >  
> > >        /* The array index specified by the uniform location is just the
> > > 
> > > ---8<---
> > 
> > This was already fixed.
> 
> OK, then I guess this commit was a false positive when bisecting, because it
> wasn't fixed in the commit this was tested against.

By the way, if it was fixed, the fix may be occulted by Bug 102502. I first reported 102502, which kills Kodi at launch, and I ended up finding the current bug (102530) while bisecting the first one. Fixing 102502 may show that the current bug is already fix then.
Comment 13 Alexandre Demers 2017-09-05 23:07:05 UTC
Created attachment 133983 [details]
Kodi segfault with MESA_NO_ERROR=0

Core dump produced by Kodi when MESA_NO_ERROR=0
Comment 14 Tapani Pälli 2017-09-06 05:02:21 UTC
(In reply to Alexandre Demers from comment #13)
> Created attachment 133983 [details]
> Kodi segfault with MESA_NO_ERROR=0
> 
> Core dump produced by Kodi when MESA_NO_ERROR=0

Have you tried it Kodi works with current Mesa? This backtrace is also made with old Mesa so whatever the problem is it might have been fixed already.
Comment 15 Erik Faye-Lund 2017-09-06 09:40:51 UTC
(In reply to Alexandre Demers from comment #13)
> Created attachment 133983 [details]
> Kodi segfault with MESA_NO_ERROR=0
> 
> Core dump produced by Kodi when MESA_NO_ERROR=0


You still somehow ended up inside the _mesa_is_no_error_enabled-code-path. So I guess Kodi enables the no-error extension. In either case, this problem was fixed in commit f25b2f76b03.
Comment 16 Michel Dänzer 2017-09-06 10:06:46 UTC
AFAIK MESA_NO_ERROR=0 currently enables the "no error" behaviour — the code only checks that the environment variable is set to any value.

Ideally, MESA_NO_ERROR=0 should disable the "no error" behaviour, even if the application tries to enable it. Or there needs to be some other mechanism for that.
Comment 17 Alexandre Demers 2017-09-06 13:03:57 UTC
(In reply to Tapani Pälli from comment #14)
> (In reply to Alexandre Demers from comment #13)
> > Created attachment 133983 [details]
> > Kodi segfault with MESA_NO_ERROR=0
> > 
> > Core dump produced by Kodi when MESA_NO_ERROR=0
> 
> Have you tried it Kodi works with current Mesa? This backtrace is also made
> with old Mesa so whatever the problem is it might have been fixed already.

Yes, but as stated previously, bug 102502 prevents me from being sure f25b2f76b03 fixed the issue.
Comment 18 Alexandre Demers 2017-09-06 13:05:59 UTC
(In reply to Erik Faye-Lund from comment #15)
> (In reply to Alexandre Demers from comment #13)
> > Created attachment 133983 [details]
> > Kodi segfault with MESA_NO_ERROR=0
> > 
> > Core dump produced by Kodi when MESA_NO_ERROR=0
> 
> 
> You still somehow ended up inside the _mesa_is_no_error_enabled-code-path.
> So I guess Kodi enables the no-error extension. In either case, this problem
> was fixed in commit f25b2f76b03.

Good to know, it had been committed after commit associated with bug 102502, so this could be indeed fixed.
Comment 19 Alexandre Demers 2017-09-06 13:06:57 UTC
(In reply to Michel Dänzer from comment #16)
> AFAIK MESA_NO_ERROR=0 currently enables the "no error" behaviour — the code
> only checks that the environment variable is set to any value.
> 

This is a problem.

> Ideally, MESA_NO_ERROR=0 should disable the "no error" behaviour, even if
> the application tries to enable it. Or there needs to be some other
> mechanism for that.

Indeed.
Comment 20 Alexandre Demers 2017-09-06 16:26:23 UTC
Created attachment 134015 [details] [review]
Enable KHR_NO_ERROR only if MESA_NO_ERROR's value is different from 0

From Michel Dänzer's comment, KHR_NO_ERROR is enabled whenever MESA_NO_ERROR is set with no regard to its actual value (which is not the case when set through driconf).

This should take care of the problem, activating KHR_NO_ERROR only if MESA_NO_ERROR is different than 0.

If this is fine, could someone commit it for me?
Comment 21 Emil Velikov 2017-09-06 16:32:20 UTC
The attached patch from Alexandre seems to be a noop.

This series from Eric treats MESA_NO_ERROR as boolean.
https://patchwork.freedesktop.org/series/29888/
Comment 22 Alexandre Demers 2017-09-06 17:40:43 UTC
(In reply to Emil Velikov from comment #21)
> The attached patch from Alexandre seems to be a noop.
> 
> This series from Eric treats MESA_NO_ERROR as boolean.
> https://patchwork.freedesktop.org/series/29888/

I like the boolean usage... and maybe prefer it to my proposed patch.
Comment 23 Alexandre Demers 2017-09-07 00:08:06 UTC
This bug is indeed fixed in latest git commit. And I propose my reviewed-by to Eric's patch if needed for dealing with the actuel MESA_NO_ERROR's value.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.