Bug 24316

Summary: SIGSEGV in radeon_cs_flush_indirect() with recent radeon driver and firefox.
Product: xorg Reporter: Lukasz Krotowski <lukasz.krotowski>
Component: Driver/RadeonAssignee: xf86-video-ati maintainers <xorg-driver-ati>
Status: RESOLVED FIXED QA Contact: Xorg Project Team <xorg-team>
Severity: critical    
Priority: medium CC: ghepeu, jafeiner
Version: git   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments:
Description Flags
Gdb log with faulty radeon driver.
none
Simple hack preventing SIGSEGV.
none
Stderr with faulty radeon driver.
none
Xorg.0.log with SIGSEGV.
none
Gdb log with faulty radeon driver and -O0.
none
Probable fix none

Description Lukasz Krotowski 2009-10-05 04:14:28 UTC 
When opening onemanga.com (well, probably others too) in firefox Xserver segfaults. 

Radeon version: 9d596562496863d65850306d2126d8df98464de4

Considering gdb backtrace (attached) and recent commits my wild guess is it's connected to:
commit 4b4ce36081ca151c24e028c54b59986f41731a73
Author: Michel Dänzer <daenzer@vmware.com>
Date:   Sat Oct 3 16:33:32 2009 +0200

    R3/5xx EXA: Minimise number of draw primitives used for Composite operations.
    
    This should reduce the kernel CS checker overhead, if nothing else.
    
    I'll leave porting this to other chipset families to others who can test it.

Attached patch fixes SIGSEGV.
Comment 1 Lukasz Krotowski 2009-10-05 04:15:38 UTC 
Created attachment 30069 [details]
Gdb log with faulty radeon driver.

Only radeon driver has debugging symbols included.
Comment 2 Lukasz Krotowski 2009-10-05 04:17:55 UTC 
Created attachment 30070 [details] [review]
Simple hack preventing SIGSEGV.

I can't see any drawbacks of that patch (running it now).
Comment 3 Michel Dänzer 2009-10-05 04:26:37 UTC 
Weird, I suspect it's a bug elsewhere if radeon_cs_flush_indirect() is called with NULL info->cs...

Please attach the full log file from a crash.
Comment 4 Lukasz Krotowski 2009-10-05 04:31:55 UTC 
Created attachment 30071 [details]
Stderr with faulty radeon driver.

Is that enough? Or is Xorg.0.log needed?
Comment 5 Michel Dänzer 2009-10-05 05:42:34 UTC 
(In reply to comment #4)
> Or is Xorg.0.log needed?

The log file would indeed be Xorg.0.log.
Comment 6 Lukasz Krotowski 2009-10-05 05:53:41 UTC 
Created attachment 30073 [details]
Xorg.0.log with SIGSEGV.
Comment 7 Michel Dänzer 2009-10-05 06:01:27 UTC 
Thanks. So you're not using KMS, and I'm really not sure how radeon_cs_flush_indirect() can ever be called in that case... Can you maybe try rebuilding the driver without any optimization (-O0 or no -O flags at all) and provide a gdb backtrace from that?
Comment 8 Lukasz Krotowski 2009-10-05 06:17:50 UTC 
(In reply to comment #7)
> Thanks. So you're not using KMS, and I'm really not sure how
> radeon_cs_flush_indirect() can ever be called in that case... Can you maybe try
> rebuilding the driver without any optimization (-O0 or no -O flags at all) and
> provide a gdb backtrace from that?

Sure. But isn't radeon_cs_flush_indirect() called from RadeonCompositeTileCP(), radeon_exa_render.c:2160 also without KMS?
Comment 9 Lukasz Krotowski 2009-10-05 06:18:39 UTC 
Created attachment 30075 [details]
Gdb log with faulty radeon driver and -O0.

Xserver symbols also included.
Comment 10 Michel Dänzer 2009-10-05 06:31:18 UTC 
Created attachment 30076 [details] [review]
Probable fix

> But isn't radeon_cs_flush_indirect() called from RadeonCompositeTileCP(),
> radeon_exa_render.c:2160 also without KMS?

Ah! Of course, not sure how I managed to miss that before.

Does this patch fix it?
Comment 11 Lukasz Krotowski 2009-10-05 10:00:14 UTC 
(In reply to comment #10)
> Does this patch fix it?

Yes, no segfaults here.
Comment 12 Michel Dänzer 2009-10-05 15:08:51 UTC 
*** Bug 24294 has been marked as a duplicate of this bug. ***
Comment 13 Michel Dänzer 2009-10-05 15:10:34 UTC 
*** Bug 24335 has been marked as a duplicate of this bug. ***
Comment 14 Michel Dänzer 2009-10-05 15:39:26 UTC 
Fixed in commit e59ae08270711512e64b70f79b6476cc2c52d230 .

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.