Bug 93723

Summary: vblank_mode=3 segfaults SynMark2 EGL versions to: intelDestroyContext() -> _mesa_meta_free() -> _mesa_make_current()
Product: Mesa Reporter: Eero Tamminen <eero.t.tamminen>
Component: Mesa coreAssignee: mesa-dev
Status: VERIFIED FIXED QA Contact: mesa-dev
Severity: normal    
Priority: medium    
Version: git   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Eero Tamminen 2016-01-15 09:44:08 UTC 
Use case:
- vblank_mode=3 ./synmark2 OglBatch0

Result:
- Segfault in the program startup to NULL pointer access [1] within Mesa.

Notes:
- Mesa version is from today, rest is Ubuntu 15.04
- Crash happens only with EGL (v6.1) version of SynMark, not with the GLX (v6.0) version of SynMark, so this may be EGL specific.
- Other vblank_mode values (0,1,2) work fine.  With them SynMark doesn't call eglDestroyContext() at the startup


Meta gets called from context destroy and tries to do make_current():
------------------------------------------------------
Program received signal SIGSEGV, Segmentation fault.
handle_first_current (ctx=0x7ffff7fa0038) at src/mesa/main/context.c:1620
1620	            buffer = GL_BACK;
(gdb) bt
#0  handle_first_current (ctx=0x7ffff7fa0038) at src/mesa/main/context.c:1620
#1  _mesa_make_current (newCtx=newCtx@entry=0x7ffff7fa0038, drawBuffer=drawBuffer@entry=0x0, readBuffer=readBuffer@entry=0x0)
    at src/mesa/main/context.c:1745
#2  0x00007ffff221426c in _mesa_meta_free (ctx=ctx@entry=0x7ffff7fa0038) at src/mesa/drivers/common/meta.c:440
#3  0x00007ffff2341a07 in intelDestroyContext (driContextPriv=0x8d8870) at src/mesa/drivers/dri/i965/brw_context.c:1009
#4  0x00007ffff23267f3 in driDestroyContext (pcp=0x8d8870) at src/mesa/drivers/dri/common/dri_util.c:478
#5  0x00007ffff6aec409 in dri2_destroy_context (drv=<optimized out>, disp=<optimized out>, ctx=0x8da5c0)
    at src/egl/drivers/dri2/egl_dri2.c:1160
#6  0x00007ffff6ae6d1f in eglDestroyContext (dpy=0x7b9280, ctx=<optimized out>) at src/egl/main/eglapi.c:655
#7  0x00000000004e9030 in Ogl::ContextSys::ContextSys(Ogl::Ext::VersionId, WndHandleSys const&, unsigned int, unsigned int, ApiTypes::ColorFormat,
------------------------------------------------------

[1] This crashes on access to ctx->DrawBuffer which is NULL:
------------------------------------------------------
(gdb) list
1615	    * glDrawBuffers depends on the config of the first surface it is bound to.
1616	    * For GLES it is always GL_BACK which has a magic interpretation */
1617	   if (!ctx->HasConfig && _mesa_is_desktop_gl(ctx)) {
1618	      if (ctx->DrawBuffer != _mesa_get_incomplete_framebuffer()) {
1619	         if (ctx->DrawBuffer->Visual.doubleBufferMode)
1620	            buffer = GL_BACK;
1621	         else
1622	            buffer = GL_FRONT;
1623	
1624	         _mesa_drawbuffers(ctx, ctx->DrawBuffer, 1, &buffer,
(gdb) print ctx->DrawBuffer
$1 = (struct gl_framebuffer *) 0x0
(gdb) disassemble 0x7ffff206e850 , 0x7ffff206e85b
Dump of assembler code from 0x7ffff206e850 to 0x7ffff206e85b:
   0x00007ffff206e850 <_mesa_make_current+704>:	add    %al,(%rax)
   0x00007ffff206e852 <_mesa_make_current+706>:	mov    %rbx,%rdi
=> 0x00007ffff206e855 <_mesa_make_current+709>:	cmpl   $0x1,0x40(%rsi)
   0x00007ffff206e859 <_mesa_make_current+713>:	sbb    %eax,%eax
(gdb) info registers 
rax            0x7ffff2773240	140737261285952
rbx            0x7ffff7fa0038	140737353744440
rcx            0x7fffffffd9d4	140737488345556
rdx            0x1	1
rsi            0x0	0
...
------------------------------------------------------

This is how the code ends here:
------------------------------------------------------
(gdb) up
#1  _mesa_make_current (newCtx=newCtx@entry=0x7ffff7fa0038, drawBuffer=drawBuffer@entry=0x0, readBuffer=readBuffer@entry=0x0)
    at src/mesa/main/context.c:1745
1745	         handle_first_current(newCtx);
(gdb) list
1744	      if (newCtx->FirstTimeCurrent) {
1745	         handle_first_current(newCtx);
1746		 newCtx->FirstTimeCurrent = GL_FALSE;
1747	      }
(gdb) up
#2  0x00007ffff221426c in _mesa_meta_free (ctx=ctx@entry=0x7ffff7fa0038) at src/mesa/drivers/common/meta.c:440
440	   _mesa_make_current(ctx, NULL, NULL);
(gdb) info locals
old_context = 0x0
(gdb) list
437	_mesa_meta_free(struct gl_context *ctx)
438	{
439	   GET_CURRENT_CONTEXT(old_context);
440	   _mesa_make_current(ctx, NULL, NULL);
(gdb) up
#3  0x00007ffff2341a07 in intelDestroyContext (driContextPriv=0x8d8870) at src/mesa/drivers/dri/i965/brw_context.c:1009
1009	   _mesa_meta_free(&brw->ctx);
(gdb) print *ctx
$3 = {Shared = 0x8dd370, API = API_OPENGL_COMPAT, Exec = 0x8fa680, OutsideBeginEnd = 0x8fa680, Save = 0x900920, BeginEnd = 0x8fd7d0, 
  CurrentDispatch = 0x8fa680, Visual = {rgbMode = 0 '\000', floatMode = 0 '\000', doubleBufferMode = 0, stereoMode = 0, 
    haveAccumBuffer = 0 '\000', haveDepthBuffer = 0 '\000', haveStencilBuffer = 0 '\000', redBits = 0, greenBits = 0, blueBits = 0, 
    alphaBits = 0, redMask = 0, greenMask = 0, blueMask = 0, alphaMask = 0, rgbBits = 0, indexBits = 0, accumRedBits = 0, accumGreenBits = 0, 
    accumBlueBits = 0, accumAlphaBits = 0, depthBits = 0, stencilBits = 0, numAuxBuffers = 0, level = 0, visualRating = 0, transparentPixel = 0, 
    transparentRed = 0, transparentGreen = 0, transparentBlue = 0, transparentAlpha = 0, transparentIndex = 0, sampleBuffers = 0, samples = 0, 
    maxPbufferWidth = 0, maxPbufferHeight = 0, maxPbufferPixels = 0, optimalPbufferWidth = 0, optimalPbufferHeight = 0, swapMethod = 0, 
    bindToTextureRgb = 0, bindToTextureRgba = 0, bindToMipmapTexture = 0, bindToTextureTargets = 0, yInverted = 0, sRGBCapable = 0}, 
  DrawBuffer = 0x0, ReadBuffer = 0x0, WinSysDrawBuffer = 0x0, WinSysReadBuffer = 0x0,
...
------------------------------------------------------
Comment 1 Eero Tamminen 2016-08-31 09:55:58 UTC 
Yesterday's Mesa git version still crashes to same issue, also with latest SynMark v7.0.0.
Comment 2 Eero Tamminen 2017-11-27 16:24:59 UTC 
(In reply to Eero Tamminen from comment #1)
> Yesterday's Mesa git version still crashes to same issue, also with latest
> SynMark v7.0.0.


The use-case doesn't crash with latest Mesa and SynMark v7, it says:
----------------------------
ATTENTION: default value of option vblank_mode overridden by environment.
Exception caught: In OglBatch0: Cannot create EGL rendering context: 0x3005
----------------------------

And vblank_mode=3 worked fine with few other EGL programs I tried (glmark2-es2, GLB 2.7), so I'm marking this as fixed.

(No idea why EGL context creation fails with SynMark.)

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.