Bug 94284

Summary: [radeonsi] outlast segfault on start
Product: Mesa Reporter: Laurent carlier <lordheavym>
Component: Drivers/Gallium/radeonsiAssignee: Default DRI bug account <dri-devel>
Status: RESOLVED FIXED QA Contact: Default DRI bug account <dri-devel>
Severity: normal    
Priority: medium CC: EoD, shawn.starr
Version: git   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: Invalid reads flagged by valgrind

Description Laurent carlier 2016-02-24 22:49:00 UTC 
mesa-git master 1807806
llvm-svn master 261647
amdgpu/radeonsi with a R9 380

I have also a segfault with painkiller H&D.

Here is the backtrace for outlast:
--------8<--------
*** WARNING - PATHS MAY NOT BE VALID ***

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe63c1700 (LWP 10294)]
si_bind_sampler_states (ctx=0x1bb4da90, shader=<optimized out>, start=<optimized out>, count=<optimized out>, states=0x2110bd80) at si_descriptors.c:305
305     si_descriptors.c: Aucun fichier ou dossier de ce type.
(gdb) bt
#0  si_bind_sampler_states (ctx=0x1bb4da90, shader=<optimized out>, start=<optimized out>, count=<optimized out>, states=0x2110bd80) at si_descriptors.c:305
#1  0x00007fffeebb6688 in cso_single_sampler_done (shader_stage=<optimized out>, ctx=<optimized out>) at cso_cache/cso_context.c:1215
#2  cso_set_samplers (ctx=ctx@entry=0x2110ba20, shader_stage=shader_stage@entry=1, nr=nr@entry=1, templates=templates@entry=0x7fffe63c08c0) at cso_cache/cso_context.c:1250
#3  0x00007fffeea6a4de in try_pbo_upload_common (ctx=ctx@entry=0x210b4d10, surface=0x7fffa21ae550, xoffset=xoffset@entry=0, yoffset=yoffset@entry=0, upload_width=4, upload_height=4, buffer=0x7fffa21ae310, 
    src_format=PIPE_FORMAT_R16G16B16A16_UINT, buf_offset=0, bytes_per_pixel=8, stride=4, image_height=4) at state_tracker/st_cb_texture.c:1386
#4  0x00007fffeea6e8a7 in st_CompressedTexSubImage (ctx=ctx@entry=0x210b4d10, dims=dims@entry=2, texImage=texImage@entry=0x7fffa21ae4e0, x=x@entry=0, y=y@entry=0, z=z@entry=0, w=16, h=16, d=1, format=190, 
    imageSize=128, data=0x0) at state_tracker/st_cb_texture.c:2031
#5  0x00007fffeea6f392 in st_CompressedTexImage (ctx=0x210b4d10, dims=2, texImage=0x7fffa21ae4e0, imageSize=128, data=0x0) at state_tracker/st_cb_texture.c:2081
#6  0x00007fffee9fd7aa in teximage (ctx=0x210b4d10, compressed=compressed@entry=1 '\001', dims=dims@entry=2, target=3553, level=2, internalFormat=33777, width=16, height=16, depth=1, border=0, format=0, 
    type=0, imageSize=128, pixels=0x0) at main/teximage.c:2966
#7  0x00007fffeea0122e in _mesa_CompressedTexImage2D (target=<optimized out>, level=<optimized out>, internalFormat=<optimized out>, width=<optimized out>, height=<optimized out>, border=<optimized out>, 
    imageSize=128, data=0x0) at main/teximage.c:4352
#8  0x00000000024ebcdc in TOpenGLTexture<(ERHIResourceTypes)18>::UpdateMip(unsigned int, unsigned int, unsigned char*, unsigned int) ()
#9  0x00000000024ec0c5 in TOpenGLTexture<(ERHIResourceTypes)18>::Unlock(unsigned int, unsigned int) ()
#10 0x0000000001b1f33d in FTexture2DResource::InitRHI() ()
#11 0x00000000024128ab in FRenderResource::InitResource() ()
#12 0x000000000241298e in BeginInitResource(FRenderResource*)::InitCommand::Execute() ()
#13 0x0000000001a0f0a1 in RenderingThreadMain() ()
#14 0x0000000001a10949 in FRenderingThread::Run() ()
#15 0x0000000000f9c522 in FRunnableThreadPOSIX::Run() ()
#16 0x0000000000f9cc1e in FRunnableThreadPOSIX::_ThreadProc(void*) ()
#17 0x00007ffff6339424 in start_thread () from /usr/lib/libpthread.so.0
#18 0x00007ffff57dbcbd in clone () from /usr/lib/libc.so.6
(gdb) bt full
#0  si_bind_sampler_states (ctx=0x1bb4da90, shader=<optimized out>, start=<optimized out>, count=<optimized out>, states=0x2110bd80) at si_descriptors.c:305
        slot = 0
        i = <optimized out>
        sctx = 0x1bb4da90
        samplers = <optimized out>
        desc = <optimized out>
        sstates = 0x2110bd80
#1  0x00007fffeebb6688 in cso_single_sampler_done (shader_stage=<optimized out>, ctx=<optimized out>) at cso_cache/cso_context.c:1215
        i = <optimized out>
#2  cso_set_samplers (ctx=ctx@entry=0x2110ba20, shader_stage=shader_stage@entry=1, nr=nr@entry=1, templates=templates@entry=0x7fffe63c08c0) at cso_cache/cso_context.c:1250
        info = 0x2110bd80
        i = 3
        temp = <optimized out>
        error = PIPE_OK
#3  0x00007fffeea6a4de in try_pbo_upload_common (ctx=ctx@entry=0x210b4d10, surface=0x7fffa21ae550, xoffset=xoffset@entry=0, yoffset=yoffset@entry=0, upload_width=4, upload_height=4, buffer=0x7fffa21ae310, 
    src_format=PIPE_FORMAT_R16G16B16A16_UINT, buf_offset=0, bytes_per_pixel=8, stride=4, image_height=4) at state_tracker/st_cb_texture.c:1386
        first_element = 0
        sampler_view = 0x0
        last_element = 15
        templ = {reference = {count = 0}, target = PIPE_BUFFER, format = PIPE_FORMAT_R16G16B16A16_UINT, texture = 0x0, context = 0x0, u = {tex = {first_layer = 0, last_layer = 0, first_level = 15, 
              last_level = 0}, buf = {first_element = 0, last_element = 15}}, swizzle_r = 0, swizzle_g = 1, swizzle_b = 2, swizzle_a = 3}
        sampler = {wrap_s = 0, wrap_t = 0, wrap_r = 0, min_img_filter = 0, min_mip_filter = 0, mag_img_filter = 0, compare_mode = 0, compare_func = 0, normalized_coords = 0, max_anisotropy = 0, 
          seamless_cube_map = 0, lod_bias = 0, min_lod = 0, max_lod = 0, border_color = {f = {0, 0, 0, 0}, i = {0, 0, 0, 0}, ui = {0, 0, 0, 0}}}
        samplers = {0x7fffe63c08d0}
        cso = <optimized out>
        pipe = <optimized out>
        depth = 1
        skip_pixels = 0
        success = false
        constants = {xoffset = 0, yoffset = 0, stride = 8, image_size = 64}
#4  0x00007fffeea6e8a7 in st_CompressedTexSubImage (ctx=ctx@entry=0x210b4d10, dims=dims@entry=2, texImage=texImage@entry=0x7fffa21ae4e0, x=x@entry=0, y=y@entry=0, z=z@entry=0, w=16, h=16, d=1, format=190, 
    imageSize=128, data=0x0) at state_tracker/st_cb_texture.c:2031
        texture = <optimized out>
        pipe = <optimized out>
        screen = <optimized out>
        dst = <optimized out>
        surface = 0x7fffa21ae550
        store = {SkipBytes = 0, CopyBytesPerRow = 32, CopyRowsPerSlice = 4, TotalBytesPerRow = 32, TotalRowsPerSlice = 4, CopySlices = 1}
        copy_format = PIPE_FORMAT_R16G16B16A16_UINT
        buf_offset = 0
        success = false
#5  0x00007fffeea6f392 in st_CompressedTexImage (ctx=0x210b4d10, dims=2, texImage=0x7fffa21ae4e0, imageSize=128, data=0x0) at state_tracker/st_cb_texture.c:2081
No locals.
#6  0x00007fffee9fd7aa in teximage (ctx=0x210b4d10, compressed=compressed@entry=1 '\001', dims=dims@entry=2, target=3553, level=2, internalFormat=33777, width=16, height=16, depth=1, border=0, format=0, 
    type=0, imageSize=128, pixels=0x0) at main/teximage.c:2966
        texImage = <optimized out>
        func = 0x7fffeef85e65 "glCompressedTexImage"
        unpack_no_border = {Alignment = 0, RowLength = 0, SkipPixels = 34, SkipRows = 0, ImageHeight = 1026, SkipImages = 0, SwapBytes = 230 '\346', LsbFirst = 241 '\361', Invert = 242 '\362', 
          CompressedBlockWidth = 32767, CompressedBlockHeight = 0, CompressedBlockDepth = 0, CompressedBlockSize = -1575296272, BufferObj = 0xd0}
        unpack = 0x210d0080
        texObj = 0x7fffa21ab5a0
        texFormat = MESA_FORMAT_RGBA_DXT1
        dimensionsOK = 1 '\001'
        sizeOK = <optimized out>
#7  0x00007fffeea0122e in _mesa_CompressedTexImage2D (target=<optimized out>, level=<optimized out>, internalFormat=<optimized out>, width=<optimized out>, height=<optimized out>, border=<optimized out>, 
    imageSize=128, data=0x0) at main/teximage.c:4352
No locals.
#8  0x00000000024ebcdc in TOpenGLTexture<(ERHIResourceTypes)18>::UpdateMip(unsigned int, unsigned int, unsigned char*, unsigned int) ()
No symbol table info available.
#9  0x00000000024ec0c5 in TOpenGLTexture<(ERHIResourceTypes)18>::Unlock(unsigned int, unsigned int) ()
No symbol table info available.
#10 0x0000000001b1f33d in FTexture2DResource::InitRHI() ()
No symbol table info available.
#11 0x00000000024128ab in FRenderResource::InitResource() ()
No symbol table info available.
#12 0x000000000241298e in BeginInitResource(FRenderResource*)::InitCommand::Execute() ()
No symbol table info available.
#13 0x0000000001a0f0a1 in RenderingThreadMain() ()
No symbol table info available.
#14 0x0000000001a10949 in FRenderingThread::Run() ()
No symbol table info available.
#15 0x0000000000f9c522 in FRunnableThreadPOSIX::Run() ()
No symbol table info available.
#16 0x0000000000f9cc1e in FRunnableThreadPOSIX::_ThreadProc(void*) ()
No symbol table info available.
#17 0x00007ffff6339424 in start_thread () from /usr/lib/libpthread.so.0
No symbol table info available.
#18 0x00007ffff57dbcbd in clone () from /usr/lib/libc.so.6
No symbol table info available.
(gdb) q
A debugging session is active.

        Inferior 1 [process 10248] will be killed.

Quit anyway? (y or n) y
Game removed: AppID 238320 "Outlast", ProcID 10248 
--------8<--------
Comment 1 Laurent carlier 2016-02-25 15:31:09 UTC 
Bisect gives me:

2b938a390c15a06be8cf706083890c822979508f is the first bad commit
commit 2b938a390c15a06be8cf706083890c822979508f
Author: Ilia Mirkin <imirkin@alum.mit.edu>
Date:   Thu Feb 18 01:04:13 2016 -0500

    st/mesa: fix pbo uploads
    
     - LOD must be provided in .w for TXF (even for buffer textures)
     - User buffer must be valid at draw time
     - Must have a sampler associated with the sampler view
    
    This makes PBO uploads work again on nouveau.
    
    Signed-off-by: Ilia Mirkin <imirkin@alum.mit.edu>
    Reviewed-by: Nicolai Hähnle <nicolai.haehnle@amd.com>

:040000 040000 ee1148bebe6a6658a6c4e26b9841e7eaf22805a3 3f90d6d20a63250fd784635976063f2da23217e2 M      src
Comment 2 Laurent carlier 2016-02-25 16:28:35 UTC 
I can reproduce the segfault with this apitrace:
https://drive.google.com/file/d/0B1WCo3k21FK3RTVReVl3TkRZY3M/view?usp=sharing
Comment 3 Michel Dänzer 2016-02-26 09:30:43 UTC 
Created attachment 121980 [details]
Invalid reads flagged by valgrind

I got these when replaying the apitrace from bug 94242. Looks like there may be some sampler view / resource referencing imbalance somewhere, resulting in the radeonsi driver accessing memory of a resource which was already destroyed.
Comment 4 Michel Dänzer 2016-02-29 01:24:19 UTC 
*** Bug 94326 has been marked as a duplicate of this bug. ***
Comment 5 Nicolai Hähnle 2016-03-13 15:01:56 UTC 
Fixed by commit 28d2a7e67 "radeonsi: avoid crash when a sampler state is bound for a buffer texture"
Comment 6 EoD 2016-03-13 19:03:41 UTC 
(In reply to Nicolai Hähnle from comment #5)
> Fixed by commit 28d2a7e67 "radeonsi: avoid crash when a sampler state is
> bound for a buffer texture"

The commit fixes my apitrace ARK-replay of bug 94326, though ARK still crashes now with:

Mesa: User error: GL_OUT_OF_MEMORY in glMapBufferRange(map failed)
Assertion failed: Data != NULL [File:Runtime/OpenGLDrv/Public/OpenGLResources.h] [Line: 231] 
Signal 11 caught.
Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged.
LowLevelFatalError [File:C:\SVN_Ark\Engine\Source\Runtime\Core\Private\GenericPlatform\GenericPlatformMemory.cpp] [Line: 51] 
Ran out of memory allocating 65536 bytes with alignment 0
Using binned.
4.5.1-0+UE4 7038 3077 402 5

Is this related?
Comment 7 Nicolai Hähnle 2016-03-14 02:21:08 UTC 
Almost certainly not, please open a separate bug report.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.