102062 – Segfault at eglCreateContext in android-x86

Bug 102062 - Segfault at eglCreateContext in android-x86

Summary: Segfault at eglCreateContext in android-x86

Status:	RESOLVED FIXED

Alias:	None

Product:	Mesa
Classification:	Unclassified
Component:	Drivers/DRI/i965 (show other bugs)
Version:	git
Hardware:	Other All

Importance:	medium normal
Assignee:	Intel 3D Bugs Mailing List
QA Contact:	Intel 3D Bugs Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-08-06 22:29 UTC by Mauro Rossi
Modified:	2017-08-15 10:57 UTC (History)
CC List:	1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
logcat (305.00 KB, text/plain) 2017-08-06 22:29 UTC, Mauro Rossi	Details
dmesg (76.08 KB, text/plain) 2017-08-06 22:29 UTC, Mauro Rossi	Details
addr2line output (3.90 KB, text/plain) 2017-08-06 22:30 UTC, Mauro Rossi	Details
tombstone (96.46 KB, patch) 2017-08-06 22:30 UTC, Mauro Rossi	Details \| Splinter Review
workaround (1.10 KB, patch) 2017-08-10 11:36 UTC, Tapani Pälli	Details \| Splinter Review
dmesg collected from build with-mesa-dev (75.05 KB, text/plain) 2017-08-15 09:22 UTC, Mauro Rossi	Details
logcat collected from build with-mesa-dev (261.84 KB, text/plain) 2017-08-15 09:23 UTC, Mauro Rossi	Details
addr2line collected from build with-mesa-dev (3.79 KB, text/plain) 2017-08-15 09:23 UTC, Mauro Rossi	Details
View All

Description Mauro Rossi 2017-08-06 22:29:09 UTC

Created attachment 133269 [details]
logcat

Hi,

the issue appeared in the last two days.

--------- beginning of crash
08-06 12:40:10.513  2352  2352 F libc    : Fatal signal 11 (SIGSEGV),
code 1, fault addr 0x42c4 in tid 2352 (surfaceflinger)

08-06 12:40:10.567  2607  2607 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
08-06 12:40:10.567  2607  2607 F DEBUG   : Build fingerprint: 'Android-x86/android_x86_64/x86_64:7.1.2/NZH54B/utente08042339:eng/test-keys'
08-06 12:40:10.567  2607  2607 F DEBUG   : Revision: '0'
08-06 12:40:10.567  2607  2607 F DEBUG   : ABI: 'x86_64'
08-06 12:40:10.567  2607  2607 F DEBUG   : pid: 2352, tid: 2352, name: surfaceflinger  >>> /system/bin/surfaceflinger <<<
08-06 12:40:10.567  2607  2607 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x42c4
08-06 12:40:10.567  2607  2607 F DEBUG   :     rax 0000000000004200  rbx 000072ecccc31198  rcx 0000000000000009  rdx ffffffffffffffb0
08-06 12:40:10.567  2607  2607 F DEBUG   :     rsi 0000000000000000  rdi 000072ecce226208
08-06 12:40:10.567  2607  2607 F DEBUG   :     r8  0000000000000f00  r9  00007ffc53933920  r10 0000000000003000  r11 000072ecccc03318
08-06 12:40:10.567  2607  2607 F DEBUG   :     r12 000072ecce285838  r13 0000000000000010  r14 000072ecce278600  r15 000072ecce227b70
08-06 12:40:10.567  2607  2607 F DEBUG   :     cs  0000000000000033  ss  000000000000002b
08-06 12:40:10.567  2607  2607 F DEBUG   :     rip 000072eccd530588  rbp 0000000000000001  rsp 00007ffc53934300  eflags 0000000000010246
08-06 12:40:10.574  2607  2607 F DEBUG   : 
08-06 12:40:10.574  2607  2607 F DEBUG   : backtrace:
08-06 12:40:10.574  2607  2607 F DEBUG   :     #00 pc 0000000000088588  /system/lib64/dri/i965_dri.so
08-06 12:40:10.574  2607  2607 F DEBUG   :     #01 pc 000000000006a5f8  /system/lib64/dri/i965_dri.so
08-06 12:40:10.574  2607  2607 F DEBUG   :     #02 pc 00000000002e4c48  /system/lib64/dri/i965_dri.so
08-06 12:40:10.574  2607  2607 F DEBUG   :     #03 pc 0000000000012da4  /system/lib64/egl/libGLES_mesa.so
08-06 12:40:10.574  2607  2607 F DEBUG   :     #04 pc 0000000000005a14  /system/lib64/egl/libGLES_mesa.so (eglCreateContext+356)
08-06 12:40:10.574  2607  2607 F DEBUG   :     #05 pc 0000000000015b9d  /system/lib64/libEGL.so (eglCreateContext+141)
08-06 12:40:10.574  2607  2607 F DEBUG   :     #06 pc 000000000003e542  /system/lib64/libsurfaceflinger.so
08-06 12:40:10.574  2607  2607 F DEBUG   :     #07 pc 0000000000044448  /system/lib64/libsurfaceflinger.so (_ZN7android14SurfaceFlinger4initEv+936)
08-06 12:40:10.574  2607  2607 F DEBUG   :     #08 pc 000000000000130d  /system/bin/surfaceflinger
08-06 12:40:10.574  2607  2607 F DEBUG   :     #09 pc 000000000001c994  /system/lib64/libc.so (__libc_init+84)
08-06 12:40:10.574  2607  2607 F DEBUG   :     #10 pc 00000000000011c4  /system/bin/surfaceflinger

Here follows addr2line with source/function/line involved:

utente@utente-System-Product-Name:~/nougat-x86$ addr2line -Cfe out/target/product/x86_64/symbols/system/lib64/dri/i965_dri.so
0000000000088588
intel_batchbuffer_init
/proc/self/cwd/external/mesa/src/mesa/drivers/dri/i965/intel_batchbuffer.c:90
000000000006a5f8
brwCreateContext
/proc/self/cwd/external/mesa/src/mesa/drivers/dri/i965/brw_context.c:937
00000000002e4c48
driCreateContextAttribs
/proc/self/cwd/external/mesa/src/mesa/drivers/dri/common/dri_util.c:452
^C

utente@utente-System-Product-Name:~/nougat-x86$ addr2line -Cfe out/target/product/x86_64/symbols/system/lib64/egl/libGLES_mesa.so
0000000000012da4
dri2_create_context
/proc/self/cwd/external/mesa/src/egl/drivers/dri2/egl_dri2.c:1244
^C

Mauro
android-x86 team

Comment 1 Mauro Rossi 2017-08-06 22:29:46 UTC

Created attachment 133270 [details]
dmesg

Comment 2 Mauro Rossi 2017-08-06 22:30:13 UTC

Created attachment 133271 [details]
addr2line output

Comment 3 Mauro Rossi 2017-08-06 22:30:36 UTC

Created attachment 133272 [details] [review]
tombstone

Comment 4 Tapani Pälli 2017-08-10 08:36:13 UTC

Yep, I've reproduced this on Android-IA, will attempt to bisect.

Comment 5 Tapani Pälli 2017-08-10 11:36:28 UTC

Created attachment 133424 [details] [review]
workaround

There are 2 places causing a crash in recent batchbuffer changes ... both of them are accessing context like this:

struct brw_context *brw = container_of(batch, brw, batch)

functions are intel_batchbuffer_init and brw_emit_reloc

on the first issue brw->screen can be null, 2nd one I believe happens via initial blorp_clear that calls brw_upload_state_base_address.

Attached a workaround for these.

Comment 6 Tapani Pälli 2017-08-10 11:50:20 UTC

having said that, as a disclaimer this workaround applies on top of commit 29ba502a4e28471f67e4e904ae503157087efd20 which I bisected to be the first one that introduces crashes

Comment 7 Kenneth Graunke 2017-08-12 08:47:50 UTC

Should be fixed by

commit da0840246fd91134a61e35f1bd987d77111aed26
Author: Kenneth Graunke <kenneth@whitecape.org>
Date:   Thu Aug 10 20:47:53 2017 -0700

    i965: Clean up intel_batchbuffer_init().

Comment 8 Mauro Rossi 2017-08-15 09:19:17 UTC

Hi,
The problem is still happening with latest mesa-dev.

Attaching the latest dmesg/logcat/addrline
Mauro

Comment 9 Mauro Rossi 2017-08-15 09:22:24 UTC

Created attachment 133524 [details]
dmesg collected from build with-mesa-dev

Comment 10 Mauro Rossi 2017-08-15 09:23:25 UTC

Created attachment 133525 [details]
logcat collected from build with-mesa-dev

Comment 11 Mauro Rossi 2017-08-15 09:23:50 UTC

Created attachment 133526 [details]
addr2line collected from build with-mesa-dev

Comment 12 Tapani Pälli 2017-08-15 09:36:09 UTC

(In reply to Mauro Rossi from comment #8)
> Hi,
> The problem is still happening with latest mesa-dev.
> 

Huh that's weird, even on the same line. Which git commit is your tree based on?

Comment 13 Mauro Rossi 2017-08-15 09:51:53 UTC

Hi,

apologies my fault,

I had fetched but I had forgot to rebase,
so I was seeing the bug that was been corrected.

Sorry, I guess I can't  open a bug for my brain :-)

Mauro

Comment 14 Tapani Pälli 2017-08-15 10:57:32 UTC

(In reply to Mauro Rossi from comment #13)
> Hi,
> 
> apologies my fault,
> 
> I had fetched but I had forgot to rebase,
> so I was seeing the bug that was been corrected.
> 
> Sorry, I guess I can't  open a bug for my brain :-)
> 
> Mauro

no worries :)

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.