111414 – [REGRESSION] [BISECTED] Segmentation fault in si_bind_blend_state after removal of the blend state NULL check

Bug 111414 - [REGRESSION] [BISECTED] Segmentation fault in si_bind_blend_state after removal of the blend state NULL check

Summary: [REGRESSION] [BISECTED] Segmentation fault in si_bind_blend_state after remov...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mesa
Classification:	Unclassified
Component:	Drivers/Gallium/radeonsi (show other bugs)
Version:	git
Hardware:	x86-64 (AMD64) Linux (All)

Importance:	medium normal
Assignee:	Default DRI bug account
QA Contact:	Default DRI bug account

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2019-08-17 20:59 UTC by Edmondo Tommasina
Modified:	2019-08-30 09:44 UTC (History)
CC List:	1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
Backtrace (8.21 KB, text/plain) 2019-08-17 20:59 UTC, Edmondo Tommasina	Details
possible fix (1.83 KB, patch) 2019-08-19 18:43 UTC, Marek Olšák	Details \| Splinter Review
View All

Description Edmondo Tommasina 2019-08-17 20:59:33 UTC

Created attachment 145084 [details]
Backtrace

vlc using vdpau received signal SIGSEGV after the removal of the blend state NULL check.

Bisected to:

https://gitlab.freedesktop.org/mesa/mesa/commit/b758eed9c373db14a5acc04d9522ec9d74e51f1b

commit b758eed9c373db14a5acc04d9522ec9d74e51f1b (HEAD, refs/bisect/bad)
Author: Marek Olšák <marek.olsak@amd.com>
Date:   Tue Jul 30 17:43:41 2019 -0400

    radeonsi: make sure that blend state != NULL and remove all NULL checking
    
    Reviewed-by: Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer@amd.com>




The backtrace shows old_blend = 0x0 where the new code doesn't check old_blend anymore:
+       if (old_blend->cb_target_mask != blend->cb_target_mask ||


Full backtrace attached, here an extract:

0x00007fff60e6497b in si_bind_blend_state (ctx=0x7fff58468f20, state=<optimized out>) at ../mesa-9999/src/gallium/drivers/radeonsi/si_state.c:686
686     ../mesa-9999/src/gallium/drivers/radeonsi/si_state.c: No such file or directory.
(gdb) bt full
#0  0x00007fff60e6497b in si_bind_blend_state (ctx=0x7fff58468f20, state=<optimized out>) at ../mesa-9999/src/gallium/drivers/radeonsi/si_state.c:686
        sctx = 0x7fff58468f20
        old_blend = 0x0
        blend = 0x7fff584f2220
#1  0x00007fff60cea216 in draw_layers (dirty=0x7fff584099b8, s=0x7fff584fbf60, c=0x7fff58409788) at ../mesa-9999/src/gallium/auxiliary/vl/vl_compositor_gfx.c:662
        layer = 0x7fff584fbf98
        samplers = 0x7fff584fbfe8
        num_sampler_views = 1
        blend = <optimized out>
        vb_index = 0
        i = 0
        vb_index = <optimized out>
        i = <optimized out>
        layer = <optimized out>
        samplers = <optimized out>
        num_sampler_views = <optimized out>
        blend = <optimized out>
        drawn = <optimized out>
#2  vl_compositor_gfx_render (s=s@entry=0x7fff584fbf60, c=c@entry=0x7fff58409788, dst_surface=dst_surface@entry=0x7fff58530980, dirty_area=0x7fff584099b8, dirty_area@entry=0x1, clear_dirty=<optimized out>)
    at ../mesa-9999/src/gallium/auxiliary/vl/vl_compositor_gfx.c:725
No locals.
#3  0x00007fff60ce462c in vl_compositor_render (clear_dirty=true, dirty_area=0x1, dst_surface=0x7fff58530980, c=0x7fff58409788, s=0x7fff584fbf60) at ../mesa-9999/src/gallium/auxiliary/vl/vl_compositor.c:755
No locals.
#4  vl_compositor_render (s=s@entry=0x7fff584fbf60, c=c@entry=0x7fff58409788, dst_surface=dst_surface@entry=0x7fff5866b060, dirty_area=dirty_area@entry=0x7fff584099b8, clear_dirty=clear_dirty@entry=true)
    at ../mesa-9999/src/gallium/auxiliary/vl/vl_compositor.c:744
No locals.
#5  0x00007fff60cda6ae in vlVdpPresentationQueueDisplay (presentation_queue=<optimized out>, surface=4, clip_width=<optimized out>, clip_height=0, earliest_presentation_time=36232721127000)
    at ../mesa-9999/src/gallium/state_trackers/vdpau/presentation.c:262
        dump_window = -1
        pq = 0x7fff584fbf50
        surf = 0x7fff585043d0
        pipe = 0x7fff58468f20
        tex = 0x7fff58530980
        surf_templ = {reference = {count = 0}, format = PIPE_FORMAT_B8G8R8X8_UNORM, writable = 0, texture = 0x0, context = 0x0, width = 0, height = 0, nr_samples = 0, u = {tex = {level = 0, first_layer = 0, last_layer = 0}, buf = {
              first_element = 0, last_element = 0}}}
        surf_draw = 0x7fff5866b060
        src_rect = {x0 = 0, x1 = 1658, y0 = 0, y1 = 933}
        dst_clip = {x0 = 0, x1 = 1658, y0 = 0, y1 = 933}
        dirty_area = 0x7fff584099b8
        compositor = 0x7fff58409788
        cstate = 0x7fff584fbf60
        vscreen = 0x7fff58409900

Comment 1 Marek Olšák 2019-08-19 18:43:20 UTC

Created attachment 145103 [details] [review]
possible fix

Does the attached patch fix it?

Comment 2 Edmondo Tommasina 2019-08-19 19:27:59 UTC

Thanks. Yes, the attached patch fix the it.

Comment 3 Dieter Nützel 2019-08-20 04:37:42 UTC

(In reply to Marek Olšák from comment #1)
> Created attachment 145103 [details] [review] [review]
> possible fix
> 
> Does the attached patch fix it?

Yes, it fixed vdpau with Mplayer for me.

mplayer -vo vdpau /data/Filme/test.mkv > & /dev/null

Soo...

Tested-by: Dieter Nützel <Dieter@nuetzel-hh.de>

But

mpv -hwdec vdpau /data/Filme/test.mkv > & /dev/null
Abbruch (core dumped)

Have to bisect.

Comment 4 Edmondo Tommasina 2019-08-20 21:17:14 UTC

@Dieter: I cannot reproduce your issue with mpv and Marek's patch applied. It looks good.

$ mpv -hwdec mytest.mkv 
Playing: mytest.mkv
 (+) Video --vid=1 (*) (h264 1280x720 23.976fps)
 (+) Audio --aid=1 --alang=eng (*) (aac 2ch 44100Hz)
     Subs  --sid=1 --slang=eng (subrip)
File tags:
 Title: mytest
Using hardware decoding (vdpau).
AO: [pulse] 44100Hz stereo 2ch float
VO: [gpu] 1280x720 vdpau[yuv420p]
AV: 00:00:32 / 00:42:26 (1%) A-V:  0.000

Comment 5 Dieter Nützel 2019-08-20 22:44:48 UTC

Hello Edmondo,

thank you for your comment.

Now, I get this:

mpv -hwdec /data/Filme/test.mkv
Playing: /data/Filme/test.mkv
 (+) Video --vid=1 (*) 'OceanWorld.2D.2009.BluRay.1080p.AC3.x264-CHD' (h264 1920x1080 24.000fps)
 (+) Audio --aid=1 --alang=eng (*) 'AC3 5.1 channels, 640kbps' (ac3 6ch 48000Hz)
File tags:
 Title: 深海探奇 2D
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: option value of option mesa_glthread ignored.
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: option value of option mesa_glthread ignored.
mesa: for the   --simplifycfg-sink-common option: may only occur zero or one times!
mesa: for the   --global-isel-abort option: may only occur zero or one times!
mpv: ../src/gallium/state_trackers/vdpau/vdpau_private.h:138: FormatYCBCRToPipe: Assertion `0' failed.
Abbruch (core dumped)

Comment 6 Dieter Nützel 2019-08-27 21:28:19 UTC

(gdb) bt full
#0  0x00007f2ec9e5ddd1 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007f2ec9e47549 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007f2ec9e47421 in __assert_fail_base.cold () from /lib64/libc.so.6
No symbol table info available.
#3  0x00007f2ec9e56322 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4  0x00007f2e66d99c16 in FormatYCBCRToPipe (vdpau_format=7)
    at ../src/gallium/state_trackers/vdpau/vdpau_private.h:138
        __PRETTY_FUNCTION__ = "FormatYCBCRToPipe"
#5  0x00007f2e66d9a00e in vlVdpVideoSurfaceQueryGetPutBitsYCbCrCapabilities (device=1, 
    surface_chroma_type=2, bits_ycbcr_format=7, is_supported=0x7f2eba775630)
    at ../src/gallium/state_trackers/vdpau/query.c:157
        dev = 0x7f2ea802fbf0
        pscreen = 0x7f2ea8571b20
#6  0x00007f2ec7e4aa95 in ?? () from /usr/lib64/libavutil.so.56
No symbol table info available.
#7  0x00007f2ec7e4593e in av_hwdevice_ctx_init () from /usr/lib64/libavutil.so.56
No symbol table info available.
#8  0x000055e6b254ca9d in mp_vdpau_create_device_x11 ()

Comment 7 Dieter Nützel 2019-08-29 21:16:23 UTC

@Marek

This one could be CLOSED.
Your commit SOLVED it.

My reported 'mpv' bug is compilation related.

mpv: ../src/gallium/state_trackers/vdpau/vdpau_private.h:138: FormatYCBCRToPipe: Assertion `0' failed.

openSUSE Tumbleweed's Mesa 19.1.5 fine (release ?!).

Mesa git with LLVM 10.0.0, gcc 9.1.1

meson ../ --strip --buildtype release ... is fine, too.

But

meson ../ --strip --buildtype debugoptimized ... is brocken, now.

Worked for ages, before.

Comment 8 Edmondo Tommasina 2019-08-29 21:36:36 UTC

Thanks Dieter for clarifying.

Patch got merged in mesa:
https://gitlab.freedesktop.org/mesa/mesa/commit/f95a28d3

I'm closing this issue. Thanks for the fix.

Comment 9 Michel Dänzer 2019-08-30 09:44:55 UTC

(In reply to Dieter Nützel from comment #7)
> mpv: ../src/gallium/state_trackers/vdpau/vdpau_private.h:138:
> FormatYCBCRToPipe: Assertion `0' failed.
> 
> [...]
> 
> meson ../ --strip --buildtype release ... is fine, too.

Assertions are disabled by default for release builds. The assertion failure is still a bug, though a separate one from that reported here.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.