Bug 46766 - glxgears and other GL applications crash with "intel_do_flush_locked failed: Invalid argument"
Summary: glxgears and other GL applications crash with "intel_do_flush_locked failed: ...
Status: RESOLVED FIXED
Alias: None
Product: Mesa
Classification: Unclassified
Component: Drivers/DRI/i965 (show other bugs)
Version: 8.0
Hardware: x86-64 (AMD64) Linux (All)
: medium major
Assignee: Kenneth Graunke
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-02-29 04:36 UTC by Samuel Rødal
Modified: 2012-03-21 11:24 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Samuel Rødal 2012-02-29 04:36:31 UTC 
dmesg shows the following error: [  378.236766] [drm:i915_gem_execbuffer_relocate_entry] *ERROR* Relocation beyond target object bounds: obj ffff8801f0bbbc00 target 1 delta 32769 size 32768.

Hardware is 2600k, kernel is 2.6.38-3-generic, running Ubuntu 10.10.

This seems to happen because DRM_IOCTL_I915_GEM_EXECBUFFER2 fails.

git bisect shows that the crash was introduced with c25e5300cba7628b58df93ead14ebc3cc32f338c

Backtrace:

#0  do_flush_locked (intel=0x627950) at intel_batchbuffer.c:165
#1  0x00007ffff3b6f2ff in _intel_batchbuffer_flush (intel=0x627950, file=0x7ffff3c09d75 "intel_context.c", line=526) at intel_batchbuffer.c:240
#2  0x00007ffff3b74731 in _intel_flush (ctx=0x627950, file=0x7ffff3c09d75 "intel_context.c", line=526) at intel_context.c:518
#3  0x00007ffff3b74767 in intel_glFlush (ctx=0x627950) at intel_context.c:526
#4  0x00007ffff3646b17 in _mesa_flush (ctx=0x627950) at main/context.c:1647
#5  0x00007ffff3646cd3 in _mesa_Flush () at main/context.c:1679
#6  0x00007ffff76d5b83 in glFlush () at ../../../src/mapi/glapi/glapi_mapi_tmp.h:2920
#7  0x00007ffff768e84a in glXSwapBuffers (dpy=0x606010, drawable=60817410) at glxcmds.c:809
#8  0x000000000040324f in ?? ()
#9  0x00007ffff6b05d8e in __libc_start_main (main=<value optimized out>, argc=<value optimized out>, ubp_av=<value optimized out>, init=<value optimized out>, fini=<value optimized out>, 
    rtld_fini=<value optimized out>, stack_end=0x7fffffffdee8) at libc-start.c:226
#10 0x0000000000401749 in ?? ()
#11 0x00007fffffffdee8 in ?? ()
#12 0x000000000000001c in ?? ()
#13 0x0000000000000001 in ?? ()
#14 0x00007fffffffe23f in ?? ()
#15 0x0000000000000000 in ?? ()
Comment 1 Daniel Vetter 2012-02-29 04:41:59 UTC 
commit c25e5300cba7628b58df93ead14ebc3cc32f338c
Author: Kenneth Graunke <kenneth@whitecape.org>
Date:   Fri Jan 20 03:33:40 2012 -0800

    i965: Fix border color on Sandybridge and Ivybridge.

... looks like Ken botched checking for older kernels that don't allow relocs beyond the end of the buffer.
Comment 2 Kenneth Graunke 2012-02-29 13:02:28 UTC 
Thanks Daniel, I had no idea that was a new kernel feature.

Fixed in Mesa master by:

commit b2ace06cbbbb1021e2d7ace12a985c6406821939
Author: Kenneth Graunke <kenneth@whitecape.org>
Date:   Wed Feb 29 12:32:41 2012 -0800

    i965: Fix Gen6+ dynamic state upper bound on older kernels.
    
    Kernels prior to 271d81b84171d84723357ae6d172ec16b0d8139c (March 2011)
    don't support relocations outside of the target buffer object.  Rather
    than guarding this with a I915_PARAM_HAS_RELAXED_DELTA check, just
    smash the bound to 0xfffff001 like we do on Ironlake.
    
    This effectively gives us no upper bound check, just like we did prior
    to commit 271d81b84171d84723357ae6d172ec16b0d8139c.
    
    Daniel Vetter would also like to mention that this relies on the guard
    page at the end of the GTT.
    
    NOTE: This is a candidate for release branches.
    Fixes a regression since 271d81b84171d84723357ae6d172ec16b0d8139c.
    
    Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=46766
    Signed-off-by: Kenneth Graunke <kenneth@whitecape.org>
    Reviewed-by: Eric Anholt <eric@anholt.net>
    Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>

I'll cherry-pick it to 8.0 in a few days, barring any problems.
Comment 3 Kenneth Graunke 2012-03-21 11:24:39 UTC 
Oops.  This got cherry-picked a while ago as commit 3d036f3f0aa7360c58d76b3f5114e1cf8c32260c.  Closing.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.