Created attachment 67629 [details] sample application to play videos[MP4 with H264 codec] from current directory. It has scrpit file to build and run. Hardware:- Using x86_64 kernel and user land. CPU and GPU: Intel(R) Core(TM) i3-2105 CPU i965 chipset linux 3.5.0 Packages used :- packages are used from http://intellinuxgraphics.org/2012.07.html . Driver name: intel-driver Driver source code repository: http://cgit.freedesktop.org/vaapi/intel-driver/ Driver version: 1.0.18 (latest stable) Crash Details:- when we run the sample application[wall] to play videos with hw accelerated support for decoding [gst-vaapi] and render through cluttersink the application crashes randomly with the following error wall: intel_bufmgr_gem.c:1116: drm_intel_gem_bo_unreference: Assertion`((&bo_gem->refcount)->atomic) > 0' failed. Sample application takes .mp4 files with [H264 codec] from the current directory and plays one by one repeatedly. Reproducibility :-80% [sometimes within 5 to 15 mins] Observation:- The problem was observed as a double free triggered by a race condition in gen6_mfd_free_avc_surface. The two functions i965_PutSurface() and i965_EndPicture() from i965_drv_video.c directly/indirectly calls gen6_mfd_free_avc_surface() simultanelously from two threads. One of the functions unreferences the variable "gen6_avc_surface->dmv_top" and at the same time other function gets assertion saying reference count as zero. If we bypass this assertion, after null check for the variable "gen6_avc_surface" in function gen6_mfd_free_avc_surface() both i965_PutSurface() and i965_EndPicture() functions try to free the same pointer. Solution:- We fixed this issue by adding mutex in the function gen6_mfd_free_avc_surface().
Created attachment 67728 [details] Kernel configuration file. 3.5.0 kernel configuration file.
OS: vanilla 3.5.0 linux kernel No external patch were applied to the kernel We are using 3rd party drivers for which we have full source code.
(In reply to comment #0) > Solution:- > We fixed this issue by adding mutex in the function > gen6_mfd_free_avc_surface(). Where is the patch ?
Created attachment 67759 [details] Patch for mutex in gen6_mfd_free_avc_surface patch contains mutex added in the gen6_mfd_free_avc_surface function.
Created attachment 68477 [details] updated patch Fix was incomplete in previous patch . so updated it
The packages used are clutter-gst: 1.5.6 gstreamer-0.10.36 gst-plugins-base-0.10.36 gst-plugins-bad-0.10.23 gst-plugins-good-0.10.31 gst-plugins-ugly-0.10.19 gstreamer-vaapi:0.10 verison 0.3.7 libva-1.1.0 intel-driver 1.0.18 xorg-server-1.12.1 linux 3.5.0
The patch looks good to me although I still can't reproduce the issue. I pushed your patch with some modification to fix the same issue on other platforms Thanks a lot.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.