Bug 85267 - vlc crashes with vdpau (Radeon 3850HD) [r600]
Summary: vlc crashes with vdpau (Radeon 3850HD) [r600]
Status: RESOLVED FIXED
Alias: None
Product: Mesa
Classification: Unclassified
Component: Drivers/Gallium/r600 (show other bugs)
Version: unspecified
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: Default DRI bug account
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-21 02:53 UTC by Arthur Marsh
Modified: 2014-10-22 09:04 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
r600g: Drop references to destroyed blend state (1.33 KB, patch)
2014-10-21 03:42 UTC, Michel Dänzer 		Details | Splinter Review
log file of running valgrind with default options run against mesa rebuilt with patch (13.60 KB, text/plain)
2014-10-21 08:40 UTC, Arthur Marsh 		Details
View All

Description Arthur Marsh 2014-10-21 02:53:00 UTC 
I'm using version 10.3.1-1 on Debian of most mesa-related packages and Linux kernel 3.18.0-rc1 from Linus' git head.

replaying a particular dvd in VLC triggers some errors:

(see also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766058 )

vdpau-related packages are also installed;

when I ran the dvd in VLC under valgrind I encountered:

(comments are from michel@daenzer.net )

> ==13424== Invalid read of size 1
> ==13424==    at 0x1A8789C0: r600_bind_blend_state_internal (in /usr/lib/x86_64-linux-gnu/vdpau/libvdpau_r600.so.1.0.0)
> ==13424==    by 0x1A6723C0: blitter_restore_fragment_states (in /usr/lib/x86_64-linux-gnu/vdpau/libvdpau_r600.so.1.0.0)
> ==13424==    by 0x1A675C47: util_blitter_clear_render_target (in /usr/lib/x86_64-linux-gnu/vdpau/libvdpau_r600.so.1.0.0)
> ==13424==    by 0x1A852985: r600_clear_render_target (in /usr/lib/x86_64-linux-gnu/vdpau/libvdpau_r600.so.1.0.0)
> ==13424==    by 0x1A69D9A9: vl_compositor_render (in /usr/lib/x86_64-linux-gnu/vdpau/libvdpau_r600.so.1.0.0)
> ==13424==    by 0x1A629E96: vlVdpPresentationQueueDisplay (in /usr/lib/x86_64-linux-gnu/vdpau/libvdpau_r600.so.1.0.0)
> ==13424==    by 0x1F2F80A3: Queue (in /usr/lib/vlc/plugins/vdpau/libvdpau_display_plugin.so)
> ==13424==    by 0x30D0E6DB48: ThreadDisplayPicture (in /usr/lib/libvlccore.so.8.0.0)
> ==13424==    by 0x30D0E6DEB2: Thread (in /usr/lib/libvlccore.so.8.0.0)
> ==13424==    by 0x30022080A3: start_thread (pthread_create.c:309)
> ==13424==  Address 0xedfe51d is 61 bytes inside a block of size 64 free'd
> ==13424==    at 0x4A08E90: free (vg_replace_malloc.c:473)
> ==13424==    by 0x1A62C7DD: vlVdpOutputSurfaceRenderBitmapSurface (in /usr/lib/x86_64-linux-gnu/vdpau/libvdpau_r600.so.1.0.0)
> ==13424==    by 0x1F2F8200: Queue (in /usr/lib/vlc/plugins/vdpau/libvdpau_display_plugin.so)
> ==13424==    by 0x30D0E6DB48: ThreadDisplayPicture (in /usr/lib/libvlccore.so.8.0.0)
> ==13424==    by 0x30D0E6DEB2: Thread (in /usr/lib/libvlccore.so.8.0.0)
> ==13424==    by 0x30022080A3: start_thread (pthread_create.c:309)

This looks like a use-after-free bug in the Mesa r600g driver. Can you report this upstream at https://bugs.freedesktop.org/enter_bug.cgi?product=Mesa , component Drivers/Gallium/r600?
Comment 1 Michel Dänzer 2014-10-21 03:42:48 UTC 
Created attachment 108144 [details] [review]
r600g: Drop references to destroyed blend state

Does this patch fix this problem?
Comment 2 Arthur Marsh 2014-10-21 08:40:45 UTC 
Created attachment 108163 [details]
log file of running valgrind with default options run against mesa rebuilt with patch

It appears from this log that the particular error reported in this bug no longer occurs.
Comment 3 Dieter Nützel 2014-10-21 17:17:42 UTC 
Fixed bug 84140, too.
Comment 4 Michel Dänzer 2014-10-22 09:04:05 UTC 
Module: Mesa
Branch: master
Commit: ae879718c4086fc5905070e7f26dfa2757df0c86
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=ae879718c4086fc5905070e7f26dfa2757df0c86

Author: Michel Dänzer <michel.daenzer@amd.com>
Date:   Tue Oct 21 12:40:15 2014 +0900

r600g: Drop references to destroyed blend state

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.