Bug 92296 - Xorg crashes with reverse PRIME (intel+nouveau) and OpenGL/VA-API
Summary: Xorg crashes with reverse PRIME (intel+nouveau) and OpenGL/VA-API
Status: NEW
Alias: None
Product: xorg
Classification: Unclassified
Component: Driver/intel (show other bugs)
Version: unspecified
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: Chris Wilson
QA Contact: Intel GFX Bugs mailing list
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-10-05 19:44 UTC by Matthias Schiffer
Modified: 2015-11-12 17:01 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Attachments
Xorg.log for crash 1 (82.78 KB, text/plain)
2015-10-05 19:44 UTC, Matthias Schiffer
no flags Details
Xorg.log for crash 2 (78.83 KB, text/plain)
2015-10-05 19:45 UTC, Matthias Schiffer
no flags Details
Xorg.log for crash 3 (209.04 KB, text/plain)
2015-10-05 19:45 UTC, Matthias Schiffer
no flags Details
gdb log for crash 2 (8.06 KB, text/plain)
2015-10-06 09:39 UTC, Matthias Schiffer
no flags Details
gdb log for crash 1 (9.30 KB, text/plain)
2015-11-12 00:25 UTC, Matthias Schiffer
no flags Details
gdb log for crash 2 (Xserver 1.18 + patch from comment 9) (8.02 KB, text/plain)
2015-11-12 01:15 UTC, Matthias Schiffer
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Schiffer 2015-10-05 19:44:54 UTC
Created attachment 118678 [details]
Xorg.log for crash 1

I've found various ways to crash Xorg in a reverse PRIME setup; I'm reporting them as a single bug as the backtraces look similar.

For the tests, I used the xorg-server 1.17.2 Arch Linux packages with recent git versions of xf86-video-intel and xf86-video-nouveau.

* Crash 1: I setup the (nouveau) reverse PRIME output as primary output. When I set a GL or VA-API window to fullscreen on the reverse PRIME output, Xorg segfaults. Might be related to #91491.

* Crash 2: I configure the intel driver to use DRI3. As soon as I open a window using GL or VA-API on the reverse PRIME output, Xorg segfaults.

* Crash 3: While normally the reverse PRIME setup as primary output would only make Xorg crash when a fullscreen window was involved, I also got a random crash in this setup without a fullscreen window.
Comment 1 Matthias Schiffer 2015-10-05 19:45:29 UTC
Created attachment 118679 [details]
Xorg.log for crash 2
Comment 2 Matthias Schiffer 2015-10-05 19:45:57 UTC
Created attachment 118680 [details]
Xorg.log for crash 3
Comment 3 Matthias Schiffer 2015-10-05 20:35:20 UTC
Oh, I didn't even read the logs carefully enough, crash 2 is a bus error, not a segfault. So maybe these crashs are distinct bugs after all...
Comment 4 Chris Wilson 2015-10-06 08:49:12 UTC
First should be fixed with an update already. 2/3 look to be a different bug. 2 might just be a known bug in the sigbus handler, but more likely related to 3.


The stacktraces aren't particularly helpful. Please could you compile and install the debug info and perhaps capture a coredump or have gdb attached?
Comment 5 Matthias Schiffer 2015-10-06 09:13:23 UTC
Thanks, crash 1 seems to be fixed with the latest xf86-video-intel master indeed, I should have checked that first.

I'll try to get some coredumps and debug info for crash 2, not sure if I can get one for 3 as it occured spontaneously.
Comment 6 Chris Wilson 2015-10-06 09:29:19 UTC
Hmm, something I missed was that you have TearFree enabled. There is a known interaction issue atm with TearFree/DRI3, you might like trying by disabling TearFree and testing.
Comment 7 Matthias Schiffer 2015-10-06 09:39:47 UTC
Created attachment 118707 [details]
gdb log for crash 2

Disabling TearFree didn't have an effect. Here's a proper backtrace of crash 2 (with TearFree disabled).
Comment 8 Chris Wilson 2015-11-11 20:42:12 UTC
Theory is that the wrong backend is being called...

If you enable assertions (say --enable-debug=full since it appears to crash very early) and try:

--- a/src/sna/sna_present.c
+++ b/src/sna/sna_present.c
@@ -312,6 +312,7 @@ sna_present_queue_vblank(RRCrtcPtr crtc, uint64_t event_id, 
        DBG(("%s(pipe=%d, event=%lld, msc=%lld)\n",
             __FUNCTION__, sna_crtc_pipe(crtc->devPrivate),
             (long long)event_id, (long long)msc));
+       assert(sna->scrn == ((xf86CrtcPtr)crtc->devPrivate)->scrn);
 
        swap = sna_crtc_last_swap(crtc->devPrivate);
        warn_unless((int64_t)(msc - swap->msc) >= 0);
Comment 9 Chris Wilson 2015-11-11 21:09:06 UTC
If I am right, the gist of the issue is:

diff --git a/present/present.c b/present/present.c
index beb01dc..de37abc 100644
--- a/present/present.c
+++ b/present/present.c
@@ -724,7 +724,7 @@ present_pixmap(WindowPtr window,
 
     if (!screen_priv || !screen_priv->info)
         target_crtc = NULL;
-    else if (!target_crtc) {
+    else if (!target_crtc || target_crtc->pScreen != screen) {
         /* Update the CRTC if we have a pixmap or we don't have a CRTC
          */
         if (!pixmap)
Comment 10 Matthias Schiffer 2015-11-12 00:10:50 UTC
The assertion in comment 8 is indeed hit when I try to trigger crash 2. The patch from comment 9 doesn't have an effect, the assertion is still hit (on Xserver 1.17.4, I'll try with 1.18 next)
Comment 11 Matthias Schiffer 2015-11-12 00:25:27 UTC
Created attachment 119579 [details]
gdb log for crash 1

While I thought that crash 1 had been fixed, this is not the case after all; on both Xserver 1.17.2 and 1.17.4, and both the current xf86-video-intel git master and the version I used when I tested last time, it crashes every time I try it. 

GDB log attached.
Comment 12 Matthias Schiffer 2015-11-12 01:15:49 UTC
Created attachment 119580 [details]
gdb log for crash 2 (Xserver 1.18 + patch from comment 9)

I've removed the assertion from comment 8, I wasn't able to get a gdb log when the assertion was hit.
Comment 13 Matthias Schiffer 2015-11-12 01:19:26 UTC
I wasn't able to reproduce crash 1 with Xserver 1.18, but that might or might not be because I wasn't able to properly get a window to fullscreen on the reverse PRIME screen because of bug 92313.
Comment 14 Chris Wilson 2015-11-12 09:01:12 UTC
(In reply to Matthias Schiffer from comment #11)
> Created attachment 119579 [details]
> gdb log for crash 1
> 
> While I thought that crash 1 had been fixed, this is not the case after all;
> on both Xserver 1.17.2 and 1.17.4, and both the current xf86-video-intel git
> master and the version I used when I tested last time, it crashes every time
> I try it. 

Still mixing Present/DRI3 + DRI2? If so, this may help


diff --git a/src/sna/sna_dri2.c b/src/sna/sna_dri2.c
index 6f5e9f7..43b1534 100644
--- a/src/sna/sna_dri2.c
+++ b/src/sna/sna_dri2.c
@@ -2207,7 +2207,7 @@ can_xchg_crtc(struct sna *sna,
        if (!DBG_CAN_XCHG)
                return false;
 
-       if ((sna->flags & SNA_TEAR_FREE) == 0) {
+       if ((sna->flags & SNA_TEAR_FREE) == 0 || !sna->mode.shadow_enabled) {
                DBG(("%s: no, requires TearFree\n",
                     __FUNCTION__));
                return false;
Comment 15 Matthias Schiffer 2015-11-12 17:01:43 UTC
In crash 1, only DRI2 should be involved, I explicitly set the maximum DRI verion to 2 in xorg.conf for both drivers. As soon as I enable DRI3, I can't even get to crash 1, as crash 2 happens before.

AFAICT, your last patch snippet didn't have any effect.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.