Bug 97894 - Crash in u_transfer_unmap_vtbl when unmapping a buffer mapped in different context
Summary: Crash in u_transfer_unmap_vtbl when unmapping a buffer mapped in different co...
Alias: None
Product: Mesa
Classification: Unclassified
Component: Drivers/Gallium/radeonsi (show other bugs)
Version: git
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: Default DRI bug account
QA Contact: Default DRI bug account
Depends on:
Reported: 2016-09-22 09:26 UTC by James Legg
Modified: 2016-10-05 15:56 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Apitrace reproducing issue (45.26 KB, application/octet-stream)
2016-09-22 09:26 UTC, James Legg
Valgrind output when replaying trace (25.48 KB, text/plain)
2016-09-22 09:28 UTC, James Legg

Description James Legg 2016-09-22 09:26:57 UTC
Created attachment 126724 [details]
Apitrace reproducing issue

The following sequence of events cause a crash on radeonsi:
1. Create two contexts in the same share group
2. In one of the contexts, create and map a buffer. Then delete that context.
3. Create another context in the share group
4. Cause the buffer to be unmapped in the new context (either explicitly with glUnmapBuffer/glUnmapNamedBuffer or implicitly via glDeleteBuffers).

The attached apitrace reproduces the issue when using an AMD R9 270, unless environment variable LIBGL_ALWAYS_SOFTWARE is set to 1.

I reproduced this using Mesa git 36f0f0318275f65f8744ec6f9471702e2f58e6d5 and the 12.0.3 release on x86_64 Fedora 24.
My OpenGL renderer string is Gallium 0.4 on AMD PITCAIRN (DRM 2.45.0 / 4.7.2-201.fc24.x86_64, LLVM 3.9.0).
Comment 1 James Legg 2016-09-22 09:28:40 UTC
Created attachment 126725 [details]
Valgrind output when replaying trace

Valgrind reports a use after free error when the unmap occurs.
Comment 2 Nicolai Hähnle 2016-09-27 10:57:08 UTC
You like to live dangerously :)

I can reproduce and will look into this, thank you for the clean report!
Comment 3 Nicolai Hähnle 2016-09-27 18:28:56 UTC
A candidate fix is here: https://patchwork.freedesktop.org/series/12982/
Comment 4 James Legg 2016-09-29 10:04:03 UTC
A can confirm that patch series fixes the issue.
Comment 5 Nicolai Hähnle 2016-10-05 15:56:41 UTC
Fixed in Mesa master (commit e56e1f8119f28eebbe6fbe7040c80a6dd884f5fd).

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.