divide by zero error in radeon_surface.c when opening chrome with WebGL enabled
Affects  Status  Importance  Assigned to  Milestone  

 Nouveau Xorg driver 
Confirmed

Medium


 libdrm (Ubuntu) 
Undecided

Unassigned 
Bug Description
Passing a tile_split of zero to eg_surface_init_2d causes a divide by zero error. Launching chromium with WebGL enabled on a AMD Llano (A83850) exhibits this behavior and webgl then fails to work. The attached patch fixes the problem and allows WebGL to work in chrome on this platform.
Additional information:
lsb_release rd
Description: Ubuntu 13.10
Release: 13.10
Package version:
libdrm_
Chris Wulff (crwulff) wrote :  #1 
tags:  added: saucy 
Brian Murray (brianmurray) wrote :  #3 
This looks good to me but I think it should be forwarded to the upstream developers. They seem to keep track of bugs at https:/
In freedesktop.org Bugzilla #72425, Chris Wulff (crwulff) wrote :  #5 
Created attachment 90384
Fix divide by zero in radeon_surface
Passing a tile_split of zero to eg_surface_init_2d causes a divide by zero error. Launching chromium with WebGL enabled on a AMD Llano (A83850) exhibits this behavior and webgl then fails to work. The attached patch fixes the problem and allows WebGL to work in chrome on this platform.
Chris Wulff (crwulff) wrote :  #4 
Upstream bug & patch filed at https:/
In freedesktop.org Bugzilla #72425, agd5f (agd5f) wrote :  #6 
Can you attach a backtrace of the divide by 0?
Changed in nouveau:  
importance:  Unknown → Medium 
status:  Unknown → Confirmed 
In freedesktop.org Bugzilla #72425, Chris Wulff (crwulff) wrote :  #7 
#0 0x00007f55e42fcc0c in eg_surface_init_2d (surf_man=0x1, surf=0x7f5601ca
#1 0x00007f55e42fcf5b in eg_surface_
#2 0x00007f55e4b52865 in r600_setup_surface (pitch_
#3 r600_texture_
at ../../.
#4 0x00007f55e4b530bc in r600_texture_create (screen=
#5 0x00007f55dfb4e36c in st_renderbuffer
#6 0x00007f55e45aaafa in renderbuffer_
#7 0x00007f55fcf99e83 in gpu::gles2:
#8 0x00007f55fcf9f0c5 in gpu::gles2:
#9 0x00007f55fcfc316d in gpu::gles2:
#10 0x00007f55fb6db418 in content:
#11 0x00007f55fb6dbf03 in DispatchToMetho
(void (content:
#12 DispatchDelayRe
(void (content:
send_
#13 DispatchDelayRe
Can you run
print *surf
at the gdb prompt when the problem occurs, and attach the output?
In freedesktop.org Bugzilla #72425, Chris Wulff (crwulff) wrote :  #9 
(gdb) print *surf
$1 = {npix_x = 1, npix_y = 1, npix_z = 1, blk_w = 1, blk_h = 1, blk_d = 1, array_size = 1, last_level = 0, bpe = 4, nsamples = 4, flags = 918273, bo_size = 32768, bo_alignment = 32768, bankw = 1, bankh = 1, mtilea = 8,
tile_split = 1024, stencil_tile_split = 0, stencil_offset = 0, level = {{offset = 0, slice_size = 32768, npix_x = 1, npix_y = 1, npix_z = 1, nblk_x = 256, nblk_y = 8, nblk_z = 1, pitch_bytes = 1024, mode = 3}, {
offset = 140735314673424, slice_size = 140735314673408, npix_x = 3379041659, npix_y = 32766, npix_z = 3379041664, nblk_x = 32766, nblk_y = 2121285768, nblk_z = 32767, pitch_bytes = 3499935890, mode = 32766}, {
offset = 140733193388032, slice_size = 140732398375220, npix_x = 2121285456, npix_y = 32767, npix_z = 2121285440, nblk_x = 32767, nblk_y = 3379041659, nblk_z = 32766, pitch_bytes = 3379041664, mode = 32766}, {
offset = 140735314673864, slice_size = 140732398356626, npix_x = 0, npix_y = 1, npix_z = 3499954484, nblk_x = 32766, nblk_y = 0, nblk_z = 327681, pitch_bytes = 16, mode = 0}, {offset = 1, slice_size = 0,
npix_x = 4294967295, npix_y = 4294967295, npix_z = 0, nblk_x = 0, nblk_y = 0, nblk_z = 0, pitch_bytes = 1, mode = 0}, {offset = 42949672960, slice_size = 0, npix_x = 0, npix_y = 0, npix_z = 0, nblk_x = 0,
nblk_y = 4294967295, nblk_z = 4294967295, pitch_bytes = 0, mode = 0}, {offset = 184467440737095
mode = 32767}, {offset = 0, slice_size = 140735314673776, npix_x = 4294967295, npix_y = 4294967295, npix_z = 0, nblk_x = 0, nblk_y = 11, nblk_z = 0, pitch_bytes = 3379041659, mode = 32766}, {offset = 9147928153161730,
slice_size = 117, npix_x = 2121285384, npix_y = 32767, npix_z = 0, nblk_x = 0, nblk_y = 0, nblk_z = 0, pitch_bytes = 0, mode = 0}, {offset = 11, slice_size = 140732277462395, npix_x = 3379041665, npix_y = 32766,
npix_z = 3379041664, nblk_x = 32766, nblk_y = 2121286152, nblk_z = 32767, pitch_bytes = 3499935890, mode = 32766}, {offset = 140735314673920, slice_size = 140732398375220, npix_x = 0, npix_y = 32767, npix_z = 16,
nblk_x = 0, nblk_y = 1, nblk_z = 0, pitch_bytes = 0, mode = 0}, {offset = 140735314673968, slice_size = 140732399619776, npix_x = 2121286424, npix_y = 32767, npix_z = 3500095088, nblk_x = 32766, nblk_y = 3379040316,
nblk_z = 32766, pitch_bytes = 3379040327, mode = 0}, {offset = 206158430248, slice_size = 140735314674016, npix_x = 2121285792, npix_y = 32767, npix_z = 0, nblk_x = 0, nblk_y = 3379040316, nblk_z = 32766,
pitch_bytes = 8, mode = 0}, {offset = 42949672960, slice_size = 0, npix_x = 40, npix_y = 48, npix_z = 2121286048, nblk_x = 32767, nblk_y = 2121285856, nblk_z = 32767, pitch_bytes = 13, mode = 0}, {
offset = 184467440737095
npix_y = 0, npix_z = 0, nblk_x = 0, nblk_y = 11, nblk_z = 0, pitch_bytes = 3379041659, mode = 32766}, {offset = 140732277462401, slice...
This is really weird: As you can see, tile_split is not 0, so the division by 0 must be about stencil_tile_split. But I don't see how eg_surface_best can not set stencil_tile_split to non0 for a depth/stencil surface...
The attachment "02_fix_divide_zero.diff" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntureviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brianmurray, for any issues please contact him.]