divide by zero error in radeon_surface.c when opening chrome with WebGL enabled

Bug #1257612 reported by Chris Wulff on 2013-12-04
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Nouveau Xorg driver
Confirmed
Medium
libdrm (Ubuntu)
Undecided
Unassigned

Bug Description

Passing a tile_split of zero to eg_surface_init_2d causes a divide by zero error. Launching chromium with WebGL enabled on a AMD Llano (A8-3850) exhibits this behavior and webgl then fails to work. The attached patch fixes the problem and allows WebGL to work in chrome on this platform.

Additional information:

lsb_release -rd
Description: Ubuntu 13.10
Release: 13.10

Package version:
libdrm_2.4.46-1ubuntu1

Chris Wulff (crwulff) wrote :

The attachment "02_fix_divide_zero.diff" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
tags: added: saucy
Brian Murray (brian-murray) wrote :

This looks good to me but I think it should be forwarded to the upstream developers. They seem to keep track of bugs at https://bugs.freedesktop.org/. Could you please forward your bug and patch there? Then we can add a bug watch on this bug to the upstream bug report to keep track of their progress on it. Thanks!

Created attachment 90384
Fix divide by zero in radeon_surface

Passing a tile_split of zero to eg_surface_init_2d causes a divide by zero error. Launching chromium with WebGL enabled on a AMD Llano (A8-3850) exhibits this behavior and webgl then fails to work. The attached patch fixes the problem and allows WebGL to work in chrome on this platform.

Chris Wulff (crwulff) wrote :

Can you attach a backtrace of the divide by 0?

Changed in nouveau:
importance: Unknown → Medium
status: Unknown → Confirmed
Download full text (5.3 KiB)

#0 0x00007f55e42fcc0c in eg_surface_init_2d (surf_man=0x1, surf=0x7f5601cae748, level=0x0, bpe=1, tile_split=0, offset=32768, start_level=0) at ../../radeon/radeon_surface.c:652
#1 0x00007f55e42fcf5b in eg_surface_init_2d_miptrees (surf_man=0x7f5601b291a0, surf=0x7f5601cae748) at ../../radeon/radeon_surface.c:810
#2 0x00007f55e4b52865 in r600_setup_surface (pitch_in_bytes_override=0, rtex=0x7f5601cae660, screen=0x7f5601b29470) at ../../../../../../src/gallium/drivers/r600/r600_texture.c:232
#3 r600_texture_create_object (screen=screen@entry=0x7f5601b29470, base=base@entry=0x7fff43561190, pitch_in_bytes_override=pitch_in_bytes_override@entry=0, buf=buf@entry=0x0, surface=surface@entry=0x7fff435603c0)
    at ../../../../../../src/gallium/drivers/r600/r600_texture.c:461
#4 0x00007f55e4b530bc in r600_texture_create (screen=0x7f5601b29470, templ=0x7fff43561190) at ../../../../../../src/gallium/drivers/r600/r600_texture.c:636
#5 0x00007f55dfb4e36c in st_renderbuffer_alloc_storage (ctx=<optimized out>, rb=0x7f5601cb05c0, internalFormat=35056, width=1, height=1) at ../../../../../src/mesa/state_tracker/st_cb_fbo.c:211
#6 0x00007f55e45aaafa in renderbuffer_storage (target=<optimized out>, internalFormat=35056, width=1, height=1, samples=<optimized out>) at ../../../../../src/mesa/main/fbobject.c:1773
#7 0x00007f55fcf99e83 in gpu::gles2::BackRenderbuffer::AllocateStorage (this=0x7f56021fc570, size=..., format=35056, samples=4) at gpu/command_buffer/service/gles2_cmd_decoder.cc:1970
#8 0x00007f55fcf9f0c5 in gpu::gles2::GLES2DecoderImpl::ResizeOffscreenFrameBuffer (this=0x7f5601ee05b0, size=...) at gpu/command_buffer/service/gles2_cmd_decoder.cc:3305
#9 0x00007f55fcfc316d in gpu::gles2::GLES2DecoderImpl::Initialize (this=0x7f5601ee05b0, surface=..., context=..., offscreen=<optimized out>, size=..., disallowed_features=..., attribs=...) at gpu/command_buffer/service/gles2_cmd_decoder.cc:2338
#10 0x00007f55fb6db418 in content::GpuCommandBufferStub::OnInitialize (this=this@entry=0x7f5601edff00, shared_state_handle=..., reply_message=0x7f5601edc090) at content/common/gpu/gpu_command_buffer_stub.cc:504
#11 0x00007f55fb6dbf03 in DispatchToMethod<content::GpuCommandBufferStub, void (content::GpuCommandBufferStub::*)(base::FileDescriptor, IPC::Message*), base::FileDescriptor, IPC::Message&> (out=<synthetic pointer>, in=..., method=
    (void (content::GpuCommandBufferStub::*)(content::GpuCommandBufferStub * const, base::FileDescriptor, IPC::Message *)) 0x7f55fb6dad50 <content::GpuCommandBufferStub::OnInitialize(base::FileDescriptor, IPC::Message*)>, obj=0x7f5601edff00) at ./base/tuple.h:803
#12 DispatchDelayReplyWithSendParams<content::GpuCommandBufferStub, void (content::GpuCommandBufferStub::*)(base::FileDescriptor, IPC::Message*)> (func=
    (void (content::GpuCommandBufferStub::*)(content::GpuCommandBufferStub * const, base::FileDescriptor, IPC::Message *)) 0x7f55fb6dad50 <content::GpuCommandBufferStub::OnInitialize(base::FileDescriptor, IPC::Message*)>, obj=0x7f5601edff00, msg=0x7f5601ee0380,
    send_params=..., ok=true) at ./ipc/ipc_message_utils.h:841
#13 DispatchDelayReply<content::GpuCommandBufferStub, void (content::GpuCommandBufferStub::*)...

Read more...

Can you run

 print *surf

at the gdb prompt when the problem occurs, and attach the output?

Download full text (56.1 KiB)

(gdb) print *surf
$1 = {npix_x = 1, npix_y = 1, npix_z = 1, blk_w = 1, blk_h = 1, blk_d = 1, array_size = 1, last_level = 0, bpe = 4, nsamples = 4, flags = 918273, bo_size = 32768, bo_alignment = 32768, bankw = 1, bankh = 1, mtilea = 8,
  tile_split = 1024, stencil_tile_split = 0, stencil_offset = 0, level = {{offset = 0, slice_size = 32768, npix_x = 1, npix_y = 1, npix_z = 1, nblk_x = 256, nblk_y = 8, nblk_z = 1, pitch_bytes = 1024, mode = 3}, {
      offset = 140735314673424, slice_size = 140735314673408, npix_x = 3379041659, npix_y = 32766, npix_z = 3379041664, nblk_x = 32766, nblk_y = 2121285768, nblk_z = 32767, pitch_bytes = 3499935890, mode = 32766}, {
      offset = 140733193388032, slice_size = 140732398375220, npix_x = 2121285456, npix_y = 32767, npix_z = 2121285440, nblk_x = 32767, nblk_y = 3379041659, nblk_z = 32766, pitch_bytes = 3379041664, mode = 32766}, {
      offset = 140735314673864, slice_size = 140732398356626, npix_x = 0, npix_y = 1, npix_z = 3499954484, nblk_x = 32766, nblk_y = 0, nblk_z = 327681, pitch_bytes = 16, mode = 0}, {offset = 1, slice_size = 0,
      npix_x = 4294967295, npix_y = 4294967295, npix_z = 0, nblk_x = 0, nblk_y = 0, nblk_z = 0, pitch_bytes = 1, mode = 0}, {offset = 42949672960, slice_size = 0, npix_x = 0, npix_y = 0, npix_z = 0, nblk_x = 0,
      nblk_y = 4294967295, nblk_z = 4294967295, pitch_bytes = 0, mode = 0}, {offset = 18446744073709551615, slice_size = 1, npix_x = 0, npix_y = 10, npix_z = 0, nblk_x = 0, nblk_y = 0, nblk_z = 0, pitch_bytes = 2121285383,
      mode = 32767}, {offset = 0, slice_size = 140735314673776, npix_x = 4294967295, npix_y = 4294967295, npix_z = 0, nblk_x = 0, nblk_y = 11, nblk_z = 0, pitch_bytes = 3379041659, mode = 32766}, {offset = 9147928153161730,
      slice_size = 117, npix_x = 2121285384, npix_y = 32767, npix_z = 0, nblk_x = 0, nblk_y = 0, nblk_z = 0, pitch_bytes = 0, mode = 0}, {offset = 11, slice_size = 140732277462395, npix_x = 3379041665, npix_y = 32766,
      npix_z = 3379041664, nblk_x = 32766, nblk_y = 2121286152, nblk_z = 32767, pitch_bytes = 3499935890, mode = 32766}, {offset = 140735314673920, slice_size = 140732398375220, npix_x = 0, npix_y = 32767, npix_z = 16,
      nblk_x = 0, nblk_y = 1, nblk_z = 0, pitch_bytes = 0, mode = 0}, {offset = 140735314673968, slice_size = 140732399619776, npix_x = 2121286424, npix_y = 32767, npix_z = 3500095088, nblk_x = 32766, nblk_y = 3379040316,
      nblk_z = 32766, pitch_bytes = 3379040327, mode = 0}, {offset = 206158430248, slice_size = 140735314674016, npix_x = 2121285792, npix_y = 32767, npix_z = 0, nblk_x = 0, nblk_y = 3379040316, nblk_z = 32766,
      pitch_bytes = 8, mode = 0}, {offset = 42949672960, slice_size = 0, npix_x = 40, npix_y = 48, npix_z = 2121286048, nblk_x = 32767, nblk_y = 2121285856, nblk_z = 32767, pitch_bytes = 13, mode = 0}, {
      offset = 18446744073709551615, slice_size = 3378865857, npix_x = 0, npix_y = 0, npix_z = 0, nblk_x = 0, nblk_y = 2, nblk_z = 2162687, pitch_bytes = 117, mode = 0}, {offset = 140735314673736, slice_size = 0, npix_x = 0,
      npix_y = 0, npix_z = 0, nblk_x = 0, nblk_y = 11, nblk_z = 0, pitch_bytes = 3379041659, mode = 32766}, {offset = 140732277462401, slice...

This is really weird: As you can see, tile_split is not 0, so the division by 0 must be about stencil_tile_split. But I don't see how eg_surface_best can not set stencil_tile_split to non-0 for a depth/stencil surface...

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.