[savage] glblur crashed with SIGSEGV in _mesa_CopyTexImage2D()

Bug #562718 reported by Daniel Che on 2010-04-14
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mesa
Fix Released
Medium
mesa (Ubuntu)
Medium
Bryce Harrington
Lucid
Medium
Bryce Harrington

Bug Description

[Impact]
Affects Savage devices; affects all Savage users, but not all GL applications. Leads to a crash in mesa during application startup.

[Development]
As Meerkat has not yet opened but Lucid is frozen solid, this fix is not yet in a development release, but it has been committed to the Ubuntu-X git tree and so will be included in the development version once Meerkat opens and we do our first mesa upload. It will also be included in mesa 7.8 so we'll get it when we merge that in.

[Patch]
Patch has been proposed in this bug, confirmed to solve the issue, and accepted into the upstream 7.8 mesa stable branch.

[Test Case]
Install latest -savage and mesa, and then run for instance /usr/lib/xscreensaver/glblur. The application crashes.

[Regression Potential]
The code changes are specific to the -savage video driver, and as such can't cause regression for non-savage users.

The init call creates a meta object and initializes it. Other code depends on the existence of this object and references it without any checking. At one point in the development this init call was done in the common mesa code, but was later moved to the drivers using it. Savage was forgotten, since few upstream developers have access to Savage hardware and can do regular testing. Similar commits were done for a couple of other drivers.

[Original Report]

glblur is not working, my video card is "01:00.0 VGA compatible controller: S3 Inc. VT8375 [ProSavage8 KM266/KL266]"

ProblemType: Crash
DistroRelease: Ubuntu 10.04
Package: xscreensaver-gl 5.10-3ubuntu3
ProcVersionSignature: Ubuntu 2.6.32-20.30-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-20-generic i686
Architecture: i386
CrashCounter: 1
Date: Tue Apr 13 23:01:36 2010
ExecutablePath: /usr/lib/xscreensaver/glblur
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Beta i386 (20100406)
ProcCmdline: /usr/lib/xscreensaver/glblur -root
ProcEnviron:
 PATH=(custom, no user)
 LANG=pt_BR.utf8
 LANGUAGE=pt_BR:pt:en
SegvAnalysis:
 Segfault happened at: 0x10d1825: mov %eax,(%edx)
 PC (0x010d1825) ok
 source "%eax" ok
 destination "(%edx)" (0x00000000) not located in a known VMA region (needed writable region)!
SegvReason: writing NULL VMA
Signal: 11
SourcePackage: xscreensaver
StacktraceTop:
 ?? () from /usr/lib/dri/savage_dri.so
 ?? () from /usr/lib/dri/savage_dri.so
 _mesa_CopyTexImage2D () from /usr/lib/dri/savage_dri.so
 ?? ()
 ?? ()
Title: glblur crashed with SIGSEGV in _mesa_CopyTexImage2D()
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

Daniel Che (danielche9) wrote :
visibility: private → public

StacktraceTop:
 ?? () from /usr/lib/dri/savage_dri.so
 ?? () from /usr/lib/dri/savage_dri.so
 _mesa_CopyTexImage2D () from /usr/lib/dri/savage_dri.so
 draw_glblur (mi=0x8f706d0) at glblur.c:263
 xlockmore_draw (dpy=0x8f63db0, window=16777267,

Changed in xscreensaver (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
summary: - glblur crashed with SIGSEGV in _mesa_CopyTexImage2D()
+ [savage] glblur crashed with SIGSEGV in _mesa_CopyTexImage2D()

glblur crashes upon start on savage. Both in 7.7.1 and git master.

#0 0x00812907 in _mesa_meta_begin (ctx=0x80743b8, state=96) at drivers/common/meta.c:327
        save = 0x0
#1 0x00818373 in copy_tex_image (ctx=0x80743b8, dims=2, target=3553, level=0, internalFormat=6409, x=0, y=0, width=128, height=128, border=0) at drivers/common/meta.c:2561
        texObj = 0x81a9a38
        texImage = 0x81a9d40
        postConvWidth = 128
        postConvHeight = 128
        format = 6409
        type = 5121
        bpp = 1
        buf = 0x81a9e00
#2 0x00818628 in _mesa_meta_CopyTexImage2D (ctx=0x80743b8, target=3553, level=0, internalFormat=6409, x=0, y=0, width=128, height=128, border=0) at drivers/common/meta.c:2624
No locals.
#3 0x00763d9c in _mesa_CopyTexImage2D (target=3553, level=0, internalFormat=6409, x=0, y=0, width=128, height=128, border=0) at main/teximage.c:2831
        texObj = 0x81a9a38
        texImage = <value optimized out>
        postConvWidth = 128
        postConvHeight = 128
        face = 0
        ctx = 0x80743b8

Where line 327 is the last line here:

static void
_mesa_meta_begin(GLcontext *ctx, GLbitfield state)
{
   struct save_state *save = &ctx->Meta->Save;

   save->SavedState = state;

Actually ctx->Meta is NULL, like if _mesa_meta_init() has not been called.

So if I break on _mesa_meta_begin and call _mesa_meta_init(ctx) manually before continuing it works, kind of. No crashes, but there are some other issues like not seeing anything unless I click in the window.

Tormod Volden (tormodvolden) wrote :

I can confirm this on a Savage TwisterK card.

affects: xscreensaver (Ubuntu) → mesa (Ubuntu)
Changed in mesa (Ubuntu):
status: New → Confirmed
Tormod Volden (tormodvolden) wrote :

Attaching gdb backtrace with more mesa details, from running today's mesa git master.

Tormod Volden (tormodvolden) wrote :

The crash is here, with save = 0, so apparently &ctx->Meta->Save has not been initialized.

static void
_mesa_meta_begin(GLcontext *ctx, GLbitfield state)
{
   struct save_state *save = &ctx->Meta->Save;

   save->SavedState = state;

Changed in mesa (Ubuntu):
assignee: nobody → Tormod Volden (tormodvolden)
status: Confirmed → In Progress
Tormod Volden (tormodvolden) wrote :
Changed in mesa (Ubuntu):
assignee: Tormod Volden (tormodvolden) → Bryce Harrington (bryceharrington)
status: In Progress → Confirmed
tags: added: patch
Bryce Harrington (bryce) wrote :

I think it's too late to get this into lucid itself, but looks like it's suitable for an SRU.

Changed in mesa (Ubuntu):
status: Confirmed → Fix Committed
Bryce Harrington (bryce) wrote :

Uploaded to ubuntu-proposed.

Tormod, it would be helpful if you could update the description with additional details that may be relevant for consideration.

description: updated
description: updated
John Dong (jdong) wrote :

The upload in lucid-proposed looks pretty reasonable to me and consistent with the explanation, so ACK from the SRU team in that regard.

It's probably better if SRU versioning conventions are used (i.e. 1ubuntu2.1) and the lucid+1 upload be -1ubuntu3, though it probably doesn't matter too much.

Make sure we keep appropriate tasks open to get this committed to lucid+1 though.

On Thu, Apr 22, 2010 at 01:09:20AM -0000, John Dong wrote:
> It's probably better if SRU versioning conventions are used (i.e.
> 1ubuntu2.1) and the lucid+1 upload be -1ubuntu3, though it probably
> doesn't matter too much.

I considered that, but I'm unclear on whether that is actually necessary
in this case, since the lucid+1 repo hasn't opened yet.

> Make sure we keep appropriate tasks open to get this committed to
> lucid+1 though.

No prob, the patch is already committed to our git tree so will get into
lucid+1.

Accepted mesa into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mesa - 7.7.1-1ubuntu3

---------------
mesa (7.7.1-1ubuntu3) lucid-proposed; urgency=low

  * Add 104_savage_init_mesa.patch: Savage driver needs to initialize
    &ctx->Meta->Save. Fixes crash when using _mesa_CopyTexImage2D
    on Savage hardware. Cherrypick from upstream. Thanks Tormod.
    (LP: #562718)
 -- Bryce Harrington <email address hidden> Wed, 21 Apr 2010 09:48:09 -0700

Changed in mesa (Ubuntu Lucid):
status: Fix Committed → Fix Released
Martin Pitt (pitti) wrote :

Copied lucid-proposed to maverick.

Changed in mesa (Ubuntu):
status: Fix Committed → Fix Released
Changed in mesa (Ubuntu Lucid):
status: Fix Released → Fix Committed
Martin Pitt (pitti) wrote :

Can someone please test the lucid-proposed version?

Daniel Che (danielche9) wrote :

Updated with mesa - 7.7.1-1ubuntu3 and now it's working for me. Thanks!

Martin Pitt (pitti) wrote :

I have run this mesa version for about two weeks on an intel and a radeon based system without any problems.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mesa - 7.7.1-1ubuntu3

---------------
mesa (7.7.1-1ubuntu3) lucid-proposed; urgency=low

  * Add 104_savage_init_mesa.patch: Savage driver needs to initialize
    &ctx->Meta->Save. Fixes crash when using _mesa_CopyTexImage2D
    on Savage hardware. Cherrypick from upstream. Thanks Tormod.
    (LP: #562718)
 -- Bryce Harrington <email address hidden> Wed, 21 Apr 2010 09:48:09 -0700

Changed in mesa (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in mesa:
importance: Unknown → Medium
status: Unknown → Fix Released
Changed in mesa:
importance: Medium → Unknown
Changed in mesa:
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.