Re: xsrc/58133: X server crashes; radeon 5450; modesetting

To: xsrc-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,Rhialto <rhialto%falu.nl@localhost>
Subject: Re: xsrc/58133: X server crashes; radeon 5450; modesetting
From: Rhialto <rhialto%falu.nl@localhost>
Date: Sat, 13 Apr 2024 12:15:02 +0000 (UTC)

The following reply was made to PR xsrc/58133; it has been noted by GNATS.

From: Rhialto <rhialto%falu.nl@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: xsrc-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost,
	Rhialto <rhialto%falu.nl@localhost>
Subject: Re: xsrc/58133: X server crashes; radeon 5450; modesetting
Date: Sat, 13 Apr 2024 14:10:39 +0200

 I had another similar crash, while running with the above patch.
 Unfortunately I neglected to build the debug sets so the stack trace
 from gdb isn't so nice:
 
 [  4949.604] (EE) 
 [  4949.604] (EE) Backtrace:
 [  4949.701] (EE) 0: /usr/X11R7/bin/X (xorg_backtrace+0x44) [0x8ebb2575]
 [  4949.701] (EE) 1: /usr/X11R7/bin/X (os_move_fd+0x79) [0x8ebae315]
 [  4949.701] (EE) 2: /usr/lib/libc.so.12 (__sigtramp_siginfo_2+0x0) [0x7cc04cb7ee80]
 [  4949.701] (EE) 3: /usr/X11R7/lib/modules/libglamoregl.so (glamor_download_pixmap+0x250) [0x7cc045c1359d]
 [  4949.701] (EE) 4: /usr/X11R7/lib/modules/libglamoregl.so (glamor_download_pixmap+0xb17) [0x7cc045c13e64]
 [  4949.701] (EE) 5: /usr/X11R7/lib/modules/libglamoregl.so (glamor_image_text8+0x30) [0x7cc045c13fe9]
 [  4949.701] (EE) 6: /usr/X11R7/bin/X (DamageRegionAppend+0x1064) [0x8eb5fbbe]
 [  4949.701] (EE) 7: /usr/X11R7/bin/X (DeliverRawEvent+0x1cf2) [0x8ea7e6b5]
 [  4949.701] (EE) 8: /usr/X11R7/bin/X (ImageText+0x3a) [0x8ea7f8df]
 [  4949.701] (EE) 9: /usr/X11R7/bin/X (ProcImageText8+0xe2) [0x8ea8395b]
 [  4949.701] (EE) 10: /usr/X11R7/bin/X (Dispatch+0x264) [0x8ea85c2e]
 [  4949.701] (EE) 11: /usr/X11R7/bin/X (dix_main+0x36f) [0x8ea55e1f]
 [  4949.701] (EE) 
 [  4949.701] (EE) Segmentation fault at address 0x7cc04ac77000
 [  4949.701] (EE) 
 Fatal server error:
 [  4949.701] (EE) Caught signal 11 (Segmentation fault). Server aborting
 
 (gdb) bt
 #0  0x00007cc04cb7e74a in _lwp_kill () from /usr/lib/libc.so.12
 #1  0x00007cc04cb83f00 in abort () at /usr/src/lib/libc/stdlib/abort.c:74
 #2  0x000000008ebad704 in OsAbort ()
 #3  0x000000008eba8a1e in AbortServer ()
 #4  0x000000008eba968e in FatalError ()
 #5  0x000000008ebae382 in OsSigHandler ()
 #6  <signal handler called>
 #7  0x00007cc045c1359d in ?? () from /usr/X11R7/lib/modules/libglamoregl.so
 #8  0x00007cc045c13e64 in ?? () from /usr/X11R7/lib/modules/libglamoregl.so
 #9  0x00007cc045c13fe9 in glamor_image_text8 ()
    from /usr/X11R7/lib/modules/libglamoregl.so
 #10 0x000000008eb5fbbe in damageImageText8 (pDrawable=0x7cc04bc374c0,
     pGC=0x7cc04bc904c0, x=17, y=1170, count=80,
     chars=0x7cc04b861e24 "JavaScript warning: https://www.google.com/js/th/YDyovHw-xwWf1wKdxMBnmF3BGXV9Ywc=";)
     at /usr/xsrc/external/mit/xorg-server/dist/miext/damage/damage.c:1377
 #11 0x000000008ea7e6b5 in doImageText ()
 #12 0x000000008ea7f8df in ImageText ()
 #13 0x000000008ea8395b in ProcImageText8 ()
 #14 0x000000008ea85c2e in Dispatch ()
 #15 0x000000008ea55e1f in dix_main ()
 #16 0x000000008ea559cd in ___start (cleanup=<optimized out>,
     ps_strings=0x7f7fffa81fe0) at /usr/src/lib/csu/common/crt0-common.c:350
 #17 0x00007f7fd460baf8 in ?? () from /usr/libexec/ld.elf_so
 #18 0x0000000000000005 in ?? ()
 #19 0x00007f7fffa810c0 in ?? ()
 #20 0x00007f7fffa810d1 in ?? ()
 #21 0x00007f7fffa810d4 in ?? ()
 #22 0x00007f7fffa810d9 in ?? ()
 #23 0x00007f7fffa810df in ?? ()
 #24 0x0000000000000000 in ?? ()
 
 Like before, the text to print looks like logging output from Firefox.
 It would be printed in the xterm from which it was started. But that was
 hidden behind the Firefox window.
 
 So not only isn't it Firefox trying to render text, also it's not even
 rendered to the screen (directly)...
 
 The crash address is nearly the same as before, so most likely it's the
 same code, but it is not guaranteed.
 
 So one or more of these must be true:
 
 - the crash is a result of a different call to glamor_get_vbo_space()
 - the v value from glamor_get_vbo_space() is not NULL but some other
   bogus value
 - the crash is even something different than we think.
 
 For debugging of the first core file I put back the original
 libglamoregl.so.0 (the rebuilt one confused gdb). So this is the
 crash in the previous mail:
 
 (gdb) up
 #7  glamor_text (drawable=drawable@entry=0x7b3072eddc80,
     gc=gc@entry=0x7b3072ed8780, glamor_font=glamor_font@entry=0x7b3077113320,
     prog=prog@entry=0x7b3079c72268, x=24, x@entry=17, y=y@entry=1170,
     count=count@entry=80,
     s_chars=s_chars@entry=0x7b3076cbbea4 "JavaScript error: https://xkcd.com/2916/client/727.js, line 2: Error: recursive >\001\a", charinfo=0x7f7fffd78888,
     charinfo@entry=0x7f7fffd78880, sixteen=sixteen@entry=0)
     at /usr/xsrc/external/mit/xorg-server/dist/glamor/glamor_text.c:173
 173                 v[ 0] = x1;
 (gdb) info locals
 y1 = 1159
 tx = 592
 x1 = 17
 width = 7
 height = 13
 ty = <optimized out>
 row = <optimized out>
 col = <optimized out>
 second_row = <optimized out>
 chars = 0x7b3076cbbea4 "JavaScript error: https://xkcd.com/2916/client/727.js, line 2: Error: recursive >\001\a"
 font = 0x7b30785b3500
 off_x = 2043093608
 off_y = 31536
 c = 0
 nglyph = 0
 v = 0x7b3070f7e000
 vbo_offset = 0x0
 ci = 0x7b307710c808
 firstRow = 0
 firstCol = 0
 glyph_spacing_x = 8
 glyph_spacing_y = 13
 box_index = <optimized out>
 pixmap = <optimized out>
 pixmap_priv = 0x7b307a02f6d0
 (gdb) print v
 $1 = (GLshort *) 0x7b3070f7e000
 (gdb) print *v
 $2 = 0
 (gdb) print count
 $4 = 80
 (gdb) print charinfo[-1]
 $9 = (CharInfoPtr) 0x7b307710c808
 (gdb) print charinfo[0]
 $10 = (CharInfoPtr) 0x7b307710ca30
 
 All these values look sensible and gdb doesn's say that *v isn't
 accessible... but yet the segfault occurs in the very first access to
 this space (c == 0, nglyph == 0), and v == 0x7b3070f7e000, the reported
 address of the segfault.
 
 (gdb) info frame
 Stack level 7, frame at 0x7f7fffd78810:
  rip = 0x7b306e213595 in glamor_text
     (/usr/xsrc/external/mit/xorg-server/dist/glamor/glamor_text.c:173); 
     saved rip = 0x7b306e213e28
  called by frame at 0x7f7fffd790c0, caller of frame at 0x7f7fffd783b0
  source language c.
  Arglist at 0x7f7fffd78800, args: drawable=drawable@entry=0x7b3072eddc80, 
     gc=gc@entry=0x7b3072ed8780, glamor_font=glamor_font@entry=0x7b3077113320, 
     prog=prog@entry=0x7b3079c72268, x=24, x@entry=17, y=y@entry=1170, 
     count=count@entry=80, 
     s_chars=s_chars@entry=0x7b3076cbbea4 "JavaScript error: https://xkcd.com/2916/client/727.js, line 2: Error: recursive >\001\a", charinfo=0x7f7fffd78888, 
     charinfo@entry=0x7f7fffd78880, sixteen=sixteen@entry=0
  Locals at 0x7f7fffd78800, Previous frame's sp is 0x7f7fffd78810
  Saved registers:
   rbx at 0x7f7fffd787d8, rbp at 0x7f7fffd78800, r12 at 0x7f7fffd787e0,
   r13 at 0x7f7fffd787e8, r14 at 0x7f7fffd787f0, r15 at 0x7f7fffd787f8,
   rip at 0x7f7fffd78808

Prev by Date: Re: xsrc/58133: X server crashes; radeon 5450; modesetting
Next by Date: Re: port-arm/58135 (reproducible pmap KASSERT failure for armv7 with NFS root)
Previous by Thread: Re: xsrc/58133: X server crashes; radeon 5450; modesetting
Next by Thread: Re: xsrc/58133: X server crashes; radeon 5450; modesetting
Indexes:

Home | Main Index | Thread Index | Old Index