<html>
<head>
<base href="https://bugs.freedesktop.org/">
</head>
<body><span class="vcard"><a class="email" href="mailto:v10lator@myway.de" title="Thomas Rohloff <v10lator@myway.de>"> <span class="fn">Thomas Rohloff</span></a>
</span> changed
<a class="bz_bug_link
bz_status_NEW "
title="NEW - X-Plane 10 crashes with SIGSEGV on radeonsi"
href="https://bugs.freedesktop.org/show_bug.cgi?id=97909">bug 97909</a>
<br>
<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>What</th>
<th>Removed</th>
<th>Added</th>
</tr>
<tr>
<td style="text-align:right;">CC</td>
<td>
</td>
<td>v10lator@myway.de
</td>
</tr></table>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - X-Plane 10 crashes with SIGSEGV on radeonsi"
href="https://bugs.freedesktop.org/show_bug.cgi?id=97909#c9">Comment # 9</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - X-Plane 10 crashes with SIGSEGV on radeonsi"
href="https://bugs.freedesktop.org/show_bug.cgi?id=97909">bug 97909</a>
from <span class="vcard"><a class="email" href="mailto:v10lator@myway.de" title="Thomas Rohloff <v10lator@myway.de>"> <span class="fn">Thomas Rohloff</span></a>
</span></b>
<pre>(In reply to Nicolai Hähnle from <a href="show_bug.cgi?id=97909#c5">comment #5</a>)
<span class="quote">> Okay, so I could reproduce this after all with the web demo.
>
> There is a bug in X-Plane and also questionable behaviour of the driver. The
> bug in X-Plane is that it uses GL_AMD_pinned_memory with a size that is not
> a multiple of a page; as per the spec, the driver is allowed to reject that,
> and we do (apparently unlike the closed source driver...). X-Plane doesn't
> check this error condition, and continues rendering, hence the crash, which
> would also happen with a simple sequence of:
>
> glGenBuffers(1, &bo);
> glBindBuffer(GL_ELEMENT_ARRAY_BUFFER, bo);
> glDrawElements(...);
>
> Somewhat surprisingly, the OpenGL spec never states that a draw call that
> goes outside the element/index buffer should flag a GL_INVALID_OPERATION.
> There is also no mention of this in the GL_ARB_robust_buffer_access_behavior
> extension, which is surprising.
>
> The patch you provide may or may not go in the right direction - I'm not
> sure. If we want to check that, we should do it in api_validate.c, but I'm
> not convinced that we should. Meanwhile, that check wouldn't properly fix
> the issue in X-Plane. To work around the bug in X-Plane, you need to run
> with:
>
> MESA_EXTENSION_OVERRIDE=-GL_AMD_pinned_memory ./X-Plane-x86_64 --force_run
>
> which will work with an unmodified driver.</span >
I opened a bug report at X-Plane and will inform you in case they reply.
BTW: Should I open a new bug report for the r600 bug (see below) ?
Here the message I wrote to the X-Plane devs:
Subject: Bug report: Wrog usage of GL_AMD_pinned_memory leads to undefined
result on Mesa drivers
From= <a href="mailto:v10lator@myway.de">v10lator@myway.de</a>
IP= [SNIPPED]
Product= XPlane
Version= 11.11
OS= Linux
Summary= Wrog usage of GL_AMD_pinned_memory leads to undefined behavior on Mesa
drivers
Description= "The bug in X-Plane is that it uses GL_AMD_pinned_memory with a
size that is not a multiple of a page; as per the spec, the driver is allowed
to reject that, and we do (apparently unlike the closed source driver...).
X-Plane doesn't check this error condition, and continues rendering, hence the
crash" - Source: <a class="bz_bug_link
bz_status_NEW "
title="NEW - X-Plane 10 crashes with SIGSEGV on radeonsi"
href="show_bug.cgi?id=97909#c5">https://bugs.freedesktop.org/show_bug.cgi?id=97909#c5</a>
Similar things as described in the linked bug report are happening on other
Mesa drivers, too. For example see this stacktrace from r600:
[ 1930.559125] general protection fault: 0000 [#1] PREEMPT SMP
[ 1930.559980] Modules linked in: snd_seq_midi snd_usb_audio snd_hwdep
snd_usbmidi_lib snd_rawmidi vboxpci(O) vboxnetadp(O) vboxnetflt(O) nfsd
vboxdrv(O)
[ 1930.560867] CPU: 2 PID: 646 Comm: kworker/2:2 Tainted: G O
4.13.0 #9
[ 1930.561771] Hardware name: To be filled by O.E.M. To be filled by
O.E.M./SABERTOOTH 990FX R2.0, BIOS 2901 05/04/2016
[ 1930.562657] Workqueue: events radeon_mn_destroy
[ 1930.563588] task: ffffa246244e5b00 task.stack: ffffa5f0409a0000
[ 1930.564509] RIP: 0010:__mutex_lock.isra.1+0x82/0x518
[ 1930.565425] RSP: 0018:ffffa5f0409a3d60 EFLAGS: 00010282
[ 1930.566312] RAX: 800000015e292268 RBX: ffffa2435d99c228 RCX:
800000015e29226f
[ 1930.567238] RDX: 800000015e29226f RSI: ffffa246244e5b00 RDI:
ffffffffb2a04c10
[ 1930.568174] RBP: ffffa5f0409a3df0 R08: ffffa2435d99c200 R09:
0000000100200007
[ 1930.569124] R10: ffffa5f0409a3e10 R11: ffffa2462c079ac0 R12:
ffffa2463ec9c400
[ 1930.570037] R13: ffffa2435d99f9e8 R14: ffffa2463ec98300 R15:
0000000000000002
[ 1930.570982] FS: 0000000000000000(0000) GS:ffffa2463ec80000(0000)
knlGS:0000000000000000
[ 1930.571938] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1930.572894] CR2: 0000000000ed7000 CR3: 00000003c8c51000 CR4:
00000000000406e0
[ 1930.573857] Call Trace:
[ 1930.574783] ? __slab_free.isra.68+0x7a/0x210
[ 1930.575744] ? __slab_free.isra.68+0x7a/0x210
[ 1930.576698] ? radeon_mn_destroy+0x3a/0x188
[ 1930.577650] ? radeon_mn_destroy+0x3a/0x188
[ 1930.578577] ? process_one_work+0x151/0x2d0
[ 1930.579515] ? worker_thread+0x1f0/0x380
[ 1930.580450] ? kthread+0xf2/0x128
[ 1930.581381] ? process_one_work+0x2d0/0x2d0
[ 1930.582309] ? kthread_create_on_node+0x40/0x40
[ 1930.583195] ? ret_from_fork+0x22/0x30
[ 1930.584100] Code: 85 c0 0f 84 31 02 00 00 65 48 8b 04 25 80 c2 00 00 48 8b
00 a8 08 75 23 e8 dc be 72 ff 49 8b 45 00 48 83 e0 f8 0f 84 3e 02 00 00 <8b> 58
60 e8 ee be 72 ff 85 db 0f 85 33 02 00 00 65 48 8b 04 25
[ 1930.585083] RIP: __mutex_lock.isra.1+0x82/0x518 RSP: ffffa5f0409a3d60
[ 1930.592739] ---[ end trace 397a922d2c74a9bd ]---
[ 1932.388592] sched: RT throttling activated
[ 1935.978694] note: kworker/2:2[646] exited with preempt_count 1
Steps= Run X-Plane 11 on Linux with Mesa drivers.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>