[Intel-gfx] KMS libdrm crash

Jesse Barnes jbarnes at virtuousgeek.org
Mon Jan 4 20:27:59 CET 2010 

On Sat, 02 Jan 2010 14:14:30 +0000
Peter Clifton <pcjc2 at cam.ac.uk> wrote:

> Hi guys,
> 
> I know this belongs in a bug report, but lets first figure out what /
> where the fault lies.. then I might be able to figure out where to
> file it.
> 
> I've BCC'd ubuntu-x, as I'm testing their "xorg-edgers" stuff, and
> wanted them to be aware of this, but don't think they need to remain
> on the 'CC list for all replies.
> 
> 
> I've been seeing intermittent crashes on X start-up with the latest
> code. (GM45)
> 
> git HEAD 2D driver, libdrm, and "drm-intel-next" branch from
> git://git.kernel.org/pub/scm/linux/kernel/git/anholt/drm-intel
> 
> (Is this the right place to get the latest from?)..
> 
> 
> Anyway.. I managed to persuade apport to get a retrace. (It was
> uncooperative at first though).
> 
> This is the backtrace:
> 
> 
> #0  drmmode_ConvertFromKMode (scrn=<value optimised out>, kmode=0x0, 
>     mode=0x87b0554) at ../../src/drmmode_display.c:240
> 240		mode->Clock = kmode->clock;
> (gdb) #
> (gdb) bt
> #0  drmmode_ConvertFromKMode (scrn=<value optimised out>, kmode=0x0,
> mode=0x87b0554) at ../../src/drmmode_display.c:240 #1  0x001cc335 in
> drmmode_output_get_modes (output=0x87ab5e8)
> at ../../src/drmmode_display.c:836 #2  0x080cbb56 in
> xf86ProbeOutputModes (scrn=0x8797c88, maxX=8192, maxY=8192)
> at ../../../../hw/xfree86/modes/xf86Crtc.c:1607 #3  0x080cc551 in
> xf86InitialConfiguration (scrn=0x8797c88, canGrow=1)
> at ../../../../hw/xfree86/modes/xf86Crtc.c:2358 #4  0x001cdfd3 in
> drmmode_pre_init (scrn=0x8797c88, fd=9, cpp=4)
> at ../../src/drmmode_display.c:1417 #5  0x001b3455 in I830DrmModeInit
> (scrn=0x8797c88, flags=<value optimised out>)
> at ../../src/i830_driver.c:779 #6  I830PreInit (scrn=0x8797c88,
> flags=<value optimised out>) at ../../src/i830_driver.c:910 #7
> 0x080b6fa8 in InitOutput (pScreenInfo=0x81fd460, argc=8,
> argv=0xbfeb0ed4) at ../../../../hw/xfree86/common/xf86Init.c:841 #8
> 0x08066b3b in main (argc=8, argv=0xbfeb0ed4, envp=0xbfeb0ef8)
> at ../../dix/main.c:205
> 
> Looking at frame 1, 
> 
> (gdb) frame 1
> (gdb) print *koutput
> $2 = {connector_id = 15, encoder_id = 0, connector_type = 6, 
>   connector_type_id = 1, connection = DRM_MODE_CONNECTED, mmWidth =
> 0, mmHeight = 0, subpixel = DRM_MODE_SUBPIXEL_UNKNOWN, count_modes =
> 4, modes = 0x0, count_props = 7, props = 0x8798438, prop_values =
> 0x87ab8e8, count_encoders = 1, encoders = 0x87ab280}
> 
> We see that the "modes" list is NULL, but count_modes is 4. That is
> why the crash occurs when we access the modes array.
> 
> Having instrumented the drmmode_output_get_modes() function, I
> discovered that in some cases the first call to the
> DRM_IOCTL_MODE_GETCONNECTOR ioctl indeed returns count_modes = 0, so
> no memory is allocated for modes to be returned.
> 
> Upon the subsequent ioctl to fill in the details, magically the drm
> driver can now find some modes - and it returns a positive mode count.
> Since no memory was allocated to store them, it can't return the data.
> 
> 
> So.. looks like libdrm / kernel code assume the mode list doesn't
> change between ioctls - it clearly does -> BUG.

Ouch, yeah that's ugly.  The mode list could definitely change between
the two calls though (e.g. due to hotplug) so we need to handle that
case.  I wonder why the first call is failing though... assuming your
config hasn't changed between calls, the first call should have the
right mode list and count...

> Or.. should it not change?
> 
> 
> On this machine, I get intermittent (false) detection of TV-out modes,
> in spite having no TV connected. Just running xrandr 10 times in a row
> gave many different outputs, e.g.:
> 
> ---------------------------
> TV1 disconnected (normal left inverted right x axis y axis)
> ---------------------------
> TV1 connected 1360x768+1680+0 (normal left inverted right x axis y
> axis) 0mm x 0mm
>    1360x768       59.8* 
>    1152x864       60.0  
>    1024x768       60.0  
>    800x600        60.3  
>    640x480        59.9  
> ---------------------------
> TV1 connected 848x480+1680+0 (normal left inverted right x axis y
> axis) 0mm x 0mm
>    848x480        30.0*+
>    640x480        30.0 +
>    1024x768       30.0  
>    800x600        30.0  
> ---------------------------
> TV1 disconnected (normal left inverted right x axis y axis)
>   848x480 (0x12d)   14.5MHz
>         h: width   848 start  849 end  912 total  944 skew    0
> clock   15.4KHz v: height  480 start  481 end  512 total
> 513           clock   30.0Hz ---------------------------
> 
> 
> This is clearly also a bug, but it would seem that there is still an
> issue with the DRM_IOCTL_MODE_GETCONNECTOR ioctl.
> 
> Is there anything I can do to debug this further?
> Disable the TV-out port temporarily to avoid the crashes?
> (For now I just patched libdrm to be smarter about not crashing).
> 
> Make TV out detection more robust? (Is that the correct fix, or does
> it still leave a race condition?)
> 
> Let me know what other details you want.

This sounds like a separate bug with TV detection.  Does your platform
actually have a TV connector?  If not, we shouldn't even be reporting
the output, but if so, then it sounds like we need to improve our load
detect code.

-- 
Jesse Barnes, Intel Open Source Technology Center

More information about the Intel-gfx mailing list