[Bug 82279] New: SDL applications crash when changing video mode: double free or corruption
https://bugs.freedesktop.org/show_bug.cgi?id=82279
Priority: medium Bug ID: 82279 Assignee: dri-devel@lists.freedesktop.org Summary: SDL applications crash when changing video mode: double free or corruption Severity: normal Classification: Unclassified OS: Linux (All) Reporter: xamaniqinqu@gmail.com Hardware: x86-64 (AMD64) Status: NEW Version: git Component: Drivers/Gallium/radeonsi Product: Mesa
Created attachment 104195 --> https://bugs.freedesktop.org/attachment.cgi?id=104195&action=edit GDB backtrace of Dosbox crash.
Overview: SDL applications crash when changing video mode, "corrupted double-linked list" and "double free or corruption" are printed to stderr. The applications tested are Dosbox and Enemy Territory: Quake Wars.
Steps to reproduce: 1) Install an abandonware game such as Commander Keen 4 2) Run it in Dosbox 3) Depending on the game, press a key to start the game proper
Actual results: The application crashes upon changing video mode.
Expected results: The application changes video mode without causing a crash.
Build date and platform: Build date of all components: 2014-08-07 Platform: Gentoo GNU/Linux x86_64 Linux kernel version: 3.16
Additional information: Bisecting revealed the culprit commit to be "58d2afa2232060b88f9c444ce7a0d6e63c841bb2: radeonsi: fix leaking the bound state on destruction v2". See attachments for backtraces.
https://bugs.freedesktop.org/show_bug.cgi?id=82279
--- Comment #1 from Remco Zoet xamaniqinqu@gmail.com --- Created attachment 104196 --> https://bugs.freedesktop.org/attachment.cgi?id=104196&action=edit GDB full backtrace of Dosbox crash.
https://bugs.freedesktop.org/show_bug.cgi?id=82279
Remco Zoet xamaniqinqu@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |bisected
https://bugs.freedesktop.org/show_bug.cgi?id=82279
Remco Zoet xamaniqinqu@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|SDL applications crash when |[bisected] SDL applications |changing video mode: double |crash when changing video |free or corruption |mode: double free or | |corruption
https://bugs.freedesktop.org/show_bug.cgi?id=82279
--- Comment #2 from Remco Zoet xamaniqinqu@gmail.com --- Some additional information: the crash (obviously) only occurs when Dosbox uses opengl rendering. For this, 'output=opengl' or 'output=openglnb' needs to be set in ~/${USER}/.dosbox/dosbox-${VERSION}.conf.
https://bugs.freedesktop.org/show_bug.cgi?id=82279
Remco Zoet xamaniqinqu@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|[bisected] SDL applications |SDL applications crash when |crash when changing video |changing video mode: double |mode: double free or |free or corruption |corruption |
https://bugs.freedesktop.org/show_bug.cgi?id=82279
Remco Zoet xamaniqinqu@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|SDL applications crash when |SDL applications crash when |changing video mode: double |changing video mode on |free or corruption |radeonsi: double free or | |corruption
https://bugs.freedesktop.org/show_bug.cgi?id=82279
Michel Dänzer michel@daenzer.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |deathsimple@vodafone.de Summary|SDL applications crash when |[bisected] double free or |changing video mode on |corruption on context |radeonsi: double free or |destruction with |corruption |postprocessing enabled
--- Comment #3 from Michel Dänzer michel@daenzer.net --- AFAICT this only happens if postprocessing is enabled via one of the pp_* driconf options or environment variables.
(In reply to comment #0)
Bisecting revealed the culprit commit to be"58d2afa2232060b88f9c444ce7a0d6e63c841bb2: radeonsi: fix leaking the bound state on destruction v2".
Christian, any ideas?
https://bugs.freedesktop.org/show_bug.cgi?id=82279
--- Comment #4 from Christian König deathsimple@vodafone.de --- (In reply to comment #3)
AFAICT this only happens if postprocessing is enabled via one of the pp_* driconf options or environment variables.
(In reply to comment #0)
Bisecting revealed the culprit commit to be"58d2afa2232060b88f9c444ce7a0d6e63c841bb2: radeonsi: fix leaking the bound state on destruction v2".
Christian, any ideas?
That looks like a bug in the post processing cleanup to me. The context the shaders belong to is destroyed before pp_free is called to destroy the shaders created from that context.
Since the bisected patch explicitly destroys all bound shaders of a context if the context is destroyed we get a double free of the shader.
https://bugs.freedesktop.org/show_bug.cgi?id=82279
--- Comment #5 from Remco Zoet xamaniqinqu@gmail.com --- I can now confirm that the crash only occurs with postprocessing enabled through driconf. Apparently, there was still a .drirc present on my /home partition from an earlier installation that had the 'pp_jimenezmlaa' and 'force_s3tc_enable' options enabled. Resetting .drirc to defaults allows me to run all SDL applications normally.
https://bugs.freedesktop.org/show_bug.cgi?id=82279
Christian König deathsimple@vodafone.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED
--- Comment #6 from Christian König deathsimple@vodafone.de --- I think that issue is fixed by now. Any objections to closing this bug?
dri-devel@lists.freedesktop.org
-
bugzilla-daemon@freedesktop.org