Re: [Mesa-dev] Crash in iris_bufmgr.c
Kenneth, > Ouch. Thanks for letting me know. Fixed by: > > commit 53878f7a8989879b0f3ca37df9fd1fb37f2525ca > Author: Kenneth Graunke > Date: Wed May 29 23:20:31 2019 -0700 > > iris: Be lazy about cleaning up purged BOs in the cache. > Thanks for fixing! Works again! best Mathias ___ mesa-dev mailing list mesa-dev@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/mesa-dev
Re: [Mesa-dev] Crash in iris_bufmgr.c
On Wednesday, May 29, 2019 10:30:45 PM PDT Mathias Fröhlich wrote: > Hi Kenneth, > > since your recent changes, I get a zero pointer dereference in > alloc_bo_from_cache on one workload here: > > What I get is > > Thread 2 "" received signal SIGSEGV, Segmentation fault. > [Switching to Thread 0x7fffef776700 (LWP 20924)] > list_del (item=0x7fffe8ae4020) at ../src/util/list.h:91 > 91 item->prev->next = item->next; > (gdb) p item->prev > $1 = (struct list_head *) 0x0 > (gdb) where > #0 list_del (item=0x7fffe8ae4020) at ../src/util/list.h:91 > #1 0x7469072f in alloc_bo_from_cache (bufmgr=0x4d8370, > bucket=0x4d8418, memzone=IRIS_MEMZONE_OTHER, flags=0, match_zone=true) > at ../src/gallium/drivers/iris/iris_bufmgr.c:387 > [...] > > I think the reason is that you use list_for_each_entry_safe in > alloc_bo_from_cache in the outer loop and store a pointer to > the next list entry. But when you call into iris_bo_cache_purge_bucket > from inside that loop the function body there may walk the same list > node than __next from list_for_each_entry_safe in alloc_bo_from_cache > points to and may zero the list pointers out. > > You may know best how to fix that. > > best and thanks > Mathias Ouch. Thanks for letting me know. Fixed by: commit 53878f7a8989879b0f3ca37df9fd1fb37f2525ca Author: Kenneth Graunke Date: Wed May 29 23:20:31 2019 -0700 iris: Be lazy about cleaning up purged BOs in the cache. signature.asc Description: This is a digitally signed message part. ___ mesa-dev mailing list mesa-dev@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/mesa-dev
[Mesa-dev] Crash in iris_bufmgr.c
Hi Kenneth, since your recent changes, I get a zero pointer dereference in alloc_bo_from_cache on one workload here: What I get is Thread 2 "" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffef776700 (LWP 20924)] list_del (item=0x7fffe8ae4020) at ../src/util/list.h:91 91 item->prev->next = item->next; (gdb) p item->prev $1 = (struct list_head *) 0x0 (gdb) where #0 list_del (item=0x7fffe8ae4020) at ../src/util/list.h:91 #1 0x7469072f in alloc_bo_from_cache (bufmgr=0x4d8370, bucket=0x4d8418, memzone=IRIS_MEMZONE_OTHER, flags=0, match_zone=true) at ../src/gallium/drivers/iris/iris_bufmgr.c:387 [...] I think the reason is that you use list_for_each_entry_safe in alloc_bo_from_cache in the outer loop and store a pointer to the next list entry. But when you call into iris_bo_cache_purge_bucket from inside that loop the function body there may walk the same list node than __next from list_for_each_entry_safe in alloc_bo_from_cache points to and may zero the list pointers out. You may know best how to fix that. best and thanks Mathias ___ mesa-dev mailing list mesa-dev@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/mesa-dev
