Skip to content
Snippets Groups Projects

null point in i965_dri while calling "intel_render_texture()"

    • Closed (moved) Issue created by Aravind srinivas @arvindms82

    Crash observed once while testing a Android infotainment based on Intel SoC. Looks like de-referencing null point caused this problem somewhere in "_swrast_render_texture". May be in " rb->Delete = delete_texture_wrapper;" or " update_wrapper(ctx, att);".Is it good idea to do null check for rb and att pointers?

    /**
 * Called when rendering to a texture image begins, or when changing
 * the dest mipmap level, cube face, etc.
 * This is a fallback routine for software render-to-texture.
 *
 * Called via the glRenderbufferTexture1D/2D/3D() functions
 * and elsewhere (such as glTexImage2D).
 *
 * The image we're rendering into is
 * att->Texture->Image[att->CubeMapFace][att->TextureLevel];
 * It'll never be NULL.
 *
 * \param fb  the framebuffer object the texture is being bound to
 * \param att  the fb attachment point of the texture
 *
 * \sa _mesa_FramebufferRenderbuffer_sw
 */
void
_swrast_render_texture(struct gl_context *ctx,
                       struct gl_framebuffer *fb,
                       struct gl_renderbuffer_attachment *att)
{
   struct gl_renderbuffer *rb = att->Renderbuffer;
   (void) fb;

   /* plug in our texture_renderbuffer-specific functions */
  rb->Delete = delete_texture_wrapper;

   update_wrapper(ctx, att);
}
    10-08 13:13:50.749  1000  3324  3324 F libc    : Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 3324 (surfaceflinger), pid 3324 (surfaceflinger)
10-08 13:13:50.787  1000 13561 13561 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
10-08 13:13:50.788  1058  3656  3656 I /system/bin/tombstoned: received crash request for pid 3324
10-08 13:13:50.790  1000 13561 13561 I crash_dump64: performing dump of process 3324 (target tid = 3324)
10-08 13:13:50.794  1000 13561 13561 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
10-08 13:13:50.794  1000 13561 13561 F DEBUG   : Build fingerprint: 'DELETED FOR SECURITY REASON'
10-08 13:13:50.794  1000 13561 13561 F DEBUG   : Revision: '0'
10-08 13:13:50.794  1000 13561 13561 F DEBUG   : ABI: 'x86_64'
10-08 13:13:50.794  1000 13561 13561 F DEBUG   : Timestamp: 2020-10-08 13:13:50+0200
10-08 13:13:50.794  1000 13561 13561 F DEBUG   : pid: 3324, tid: 3324, name: surfaceflinger  >>> /system/bin/surfaceflinger <<<
10-08 13:13:50.794  1000 13561 13561 F DEBUG   : uid: 1000
10-08 13:13:50.794  1000 13561 13561 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
10-08 13:13:50.794  1000 13561 13561 F DEBUG   : Cause: null pointer dereference
10-08 13:13:50.794  1000 13561 13561 F DEBUG   :     rax 0000000000000000  rbx 000070a8fc50c5a0  rcx 00000000ffffffb1  rdx 000070a8fc4febb0
10-08 13:13:50.794  1000 13561 13561 F DEBUG   :     r8  0000000000000003  r9  0000000000000000  r10 7000000000000000  r11 0000000000000246
10-08 13:13:50.795  1000 13561 13561 F DEBUG   :     r12 000070a8fc50c5a0  r13 000070a8fc4febb0  r14 000070a8fc50d720  r15 0000000000000000
10-08 13:13:50.795  1000 13561 13561 F DEBUG   :     rdi 0000000000000003  rsi 000070a8fc4fe900
10-08 13:13:50.795  1000 13561 13561 F DEBUG   :     rbp 00007ffd6d092660  rsp 00007ffd6d092630  rip 000070a8fe5e5350
10-08 13:13:50.840  1000 13561 13561 F DEBUG   : 
10-08 13:13:50.840  1000 13561 13561 F DEBUG   : backtrace:
10-08 13:13:50.840  1000 13561 13561 F DEBUG   :       #00 pc 000000000079b350  /vendor/lib64/dri/i965_dri.so (_swrast_render_texture+80) (BuildId: 2b620f9890b43a62bc90d5a9fb410159e7922a10)
10-08 13:13:50.840  1000 13561 13561 F DEBUG   :       #01 pc 000000000025c51c  /vendor/lib64/dri/i965_dri.so (intel_render_texture+268) (BuildId: 2b620f9890b43a62bc90d5a9fb410159e7922a10)
10-08 13:13:50.840  1000 13561 13561 F DEBUG   :       #02 pc 00000000006296ee  /vendor/lib64/dri/i965_dri.so (_mesa_bind_framebuffers+350) (BuildId: 2b620f9890b43a62bc90d5a9fb410159e7922a10)
10-08 13:13:50.840  1000 13561 13561 F DEBUG   :       #03 pc 0000000000629a3f  /vendor/lib64/dri/i965_dri.so (bind_framebuffer+143) (BuildId: 2b620f9890b43a62bc90d5a9fb410159e7922a10)
10-08 13:13:50.840  1000 13561 13561 F DEBUG   :       #04 pc 000000000062999c  /vendor/lib64/dri/i965_dri.so (_mesa_BindFramebuffer+12) (BuildId: 2b620f9890b43a62bc90d5a9fb410159e7922a10)
10-08 13:13:50.840  1000 13561 13561 F DEBUG   :       #05 pc 000000000014508d  /system/lib64/libsurfaceflinger.so (android::renderengine::gl::GLESRenderEngine::bindFrameBuffer(android::renderengine::Framebuffer*)+93) (BuildId: 62e9d06a39e9486f8b5632ab68c9209c)
10-08 13:13:50.840  1000 13561 13561 F DEBUG   :       #06 pc 0000000000146019  /system/lib64/libsurfaceflinger.so (android::renderengine::gl::GLESRenderEngine::drawLayers(android::renderengine::DisplaySettings const&, std::__1::vector<android::renderengine::LayerSettings, std::__1::allocator<android::renderengine::LayerSettings>> const&, ANativeWindowBuffer*, bool, android::base::unique_fd_impl<android::base::DefaultCloser>&&, android::base::unique_fd_impl<android::base::DefaultCloser>*)+489) (BuildId: 62e9d06a39e9486f8b5632ab68c9209c)
10-08 13:13:50.840  1000 13561 13561 F DEBUG   :       #07 pc 00000000000f94fb  /system/lib64/libsurfaceflinger.so (android::SurfaceFlinger::doComposeSurfaces(android::sp<android::DisplayDevice> const&, android::Region const&, android::base::unique_fd_impl<android::base::DefaultCloser>*)+5259) (BuildId: 62e9d06a39e9486f8b5632ab68c9209c)
10-08 13:13:50.840  1000 13561 13561 F DEBUG   :       #08 pc 00000000000f5771  /system/lib64/libsurfaceflinger.so (android::SurfaceFlinger::handleMessageRefresh()+3585) (BuildId: 62e9d06a39e9486f8b5632ab68c9209c)
10-08 13:13:50.840  1000 13561 13561 F DEBUG   :       #09 pc 00000000000f4612  /system/lib64/libsurfaceflinger.so (android::SurfaceFlinger::onMessageReceived(int)+12066) (BuildId: 62e9d06a39e9486f8b5632ab68c9209c)
10-08 13:13:50.840  1000 13561 13561 F DEBUG   :       #10 pc 0000000000018862  /system/lib64/libutils.so (android::Looper::pollInner(int)+370) (BuildId: 9e86217f0e3960e8374d12f1fc1a9fcf)
10-08 13:13:50.840  1000 13561 13561 F DEBUG   :       #11 pc 000000000001862a  /system/lib64/libutils.so (android::Looper::pollOnce(int, int*, int*, void**)+42) (BuildId: 9e86217f0e3960e8374d12f1fc1a9fcf)
10-08 13:13:50.840  1000 13561 13561 F DEBUG   :       #12 pc 00000000000e21cb  /system/lib64/libsurfaceflinger.so (android::impl::MessageQueue::waitMessage()+91) (BuildId: 62e9d06a39e9486f8b5632ab68c9209c)
10-08 13:13:50.840  1000 13561 13561 F DEBUG   :       #13 pc 00000000000f0cab  /system/lib64/libsurfaceflinger.so (android::SurfaceFlinger::run()+27) (BuildId: 62e9d06a39e9486f8b5632ab68c9209c)
10-08 13:13:50.840  1000 13561 13561 F DEBUG   :       #14 pc 00000000000033b7  /system/bin/surfaceflinger (main+855) (BuildId: 799c749ddeb0720ff3461f19c13ff491)
10-08 13:13:50.841  1000 13561 13561 F DEBUG   :       #15 pc 0000000000087da5  /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+101) (BuildId: cfa43da6ca12c50ce87e8de10d729292)
    Edited
    To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

    Child items 0

    • No child items are currently assigned. Use child items to break down this issue into smaller parts.

    Activity

    Please register or sign in to reply