radeonsi: Check aux_context on si_destroy_screen()
The function radeonsi_screen_create_impl()
tries to create the
aux_context
but doesn't actually check for the returned value from
si_create_context()
.
Then, on si_destroy_screen()
the aux_context is used without actually
checking whether it's a thing or not.
As a result, if for any reason si_create_context()
failed, we shall
crash in si_destroy_screen()
with a NULL
pointer dereference trying to
access ((struct si_context *)sscreen->aux_context)->log
.
I think this is what is causing downstream issue https://bugzilla.redhat.com/show_bug.cgi?id=1975031.
The logs show:
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon: size : 65536 bytes
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon: alignment : 4096 bytes
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon: domains : 4
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon: va : 0x0000000100000000
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon: Failed to deallocate virtual address for buffer:
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon: size : 65536 bytes
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon: va : 0x100000000
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon: Failed to allocate virtual address for buffer:
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon: size : 65536 bytes
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon: alignment : 4096 bytes
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon: domains : 4
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon: va : 0x0000000100000000
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon: Failed to deallocate virtual address for buffer:
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon: size : 65536 bytes
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon: va : 0x100000000
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeonsi: Failed to create a context.
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE)
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) Backtrace:
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 0: /usr/bin/Xwayland (0x55bed1776000+0x1655f9) [0x55bed18db5f9]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 1: /usr/bin/Xwayland (0x55bed1776000+0x165702) [0x55bed18db702]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 2: /lib64/libc.so.6 (0x7f310da62000+0x3d320) [0x7f310da9f320]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 3: /usr/lib64/dri/radeonsi_dri.so (0x7f310b6aa000+0x961b34) [0x7f310c00bb34]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 4: /usr/lib64/dri/radeonsi_dri.so (0x7f310b6aa000+0x1b0345) [0x7f310b85a345]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 5: /usr/lib64/dri/radeonsi_dri.so (0x7f310b6aa000+0x1b0379) [0x7f310b85a379]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 6: /usr/lib64/dri/radeonsi_dri.so (0x7f310b6aa000+0x6c5393) [0x7f310bd6f393]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 7: /lib64/libEGL_mesa.so.0 (0x7f310d084000+0x1d1c7) [0x7f310d0a11c7]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 8: /lib64/libEGL_mesa.so.0 (0x7f310d084000+0x1d750) [0x7f310d0a1750]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 9: /lib64/libEGL_mesa.so.0 (0x7f310d084000+0x1130a) [0x7f310d09530a]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 10: /usr/bin/Xwayland (0x55bed1776000+0x42328) [0x55bed17b8328]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 11: /usr/bin/Xwayland (0x55bed1776000+0x35dfb) [0x55bed17abdfb]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 12: /lib64/libc.so.6 (__libc_start_main+0xd5) [0x7f310da89b75]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 13: /usr/bin/Xwayland (0x55bed1776000+0x3858e) [0x55bed17ae58e]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE)
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) Segmentation fault at address 0x520
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE)
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: Fatal server error:
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) Caught signal 11 (Segmentation fault). Server aborting
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE)
So "radeonsi: Failed to create a context" is from si_create_context() and it returns NULL.
radeonsi_screen_create_impl() does:
1361 /* Create the auxiliary context. This must be done last. */
1362 sscreen->aux_context = si_create_context()
But doesn't seem to check whether the context was actually created.
Then, in si_destroy_screen(), it does:
845 struct u_log_context *aux_log = ((struct si_context *)sscreen->aux_context)->log;
So if aux_context is NULL, that's a NULL pointer dereference.
And that's precisely the crash point in the backtrace:
#7 <signal handler called>
No locals.
#8 0x00007f310c00bb34 in si_destroy_screen (pscreen=0x55bed3aeac80) at ../src/gallium/drivers/radeonsi/si_pipe.c:845
sscreen = 0x55bed3aeac80
parts = {0x7f310e272e00 <epoxy_eglQueryString>, 0x0, 0x0, 0x0, 0x0}
i = <optimized out>
aux_log = <optimized out>
#9 0x00007f310b85a345 in dri_destroy_screen_helper (screen=0x55bed3ae5110) at ../src/gallium/frontends/dri/dri_screen.c:532
No locals.
[…]