Skip to content

glx: Destroy base screen after deinitScreen

David Rosca requested to merge nowrep/mesa:glx-destroyscreen into main

What does this MR do and why?

glx: Destroy base screen after deinitScreen

Instead of destroying it before deinitScreen to match the original order.

Fixes: 407a9094f70 ("glx: move base screen destroy to glx_screen_cleanup")
==106184==ERROR: AddressSanitizer: heap-use-after-free on address 0x51500034ccc8 at pc 0x7fffd4b948a9 bp 0x7fffbbffe350 sp 0x7fffbbffe340
READ of size 8 at 0x51500034ccc8 thread T33
    #0 0x7fffd4b948a8 in si_flush_all_queues ../src/gallium/drivers/radeonsi/si_fence.c:469
    #1 0x7fffd4b94f74 in si_flush_from_st ../src/gallium/drivers/radeonsi/si_fence.c:539
    #2 0x7fffd3ddf3b2 in tc_flush ../src/gallium/auxiliary/util/u_threaded_context.c:3670
    #3 0x7fffd2b33794 in st_flush ../src/mesa/state_tracker/st_cb_flush.c:63
    #4 0x7fffd2b9eb0f in st_context_flush ../src/mesa/state_tracker/st_manager.c:821
    #5 0x7fffd2062ff0 in dri_destroy_context ../src/gallium/frontends/dri/dri_context.c:276
    #6 0x7fffd2072ff8 in driDestroyContext ../src/gallium/frontends/dri/dri_util.c:641
    #7 0x7fffd2080fb5 in loader_dri3_close_screen ../src/gallium/frontends/dri/loader_dri3_helper.c:2292
    #8 0x7fffd5bb3a90 in dri3_deinit_screen ../src/glx/dri3_glx.c:432
    #9 0x7fffd5b7bc09 in FreeScreenConfigs ../src/glx/glxext.c:243
    #10 0x7fffd5b7be96 in glx_display_free ../src/glx/glxext.c:280
    #11 0x7fffd5b7c133 in __glXCloseDisplay ../src/glx/glxext.c:310
    #12 0x7fffe7ddd413 in XCloseDisplay (/usr/lib/libX11.so.6+0x1f413) (BuildId: f397017ec7586e5d27386d25fa836980491bc587)
    #13 0x7fffbfba991c  (/usr/lib/vlc/plugins/video_output/libglx_plugin.so+0x191c) (BuildId: 7b6366ac1916f317786a1b4074c6fe08c5213524)
    #14 0x7ffff71150af in vlc_module_unload (/usr/lib/libvlccore.so.9+0x270af) (BuildId: 3b6bd4f24e18a71b7852f697ab26e6dbf6a0dcb4)
    #15 0x7ffff71770ed in vlc_gl_Release (/usr/lib/libvlccore.so.9+0x890ed) (BuildId: 3b6bd4f24e18a71b7852f697ab26e6dbf6a0dcb4)
    #16 0x7fffc0b20fee  (/usr/lib/vlc/plugins/video_output/libgl_plugin.so+0x4fee) (BuildId: e0d778a3155df18c155c9c2016799bfa7a95004d)
    #17 0x7ffff71150af in vlc_module_unload (/usr/lib/libvlccore.so.9+0x270af) (BuildId: 3b6bd4f24e18a71b7852f697ab26e6dbf6a0dcb4)
    #18 0x7ffff716c915  (/usr/lib/libvlccore.so.9+0x7e915) (BuildId: 3b6bd4f24e18a71b7852f697ab26e6dbf6a0dcb4)
    #19 0x7ffff7170c31  (/usr/lib/libvlccore.so.9+0x82c31) (BuildId: 3b6bd4f24e18a71b7852f697ab26e6dbf6a0dcb4)
    #20 0x7ffff785d109 in asan_thread_start /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:234
    #21 0x7ffff76a339c  (/usr/lib/libc.so.6+0x9439c) (BuildId: 98b3d8e0b8c534c769cb871c438b4f8f3a8e4bf3)
    #22 0x7ffff772849b  (/usr/lib/libc.so.6+0x11949b) (BuildId: 98b3d8e0b8c534c769cb871c438b4f8f3a8e4bf3)

0x51500034ccc8 is located 328 bytes inside of 488-byte region [0x51500034cb80,0x51500034cd68)
freed by thread T33 here:
    #0 0x7ffff78fc282 in free /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:52
    #1 0x7fffd4ea4978 in amdgpu_winsys_destroy_locked ../src/gallium/winsys/amdgpu/drm/amdgpu_winsys.c:133
    #2 0x7fffd4ea4998 in amdgpu_winsys_destroy ../src/gallium/winsys/amdgpu/drm/amdgpu_winsys.c:138
    #3 0x7fffd4bbd631 in si_destroy_screen ../src/gallium/drivers/radeonsi/si_pipe.c:1067
    #4 0x7fffd206f2d8 in dri_release_screen ../src/gallium/frontends/dri/dri_screen.c:565
    #5 0x7fffd206f3b5 in dri_destroy_screen ../src/gallium/frontends/dri/dri_screen.c:580
    #6 0x7fffd20708b3 in driDestroyScreen ../src/gallium/frontends/dri/dri_util.c:207
    #7 0x7fffd5b7f88c in glx_screen_cleanup ../src/glx/glxext.c:744
    #8 0x7fffd5b7bbc6 in FreeScreenConfigs ../src/glx/glxext.c:239
    #9 0x7fffd5b7be96 in glx_display_free ../src/glx/glxext.c:280
    #10 0x7fffd5b7c133 in __glXCloseDisplay ../src/glx/glxext.c:310
    #11 0x7fffe7ddd413 in XCloseDisplay (/usr/lib/libX11.so.6+0x1f413) (BuildId: f397017ec7586e5d27386d25fa836980491bc587)
    #12 0x7fffbfba991c  (/usr/lib/vlc/plugins/video_output/libglx_plugin.so+0x191c) (BuildId: 7b6366ac1916f317786a1b4074c6fe08c5213524)

previously allocated by thread T33 here:
    #0 0x7ffff78fd1aa in calloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:77
    #1 0x7fffd4ea5dfd in amdgpu_winsys_create ../src/gallium/winsys/amdgpu/drm/amdgpu_winsys.c:372
    #2 0x7fffd4bc1959 in radeonsi_screen_create ../src/gallium/drivers/radeonsi/si_pipe.c:1554
    #3 0x7fffd2060bce in pipe_radeonsi_create_screen ../src/gallium/auxiliary/target-helpers/drm_helper.h:202
    #4 0x7fffd3fd4b52 in pipe_loader_drm_create_screen ../src/gallium/auxiliary/pipe-loader/pipe_loader_drm.c:371
    #5 0x7fffd3fd2864 in pipe_loader_create_screen_vk ../src/gallium/auxiliary/pipe-loader/pipe_loader.c:181
    #6 0x7fffd3fd28ff in pipe_loader_create_screen ../src/gallium/auxiliary/pipe-loader/pipe_loader.c:187
    #7 0x7fffd2094d51 in dri2_init_screen ../src/gallium/frontends/dri/dri2.c:2016
    #8 0x7fffd20700da in driCreateNewScreen3 ../src/gallium/frontends/dri/dri_util.c:138
    #9 0x7fffd5b66487 in dri_screen_init ../src/glx/dri_common.c:995
    #10 0x7fffd5bb4388 in dri3_create_screen ../src/glx/dri3_glx.c:556
    #11 0x7fffd5b804d0 in AllocAndFetchScreenConfigs ../src/glx/glxext.c:875
    #12 0x7fffd5b81316 in __glXInitialize ../src/glx/glxext.c:1076
    #13 0x7fffd5b73a78 in glXGetFBConfigs ../src/glx/glxcmds.c:1467
    #14 0x7fffd5b7351e in glXChooseFBConfig ../src/glx/glxcmds.c:1407
    #15 0x7fffefa3c264 in glXChooseFBConfig (/usr/lib/libGLX.so.0+0x1c264) (BuildId: 37ff8da6f4b10ab01d014e0d5d94412e520fbef9)

Thread T33 created by T24 here:
    #0 0x7ffff78f468b in pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:245
    #1 0x7ffff71a61bc  (/usr/lib/libvlccore.so.9+0xb81bc) (BuildId: 3b6bd4f24e18a71b7852f697ab26e6dbf6a0dcb4)

Thread T24 created by T22 here:
    #0 0x7ffff78f468b in pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:245
    #1 0x7fffbd021744  (/usr/lib/libavcodec.so.58+0x21744) (BuildId: 1325315f2a7ee6691d367a0dde7baceb88fabe74)

Thread T22 created by T2 here:
    #0 0x7ffff78f468b in pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:245
    #1 0x7ffff71a61bc  (/usr/lib/libvlccore.so.9+0xb81bc) (BuildId: 3b6bd4f24e18a71b7852f697ab26e6dbf6a0dcb4)

Thread T2 created by T0 here:
    #0 0x7ffff78f468b in pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:245
    #1 0x7ffff71a61bc  (/usr/lib/libvlccore.so.9+0xb81bc) (BuildId: 3b6bd4f24e18a71b7852f697ab26e6dbf6a0dcb4)

SUMMARY: AddressSanitizer: heap-use-after-free ../src/gallium/drivers/radeonsi/si_fence.c:469 in si_flush_all_queues

Merge request reports

Loading