Bug 103850

Summary: "Quern" game crashes on start-up
Product: Mesa Reporter: yunta83
Component: Drivers/Gallium/radeonsiAssignee: Default DRI bug account <dri-devel>
Status: RESOLVED DUPLICATE QA Contact: Default DRI bug account <dri-devel>
Severity: normal    
Priority: medium    
Version: 17.3   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: Quern crash - bt full
Unturned crash - bt full
Quern - valgrind output
Unturned - valgrind output

Description yunta83 2017-11-22 19:57:21 UTC 
Created attachment 135670 [details]
Quern crash - bt full

Quern crashes before showing the main menu. 
Same happens with "Unturned" game, with pretty much identical stack.

Started through Steam, on Fedora 26 with self-compiled mesa 17.3.0-rc5.
AMD Vega 64.

Possibly duplicate of https://bugs.freedesktop.org/show_bug.cgi?id=101675

Backtrace (bt full in attachment):

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007fb8d09d3800 in __GI_abort () at abort.c:89
#2  0x00007fb8cdfbec4a in ?? ()
   from /home/yunta/.local/share/Steam/steamapps/common/Quern - Undying Thoughts/Quern_Data/Mono/x86_64/libmono.so
#3  <signal handler called>
#4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#5  0x00007fb8d09d3800 in __GI_abort () at abort.c:89
#6  0x00007fb8d0a17bb1 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7fb8d0b379f8 "*** Error in `%s': %s: 0x%s ***\n")
    at ../sysdeps/posix/libc_fatal.c:175
#7  0x00007fb8d0a22a59 in malloc_printerr (ar_ptr=<optimized out>, ptr=<optimized out>, str=0x7fb8d0b345e6 "free(): invalid size",
    action=<optimized out>) at malloc.c:5077
#8  _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3873
#9  0x00007fb8d0a283be in __GI___libc_free (mem=<optimized out>) at malloc.c:2947
#10 0x00007fb8c57d2bb6 in check_explicit_uniform_locations (ctx=0x3605410, prog=0x7fb8ac003b60) at glsl/linker.cpp:3532
#11 0x00007fb8c57d6029 in link_shaders (ctx=0x3605410, prog=0x7fb8ac003b60) at glsl/linker.cpp:4968
#12 0x00007fb8c56bfcde in _mesa_glsl_link_shader (ctx=0x3605410, prog=0x7fb8ac003b60) at program/ir_to_mesa.cpp:3111
#13 0x00007fb8c54dcc6d in create_new_program (ctx=0x3605410, key=0x7fb8b3ffe520) at main/ff_fragment_shader.cpp:1126
#14 0x00007fb8c54dcd26 in _mesa_get_fixed_func_fragment_program (ctx=0x3605410) at main/ff_fragment_shader.cpp:1156
#15 0x00007fb8c55c626a in update_program (ctx=ctx@entry=0x3605410) at main/state.c:134
#16 0x00007fb8c55c6528 in _mesa_update_state_locked (ctx=ctx@entry=0x3605410) at main/state.c:356
#17 0x00007fb8c55c65c1 in _mesa_update_state (ctx=ctx@entry=0x3605410) at main/state.c:386
#18 0x00007fb8c55dd258 in texture_sub_image (ctx=ctx@entry=0x3605410, dims=dims@entry=2, texObj=0x7fb8ac000fd0,
    texImage=texImage@entry=0x7fb8ac001480, target=target@entry=3553, level=level@entry=0, xoffset=0, yoffset=0, zoffset=0, width=4,
    height=4, depth=1, format=6408, type=5121, pixels=0x3670590, dsa=false) at main/teximage.c:3227
#19 0x00007fb8c55dff7a in texsubimage_err (ctx=0x3605410, dims=2, target=3553, level=0, xoffset=0, yoffset=0, zoffset=0, width=4, height=4,
    depth=1, format=6408, type=5121, pixels=0x3670590, callerName=0x7fb8c5dc32a6 "glTexSubImage2D") at main/teximage.c:3304
#20 0x00007fb8c55e4368 in _mesa_TexSubImage2D (target=<optimized out>, level=<optimized out>, xoffset=<optimized out>,
    yoffset=<optimized out>, width=<optimized out>, height=<optimized out>, format=6408, type=5121, pixels=0x3670590) at main/teximage.c:3522
#21 0x0000000000f86cbd in ?? ()
#22 0x0000000000f6072f in ?? ()
#23 0x0000000000f0480a in ?? ()
#24 0x0000000000f09c4f in ?? ()
#25 0x0000000000f002f7 in ?? ()
#26 0x00000000008e0158 in ?? ()
#27 0x00007fb8d221536d in start_thread (arg=0x7fb8b3fff700) at pthread_create.c:456
#28 0x00007fb8d0aabe1f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
Comment 1 yunta83 2017-11-22 19:58:03 UTC 
Created attachment 135671 [details]
Unturned crash - bt full
Comment 2 Michel Dänzer 2017-11-23 09:01:39 UTC 
Looks like there might be memory corruption, can you run one of these games in valgrind and attach the output from valgrind?
Comment 3 yunta83 2017-11-23 19:49:55 UTC 
Created attachment 135687 [details]
Quern - valgrind output
Comment 4 yunta83 2017-11-23 19:50:28 UTC 
Created attachment 135688 [details]
Unturned - valgrind output
Comment 5 yunta83 2017-11-23 19:55:45 UTC 
(In reply to Michel Dänzer from comment #2)
> Looks like there might be memory corruption, can you run one of these games
> in valgrind and attach the output from valgrind?

Valgrind output attached. Looks quite useless to me...

Interestingly, Quern actually shows the main menu when run under valgrind.
A duplicate of https://bugs.freedesktop.org/show_bug.cgi?id=101675 then?
Comment 6 Michel Dänzer 2017-11-24 09:03:28 UTC 
The valgrind output for Quern shows writes to freed memory, because the game makes libX11 calls using a display handle that it had already closed. That's a bug in the game (or maybe in a library it links statically), which could explain the crash.

I don't see any obvious issue in the valgrind output for Unturned either though.
Comment 7 yunta83 2018-01-02 20:18:20 UTC 
Both games use the Unity engine. Marking this as duplicate of 103769.

*** This bug has been marked as a duplicate of bug 103769 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.