Bug 11592

Summary: Segfault in r300EmitArrays in Mesa 7.0 (ati r300 dri) while executing Planeshift (3.019)
Product: Mesa Reporter: WolfgangKoebler <wk-list>
Component: Drivers/DRI/r300Assignee: Default DRI bug account <dri-devel>
Status: RESOLVED INVALID QA Contact:
Severity: normal    
Priority: medium    
Version: git   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: crash backtrace (in gdb)
verbose crash log (with mesa debug build + DEBUG_VP)

Description WolfgangKoebler 2007-07-13 14:24:24 UTC 
When executing Planeshift (3.019) I got a segfault after playing (probably) several minutes. Running it in gdb and doing a backtrace showed it is from  r300EmitArrays at r300_emit.c:122 (see attachment).

>	if (stride == 8)
!		COPY_DWORDS(out, data, count * 2);
>	else
>		for (i = 0; i < count; i++) {
>			out[0] = *(int *)data;
>			out[1] = *(int *)(data + 4);
>			out += 2;
>			data += stride;
>		}


I am using a self-compiled in Mesa 7.0 on Debian Etch with Radeon X300SE (ATI Technologies Inc RV370 5B60).

IIRC I also got a crash in the similar line 144 of the same source.
Comment 1 WolfgangKoebler 2007-07-13 14:27:17 UTC 
Created attachment 10715 [details]
crash backtrace (in gdb)
Comment 2 WolfgangKoebler 2007-07-13 14:48:50 UTC 
I tried to reproduce this bug with Mesa CSV (date 2007-07-13), but hit another bug (#11594) before I could reproduce it.
Comment 3 WolfgangKoebler 2007-07-17 11:40:00 UTC 
OK, now that bug 11594 is almost-fixed, I could reproduce the segfault with current (2007-07-17) git. Yet reproducing this bug is not yet easy. Logfile follows in Attachments.
Comment 4 WolfgangKoebler 2007-07-17 11:47:03 UTC 
Created attachment 10770 [details]
verbose crash log (with mesa debug build + DEBUG_VP)

38024 lines of
'Mesa: User error: GL_INVALID_ENUM in glActiveTexture(texture)' have been removed to make logfile more clear.
Comment 5 WolfgangKoebler 2007-07-17 15:52:45 UTC 
Disabling TC and AFP (as in bug 11594) seems to avoid this crash also.

(in reply to comment #3)
I said: "Yet reproducing this bug is not yet easy." This seems to be not entirely true. I got frequent crashes lately (However I still do not know what I need to do to get this crash in case it does not happen automatically).
Comment 6 WolfgangKoebler 2007-07-18 13:01:41 UTC 
I thought I would be done with providing information about this bug ...

(in reply to comment #5)
I said: "Disabling TC and AFP (as in bug 11594) seems to avoid this crash also." Now I got my first crash with TC and AFP disabled. So it may reduce crashes (hard to say if it really does), but it does not completely prevent them.

However, have fun.
Comment 7 WolfgangKoebler 2007-08-19 09:54:04 UTC 
It seems that setting "Vertex Buffer Object" from "Off" to "On" (in pssetup) avoids the crash (whatever that means, maybe double buffering ?)
Comment 8 mark 2009-02-04 11:44:25 UTC 
I can reproduce this issue as of 02-04-2009

GDB backtrace

Thread 1 (process 6790):
 #0 0xb7f29410 in __kernel_vsyscall ()
 #1 0xb7470085 in raise () from /lib/tls/i686/cmov/libc.so.6
 #2 0xb7471a01 in abort () from /lib/tls/i686/cmov/libc.so.6
 #3 0xb746910e in __assert_fail () from /lib/tls/i686/cmov/libc.so.6
 #4 0xb684551d in r300EmitArrays () from /usr/lib/dri/r300_dri.so
 #5 0xb6837901 in ?? () from /usr/lib/dri/r300_dri.so
 #6 0xb68386bb in ?? () from /usr/lib/dri/r300_dri.so
 #7 0xb68cbf33 in _tnl_run_pipeline () from /usr/lib/dri/r300_dri.so
 #8 0xb68cc4b1 in _tnl_draw_prims () from /usr/lib/dri/r300_dri.so
 #9 0xb68c5020 in vbo_exec_vtx_flush () from /usr/lib/dri/r300_dri.so
 #10 0xb68c15b8 in vbo_exec_FlushVertices () from /usr/lib/dri/r300_dri.so
 #11 0xb69635e1 in ?? () from /usr/lib/dri/r300_dri.so
 #12 0xb6966c76 in _mesa_set_enable () from /usr/lib/dri/r300_dri.so
 #13 0xb696744e in _mesa_Disable () from /usr/lib/dri/r300_dri.so
 #14 0x086a104d in CLinuxRendererGL::RenderSoftware (this=0x8dabf88, flags=0, 
 index=1) at LinuxRendererGL.cpp:2100
 #15 0x086a2704 in CLinuxRendererGL::Render (this=0x92ca200, flags=0, 
 renderBuffer=1) at LinuxRendererGL.cpp:1476
 #16 0x086a3e08 in CLinuxRendererGL::RenderUpdate (this=0x92ca200, clear=true, 
 flags=0, alpha=255) at LinuxRendererGL.cpp:1073
 #17 0x086a6ba1 in CXBoxRenderManager::PresentSingle (this=0x8bda6c0)
 at RenderManager.cpp:426
 #18 0x086a6c6e in CXBoxRenderManager::Present (this=0x8bda6c0)
 at RenderManager.cpp:414
 #19 0x082aad66 in CApplication::RenderNoPresent (this=0x8bd48a0)
 at Application.cpp:2237
 #20 0x082aaf27 in CApplication::Render (this=0x8bd48a0) at Application.cpp:2465
 #21 0x085e588d in CXBApplicationEx::Run (this=0x8bd48a0)
 at XBApplicationEx.cpp:259
 #22 0x085e85a0 in main (argc=4, argv=0xbf83cd04) at XboxMediaCenter.cpp:117
Comment 9 Maciej Cencora 2009-08-15 17:23:22 UTC 
Could you try with newest mesa from git?
There have been many changes since Mesa 7.5, and your problem may be fixed already.
Comment 10 Adam Jackson 2009-08-24 12:27:20 UTC 
Mass version move, cvs -> git
Comment 11 Maciej Cencora 2009-11-04 11:41:36 UTC 
Closing due to lack of user feedback.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.