Bug 40767

Summary: [r600g] This commit is crashing World of Warcraft at start-up
Product: Mesa Reporter: Chris Rankin <rankincj>
Component: Drivers/Gallium/r600Assignee: Default DRI bug account <dri-devel>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: medium    
Version: git   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: WoW crash dump file (text)
possible fix
possible fix 2

Description Chris Rankin 2011-09-10 17:17:22 UTC 
I've noticed that World of Warcraft has started crashing with my HD4890, although not with my RV350. (WoW complains about reading invalid memory). I've run several git bisects, and they have all indicated that the first bad commit is:

commit b94a926f396d366b6bb5d24b32dd93ffb7609205
Author: Brian Paul <brianp@vmware.com>
Date:   Fri Sep 9 08:06:29 2011 -0600

    st/mesa: init program MaxLocalParams, MaxEnvParams limits

    Use the same limit for all parameter classes.
Comment 1 Marek Olšák 2011-09-10 23:36:35 UTC 
Could you attach the backtrace where the crash occurs?
Comment 2 Chris Rankin 2011-09-11 05:56:45 UTC 
Created attachment 51051 [details]
WoW crash dump file (text)

This is WoW's own crash file, and so probably contains far more information than you need. But it does also contain a stack trace mentioning vbo_exec_DrawRangeElements().
Comment 3 Marek Olšák 2011-09-11 06:28:03 UTC 
The backtrace doesn't show the exact line where it crashes. Can you make an apitrace record?
Comment 4 Marek Olšák 2011-09-11 06:33:55 UTC 
Created attachment 51052 [details] [review]
possible fix

Can you try this patch?
Comment 5 Marek Olšák 2011-09-11 07:04:44 UTC 
Ignore that patch, it breaks everything.
Comment 6 Chris Rankin 2011-09-11 09:16:17 UTC 
(In reply to comment #3)
> The backtrace doesn't show the exact line where it crashes. Can you make an
> apitrace record?

Dunno, what's an "apitrace record" :-)? It's probably easier to add fprintf() statements to _mesa_update_state_locked() and examine the carnage...
Comment 7 Marek Olšák 2011-09-11 09:23:41 UTC 
Apitrace can record and replay OpenGL commands. You can get it here:
https://github.com/apitrace/apitrace

There is more info in this blogpost:
http://zrusin.blogspot.com/2011/04/apitrace.html
Comment 8 Chris Rankin 2011-09-11 15:55:58 UTC 
(In reply to comment #6)
> It's probably easier to add fprintf() statements to
> _mesa_update_state_locked() and examine the carnage...

My crude debugging has revealed that the following line in update_program_enables() is reading invalid memory:

   ctx->FragmentProgram._Enabled = ctx->FragmentProgram.Enabled
      && ctx->FragmentProgram.Current->Base.Instructions;

It looks like ctx->FragmentProgram.Current is pointing to somewhere strange.
Comment 9 Chris Rankin 2011-09-12 02:52:19 UTC 
(In reply to comment #7)
> Apitrace can record and replay OpenGL commands. You can get it here:
> https://github.com/apitrace/apitrace
> 
> There is more info in this blogpost:
> http://zrusin.blogspot.com/2011/04/apitrace.html

Hmm, got any hints for how to apitrace a 32 bit executable running on a 64 bit machine under Wine, please? I've already guessed that I need a 32 bit glxtrace.so, but it's still crashing as it tries to trace wine-preloader.
Comment 10 Marek Olšák 2011-09-12 03:50:12 UTC 
Created attachment 51066 [details] [review]
possible fix 2

Can you try this patch?
Comment 11 Chris Rankin 2011-09-12 04:35:39 UTC 
(In reply to comment #10)
> Can you try this patch?

Yes, that patch seems to work. I've tried printing out the values of pc->MaxParameters, MAX_PROGRAM_LOCAL_PARAMS and MAX_PROGRAM_ENV_PARAMS, and I'm seeing lines like these:

pc->MaxParameters=4096, MAX_LOCAL=4096, MAX_ENV=256
pc->MaxParameters=96, MAX_LOCAL=4096, MAX_ENV=256

I'm guessing the first example is likely to be causing problems.
Comment 12 Marek Olšák 2011-09-12 07:57:51 UTC 
I pushed the patch. Closing.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.