| Summary: | 'wine FurMark' crashes in 'movapd' instruction within JIT function (draw: llvm_pipeline_generic) | ||
|---|---|---|---|
| Product: | Mesa | Reporter: | Johannes Obermayr <johannesobermayr> |
| Component: | Mesa core | Assignee: | Jose Fonseca <jfonseca> |
| Status: | RESOLVED FIXED | QA Contact: | mesa-dev |
| Severity: | normal | ||
| Priority: | medium | CC: | brianp, haagch, jfonseca, randrik |
| Version: | git | ||
| Hardware: | Other | ||
| OS: | All | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
| Attachments: |
winedbg backtrace
Potential fix winedbg backtrace Dumping fpme->llvm->jit_context Patch for dumping fpme->llvm->jit_context Tracing Tracing (AMD Fusion) New patch for dumping |
||
*** Bug 48899 has been marked as a duplicate of this bug. *** Created attachment 60583 [details] [review] Potential fix Please try the attached change Created attachment 64626 [details]
winedbg backtrace
The patch was pushed to git master.
I tried to get a valid backtrace (Mesa 82fc813). Maybe these actions in 'winedbg --gdb FurMark' can help to track down the problem.
I tried to debug the failing code (and hope assumed types are correct ...):
if (fetch_info->linear)
clipped = fpme->current_variant->jit_func( &fpme->llvm->jit_context,
llvm_vert_info.verts,
(const char **)draw->pt.user.vbuffer,
fetch_info->start,
fetch_info->count,
fpme->vertex_size,
draw->pt.vertex_buffer,
draw->instance_id);
jit_func = 7be3afe4 hex address
jit_context = 7be01494 hex address
verts = @ string
vbuffer = 7be00bb0 hex
start = 0 hex
count = 1 decimal
vertex_size = 84 decimal
vertex_buffer = 7be00790 hex
instance_id = (null) string
Unhandled exception: page fault on read access to 0xffffffff in 32-bit code (0x784080d7).
Register dump:
CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
EIP:784080d7 ESP:0109de88 EBP:7be00bb0 EFLAGS:00210202( R- -- I - - - )
EAX:00000001 EBX:78350520 ECX:00000000 EDX:00000000
ESI:7be0b668 EDI:0109e048
Stack dump:
0x0109de88: f762a980 7d969500 0000001c 00000000
0x0109de98: 00000000 00000000 00000000 f7629ff4
0x0109dea8: 7d969500 f762a980 0000001c f74f66c0
0x0109deb8: 0000001c ffffffff 00000000 00000000
0x0109dec8: 00000000 00000000 00000000 0000001c
0x0109ded8: 00000000 f7629900 00000000 f74f699e
Backtrace:
=>0 0x784080d7 (0x7be00bb0)
1 0x7bd4247c (0x0109e7a8)
Created attachment 66017 [details]
Dumping fpme->llvm->jit_context
fpme->llvm->jit_context.gs_constants is not available
fpme->llvm->jit_context.textures[].data[] are not available
fpme->llvm->jit_context.textures[16] is partly filled
Created attachment 66018 [details] [review] Patch for dumping fpme->llvm->jit_context *** Bug 48693 has been marked as a duplicate of this bug. *** Created attachment 69195 [details]
Tracing
The function is at 0x77e08090
The crash happens at 0x77e080ad
The offset is 1d -> 29
Running lp_disassemble(0x77e08090)
0: pushl %ebp
1: pushl %ebx
2: pushl %edi
3: pushl %esi
4: leal -284(%esp), %esp
11: movl 320(%esp), %eax
18: xorpd %xmm0, %xmm0
22: movl 316(%esp), %ecx
29: movapd %xmm0, 176(%esp)
38: leal -1(%ecx,%eax), %edx
[...]
Created attachment 69196 [details]
Tracing (AMD Fusion)
The function is at 0x77c470a0
The crash happens at 0x77c470d1
The offset is 31 -> 49
Running lp_disassemble(0x77c470a0)
0: pushl %ebp
1: pushl %ebx
2: pushl %edi
3: pushl %esi
4: subl $188, %esp
10: movl 224(%esp), %eax
17: movl 220(%esp), %ecx
24: leal -1(%ecx,%eax), %edx
28: movl %edx, 24(%esp)
32: addl %ecx, %eax
34: movl %eax, 28(%esp)
38: movl 212(%esp), %ebx
45: xorpd %xmm1, %xmm1
49: movapd %xmm1, 144(%esp)
58: movl %ecx, 184(%esp)
-> In both cases 'movapd' instruction fails.
Created attachment 69203 [details]
New patch for dumping
Use DRAW_LLVM_DEBUG=1 to enable it.
|
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
Created attachment 59533 [details] winedbg backtrace LLVM, libdrm, Mesa, xf86-video-* and wine as of 20120404 Valid for radeon_dri.so and nouveau_dri.so