Bug 106289 - mupen64plus segfaults deep inside r300_dri.so
Summary: mupen64plus segfaults deep inside r300_dri.so
Status: RESOLVED MOVED
Alias: None
Product: Mesa
Classification: Unclassified
Component: Drivers/Gallium/r300 (show other bugs)
Version: unspecified
Hardware: x86 (IA32) Linux (All)
: medium blocker
Assignee: Default DRI bug account
QA Contact: Default DRI bug account
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-04-28 02:30 UTC by Dave Coffin
Modified: 2019-09-18 18:54 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Attachments

Description Dave Coffin 2018-04-28 02:30:27 UTC
Dell Vostro 1000 laptop with Mobile AMD Sempron, Mobility Radeon Xpress 200, and 32-bit Linux (though CPU is capable of 64-bit). "apt install mupen64plus", run it with any game ROM -- it opens an all-black window, pauses for a few seconds, and segfaults in r300_dri.so. mupen64plus worked great in Kubuntu 17.04 but always crashes in 17.10 and 18.04.

Video: SSE processing enabled.
Video: Found ROM 'SUPER MARIO 64', CRC ff2b5a632623028b-45
Video: Initializing OpenGL Device Context.
warning: Error reading shared library list entry at 0x5f20
warning: Error reading shared library list entry at 0xffffbf40
Core: Setting 32-bit video mode: 640x480
Video Warning: Failed to set GL_SWAP_CONTROL to 0. (it's 24)
Video Warning: Failed to set GL_BUFFER_SIZE to 32. (it's 24)
Video Warning: Failed to set GL_DEPTH_SIZE to 16. (it's 24)
Video: Using OpenGL: X.Org R300 Project - ATI RS480 : 2.1 Mesa 18.0.0-rc5

Thread 1 "mupen64plus" received signal SIGSEGV, Segmentation fault.
0xb4a83200 in ?? ()
(gdb) where
#0  0xb4a83200 in ?? ()
#1  0xb33fff48 in ?? () from /usr/lib/i386-linux-gnu/dri/r300_dri.so
#2  0xb34004df in ?? () from /usr/lib/i386-linux-gnu/dri/r300_dri.so
#3  0xb33132f9 in ?? () from /usr/lib/i386-linux-gnu/dri/r300_dri.so
#4  0xb330c1c0 in ?? () from /usr/lib/i386-linux-gnu/dri/r300_dri.so
#5  0xb330c6b7 in ?? () from /usr/lib/i386-linux-gnu/dri/r300_dri.so
#6  0xb353e21b in ?? () from /usr/lib/i386-linux-gnu/dri/r300_dri.so
#7  0xb33511e4 in ?? () from /usr/lib/i386-linux-gnu/dri/r300_dri.so
#8  0xb353fcd5 in ?? () from /usr/lib/i386-linux-gnu/dri/r300_dri.so
#9  0xb33539ee in ?? () from /usr/lib/i386-linux-gnu/dri/r300_dri.so
#10 0xb35342b6 in ?? () from /usr/lib/i386-linux-gnu/dri/r300_dri.so
#11 0xb3127955 in ?? () from /usr/lib/i386-linux-gnu/dri/r300_dri.so
#12 0xb2f7892f in ?? () from /usr/lib/i386-linux-gnu/dri/r300_dri.so
#13 0xb4caa82d in ?? () from /usr/lib/i386-linux-gnu/mupen64plus/mupen64plus-video-rice.so
Comment 1 Dave Coffin 2018-05-12 21:56:07 UTC
This bug also crashes "mplayer" but not "mpv".  I compiled mesa 18.0.3 from source and got a more informative stack trace, though many parameters are still "optimized out":

r300: DRM version: 2.50.0, Name: ATI RS480, ID: 0x5975, GB: 2, Z: 1
r300: GART size: 509 MB, VRAM size: 128 MB
r300: AA compression RAM: YES, Z compression RAM: YES, HiZ RAM: NO
r300: DRM version: 2.50.0, Name: ATI RS480, ID: 0x5975, GB: 2, Z: 1
r300: GART size: 509 MB, VRAM size: 128 MB
r300: AA compression RAM: YES, Z compression RAM: YES, HiZ RAM: NO
Core: Setting 32-bit video mode: 640x480
r300: DRM version: 2.50.0, Name: ATI RS480, ID: 0x5975, GB: 2, Z: 1
r300: GART size: 509 MB, VRAM size: 128 MB
r300: AA compression RAM: YES, Z compression RAM: YES, HiZ RAM: NO
r300: DRM version: 2.50.0, Name: ATI RS480, ID: 0x5975, GB: 2, Z: 1
r300: GART size: 509 MB, VRAM size: 128 MB
r300: AA compression RAM: YES, Z compression RAM: YES, HiZ RAM: NO
Video Warning: Failed to set GL_SWAP_CONTROL to 0. (it's 24)
Video Warning: Failed to set GL_BUFFER_SIZE to 32. (it's 24)
Video Warning: Failed to set GL_DEPTH_SIZE to 16. (it's 24)
Video: Using OpenGL: X.Org R300 Project - ATI RS480 : 2.1 Mesa 18.0.3

Thread 1 "mupen64plus" received signal SIGSEGV, Segmentation fault.
0xb4c12200 in ?? ()
(gdb) where
#0  0xb4c12200 in ?? ()
#1  0xb35b5bfb in llvm_pipeline_generic (middle=0x6964c0, middle@entry=0x64aa80, 
    fetch_info=fetch_info@entry=0xbffb688c, in_prim_info=in_prim_info@entry=0xbffb689c)
    at draw/draw_pt_fetch_shade_pipeline_llvm.c:400
#2  0xb35b62af in llvm_middle_end_linear_run (middle=0x64aa80, start=0, count=<optimized out>, 
    prim_flags=0) at draw/draw_pt_fetch_shade_pipeline_llvm.c:553
#3  0xb34b04db in vsplit_segment_simple_linear (vsplit=0x648420, vsplit=0x648420, icount=4, istart=0, 
    flags=0) at draw/draw_pt_vsplit_tmp.h:226
#4  vsplit_run_linear (frontend=0x648420, start=0, count=4) at draw/draw_split_tmp.h:60
#5  0xb34a8140 in draw_pt_arrays (draw=draw@entry=0x552810, prim=6, start=0, count=4)
    at draw/draw_pt.c:149
#6  0xb34a8677 in draw_vbo (draw=<optimized out>, info=<optimized out>) at draw/draw_pt.c:564
#7  0xb35e41bb in r300_swtcl_draw_vbo (pipe=0x5124f0, info=0xbffb6a70) at r300_render.c:862
#8  0xb34f3fd6 in util_draw_arrays_instanced (mode=PIPE_PRIM_TRIANGLE_FAN, start=0, count=4, 
    start_instance=0, instance_count=1, pipe=0x5124f0) at ./util/u_draw.h:106
#9  blitter_draw (ctx=<optimized out>, vertex_elements_cso=<optimized out>, 
    get_vs=0xb34f3790 <get_vs_passthrough_pos>, x1=0, y1=0, x2=640, y2=480, depth=1, num_instances=1)
    at util/u_blitter.c:1257
#10 0xb34f4176 in util_blitter_draw_rectangle (blitter=<optimized out>, 
    vertex_elements_cso=<optimized out>, get_vs=<optimized out>, x1=<optimized out>, 
    y1=<optimized out>, x2=<optimized out>, y2=480, depth=1, num_instances=1, 
    type=UTIL_BLITTER_ATTRIB_NONE, attrib=0xbffb6ba4) at util/u_blitter.c:1291
#11 0xb35e63f5 in r300_blitter_draw_rectangle (blitter=0x528760, vertex_elements_cso=0x682830, 
    get_vs=0xb34f3790 <get_vs_passthrough_pos>, x1=0, y1=0, x2=640, y2=480, depth=1, num_instances=1, 
    type=UTIL_BLITTER_ATTRIB_NONE, attrib=0xbffb6ba4) at r300_render.c:1139
#12 0xb34f6dc7 in util_blitter_clear_custom (blitter=0x528760, width=640, height=480, num_layers=1, 
    clear_buffers=1, color=0x628634, depth=1, stencil=0, custom_dsa=0x0, custom_blend=0x0)
    at util/u_blitter.c:1411
#13 0xb34f6f33 in util_blitter_clear (blitter=<optimized out>, width=<optimized out>, 
    height=<optimized out>, num_layers=<optimized out>, clear_buffers=<optimized out>, 
    color=<optimized out>, depth=<optimized out>, stencil=0) at util/u_blitter.c:1428
#14 0xb35d828e in r300_clear (pipe=0x5124f0, buffers=1, color=0x628634, depth=1, stencil=0)
    at r300_blit.c:368
#15 0xb329d564 in st_Clear (ctx=<optimized out>, mask=<optimized out>)
    at state_tracker/st_cb_clear.c:483
#16 0xb30d455c in clear (no_error=false, mask=<optimized out>, ctx=0x627140) at main/clear.c:221
#17 _mesa_Clear (mask=<optimized out>) at main/clear.c:242
#18 0xb4ca782d in ?? () from /usr/lib/i386-linux-gnu/mupen64plus/mupen64plus-video-rice.so
#19 0xb4c93574 in ?? () from /usr/lib/i386-linux-gnu/mupen64plus/mupen64plus-video-rice.so
#20 0xb4c81475 in RomOpen () from /usr/lib/i386-linux-gnu/mupen64plus/mupen64plus-video-rice.so
#21 0xb6406c0c in ?? () from /usr/lib/i386-linux-gnu/libmupen64plus.so.2
#22 0xb6407618 in CoreDoCommand () from /usr/lib/i386-linux-gnu/libmupen64plus.so.2
#23 0x00402d50 in main ()
Comment 2 Dave Coffin 2018-05-13 17:27:01 UTC
I fixed this problem by downgrading libgl1-mesa-dri, libgl1-mesa-glx, libglapi-mesa, and mesa-vdpau-drivers to version 11.2.0 from the Ubuntu 16.04 .deb files. I could have also used Mesa 17.0.3 from the Ubuntu 17.04 distro, but Ubuntu deleted those .deb files and all mirrors of them.

Let me know if you want anything tested, preferably binaries because it takes hours to build Mesa on this 2007-vintage computer.
Comment 3 Anthony Ciani 2018-06-06 04:44:13 UTC
Check out bug 106533.  It was also a SEGV in llvm_pipeline_generic.  There is a patch.
Comment 4 Dave Coffin 2018-06-08 00:12:42 UTC
Thanks, Roland's patch fixed the mupen64plus crash but not the mplayer crash, which happens in libvdpau_r300.so.1  I don't know where the source code for that file is; it's not in mesa-18.0.5 or in libvdpau-1.1.
Comment 5 GitLab Migration User 2019-09-18 18:54:54 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/mesa/mesa/issues/386.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.