Created attachment 142847 [details] example application with crash source code Drawing elements with glRenderMode(GL_SELECT) crashes Windows applications. Steps to reproduce: 1) build example application from souce code in attachment: cl -Zi -IF:\mesa-18.3.0\include -IF:\freeglut\include mesacrash.c -link /DEBUG /LIBPATH:F:\freeglut\lib\x64 /LIBPATH:F:\build\mesa-18.3.0\build\windows-x86_64-debug\gallium\targets\libgl-gdi 2) run mesacrash.exe application. Application crash with follow error message Problem event name: APPCRASH Application name: mesacrash.exe Application version: 0.0.0.0 Application timestamp: 5c18c2cb Name of module with error: OPENGL32.dll Version of module with error: 0.0.0.0 Timestamp of module with error: 5c10fa47 Exception code: c0000005 Exception offset: 000000000058f49a OS version: 6.1.7601.2.1.0.256.48 Language code: 1049 Additional information 1: 0e8c Additional information 2: 0e8cbb272bc4decc2d93e964b4efe7e3 Additional information 3: ca58 Additional information 4: ca586625bbe3e94cfe8752da92509f27 Expected results: Application should draw dummy without crash. Stacktrace: opengl32.dll!util_format_r32g32b32_float_fetch_rgba_float(float * dst, const unsigned char * src, unsigned int i, unsigned int j) Line 10081 C opengl32.dll!generic_run_one(translate_generic * tg, unsigned int elt, unsigned int start_instance, unsigned int instance_id, void * vert) Line 631 C opengl32.dll!generic_run(translate * translate, unsigned int start, unsigned int count, unsigned int start_instance, unsigned int instance_id, void * output_buffer) Line 724 C opengl32.dll!draw_pt_fetch_run_linear(pt_fetch * fetch, unsigned int start, unsigned int count, char * verts) Line 200 C opengl32.dll!fetch(pt_fetch * fetch, const draw_fetch_info * fetch_info, char * output) Line 165 C opengl32.dll!fetch_pipeline_generic(draw_pt_middle_end * middle, const draw_fetch_info * fetch_info, const draw_prim_info * in_prim_info) Line 272 C opengl32.dll!fetch_pipeline_linear_run(draw_pt_middle_end * middle, unsigned int start, unsigned int count, unsigned int prim_flags) Line 437 C opengl32.dll!vsplit_segment_simple_linear(vsplit_frontend * vsplit, unsigned int flags, unsigned int istart, unsigned int icount) Line 227 C opengl32.dll!vsplit_run_linear(draw_pt_front_end * frontend, unsigned int start, unsigned int count) Line 103 C opengl32.dll!draw_pt_arrays(draw_context * draw, unsigned int prim, unsigned int start, unsigned int count) Line 151 C opengl32.dll!draw_vbo(draw_context * draw, const pipe_draw_info * info) Line 566 C opengl32.dll!draw_arrays(draw_context * draw, unsigned int mode, unsigned int start, unsigned int count) Line 105 C opengl32.dll!st_feedback_draw_vbo(gl_context * ctx, const _mesa_prim * prims, unsigned int nr_prims, const _mesa_index_buffer * ib, unsigned char index_bounds_valid, unsigned int min_index, unsigned int max_index, gl_transform_feedback_object * tfb_vertcount, unsigned int stream, gl_buffer_object * indirect) Line 261 C opengl32.dll!_mesa_validated_drawrangeelements(gl_context * ctx, unsigned int mode, unsigned char index_bounds_valid, unsigned int start, unsigned int end, int count, unsigned int type, const void * indices, int basevertex, unsigned int numInstances, unsigned int baseInstance) Line 853 C opengl32.dll!_mesa_exec_DrawElements(unsigned int mode, int count, unsigned int type, const void * indices) Line 1006 C mesacrash.exe!draw() Line 13637 C mesacrash.exe!displayCB() Line 13680 C freeglut.dll!000007feeec2e3d8() Unknown freeglut.dll!000007feeec2e580() Unknown freeglut.dll!000007feeec2ee51() Unknown mesacrash.exe!main(int argc, char * * argv) Line 13712 C [External Code] System specification: * Operation system is Windows 7 x64 (installed on Virtual Box machine) * Mesa version is 18.3.0 builded from sources with Visual Studio 2015 (build command: scons build=debug machine=x86_64) * freeglut prebuild binaries * 2D and 3D acceleration is enabled in Virtual Vox machine, VBGuest drivers are installed. Additional Builds and Platforms: Crash is reproduced with x86 and x64 mesa builds. Also reproduced with Windows 10 x64.
Created attachment 142849 [details] bug
Created attachment 142850 [details] hwhwhw
The content of attachment 142849 [details] has been deleted for the following reason: spam
The content of attachment 142850 [details] has been deleted for the following reason: spam
With valgrind, forcing DRAW_USE_LLVM=0 to make our lives a little easier, it dies in: ==12812== Process terminating with default action of signal 11 (SIGSEGV) ==12812== Access not within mapped region at address 0x332000 ==12812== at 0x9C8ADF0: util_format_r32g32b32_float_fetch_rgba_float (in /usr/lib64/dri/nouveau_dri.so) ==12812== by 0x9D0D2C1: generic_run (in /usr/lib64/dri/nouveau_dri.so) ==12812== by 0xA26E99F: fetch_pipeline_generic.constprop.1 (in /usr/lib64/dri/nouveau_dri.so) ==12812== by 0xA26EDEE: fetch_pipeline_linear_run (in /usr/lib64/dri/nouveau_dri.so) ==12812== by 0xA27389C: vsplit_run_linear (in /usr/lib64/dri/nouveau_dri.so) ==12812== by 0xA26D117: draw_pt_arrays (in /usr/lib64/dri/nouveau_dri.so) ==12812== by 0xA26D564: draw_vbo (in /usr/lib64/dri/nouveau_dri.so) ==12812== by 0xA083D65: st_feedback_draw_vbo (in /usr/lib64/dri/nouveau_dri.so) ==12812== by 0xA062B0A: _mesa_validated_drawrangeelements (in /usr/lib64/dri/nouveau_dri.so) ==12812== by 0xA06384B: _mesa_exec_DrawElements (in /usr/lib64/dri/nouveau_dri.so) ==12812== by 0x1092CB: draw (in /home/ilia/Downloads/mesacrash) ==12812== by 0x109427: displayCB (in /home/ilia/Downloads/mesacrash) Note that the address is (very likely) bogus. It also dies with draw using llvm (same address), but ... harder to debug that. Will try to investigate further. Since this is a client-side buffer, could be the application doing something illegal.
(In reply to Ilia Mirkin from comment #5) > Note that the address is (very likely) bogus. It also dies with draw using > llvm (same address), but ... harder to debug that. Will try to investigate > further. Since this is a client-side buffer, could be the application doing > something illegal. Looks like we're not treating glDrawElements properly for GL_SELECT. st_feedback_draw_vbo tries to set it all up, but then calls draw_vbo with a min_index/max_index configured for arrays. Will try to fix it up...
Patch available at: https://patchwork.freedesktop.org/patch/268721/ Makes this example work, and doesn't appear to regress existing piglit tests.
Works good with my applications. When will this patch be included in the release?
Pushed as commit bac85342672a265735316049ecf36b74e1f2a852 Author: Ilia Mirkin <imirkin@alum.mit.edu> Date: Tue Dec 18 22:47:05 2018 -0500 st/mesa: allow glDrawElements to work with GL_SELECT feedback Not sure if this ever worked, but the current logic for setting the min/max index is definitely wrong for indexed draws. While we're at it, bring in all the usual logic from the non-indirect drawing path. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=109086 Signed-off-by: Ilia Mirkin <imirkin@alum.mit.edu> Reviewed-by: Brian Paul <brianp@vmware.com> Reviewed-by: Roland Scheidegger <sroland@vmware.com> As for being included in a release, the next natural one is 19.0, due out some time early 2019.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.