I've been having recurring issues with a game called sauerbraten (see bug 25597). The game is unstable, but playable. After a recent upgrade of mesa (and drm). The game hangs as soon as I try to move (rotate, etc.) the initial screen. I kill the game with -ABRT and see the following on the console: bo(0xab603df8, 65536) is mapped (-1) can't valide it. validated 0xab603df8 [0x4B8C8000, 0x4B91E000] bo(0xab8fd6e0, 65536) is mapped (-1) can't valide it. validated 0xab8fd6e0 [0x4BC81000, 0x4BC97000] bo(0xab8fd6e0, 65536) is mapped (-1) can't valide it. validated 0xab8fd6e0 [0x4C274000, 0x4C2B5000] bo(0xab8fd6e0, 65536) is mapped (-1) can't valide it. validated 0xab8fd6e0 [0x4B91E000, 0x4B974000] bo(0xab603968, 65536) is mapped (-1) can't valide it. validated 0xab603968 [0xD25E2000, 0xD25F2000] bo(0xab603968, 65536) is mapped (-1) can't valide it. validated 0xab603968 [0xD25E2000, 0xD25F2000] bo(0xab6038c8, 65536) is mapped (-1) can't valide it. validated 0xab6038c8 [0x4B4C8000, 0x4B51E000] Here's the backtrace: Program terminated with signal 6, Aborted. [New process 13664] [New process 13669] [New process 13668] #0 0xb7401f54 in ioctl () from /lib/libc.so.6 Thread 3 (process 13668): #0 0xb76c8a7c in nanosleep () from /lib/libpthread.so.0 No symbol table info available. #1 0xb778fb24 in SDL_Delay () from /usr/lib/libSDL-1.2.so.0 No locals. #2 0x0000011b in ?? () No symbol table info available. #3 0xb7701000 in ?? () No symbol table info available. #4 0xb6fd9318 in ?? () No symbol table info available. #5 0xb6fd9310 in ?? () No symbol table info available. #6 0x00000000 in ?? () No symbol table info available. Thread 2 (process 13669): #0 0xb76c82c1 in write () from /lib/libpthread.so.0 No symbol table info available. #1 0xb7754df5 in DSP_PlayAudio () from /usr/lib/libSDL-1.2.so.0 No locals. #2 0x00001000 in ?? () No symbol table info available. #3 0xb7798c3c in ?? () from /usr/lib/libSDL-1.2.so.0 No symbol table info available. #4 0x00000000 in ?? () No symbol table info available. Thread 1 (process 13664): #0 0xb7401f54 in ioctl () from /lib/libc.so.6 No symbol table info available. #1 0xb707f787 in drmIoctl (fd=5, request=1074291754, arg=0xbfd7d258) at xf86drm.c:184 ret = -1 #2 0xb7081331 in drmGetLock (fd=5, context=3, flags=0) at xf86drm.c:1332 lock = {context = 3, flags = 0} #3 0xb651fc8c in radeonGetLock (rmesa=0x8457698, flags=0) at radeon_lock.c:64 drawable = (__DRIdrawable * const) 0x876cce0 readable = (__DRIdrawable * const) 0x876cce0 sPriv = (__DRIscreen *) 0x842baa0 #4 0xb6520035 in radeon_lock_hardware (radeon=0x8457698) at radeon_lock.c:146 ret = 1 '\001' rfb = (struct radeon_framebuffer *) 0x876cd60 rrb = (struct radeon_renderbuffer *) 0x876d160 #5 0xb651b9a2 in rcommonFlushCmdBuf (rmesa=0x8457698, caller=0xb6754e92 "radeonRefillCurrentDmaRegion") at radeon_common.c:1226 ret = 0 #6 0xb651d464 in radeonRefillCurrentDmaRegion (rmesa=0x8457698, size=120) at radeon_dma.c:201 dma_bo = (struct radeon_dma_bo *) 0xaa4f8830 __FUNCTION__ = "radeonRefillCurrentDmaRegion" __PRETTY_FUNCTION__ = "radeonRefillCurrentDmaRegion" #7 0xb651e18a in rcommonAllocDmaLowVerts (rmesa=0x8457698, nverts=3, vsize=40) at radeon_dma.c:441 bytes = 120 head = (void *) 0xadfccf78 __FUNCTION__ = "rcommonAllocDmaLowVerts" #8 0xb64ff3de in r200_alloc_verts (rmesa=0x8457698, n=3, size=10) at r200_swtcl.c:364 rv = (void *) 0xadfccf78 #9 0xb64ff594 in r200_triangle (rmesa=0x8457698, v0=0xad99aca8, v1=0xad99acd0, v2=0xad99acf8) at ../../../../../src/mesa/tnl_dd/t_dd_triemit.h:96 vertsize = 10 vb = (GLuint *) 0xadfccff0 j = 0 __FUNCTION__ = "r200_triangle" #10 0xb65077dc in r200_render_triangles_elts (ctx=0x845c9d8, start=0, count=2520, flags=52) at ../../../../../src/mesa/tnl/t_vb_rendertmp.h:182 j = 1664 rmesa = (r200ContextPtr) 0x8457698 vertsize = 10 r200verts = 0xad993020 "\231_Â]\211,Â}[\032C¾j\033C\020\0311ÿÍÍÍÍkSì>\020±ø>kSì>\020±ø>ë·¬Âø50Â\003\226\031CJ¥\032C\020\0311ÿÍÍÍÍvjÐ>\020±ø>vjÐ>\020±ø>¿W®Â\022\236,Â\023\024\032CV#\033C\020\0311ÿÍÍÍÍkSì>Ò9è>kSì>Ò9è>\021°ÂJ0Â\231N\031Câ]\032C\020\0311ÿÍÍÍÍvjÐ>Ò9è>vjÐ>Ò9è>E+ªÂÒ\0361Âîr\026CP\202\027C\021\0313ÿÏÏÏÏÉè\f?Ò9è>Éè\f?Ò9è>"... elt = (const GLuint * const) 0xa86208a0 stipple = 0 '\0' #11 0xb66059fb in run_render (ctx=0x845c9d8, stage=0x84b37f0) at tnl/t_vb_render.c:320 prim = 52 start = 0 length = 2520 i = 0 tnl = (TNLcontext *) 0x84b35c8 VB = (struct vertex_buffer *) 0x84b3a04 tab = (tnl_render_func *) 0xb67acf20 pass = 0 __PRETTY_FUNCTION__ = "run_render" #12 0xb65f48d9 in _tnl_run_pipeline (ctx=0x845c9d8) at tnl/t_pipeline.c:153 s = (struct tnl_pipeline_stage *) 0x84b37f0 tnl = (TNLcontext *) 0x84b35c8 __tmp = 895 i = 9 #13 0xb64ea9fe in r200WrapRunPipeline (ctx=0x845c9d8) at r200_state.c:2460 rmesa = (r200ContextPtr) 0x8457698 has_material = 0 '\0' __FUNCTION__ = "r200WrapRunPipeline" #14 0xb65f5bd2 in _tnl_draw_prims (ctx=0x845c9d8, arrays=0x84a1bb4, prim=0xbfd7d698, nr_prims=1, ib=0xbfd7d6a8, min_index=0, max_index=1258) at tnl/t_draw.c:478 this_nr_prims = 1 bo = {0xaacaafb8, 0xab866b80, 0xb653d3bb, 0x845daf0, 0x845daac, 0x10, 0xb65b516f, 0x845c9d8, 0x84679d4, 0xbfd7d5e8, 0x84a32a0, 0x8456818, 0xb67ac560, 0xbfd7d5c8, 0xb65e07e5, 0x845c9d8, 0x400000, 0xc, 0x9d60, 0x84662ec, 0xb67ac560, 0xbfd7d5e8, 0xb653d3bb, 0x845c9d8, 0xb67ac560, 0xbfd7d5e8, 0x84b35c8, 0x0, 0x0, 0x6, 0x84a32a0, 0x0, 0xb67ac560} nr_bo = 2 tnl = (TNLcontext *) 0x84b35c8 TEST_SPLIT = 0 max = 3000 max_basevertex = 0 i = 0 __PRETTY_FUNCTION__ = "_tnl_draw_prims" __FUNCTION__ = "_tnl_draw_prims" #15 0xb65f596c in _tnl_vbo_draw_prims (ctx=0x845c9d8, arrays=0x84a1bb4, prim=0xbfd7d698, nr_prims=1, ib=0xbfd7d6a8, index_bounds_valid=1 '\001', min_index=0, max_index=1258) at tnl/t_draw.c:384 No locals. #16 0xb65e87db in vbo_validated_drawrangeelements (ctx=0x845c9d8, mode=4, index_bounds_valid=1 '\001', start=0, end=1258, count=2520, type=5123, indices=0x0, basevertex=0) at vbo/vbo_exec_array.c:663 vbo = (struct vbo_context *) 0x849f9a8 exec = (struct vbo_exec_context *) 0x84a0248 ib = {count = 2520, type = 5123, obj = 0xab866b80, ptr = 0x0} prim = {{mode = 4, indexed = 1, begin = 1, end = 1, weak = 0, pad = 0, start = 0, count = 2520, basevertex = 0}} #17 0xb65e89f6 in vbo_exec_DrawRangeElementsBaseVertex (mode=4, start=0, end=1258, count=2520, type=5123, indices=0x0, basevertex=0) at vbo/vbo_exec_array.c:771 warnCount = 0 ctx = (GLcontext *) 0x845c9d8 __PRETTY_FUNCTION__ = "vbo_exec_DrawRangeElementsBaseVertex" #18 0xb65e8a6d in vbo_exec_DrawRangeElements (mode=4, start=0, end=1258, count=2520, type=5123, indices=0x0) at vbo/vbo_exec_array.c:788 ctx = (GLcontext *) 0x845c9d8 #19 0xb65da994 in neutral_DrawRangeElements (mode=4, start=0, end=1258, count=2520, type=5123, indices=0x0) at main/vtxfmt_tmp.h:353 No locals. #20 0x08109e0e in vertmodel::vertmesh::render (this=0xabbfe3b8, as=0xbfd7d9cc, s=@0xab8b2430, vc=@0xab8afa58) at engine/vertmodel.h:407 No locals. #21 0x0810bf46 in vertmodel::vertmeshgroup::render (this=0xab8afa20, as=0xbfd7d9cc, pitch=0, axis=@0xbfd7db70, d=0x0, p=0xab8a0148) at engine/vertmodel.h:696 i = 0 norms = true tangents = false vc = (vertmodel::vbocacheentry *) 0xab8afa58 #22 0x081043fd in animmodel::part::render (this=0xab8a0148, anim=164, basetime=0, basetime2=0, pitch=0, axis=@0xbfd7db70, d=0x0, dir=@0xbfd7db3c, campos=@0xbfd7db30, fogplane=@0xbfd7db20, as=0xbfd7d9cc) at engine/animmodel.h:753 raxis = {{{x = 0, y = -1, z = 0}, v = {0, -1, 0}}} rcampos = {{{x = -180.492401, y = 26.5087528, z = 41.041748}, v = { -180.492401, 26.5087528, 41.041748}}} rdir = {{{x = 0.111491755, y = -0.849207222, z = 0.516155601}, v = { 0.111491755, -0.849207222, 0.516155601}}} rfogplane = {<vec> = {{{x = 0, y = 0, z = 1}, v = {0, 0, 1}}}, offset = -1.00000003e+16} pitchamount = 0 #23 0x08104b09 in animmodel::render (this=0xab89a0e8, anim=164, basetime=0, basetime2=0, pitch=0, axis=@0xbfd7db70, d=0x0, a=0x0, dir=@0xbfd7db3c, campos=@0xbfd7db30, fogplane=@0xbfd7db20) at engine/animmodel.h:867 numtags = 0 as = {{owner = 0xab8a0148, anim = 164, cur = {fr1 = 0, fr2 = 0, t = 0}, prev = {fr1 = 138770072, fr2 = 0, t = 5.95393215e-34}, interp = 1}, {owner = 0x8, anim = 3, cur = {fr1 = -1233827669, fr2 = -1233468064, t = 6.03655655e-34}, prev = {fr1 = 3, fr2 = 64, t = 1.79366203e-43}, interp = -3.73677904e-06}, {owner = 0xaacaac70, anim = -1076372920, cur = {fr1 = -1235649292, fr2 = 138791384, t = 2.2958874e-41}, prev = {fr1 = 4611, fr2 = -1076372888, t = -3.65501432e-06}, interp = -1.02179723e-12}} #24 0x081054a4 in animmodel::render (this=0xab89a0e8, anim=164, basetime=0, basetime2=0, o=@0xaacaac58, yaw=983.099976, pitch=0, d=0x0, a=0x0, color=@0xaacaac64, dir=@0xaacaac70, trans=1) at engine/animmodel.h:1001 rdir = {{{x = 0.111491755, y = -0.849207222, z = 0.516155601}, v = { 0.111491755, -0.849207222, 0.516155601}}} campos = {{{x = -180.492401, y = 26.5087528, z = 41.041748}, v = { -180.492401, 26.5087528, 41.041748}}} fogplane = {<vec> = {{{x = 0, y = 0, z = 1}, v = {0, 0, 1}}}, offset = -1.00000003e+16} #25 0x080f77df in renderbatchedmodel (m=0xab89a0e8, b=@0xaacaac58) at engine/rendermodel.cpp:547 a = (modelattach *) 0x0 anim = 164 #26 0x080f7bf7 in endmodelbatches () at engine/rendermodel.cpp:619 bm = (batchedmodel &) @0xaacaac58: {pos = {{{x = 1488.00208, y = 1536.00208, z = 1828.98926}, v = {1488.00208, 1536.00208, 1828.98926}}}, color = {{{x = 0.400000006, y = 0.606007457, z = 1.21840334}, v = {0.400000006, 0.606007457, 1.21840334}}}, dir = {{ {x = 0.856450975, y = 0.00866345782, z = 0.516155601}, v = {0.856450975, 0.00866345782, 0.516155601}}}, anim = 164, yaw = 983.099976, pitch = 0, transparent = 1, basetime = 0, basetime2 = 0, flags = 16, d = 0x0, attached = -1, query = 0x0} j = 0 b = (modelbatch &) @0xacc02018: {m = 0xab89a0e8, flags = 16, batched = {static MINSIZE = 8, buf = 0xaacaac58, alen = 8, ulen = 1}} rendered = true query = (occludequery *) 0x0 i = 0 transparent = {static MINSIZE = 8, buf = 0x0, alen = 0, ulen = 0} #27 0x081abed6 in game::rendergame (mainpass=true) at fpsgame/render.cpp:211 exclude = (fpsent *) 0x0 #28 0x080e8a4c in rendergame (mainpass=true) at engine/rendergl.cpp:1162 No locals. #29 0x080ea37e in gl_drawframe (w=1280, h=800) at engine/rendergl.cpp:1594 fogmat = 0 abovemat = 0 fogblend = 1 causticspass = 0 #30 0x08095d46 in main (argc=3, argv=0xbfd7e0e4) at engine/main.cpp:1168 frames = 255 millis = 22940 elapsed = 97 dedicated = 0 load = 0x0 video = (const SDL_VideoInfo *) 0x8407060 usedfsaa = 0 gamecfgname = "data/game_fps.cfg", '\0' <repeats 242 times> initscript = 0x0 usedcolorbits = 0 useddepthbits = 0
Created attachment 34055 [details] [review] Fix double unmap call when flushing from refill Does this fix the bug for you?
The game has gone back to its previous level of stability; namely, I still crash, just not 100% of the time. (I think that this is bug 25597) I see the following on the console: *********************************WARN_ONCE********************************* File radeon_dma.c function radeonReleaseDmaRegions line 340 Leaking dma buffer object! *************************************************************************** *** glibc detected *** ./bin_unix/native_client: free(): invalid pointer: 0x084576b4 *** ======= Backtrace: ========= /lib/libc.so.6[0xb7307564] /lib/libc.so.6(cfree+0x90)[0xb730b010] /usr/lib/dri/r200_dri.so[0xb6484d31] /usr/lib/dri/r200_dri.so[0xb6482997] /usr/lib/dri/r200_dri.so[0xb647ea9e] /usr/lib/dri/r200_dri.so[0xb644a5d1] /usr/lib/dri/r200_dri.so[0xb6441cc8] /usr/lib/libGL.so.1[0xb75700b9] /usr/lib/libGL.so.1[0xb7537c3a] /usr/lib/libGL.so.1(glXDestroyContext+0x18)[0xb7537d9e] /usr/lib/libSDL-1.2.so.0[0xb76cb1b4] Here's a backtrace I was able to capture after the last crash (with your patch applied). #5 0xb6484d31 in radeonReleaseDmaRegions (rmesa=0x8457698) at radeon_dma.c:343 dma_bo = (struct radeon_dma_bo *) 0x84576b4 temp = (struct radeon_dma_bo *) 0x96d8cf8 expire_at = 64069 time = 63969 __FUNCTION__ = "radeonReleaseDmaRegions" #6 0xb6482997 in rcommonFlushCmdBuf (rmesa=0x8457698, caller=0xb66bb428 "radeonDestroyContext") at radeon_common.c:1224 ret = -1236282016 #7 0xb647ea9e in radeonDestroyContext (driContextPriv=0x842eac0) at radeon_common_context.c:308 ctx = (GLcontext *) 0x0 radeon = (radeonContextPtr) 0x8457698 current = (radeonContextPtr) 0x0 __PRETTY_FUNCTION__ = "radeonDestroyContext" __FUNCTION__ = "radeonDestroyContext" #8 0xb644a5d1 in r200DestroyContext (driContextPriv=0x842eac0) at r200_context.c:511 i = 6 rmesa = (r200ContextPtr) 0x8457698 #9 0xb6441cc8 in driDestroyContext (pcp=0x842eac0) at ../common/dri_util.c:551 No locals. #10 0xb75700b9 in driDestroyContext (context=0x84554d0, psc=0x8454aa0, dpy=0x84116d8) at dri_glx.c:482 pcp = (__GLXDRIcontextPrivate *) 0x84554d0 #11 0xb7537c3a in DestroyContext (dpy=0x84116d8, gc=0x842cc10) at glxcmds.c:548 req = (xGLXDestroyContextReq *) 0xb73e3ff4 xid = 67108866 opcode = 151 '\227' imported = 0 '\0' #12 0xb7537d9e in glXDestroyContext (dpy=0x84116d8, gc=0x842cc10) at glxcmds.c:584 No locals. #13 0xb76cb1b4 in X11_GL_Shutdown () from /usr/lib/libSDL-1.2.so.0 No locals. #14 0x0842cc10 in ?? () No symbol table info available. #15 0x00000000 in ?? () No symbol table info available.
Fixed in commit e9c2c4a76466fc1ccfbf4d5de048414f7126b940 to 7.8 branch. Only one bug per report, please :)
This hasn't been committed to master it seems.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.