27937 – 0ad: SEGV in r700_assembler.c next_ins() with RV670 kms

Bug 27937 - 0ad: SEGV in r700_assembler.c next_ins() with RV670 kms

Summary: 0ad: SEGV in r700_assembler.c next_ins() with RV670 kms

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Mesa
Classification:	Unclassified
Component:	Drivers/DRI/R600 (show other bugs)
Version:	git
Hardware:	x86-64 (AMD64) Linux (All)

Importance:	medium normal
Assignee:	Default DRI bug account
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-05-02 04:33 UTC by Andre Heider
Modified:	2012-09-11 17:47 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments
dmesg (52.58 KB, text/plain) 2010-05-02 04:33 UTC, Andre Heider	Details
Xorg.0.log (36.17 KB, text/plain) 2010-05-02 04:34 UTC, Andre Heider	Details
Xorg.0.log (81.58 KB, text/x-log) 2010-05-29 08:35 UTC, Török Edwin	Details
dmesg (72.52 KB, application/octet-stream) 2010-05-29 08:35 UTC, Török Edwin	Details
View All

Description Andre Heider 2010-05-02 04:33:20 UTC

the game 0ad crashes when just starting a single player game.

ubuntu lucid, mainline 2.6.34-rc6, xorg-edgers

#0  0x00007fffea2926e3 in next_ins (pAsm=0x7fffe11b4690)
    at r700_assembler.c:2619
No locals.
#1  0x00007fffea292f4b in assemble_MOV (pAsm=0x7fffe11b4690)
    at r700_assembler.c:3874
No locals.
#2  0x00007fffea297b4d in AssembleInstr (uiFirstInst=1, uiIL_Shift=256, 
    uiNumberInsts=4, pILInst=0x7fffe11b6550, pR700AsmCode=0x7fffe11b4690)
    at r700_assembler.c:5622
No locals.
#3  0x00007fffea299678 in r700TranslateFragmentShader (fp=0x7fffe11b03e0, 
    mesa_fp=0x7fffe11b03e0, ctx=0xb615d0) at r700_fragprog.c:412
        number_of_colors_exported = <value optimized out>
        z_enabled = <value optimized out>
        shadow_unit = <value optimized out>
        i = 126
        inst = 0x0
        shadow_ambient = {STATE_INTERNAL, STATE_SHADOW_AMBIENT, 0, 0, 0}
#4  0x00007fffea2a4ac7 in r700UpdateShaders (ctx=0x7fffe11b4690)
    at r700_state.c:73
No locals.
#5  0x00007fffea2a6097 in r700TryDrawPrims (ctx=0xb615d0, 
    arrays=<value optimized out>, prim=<value optimized out>, 
    nr_prims=<value optimized out>, ib=0x7fffffffdfe0, 
    index_bounds_valid=<value optimized out>, min_index=0, max_index=126)
    at r700_render.c:904
        i = <value optimized out>
        rrb = <value optimized out>
        emit_end = <value optimized out>
#6  r700DrawPrims (ctx=0xb615d0, arrays=<value optimized out>, 
    prim=<value optimized out>, nr_prims=<value optimized out>, 
    ib=0x7fffffffdfe0, index_bounds_valid=<value optimized out>, min_index=0, 
    max_index=126) at r700_render.c:993
No locals.
#7  0x00007fffea350dec in vbo_validated_drawrangeelements (ctx=0xb615d0, 
    mode=4, index_bounds_valid=<value optimized out>, start=0, end=126, 
    count=126, type=5123, indices=0x7fffe110b010, basevertex=0, primcount=1)
    at vbo/vbo_exec_array.c:721
        ib = {count = 126, type = 5123, obj = 0xb03e80, ptr = 0x7fffe110b010}
        prim = {{mode = 4, indexed = 1, begin = 1, end = 1, weak = 0, pad = 0, 
            start = 0, count = 126, basevertex = 0, num_instances = 1}}
#8  0x00007fffea35107d in vbo_exec_DrawRangeElementsBaseVertex (
    mode=<value optimized out>, start=0, end=126, count=126, type=5123, 
    indices=0x7fffe110b010, basevertex=0) at vbo/vbo_exec_array.c:829
        warnCount = 0
        ctx = 0xb615d0
        __PRETTY_FUNCTION__ = "vbo_exec_DrawRangeElementsBaseVertex"
#9  0x00007fffea351170 in vbo_exec_DrawRangeElements (mode=3776661136, 
    start=256, end=7, count=-518298288, type=256, indices=0x3)
    at vbo/vbo_exec_array.c:846
No locals.

Comment 1 Andre Heider 2010-05-02 04:33:54 UTC

Created attachment 35375 [details]
dmesg

Comment 2 Andre Heider 2010-05-02 04:34:15 UTC

Created attachment 35376 [details]
Xorg.0.log

Comment 3 Andre Heider 2010-05-02 04:41:42 UTC

the game binary is from here:
http://www.playdeb.net/software/0%20A.D.

ii  0ad                                       0.0.0+r07419~pre-alpha-1~getdeb2                                A war/economy strategy game
ii  0ad-data                                  0.0.0+r07419~pre-alpha-1~getdeb1                                A war/economy strategy game (data files)

Comment 4 Török Edwin 2010-05-29 08:31:52 UTC

Happens on rv730 too, see backtrace below.
OpenGL vendor string: Advanced Micro Devices, Inc.
OpenGL renderer string: Mesa DRI R600 (RV730 9498) 20090101  TCL DRI2
OpenGL version string: 2.1 Mesa 7.9-devel
OpenGL shading language version string: 1.20

Mesa is latest git master, built like this:
./configure --prefix=/opt/xorg --with-dri-drivers=r600,swrast --disable-gallium --with-dri-driverdir=/opt/xorg/lib/dri --enable-glx-tls PKG_CONFIG_PATH=/opt/xorg/lib/pkgconfig/

Steps to reproduce:
1. download sources and data from here:
http://trac.wildfiregames.com/wiki/LatestRelease
2. follow the Linux build instructions
http://trac.wildfiregames.com/wiki/BuildInstructions#Unix
3. launch pyrogenesis_dbg
4. a warning about missing S3TC pops up, ignore it.
5. select 'single player game', press start game
6. when loading screen is near 100% the game crashes. everytime.

Backtrace:
(gdb) bt
#0  0x00007fffee697ce3 in next_ins (pAsm=0x27537c0) at r700_assembler.c:2619
#1  0x00007fffee69854b in assemble_MOV (pAsm=0x27537c0) at r700_assembler.c:3874
#2  0x00007fffee69d14d in AssembleInstr (uiFirstInst=1, uiIL_Shift=256, uiNumberInsts=4, pILInst=0x2755690, 
    pR700AsmCode=0x27537c0) at r700_assembler.c:5622
#3  0x00007fffee69ec78 in r700TranslateFragmentShader (fp=0x274f510, mesa_fp=0x274f510, ctx=0x7fffe8162360)
    at r700_fragprog.c:412
#4  0x00007fffee6aa0c7 in r700UpdateShaders (ctx=0x27537c0) at r700_state.c:73
#5  0x00007fffee6ab697 in r700TryDrawPrims (ctx=0x7fffe8162360, arrays=<value optimized out>, prim=<value optimized out>, 
    nr_prims=<value optimized out>, ib=0x7fffffffdaf0, index_bounds_valid=<value optimized out>, min_index=0, max_index=90)
    at r700_render.c:904
#6  r700DrawPrims (ctx=0x7fffe8162360, arrays=<value optimized out>, prim=<value optimized out>, 
    nr_prims=<value optimized out>, ib=0x7fffffffdaf0, index_bounds_valid=<value optimized out>, min_index=0, max_index=90)
    at r700_render.c:993
#7  0x00007fffee76fefc in vbo_validated_drawrangeelements (ctx=0x7fffe8162360, mode=4, 
    index_bounds_valid=<value optimized out>, start=0, end=90, count=90, type=5123, indices=0x26c76a0, basevertex=0, 
    primcount=1) at vbo/vbo_exec_array.c:732
#8  0x00007fffee77018d in vbo_exec_DrawRangeElementsBaseVertex (mode=<value optimized out>, start=0, end=90, count=90, 
    type=5123, indices=0x26c76a0, basevertex=0) at vbo/vbo_exec_array.c:844
#9  0x00007fffee770280 in vbo_exec_DrawRangeElements (mode=41236416, start=256, end=7, count=41244304, type=256, indices=0x3)
    at vbo/vbo_exec_array.c:864
#10 0x0000000000937fd3 in HWLightingModelRenderer::RenderModel (this=0xff1c30, streamflags=9, model=0x7fffe89951e0, 
    data=0x26c77a0) at ../../../source/renderer/HWLightingModelRenderer.cpp:323
#11 0x0000000000925c13 in SortModelRenderer::Render (this=0xff7900, modifier=..., flags=1)
    at ../../../source/renderer/TransparencyRenderer.cpp:574
#12 0x00000000009104f8 in CRenderer::RenderShadowMap (this=0xf70340) at ../../../source/renderer/Renderer.cpp:863
#13 0x0000000000911f38 in CRenderer::RenderSubmissions (this=0xf70340) at ../../../source/renderer/Renderer.cpp:1228
#14 0x0000000000912aab in CRenderer::RenderScene (this=0xf70340, scene=0x17a1310)
    at ../../../source/renderer/Renderer.cpp:1454
#15 0x00000000008e535a in CGameView::Render (this=0x17a1310) at ../../../source/graphics/GameView.cpp:320
#16 0x000000000077f7f0 in Render () at ../../../source/ps/GameSetup/GameSetup.cpp:245
#17 0x000000000061f226 in Frame () at ../../../source/main.cpp:331
#18 0x000000000061f48b in RunGameOrAtlas (argc=1, argv=0x7fffffffe1b8) at ../../../source/main.cpp:411
#19 0x000000000061f530 in main (argc=1, argv=0x7fffffffe1b8) at ../../../source/main.cpp:424

Comment 5 Török Edwin 2010-05-29 08:35:30 UTC

Created attachment 35943 [details]
Xorg.0.log

Comment 6 Török Edwin 2010-05-29 08:35:52 UTC

Created attachment 35944 [details]
dmesg

Comment 7 Nix 2010-06-08 09:30:51 UTC

What appears to be the same crash happens with scorched3d on my r770 as well, with both 2.6.32 and 2.6.34. The common factor appears to be Mesa 7.8.x, right up to 7.8.2 (head of the 7.8 branch) (7.7 does not crash), so maybe this should be moved to the Mesa bug db?

Backtrace (stack frame 18 and below significant):

#0  0x00007f122730eada in radeonFlush (ctx=0x4c67ae0) at radeon_common.c:1129
#1  0x00007f1227306763 in radeon_firevertices (ctx=0x4c67ae0, texObj=0x4cac490) at radeon_cmdbuf.h:118
#2  r600DeleteTexture (ctx=0x4c67ae0, texObj=0x4cac490) at r600_tex.c:347
#3  0x00007f12273922ee in _mesa_free_texture_data (ctx=0x4c67ae0) at main/texstate.c:809
#4  0x00007f122732cee8 in _mesa_free_context_data (ctx=0x4c67ae0) at main/context.c:961
#5  0x00007f122732d01e in _mesa_destroy_context (ctx=0x4c67ae0) at main/context.c:1020
#6  0x00007f122730d715 in radeonDestroyContext (driContextPriv=<value optimized out>) at radeon_common_context.c:323
#7  0x00007f12272e4110 in driDestroyContext (pcp=0x4bfb450) at ../common/dri_util.c:551
#8  0x00007f122e773963 in dri2DestroyContext (context=0x4b95460, psc=0x0, dpy=0x5) at dri2_glx.c:100
#9  0x00007f122e74cae8 in DestroyContext (dpy=0x4b904f0, gc=0x4c1f590) at glxcmds.c:584
#10 0x00007f122de300f2 in X11_GL_Shutdown (this=0x4ba2460) at ./src/video/x11/SDL_x11gl.c:322
#11 0x00007f122de3443e in X11_DestroyWindow (this=0x4ba2460, screen=0x0) at ./src/video/x11/SDL_x11video.c:709
#12 0x00007f122de34657 in X11_VideoQuit (this=0x4ba2460) at ./src/video/x11/SDL_x11video.c:1488
#13 0x00007f122de238a2 in SDL_VideoQuit () at ./src/video/SDL_video.c:1352
#14 0x00007f122ddfc835 in SDL_QuitSubSystem (flags=80100320) at ./src/SDL.c:202
#15 0x00007f122ddfc8ce in SDL_Quit () at ./src/SDL.c:222
#16 0x00007f122ddfd10f in SDL_Parachute (sig=11) at ./src/SDL_fatal.c:41
#17 <signal handler called>
#18 0x00007f12272f1693 in next_ins (pAsm=0x6643190) at r700_assembler.c:2619
#19 0x00007f12272f48e9 in assemble_MUL (pAsm=0x6643190) at r700_assembler.c:3906
#20 0x00007f12272f6add in AssembleInstr (uiFirstInst=<value optimized out>, uiIL_Shift=257, uiNumberInsts=3, pILInst=0x6645080, pR700AsmCode=0x6643190) at r700_assembler.c:5626
#21 0x00007f12272f8567 in r700TranslateFragmentShader (fp=0x663eee0, mesa_fp=0x663eee0, ctx=0x4c67ae0) at r700_fragprog.c:412
#22 0x00007f12273030e7 in r700UpdateShaders (ctx=0x6643190) at r700_state.c:72
#23 0x00007f12273046b6 in r700TryDrawPrims (ctx=0x4c67ae0, arrays=<value optimized out>, prim=<value optimized out>, nr_prims=<value optimized out>, ib=0x0, index_bounds_valid=<value optimized out>, min_index=0,
    max_index=831) at r700_render.c:904
#24 r700DrawPrims (ctx=0x4c67ae0, arrays=<value optimized out>, prim=<value optimized out>, nr_prims=<value optimized out>, ib=0x0, index_bounds_valid=<value optimized out>, min_index=0, max_index=831)
    at r700_render.c:993
#25 0x00007f12273ab3de in vbo_exec_vtx_flush (exec=0x4cb54b0, unmap=<value optimized out>) at vbo/vbo_exec_draw.c:384
#26 0x000000000067e8a6 in VisibilityPatchGrid::drawLand (this=0x3ca5500, addIndex=<value optimized out>, simple=<value optimized out>) at ../land/VisibilityPatchGrid.cpp:338
#27 0x00000000006037c5 in Landscape::drawShadows (this=0x5023440) at ../landscape/Landscape.cpp:202
#28 0x00000000005306ff in AnimatedBackdropDialog::drawBackground (this=<value optimized out>) at ../dialogs/AnimatedBackdropDialog.cpp:119
#29 0x0000000000530759 in AnimatedBackdropDialog::draw (this=0x6643190) at ../dialogs/AnimatedBackdropDialog.cpp:107
#30 0x00000000005f5886 in GLWWindowManager::draw (this=0x501ffa0, state=<value optimized out>) at ../GLW/GLWWindowManager.cpp:302
#31 0x000000000046e840 in GameState::draw (this=0x4fdbec0) at ../../common/engine/GameState.cpp:427
#32 0x0000000000471f82 in MainLoop::draw (this=0x4ff7880) at ../../common/engine/MainLoop.cpp:118
#33 0x0000000000520dda in ClientMain::clientMain () at ../client/ClientMain.cpp:395
#34 0x000000000050ff2e in main (argc=3, argv=0x7fff18334658) at ./main.cpp:103

Comment 8 Henri Verbeet 2010-07-16 05:20:41 UTC

The original backtrace looks pretty similar to an issue fixed by 	1f7bc87391bc42eb9003020b7654e985494c6e61 and 	1ec492a366e236569dc68f4de32e641c88cbcd63. The backtrace in comment 7 looks different, but is probably a duplicate of bug 27141. May have been fixed by fef9b532cd1631cc53056b9eba4369d1310b88df.

Comment 9 Henri Verbeet 2010-07-16 05:24:03 UTC

(In reply to comment #8)
> The backtrace in comment 7 looks
> different, but is probably a duplicate of bug 27141.

(To clarify that a bit, lines #0 - #17 of that backtrace look like a separate issue from lines #18 - #34.)

Comment 10 Andreas Boll 2012-09-11 17:47:22 UTC

Note: classic r600 driver has been abandoned.

0ad works fine with r600g (gallium driver) on my rv770
tested with mesa git master e81ee67b51651e99e7e8e52c1ccafc66835d57cd
and mesa 8.0.4

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.