Bug 34545 - [gallium] segfault with vertarrays in mixed user/gpu buffers
Summary: [gallium] segfault with vertarrays in mixed user/gpu buffers
Status: RESOLVED FIXED
Alias: None
Product: Mesa
Classification: Unclassified
Component: Drivers/Gallium/r300 (show other bugs)
Version: git
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: Default DRI bug account
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-02-21 13:13 UTC by Wiktor Janas
Modified: 2011-02-22 05:18 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
the test case (1.54 KB, text/x-csrc)
2011-02-21 13:13 UTC, Wiktor Janas 		Details
View All

Description Wiktor Janas 2011-02-21 13:13:04 UTC 
Created attachment 43618 [details]
the test case

Hello, while researching for bug 34418 I have encountered an segmentation fault trigerred when the __first__ vertex array is placed in user buffer and the second on gpu. When first array in on gpu and second in user buffer, invalid rendering occurs. This is gallium-wide (happens with both r300g and swrastg), although I cannot extract meaningful backtrace from swrastg. My shot is that is_interleaved_arrays in st_draw.c handles those cases incorrectly (at least that's the code that gave me inspiration to write the test). Interestingly, the backtraces from r300g have changed between HEAD and before-2a904fd6a0c (before "set vertex arrays state only when necessary"). This is propably correct. The current one is

#0  radeon_add_reloc (rcs=0x7f5b1e508010, buf=0x0, rd=R300_DOMAIN_GTT, wd=0) at radeon_drm_cs.c:230
#1  radeon_drm_cs_add_reloc (rcs=0x7f5b1e508010, buf=0x0, rd=R300_DOMAIN_GTT, wd=0) at radeon_drm_cs.c:297
#2  0x00007f5b1a79f032 in r300_emit_buffer_validate (r300=0x16993a0, do_validate_vertex_buffers=<value optimized out>, index_buffer=<value optimized out>)
    at r300_emit.c:1192
#3  0x00007f5b1a7a21f1 in r300_emit_states (r300=0x16993a0, flags=<value optimized out>, index_buffer=0x2, buffer_offset=0, index_bias=0) at r300_render.c:252
#4  0x00007f5b1a7a3d95 in r300_draw_arrays (pipe=0x16993a0, info=<value optimized out>) at r300_render.c:710
#5  r300_draw_vbo (pipe=0x16993a0, info=<value optimized out>) at r300_render.c:775
#6  0x00007f5b1a849de8 in st_draw_vbo (ctx=<value optimized out>, arrays=<value optimized out>, prims=<value optimized out>, nr_prims=1, ib=0x0, 
    index_bounds_valid=<value optimized out>, min_index=0, max_index=31) at state_tracker/st_draw.c:717
#7  0x00007f5b1a8e18fb in vbo_draw_arrays (ctx=0x16bb170, mode=6, start=0, count=<value optimized out>, numInstances=1) at vbo/vbo_exec_array.c:615
#8  0x0000000000400e1f in render () at immedcrash.c:15

while the old one is 

#0  0x00007f74d66a823a in u_vbuf_mgr_set_vertex_buffers (mgrb=0x1ea5060, count=1, bufs=0x0) at util/u_vbuf_mgr.c:482
#1  0x00007f74d64e50aa in r300_set_vertex_buffers (pipe=0x1eb6360, count=1, buffers=0x7fff228a33d0) at r300_state.c:1491
#2  0x00007f74d6586fcf in st_draw_vbo (ctx=<value optimized out>, arrays=<value optimized out>, prims=<value optimized out>, nr_prims=<value optimized out>, 
    ib=<value optimized out>, index_bounds_valid=<value optimized out>, min_index=0, max_index=31) at state_tracker/st_draw.c:707
#3  0x00007f74d661ee4b in vbo_draw_arrays (ctx=0x1ee3f10, mode=6, start=0, count=<value optimized out>, numInstances=1) at vbo/vbo_exec_array.c:593
#4  0x0000000000400e1f in render () at immedcrash.c:15
Comment 1 Marek Olšák 2011-02-22 00:36:02 UTC 
This should fix it:

http://lists.freedesktop.org/archives/mesa-dev/2011-February/005596.html
Comment 2 Wiktor Janas 2011-02-22 00:58:08 UTC 
(In reply to comment #1)
> This should fix it:
Yes it does, but this commit is not in git yet.
Comment 3 Marek Olšák 2011-02-22 05:18:58 UTC 
I pushed the patch to master. Thanks for the test case.

Closing..

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.