[Mesa-dev] [Bug 90904] OSX: EXC_BAD_ACCESS when using translate_sse + gallium + softpipe/llvmpipe

Mon, 08 Jun 2015 13:30:07 -0700 

https://bugs.freedesktop.org/show_bug.cgi?id=90904

            Bug ID: 90904
           Summary: OSX: EXC_BAD_ACCESS when using translate_sse + gallium
                    + softpipe/llvmpipe
           Product: Mesa
           Version: git
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: Mesa core
          Assignee: mesa-dev@lists.freedesktop.org
          Reporter: julien.iso...@gmail.com
        QA Contact: mesa-dev@lists.freedesktop.org

When running es2gears_x11 it crashes with:

* thread #1: tid = 0xbfbac, 0x0000000100801200, queue =
'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=2,
address=0x100801200)
  * frame #0: 0x0000000100801200
    frame #1: 0x0000000101da4290
swrast_dri.so`draw_pt_emit_linear(emit=0x0000000100405cd0,
vert_info=0x00007fff5fbfefa8, prim_info=0x00007fff5fbff058) + 448 at
draw_pt_emit.c:238
    frame #2: 0x0000000101f3b012 swrast_dri.so`emit(emit=0x0000000100405cd0,
vert_info=0x00007fff5fbfefa8, prim_info=0x00007fff5fbff058) + 50 at
draw_pt_fetch_shade_pipeline_llvm.c:331
    frame #3: 0x0000000101f3aa82
swrast_dri.so`llvm_pipeline_generic(middle=0x0000000100405bc0,
fetch_info=0x0000000000000000, in_prim_info=0x00007fff5fbff058) + 1586 at
draw_pt_fetch_shade_pipeline_llvm.c:466
    frame #4: 0x0000000101f3a2b3
swrast_dri.so`llvm_middle_end_linear_run(middle=0x0000000100405bc0, start=0,
count=7, prim_flags=0) + 131 at draw_pt_fetch_shade_pipeline_llvm.c:530
    frame #5: 0x0000000101db4de8
swrast_dri.so`vsplit_segment_simple_linear(vsplit=0x000000010102b800, flags=0,
istart=0, icount=7) + 104 at draw_pt_vsplit_tmp.h:240
    frame #6: 0x0000000101db1c69
swrast_dri.so`vsplit_run_linear(frontend=0x000000010102b800, start=0, count=7)
+ 249 at draw_split_tmp.h:60
    frame #7: 0x0000000101da35ba
swrast_dri.so`draw_pt_arrays(draw=0x0000000101016200, prim=5, start=0, count=7)
+ 842 at draw_pt.c:149
    frame #8: 0x0000000101da2c2c
swrast_dri.so`draw_vbo(draw=0x0000000101016200, info=0x00007fff5fbff208) + 668
at draw_pt.c:564
    frame #9: 0x0000000101f9027c
swrast_dri.so`llvmpipe_draw_vbo(pipe=0x0000000101013e00,
info=0x00007fff5fbff328) + 972 at lp_draw_arrays.c:132
    frame #10: 0x0000000101d82059
swrast_dri.so`cso_draw_vbo(cso=0x00000001010d3e00, info=0x00007fff5fbff328) +
89 at cso_context.c:1515
    frame #11: 0x0000000101ad3c34
swrast_dri.so`st_draw_vbo(ctx=0x00000001002cf000, prims=0x00007fff5fbff440,
nr_prims=1, ib=0x0000000000000000, index_bounds_valid='\x01', min_index=0,
max_index=6, tfb_vertcount=0x0000000000000000, indirect=0x0000000000000000) +
1108 at st_draw.c:286
    frame #12: 0x0000000101a7883f
swrast_dri.so`vbo_draw_arrays(ctx=0x00000001002cf000, mode=5, start=0, count=7,
numInstances=1, baseInstance=0) + 767 at vbo_exec_array.c:645
    frame #13: 0x0000000101a75304 swrast_dri.so`vbo_exec_DrawArrays(mode=5,
start=0, count=7) + 228 at vbo_exec_array.c:797
    frame #14: 0x000000010000adb8 libGLESv2.2.dylib`glDrawArrays(mode=5,
first=0, count=7) + 56 at glapi_mapi_tmp.h:1613
    frame #15: 0x0000000100003485 es2gears_x11`draw_gear + 1637
    frame #16: 0x00000001000020b0 es2gears_x11`gears_draw + 928
    frame #17: 0x00000001000042f7 es2gears_x11`_eglutNativeEventLoop + 455
    frame #18: 0x0000000100001a74 es2gears_x11`main + 676
    frame #19: 0x00007fff886ee5c9 libdyld.dylib`start + 1

(lldb) di -f
-> 0x100801200:  pushq  %rbx
   0x100801201:  pushq  %rbp
   0x100801202:  movl   %edx, %ebp
   0x100801204:  movq   %r9, %rbx
   0x100801207:  xorl   %eax, %eax
   0x100801209:  cmpl   %eax, %ebp
   0x10080120b:  je     0x10080125e
   0x100801211:  movl   %esi, %eax
   0x100801213:  cmpl   0x478(%rdi), %eax
   0x100801219:  cmovael 0x478(%rdi), %eax



   0           push EBX
   1           push EBP
   2            mov EBP, EDX
   4          mov64 EBX, 
   7            xor EAX, EAX
   9            cmp EBP, EAX
   b    jcc_forward 4
  11            mov EAX, ESI
  13            cmp EAX, [EDI+1144]
  19         cmovcc EAX, [EDI+1144], 3
  20            mov EDX, [EDI+1136]
  27           imul EAX, EDX
  2b            add EAX, [EDI+1128]
  31            cmp EBP, EAX
  34            mov ESI, EAX
  36         movdqu XMM0, [ESI]
  3a         movdqu [EBX], XMM0
  3e         movdqu XMM0, [ESI+16]
  43         movdqu [EBX+16], XMM0
  49            lea EBX, [EBX+32]
  4d            add ESI, [EDI+1136]
  53    prefetchnta [ESI+192]
  5a            dec EBP
  5c            jcc 5
  5e            pop EBP
  5f            pop EBX
  60            ret 

   0           push EBX
   1           push EBP
   2            mov EBP, EDX
   4          mov64 EBX, 
   7            xor EAX, EAX
   9            cmp EBP, EAX
   b    jcc_forward 4
  11            mov ECX, [ESI]
  13            cmp ECX, [EDI+1144]
  19         cmovcc ECX, [EDI+1144], 3
  20            mov EDX, [EDI+1136]
  27           imul ECX, EDX
  2b            add ECX, [EDI+1128]
  31         movdqu XMM0, [ECX]
  35         movdqu [EBX], XMM0
  39         movdqu XMM0, [ECX+16]
  3e         movdqu [EBX+16], XMM0
  44            lea EBX, [EBX+32]
  48            lea ESI, [ESI+4]
  4b            dec EBP
  4d            jcc 5
  4f            pop EBP
  50            pop EBX
  51            ret 

   0           push EBX
   1           push EBP
   2            mov EBP, EDX
   4          mov64 EBX, 
   7            xor EAX, EAX
   9            cmp EBP, EAX
   b    jcc_forward 4
  11        movzx16 ECX, [ESI]
  14            cmp ECX, [EDI+1144]
  1a         cmovcc ECX, [EDI+1144], 3
  21            mov EDX, [EDI+1136]
  28           imul ECX, EDX
  2c            add ECX, [EDI+1128]
  32         movdqu XMM0, [ECX]
  36         movdqu [EBX], XMM0
  3a         movdqu XMM0, [ECX+16]
  3f         movdqu [EBX+16], XMM0
  45            lea EBX, [EBX+32]
  49            lea ESI, [ESI+2]
  4c            dec EBP
  4e            jcc 5
  50            pop EBP
  51            pop EBX
  52            ret 

   0           push EBX
   1           push EBP
   2            mov EBP, EDX
   4          mov64 EBX, 
   7            xor EAX, EAX
   9            cmp EBP, EAX
   b    jcc_forward 4
  11         movzx8 ECX, [ESI]
  14            cmp ECX, [EDI+1144]
  1a         cmovcc ECX, [EDI+1144], 3
  21            mov EDX, [EDI+1136]
  28           imul ECX, EDX
  2c            add ECX, [EDI+1128]
  32         movdqu XMM0, [ECX]
  36         movdqu [EBX], XMM0
  3a         movdqu XMM0, [ECX+16]
  3f         movdqu [EBX+16], XMM0
  45            lea EBX, [EBX+32]
  49            lea ESI, [ESI+1]
  4c            dec EBP
  4e            jcc 5
  50            pop EBP
  51            pop EBX
  52            ret 
disassemble 0x100801200 0x100801261

disassemble 0x100843600 0x100843652

disassemble 0x1010c4200 0x1010c4253

disassemble 0x100843a00 0x100843a53

It crashes when calling:

translate->run(translate,
                  0,
                  count,
                  draw->start_instance,
                  draw->instance_id,
                  hw_verts);


If it fails "on -> 0x100801200:  pushq  %rbx" I guess something went wrong
before.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.

_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/mesa-dev

Reply via email to