Bug 21063

Summary: Crash in mesa-7.4's i915_dri.so (Java OpenGL, Runescape HD, before log on)
Product: Mesa Reporter: Timo Aaltonen <tjaalton>
Component: Drivers/DRI/i965Assignee: Ian Romanick <idr>
Status: RESOLVED INVALID QA Contact:
Severity: normal    
Priority: medium CC: colin, mdv, tim
Version: unspecifiedKeywords: NEEDINFO
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Timo Aaltonen 2009-04-05 11:16:16 UTC 
Forwarded from launchpad:

https://bugs.launchpad.net/ubuntu/+source/mesa/+bug/355742

There is a new crash in i915_dri.so after updating Jaunty to the mesa-7.4 packages. I'm encountering it using the online Java-based game "Runescape" (which uses JOGL -- Java OpenGL bindings).

Steps to reproduce (no Runescape account needed):
   1. Using Ubuntu Jaunty i386 updated to the mesa-7.4 packages, and the Intel Q35 graphics chipset (other Intel chipsets likely share the same issue).
   2. Visit http://www.runescape.com/game.ws?m=1&j=1
   3. Enable HD (High-Detail) mode if not already enabled. No need to log on, the crash should happen within a few seconds.

Attached is a backtrace after recompiling the mesa-7.4 packages with extra debug info (-g3). The backtrace was taken while using Sun Java JRE 6u12, but the Java version does not seem to matter.

This particular crash does not occur on another machine with an ATI graphics card, but other crashes do, such as when you move the Firefox window, or when Firefox loses focus. It is very touchy.


Program received signal SIGSEGV, Segmentation fault.
_mesa_sse_transform_points3_2d_no_rot () at x86/sse_xform3.S:413
413		MOVLPS( S(0), XMM0 )			/* oy | ox */
Current language:  auto; currently asm
#0  _mesa_sse_transform_points3_2d_no_rot () at x86/sse_xform3.S:413
No locals.
#1  0xad25bd5f in run_vertex_stage (ctx=0x9860d60, stage=0x98cf8ac) at tnl/t_vb_vertex.c:144
No locals.
#2  0xad251884 in _tnl_run_pipeline (ctx=0x9860d60) at tnl/t_pipeline.c:158
	tnl = (TNLcontext *) 0x98cf758
	__tmp = 639
	i = 0
	mask = 63
#3  0xad1a46b9 in intelRunPipeline (ctx=0x9860d60) at intel_tris.c:1079
No locals.
#4  0xad251df5 in _tnl_draw_prims (ctx=0x9860d60, arrays=0x98bde60, prim=0xabf274e0, nr_prims=1, ib=0x0, min_index=0, max_index=3) at tnl/t_draw.c:402
	bo = {0x9d49a88, 0xad2163ce, 0xb7f9305c, 0x84c4063, 0x9b65de0, 0x0, 0x1, 0x0, 0x48c, 0xad38eff4, 0x9860d60, 0x0, 0xabf27468, 0xad22d93d, 0x8b8cbe0, 0x0, 0x0, 0xad38eff4, 0x9860d60, 0xad38eff4, 0xabf27488, 0xad2168c2, 0x9860d60, 0xabf2747c, 0x9b5cf00, 0xad1e0238, 0xad38eff4, 0x9860d60, 0xabf274a8, 0xad2e2840, 0x9860d60, 0x9860d60, 0xabf274b8}
	nr_bo = 1
	tnl = (TNLcontext *) 0x98cf758
#5  0xad24a420 in vbo_exec_DrawArrays (mode=6, start=0, count=4) at vbo/vbo_exec_array.c:267
	ctx = (GLcontext *) 0x9860d60
	prim = {{mode = 6, indexed = 0, begin = 1, end = 1, weak = 0, pad = 0, start = 0, count = 4}}
#6  0xad170425 in intel_clear_tris (ctx=0x9860d60, mask=2) at intel_clear.c:225
	this_mask = 4294967293
	color_bit = <value optimized out>
	vertices = {{0, 0, 1}, {1165, 0, 1}, {1165, 662, 1}, {0, 662, 1}}
	color = {{0.788235307, 0.819607854, 0.819607854, 0}, {0.788235307, 0.819607854, 0.819607854, 0}, {0.788235307, 0.819607854, 0.819607854, 0}, {0.788235307, 0.819607854, 0.819607854, 0}}
	dst_z = 1165
	fb = (struct gl_framebuffer *) 0x9b5c248
	saved_fp_enable = 0 '\0'
	saved_vp_enable = 0 '\0'
	saved_shader_program = 0
	saved_active_texture = 0
	__PRETTY_FUNCTION__ = "intel_clear_tris"
#7  0xad1708de in intelClear (ctx=0x9860d60, mask=258) at intel_clear.c:372
	tri_mask = 2
	blit_mask = <value optimized out>
	swrast_mask = 0
	fb = (struct gl_framebuffer *) 0x9b5c248
	i = 162907228
#8  0xad1c27a9 in _mesa_Clear (mask=16640) at main/clear.c:182
	bufferMask = 258
	ctx = (GLcontext *) 0x9860d60
#9  0xab7bab77 in Java_com_sun_opengl_impl_GLImpl_glClear () from /home/tim/.jagex_cache_32/runescape/libjogl.so
Comment 1 incubusss 2009-04-15 18:11:24 UTC 
I can confirm this on mandriva 2009.1 cooker with mesa 7.4, nexuiz crashes when vertexs are enabled :

#0  transform_points3_2d_no_rot (to_vec=0x659b7d8, m=<value optimized out>, from_vec=0x6518128) at math/m_xform_tmp.h:493
	oy = 16777215
	oz = <value optimized out>
	stride = 12
	from = (GLfloat *) 0x7fff2c503ef0
	count = 4
	m0 = 0.00249999994
	m5 = 0.00333333341
	m12 = -1
	m13 = -1
#1  0x00007f4f07bed492 in run_vertex_stage (ctx=0x647dc30, stage=<value optimized out>) at tnl/t_vb_vertex.c:144
	store = (struct vertex_stage_data *) 0x659b7b0
	tnl = (TNLcontext *) 0x6516f30
#2  0x00007f4f07be2ad4 in _tnl_run_pipeline (ctx=0x647dc30) at tnl/t_pipeline.c:158
	tnl = (TNLcontext *) 0x6516f30
	i = 0
#3  0x00007f4f07f54460 in intelRunPipeline (ctx=0x647dc30) at intel_tris.c:1079
	intel = (struct intel_context *) 0x647dc30
#4  0x00007f4f07be3659 in _tnl_draw_prims (ctx=0x647dc30, arrays=<value optimized out>, prim=0x7fff17691fd0, nr_prims=1, 
    ib=0x0, min_index=12, max_index=3) at tnl/t_draw.c:402
	bo = {0x14e71d80, 0x157b8160, 0x157d8160, 0x7f4f0df56a00, 0x1f410, 0x4000, 0x7f4f0df56a00, 0x1, 0x28, 0x0, 0x64ae2b0, 
  0x7f4f07b8c1d8, 0x40, 0x7f4f07bcd571, 0x120, 0x64adec8, 0x647dc30, 0x0, 0x6, 0x7f4f07bd5d97, 0x6599be0, 0x7f4f07bd5ae9, 
  0x647e7b8, 0x647dc30, 0x484063, 0x7f4f07f32113, 0x647dc30, 0x647dc30, 0x0, 0x7f4f07ba222f, 0x6, 0x647dc30, 0x4}
	nr_bo = 1
	tnl = (TNLcontext *) 0x6516f30
#5  0x00007f4f07bda929 in vbo_exec_DrawArrays (mode=6, start=0, count=4) at vbo/vbo_exec_array.c:267
	ctx = (GLcontext *) 0x647dc30
	prim = {{mode = 6, indexed = 0, begin = 1, end = 1, weak = 0, pad = 0, start = 0, count = 4}}
#6  0x00007f4f07f27651 in intel_clear_tris (ctx=0x647dc30, mask=2) at intel_clear.c:225
	this_mask = 2
	color_bit = <value optimized out>
	intel = (struct intel_context *) 0x647dc30
	vertices = {{0, 0, 1}, {800, 0, 1}, {800, 600, 1}, {0, 600, 1}}
	color = {{0, 0, 0, 0}, {0, 0, 0, 0}, {0, 0, 0, 0}, {0, 0, 0, 0}}
	dst_z = <value optimized out>
	fb = <value optimized out>
	saved_fp_enable = 0 '\0'
	saved_vp_enable = 0 '\0'
	saved_shader_program = 0
	saved_active_texture = 0
#7  0x00007f4f07f279f8 in intelClear (ctx=0x647dc30, mask=770) at intel_clear.c:372
	intel = (struct intel_context *) 0x647dc30
	tri_mask = 2
	blit_mask = 768
	swrast_mask = 0
	fb = (struct gl_framebuffer *) 0x6599be0
	i = 770
#8  0x00007f4f07b36259 in _mesa_Clear (mask=17664) at main/clear.c:182
	bufferMask = 106054816
	ctx = (GLcontext *) 0x647dc30
#9  0x0000000000466bcb in strcmp () at ../sysdeps/x86_64/strcmp.S:29
No symbol table info available.
#10 0x000000000043ad0b in strcmp () at ../sysdeps/x86_64/strcmp.S:29
No symbol table info available.
#11 0x000000000043f459 in strcmp () at ../sysdeps/x86_64/strcmp.S:29
No symbol table info available.
#12 0x0000000000494645 in strcmp () at ../sysdeps/x86_64/strcmp.S:29
No symbol table info available.
#13 0x00000000004038d0 in strcmp () at ../sysdeps/x86_64/strcmp.S:29
No symbol table info available.
#14 0x00007f4f0dc17446 in __libc_start_main (main=0x403880 <strcmp+1104>, argc=1, ubp_av=0x7fff17692418, 
    init=0x556070 <strcmp+1387584>, fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=0x7fff17692408)
    at libc-start.c:220
	result = <value optimized out>
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {5595248, 838111236253416980, 4208496, 140733586154512, 0, 0, 
        -837740548754899436, -774748635628306924}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x1, 0x403880}, data = {
      prev = 0x0, cleanup = 0x0, canceltype = 1}}}
	not_first_call = <value optimized out>
#15 0x0000000000403799 in strcmp () at ../sysdeps/x86_64/strcmp.S:29
No symbol table info available.
#16 0x00007fff17692408 in ?? ()
No symbol table info available.
#17 0x000000000000001c in ?? ()
No symbol table info available.
#18 0x0000000000000001 in ?? ()
No symbol table info available.
#19 0x00007fff17693136 in ?? ()
No symbol table info available.
#20 0x0000000000000000 in ?? ()
No symbol table info available.

(tell me if you want a bt with all debug packages installed, I'll redo it)
Comment 2 Eric Anholt 2009-07-01 13:57:14 UTC 
When I click "HD" in runescape login, the window goes white and nothing happens.

In nexuiz, "vertex and some triangles" mode is enabled (assuming that's what was meant?), and it works except for opponents not being visible when I choose "instant action", but I don't see the bug reported here.

So, can you verify that it still exists on Mesa master, and if so, provide some more detail on how to reproduce the problem?
Comment 3 Tim Utschig 2009-07-09 08:54:21 UTC 
Apparently this bug was fixed in Runescape by Jagex (see Launchpad # 355742).  Unclear whether or not this was ever a bug in mesa.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.