<html>
<head>
<base href="https://bugs.freedesktop.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - OSX: EXC_BAD_ACCESS when using translate_sse + gallium + softpipe/llvmpipe"
href="https://bugs.freedesktop.org/show_bug.cgi?id=90904">90904</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>OSX: EXC_BAD_ACCESS when using translate_sse + gallium + softpipe/llvmpipe
</td>
</tr>
<tr>
<th>Product</th>
<td>Mesa
</td>
</tr>
<tr>
<th>Version</th>
<td>git
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Other
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>medium
</td>
</tr>
<tr>
<th>Component</th>
<td>Mesa core
</td>
</tr>
<tr>
<th>Assignee</th>
<td>mesa-dev@lists.freedesktop.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>julien.isorce@gmail.com
</td>
</tr>
<tr>
<th>QA Contact</th>
<td>mesa-dev@lists.freedesktop.org
</td>
</tr></table>
<p>
<div>
<pre>When running es2gears_x11 it crashes with:
* thread #1: tid = 0xbfbac, 0x0000000100801200, queue =
'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=2,
address=0x100801200)
* frame #0: 0x0000000100801200
frame #1: 0x0000000101da4290
swrast_dri.so`draw_pt_emit_linear(emit=0x0000000100405cd0,
vert_info=0x00007fff5fbfefa8, prim_info=0x00007fff5fbff058) + 448 at
draw_pt_emit.c:238
frame #2: 0x0000000101f3b012 swrast_dri.so`emit(emit=0x0000000100405cd0,
vert_info=0x00007fff5fbfefa8, prim_info=0x00007fff5fbff058) + 50 at
draw_pt_fetch_shade_pipeline_llvm.c:331
frame #3: 0x0000000101f3aa82
swrast_dri.so`llvm_pipeline_generic(middle=0x0000000100405bc0,
fetch_info=0x0000000000000000, in_prim_info=0x00007fff5fbff058) + 1586 at
draw_pt_fetch_shade_pipeline_llvm.c:466
frame #4: 0x0000000101f3a2b3
swrast_dri.so`llvm_middle_end_linear_run(middle=0x0000000100405bc0, start=0,
count=7, prim_flags=0) + 131 at draw_pt_fetch_shade_pipeline_llvm.c:530
frame #5: 0x0000000101db4de8
swrast_dri.so`vsplit_segment_simple_linear(vsplit=0x000000010102b800, flags=0,
istart=0, icount=7) + 104 at draw_pt_vsplit_tmp.h:240
frame #6: 0x0000000101db1c69
swrast_dri.so`vsplit_run_linear(frontend=0x000000010102b800, start=0, count=7)
+ 249 at draw_split_tmp.h:60
frame #7: 0x0000000101da35ba
swrast_dri.so`draw_pt_arrays(draw=0x0000000101016200, prim=5, start=0, count=7)
+ 842 at draw_pt.c:149
frame #8: 0x0000000101da2c2c
swrast_dri.so`draw_vbo(draw=0x0000000101016200, info=0x00007fff5fbff208) + 668
at draw_pt.c:564
frame #9: 0x0000000101f9027c
swrast_dri.so`llvmpipe_draw_vbo(pipe=0x0000000101013e00,
info=0x00007fff5fbff328) + 972 at lp_draw_arrays.c:132
frame #10: 0x0000000101d82059
swrast_dri.so`cso_draw_vbo(cso=0x00000001010d3e00, info=0x00007fff5fbff328) +
89 at cso_context.c:1515
frame #11: 0x0000000101ad3c34
swrast_dri.so`st_draw_vbo(ctx=0x00000001002cf000, prims=0x00007fff5fbff440,
nr_prims=1, ib=0x0000000000000000, index_bounds_valid='\x01', min_index=0,
max_index=6, tfb_vertcount=0x0000000000000000, indirect=0x0000000000000000) +
1108 at st_draw.c:286
frame #12: 0x0000000101a7883f
swrast_dri.so`vbo_draw_arrays(ctx=0x00000001002cf000, mode=5, start=0, count=7,
numInstances=1, baseInstance=0) + 767 at vbo_exec_array.c:645
frame #13: 0x0000000101a75304 swrast_dri.so`vbo_exec_DrawArrays(mode=5,
start=0, count=7) + 228 at vbo_exec_array.c:797
frame #14: 0x000000010000adb8 libGLESv2.2.dylib`glDrawArrays(mode=5,
first=0, count=7) + 56 at glapi_mapi_tmp.h:1613
frame #15: 0x0000000100003485 es2gears_x11`draw_gear + 1637
frame #16: 0x00000001000020b0 es2gears_x11`gears_draw + 928
frame #17: 0x00000001000042f7 es2gears_x11`_eglutNativeEventLoop + 455
frame #18: 0x0000000100001a74 es2gears_x11`main + 676
frame #19: 0x00007fff886ee5c9 libdyld.dylib`start + 1
(lldb) di -f
-> 0x100801200: pushq %rbx
0x100801201: pushq %rbp
0x100801202: movl %edx, %ebp
0x100801204: movq %r9, %rbx
0x100801207: xorl %eax, %eax
0x100801209: cmpl %eax, %ebp
0x10080120b: je 0x10080125e
0x100801211: movl %esi, %eax
0x100801213: cmpl 0x478(%rdi), %eax
0x100801219: cmovael 0x478(%rdi), %eax
0 push EBX
1 push EBP
2 mov EBP, EDX
4 mov64 EBX,
7 xor EAX, EAX
9 cmp EBP, EAX
b jcc_forward 4
11 mov EAX, ESI
13 cmp EAX, [EDI+1144]
19 cmovcc EAX, [EDI+1144], 3
20 mov EDX, [EDI+1136]
27 imul EAX, EDX
2b add EAX, [EDI+1128]
31 cmp EBP, EAX
34 mov ESI, EAX
36 movdqu XMM0, [ESI]
3a movdqu [EBX], XMM0
3e movdqu XMM0, [ESI+16]
43 movdqu [EBX+16], XMM0
49 lea EBX, [EBX+32]
4d add ESI, [EDI+1136]
53 prefetchnta [ESI+192]
5a dec EBP
5c jcc 5
5e pop EBP
5f pop EBX
60 ret
0 push EBX
1 push EBP
2 mov EBP, EDX
4 mov64 EBX,
7 xor EAX, EAX
9 cmp EBP, EAX
b jcc_forward 4
11 mov ECX, [ESI]
13 cmp ECX, [EDI+1144]
19 cmovcc ECX, [EDI+1144], 3
20 mov EDX, [EDI+1136]
27 imul ECX, EDX
2b add ECX, [EDI+1128]
31 movdqu XMM0, [ECX]
35 movdqu [EBX], XMM0
39 movdqu XMM0, [ECX+16]
3e movdqu [EBX+16], XMM0
44 lea EBX, [EBX+32]
48 lea ESI, [ESI+4]
4b dec EBP
4d jcc 5
4f pop EBP
50 pop EBX
51 ret
0 push EBX
1 push EBP
2 mov EBP, EDX
4 mov64 EBX,
7 xor EAX, EAX
9 cmp EBP, EAX
b jcc_forward 4
11 movzx16 ECX, [ESI]
14 cmp ECX, [EDI+1144]
1a cmovcc ECX, [EDI+1144], 3
21 mov EDX, [EDI+1136]
28 imul ECX, EDX
2c add ECX, [EDI+1128]
32 movdqu XMM0, [ECX]
36 movdqu [EBX], XMM0
3a movdqu XMM0, [ECX+16]
3f movdqu [EBX+16], XMM0
45 lea EBX, [EBX+32]
49 lea ESI, [ESI+2]
4c dec EBP
4e jcc 5
50 pop EBP
51 pop EBX
52 ret
0 push EBX
1 push EBP
2 mov EBP, EDX
4 mov64 EBX,
7 xor EAX, EAX
9 cmp EBP, EAX
b jcc_forward 4
11 movzx8 ECX, [ESI]
14 cmp ECX, [EDI+1144]
1a cmovcc ECX, [EDI+1144], 3
21 mov EDX, [EDI+1136]
28 imul ECX, EDX
2c add ECX, [EDI+1128]
32 movdqu XMM0, [ECX]
36 movdqu [EBX], XMM0
3a movdqu XMM0, [ECX+16]
3f movdqu [EBX+16], XMM0
45 lea EBX, [EBX+32]
49 lea ESI, [ESI+1]
4c dec EBP
4e jcc 5
50 pop EBP
51 pop EBX
52 ret
disassemble 0x100801200 0x100801261
disassemble 0x100843600 0x100843652
disassemble 0x1010c4200 0x1010c4253
disassemble 0x100843a00 0x100843a53
It crashes when calling:
translate->run(translate,
0,
count,
draw->start_instance,
draw->instance_id,
hw_verts);
If it fails "on -> 0x100801200: pushq %rbx" I guess something went wrong
before.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the QA Contact for the bug.</li>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>