[Bug 106827] Segmentation fault in i915_validate_state on SolveSpace startup
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Tue Jun 5 17:39:24 UTC 2018
https://bugs.freedesktop.org/show_bug.cgi?id=106827
Bug ID: 106827
Summary: Segmentation fault in i915_validate_state on
SolveSpace startup
Product: Mesa
Version: git
Hardware: x86 (IA32)
OS: Linux (All)
Status: NEW
Severity: normal
Priority: medium
Component: Drivers/DRI/i915
Assignee: dri-devel at lists.freedesktop.org
Reporter: fercerpav at gmail.com
QA Contact: dri-devel at lists.freedesktop.org
Hello,
I am getting a SIGSEGV on startup of SolveSpace v2.1.rc1-418-g2b9ffd1 on a
GNU/Linux system.
Running on a i915 (chipset: 945GM) from Mesa Project
OpenGL version 2.1 Mesa 18.2.0-devel (git-66c61797ad) is supported
$ LD_LIBRARY_PATH=/usr/local/lib gdb ~/tmp/solvespace/build/bin/solvespace
GNU gdb (Gentoo 7.12.1 vanilla) 7.12.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://bugs.gentoo.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /home/pavel/tmp/solvespace/build/bin/solvespace...(no
debugging symbols found)...done.
(gdb) r
Starting program: /home/pavel/tmp/solvespace/build/bin/solvespace
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
SolveSpace!
Generate::ALL (for bounding box) took 238 ms
Generate::ALL took 256 ms
Program received signal SIGSEGV, Segmentation fault.
i915_validate_state (batch_space=<synthetic pointer>, i915=0xb8a488)
at ../../../../../src/gallium/drivers/i915/i915_state_emit.c:525
525 VALIDATE_ATOM(program, I915_HW_PROGRAM);
(gdb) bt full
#0 i915_validate_state (batch_space=<synthetic pointer>, i915=0xb8a488)
at ../../../../../src/gallium/drivers/i915/i915_state_emit.c:525
tmp = <optimized out>
#1 i915_emit_hardware_state (i915=0xb8a488)
at ../../../../../src/gallium/drivers/i915/i915_state_emit.c:551
batch_space = 48
save_ptr = <optimized out>
#2 0xb3c353bb in i915_clear_emit (pipe=0xb8a488, buffers=1, color=0xbb9cd8,
depth=1, stencil=0,
destx=0, desty=0, width=868, height=759) at
../../../../../src/gallium/drivers/i915/i915_clear.c:173
clear_params = 3
clear_color = 0
clear_depth = <optimized out>
clear_stencil = <optimized out>
clear_color8888 = 0
u_color = {ub = 9 '\t', us = 9, ui = {9, 196608, 11, 196608}, h = {9,
0, 0, 3}, f = {
1.26116862e-44, 2.75506488e-40, 1.54142831e-44, 2.75506488e-40}, d
= {
4.1720134847010471e-309, 4.1720134847010569e-309,
4.6186441515375747e-62, 0}}
cbuf_tex = <optimized out>
depth_tex = <optimized out>
depth_clear_bbp = <optimized out>
color_clear_bbp = 0
#3 0xb3c36035 in i915_clear_render (pipe=0xb8a488, buffers=1, color=0xbb9cd8,
depth=1, stencil=0)
at ../../../../../src/gallium/drivers/i915/i915_clear.c:256
No locals.
#4 0xb3929aff in st_Clear (ctx=<optimized out>, mask=<optimized out>)
at ../../../src/mesa/state_tracker/st_cb_clear.c:451
depthRb = <optimized out>
quad_buffers = <optimized out>
clear_buffers = <optimized out>
i = <optimized out>
#5 0xb376c572 in clear (no_error=false, mask=<optimized out>, ctx=0xbb87a0)
at ../../../src/mesa/main/clear.c:221
bufferMask = 16
#6 _mesa_Clear (mask=<optimized out>) at ../../../src/mesa/main/clear.c:242
ctx = 0xbb87a0
#7 0x0047b891 in SolveSpace::OpenGl2Renderer::UpdateProjection() ()
No symbol table info available.
#8 0x0047ba33 in SolveSpace::OpenGl2Renderer::NewFrame() ()
No symbol table info available.
#9 0x0048bbe7 in SolveSpace::GraphicsWindow::Paint() ()
No symbol table info available.
#10 0x0046ea4e in
SolveSpace::GraphicsWidget::on_render(Glib::RefPtr<Gdk::GLContext> const&) ()
No symbol table info available.
#11 0xb7d2ac61 in Gtk::GLArea_Class::render_callback(_GtkGLArea*,
_GdkGLContext*) ()
from /usr/lib/libgtkmm-3.0.so.1
No symbol table info available.
#12 0xb60c908e in ffi_call_SYSV () from /usr/lib/libffi.so.6
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#13 0xb60c8ca6 in ffi_call () from /usr/lib/libffi.so.6
No symbol table info available.
#14 0xb6651301 in g_cclosure_marshal_generic_va () from
/usr/lib/libgobject-2.0.so.0
No symbol table info available.
#15 0xb665088b in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#16 0xb666cca7 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#17 0xb666d7e3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#18 0xb7509f01 in ?? () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#19 0xb7ddd640 in Gtk::Widget::on_draw(Cairo::RefPtr<Cairo::Context> const&) ()
from /usr/lib/libgtkmm-3.0.so.1
No symbol table info available.
#20 0xb7dee546 in Gtk::Widget_Class::draw_callback(_GtkWidget*, _cairo*) ()
from /usr/lib/libgtkmm-3.0.so.1
No symbol table info available.
#21 0xb76e71df in ?? () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#22 0xb746b4d0 in gtk_container_propagate_draw () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#23 0xb74ef254 in ?? () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#24 0xb7ddd640 in Gtk::Widget::on_draw(Cairo::RefPtr<Cairo::Context> const&) ()
from /usr/lib/libgtkmm-3.0.so.1
No symbol table info available.
#25 0xb7dee546 in Gtk::Widget_Class::draw_callback(_GtkWidget*, _cairo*) ()
from /usr/lib/libgtkmm-3.0.so.1
No symbol table info available.
#26 0xb76e71df in ?? () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#27 0xb746b4d0 in gtk_container_propagate_draw () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#28 0xb746b5ab in ?? () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#29 0xb740da1b in ?? () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#30 0xb7471635 in ?? () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#31 0xb747784d in ?? () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#32 0xb7410939 in ?? () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#33 0xb7dee5d7 in Gtk::Widget_Class::draw_callback(_GtkWidget*, _cairo*) ()
from /usr/lib/libgtkmm-3.0.so.1
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#34 0xb76e71df in ?? () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#35 0xb746b4d0 in gtk_container_propagate_draw () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#36 0xb746b5ab in ?? () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#37 0xb76f777e in ?? () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#38 0xb7ddd640 in Gtk::Widget::on_draw(Cairo::RefPtr<Cairo::Context> const&) ()
from /usr/lib/libgtkmm-3.0.so.1
No symbol table info available.
#39 0xb7dee546 in Gtk::Widget_Class::draw_callback(_GtkWidget*, _cairo*) ()
from /usr/lib/libgtkmm-3.0.so.1
No symbol table info available.
#40 0xb76e71df in ?? () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#41 0xb76f1e42 in ?? () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#42 0xb755aa49 in gtk_main_do_event () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#43 0xb72611ff in ?? () from /usr/lib/libgdk-3.so.0
No symbol table info available.
#44 0xb727579a in ?? () from /usr/lib/libgdk-3.so.0
No symbol table info available.
#45 0xb7283a63 in ?? () from /usr/lib/libgdk-3.so.0
No symbol table info available.
#46 0xb7276ca7 in ?? () from /usr/lib/libgdk-3.so.0
No symbol table info available.
#47 0xb7276ea8 in ?? () from /usr/lib/libgdk-3.so.0
No symbol table info available.
#48 0xb6650643 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#49 0xb6663f46 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#50 0xb666d47a in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#51 0xb666d7e3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#52 0xb726c46b in ?? () from /usr/lib/libgdk-3.so.0
No symbol table info available.
#53 0xb726d08e in ?? () from /usr/lib/libgdk-3.so.0
No symbol table info available.
#54 0xb7252f2e in ?? () from /usr/lib/libgdk-3.so.0
No symbol table info available.
#55 0xb70b2087 in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#56 0xb70b1450 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#57 0xb70b1868 in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#58 0xb70b1c31 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#59 0xb755996d in gtk_main () from /usr/lib/libgtk-3.so.0
No symbol table info available.
#60 0xb7d4955d in Gtk::Main::run(Gtk::Window&) () from
/usr/lib/libgtkmm-3.0.so.1
No symbol table info available.
#61 0x00456e02 in main ()
No symbol table info available.
(gdb)
(gdb) disassemble
Dump of assembler code for function _mesa_Clear:
0xb376c410 <+0>: push %ebp
0xb376c411 <+1>: push %edi
0xb376c412 <+2>: push %esi
0xb376c413 <+3>: push %ebx
0xb376c414 <+4>: call 0xb373f270 <__x86.get_pc_thunk.bx>
0xb376c419 <+9>: add $0x75abe7,%ebx
0xb376c41f <+15>: sub $0x1c,%esp
0xb376c422 <+18>: mov -0x20(%ebx),%eax
0xb376c428 <+24>: mov 0x30(%esp),%edi
0xb376c42c <+28>: mov %gs:(%eax),%esi
0xb376c42f <+31>: mov 0x310(%esi),%eax
0xb376c435 <+37>: test $0x1,%al
0xb376c437 <+39>: jne 0xb376c5e0 <_mesa_Clear+464>
0xb376c43d <+45>: test $0x2,%al
0xb376c43f <+47>: jne 0xb376c5a0 <_mesa_Clear+400>
0xb376c445 <+53>: mov %edi,%ebp
0xb376c447 <+55>: and $0xffffb8ff,%ebp
0xb376c44d <+61>: jne 0xb376c5bc <_mesa_Clear+428>
0xb376c453 <+67>: mov %edi,%eax
0xb376c455 <+69>: and $0x200,%eax
0xb376c45a <+74>: mov %eax,0x8(%esp)
0xb376c45e <+78>: je 0xb376c46f <_mesa_Clear+95>
0xb376c460 <+80>: mov 0x4(%esi),%eax
0xb376c463 <+83>: sub $0x1,%eax
0xb376c466 <+86>: cmp $0x2,%eax
0xb376c469 <+89>: jbe 0xb376c618 <_mesa_Clear+520>
0xb376c46f <+95>: mov 0xceb8(%esi),%ecx
0xb376c475 <+101>: test %ecx,%ecx
0xb376c477 <+103>: jne 0xb376c600 <_mesa_Clear+496>
0xb376c47d <+109>: mov 0xd8(%esi),%eax
0xb376c483 <+115>: cmpw $0x8cd5,0xfc(%eax)
0xb376c48c <+124>: jne 0xb376c580 <_mesa_Clear+368>
0xb376c492 <+130>: cmpb $0x0,0xd159(%esi)
0xb376c499 <+137>: jne 0xb376c598 <_mesa_Clear+392>
0xb376c49f <+143>: cmpw $0x1c00,0xceb4(%esi)
0xb376c4a8 <+152>: jne 0xb376c598 <_mesa_Clear+392>
0xb376c4ae <+158>: cmpb $0x0,0x1add(%esi)
0xb376c4b5 <+165>: jne 0xb376c4c9 <_mesa_Clear+185>
0xb376c4b7 <+167>: mov %edi,%edx
0xb376c4b9 <+169>: and $0xfffffeff,%edi
0xb376c4bf <+175>: and $0x200,%edx
0xb376c4c5 <+181>: mov %edx,0x8(%esp)
0xb376c4c9 <+185>: mov %edi,%ebx
0xb376c4cb <+187>: and $0x4000,%ebx
0xb376c4d1 <+193>: je 0xb376c52b <_mesa_Clear+283>
0xb376c4d3 <+195>: mov 0x2e0(%eax),%ebx
---Type <return> to continue, or q <return> to quit---
0xb376c4d9 <+201>: test %ebx,%ebx
0xb376c4db <+203>: je 0xb376c52b <_mesa_Clear+283>
0xb376c4dd <+205>: lea 0x154c(%esi),%ecx
0xb376c4e3 <+211>: xor %ebx,%ebx
0xb376c4e5 <+213>: mov %edi,0x30(%esp)
0xb376c4e9 <+217>: mov %ecx,0xc(%esp)
0xb376c4ed <+221>: lea 0x0(%esi),%esi
0xb376c4f0 <+224>: mov 0x2e4(%eax,%ebp,4),%edi
0xb376c4f7 <+231>: cmp $0xffffffff,%edi
0xb376c4fa <+234>: je 0xb376c51c <_mesa_Clear+268>
0xb376c4fc <+236>: mov 0xc(%esp),%edx
0xb376c500 <+240>: mov %ebp,%ecx
0xb376c502 <+242>: call 0xb376c0f0 <color_buffer_writes_enabled>
0xb376c507 <+247>: test %al,%al
0xb376c509 <+249>: je 0xb376c516 <_mesa_Clear+262>
0xb376c50b <+251>: mov $0x1,%eax
0xb376c510 <+256>: mov %edi,%ecx
0xb376c512 <+258>: shl %cl,%eax
0xb376c514 <+260>: or %eax,%ebx
0xb376c516 <+262>: mov 0xd8(%esi),%eax
0xb376c51c <+268>: add $0x1,%ebp
0xb376c51f <+271>: cmp 0x2e0(%eax),%ebp
0xb376c525 <+277>: jb 0xb376c4f0 <_mesa_Clear+224>
0xb376c527 <+279>: mov 0x30(%esp),%edi
0xb376c52b <+283>: test $0x100,%edi
0xb376c531 <+289>: je 0xb376c53f <_mesa_Clear+303>
0xb376c533 <+291>: mov %ebx,%edx
0xb376c535 <+293>: or $0x10,%edx
0xb376c538 <+296>: cmpb $0x0,0x21(%eax)
0xb376c53c <+300>: cmovne %edx,%ebx
0xb376c53f <+303>: and $0x400,%edi
0xb376c545 <+309>: je 0xb376c553 <_mesa_Clear+323>
0xb376c547 <+311>: mov %ebx,%edx
0xb376c549 <+313>: or $0x20,%edx
0xb376c54c <+316>: cmpb $0x0,0x22(%eax)
0xb376c550 <+320>: cmovne %edx,%ebx
0xb376c553 <+323>: mov 0x8(%esp),%edx
0xb376c557 <+327>: test %edx,%edx
0xb376c559 <+329>: je 0xb376c567 <_mesa_Clear+343>
0xb376c55b <+331>: mov %ebx,%edx
0xb376c55d <+333>: or $0x40,%edx
0xb376c560 <+336>: cmpb $0x0,0x20(%eax)
0xb376c564 <+340>: cmovne %edx,%ebx
0xb376c567 <+343>: sub $0x8,%esp
0xb376c56a <+346>: push %ebx
0xb376c56b <+347>: push %esi
0xb376c56c <+348>: call *0xf8(%esi)
---Type <return> to continue, or q <return> to quit---
=> 0xb376c572 <+354>: add $0x10,%esp
0xb376c575 <+357>: jmp 0xb376c598 <_mesa_Clear+392>
0xb376c577 <+359>: mov %esi,%esi
0xb376c579 <+361>: lea 0x0(%edi,%eiz,1),%edi
0xb376c580 <+368>: lea -0x27e7c0(%ebx),%eax
0xb376c586 <+374>: sub $0x4,%esp
0xb376c589 <+377>: push %eax
0xb376c58a <+378>: push $0x506
0xb376c58f <+383>: push %esi
0xb376c590 <+384>: call 0xb37967a0 <_mesa_error>
0xb376c595 <+389>: add $0x10,%esp
0xb376c598 <+392>: add $0x1c,%esp
0xb376c59b <+395>: pop %ebx
0xb376c59c <+396>: pop %esi
0xb376c59d <+397>: pop %edi
0xb376c59e <+398>: pop %ebp
0xb376c59f <+399>: ret
0xb376c5a0 <+400>: sub $0x8,%esp
0xb376c5a3 <+403>: mov %edi,%ebp
0xb376c5a5 <+405>: push $0x2
0xb376c5a7 <+407>: push %esi
0xb376c5a8 <+408>: call 0xb3900cd0 <vbo_exec_FlushVertices>
0xb376c5ad <+413>: add $0x10,%esp
0xb376c5b0 <+416>: and $0xffffb8ff,%ebp
0xb376c5b6 <+422>: je 0xb376c453 <_mesa_Clear+67>
0xb376c5bc <+428>: push %edi
0xb376c5bd <+429>: lea -0x27e858(%ebx),%eax
0xb376c5c3 <+435>: push %eax
0xb376c5c4 <+436>: push $0x501
0xb376c5c9 <+441>: push %esi
0xb376c5ca <+442>: call 0xb37967a0 <_mesa_error>
0xb376c5cf <+447>: add $0x10,%esp
0xb376c5d2 <+450>: add $0x1c,%esp
0xb376c5d5 <+453>: pop %ebx
0xb376c5d6 <+454>: pop %esi
0xb376c5d7 <+455>: pop %edi
0xb376c5d8 <+456>: pop %ebp
0xb376c5d9 <+457>: ret
0xb376c5da <+458>: lea 0x0(%esi),%esi
0xb376c5e0 <+464>: sub $0x8,%esp
0xb376c5e3 <+467>: push $0x1
0xb376c5e5 <+469>: push %esi
0xb376c5e6 <+470>: call 0xb3900cd0 <vbo_exec_FlushVertices>
0xb376c5eb <+475>: mov 0x310(%esi),%eax
0xb376c5f1 <+481>: add $0x10,%esp
0xb376c5f4 <+484>: jmp 0xb376c43d <_mesa_Clear+45>
0xb376c5f9 <+489>: lea 0x0(%esi,%eiz,1),%esi
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) i r
eax 0x0 0
ecx 0x0 0
edx 0x2 2
ebx 0x10 16
esp 0xbfffd530 0xbfffd530
ebp 0x0 0x0
esi 0xbb87a0 12289952
edi 0x0 0
eip 0xb376c572 0xb376c572 <_mesa_Clear+354>
eflags 0x210246 [ PF ZF IF RF ID ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
(gdb)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/dri-devel/attachments/20180605/6ebc2291/attachment-0001.html>
More information about the dri-devel
mailing list