<html>
<head>
<base href="https://bugs.freedesktop.org/">
</head>
<body><span class="vcard"><a class="email" href="mailto:sroland@vmware.com" title="Roland Scheidegger <sroland@vmware.com>"> <span class="fn">Roland Scheidegger</span></a>
</span> changed
<a class="bz_bug_link
bz_status_NEW "
title="NEW - r300_dri.so SIGSEGV in llvm_pipeline_generic under Cinnamon"
href="https://bugs.freedesktop.org/show_bug.cgi?id=106533">bug 106533</a>
<br>
<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>What</th>
<th>Removed</th>
<th>Added</th>
</tr>
<tr>
<td style="text-align:right;">CC</td>
<td>
</td>
<td>maraeo@gmail.com
</td>
</tr></table>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - r300_dri.so SIGSEGV in llvm_pipeline_generic under Cinnamon"
href="https://bugs.freedesktop.org/show_bug.cgi?id=106533#c4">Comment # 4</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - r300_dri.so SIGSEGV in llvm_pipeline_generic under Cinnamon"
href="https://bugs.freedesktop.org/show_bug.cgi?id=106533">bug 106533</a>
from <span class="vcard"><a class="email" href="mailto:sroland@vmware.com" title="Roland Scheidegger <sroland@vmware.com>"> <span class="fn">Roland Scheidegger</span></a>
</span></b>
<pre>You have the same tcl-less chipset?
So the assembly shows the segfault isn't due to alignment, but simply because
it's a null pointer.
This is also mesa 18.0? I'm just asking because according to the line numbers
(r300_render_stencilref.c:113) it's doing two-sided stencil emulation, which I
can't see how it could happen with the emulated clear (which definitely doesn't
enable two-sided stencil), so that looks a little bit suspect. Although maybe
the line numbers aren't quite accurate due to optimization...
You could try setting (with a debug build) DRAW_USE_LLVM="0" and see if this
fixes the crash - and if it still crashes it should be easier to figure out
what pointer is zero.
You could print out the shader (with a debug build) with
GALLIVM_DEBUG=tgsi,ir,asm to see what the assembly really might do. I think
though this is trying to read a vertex buffer (for position probably) which
just isn't there.
Or you could try setting (with a debug build) DRAW_USE_LLVM="0" and see if this
fixes the crash - and if it still crashes it should be easier to figure out
what pointer is zero.
I think I have an idea why it might fail, but someone more familiar with the
u_upload stuff and r300 would have to look at it:
r300_set_vertex_buffers_swtcl() would provide the vertex buffers to draw, and I
suspect it's always setting NULL buffer, because I think it's going to be not a
user buffer, but there won't be a malloced_buffer neither - the u_upload code
will call r300_buffer_create() but it won't alloc the malloced_buffer because
the PIPE_BIND_CUSTOM bit will always be set (because r300->stream_uploader is
the same as r300->uploader which will set that by default).
I'm not quite sure actually how it's supposed to work, maybe the logic in
r300_buffer_create should always use the malloced_buffer path when !has_tcl?</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>