[Mesa-dev] [Bug 102518] Crash in _mesa_is_bufferobj during load of "XCOM 2: War of the Chosen"

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Sat Sep 2 13:11:53 UTC 2017 

https://bugs.freedesktop.org/show_bug.cgi?id=102518

            Bug ID: 102518
           Summary: Crash in _mesa_is_bufferobj during load of "XCOM 2:
                    War of the Chosen"
           Product: Mesa
           Version: git
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: Mesa core
          Assignee: mesa-dev at lists.freedesktop.org
          Reporter: kai at dev.carbon-project.org
        QA Contact: mesa-dev at lists.freedesktop.org
            Blocks: 77449

Created attachment 133939
  --> https://bugs.freedesktop.org/attachment.cgi?id=133939&action=edit
Core file of the crash

When launching the new "War of the Chosen" expansion for XCOM2 I experience a
segmentation fault in _mesa_is_bufferobj during the initial load before the
main menu (about two thirds into the loading according to the bar on the
loading screen).

The following backtrace was generated from the MiniDump file, the game
generated. Conversion of MiniDump to core format was done with minidump-2-core
from [0] (the two missing symbols should be from the XCOM2WotC binary as I have
debugging symbols installed for everything else).
> Core was generated by `~/.local/share/Steam/SteamApps/common/XCOM 2/XCOM2WotC/bin/XCOM2WotC'.
> #0  0x00007fb38c36efb5 in _mesa_is_bufferobj (obj=0x3fffe0000) at ../../../src/mesa/main/bufferobj.h:71
> 71      ../../../src/mesa/main/bufferobj.h: No such file or directory.
> [Current thread is 1 (LWP 7053)]
> (gdb) bt full
> #0  0x00007fb38c36efb5 in _mesa_is_bufferobj (obj=0x3fffe0000) at ../../../src/mesa/main/bufferobj.h:71
>         array_bit = 8589934592
> #1  0x00007fb38c36efb5 in vertex_attrib_binding (ctx=ctx at entry=0x8c93a50, vao=vao at entry=0x7fb218defad0, attribIndex=attribIndex at entry=33, bindingIndex=bindingIndex at entry=33) at ../../../src/mesa/main/varray.c:143
>         array_bit = 8589934592
> #2  0x00007fb38c3704d2 in vertex_attrib_binding (bindingIndex=33, attribIndex=33, vao=0x7fb218defad0, ctx=0x8c93a50) at ../../../src/mesa/main/varray.c:140
>         array = 0x7fb218df0748
>         vao = 0x7fb218defad0
>         array = <optimized out>
>         effectiveStride = <optimized out>
> #3  0x00007fb38c3704d2 in update_array (ctx=0x8c93a50, attrib=33, format=6408, size=4, type=5126, stride=0, normalized=0 '\000', integer=0 '\000', doubles=0 '\000', ptr=0x0, sizeMax=5) at ../../../src/mesa/main/varray.c:566
>         vao = 0x7fb218defad0
>         array = <optimized out>
>         effectiveStride = <optimized out>
> #4  0x00007fb38c3712ce in _mesa_VertexAttribPointer_no_error (index=<optimized out>, size=<optimized out>, type=<optimized out>, normalized=<optimized out>, stride=<optimized out>, ptr=<optimized out>) at ../../../src/mesa/main/varray.c:932
>         ctx = <optimized out>
> #5  0x000000000244b9c7 in  ()
> #6  0x00000000030e258f in  ()
> #7  0x00007fb3a284f494 in start_thread (arg=0x7fb2db7fe700) at pthread_create.c:333
>         __res = <optimized out>
>         pd = 0x7fb2db7fe700
>         now = <optimized out>
>         unwind_buf = 
>               {cancel_jmp_buf = {{jmp_buf = {140406163498752, -7954418935509843714, 0, 140730246251631, 0, 140409527283776, 7996577511008600318, 7997125298794627326}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>         not_first_call = <optimized out>
>         pagesize_m1 = <optimized out>
>         sp = <optimized out>
>         freesize = <optimized out>
>         __PRETTY_FUNCTION__ = "start_thread"
> #8  0x00007fb39c5f7abf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

info registers shows:
> (gdb) info registers 
> rax            0x3fffe0000      17179738112
> rbx            0x7fb218defad0   140402898172624
> rcx            0x21     33
> rdx            0x21     33
> rsi            0x7fb218defad0   140402898172624
> rdi            0x8c93a50        147405392
> rbp            0x7fb218defef0   0x7fb218defef0
> rsp            0x7fb2db7fd720   0x7fb2db7fd720
> r8             0x1406   5126
> r9             0x0      0
> r10            0x0      0
> r11            0x0      0
> r12            0x8c93a50        147405392
> r13            0x21     33
> r14            0x200000000      8589934592
> r15            0x0      0
> rip            0x7fb38c36efb5   0x7fb38c36efb5 <vertex_attrib_binding+53>
> eflags         0x10206  [ PF IF RF ]
> cs             0x33     51
> ss             0x0      0
> ds             0x0      0
> es             0x0      0
> fs             0x0      0
> gs             0x0      0

The crash occurs with and without mesa_glthread=true set. I uninstalled all
mods to ensure nothing from a third party interferes.

The full stack (fully updated Debian testing as a base) is:
GPU: Hawaii PRO [Radeon R9 290] (ChipID = 0x67b1)
Mesa: Git:master/39a69f0692
libdrm: 2.4.82-1
LLVM: SVN:trunk/r311644 (6.0 devel)
X.Org: 2:1.19.3-2
Linux: 4.12.10
Firmware (firmware-amd-graphics): 20170823-1
libclc: Git:master/7331b0a1fa
DDX (xserver-xorg-video-amdgpu): 1.3.0-1

Let me know, if you need anything else.


[0]
<https://github.com/couchbaselabs/breakpad/blob/master/src/tools/linux/md2core/minidump-2-core.cc>


Referenced Bugs:

https://bugs.freedesktop.org/show_bug.cgi?id=77449
[Bug 77449] Tracker bug for all bugs related to Steam titles
-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/mesa-dev/attachments/20170902/2c81b2b1/attachment.html>

More information about the mesa-dev mailing list