Bug 16614

Summary: [i965 mesa_7_0_branch] SpecViewPerf 10/tcvis-01 sometime segment fault
Product: Mesa Reporter: Shuang He <shuang.he>
Component: Drivers/DRI/i965Assignee: haihao <haihao.xiang>
Status: VERIFIED NOTOURBUG QA Contact:
Severity: major    
Priority: high CC: dri-devel, haihao.xiang
Version: unspecified   
Hardware: Other   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Bug Depends on:    
Bug Blocks: 16029    
Attachments: xorg log
xorg conf

Description Shuang He 2008-07-03 23:49:40 UTC 
System Environment:
--------------------------

--Platform: G965

--Architecture(32-bit,64-bit,compatiblity): all

--2D driver(2.4 branch):  45c1da56891723dd85153853885dd3b52a23c117

--mesa(7_0 branch): 2c9e332bceb85435aa5e4ad4d43fc97c7272bf98

--Xserver(1.4 branch): c3a7903f6a6a27e53ba0372408e0c5a68c608e86

--LibDrm: 2.3.0

--Kernel:
2.6.26-rc4


Bug detailed description:
-------------------------
this issue happens on G965 with direct rendering.

SpecViewPerf 10/tcvis-01 get segmentation fault:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 139726316259072 (LWP 4387)]
0x00007f14910da103 in brw_cached_batch_struct (brw=0x6973f0, data=0x7fff9a6a0bb0, sz=24) at brw_state_batch.c:57
57      brw_state_batch.c: No such file or directory.
        in brw_state_batch.c
(gdb) bt
#0  0x00007f14910da103 in brw_cached_batch_struct (brw=0x6973f0, data=0x7fff9a6a0bb0, sz=24) at brw_state_batch.c:57
#1  0x00007f14910d6b67 in upload_state_base_address (brw=0x6973f0) at brw_misc_state.c:549
#2  0x00007f14910daf9b in brw_validate_state (brw=0x6973f0) at brw_state_upload.c:259
#3  0x00007f14910d0363 in brw_set_prim (brw=0x6973f0, prim=24) at brw_draw.c:108
#4  0x00007f14910d061b in brw_try_draw_prims (ctx=0x6973f0, arrays=0x6d20a0, prim=0x6d0884, nr_prims=2, ib=0x0,
    min_index=0, max_index=4) at brw_draw.c:300
#5  0x00007f14910d0a70 in brw_draw_prims (ctx=0x6973f0, arrays=0x6d20a0, prim=0x6d0884, nr_prims=2, ib=0x0, min_index=0,
    max_index=4) at brw_draw.c:446
#6  0x00007f149116a9b0 in vbo_exec_vtx_flush (exec=0x6d0640) at vbo/vbo_exec_draw.c:215
#7  0x00007f1491166995 in vbo_exec_FlushVertices (ctx=<value optimized out>, flags=2590641072) at vbo/vbo_exec_api.c:700
#8  0x00007f1491128fd6 in _mesa_Translatef (x=6, y=0, z=0) at main/matrix.c:446
#9  0x00007f1492119e31 in glTranslatef (x=6, y=0, z=0) at ../../../src/mesa/glapi/glapitemp.h:1605
#10 0x0000000000407d11 in __RenderMidframeFrameCounter ()
#11 0x000000000040860b in mesh3Event ()
#12 0x0000000000420013 in evtI ()
#13 0x0000000000417f00 in loadAndExecuteTest ()
#14 0x0000000000418be4 in main ()




Reproduce steps:
----------------
1. start X
2. run specviewperf10 tcvis-01

Current result:
----------------
specviewperf10 tcvis-01 get segmentation fault
Comment 1 Shuang He 2008-07-03 23:51:30 UTC 
Created attachment 17524 [details]
xorg log
Comment 2 Shuang He 2008-07-03 23:52:14 UTC 
Created attachment 17525 [details]
xorg conf
Comment 3 Shuang He 2008-07-04 00:00:04 UTC 
seems it sometime can run completely without segmentation fault
Comment 4 haihao 2008-07-07 18:45:11 UTC 
Case bug.  There are some invalid write access in this case.

viewperf.c: line2210: The size passed to modelMemoryCalloc is 0, however modelMemoryCalloc still gets a NON-NULL pointer.  Unfortunately,  some datas will be written to the location given by this pointer (line11372) which maybe result in heap corruption.
Comment 5 Shuang He 2008-07-10 23:22:45 UTC 
verified.
we may need to forward this issue to spec.org

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.