https://bugs.freedesktop.org/show_bug.cgi?id=106533
Roland Scheidegger sroland@vmware.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |maraeo@gmail.com
--- Comment #4 from Roland Scheidegger sroland@vmware.com --- You have the same tcl-less chipset? So the assembly shows the segfault isn't due to alignment, but simply because it's a null pointer. This is also mesa 18.0? I'm just asking because according to the line numbers (r300_render_stencilref.c:113) it's doing two-sided stencil emulation, which I can't see how it could happen with the emulated clear (which definitely doesn't enable two-sided stencil), so that looks a little bit suspect. Although maybe the line numbers aren't quite accurate due to optimization...
You could try setting (with a debug build) DRAW_USE_LLVM="0" and see if this fixes the crash - and if it still crashes it should be easier to figure out what pointer is zero.
You could print out the shader (with a debug build) with GALLIVM_DEBUG=tgsi,ir,asm to see what the assembly really might do. I think though this is trying to read a vertex buffer (for position probably) which just isn't there.
Or you could try setting (with a debug build) DRAW_USE_LLVM="0" and see if this fixes the crash - and if it still crashes it should be easier to figure out what pointer is zero.
I think I have an idea why it might fail, but someone more familiar with the u_upload stuff and r300 would have to look at it: r300_set_vertex_buffers_swtcl() would provide the vertex buffers to draw, and I suspect it's always setting NULL buffer, because I think it's going to be not a user buffer, but there won't be a malloced_buffer neither - the u_upload code will call r300_buffer_create() but it won't alloc the malloced_buffer because the PIPE_BIND_CUSTOM bit will always be set (because r300->stream_uploader is the same as r300->uploader which will set that by default).
I'm not quite sure actually how it's supposed to work, maybe the logic in r300_buffer_create should always use the malloced_buffer path when !has_tcl?