<html>
    <head>
      <base href="https://bugs.freedesktop.org/" />
    </head>
    <body>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - [HSW] Use after free with compute programs"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=93790#c2">Comment # 2</a>
              on <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - [HSW] Use after free with compute programs"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=93790">bug 93790</a>
              from <span class="vcard"><a class="email" href="mailto:imirkin@alum.mit.edu" title="Ilia Mirkin <imirkin@alum.mit.edu>"> <span class="fn">Ilia Mirkin</span></a>
</span></b>
        <pre>IMHO this is a pretty serious bug... just repro'd with

bin/arb_shader_image_load_store-semantics -fbo -auto

Program received signal SIGSEGV, Segmentation fault.
update_stage_texture_surfaces (brw=brw@entry=0x7ffff7fcf040,
prog=prog@entry=0xd62340, 
    stage_state=stage_state@entry=0x7ffff7ff3cf0,
for_gather=for_gather@entry=true) at brw_wm_surface_state.c:842
842           surf_offset[s] = 0;
(gdb) bt
#0  update_stage_texture_surfaces (brw=brw@entry=0x7ffff7fcf040,
prog=prog@entry=0xd62340, 
    stage_state=stage_state@entry=0x7ffff7ff3cf0,
for_gather=for_gather@entry=true) at brw_wm_surface_state.c:842
#1  0x00007ffff03d5bb4 in brw_update_texture_surfaces (brw=0x7ffff7fcf040) at
brw_wm_surface_state.c:891
#2  0x00007ffff03cdf4f in check_and_emit_atom (atom=0x7ffff7ff5610,
state=<synthetic pointer>, brw=0x7ffff7fcf040)
    at brw_state_upload.c:771
#3  brw_upload_pipeline_state (pipeline=BRW_COMPUTE_PIPELINE,
brw=0x7ffff7fcf040) at brw_state_upload.c:882
#4  brw_upload_compute_state (brw=0x7ffff7fcf040) at brw_state_upload.c:942

(gdb) p *stage_state->prog_data
$2 = {binding_table = {size_bytes = 12, pull_constants_start = 3, texture_start
= 1, gather_texture_start = 3503345872, 
    ubo_start = 1, ssbo_start = 1, abo_start = 3503345872, image_start = 1,
shader_time_start = 3503345872}, nr_params = 2, 
  nr_pull_params = 0, nr_image_params = 2, curb_read_length = 1, total_scratch
= 0, total_shared = 0, dispatch_grf_start_reg = 4, 
  use_alt_mode = false, param = 0xc9f3a0, pull_param = 0x10ef6a0, image_param =
0x10d9070}

which is the same thing as the valgrind complaint. The texgather value gets
overwritten with 0xd0d0d0d0 (consistently so, it seems) and so the surf_offset
is out in la-la land. But the underlying issue appears to be the
use-after-free.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the QA Contact for the bug.</li>
      </ul>
    </body>
</html>