[Bug 94301] thread sanitizer + i965 = segfault in memcpy when uploading textures

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Feb 26 08:29:44 UTC 2016 

https://bugs.freedesktop.org/show_bug.cgi?id=94301

            Bug ID: 94301
           Summary: thread sanitizer + i965 = segfault in memcpy when
                    uploading textures
           Product: Mesa
           Version: 11.1
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: Drivers/DRI/i965
          Assignee: idr at freedesktop.org
          Reporter: kai at stella.at
        QA Contact: intel-3d-bugs at lists.freedesktop.org

i was trying to run our software with thread sanitizer to find possible race
conditions, but it seems to crash as soon as i try load resources with
glTexImage2D.
the actual crash happens in brw_upload cache which seems to call memcpy with
dst=0

relevant part of the crash:

#0  0x00007ffff6db7845 in __sanitizer::internal_memcpy(void*, void const*,
unsigned long) (dest=dest at entry=0x0, src=src at entry=0x7da400014028,
n=n at entry=112) at
../../../../libsanitizer/sanitizer_common/sanitizer_libc.cc:52
#1  0x00007ffff6d62f03 in __interceptor_memcpy(void*, void const*,
__sanitizer::uptr) (dst=0x0, src=src at entry=0x7da400014028, size=size at entry=112)
at ../../../../libsanitizer/tsan/tsan_interceptors.cc:641
#2  0x00007fffa2111260 in brw_upload_cache (__len=112, __src=0x7da400014028,
__dest=<optimized out>) at /usr/include/bits/string3.h:53
#3  0x00007fffa2111260 in brw_upload_cache (cache=cache at entry=0x7fffa987e408,
cache_id=cache_id at entry=
    BRW_CACHE_FS_PROG, key=key at entry=0x7fffa06f0dc0,
key_size=key_size at entry=152, data=data at entry=0x7da400014028, data_size=112,
aux=0x7fffa06f0c10, aux_size=360, out_offset=0x7fffa987f2b8,
out_aux=0x7fffa987f520) at brw_state_cache.c:309
#4  0x00007fffa2117805 in brw_codegen_wm_prog (brw=brw at entry=0x7fffa985a028,
prog=prog at entry=0x7d500005ec28, fp=fp at entry=0x7d680003e400,
key=key at entry=0x7fffa06f0dc0) at brw_wm.c:171
#5  0x00007fffa211841f in brw_fs_precompile (ctx=ctx at entry=0x7fffa985a028,
shader_prog=shader_prog at entry=0x7d500005ec28, prog=0x7d680003e400) at
brw_wm.c:644
#6  0x00007fffa2104044 in brw_link_shader(gl_context*, gl_shader_program*)
(sh_prog=0x7d500005ec28, ctx=0x7fffa985a028) at brw_link.cpp:49
#7  0x00007fffa2104044 in brw_link_shader(gl_context*, gl_shader_program*)
(ctx=0x7fffa985a028, shProg=0x7d500005ec28) at brw_link.cpp:277
#8  0x00007fffa1fb129a in _mesa_glsl_link_shader(gl_context*,
gl_shader_program*) (ctx=0x7fffa985a028, prog=0x7d500005ec28) at
program/ir_to_mesa.cpp:2984
#9  0x00007fffa1e4115d in _mesa_get_fixed_func_fragment_program(gl_context*)
(key=0x7fffa06f10e0, ctx=0x7fffa06f1020) at main/ff_fragment_shader.cpp:1265
#10 0x00007fffa1e4115d in _mesa_get_fixed_func_fragment_program(gl_context*)
(ctx=ctx at entry=0x7fffa985a028) at main/ff_fragment_shader.cpp:1295
#11 0x00007fffa1ed4b98 in _mesa_update_state_locked (ctx=0x7fffa985a028) at
main/state.c:157
#12 0x00007fffa1ed4b98 in _mesa_update_state_locked
(ctx=ctx at entry=0x7fffa985a028) at main/state.c:473
#13 0x00007fffa1ed4cc1 in _mesa_update_state (ctx=ctx at entry=0x7fffa985a028) at
main/state.c:504
#14 0x00007fffa1eea4d5 in teximage (ctx=0x7fffa985a028,
compressed=compressed at entry=0 '\000', dims=dims at entry=2, target=3553, level=0,
internalFormat=32856, width=512, height=512, depth=1, border=0, format=6408,
type=5121, imageSize=0, pixels=0x7fff9efef040)
    at main/teximage.c:2943
#15 0x00007fffa1eebfb0 in _mesa_TexImage2D (target=<optimized out>,
level=<optimized out>, internalFormat=<optimized out>, width=<optimized out>,
height=<optimized out>, border=<optimized out>, format=6408, type=5121,
pixels=0x7fff9efef040) at main/teximage.c:3005
[...]

without thread sanitizer everything works, so no idea if the actual bug is
cause by i965 or thread sanitizer code

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-3d-bugs/attachments/20160226/d16db0e0/attachment.html>

More information about the intel-3d-bugs mailing list