<html>
    <head>
      <base href="https://bugs.freedesktop.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - thread sanitizer + i965 = segfault in memcpy when uploading textures"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=94301">94301</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>thread sanitizer + i965 = segfault in memcpy when uploading textures
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>Mesa
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>11.1
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Other
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Drivers/DRI/i965
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>idr@freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>kai@stella.at
          </td>
        </tr>

        <tr>
          <th>QA Contact</th>
          <td>intel-3d-bugs@lists.freedesktop.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>i was trying to run our software with thread sanitizer to find possible race
conditions, but it seems to crash as soon as i try load resources with
glTexImage2D.
the actual crash happens in brw_upload cache which seems to call memcpy with
dst=0

relevant part of the crash:

#0  0x00007ffff6db7845 in __sanitizer::internal_memcpy(void*, void const*,
unsigned long) (dest=dest@entry=0x0, src=src@entry=0x7da400014028,
n=n@entry=112) at
../../../../libsanitizer/sanitizer_common/sanitizer_libc.cc:52
#1  0x00007ffff6d62f03 in __interceptor_memcpy(void*, void const*,
__sanitizer::uptr) (dst=0x0, src=src@entry=0x7da400014028, size=size@entry=112)
at ../../../../libsanitizer/tsan/tsan_interceptors.cc:641
#2  0x00007fffa2111260 in brw_upload_cache (__len=112, __src=0x7da400014028,
__dest=<optimized out>) at /usr/include/bits/string3.h:53
#3  0x00007fffa2111260 in brw_upload_cache (cache=cache@entry=0x7fffa987e408,
cache_id=cache_id@entry=
    BRW_CACHE_FS_PROG, key=key@entry=0x7fffa06f0dc0,
key_size=key_size@entry=152, data=data@entry=0x7da400014028, data_size=112,
aux=0x7fffa06f0c10, aux_size=360, out_offset=0x7fffa987f2b8,
out_aux=0x7fffa987f520) at brw_state_cache.c:309
#4  0x00007fffa2117805 in brw_codegen_wm_prog (brw=brw@entry=0x7fffa985a028,
prog=prog@entry=0x7d500005ec28, fp=fp@entry=0x7d680003e400,
key=key@entry=0x7fffa06f0dc0) at brw_wm.c:171
#5  0x00007fffa211841f in brw_fs_precompile (ctx=ctx@entry=0x7fffa985a028,
shader_prog=shader_prog@entry=0x7d500005ec28, prog=0x7d680003e400) at
brw_wm.c:644
#6  0x00007fffa2104044 in brw_link_shader(gl_context*, gl_shader_program*)
(sh_prog=0x7d500005ec28, ctx=0x7fffa985a028) at brw_link.cpp:49
#7  0x00007fffa2104044 in brw_link_shader(gl_context*, gl_shader_program*)
(ctx=0x7fffa985a028, shProg=0x7d500005ec28) at brw_link.cpp:277
#8  0x00007fffa1fb129a in _mesa_glsl_link_shader(gl_context*,
gl_shader_program*) (ctx=0x7fffa985a028, prog=0x7d500005ec28) at
program/ir_to_mesa.cpp:2984
#9  0x00007fffa1e4115d in _mesa_get_fixed_func_fragment_program(gl_context*)
(key=0x7fffa06f10e0, ctx=0x7fffa06f1020) at main/ff_fragment_shader.cpp:1265
#10 0x00007fffa1e4115d in _mesa_get_fixed_func_fragment_program(gl_context*)
(ctx=ctx@entry=0x7fffa985a028) at main/ff_fragment_shader.cpp:1295
#11 0x00007fffa1ed4b98 in _mesa_update_state_locked (ctx=0x7fffa985a028) at
main/state.c:157
#12 0x00007fffa1ed4b98 in _mesa_update_state_locked
(ctx=ctx@entry=0x7fffa985a028) at main/state.c:473
#13 0x00007fffa1ed4cc1 in _mesa_update_state (ctx=ctx@entry=0x7fffa985a028) at
main/state.c:504
#14 0x00007fffa1eea4d5 in teximage (ctx=0x7fffa985a028,
compressed=compressed@entry=0 '\000', dims=dims@entry=2, target=3553, level=0,
internalFormat=32856, width=512, height=512, depth=1, border=0, format=6408,
type=5121, imageSize=0, pixels=0x7fff9efef040)
    at main/teximage.c:2943
#15 0x00007fffa1eebfb0 in _mesa_TexImage2D (target=<optimized out>,
level=<optimized out>, internalFormat=<optimized out>, width=<optimized out>,
height=<optimized out>, border=<optimized out>, format=6408, type=5121,
pixels=0x7fff9efef040) at main/teximage.c:3005
[...]

without thread sanitizer everything works, so no idea if the actual bug is
cause by i965 or thread sanitizer code</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the QA Contact for the bug.</li>
      </ul>
    </body>
</html>