[Mesa-dev] memory stomping in 95bd8a332d1 (dri: Move i965-specific context flag logic to dri common.)
Ilia Mirkin
imirkin at alum.mit.edu
Sat Dec 7 08:17:34 PST 2013
ping?
I'm pretty sure all gallium drivers are getting random bits corrupted
in 10.0+... at least if driCreateContextAttribs is getting called.
Kristian, you had a patch on IRC, but I didn't see it get posted...
-ilia
On Thu, Nov 28, 2013 at 11:27 PM, Ilia Mirkin <imirkin at alum.mit.edu> wrote:
> Hi Eric,
>
> I believe your commit 95bd8a332d1 might be the culprit of some crashes
> I've seen. I had earlier identified a different commit via bisection,
> but I believe it just happened to move some bits around that made the
> memory stomping effects more noticeable.
>
> On Thu, Nov 28, 2013 at 4:55 AM, Ilia Mirkin <imirkin at alum.mit.edu> wrote:
>> On Thu, Nov 28, 2013 at 4:38 AM, Ilia Mirkin <imirkin at alum.mit.edu> wrote:
>>> My reproducer is running glretrace on the portal.trace file that you
>>> can obtain from https://bugs.freedesktop.org/show_bug.cgi?id=64323#c1.
>>> I was not able to repro using random other traces I had sitting
>>> around, so I'm guessing something in that trace is triggering the
>>> erring functionality. The crashes always happen in
>>> dri_destroy_context/st_destroy_context, but that doesn't mean that
>>> trouble doesn't happen earlier on.
>
> I've run it through valgrind. Here's what I see when running on nouveau (nv50):
>
> ==11501== Process terminating with default action of signal 11 (SIGSEGV)
> ==11501== Bad permissions for mapped region at address 0x73CE1B1
> ==11501== at 0x8AEDB81: driCreateContextAttribs (dri_util.c:446)
> ==11501== by 0x7426903: dri2_create_context_attribs (dri2_glx.c:312)
> ==11501== by 0x73E710F: glXCreateContextAttribsARB (create_context.c:78)
> ==11501== by 0x546312: glws::createContext(glws::Visual const*,
> glws::Context*, glws::Profile) (in /usr/bin/glretrace)
> ==11501== by 0x503924: retrace_glXCreateContext(trace::Call&) (in
> /usr/bin/glretrace)
> ==11501== by 0x54423F: retrace::Retracer::retrace(trace::Call&) (in
> /usr/bin/glretrace)
> ==11501== by 0x408A9C: main (in /usr/bin/glretrace)
>
> That line corresponds to
>
> ctx->Debug.DebugOutput = GL_TRUE;
>
> which seems fairly innocuous. ctx comes from context->driverPrivate
> however, which is claimed to be a gl_context. I tried following code
> around, but at best it's either a dri_context or a dri2_context (which
> has a glx_context base) in the gallium case, or I failed to follow the
> code properly. Commenting out the whole chunk that modifies the
> supposed-gl_context bits makes valgrind stop complaining about that
> (it still has a different complaint somewhere in the teximage logic,
> but I believe it's unrelated). I presume that's not a correct course
> of action, of course, but I'm not sure what is.
>
> To double-check, I went to my previous bisection result
> (a3ed98f7aa85), and commented out the lines in question, and that
> fixed everything as well, where it had been reliably segfaulting with
> llvmpipe before.
>
> Let me know if there's any additional information I can provide.
>
> Thanks,
>
> -ilia
More information about the mesa-dev
mailing list