[Mesa-dev] [Bug 94955] Uninitialized variables leads to random segfaults (valgrind log, apitrace attached)

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Apr 18 18:39:45 UTC 2016 

https://bugs.freedesktop.org/show_bug.cgi?id=94955

David Lonie <david.lonie at kitware.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |---

--- Comment #9 from David Lonie <david.lonie at kitware.com> ---
Reopening -- I may have found it. This other failing test looks better for
tracking this down. It segfaults reproducibly with this stack trace from
valgrind:

==19776==  Address 0x207abe3c is not stack'd, malloc'd or (recently) free'd
==19776== 
==19776== 
==19776== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==19776==  Access not within mapped region at address 0x207ABE3C
==19776==    at 0x4039042: ???
==19776==    by 0x113B377A: lp_rast_shade_quads_mask (lp_rast.c:457)
==19776==    by 0x113B8E5A: do_block_4_2 (lp_rast_tri_tmp.h:67)
==19776==    by 0x113B9194: do_block_16_2 (lp_rast_tri_tmp.h:152)
==19776==    by 0x113B96DC: lp_rast_triangle_2 (lp_rast_tri_tmp.h:305)
==19776==    by 0x113B3AC5: do_rasterize_bin (lp_rast.c:609)
==19776==    by 0x113B3B33: rasterize_bin (lp_rast.c:628)
==19776==    by 0x113B3C42: rasterize_scene (lp_rast.c:688)
==19776==    by 0x113B3F27: thread_function (lp_rast.c:828)
==19776==    by 0x113B1C8E: impl_thrd_routine (threads_posix.h:87)
==19776==    by 0x11C7A423: start_thread (in /usr/lib/libpthread-2.23.so)
==19776==    by 0x4F1DCBC: clone (in /usr/lib/libc-2.23.so)

This looks similar to the third trace in my original bug, but it's an access
violation instead of an uninitialized value, and some of the frames are
different.

The core dump valgrind generates is corrupted, unfortunately:

(gdb) bt
#0  0x0000000004039042 in ?? ()
#1  0x3ebb67ae3ebb67ae in ?? ()
#2  0x3ebb67ae3ebb67ae in ?? ()
#3  0x3ebb67ae3ebb67ae in ?? ()
#4  0x3ebb67ae3ebb67ae in ?? ()
#5  0x0000000000000000 in ?? ()

Running in gdb gives a similar backtrace. Tried getting an apitrace, but the
segfault is preventing that from producing anything meaningful, too.

Hopefully that stack will be enough...I wish I could get you guys a useful
apitrace or core dump to inspect, but this crash is doing a good job of
covering its tracks! Best I can do is provide instructions for running the VTK
test that reproduces it:

1) git clone https://gitlab.kitware.com/vtk/vtk.git
2) mkdir vtk-build
3) cd vtk-build
4) cmake ../vtk \
     -DOPENGL_INCLUDE_DIR=/path/to/mesa/install/prefix/include \
     -DOPENGL_gl_LIBRARY=/path/to/mesa/install/prefix/lib/libMesaGL.so \
     -DOPENGL_glu_LIBRARY=""
5) make

To run the test, either:

ctest -R TestTextureRGBADepthPeeling

or (to get around the ctest launcher for gdb/valgrind):

bin/vtkRenderingCoreCxxTests "TestTextureRGBADepthPeeling" "-D"
"ExternalData/Testing" "-T" "Testing/Temporary" "-V"
"ExternalData/Rendering/Core/Testing/Data/Baseline/TestTextureRGBADepthPeeling.png

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/mesa-dev/attachments/20160418/f5011858/attachment.html>

More information about the mesa-dev mailing list