[Mesa-dev] [Bug 94955] Uninitialized variables leads to random segfaults (valgrind log, apitrace attached)

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Apr 22 00:07:34 UTC 2016 

https://bugs.freedesktop.org/show_bug.cgi?id=94955

--- Comment #14 from Bruce Cherniak <bruce.cherniak at intel.com> ---
Created attachment 123136
  --> https://bugs.freedesktop.org/attachment.cgi?id=123136&action=edit
gallivm_debug shaders (inline sampler)

I got distracted trying to get tex func to dump disassembly. :-$
Seems that in gallivm_compile_module LLVMGetPointerToGlobal returns func_code =
0 (lp_bld_init:621) and causes disassembly to crash.  But, that's another
problem.  So, I switched back to an inline sampler (use_tex_func = 0).

All of the shader dump (tgsi,ir,asm) are attached.  The faulting address is
within the sampler portion of the fragment shader.

(gdb) bt 2
#0  0x00007fffe9acec71 in FS ()
#1  0x00007fffe9c74bdb in BackendSingleSample<0u, 1u, 1u, 0u, 0u>
(pDC=0x710780,
 workerId=0, x=56, y=56, work=..., renderBuffers=...) at
../../../../../src/gallium/drivers/swr/rasterizer/core/backend.cpp:821

(disassembly around $pc)
   0x00007fffe9acec4a <+3146>:  or     %eax,%esp
   0x00007fffe9acec4c <+3148>:  sarl   $0xc1,-0x25(%rcx)
   0x00007fffe9acec50 <+3152>:  movabs $0x7fffe9acd080,%rcx
   0x00007fffe9acec5a <+3162>:  vmovdqa (%rcx),%xmm12
   0x00007fffe9acec5e <+3166>:  vpshufb %xmm12,%xmm0,%xmm3
   0x00007fffe9acec63 <+3171>:  movslq %ebx,%r10
   0x00007fffe9acec66 <+3174>:  sar    $0x20,%rbx
   0x00007fffe9acec6a <+3178>:  movslq %edi,%rcx
   0x00007fffe9acec6d <+3181>:  sar    $0x20,%rdi
=> 0x00007fffe9acec71 <+3185>:  vmovd  (%r10,%rax,1),%xmm0
   0x00007fffe9acec77 <+3191>:  vpinsrd $0x1,(%rbx,%rax,1),%xmm0,%xmm0
   0x00007fffe9acec7e <+3198>:  vpinsrd $0x2,(%rcx,%rax,1),%xmm0,%xmm0
   0x00007fffe9acec85 <+3205>:  vpinsrd $0x3,(%rdi,%rax,1),%xmm0,%xmm2
   0x00007fffe9acec8c <+3212>:  movslq %edx,%rcx
   0x00007fffe9acec8f <+3215>:  sar    $0x20,%rdx
   0x00007fffe9acec93 <+3219>:  movslq %esi,%rdi
   0x00007fffe9acec96 <+3222>:  sar    $0x20,%rsi
   0x00007fffe9acec9a <+3226>:  vmovd  (%rcx,%rax,1),%xmm0
   0x00007fffe9acec9f <+3231>:  vpinsrd $0x1,(%rdx,%rax,1),%xmm0,%xmm0
   0x00007fffe9aceca6 <+3238>:  vpinsrd $0x2,(%rdi,%rax,1),%xmm0,%xmm0
   0x00007fffe9acecad <+3245>:  vpinsrd $0x3,(%rsi,%rax,1),%xmm0,%xmm1
   0x00007fffe9acecb4 <+3252>:  vpmovzxbw %xmm2,%xmm6
   0x00007fffe9acecb9 <+3257>:  vpmovzxbw %xmm1,%xmm14
   0x00007fffe9acecbe <+3262>:  vpsubw %xmm6,%xmm14,%xmm14
   0x00007fffe9acecc2 <+3266>:  vpmovzxbw %xmm3,%xmm0
   0x00007fffe9acecc7 <+3271>:  vpmullw %xmm0,%xmm14,%xmm7
   0x00007fffe9aceccb <+3275>:  vpsrlw $0x8,%xmm7,%xmm7
   0x00007fffe9acecd0 <+3280>:  vpaddw %xmm6,%xmm7,%xmm6
   0x00007fffe9acecd4 <+3284>:  vxorps %xmm5,%xmm5,%xmm5
   0x00007fffe9acecd8 <+3288>:  vpunpckhbw %xmm5,%xmm3,%xmm7
   0x00007fffe9acecdc <+3292>:  vpunpckhbw %xmm5,%xmm2,%xmm2
   0x00007fffe9acece0 <+3296>:  vpunpckhbw %xmm5,%xmm1,%xmm1
   0x00007fffe9acece4 <+3300>:  vxorps %xmm10,%xmm10,%xmm10

(gdb) p/x $r10
$2 = 0x20023fc
(gdb) p/x $rax
$3 = 0x364f6c0
(gdb) p/x $xmm0
$4 = {v4_float = {0x0, 0x0, 0x0, 0x0},
      v2_double = {0x0, 0x0},
      v16_int8 = {0x80, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0,
0x0, 0x80, 0x0, 0x0, 0x0},
      v8_int16 = {0x80, 0x0, 0x80, 0x0, 0x80, 0x0, 0x80, 0x0},
      v4_int32 = {0x80, 0x80, 0x80, 0x80},
      v2_int64 = {0x8000000080, 0x8000000080},
      uint128 = 0x0000008000000 0800000008000000080}

(gdb) i r
rax            0x364f6c0     56948416
rbx            0x20023fc     33563644
rcx            0x20023fc     33563644
rdx            0x200240002002400        144154770528019456
rsi            0x200240002002400        144154770528019456
rdi            0x20023fc        33563644
rbp            0x7fffffffa010   0x7fffffffa010
rsp            0x7fffffff9d20   0x7fffffff9d20
r8             0x1fffffc01fffffc        144115170929541116
r9             0x200000002000000        144115188109410304
r10            0x20023fc     33563644
r11            0x1fffffc01fffffc        144115170929541116
r12            0x0      0
r13            0x0    0
r14            0x200000002000000        144115188109410304
r15            0x7fffffffa2a0   140737488331424
rip            0x7fffe9acec71   0x7fffe9acec71 <FS+3185>
eflags         0x10206  [ PF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0    0
es             0x0      0
fs             0x0    0
gs             0x0      0

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/mesa-dev/attachments/20160422/7e16b77b/attachment.html>

More information about the mesa-dev mailing list