<html> <head> <base href="https://bugs.freedesktop.org/"> </head> <body> <div> <a class="bz_bug_link bz_status_NEW " title="NEW - can't start GDM when building mesa master branch with LTO" href="https://bugs.freedesktop.org/show_bug.cgi?id=110884#c1">Comment # 1</a> on <a class="bz_bug_link bz_status_NEW " title="NEW - can't start GDM when building mesa master branch with LTO" href="https://bugs.freedesktop.org/show_bug.cgi?id=110884">bug 110884</a> from <a class="email" href="mailto:thiago@kde.org" title="Thiago Macieira <thiago@kde.org>"> Thiago Macieira</a> <pre>As the backtrace shows, scene=0x0, which shouldn't happen. The scene pointer is obtained in thread_function(), in: lp_rast_begin( rast, lp_scene_dequeue( rast->full_scenes, TRUE ) ); The lp_scene_dequeue function is not expected to return NULL, but does: struct lp_scene * lp_scene_dequeue(struct lp_scene_queue *queue, boolean wait) { struct scene_packet packet; enum pipe_error ret; packet.scene = NULL; ret = util_ringbuffer_dequeue(queue->ring, &packet.header, sizeof packet / 4, wait ); if (ret != PIPE_OK) return NULL; return packet.scene; } Possibility 1: there was an error. But if that were the case, we'd expect this to happen with and without LTO. Possibility 2: Undefined Behaviour in the code. Note how the assigns packet.scene = NULL, never passes it to util_ringbuffer_dequeue, then returns it. It passes packet.header and the size of packet: struct scene_packet { struct util_packet header; struct lp_scene *scene; }; And expects the callee fill it: for (i = 0; i < ring_packet->dwords; i++) { packet[i] = ring->buf[ring->tail]; ring->tail++; ring->tail &= ring->mask; } I'll look at the disassembly to confirm possibility 2.</pre> </div> <hr> You are receiving this mail because: <ul> <li>You are the assignee for the bug.</li> <li>You are the QA Contact for the bug.</li> </ul> </body> </html>