Bug 72026

Summary: SIGSEGV in fs_visitor::visit(ir_dereference_variable*)
Product: Mesa Reporter: Bernie Innocenti <bernie>
Component: Drivers/DRI/i965Assignee: Paul Berry <stereotype441>
Status: RESOLVED FIXED QA Contact: Intel 3D Bugs Mailing List <intel-3d-bugs>
Severity: normal    
Priority: medium    
Version: 9.2   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Bernie Innocenti 2013-11-26 10:36:45 UTC 
How to reproduce:

 - build Fragmentarium (https://github.com/Syntopia/Fragmentarium)
 - run the binary
 - crash occurs when the rendering starts

Tested on Fedora 20 (mesa 9.2.3) and Ubuntu 13.10 (mesa 9.2.1).


Program received signal SIGSEGV, Segmentation fault.
0x00007fffdc660e25 in fs_visitor::visit (this=0x7ffffffdadf0, ir=0x16f0890) at brw_fs_visitor.cpp:1903
1903	      ir->counter->accept(this);
Missing separate debuginfos, use: debuginfo-install OpenEXR-libs-1.7.1-6.fc20.x86_64 appmenu-qt-0.2.6-4.fc20.x86_64 attica-0.4.2-2.fc20.x86_64 bzip2-libs-1.0.6-9.fc20.x86_64 dbus-libs-1.6.12-1.fc20.x86_64 dbusmenu-qt-0.9.2-5.fc20.x86_64 fontconfig-2.11.0-1.fc20.x86_64 freetype-2.5.0-4.fc20.x86_64 gamin-0.1.10-15.fc20.x86_64 glib2-2.38.2-1.fc20.x86_64 herqq-1.0.0-6.fc20.x86_64 ilmbase-1.0.3-7.fc20.x86_64 jasper-libs-1.900.1-25.fc20.x86_64 jbigkit-libs-2.0-9.fc20.x86_64 kde-runtime-libs-4.11.3-2.fc20.x86_64 kde-style-oxygen-4.11.3-1.fc20.x86_64 kdelibs-4.11.3-1.fc20.x86_64 keyutils-libs-1.5.8-1.fc20.x86_64 krb5-libs-1.11.3-33.fc20.x86_64 lcms-libs-1.19-10.fc20.x86_64 libICE-1.0.8-6.fc20.x86_64 libSM-1.2.1-6.fc20.x86_64 libX11-1.6.1-1.fc20.x86_64 libXau-1.0.8-2.fc20.x86_64 libXcursor-1.1.14-2.fc20.x86_64 libXdamage-1.1.4-4.fc20.x86_64 libXdmcp-1.1.1-5.fc20.x86_64 libXext-1.3.2-2.fc20.x86_64 libXfixes-5.0.1-2.fc20.x86_64 libXft-2.3.1-5.fc20.x86_64 libXi-1.7.2-2.fc20.x86_64 libXinerama-1.1.3-2.fc20.x86_64 libXpm-3.5.10-5.fc20.x86_64 libXrandr-1.4.1-2.fc20.x86_64 libXrender-0.9.8-2.fc20.x86_64 libXtst-1.2.2-2.fc20.x86_64 libXxf86vm-1.1.3-2.fc20.x86_64 libacl-2.2.52-4.fc20.x86_64 libattr-2.4.47-3.fc20.x86_64 libcom_err-1.42.8-3.fc20.x86_64 libicu-50.1.2-10.fc20.x86_64 libjpeg-turbo-1.3.0-1.fc20.x86_64 libmng-1.0.10-12.fc20.x86_64 libpciaccess-0.13.1-4.fc20.x86_64 libpng-1.6.3-3.fc20.x86_64 libtiff-4.0.3-12.fc20.x86_64 libuuid-2.24-2.fc20.x86_64 libwebp-0.3.1-2.fc20.x86_64 libxcb-1.9.1-3.fc20.x86_64 libxml2-2.9.1-2.fc20.x86_64 openssl-libs-1.0.1e-30.fc20.x86_64 pcre-8.33-2.fc20.1.x86_64 qca2-2.0.3-6.fc20.x86_64 qt-4.8.5-10.fc20.x86_64 qt-x11-4.8.5-10.fc20.x86_64 qtsoap-2.7-6.fc20.x86_64 soprano-2.9.4-2.fc20.x86_64 strigi-libs-0.7.8-2.fc20.x86_64 systemd-libs-208-6.fc20.x86_64 xz-libs-5.1.2-6alpha.fc20.x86_64
(gdb) bt
#0  0x00007fffdc660e25 in fs_visitor::visit (this=0x7ffffffdadf0, ir=0x16f0890) at brw_fs_visitor.cpp:1903
#1  0x00007fffdc671555 in fs_visitor::visit (this=0x7ffffffdadf0, ir=0x1644e10) at brw_fs_visitor.cpp:1875
#2  0x00007fffdc671555 in fs_visitor::visit (this=0x7ffffffdadf0, ir=0x133ca00) at brw_fs_visitor.cpp:1875
#3  0x00007fffdc6613dd in fs_visitor::visit (this=0x7ffffffdadf0, ir=<optimized out>) at brw_fs_visitor.cpp:1988
#4  0x00007fffdc64f301 in fs_visitor::run (this=this@entry=0x7ffffffdadf0) at brw_fs.cpp:2936
#5  0x00007fffdc64f7fe in brw_wm_fs_emit (brw=brw@entry=0x7ed3f0, c=c@entry=0x1553fa0, fp=fp@entry=0x1722730, prog=prog@entry=0x119b9c0, 
    final_assembly_size=final_assembly_size@entry=0x7fffffffbcb4) at brw_fs.cpp:3065
#6  0x00007fffdc6a811b in do_wm_prog (brw=0x7ed3f0, prog=0x119b9c0, fp=0x1722730, key=0x7fffffffbd00) at brw_wm.c:174
#7  0x00007fffdc64f6da in brw_fs_precompile (ctx=ctx@entry=0x7ed3f0, prog=prog@entry=0x119b9c0) at brw_fs.cpp:3180
#8  0x00007fffdc67ceb3 in brw_shader_precompile (prog=0x119b9c0, ctx=0x7ed3f0) at brw_shader.cpp:69
#9  brw_link_shader (ctx=0x7ed3f0, shProg=0x119b9c0) at brw_shader.cpp:281
#10 0x00007fffdc254e42 in _mesa_glsl_link_shader (ctx=ctx@entry=0x7ed3f0, prog=prog@entry=0x119b9c0) at ../../../src/mesa/program/ir_to_mesa.cpp:3120
#11 0x00007fffdc1103d3 in link_program (ctx=0x7ed3f0) at ../../../src/mesa/main/shaderapi.c:819
#12 0x00007ffff78e4389 in QGLShaderProgram::link() () from /lib64/libQtOpenGL.so.4
#13 0x00000000004243fa in Fragmentarium::GUI::DisplayWidget::setupFragmentShader() ()
#14 0x000000000042736e in Fragmentarium::GUI::DisplayWidget::setFragmentShader(Fragmentarium::Parser::FragmentSource) ()
#15 0x0000000000435d37 in Fragmentarium::GUI::MainWindow::render() ()
#16 0x00000000004701a2 in Fragmentarium::GUI::MainWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) [clone .part.0] ()
#17 0x00007ffff6843fa8 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /lib64/libQtCore.so.4
#18 0x00007ffff6d5a7a2 in QAction::triggered(bool) () from /lib64/libQtGui.so.4
#19 0x00007ffff6d5c357 in QAction::activate(QAction::ActionEvent) () from /lib64/libQtGui.so.4
#20 0x00007ffff71282f6 in QAbstractButtonPrivate::click() () from /lib64/libQtGui.so.4
#21 0x00007ffff712843c in QAbstractButton::mouseReleaseEvent(QMouseEvent*) () from /lib64/libQtGui.so.4
#22 0x00007ffff71e9c8a in QToolButton::mouseReleaseEvent(QMouseEvent*) () from /lib64/libQtGui.so.4
#23 0x00007ffff6db3d1a in QWidget::event(QEvent*) () from /lib64/libQtGui.so.4
#24 0x00007ffff6d60dac in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib64/libQtGui.so.4
#25 0x00007ffff6d67899 in QApplication::notify(QObject*, QEvent*) () from /lib64/libQtGui.so.4
#26 0x00007ffff682f5ed in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /lib64/libQtCore.so.4
#27 0x00007ffff6d66fc7 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) ()
   from /lib64/libQtGui.so.4
#28 0x00007ffff6ddc77b in QETWidget::translateMouseEvent(_XEvent const*) () from /lib64/libQtGui.so.4
#29 0x00007ffff6ddb1ec in QApplication::x11ProcessEvent(_XEvent*) () from /lib64/libQtGui.so.4
#30 0x00007ffff6e02be4 in x11EventSourceDispatch(_GSource*, int (*)(void*), void*) () from /lib64/libQtGui.so.4
#31 0x00007ffff28b82a6 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#32 0x00007ffff28b8628 in g_main_context_iterate.isra.24 () from /lib64/libglib-2.0.so.0
#33 0x00007ffff28b86dc in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#34 0x00007ffff685e185 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQtCore.so.4
#35 0x00007ffff6e02d66 in QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQtGui.so.4
#36 0x00007ffff682e12f in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQtCore.so.4
#37 0x00007ffff682e47d in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQtCore.so.4
#38 0x00007ffff68339bb in QCoreApplication::exec() () from /lib64/libQtCore.so.4
#39 0x0000000000415dae in main ()
Comment 1 Paul Berry 2013-11-26 15:19:34 UTC 
Found the bug.  I'll send out a patch soon.
Comment 2 Paul Berry 2013-11-27 20:47:54 UTC 
Patch sent to mesa-dev list: http://lists.freedesktop.org/archives/mesa-dev/2013-November/049262.html

Note that this patch depends on the one that preceded it: http://lists.freedesktop.org/archives/mesa-dev/2013-November/049261.html
Comment 3 Tapani Pälli 2014-01-17 11:22:01 UTC 
both patches were pushed in, I just reproduced with older Mesa and verified that works fine with Mesa master, resolving as fixed

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.