Created attachment 144496 [details] systemd journalctl output showing core-dumps of gnome-session-check-accelerated-gles-helper and gnome-shell Environment: VM with Clear Linux OS release 29820 mesa git repository master branch @ e9703fb4162e85943c52b6559d3554b521125da4 Compiling mesa with lto flag gets gnome-session-check-accelerated-gles-helper (and later on gnome-shell) to core dump, avoiding GDM to start successfully. This is not reproducible if the VM is configured to use a single CPU (e.g: Virt-manager: 1 socket, 1 core, 1 thread). The flags and environment used for compiling mesa are shown in the mesa.spec [1], but it comes down to: export http_proxy=http://127.0.0.1:9/ export https_proxy=http://127.0.0.1:9/ export no_proxy=localhost,127.0.0.1,0.0.0.0 export LANG=C export SOURCE_DATE_EPOCH=1559831445 unset LD_AS_NEEDED export AR=gcc-ar export RANLIB=gcc-ranlib export NM=gcc-nm export CFLAGS="$CFLAGS -O3 -falign-functions=32 -ffat-lto-objects -flto=4 -fno-math-errno -fno-semantic-interposition -fno-trapping-math " export FCFLAGS="$CFLAGS -O3 -falign-functions=32 -ffat-lto-objects -flto=4 -fno-math-errno -fno-semantic-interposition -fno-trapping-math " export FFLAGS="$CFLAGS -O3 -falign-functions=32 -ffat-lto-objects -flto=4 -fno-math-errno -fno-semantic-interposition -fno-trapping-math " export CXXFLAGS="$CXXFLAGS -O3 -falign-functions=32 -ffat-lto-objects -flto=4 -fno-math-errno -fno-semantic-interposition -fno-trapping-math " CFLAGS="$CFLAGS" CXXFLAGS="$CXXFLAGS" LDFLAGS="$LDFLAGS" meson --prefix /usr --buildtype=plain -Dplatforms=x11,drm,wayland,surfaceless \ -Ddri3=true \ -Ddri-drivers=i915,i965,nouveau,r100,r200 \ -Dgallium-drivers=radeonsi,r600,nouveau,svga,swrast \ -Dcpp_std=gnu++11 \ -Dgallium-va=true \ -Dgallium-xa=true \ -Dvulkan-drivers=intel,amd \ -Dshared-glapi=true \ -Dgles2=true \ -Dgbm=true \ -Dopengl=true \ -Dglx=dri \ -Degl=true \ -Dglvnd=false \ -Dasm=true \ -Dosmesa=classic \ -Dllvm=true \ -Dshared-llvm=true \ -Dselinux=false \ -Dosmesa=gallium \ -Dgallium-xvmc=true \ -Db_ndebug=true builddir ninja -v -C builddir sudo ninja -C builddir install replacing `-ffat-lto-objects -flto=4 ` for `-fno-lto` on the used CFLAGS, FCFLAGS, FFLAGS, and CXXFLAGS does not reproduces this issue. looking at the gnome-shell backtrace I get: # coredumpctl debug 386 PID: 386 (gnome-shell) UID: 311 (gdm) GID: 311 (gdm) Signal: 11 (SEGV) Timestamp: Mon 2019-06-10 16:30:30 CDT (54min ago) Command Line: /usr/bin/gnome-shell Executable: /usr/bin/gnome-shell Control Group: / Slice: -.slice Boot ID: 47bfa18f13ca482e88ed419c677a166c Machine ID: 29a29bebb7fd418ca33f474dbbcb5ae7 Hostname: clr-vm Storage: /var/lib/systemd/coredump/core.gnome-shell.311.47bfa18f13ca482e88ed419c677a166c.386.1560202230000000 Message: Process 386 (gnome-shell) of user 311 dumped core. Stack trace of thread 394: #0 0x00007f69af12a71b lp_scene_begin_rasterization (swrast_dri.so) #1 0x00007f69af150eb7 lp_rast_begin (swrast_dri.so) #2 0x00007f69af12d957 impl_thrd_routine.lto_priv.2.lto_priv.0 (swrast_dri.so) #3 0x00007f69c1b7f84e start_thread (libpthread.so.0) #4 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 389: #0 0x00007f69c3a0596a __GI___poll (libc.so.6) #1 0x00007f69c3350b32 g_main_context_poll (libglib-2.0.so.0) #2 0x00007f69c3350c6c g_main_context_iteration (libglib-2.0.so.0) #3 0x00007f69c331878e g_thread_proxy (libglib-2.0.so.0) #4 0x00007f69c1b7f84e start_thread (libpthread.so.0) #5 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 395: #0 0x00007f69c1b86f4a futex_wait (libpthread.so.0) #1 0x00007f69af150dad util_barrier_wait (swrast_dri.so) #2 0x00007f69af12d957 impl_thrd_routine.lto_priv.2.lto_priv.0 (swrast_dri.so) #3 0x00007f69c1b7f84e start_thread (libpthread.so.0) #4 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 390: #0 0x00007f69c3a0ba2d syscall (libc.so.6) #1 0x00007f69c32ee254 g_cond_wait_until (libglib-2.0.so.0) #2 0x00007f69c339079e g_cond_wait_until (libglib-2.0.so.0) #3 0x00007f69c331df4e g_async_queue_timeout_pop_unlocked (libglib-2.0.so.0) #4 0x00007f69c331878e g_thread_proxy (libglib-2.0.so.0) #5 0x00007f69c1b7f84e start_thread (libpthread.so.0) #6 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 409: #0 0x00007f69c1b85b4d futex_wait_cancelable (libpthread.so.0) #1 0x00007f69c05d4d60 _ZN7mozilla6detail21ConditionVariableImpl4waitERNS0_9MutexImplE (libmozjs-60.so.0) #2 0x00007f69c030f126 _ZN2js17ConditionVariable8wait_forERNS_9LockGuardINS_5MutexEEERKN7mozilla16BaseTimeDurationINS5_27TimeDurationValueCalculatorEEE (libmozjs-60.so.0) #3 0x00007f69c030a61f _ZN2js6detail16ThreadTrampolineIRFvPvEJPNS_12HelperThreadEEE8callMainIJLm0EEEEvN7mozilla13IndexSequenceIJXspT_EEEE (libmozjs-60.so.0) #4 0x00007f69c1b7f84e start_thread (libpthread.so.0) #5 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 392: #0 0x00007f69c3a0596a __GI___poll (libc.so.6) #1 0x00007f69c3350b32 g_main_context_poll (libglib-2.0.so.0) #2 0x00007f69c3353d8b g_main_context_iteration (libglib-2.0.so.0) #3 0x00007f69c3af8320 dconf_gdbus_worker_thread (libdconfsettings.so) #4 0x00007f69c331878e g_thread_proxy (libglib-2.0.so.0) #5 0x00007f69c1b7f84e start_thread (libpthread.so.0) #6 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 391: #0 0x00007f69c3a0596a __GI___poll (libc.so.6) #1 0x00007f69c3350b32 g_main_context_poll (libglib-2.0.so.0) #2 0x00007f69c32e8653 g_main_loop_run (libglib-2.0.so.0) #3 0x00007f69c351613e gdbus_shared_thread_func (libgio-2.0.so.0) #4 0x00007f69c331878e g_thread_proxy (libglib-2.0.so.0) #5 0x00007f69c1b7f84e start_thread (libpthread.so.0) #6 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 408: #0 0x00007f69c1b85b4d futex_wait_cancelable (libpthread.so.0) #1 0x00007f69c05d4d60 _ZN7mozilla6detail21ConditionVariableImpl4waitERNS0_9MutexImplE (libmozjs-60.so.0) #2 0x00007f69c030f126 _ZN2js17ConditionVariable8wait_forERNS_9LockGuardINS_5MutexEEERKN7mozilla16BaseTimeDurationINS5_27TimeDurationValueCalculatorEEE (libmozjs-60.so.0) #3 0x00007f69c030a61f _ZN2js6detail16ThreadTrampolineIRFvPvEJPNS_12HelperThreadEEE8callMainIJLm0EEEEvN7mozilla13IndexSequenceIJXspT_EEEE (libmozjs-60.so.0) #4 0x00007f69c1b7f84e start_thread (libpthread.so.0) #5 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 401: #0 0x00007f69c1b85b5c futex_wait_cancelable (libpthread.so.0) #1 0x00007f69af150d73 cnd_wait (swrast_dri.so) #2 0x00007f69af12d957 impl_thrd_routine.lto_priv.2.lto_priv.0 (swrast_dri.so) #3 0x00007f69c1b7f84e start_thread (libpthread.so.0) #4 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 518: #0 0x00007f69c3a0ba2d syscall (libc.so.6) #1 0x00007f69c32ee254 g_cond_wait_until (libglib-2.0.so.0) #2 0x00007f69c339079e g_cond_wait_until (libglib-2.0.so.0) #3 0x00007f69c331df4e g_async_queue_timeout_pop_unlocked (libglib-2.0.so.0) #4 0x00007f69c331878e g_thread_proxy (libglib-2.0.so.0) #5 0x00007f69c1b7f84e start_thread (libpthread.so.0) #6 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 405: #0 0x00007f69c1b85b4d futex_wait_cancelable (libpthread.so.0) #1 0x00007f69c05d4d60 _ZN7mozilla6detail21ConditionVariableImpl4waitERNS0_9MutexImplE (libmozjs-60.so.0) #2 0x00007f69c030f126 _ZN2js17ConditionVariable8wait_forERNS_9LockGuardINS_5MutexEEERKN7mozilla16BaseTimeDurationINS5_27TimeDurationValueCalculatorEEE (libmozjs-60.so.0) #3 0x00007f69c030a61f _ZN2js6detail16ThreadTrampolineIRFvPvEJPNS_12HelperThreadEEE8callMainIJLm0EEEEvN7mozilla13IndexSequenceIJXspT_EEEE (libmozjs-60.so.0) #4 0x00007f69c1b7f84e start_thread (libpthread.so.0) #5 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 400: #0 0x00007f69c1b85b5c futex_wait_cancelable (libpthread.so.0) #1 0x00007f69af150d73 cnd_wait (swrast_dri.so) #2 0x00007f69af12d957 impl_thrd_routine.lto_priv.2.lto_priv.0 (swrast_dri.so) #3 0x00007f69c1b7f84e start_thread (libpthread.so.0) #4 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 517: #0 0x00007f69c3a0ba2d syscall (libc.so.6) #1 0x00007f69c32ee254 g_cond_wait_until (libglib-2.0.so.0) #2 0x00007f69c339079e g_cond_wait_until (libglib-2.0.so.0) #3 0x00007f69c331df4e g_async_queue_timeout_pop_unlocked (libglib-2.0.so.0) #4 0x00007f69c331878e g_thread_proxy (libglib-2.0.so.0) #5 0x00007f69c1b7f84e start_thread (libpthread.so.0) #6 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 404: #0 0x00007f69c1b85b4d futex_wait_cancelable (libpthread.so.0) #1 0x00007f69c05d4d60 _ZN7mozilla6detail21ConditionVariableImpl4waitERNS0_9MutexImplE (libmozjs-60.so.0) #2 0x00007f69c030f126 _ZN2js17ConditionVariable8wait_forERNS_9LockGuardINS_5MutexEEERKN7mozilla16BaseTimeDurationINS5_27TimeDurationValueCalculatorEEE (libmozjs-60.so.0) #3 0x00007f69c030a61f _ZN2js6detail16ThreadTrampolineIRFvPvEJPNS_12HelperThreadEEE8callMainIJLm0EEEEvN7mozilla13IndexSequenceIJXspT_EEEE (libmozjs-60.so.0) #4 0x00007f69c1b7f84e start_thread (libpthread.so.0) #5 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 519: #0 0x00007f69c3a0ba2d syscall (libc.so.6) #1 0x00007f69c32ee254 g_cond_wait_until (libglib-2.0.so.0) #2 0x00007f69c339079e g_cond_wait_until (libglib-2.0.so.0) #3 0x00007f69c331df4e g_async_queue_timeout_pop_unlocked (libglib-2.0.so.0) #4 0x00007f69c331878e g_thread_proxy (libglib-2.0.so.0) #5 0x00007f69c1b7f84e start_thread (libpthread.so.0) #6 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 407: #0 0x00007f69c1b85b4d futex_wait_cancelable (libpthread.so.0) #1 0x00007f69c05d4d60 _ZN7mozilla6detail21ConditionVariableImpl4waitERNS0_9MutexImplE (libmozjs-60.so.0) #2 0x00007f69c030f126 _ZN2js17ConditionVariable8wait_forERNS_9LockGuardINS_5MutexEEERKN7mozilla16BaseTimeDurationINS5_27TimeDurationValueCalculatorEEE (libmozjs-60.so.0) #3 0x00007f69c030a61f _ZN2js6detail16ThreadTrampolineIRFvPvEJPNS_12HelperThreadEEE8callMainIJLm0EEEEvN7mozilla13IndexSequenceIJXspT_EEEE (libmozjs-60.so.0) #4 0x00007f69c1b7f84e start_thread (libpthread.so.0) #5 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 403: #0 0x00007f69c1b85b4d futex_wait_cancelable (libpthread.so.0) #1 0x00007f69c05d4d60 _ZN7mozilla6detail21ConditionVariableImpl4waitERNS0_9MutexImplE (libmozjs-60.so.0) #2 0x00007f69c030f126 _ZN2js17ConditionVariable8wait_forERNS_9LockGuardINS_5MutexEEERKN7mozilla16BaseTimeDurationINS5_27TimeDurationValueCalculatorEEE (libmozjs-60.so.0) #3 0x00007f69c030a61f _ZN2js6detail16ThreadTrampolineIRFvPvEJPNS_12HelperThreadEEE8callMainIJLm0EEEEvN7mozilla13IndexSequenceIJXspT_EEEE (libmozjs-60.so.0) #4 0x00007f69c1b7f84e start_thread (libpthread.so.0) #5 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 402: #0 0x00007f69c1b85b4d futex_wait_cancelable (libpthread.so.0) #1 0x00007f69c05d4d60 _ZN7mozilla6detail21ConditionVariableImpl4waitERNS0_9MutexImplE (libmozjs-60.so.0) #2 0x00007f69c030f126 _ZN2js17ConditionVariable8wait_forERNS_9LockGuardINS_5MutexEEERKN7mozilla16BaseTimeDurationINS5_27TimeDurationValueCalculatorEEE (libmozjs-60.so.0) #3 0x00007f69c030a61f _ZN2js6detail16ThreadTrampolineIRFvPvEJPNS_12HelperThreadEEE8callMainIJLm0EEEEvN7mozilla13IndexSequenceIJXspT_EEEE (libmozjs-60.so.0) #4 0x00007f69c1b7f84e start_thread (libpthread.so.0) #5 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 396: #0 0x00007f69c1b86f4a futex_wait (libpthread.so.0) #1 0x00007f69af150dad util_barrier_wait (swrast_dri.so) #2 0x00007f69af12d957 impl_thrd_routine.lto_priv.2.lto_priv.0 (swrast_dri.so) #3 0x00007f69c1b7f84e start_thread (libpthread.so.0) #4 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 516: #0 0x00007f69c3a0ba2d syscall (libc.so.6) #1 0x00007f69c32ee254 g_cond_wait_until (libglib-2.0.so.0) #2 0x00007f69c339079e g_cond_wait_until (libglib-2.0.so.0) #3 0x00007f69c331df4e g_async_queue_timeout_pop_unlocked (libglib-2.0.so.0) #4 0x00007f69c331878e g_thread_proxy (libglib-2.0.so.0) #5 0x00007f69c1b7f84e start_thread (libpthread.so.0) #6 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 397: #0 0x00007f69c1b86f4a futex_wait (libpthread.so.0) #1 0x00007f69af150dad util_barrier_wait (swrast_dri.so) #2 0x00007f69af12d957 impl_thrd_routine.lto_priv.2.lto_priv.0 (swrast_dri.so) #3 0x00007f69c1b7f84e start_thread (libpthread.so.0) #4 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 399: #0 0x00007f69c1b85b5c futex_wait_cancelable (libpthread.so.0) #1 0x00007f69af150d73 cnd_wait (swrast_dri.so) #2 0x00007f69af12d957 impl_thrd_routine.lto_priv.2.lto_priv.0 (swrast_dri.so) #3 0x00007f69c1b7f84e start_thread (libpthread.so.0) #4 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 398: #0 0x00007f69c1b85b5c futex_wait_cancelable (libpthread.so.0) #1 0x00007f69af150d73 cnd_wait (swrast_dri.so) #2 0x00007f69af12d957 impl_thrd_routine.lto_priv.2.lto_priv.0 (swrast_dri.so) #3 0x00007f69c1b7f84e start_thread (libpthread.so.0) #4 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 406: #0 0x00007f69c1b85b4d futex_wait_cancelable (libpthread.so.0) #1 0x00007f69c05d4d60 _ZN7mozilla6detail21ConditionVariableImpl4waitERNS0_9MutexImplE (libmozjs-60.so.0) #2 0x00007f69c030f126 _ZN2js17ConditionVariable8wait_forERNS_9LockGuardINS_5MutexEEERKN7mozilla16BaseTimeDurationINS5_27TimeDurationValueCalculatorEEE (libmozjs-60.so.0) #3 0x00007f69c030a61f _ZN2js6detail16ThreadTrampolineIRFvPvEJPNS_12HelperThreadEEE8callMainIJLm0EEEEvN7mozilla13IndexSequenceIJXspT_EEEE (libmozjs-60.so.0) #4 0x00007f69c1b7f84e start_thread (libpthread.so.0) #5 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 393: #0 0x00007f69c3a0ba2d syscall (libc.so.6) #1 0x00007f69c32ee254 g_cond_wait_until (libglib-2.0.so.0) #2 0x00007f69c339079e g_cond_wait_until (libglib-2.0.so.0) #3 0x00007f69c331df4e g_async_queue_timeout_pop_unlocked (libglib-2.0.so.0) #4 0x00007f69c331878e g_thread_proxy (libglib-2.0.so.0) #5 0x00007f69c1b7f84e start_thread (libpthread.so.0) #6 0x00007f69c3a12203 __clone (libc.so.6) Stack trace of thread 386: #0 0x00007f69c1b85b4d futex_wait_cancelable (libpthread.so.0) #1 0x00007f69af150903 cnd_wait (swrast_dri.so) #2 0x00007f69ae73d3e8 set_scene_state.isra.0.constprop.0 (swrast_dri.so) #3 0x00007f69af151c17 lp_setup_flush (swrast_dri.so) #4 0x00007f69ae73d7c9 llvmpipe_flush_resource.constprop.0 (swrast_dri.so) #5 0x00007f69af14a96a llvmpipe_transfer_map (swrast_dri.so) #6 0x00007f69aebee7f0 pipe_transfer_map (swrast_dri.so) #7 0x00007f69aec5dd9d read_rgba_pixels (swrast_dri.so) #8 0x00007f69aeaecb07 st_ReadPixels (swrast_dri.so) #9 0x00007f69aec63438 read_pixels (swrast_dri.so) #10 0x00007f69aec63872 _mesa_ReadPixels (swrast_dri.so) #11 0x00007f69c2407d58 _cogl_framebuffer_gl_read_pixels_into_bitmap (libmutter-cogl-4.so.0) #12 0x00007f69c23e5d47 _cogl_framebuffer_read_pixels_into_bitmap (libmutter-cogl-4.so.0) #13 0x00007f69c23e5dc2 cogl_framebuffer_read_pixels (libmutter-cogl-4.so.0) #14 0x00007f69c292ca4e _clutter_stage_do_pick_on_view (libmutter-clutter-4.so.0) #15 0x00007f69c29474b1 _clutter_input_device_update (libmutter-clutter-4.so.0) #16 0x00007f69c293f0eb _clutter_process_event_details (libmutter-clutter-4.so.0) #17 0x00007f69c293f96c _clutter_stage_process_queued_events (libmutter-clutter-4.so.0) #18 0x00007f69c3350315 g_main_dispatch (libglib-2.0.so.0) #19 0x00007f69c3350b80 g_main_context_iterate.isra.0.lto_priv.0 (libglib-2.0.so.0) #20 0x00007f69c32e8653 g_main_loop_run (libglib-2.0.so.0) #21 0x00007f69c27c5605 meta_run (libmutter-4.so.0) #22 0x000055d7343387e5 main (gnome-shell) #23 0x00007f69c3919003 __libc_start_main (libc.so.6) #24 0x000055d73433896e _start (gnome-shell) GNU gdb (GDB) 8.3 Copyright (C) 2019 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-generic-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/bin/gnome-shell... Reading symbols from /usr/lib/debug/.build-id/b6/0ed6393a2b4ea3e317e0dd3cdb09797f181089.debug... [New LWP 394] [New LWP 389] [New LWP 395] [New LWP 390] [New LWP 409] [New LWP 392] [New LWP 391] [New LWP 408] [New LWP 401] [New LWP 518] [New LWP 405] [New LWP 400] [New LWP 517] [New LWP 404] [New LWP 519] [New LWP 407] [New LWP 403] [New LWP 402] [New LWP 396] [New LWP 516] [New LWP 397] [New LWP 399] [New LWP 398] [New LWP 406] [New LWP 393] [New LWP 386] [Thread debugging using libthread_db enabled] Using host libthread_db library "/usr/lib64/libthread_db.so.1". bt Core was generated by `/usr/bin/gnome-shell'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f69af12a71b in lp_scene_begin_rasterization (scene=scene@entry=0x0) at ../src/gallium/drivers/llvmpipe/lp_scene.c:157 157 for (i = 0; i < scene->fb.nr_cbufs; i++) { [Current thread is 1 (Thread 0x7f69ae6a4700 (LWP 394))] (gdb) (gdb) bt #0 0x00007f69af12a71b in lp_scene_begin_rasterization(lp_scene*) (scene=scene@entry=0x0) at ../src/gallium/drivers/llvmpipe/lp_scene.c:157 #1 0x00007f69af150eb7 in lp_rast_begin (rast=0x55d735e66a30, scene=0x0) at ../src/gallium/drivers/llvmpipe/lp_rast.c:72 #2 0x00007f69af150eb7 in thread_function(void*) (init_data=<optimized out>) at ../src/gallium/drivers/llvmpipe/lp_rast.c:815 #3 0x00007f69af12d957 in impl_thrd_routine.lto_priv.2.lto_priv () at ../src/gallium/drivers/llvmpipe/lp_setup.c:876 #4 0x00007f69c1b7f84e in start_thread (arg=<optimized out>) at pthread_create.c:486 #5 0x00007f69c3a12203 in clone () at /usr/lib64/haswell/libc.so.6 (gdb) bt #0 0x00007f69af12a71b in lp_scene_begin_rasterization(lp_scene*) (scene=scene@entry=0x0) at ../src/gallium/drivers/llvmpipe/lp_scene.c:157 #1 0x00007f69af150eb7 in lp_rast_begin (rast=0x55d735e66a30, scene=0x0) at ../src/gallium/drivers/llvmpipe/lp_rast.c:72 #2 0x00007f69af150eb7 in thread_function(void*) (init_data=<optimized out>) at ../src/gallium/drivers/llvmpipe/lp_rast.c:815 #3 0x00007f69af12d957 in impl_thrd_routine.lto_priv.2.lto_priv () at ../src/gallium/drivers/llvmpipe/lp_setup.c:876 #4 0x00007f69c1b7f84e in start_thread (arg=<optimized out>) at pthread_create.c:486 #5 0x00007f69c3a12203 in clone () at /usr/lib64/haswell/libc.so.6 (gdb) [1]-https://github.com/clearlinux-pkgs/mesa/blob/fed0b3f100c4f50f2850848114cf2ace1d3a9406/mesa.spec#L145-L181
As the backtrace shows, scene=0x0, which shouldn't happen. The scene pointer is obtained in thread_function(), in: lp_rast_begin( rast, lp_scene_dequeue( rast->full_scenes, TRUE ) ); The lp_scene_dequeue function is not expected to return NULL, but does: struct lp_scene * lp_scene_dequeue(struct lp_scene_queue *queue, boolean wait) { struct scene_packet packet; enum pipe_error ret; packet.scene = NULL; ret = util_ringbuffer_dequeue(queue->ring, &packet.header, sizeof packet / 4, wait ); if (ret != PIPE_OK) return NULL; return packet.scene; } Possibility 1: there was an error. But if that were the case, we'd expect this to happen with and without LTO. Possibility 2: Undefined Behaviour in the code. Note how the assigns packet.scene = NULL, never passes it to util_ringbuffer_dequeue, then returns it. It passes packet.header and the size of packet: struct scene_packet { struct util_packet header; struct lp_scene *scene; }; And expects the callee fill it: for (i = 0; i < ring_packet->dwords; i++) { packet[i] = ring->buf[ring->tail]; ring->tail++; ring->tail &= ring->mask; } I'll look at the disassembly to confirm possibility 2.
Disassembly: 0x00007ffff24cc389 <+489>: xor %edi,%edi 0x00007ffff24cc38b <+491>: movq $0x0,0x10(%r12) 0x00007ffff24cc394 <+500>: callq 0x7ffff24a5b00 <lp_scene_begin_rasterization(lp_scene*)> That's a constant null pointer being passed to lp_scene_begin_rasterization(). I believe this is a violation of strict aliasing. The compiler is correct. The code in llvmpipe is buggy.
This patch appears to fix the problem: From 49607f0524539cb836065b626bb3d3946061c486 Mon Sep 17 00:00:00 2001 From: Thiago Macieira <thiago.macieira@intel.com> Date: Mon, 10 Jun 2019 19:13:12 -0700 Subject: [PATCH] Attempt at fixing strict aliasing violation in dequeueing packets lp_scene_dequeue() calls util_ringbuffer_dequeue() with a payload that isn't an array of struct util_packets. When util_ringbuffer_dequeue() made the direct copy, the compiler discarded because it wasn't writing the right type. Signed-off-by: Thiago Macieira <thiago.macieira@intel.com> --- src/gallium/auxiliary/util/u_ringbuffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/gallium/auxiliary/util/u_ringbuffer.c b/src/gallium/auxiliary/util/u_ringbuffer.c index f6bb910671e..cebb908410c 100644 --- a/src/gallium/auxiliary/util/u_ringbuffer.c +++ b/src/gallium/auxiliary/util/u_ringbuffer.c @@ -146,7 +146,7 @@ enum pipe_error util_ringbuffer_dequeue( struct util_ringbuffer *ring, /* Copy data from ring: */ for (i = 0; i < ring_packet->dwords; i++) { - packet[i] = ring->buf[ring->tail]; + memcpy(packet + i, ring->buf + ring->tail, sizeof(*packet)); ring->tail++; ring->tail &= ring->mask; } -- 2.22.0
(In reply to Thiago Macieira from comment #3) > This patch appears to fix the problem: > > From 49607f0524539cb836065b626bb3d3946061c486 Mon Sep 17 00:00:00 2001 > From: Thiago Macieira <thiago.macieira@intel.com> > Date: Mon, 10 Jun 2019 19:13:12 -0700 > Subject: [PATCH] Attempt at fixing strict aliasing violation in dequeueing > packets > > lp_scene_dequeue() calls util_ringbuffer_dequeue() with a payload that > isn't an array of struct util_packets. When util_ringbuffer_dequeue() > made the direct copy, the compiler discarded because it wasn't writing > the right type. > > Signed-off-by: Thiago Macieira <thiago.macieira@intel.com> > --- > src/gallium/auxiliary/util/u_ringbuffer.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/gallium/auxiliary/util/u_ringbuffer.c > b/src/gallium/auxiliary/util/u_ringbuffer.c > index f6bb910671e..cebb908410c 100644 > --- a/src/gallium/auxiliary/util/u_ringbuffer.c > +++ b/src/gallium/auxiliary/util/u_ringbuffer.c > @@ -146,7 +146,7 @@ enum pipe_error util_ringbuffer_dequeue( struct > util_ringbuffer *ring, > /* Copy data from ring: > */ > for (i = 0; i < ring_packet->dwords; i++) { > - packet[i] = ring->buf[ring->tail]; > + memcpy(packet + i, ring->buf + ring->tail, sizeof(*packet)); > ring->tail++; > ring->tail &= ring->mask; > } > -- > 2.22.0 This patch works for me
I had a conversation with Thiago, and we need the patch needs an update. I'll create an MR in GitLab with those.
(In reply to Caio Marcelo de Oliveira Filho from comment #5) > I had a conversation with Thiago, and we need the patch needs an update. > I'll create an MR in GitLab with those. I meant: "We think the patch needs an update"
Candidate MR: https://gitlab.freedesktop.org/mesa/mesa/merge_requests/1090
That MR landed. Patch that fix the issue here is commit 397d1a18ef78ddf46efda44d6783105f9fd87f7e Author: Caio Marcelo de Oliveira Filho <caio.oliveira@intel.com> Date: Wed Jun 12 15:32:30 2019 -0700 llvmpipe: Don't use u_ringbuffer for lp_scene_queue Inline the ring buffer and signal logic into lp_scene_queue instead of using a u_ringbuffer. The code ends up simpler since there's no need to handle serializing data from / to packets. This fixes a crash when compiling Mesa with LTO, that happened because of util_ringbuffer_dequeue() was writing data after the "header packet", as shown below struct scene_packet { struct util_packet header; struct lp_scene *scene; }; /* Snippet of old lp_scene_deque(). */ packet.scene = NULL; ret = util_ringbuffer_dequeue(queue->ring, &packet.header, sizeof packet / 4, return packet.scene; but due to the way aliasing analysis work the compiler didn't considered the "&packet->header" to alias with "packet->scene". With the aggressive inlining done by LTO, this would end up always returning NULL instead of the content read by util_ringbuffer_dequeue(). Issue found by Marcos Simental and Thiago Macieira. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=110884 Reviewed-by: Roland Scheidegger <sroland@vmware.com>
Marcos, could you test master again?
(In reply to Caio Marcelo de Oliveira Filho from comment #9) > Marcos, could you test master again? Yep, your patch also works for me. We can close this issue now I guess. Thanks!
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.