Bug 29847 - [i965] SIGSEGV ir_hv_accept.cpp:45
Summary: [i965] SIGSEGV ir_hv_accept.cpp:45
Status: CLOSED FIXED
Alias: None
Product: Mesa
Classification: Unclassified
Component: Mesa core (show other bugs)
Version: git
Hardware: x86 (IA32) Linux (All)
: medium critical
Assignee: Ian Romanick
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: mesa-7.9
  Show dependency treegraph
 
Reported: 2010-08-27 17:09 UTC by Vinson Lee
Modified: 2010-09-13 11:39 UTC (History)
3 users (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Vinson Lee 2010-08-27 17:09:20 UTC 
System environment:
-- chipset: Intel GMA X3100
-- system architecture: i686
-- xserver-xorg-video-intel: 2:2.12.0-1ubuntu3
-- xserver-common: 2:1.9.0-0ubuntu1
-- xserver-xorg: 1:7.5+6ubuntu3
-- mesa: c7adb4ff1e7183d476680617d130b7dfed80d6c0 (master)
-- libdrm: 2.4.21
-- kernel version: 2.6.35-6-generic
-- Linux distribution: Ubuntu 10.10
-- Machine model: Macbook3,1

Power on any virtual machine with VMware Player or VMware Workstation. A crash occurs immediately in the GLSL parser.

The crash does not occur with swrast or softpipe.


(gdb) bt full
#0  0x01a23094 in visit_list_elements (v=0x1815420, l=0x0) at ir_hv_accept.cpp:45
        n = <value optimized out>
        __next = <value optimized out>
        prev_base_ir = 0x0
#1  0x01a23074 in ir_hierarchical_visitor::run (this=0x1815420, instructions=0x0) at ir_hierarchical_visitor.cpp:281
No locals.
#2  0x01a247e6 in import_prototypes (source=0x0, dest=0xc917b18, symbols=0xc44d0f8, mem_ctx=0xc4782a0) at ir_import_prototypes.cpp:137
        v = {<ir_hierarchical_visitor> = {_vptr.ir_hierarchical_visitor = 0x1b50008, base_ir = 0x0, callback = 0, data = 0x0}, list = 0xc917b18, 
          function = 0x0, symbols = 0xc44d0f8, mem_ctx = 0xc4782a0}
#3  0x01a01c88 in _mesa_glsl_initialize_functions (instructions=0xc917b18, state=0xc4782a0) at builtin_function.cpp:16808
        sh = 0xc860810
#4  0x019fc815 in _mesa_ast_to_hir (instructions=0xc917b18, state=0xc4782a0) at ast_to_hir.cpp:63
No locals.
#5  0x019f3f1f in _mesa_glsl_compile_shader (ctx=0xcace108, shader=0xc4781d0) at program/ir_to_mesa.cpp:2701
        source = 0xcb81bb8 "void main(void) {gl_Position = gl_Vertex;gl_TexCoord[0] = gl_MultiTexCoord0;}\n"
#6  0x0192f535 in compile_shader (shaderObj=2) at main/shaderapi.c:803
        sh = 0x0
#7  _mesa_CompileShaderARB (shaderObj=2) at main/shaderapi.c:1091
No locals.

(gdb) frame 0
#0  0x01a23094 in visit_list_elements (v=0x1815420, l=0x0) at ir_hv_accept.cpp:45
45	   foreach_list_safe(n, l) {
(gdb) l
40	ir_visitor_status
41	visit_list_elements(ir_hierarchical_visitor *v, exec_list *l)
42	{
43	   ir_instruction *prev_base_ir = v->base_ir;
44	
45	   foreach_list_safe(n, l) {
46	      ir_instruction *const ir = (ir_instruction *) n;
47	      v->base_ir = ir;
48	      ir_visitor_status s = ir->accept(v);
49	
(gdb) print l
$3 = (exec_list *) 0x0
Comment 1 Ian Romanick 2010-08-27 17:58:07 UTC 
This sounds like a build problem.  The place where it's crashing is very, very early in the compiler boot-strap process.  It's trying to generate IR and function prototypes for the built-in functions.  This should either work on every driver or crash on every driver.

Can you set a breakpoint at builtin_function.cpp, line 16807 and 'print *sh'?
Comment 2 Vinson Lee 2010-08-27 22:22:03 UTC 
(In reply to comment #1)
> This sounds like a build problem.  The place where it's crashing is very, very
> early in the compiler boot-strap process.  It's trying to generate IR and
> function prototypes for the built-in functions.  This should either work on
> every driver or crash on every driver.

The i965 driver was built via './autogen.sh --prefix=/usr --enable-debug'. Then libGL.so.1.2 was copied to /usr/lib/mesa and i965_dri.so to /usr/lib/dri.

swrast and softpipe were built with 'make linux-x86-debug'.
Comment 3 Vinson Lee 2010-08-27 22:47:58 UTC 
(In reply to comment #1)
> Can you set a breakpoint at builtin_function.cpp, line 16807 and 'print *sh'?

Breakpoint 1, _mesa_glsl_initialize_functions (instructions=0xd2864b8, state=0xd285f10) at builtin_function.cpp:16808
16808	                        state);
(gdb) print *sh
$1 = {Type = 35633, Name = 0, RefCount = 1, DeletePending = 0 '\000', CompileStatus = 0 '\000', Main = 0 '\000', UnresolvedRefs = 0 '\000', Source = 0x0, 
  SourceChecksum = 0, Program = 0x0, InfoLog = 0x0, Pragmas = {IgnoreOptimize = 0 '\000', IgnoreDebug = 0 '\000', Optimize = 0 '\000', Debug = 0 '\000'}, 
  Version = 0, ir = 0xd28fcb8, symbols = 0xd28d8f8, builtins_to_link = {0x0 <repeats 16 times>}, num_builtins_to_link = 0}

(gdb) bt full
#0  _mesa_glsl_initialize_functions (instructions=0xd2864b8, state=0xd285f10) at builtin_function.cpp:16808
        sh = 0xd28d768
#1  0x02cd7815 in _mesa_ast_to_hir (instructions=0xd2864b8, state=0xd285f10) at ast_to_hir.cpp:63
No locals.
#2  0x02ccef1f in _mesa_glsl_compile_shader (ctx=0xce83ca0, shader=0xd2853e0) at program/ir_to_mesa.cpp:2701
        source = 0xd297c38 "void main(void) {gl_Position = gl_Vertex;gl_TexCoord[0] = gl_MultiTexCoord0;}\n"
#3  0x02c0a535 in compile_shader (shaderObj=2) at main/shaderapi.c:803
        sh = 0xd28d768
#4  _mesa_CompileShaderARB (shaderObj=2) at main/shaderapi.c:1091
No locals.
Comment 4 Ian Romanick 2010-09-08 17:23:19 UTC 
Could you see if this commit fixes this bug?

commit f69a6647fbd5e7cf4406fcc877ff78b507344073
Author: Ian Romanick <ian.d.romanick@intel.com>
Date:   Wed Sep 8 17:13:00 2010 -0700

    glsl2: Clear out profile pointers in _mesa_glsl_release_functions
    
    Otherwise builtin_profiles contains dangling pointers the next time
    _mesa_read_profile is called.  I suspect this may fix bugzilla #29847,
    but I was never able to reproduce it.
Comment 5 Vinson Lee 2010-09-13 11:39:34 UTC 
mesa: e7eff0cfcef5c549678779e3c1def950feae4fb9 (master)

Verified fixed.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.