r300: nine crash in r300_emit_vertex_arrays: Assertion `(buf)' failed.
src/gallium/drivers/r300/r300_emit.c:972: r300_emit_vertex_arrays: Assertion
(buf)' failed.`
I've noticed this in the WIP CI nine testing branch https://gitlab.freedesktop.org/mesa/mesa/-/jobs/54609576, but I was not originally able to reproduce locally. Turns out this is due to use of uninitialized values, so sometimes the assertion in question is not hit (well at least on my ancient RV530 laptop with 32bit debian)
For example with Xnine.fog
test:
==8299== Use of uninitialised value of size 4
==8299== at 0x56D4303: update_vertex_elements (nine_state.c:924)
==8299== by 0x56D7A92: nine_update_state (nine_state.c:1286)
==8299== by 0x56D93CD: nine_context_draw_indexed_primitive_from_vtxbuf_idxbuf_priv (nine_state.c:2534)
==8299== by 0x5658570: NineDevice9_DrawIndexedPrimitiveUP (device9.c:3223)
==8299== by 0x129A8D: fog_test() (NineTests.cpp:1751)
==8299== by 0x2E3EDA: Xnine_fog_Test::TestBody() (NineTests.cpp:23896)
==8299== by 0x32F169: HandleSehExceptionsInMethodIfSupported<testing::Test, void> (gtest.cc:2605)
==8299== by 0x32F169: void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (gtest.cc:2641)
==8299== by 0x322976: Run (gtest.cc:2680)
==8299== by 0x322976: testing::Test::Run() (gtest.cc:2670)
==8299== by 0x322B08: Run (gtest.cc:2857)
==8299== by 0x322B08: testing::TestInfo::Run() (gtest.cc:2830)
==8299== by 0x323134: Run (gtest.cc:3011)
==8299== by 0x323134: testing::TestSuite::Run() (gtest.cc:2990)
==8299== by 0x323859: testing::internal::UnitTestImpl::RunAllTests() (gtest.cc:5722)
==8299== by 0x32F6E9: HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> (gtest.cc:2605)
==8299== by 0x32F6E9: bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (gtest.cc:2641)
==8299== Uninitialised value was created by a stack allocation
==8299== at 0x56D40AF: update_vertex_elements (nine_state.c:861)
and much more, full log here:Xnine.fog-valgrind
Specific stack variable that is used uninitialized is nine_state.c:871 unsigned vtxbuf_holes_map[PIPE_MAX_ATTRIBS];
Before I figured out this is uninitialized memory, I bisected with one d3d9 trace where I could reliably reproduce the crash to commit 6c4ab026, but this commit is likely just highlighting the issue.
CC @axeldavy this looks like a nine issue, right? Should we just zero-initialize vtxbuf_holes_map
? However I also tested with iris and I don't hit any valgrind issues there in this NineTest.