thread sanitizer + i965 = segfault in memcpy when uploading textures
Submitted by Kai Iskratsch
Assigned to Ian Romanick
Description
i was trying to run our software with thread sanitizer to find possible race conditions, but it seems to crash as soon as i try load resources with glTexImage2D. the actual crash happens in brw_upload cache which seems to call memcpy with dst=0
relevant part of the crash:
#0 0x00007ffff6db7845 in __sanitizer::internal_memcpy(void*, void const*, unsigned long) (dest=dest@entry=0x0, src=src@entry=0x7da400014028, n=n@entry=112) at ../../../../libsanitizer/sanitizer_common/sanitizer_libc.cc:52
#1 0x00007ffff6d62f03 in __interceptor_memcpy(void*, void const*, __sanitizer::uptr) (dst=0x0, src=src@entry=0x7da400014028, size=size@entry=112) at ../../../../libsanitizer/tsan/tsan_interceptors.cc:641
#2 0x00007fffa2111260 in brw_upload_cache (__len=112, __src=0x7da400014028, __dest=<optimized out>) at /usr/include/bits/string3.h:53
#3 0x00007fffa2111260 in brw_upload_cache (cache=cache@entry=0x7fffa987e408, cache_id=cache_id@entry=
BRW_CACHE_FS_PROG, key=key@entry=0x7fffa06f0dc0, key_size=key_size@entry=152, data=data@entry=0x7da400014028, data_size=112, aux=0x7fffa06f0c10, aux_size=360, out_offset=0x7fffa987f2b8, out_aux=0x7fffa987f520) at brw_state_cache.c:309
#4 0x00007fffa2117805 in brw_codegen_wm_prog (brw=brw@entry=0x7fffa985a028, prog=prog@entry=0x7d500005ec28, fp=fp@entry=0x7d680003e400, key=key@entry=0x7fffa06f0dc0) at brw_wm.c:171
#5 0x00007fffa211841f in brw_fs_precompile (ctx=ctx@entry=0x7fffa985a028, shader_prog=shader_prog@entry=0x7d500005ec28, prog=0x7d680003e400) at brw_wm.c:644
#6 0x00007fffa2104044 in brw_link_shader(gl_context*, gl_shader_program*) (sh_prog=0x7d500005ec28, ctx=0x7fffa985a028) at brw_link.cpp:49
#7 0x00007fffa2104044 in brw_link_shader(gl_context*, gl_shader_program*) (ctx=0x7fffa985a028, shProg=0x7d500005ec28) at brw_link.cpp:277
#8 0x00007fffa1fb129a in _mesa_glsl_link_shader(gl_context*, gl_shader_program*) (ctx=0x7fffa985a028, prog=0x7d500005ec28) at program/ir_to_mesa.cpp:2984
#9 0x00007fffa1e4115d in _mesa_get_fixed_func_fragment_program(gl_context*) (key=0x7fffa06f10e0, ctx=0x7fffa06f1020) at main/ff_fragment_shader.cpp:1265
#10 0x00007fffa1e4115d in _mesa_get_fixed_func_fragment_program(gl_context*) (ctx=ctx@entry=0x7fffa985a028) at main/ff_fragment_shader.cpp:1295
#11 0x00007fffa1ed4b98 in _mesa_update_state_locked (ctx=0x7fffa985a028) at main/state.c:157
#12 0x00007fffa1ed4b98 in _mesa_update_state_locked (ctx=ctx@entry=0x7fffa985a028) at main/state.c:473
#13 0x00007fffa1ed4cc1 in _mesa_update_state (ctx=ctx@entry=0x7fffa985a028) at main/state.c:504
#14 0x00007fffa1eea4d5 in teximage (ctx=0x7fffa985a028, compressed=compressed@entry=0 '\000', dims=dims@entry=2, target=3553, level=0, internalFormat=32856, width=512, height=512, depth=1, border=0, format=6408, type=5121, imageSize=0, pixels=0x7fff9efef040)
at main/teximage.c:2943
#15 0x00007fffa1eebfb0 in _mesa_TexImage2D (target=<optimized out>, level=<optimized out>, internalFormat=<optimized out>, width=<optimized out>, height=<optimized out>, border=<optimized out>, format=6408, type=5121, pixels=0x7fff9efef040) at main/teximage.c:3005
[...]
without thread sanitizer everything works, so no idea if the actual bug is cause by i965 or thread sanitizer code
Version: 11.1