Bug#919197: Acknowledgement (qtwayland-opensource-src: FTBFS on hppa - Segmentation faults in testsuite)
Hi John! On Thu, Jan 17, 2019 at 08:13:55AM -0500, John David Anglin wrote: > The bug is in this mesa code: > > dri2_query_wayland_buffer_wl(_EGLDriver *drv, _EGLDisplay *disp, > struct wl_resource *buffer_resource, > EGLint attribute, EGLint *value) > > The segmentation fault occurs because dri2_dpy is NULL. The sequence > point in argument > evaluation requires evaluation of dri2_dpy->wl_server_drm before the > resource NULL pointer > check in wayland_drm_buffer_get. > > With this fixed, qtwayland-opensource-src build is successful: > https://buildd.debian.org/status/fetch.php?pkg=qtwayland-opensource-src=hppa=5.11.3-2=1547696629=0 Do you understand correctly that there is nothing to fix in qtwayland then? Have you already filed a bug against mesa? -- Dmitry Shachnev signature.asc Description: PGP signature
Bug#919197: Acknowledgement (qtwayland-opensource-src: FTBFS on hppa - Segmentation faults in testsuite)
On 2019-01-13 5:55 p.m., John David Anglin wrote: > On 2019-01-13 2:52 p.m., John David Anglin wrote: >> Looks to me to be a NULL pointer check issue in mesa: >> >> static inline struct wl_drm_buffer * >> wayland_drm_buffer_get(struct wl_drm *drm, struct wl_resource *resource) >> { >> if (resource == NULL) >> return NULL; >> >> if (wl_resource_instance_of(resource, _buffer_interface, >> >buffer_interface)) >> return wl_resource_get_user_data(resource); >> else >> return NULL; >> } >> >> (gdb) disass $pc-32-16,$pc+16 >> Dump of assembler code from 0xec46dd14 to 0xec46dd54: >> 0xec46dd14 : stw rp,-14(sp) >> 0xec46dd18 : ldo 80(sp),sp >> 0xec46dd1c : ldw -b4(sp),ret0 >> 0xec46dd20 : stw r5,-74(sp) >> 0xec46dd24 : copy r23,r5 >> 0xec46dd28 : stw r4,-70(sp) >> 0xec46dd2c : stw r3,-6c(sp) >> 0xec46dd30 : stw r19,-20(sp) >> 0xec46dd34 : stw ret0,-78(sp) >> 0xec46dd38 : ldw 58(r25),ret0 >> 0xec46dd3c : ldo c0(ret0),ret0 >> 0xec46dd40 : movb,= >> r24,r3,0xec46dd94 >> => 0xec46dd44 : ldw 0(ret0),ret0 >> 0xec46dd48 : addil L%800,r19,r1 >> 0xec46dd4c : copy r19,r4 >> 0xec46dd50 : ldw 200(r1),r25 >> >> The NULL pointer check has bee4n optimized away. The bug is in this mesa code: dri2_query_wayland_buffer_wl(_EGLDriver *drv, _EGLDisplay *disp, struct wl_resource *buffer_resource, EGLint attribute, EGLint *value) { struct dri2_egl_display *dri2_dpy = dri2_egl_display(disp); struct wl_drm_buffer *buffer; const struct wl_drm_components_descriptor *format; if (!dri2_dpy) return EGL_FALSE; buffer = wayland_drm_buffer_get(dri2_dpy->wl_server_drm, buffer_resource); if (!buffer) return EGL_FALSE; The segmentation fault occurs because dri2_dpy is NULL. The sequence point in argument evaluation requires evaluation of dri2_dpy->wl_server_drm before the resource NULL pointer check in wayland_drm_buffer_get. With this fixed, qtwayland-opensource-src build is successful: https://buildd.debian.org/status/fetch.php?pkg=qtwayland-opensource-src=hppa=5.11.3-2=1547696629=0 Regards, Dave Anglin -- John David Anglin dave.ang...@bell.net
Bug#919197: Acknowledgement (qtwayland-opensource-src: FTBFS on hppa - Segmentation faults in testsuite)
Hi John! On Sun, Jan 13, 2019 at 05:55:22PM -0500, John David Anglin wrote: > Actually, it has only been partially optimized away. It appears the > check is still there (movb instruction) > but register r3 contains an undefined value (it is not an argument > register). So, this seems a wrong > code bug. > > Why are we building with gcc-7? The latest hppa build log [1] has gcc 8.2.0. [1]: https://buildd.debian.org/status/fetch.php?pkg=qtwayland-opensource-src=hppa=5.11.3-2=1547325647 -- Dmitry Shachnev signature.asc Description: PGP signature
Bug#919197: Acknowledgement (qtwayland-opensource-src: FTBFS on hppa - Segmentation faults in testsuite)
On 2019-01-14 12:42 p.m., Dmitry Shachnev wrote: >> hy are we building with gcc-7? > The latest hppa build log [1] has gcc 8.2.0. > > [1]: > https://buildd.debian.org/status/fetch.php?pkg=qtwayland-opensource-src=hppa=5.11.3-2=1547325647 I was referring to mesa. It appears to be miscompiled on hppa and causes the FTBFS. 18.2.8-2 was built with gcc-7. The new 18.3.0-1 on experimental in now built with gcc-8. I did a test build of mesa with gcc-8: https://buildd.debian.org/status/fetch.php?pkg=mesa=hppa=18.2.8-2%2Bb1=1547428024=0 However, it has same code issue At this point, I think the problem is with gcc. Either the instruction after the movb should have been nullified, or it shouldn't have been put in the delay slot of the movb. I need a build outside buildd to investigation further. I haven't looked at the code for dri2_query_wayland_buffer_wl (i.e., what happens when wayland_drm_buffer_get() returns NULL). Dave -- John David Anglin dave.ang...@bell.net signature.asc Description: OpenPGP digital signature
Bug#919197: Acknowledgement (qtwayland-opensource-src: FTBFS on hppa - Segmentation faults in testsuite)
On 2019-01-13 2:52 p.m., John David Anglin wrote: > Looks to me to be a NULL pointer check issue in mesa: > > static inline struct wl_drm_buffer * > wayland_drm_buffer_get(struct wl_drm *drm, struct wl_resource *resource) > { > if (resource == NULL) > return NULL; > > if (wl_resource_instance_of(resource, _buffer_interface, > >buffer_interface)) > return wl_resource_get_user_data(resource); > else > return NULL; > } > > (gdb) disass $pc-32-16,$pc+16 > Dump of assembler code from 0xec46dd14 to 0xec46dd54: > 0xec46dd14 : stw rp,-14(sp) > 0xec46dd18 : ldo 80(sp),sp > 0xec46dd1c : ldw -b4(sp),ret0 > 0xec46dd20 : stw r5,-74(sp) > 0xec46dd24 : copy r23,r5 > 0xec46dd28 : stw r4,-70(sp) > 0xec46dd2c : stw r3,-6c(sp) > 0xec46dd30 : stw r19,-20(sp) > 0xec46dd34 : stw ret0,-78(sp) > 0xec46dd38 : ldw 58(r25),ret0 > 0xec46dd3c : ldo c0(ret0),ret0 > 0xec46dd40 : movb,= > r24,r3,0xec46dd94 > => 0xec46dd44 : ldw 0(ret0),ret0 > 0xec46dd48 : addil L%800,r19,r1 > 0xec46dd4c : copy r19,r4 > 0xec46dd50 : ldw 200(r1),r25 > > The NULL pointer check has bee4n optimized away. Actually, it has only been partially optimized away. It appears the check is still there (movb instruction) but register r3 contains an undefined value (it is not an argument register). So, this seems a wrong code bug. Why are we building with gcc-7? -- John David Anglin dave.ang...@bell.net
Bug#919197: Acknowledgement (qtwayland-opensource-src: FTBFS on hppa - Segmentation faults in testsuite)
Looks to me to be a NULL pointer check issue in mesa: static inline struct wl_drm_buffer * wayland_drm_buffer_get(struct wl_drm *drm, struct wl_resource *resource) { if (resource == NULL) return NULL; if (wl_resource_instance_of(resource, _buffer_interface, >buffer_interface)) return wl_resource_get_user_data(resource); else return NULL; } (gdb) disass $pc-32-16,$pc+16 Dump of assembler code from 0xec46dd14 to 0xec46dd54: 0xec46dd14 : stw rp,-14(sp) 0xec46dd18 : ldo 80(sp),sp 0xec46dd1c : ldw -b4(sp),ret0 0xec46dd20 : stw r5,-74(sp) 0xec46dd24 : copy r23,r5 0xec46dd28 : stw r4,-70(sp) 0xec46dd2c : stw r3,-6c(sp) 0xec46dd30 : stw r19,-20(sp) 0xec46dd34 : stw ret0,-78(sp) 0xec46dd38 : ldw 58(r25),ret0 0xec46dd3c : ldo c0(ret0),ret0 0xec46dd40 : movb,= r24,r3,0xec46dd94 => 0xec46dd44 : ldw 0(ret0),ret0 0xec46dd48 : addil L%800,r19,r1 0xec46dd4c : copy r19,r4 0xec46dd50 : ldw 200(r1),r25 The NULL pointer check has bee4n optimized away. -- John David Anglin dave.ang...@bell.net
Bug#919197: Acknowledgement (qtwayland-opensource-src: FTBFS on hppa - Segmentation faults in testsuite)
The last part of the backtrace is: Thread 1 "tst_client" hit Breakpoint 1, eglInitialize (dpy=0xa3dc0, major=0xf8d02520, minor=0xf8d0251c) at ../../../src/egl/main/eglapi.c:582 582 ../../../src/egl/main/eglapi.c: No such file or directory. (gdb) bt #0 eglInitialize (dpy=0xa3dc0, major=0xf8d02520, minor=0xf8d0251c) at ../../../src/egl/main/eglapi.c:582 #1 0xee5f5d9c in eglInitialize (dpy=0xa3dc0, major=0xf8d02520, minor=0xf8d0251c) at g_egldispatchstubs.c:230 #2 0xee9ead68 in QtWaylandClient::QWaylandEglClientBufferIntegration::initialize (this=0xa3dc0, display=0xf8d02520) at ../../../../hardwareintegration/client/wayland-egl/qwaylandeglclientbufferintegration.cpp:110 #3 0xef70d878 in QtWaylandClient::QWaylandIntegration::initializeClientBufferIntegration (this=0xf8d0251c) at qwaylandintegration.cpp:357 #4 0xef70dc58 in QtWaylandClient::QWaylandIntegration::clientBufferIntegration (this=0xf8d02520) at qwaylandintegration.cpp:310 #5 0x00015848 in main (argc=, argv=0xef7ceb44 <*ABS*@got.plt>) at tst_client.cpp:611 -- John David Anglin dave.ang...@bell.net