<html> <head> <base href="https://bugs.freedesktop.org/"> </head> <body><table border="1" cellspacing="0" cellpadding="8"> <tr> <th>Bug ID</th> <td><a class="bz_bug_link bz_status_NEW " title="NEW - Crash si_shader_select in Master Of Orion" href="https://bugs.freedesktop.org/show_bug.cgi?id=99419">99419</a> </td> </tr> <tr> <th>Summary</th> <td>Crash si_shader_select in Master Of Orion </td> </tr> <tr> <th>Product</th> <td>Mesa </td> </tr> <tr> <th>Version</th> <td>git </td> </tr> <tr> <th>Hardware</th> <td>Other </td> </tr> <tr> <th>OS</th> <td>All </td> </tr> <tr> <th>Status</th> <td>NEW </td> </tr> <tr> <th>Severity</th> <td>normal </td> </tr> <tr> <th>Priority</th> <td>medium </td> </tr> <tr> <th>Component</th> <td>Drivers/Gallium/radeonsi </td> </tr> <tr> <th>Assignee</th> <td>dri-devel@lists.freedesktop.org </td> </tr> <tr> <th>Reporter</th> <td>andreas.schultes@googlemail.com </td> </tr> <tr> <th>QA Contact</th> <td>dri-devel@lists.freedesktop.org </td> </tr></table> <p> <div> <pre>Created <span class=""><a href="attachment.cgi?id=128966" name="attach_128966" title="Backtrace">attachment 128966</a> <a href="attachment.cgi?id=128966&action=edit" title="Backtrace">[details]</a></span> Backtrace To reproduce crash click on a dropdown menu in settings. Crash caused by passing a invalid LLVMTargetMachineRef object in si_shader_selector. Comment in si_shader.h says that should be only used in si_init_shader_selector_async but that is not the case. It is also used in si_build_shader_variant which called here also(see backtrace). memorydump of tm object (frame 10) x/60b sctx->tm 0x6c5b910: 224 219 246 103 41 127 0 0 0x6c5b918: 192 111 254 103 41 127 0 0 0x6c5b920: 0 0 0 0 0 0 0 0 0x6c5b928: 0 0 0 0 0 0 0 0 0x6c5b930: 72 185 197 6 0 0 0 0 0x6c5b938: 74 185 197 6 0 0 0 0 0x6c5b940: 80 185 197 6 0 0 0 0 0x6c5b948: 32 64 0 0 x/60b state->cso->tm 0x6c63ac0: 0 0 0 0 0 0 0 0 0x6c63ac8: 0 0 0 0 0 0 0 128 0x6c63ad0: 0 0 0 0 0 0 0 0 0x6c63ad8: 0 0 0 0 0 0 0 0 0x6c63ae0: 0 0 0 0 0 0 0 0 0x6c63ae8: 0 0 0 0 0 0 0 128 0x6c63af0: 0 0 0 0 0 0 0 0 0x6c63af8: 0 0 0 0 Adding state->cso->tm = sctx->tm; in si_shader_select prevents the crash. I don't think that also fix the bug. There is still an incorrect rendering. //disam shader s_load_dwordx4 s[4:7], s[10:11], 0x0 ; C00A0105 00000000 s_load_dwordx4 s[0:3], s[2:3], 0x0 ; C00A0001 00000000 v_mov_b32_e32 v0, 1.0 ; 7E0002F2 s_waitcnt lgkmcnt(0) ; BF8C007F buffer_load_format_xyzw v[3:6], v4, s[4:7], 0 idxen ; E00C2000 80010304 s_buffer_load_dword s5, s[0:3], 0x4 ; C0220140 00000004 s_buffer_load_dword s9, s[0:3], 0x14 ; C0220240 00000014 s_buffer_load_dword s4, s[0:3], 0x0 ; C0220100 00000000 s_buffer_load_dword s8, s[0:3], 0x10 ; C0220200 00000010 s_buffer_load_dword s6, s[0:3], 0x8 ; C0220180 00000008 s_buffer_load_dword s10, s[0:3], 0x18 ; C0220280 00000018 s_buffer_load_dword s7, s[0:3], 0xc ; C02201C0 0000000C s_buffer_load_dword s0, s[0:3], 0x1c ; C0220000 0000001C s_waitcnt vmcnt(0) lgkmcnt(0) ; BF8C0070 v_mul_f32_e32 v1, s5, v4 ; 0A020805 v_mul_f32_e32 v4, s9, v4 ; 0A080809 v_mac_f32_e32 v1, s4, v3 ; 2C020604 v_mac_f32_e32 v4, s8, v3 ; 2C080608 v_mac_f32_e32 v1, s6, v5 ; 2C020A06 v_mac_f32_e32 v4, s10, v5 ; 2C080A0A v_mac_f32_e32 v1, s7, v6 ; 2C020C07 v_mac_f32_e32 v4, s0, v6 ; 2C080C00 v_mov_b32_e32 v3, 0 ; 7E060280 exp pos0 v1, v4, v3, v0 done ; C40008CF 00030401 s_waitcnt expcnt(0) ; BF8C0F0F</pre> </div> </p> <hr> <span>You are receiving this mail because:</span> <ul> <li>You are the assignee for the bug.</li> </ul> </body> </html>