[Bug 104213] Vulkan shader compiler crashes to NULL pointer access with compute shaders

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Dec 11 15:50:02 UTC 2017 

https://bugs.freedesktop.org/show_bug.cgi?id=104213

            Bug ID: 104213
           Summary: Vulkan shader compiler crashes to NULL pointer access
                    with compute shaders
           Product: Mesa
           Version: git
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: Drivers/DRI/i965
          Assignee: intel-3d-bugs at lists.freedesktop.org
          Reporter: eero.t.tamminen at intel.com
        QA Contact: intel-3d-bugs at lists.freedesktop.org

Between following commits:
2017-12-05 13:47:04 UTC: 20d37da597 "Android: enable noreturn and
returns_nonnull attributes"
2017-12-06 18:31:33 UTC: 31d403160f "meson: fix keyword argument in
declare_dependency()"

Mesa has started to segfault to NULL pointer access during compute shader
compilation.  This happens at least with Sacha Willems Compute N-body demo and
GfxBench Aztec Ruins Vulkan version.

Crash is here:
-------------------------------------------------
Program received signal SIGSEGV, Segmentation fault.
anv_shader_compile_to_nir (pipeline=0x8e2570, pipeline=0x8e2570,
spec_info=0x7073b0, stage=MESA_SHADER_COMPUTE, entrypoint_name=0x7fffffffb380
"", 
    module=0x8ee0a0, mem_ctx=0x823770) at src/intel/vulkan/anv_pipeline.c:153
153        nir_shader *nir = entry_point->shader;
(gdb) bt
#0  anv_shader_compile_to_nir (pipeline=0x8e2570, pipeline=0x8e2570,
spec_info=0x7073b0, stage=MESA_SHADER_COMPUTE, entrypoint_name=0x7fffffffb380
"", 
    module=0x8ee0a0, mem_ctx=0x823770) at src/intel/vulkan/anv_pipeline.c:153
#1  anv_pipeline_compile (pipeline=pipeline at entry=0x8e2570,
mem_ctx=mem_ctx at entry=0x823770, module=module at entry=0x8ee0a0, 
    entrypoint=entrypoint at entry=0x498ae2 "main",
stage=stage at entry=MESA_SHADER_COMPUTE,
spec_info=spec_info at entry=0x7fffffffe410, prog_data=0x7fffffffb380, 
    map=0x7fffffffb2d0) at src/intel/vulkan/anv_pipeline.c:395
#2  0x00007ffff5e332ac in anv_pipeline_compile_cs
(pipeline=pipeline at entry=0x8e2570, cache=cache at entry=0x826350,
info=info at entry=0x7fffffffe4e0, 
    module=0x8ee0a0, entrypoint=0x498ae2 "main", spec_info=0x7fffffffe410) at
src/intel/vulkan/anv_pipeline.c:994
#3  0x00007ffff5fc0d07 in compute_pipeline_create
(_device=_device at entry=0x8b22e0, cache=cache at entry=0x826350,
pCreateInfo=pCreateInfo at entry=0x7fffffffe4e0, 
    pAllocator=pAllocator at entry=0x0, pPipeline=pPipeline at entry=0x6dda30) at
src/intel/vulkan/genX_pipeline.c:1770
#4  0x00007ffff5fd37f6 in gen9_CreateComputePipelines (_device=0x8b22e0,
pipelineCache=0x826350, count=1, pCreateInfos=<optimized out>, pAllocator=0x0, 
    pPipelines=0x6dda30) at src/intel/vulkan/genX_pipeline.c:1895
#5  0x00007ffff7bb0c65 in vkCreateComputePipelines () from libvulkan.so.1
#6  0x0000000000462e8c in VulkanExample::prepareCompute() ()
#7  0x0000000000463f12 in VulkanExample::prepare() ()
#8  0x000000000044ec4a in main ()
(gdb) info locals
device = <optimized out>
spec_entries = 0x8db240
spirv_options = {lower_workgroup_access_to_offsets = true, caps = {float64 =
true, image_ms_array = false, tessellation = true, draw_parameters = true, 
    image_read_without_format = false, image_write_without_format = true, int64
= true, multiview = true, variable_pointers = true, storage_16bit = true}, 
  debug = {func = 0x0, private_data = 0x0}}
entry_point = <optimized out>
nir = <optimized out>
compiler = 0x7073b0
nir_options = 0x7ffff6226580 <scalar_nir_options>
spirv = 0x8ee0b8
num_spec_entries = 4
(gdb) disassemble 
Dump of assembler code for function anv_pipeline_compile:
...
   0x00007ffff5e31a4b <+251>:   mov    0x18(%rsp),%rdx
   0x00007ffff5e31a50 <+256>:   callq  0x7ffff61d5e20 <spirv_to_nir>
=> 0x00007ffff5e31a55 <+261>:   mov    0x18(%rax),%rbx
   0x00007ffff5e31a59 <+265>:   mov    0x20(%rsp),%rdi
...
(gdb) info registers rax rbx
rax            0x0      0
rbx            0x4      4
-------------------------------------------------

Vulkan validation layers don't give any errors.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-3d-bugs/attachments/20171211/d6c42cfe/attachment.html>

More information about the intel-3d-bugs mailing list