[Bug 104246] Talos Principle Vulkan version crash: spirv_to_nir() returns NULL entry_point
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed Dec 13 16:32:09 UTC 2017
https://bugs.freedesktop.org/show_bug.cgi?id=104246
Bug ID: 104246
Summary: Talos Principle Vulkan version crash: spirv_to_nir()
returns NULL entry_point
Product: Mesa
Version: git
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: medium
Component: Drivers/DRI/i965
Assignee: intel-3d-bugs at lists.freedesktop.org
Reporter: eero.t.tamminen at intel.com
QA Contact: intel-3d-bugs at lists.freedesktop.org
Setup:
- KBL GT3e
- Ubuntu 16.04
- Mesa git version
- Latest Talos Principle available from Steam downloaded
- Steam game launch options set to use Vulkan: "%command% +gfxStrAPI VLK"
- Talos Gfx options set to high GPU speed
Test-case:
- Start Talos Principle
Expected outcome:
- Talos starts, like with Mesa commit "mesa-17.3.0"
Actual outcome:
- Talos Principle segfaults before showing anything
Crash is because of NULL pointer access in spirv->nir fragment shader
compilation:
---------------------------------------------------------
Thread 1 "Talos" received signal SIGSEGV, Segmentation fault.
anv_shader_compile_to_nir (pipeline=0x5142730, pipeline=0x5142730,
spec_info=0x0, stage=MESA_SHADER_FRAGMENT, entrypoint_name=0x7fffffff90d0 "",
module=0x3c69600, mem_ctx=0x37a8170) at
../../../src/intel/vulkan/anv_pipeline.c:153
153 nir_shader *nir = entry_point->shader;
(gdb) bt
#0 anv_shader_compile_to_nir (pipeline=0x5142730, pipeline=0x5142730,
spec_info=0x0, stage=MESA_SHADER_FRAGMENT, entrypoint_name=0x7fffffff90d0 "",
module=0x3c69600, mem_ctx=0x37a8170) at
../../../src/intel/vulkan/anv_pipeline.c:153
#1 anv_pipeline_compile (pipeline=pipeline at entry=0x5142730,
mem_ctx=mem_ctx at entry=0x37a8170, module=module at entry=0x3c69600,
entrypoint=entrypoint at entry=0x237b915 "main",
stage=stage at entry=MESA_SHADER_FRAGMENT, spec_info=spec_info at entry=0x0,
prog_data=0x7fffffff90d0,
map=0x7fffffff8ff0) at ../../../src/intel/vulkan/anv_pipeline.c:395
#2 0x00007fffe6056162 in anv_pipeline_compile_fs
(pipeline=pipeline at entry=0x5142730, cache=cache at entry=0x3923c20,
info=info at entry=0x7fffecabf8f0,
module=module at entry=0x3c69600, entrypoint=0x237b915 "main", spec_info=0x0)
at ../../../src/intel/vulkan/anv_pipeline.c:871
#3 0x00007fffe605793e in anv_pipeline_init (pipeline=pipeline at entry=0x5142730,
device=device at entry=0x3c059c0, cache=cache at entry=0x3923c20,
pCreateInfo=pCreateInfo at entry=0x7fffecabf8f0, alloc=0x3c059c8,
alloc at entry=0x0) at ../../../src/intel/vulkan/anv_pipeline.c:1347
#4 0x00007fffe61f28cf in gen9_graphics_pipeline_create
(pPipeline=0x7fffffffcd80, pAllocator=0x0, pCreateInfo=0x7fffecabf8f0,
cache=0x3923c20,
_device=0x3c059c0) at ../../../src/intel/vulkan/genX_pipeline.c:1661
#5 gen9_CreateGraphicsPipelines (_device=0x3c059c0, pipelineCache=0x3923c20,
count=1, pCreateInfos=<optimized out>, pAllocator=0x0,
pPipelines=0x7fffffffcd80)
at ../../../src/intel/vulkan/genX_pipeline.c:1864
(gdb) list anv_shader_compile_to_nir
...
149 nir_function *entry_point =
150 spirv_to_nir(spirv, module->size / 4,
151 spec_entries, num_spec_entries,
152 stage, entrypoint_name, &spirv_options,
nir_options);
153 nir_shader *nir = entry_point->shader;
(gdb) disassemble
Dump of assembler code for function anv_pipeline_compile:
...
0x00007fffe6055a50 <+256>: callq 0x7fffe63fa130 <spirv_to_nir>
=> 0x00007fffe6055a55 <+261>: mov 0x18(%rax),%rbx
0x00007fffe6055a59 <+265>: mov 0x20(%rsp),%rdi
(gdb) info registers rax rbx
rax 0x0 0
rbx 0x0 0
---------------------------------------------------------
In case it matters, here are variable values & struct contents:
---------------------------------------------------------
(gdb) info locals
device = <optimized out>
spec_entries = 0x0
spirv_options = {lower_workgroup_access_to_offsets = true, caps = {float64 =
true, image_ms_array = false, tessellation = true, draw_parameters = true,
image_read_without_format = false, image_write_without_format = true, int64
= true, multiview = true, variable_pointers = true, storage_16bit = true},
debug = {func = 0x0, private_data = 0x0}}
entry_point = <optimized out>
nir = <optimized out>
compiler = 0x39d2330
nir_options = 0x7fffe644afc0 <scalar_nir_options>
spirv = 0x3c69618
num_spec_entries = 0
(gdb) print *module
$7 = {sha1 = "Y%cewe\242\022\065\064\225\t\354ͥ\222\222A\333 ", size = 1664,
data = 0x3c69618 "\003\002#\a"}
(gdb) print *nir_options
$1 = {lower_fdiv = true, lower_ffma = false, fuse_ffma = false, lower_flrp32 =
false, lower_flrp64 = true, lower_fpow = false, lower_fsat = false,
lower_fsqrt = false, lower_fmod32 = true, lower_fmod64 = false,
lower_bitfield_extract = true, lower_bitfield_insert = true, lower_uadd_carry =
true,
lower_usub_borrow = true, lower_negate = false, lower_sub = true, lower_scmp
= true, lower_idiv = false, fdot_replicates = false, lower_ffract = false,
lower_pack_half_2x16 = true, lower_pack_unorm_2x16 = true,
lower_pack_snorm_2x16 = true, lower_pack_unorm_4x8 = true, lower_pack_snorm_4x8
= true,
lower_unpack_half_2x16 = true, lower_unpack_unorm_2x16 = true,
lower_unpack_snorm_2x16 = true, lower_unpack_unorm_4x8 = true,
lower_unpack_snorm_4x8 = true,
lower_extract_byte = false, lower_extract_word = false, native_integers =
true, vertex_id_zero_based = true, lower_cs_local_index_from_id = false,
use_interpolated_input_intrinsics = true, max_unroll_iterations = 32}
---------------------------------------------------------
Debug output I got by prefixing launch options with:
gdbserver 127.0.0.1:1234
And in another terminal doing:
(gdb) target remote :1234
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-3d-bugs/attachments/20171213/47d08493/attachment-0001.html>
More information about the intel-3d-bugs
mailing list