[Bug 107579] [SNB] The graphic corruption when we reuse the GS compiled and used for TFB when statebuffer contain magic trash in the unused space

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Wed Aug 15 12:08:18 UTC 2018 

https://bugs.freedesktop.org/show_bug.cgi?id=107579

            Bug ID: 107579
           Summary: [SNB] The graphic corruption when we reuse the GS
                    compiled and used for TFB when statebuffer contain
                    magic trash in the unused space
           Product: Mesa
           Version: 18.2
          Hardware: x86-64 (AMD64)
                OS: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: Drivers/DRI/i965
          Assignee: intel-3d-bugs at lists.freedesktop.org
          Reporter: andrey.simiklit at gmail.com
        QA Contact: intel-3d-bugs at lists.freedesktop.org

Created attachment 141105
  --> https://bugs.freedesktop.org/attachment.cgi?id=141105&action=edit
log with options INTEL_DEBUG=bat,buf

The graphic corruption when we reuse the Geometry Shader compiled and used at
least once for Transform Feedback
when "statebuffer" contains the magic trash in the unused space.

The apitrace, simple_reproduccer, screens will be attached shortly.
The log with option "INTEL_DEBUG=bat,buf" was attached.

After long investigation of this issue following details were found:

1. Sometimes this bug leads to GPU hang.

2. The bug appears on first glFlush (on "execbuffer" function when we are
sending the validation list to drmIoctl) 
    after drawing which is located after glEndTransformFeedback function. 
    One more point here it is mandatory to use the same shader which was used
for TFB.

3. The intel_sanitize_gpu util detects the "buffer out-of-bounds write" almost
in all BOs

4. The bug is reproduced if and only if:

    a. We use custom GS shader even if this shader implemented as passthrough 
       (output all input data as is without changes at all).

    b. We do not have to call "glDrawArray" function between 
       "glBeginTransformFeedback" and "glEndTransformFeedback" to reproduce
this issue.

    c. The "statebuffer" contains some magic trash in third dword.
        The 0xFFFFFFFF value is enough to reproduce. 
        There are few legal ways to put this trash to "statebuffer" according
to "brw_bo_alloc" implementation for example:
            1. Alloc several 16KB BOs filled by 0xFF using regular GL calls
            2. Use very big shaders to increase size of "program cache". It is
produce the 16KB freed buffer with some trash.

    d. We use the same "Kernel Start Pointer" in 3DSTATE_GS for drawing with
transform feedback and without.


Looks like the GS shader continue to write TFX after call the
glEndTransformFeedback function for some reason.


This bug is based on https://bugs.freedesktop.org/show_bug.cgi?id=91827 bug.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-3d-bugs/attachments/20180815/d52876c7/attachment.html>

More information about the intel-3d-bugs mailing list