[Bug 109304] GfxBench AztecRuins Vulkan version Segfault

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Jan 11 09:42:03 UTC 2019 

https://bugs.freedesktop.org/show_bug.cgi?id=109304

Eero Tamminen <eero.t.tamminen at intel.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |regression

--- Comment #1 from Eero Tamminen <eero.t.tamminen at intel.com> ---
Gdb tells:
--------------------------------------
(gdb) bt
#0  try_lower_tex_ycbcr (tex=0x7fffef8e2430, builder=0x7ffff3327b70,
layout=0x7fffef8249c0)
    at src/intel/vulkan/anv_nir_lower_ycbcr_textures.c:328
#1  anv_nir_lower_ycbcr_textures (shader=shader at entry=0x7fffee3037e0, 
    layout=layout at entry=0x7fffef8249c0)
    at src/intel/vulkan/anv_nir_lower_ycbcr_textures.c:464
#2  0x00007ffff23d7730 in anv_pipeline_lower_nir
(pipeline=pipeline at entry=0x7fffef005620, 
    mem_ctx=mem_ctx at entry=0x7fffef133700, stage=stage at entry=0x7ffff33313b0, 
    layout=layout at entry=0x7fffef8249c0)
    at src/intel/vulkan/anv_pipeline.c:500
#3  0x00007ffff23d9fef in anv_pipeline_compile_graphics
(pipeline=pipeline at entry=0x7fffef005620, 
    cache=cache at entry=0x7fffef0d1300, info=info at entry=0x7ffff33371d0)
    at src/intel/vulkan/anv_pipeline.c:1034
#4  0x00007ffff23db7bc in anv_pipeline_init
(pipeline=pipeline at entry=0x7fffef005620, 
    device=device at entry=0x7fffec37f460, cache=cache at entry=0x7fffef0d1300, 
    pCreateInfo=pCreateInfo at entry=0x7ffff33371d0, alloc=0x7fffec37f468,
alloc at entry=0x0)
    at src/intel/vulkan/anv_pipeline.c:1463
#5  0x00007ffff24fa676 in gen9_graphics_pipeline_create
(pPipeline=0x7fffee3562d0, pAllocator=0x0, 
    pCreateInfo=0x7ffff33371d0, cache=0x7fffef0d1300, _device=0x7fffec37f460)
    at src/intel/vulkan/genX_pipeline.c:1787
#6  gen9_CreateGraphicsPipelines (_device=0x7fffec37f460,
pipelineCache=0x7fffef0d1300, count=1, 
    pCreateInfos=<optimized out>, pAllocator=0x0, pPipelines=0x7fffee3562d0)
    at src/intel/vulkan/genX_pipeline.c:2001

(gdb) disassemble try_lower_tex_ycbcr
   0x00007ffff23d1549 <+281>:   mov    0x80(%r14),%ecx
   0x00007ffff23d1550 <+288>:   mov    0x78(%r14),%rsi
323:
   0x00007ffff23d1581 <+337>:   lea    0x44f7f8(%rip),%rcx
   0x00007ffff23d1588 <+344>:   lea    0x44f489(%rip),%rsi
   0x00007ffff23d158f <+351>:   lea    0x44f52a(%rip),%rdi
   0x00007ffff23d1596 <+358>:   mov    $0x143,%edx
   0x00007ffff23d159b <+363>:   callq  0x7ffff239bbf0 <__assert_fail at plt>
   0x00007ffff23d15a0 <+368>:   test   %eax,%eax
   0x00007ffff23d15a2 <+370>:   js     0x7ffff23d1581
<anv_nir_lower_ycbcr_textures+337>
   0x00007ffff23d15a4 <+372>:   cltq   
   0x00007ffff23d15a6 <+374>:   shl    $0x6,%rax
   0x00007ffff23d15aa <+378>:   add    %rax,%rsi
324-327:
   0x00007ffff23d162c <+508>:   movslq 0x3c(%rdx),%rax
   0x00007ffff23d163c <+524>:   shl    $0x4,%rax
328:
=> 0x00007ffff23d2458 <+4136>:  mov    0x3c,%eax
   0x00007ffff23d245f <+4143>:  ud2    
   0x00007ffff23d2461 <+4145>:  nopl   0x0(%rax)

(gdb) info registers rdx rax eax
rdx            0x7fffef424aa0   140737207487136
rax            0x5      5
eax            0x5      5

(gdb) up
#1  anv_nir_lower_ycbcr_textures (shader=shader at entry=0x7fffee3037e0, 
    layout=layout at entry=0x7fffef8249c0)
    at src/intel/vulkan/anv_nir_lower_ycbcr_textures.c:464
464     in src/intel/vulkan/anv_nir_lower_ycbcr_textures.c
(gdb) info locals
tex = <optimized out>
instr = 0x7fffef8e2430
__next = 0x7fffeef001c0
block = <optimized out>
function_progress = false
builder = {cursor = {option = nir_cursor_before_block, {block = 0x0, instr =
0x0}}, exact = false, 
  shader = 0x7fffee3037e0, impl = 0x7fffef919690}
function = <optimized out>
progress = <optimized out>
(gdb) print *instr
$2 = {node = {next = 0x7fffeef001c0, prev = 0x7fffeef00090}, block =
0x7fffef92d170, 
  type = nir_instr_type_tex, pass_flags = 1 '\001', index = 0}
(gdb) print *__next
$3 = {node = {next = 0x7fffeef002f0, prev = 0x7fffef8e2430}, block =
0x7fffef92d170, 
  type = nir_instr_type_alu, pass_flags = 1 '\001', index = 0}
--------------------------------------

Source code corresponding to try_lower_tex_ycbcr disassembly around the crash
is:
--------------------------------------
322: int deref_src_idx = nir_tex_instr_src_index(tex,
nir_tex_src_texture_deref);
323: assert(deref_src_idx >= 0);
324: nir_deref_instr *deref = nir_src_as_deref(tex->src[deref_src_idx].src);

326: nir_variable *var = nir_deref_instr_get_variable(deref);
327: const struct anv_descriptor_set_layout *set_layout =
328:   layout->set[var->data.descriptor_set].layout;
--------------------------------------

To me it seems that deref got invalid address.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-3d-bugs/attachments/20190111/c7764350/attachment.html>

More information about the intel-3d-bugs mailing list