<html>
    <head>
      <base href="https://bugs.freedesktop.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Vulkan shader compiler crashes to NULL pointer access with compute shaders"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=104213">104213</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Vulkan shader compiler crashes to NULL pointer access with compute shaders
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>Mesa
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>git
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Other
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Drivers/DRI/i965
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>intel-3d-bugs@lists.freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>eero.t.tamminen@intel.com
          </td>
        </tr>

        <tr>
          <th>QA Contact</th>
          <td>intel-3d-bugs@lists.freedesktop.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Between following commits:
2017-12-05 13:47:04 UTC: 20d37da597 "Android: enable noreturn and
returns_nonnull attributes"
2017-12-06 18:31:33 UTC: 31d403160f "meson: fix keyword argument in
declare_dependency()"

Mesa has started to segfault to NULL pointer access during compute shader
compilation.  This happens at least with Sacha Willems Compute N-body demo and
GfxBench Aztec Ruins Vulkan version.

Crash is here:
-------------------------------------------------
Program received signal SIGSEGV, Segmentation fault.
anv_shader_compile_to_nir (pipeline=0x8e2570, pipeline=0x8e2570,
spec_info=0x7073b0, stage=MESA_SHADER_COMPUTE, entrypoint_name=0x7fffffffb380
"", 
    module=0x8ee0a0, mem_ctx=0x823770) at src/intel/vulkan/anv_pipeline.c:153
153        nir_shader *nir = entry_point->shader;
(gdb) bt
#0  anv_shader_compile_to_nir (pipeline=0x8e2570, pipeline=0x8e2570,
spec_info=0x7073b0, stage=MESA_SHADER_COMPUTE, entrypoint_name=0x7fffffffb380
"", 
    module=0x8ee0a0, mem_ctx=0x823770) at src/intel/vulkan/anv_pipeline.c:153
#1  anv_pipeline_compile (pipeline=pipeline@entry=0x8e2570,
mem_ctx=mem_ctx@entry=0x823770, module=module@entry=0x8ee0a0, 
    entrypoint=entrypoint@entry=0x498ae2 "main",
stage=stage@entry=MESA_SHADER_COMPUTE,
spec_info=spec_info@entry=0x7fffffffe410, prog_data=0x7fffffffb380, 
    map=0x7fffffffb2d0) at src/intel/vulkan/anv_pipeline.c:395
#2  0x00007ffff5e332ac in anv_pipeline_compile_cs
(pipeline=pipeline@entry=0x8e2570, cache=cache@entry=0x826350,
info=info@entry=0x7fffffffe4e0, 
    module=0x8ee0a0, entrypoint=0x498ae2 "main", spec_info=0x7fffffffe410) at
src/intel/vulkan/anv_pipeline.c:994
#3  0x00007ffff5fc0d07 in compute_pipeline_create
(_device=_device@entry=0x8b22e0, cache=cache@entry=0x826350,
pCreateInfo=pCreateInfo@entry=0x7fffffffe4e0, 
    pAllocator=pAllocator@entry=0x0, pPipeline=pPipeline@entry=0x6dda30) at
src/intel/vulkan/genX_pipeline.c:1770
#4  0x00007ffff5fd37f6 in gen9_CreateComputePipelines (_device=0x8b22e0,
pipelineCache=0x826350, count=1, pCreateInfos=<optimized out>, pAllocator=0x0, 
    pPipelines=0x6dda30) at src/intel/vulkan/genX_pipeline.c:1895
#5  0x00007ffff7bb0c65 in vkCreateComputePipelines () from libvulkan.so.1
#6  0x0000000000462e8c in VulkanExample::prepareCompute() ()
#7  0x0000000000463f12 in VulkanExample::prepare() ()
#8  0x000000000044ec4a in main ()
(gdb) info locals
device = <optimized out>
spec_entries = 0x8db240
spirv_options = {lower_workgroup_access_to_offsets = true, caps = {float64 =
true, image_ms_array = false, tessellation = true, draw_parameters = true, 
    image_read_without_format = false, image_write_without_format = true, int64
= true, multiview = true, variable_pointers = true, storage_16bit = true}, 
  debug = {func = 0x0, private_data = 0x0}}
entry_point = <optimized out>
nir = <optimized out>
compiler = 0x7073b0
nir_options = 0x7ffff6226580 <scalar_nir_options>
spirv = 0x8ee0b8
num_spec_entries = 4
(gdb) disassemble 
Dump of assembler code for function anv_pipeline_compile:
...
   0x00007ffff5e31a4b <+251>:   mov    0x18(%rsp),%rdx
   0x00007ffff5e31a50 <+256>:   callq  0x7ffff61d5e20 <spirv_to_nir>
=> 0x00007ffff5e31a55 <+261>:   mov    0x18(%rax),%rbx
   0x00007ffff5e31a59 <+265>:   mov    0x20(%rsp),%rdi
...
(gdb) info registers rax rbx
rax            0x0      0
rbx            0x4      4
-------------------------------------------------

Vulkan validation layers don't give any errors.</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the assignee for the bug.</li>
          <li>You are the QA Contact for the bug.</li>
      </ul>
    </body>
</html>