Bug 107275 - NIR segfaults after spirv-opt
Summary: NIR segfaults after spirv-opt
Alias: None
Product: Mesa
Classification: Unclassified
Component: Drivers/Vulkan/Common (show other bugs)
Version: git
Hardware: Other All
: medium normal
Assignee: mesa-dev
QA Contact:
Depends on:
Reported: 2018-07-18 11:51 UTC by maister
Modified: 2018-08-15 21:31 UTC (History)
4 users (show)

See Also:
i915 platform:
i915 features:

Repro dump (68.43 KB, application/json)
2018-07-18 11:51 UTC, maister

Note You need to log in before you can comment on or make changes to this bug.
Description maister 2018-07-18 11:51:15 UTC
Created attachment 140687 [details]
Repro dump

I get a segfault when trying to compile a compute SPIR-V with a particular pattern.

git clone git://github.com/Themaister/Fossilize
cd Fossilize
git submodule update --init
mkdir build
cd build
cmake ..
make -j8
./cli/fossilize-replay fossilize.json

# Disasm
./cli/fossilize-disasm /tmp/fossilize.json --compute-pipeline 2 --target glsl
./cli/fossilize-disasm /tmp/fossilize.json --compute-pipeline 2 --target asm

Fossilize INFO: Creating render pass #0
Fossilize INFO:  ... Succeeded!
Fossilize INFO: Creating compute pipeline #0
Fossilize INFO:  ... Succeeded!
Fossilize INFO: Creating compute pipeline #1
Fossilize INFO:  ... Succeeded!
Fossilize INFO: Creating compute pipeline #2

Thread 1 "fossilize-repla" received signal SIGSEGV, Segmentation fault.
0x00007ffff66ed5e0 in exec_node_insert_after (n=0x555556a6eb10, after=0x555556a531d0) at ../../src/compiler/glsl/list.h:164
164	   n->next->prev = after;
(gdb) bt
#0  0x00007ffff66ed5e0 in exec_node_insert_after (n=0x555556a6eb10, after=0x555556a531d0) at ../../src/compiler/glsl/list.h:164
#1  0x00007ffff66ee77a in split_block_end (block=0x555556a6eb10) at nir/nir_control_flow.c:340
#2  0x00007ffff66ee8ca in split_block_cursor (cursor=..., _before=0x7fffffffd158, _after=0x7fffffffd160) at nir/nir_control_flow.c:392
#3  0x00007ffff66ef39b in nir_cf_reinsert (cf_list=0x7fffffffd270, cursor=...) at nir/nir_control_flow.c:716
#4  0x00007ffff67219e6 in opt_peel_loop_initial_if (loop=0x5555569dbe60) at nir/nir_opt_if.c:198
#5  0x00007ffff672207d in opt_if_cf_list (b=0x7fffffffd330, cf_list=0x5555569890f8) at nir/nir_opt_if.c:372
#6  0x00007ffff6722121 in nir_opt_if (shader=0x5555569d29a0) at nir/nir_opt_if.c:396
#7  0x00007ffff666857b in radv_optimize_nir (shader=0x5555569d29a0, optimize_conservatively=false) at radv_shader.c:143
#8  0x00007ffff666a250 in radv_shader_compile_to_nir (device=0x555555a4c940, module=0x555556a68860, entrypoint_name=0x555556ab7ad0 "main", 
    stage=MESA_SHADER_COMPUTE, spec_info=0x0, flags=0) at radv_shader.c:318
#9  0x00007ffff6660e9d in radv_create_shaders (pipeline=0x5555569f60a0, device=0x555555a4c940, cache=0x0, key=..., pStages=0x7fffffffde80, flags=0)
    at radv_pipeline.c:2025
#10 0x00007ffff6665160 in radv_compute_pipeline_create (_device=0x555555a4c940, _cache=0x0, pCreateInfo=0x555556ab7a50, pAllocator=0x0, 
    pPipeline=0x55555686de20) at radv_pipeline.c:3639
#11 0x00007ffff66652e5 in radv_CreateComputePipelines (_device=0x555555a4c940, pipelineCache=0x0, count=1, pCreateInfos=0x555556ab7a50, pAllocator=0x0, 
    pPipelines=0x55555686de20) at radv_pipeline.c:3669
#12 0x0000555555557f0d in DumbReplayer::enqueue_create_compute_pipeline(unsigned long, unsigned int, VkComputePipelineCreateInfo const*, VkPipeline_T**) ()
#13 0x0000555555564cfb in Fossilize::StateReplayer::Impl::parse_compute_pipelines(Fossilize::StateCreatorInterface&, rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator> > const&) ()
#14 0x0000555555573452 in Fossilize::StateReplayer::Impl::parse(Fossilize::StateCreatorInterface&, void const*, unsigned long) ()
#15 0x0000555555556530 in main ()
Comment 1 maister 2018-07-18 11:51:39 UTC
n->next is NULL here.
Comment 2 Bas Nieuwenhuizen 2018-07-18 12:30:43 UTC


fix this?
Comment 3 maister 2018-07-18 13:49:46 UTC
Yes, doesn't segfault now. Seems to work as expected.
Comment 4 Dylan Baker 2018-08-15 21:31:29 UTC
The patch for this was merged, this should be fixed.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.