Bug 99419 - Crash(Segmentation fault) si_shader_select in Master Of Orion
Summary: Crash(Segmentation fault) si_shader_select in Master Of Orion
Status: RESOLVED FIXED
Alias: None
Product: Mesa
Classification: Unclassified
Component: Drivers/Gallium/radeonsi (show other bugs)
Version: git
Hardware: Other All
: medium normal
Assignee: Default DRI bug account
QA Contact: Default DRI bug account
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-15 15:13 UTC by Andreas Schultes
Modified: 2017-01-21 20:30 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
Backtrace (5.76 KB, text/plain)
2017-01-15 15:13 UTC, Andreas Schultes 		Details
View All

Description Andreas Schultes 2017-01-15 15:13:14 UTC 
Created attachment 128966 [details]
Backtrace

To reproduce crash click on a dropdown menu in settings. 

Crash caused by passing a invalid LLVMTargetMachineRef object in si_shader_selector. Comment in si_shader.h says that should be only used in si_init_shader_selector_async but that is not the case. It is also used in si_build_shader_variant which called here also(see backtrace).

memorydump of tm object (frame 10)

x/60b sctx->tm
0x6c5b910:	224	219	246	103	41	127	0	0
0x6c5b918:	192	111	254	103	41	127	0	0
0x6c5b920:	0	0	0	0	0	0	0	0
0x6c5b928:	0	0	0	0	0	0	0	0
0x6c5b930:	72	185	197	6	0	0	0	0
0x6c5b938:	74	185	197	6	0	0	0	0
0x6c5b940:	80	185	197	6	0	0	0	0
0x6c5b948:	32	64	0	0

x/60b state->cso->tm
0x6c63ac0:	0	0	0	0	0	0	0	0
0x6c63ac8:	0	0	0	0	0	0	0	128
0x6c63ad0:	0	0	0	0	0	0	0	0
0x6c63ad8:	0	0	0	0	0	0	0	0
0x6c63ae0:	0	0	0	0	0	0	0	0
0x6c63ae8:	0	0	0	0	0	0	0	128
0x6c63af0:	0	0	0	0	0	0	0	0
0x6c63af8:	0	0	0	0

Adding state->cso->tm = sctx->tm; in si_shader_select prevents the crash. I don't think that also fix the bug. There is still an incorrect rendering.

//disam shader
s_load_dwordx4 s[4:7], s[10:11], 0x0                ; C00A0105 00000000
s_load_dwordx4 s[0:3], s[2:3], 0x0                  ; C00A0001 00000000
v_mov_b32_e32 v0, 1.0                               ; 7E0002F2
s_waitcnt lgkmcnt(0)                                ; BF8C007F
buffer_load_format_xyzw v[3:6], v4, s[4:7], 0 idxen ; E00C2000 80010304
s_buffer_load_dword s5, s[0:3], 0x4                 ; C0220140 00000004
s_buffer_load_dword s9, s[0:3], 0x14                ; C0220240 00000014
s_buffer_load_dword s4, s[0:3], 0x0                 ; C0220100 00000000
s_buffer_load_dword s8, s[0:3], 0x10                ; C0220200 00000010
s_buffer_load_dword s6, s[0:3], 0x8                 ; C0220180 00000008
s_buffer_load_dword s10, s[0:3], 0x18               ; C0220280 00000018
s_buffer_load_dword s7, s[0:3], 0xc                 ; C02201C0 0000000C
s_buffer_load_dword s0, s[0:3], 0x1c                ; C0220000 0000001C
s_waitcnt vmcnt(0) lgkmcnt(0)                       ; BF8C0070
v_mul_f32_e32 v1, s5, v4                            ; 0A020805
v_mul_f32_e32 v4, s9, v4                            ; 0A080809
v_mac_f32_e32 v1, s4, v3                            ; 2C020604
v_mac_f32_e32 v4, s8, v3                            ; 2C080608
v_mac_f32_e32 v1, s6, v5                            ; 2C020A06
v_mac_f32_e32 v4, s10, v5                           ; 2C080A0A
v_mac_f32_e32 v1, s7, v6                            ; 2C020C07
v_mac_f32_e32 v4, s0, v6                            ; 2C080C00
v_mov_b32_e32 v3, 0                                 ; 7E060280
exp pos0 v1, v4, v3, v0 done                        ; C40008CF 00030401
s_waitcnt expcnt(0)                                 ; BF8C0F0F
Comment 1 Marek Olšák 2017-01-18 21:38:25 UTC 
This should be fixed by: 35cd7551a443477147293e562d8c1adfbe00dea9
Please re-open this if you can still reproduce it.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.