turnip: use-after-free in shader compilation
I sometimes get
$ renderdoccmd remoteserver
renderdoccmd: ../src/util/ralloc.c:85: get_header: Assertion `info->canary == CANARY' failed.
when replaying traces. ASAN says
==15918==ERROR: AddressSanitizer: heap-use-after-free on address 0x007fa1b3bf80 at pc 0x007f9acc3ab4 bp 0x007f9c4bbf40 sp 0x007f9c4bbf50
READ of size 4 at 0x007fa1b3bf80 thread T4 (ActiveRemoteCli)
#0 0x7f9acc3ab0 in get_header ../src/util/ralloc.c:85
#1 0x7f9acc47e4 in ralloc_steal ../src/util/ralloc.c:313
#2 0x7f9a9d0d08 in tu_append_executable ../src/freedreno/vulkan/tu_pipeline.c:2390
#3 0x7f9a9d5af0 in tu_pipeline_builder_compile_shaders ../src/freedreno/vulkan/tu_pipeline.c:2879
#4 0x7f9a9e2b58 in tu_pipeline_builder_build ../src/freedreno/vulkan/tu_pipeline.c:3600
#5 0x7f9a9e4c18 in tu_graphics_pipeline_create ../src/freedreno/vulkan/tu_pipeline.c:3771
#6 0x7f9a9e4da8 in tu_CreateGraphicsPipelines ../src/freedreno/vulkan/tu_pipeline.c:3793
#7 0x7fa818fdb0 in bool WrappedVulkan::Serialise_vkCreateGraphicsPipelines<ReadSerialiser>(ReadSerialiser&, VkDevice_T*, VkPipelineCache_T*, unsigned int, VkGraphicsPipelineCreateInfo const*, VkAllocationCallbacks const*, VkPipeline_T**) /home/olv/projects/renderdoc/renderdoc/driver/vulkan/wrappers/vk_shader_funcs.cpp:437
#8 0x7fa7abc470 in WrappedVulkan::ProcessChunk(ReadSerialiser&, VulkanChunk) /home/olv/projects/renderdoc/renderdoc/driver/vulkan/vk_core.cpp:3180
#9 0x7fa7ab9f18 in WrappedVulkan::ReadLogInitialisation(RDCFile*, bool) /home/olv/projects/renderdoc/renderdoc/driver/vulkan/vk_core.cpp:2578
#10 0x7fa7c65a84 in VulkanReplay::ReadLogInitialisation(RDCFile*, bool) /home/olv/projects/renderdoc/renderdoc/driver/vulkan/vk_replay.cpp:224
#11 0x7fa85bc3d0 in ActiveRemoteClientThread /home/olv/projects/renderdoc/renderdoc/core/remote_server.cpp:554
#12 0x7fa85be1e0 in operator() /home/olv/projects/renderdoc/renderdoc/core/remote_server.cpp:1108
#13 0x7fa85c44fc in __invoke_impl<void, RenderDoc::BecomeRemoteServer(const rdcstr&, uint16_t, std::function<bool()>, RENDERDOC_PreviewWindowCallback)::<lambda()>&> /usr/include/c++/11.2.0/bits/invoke.h:61
#14 0x7fa85c3fe0 in __invoke_r<void, RenderDoc::BecomeRemoteServer(const rdcstr&, uint16_t, std::function<bool()>, RENDERDOC_PreviewWindowCallback)::<lambda()>&> /usr/include/c++/11.2.0/bits/invoke.h:154
#15 0x7fa85c3850 in _M_invoke /usr/include/c++/11.2.0/bits/std_function.h:291
#16 0x7fa8643138 in std::function<void ()>::operator()() const /usr/include/c++/11.2.0/bits/std_function.h:560
#17 0x7fa8a4a110 in sThreadInit /home/olv/projects/renderdoc/renderdoc/os/posix/posix_threading.cpp:173
#18 0x7fa74037f4 in start_thread (/usr/lib/libc.so.6+0x837f4)
#19 0x7fa746c558 in thread_start (/usr/lib/libc.so.6+0xec558)
0x007fa1b3bf80 is located 0 bytes inside of 1456-byte region [0x007fa1b3bf80,0x007fa1b3c530)
freed by thread T4 (ActiveRemoteCli) here:
#0 0x7fac352984 in __interceptor_free /usr/src/debug/gcc/libsanitizer/asan/asan_malloc_linux.cpp:127
#1 0x7f9acc47a4 in unsafe_free ../src/util/ralloc.c:302
#2 0x7f9acc4720 in unsafe_free ../src/util/ralloc.c:295
#3 0x7f9acc4400 in ralloc_free ../src/util/ralloc.c:265
#4 0x7f9ab85ae4 in ir3_shader_destroy ../src/freedreno/ir3/ir3_shader.c:497
#5 0x7f9aa09a50 in tu_shader_destroy ../src/freedreno/vulkan/tu_shader.c:818
#6 0x7f9a9d59ec in tu_pipeline_builder_compile_shaders ../src/freedreno/vulkan/tu_pipeline.c:2868
#7 0x7f9a9e2b58 in tu_pipeline_builder_build ../src/freedreno/vulkan/tu_pipeline.c:3600
#8 0x7f9a9e4c18 in tu_graphics_pipeline_create ../src/freedreno/vulkan/tu_pipeline.c:3771
#9 0x7f9a9e4da8 in tu_CreateGraphicsPipelines ../src/freedreno/vulkan/tu_pipeline.c:3793
#10 0x7fa818fdb0 in bool WrappedVulkan::Serialise_vkCreateGraphicsPipelines<ReadSerialiser>(ReadSerialiser&, VkDevice_T*, VkPipelineCache_T*, unsigned int, VkGraphicsPipelineCreateInfo const*, VkAllocationCallbacks const*, VkPipeline_T**) /home/olv/projects/renderdoc/renderdoc/driver/vulkan/wrappers/vk_shader_funcs.cpp:437
#11 0x7fa7abc470 in WrappedVulkan::ProcessChunk(ReadSerialiser&, VulkanChunk) /home/olv/projects/renderdoc/renderdoc/driver/vulkan/vk_core.cpp:3180
#12 0x7fa7ab9f18 in WrappedVulkan::ReadLogInitialisation(RDCFile*, bool) /home/olv/projects/renderdoc/renderdoc/driver/vulkan/vk_core.cpp:2578
#13 0x7fa7c65a84 in VulkanReplay::ReadLogInitialisation(RDCFile*, bool) /home/olv/projects/renderdoc/renderdoc/driver/vulkan/vk_replay.cpp:224
#14 0x7fa85bc3d0 in ActiveRemoteClientThread /home/olv/projects/renderdoc/renderdoc/core/remote_server.cpp:554
#15 0x7fa85be1e0 in operator() /home/olv/projects/renderdoc/renderdoc/core/remote_server.cpp:1108
#16 0x7fa85c44fc in __invoke_impl<void, RenderDoc::BecomeRemoteServer(const rdcstr&, uint16_t, std::function<bool()>, RENDERDOC_PreviewWindowCallback)::<lambda()>&> /usr/include/c++/11.2.0/bits/invoke.h:61
#17 0x7fa85c3fe0 in __invoke_r<void, RenderDoc::BecomeRemoteServer(const rdcstr&, uint16_t, std::function<bool()>, RENDERDOC_PreviewWindowCallback)::<lambda()>&> /usr/include/c++/11.2.0/bits/invoke.h:154
#18 0x7fa85c3850 in _M_invoke /usr/include/c++/11.2.0/bits/std_function.h:291
#19 0x7fa8643138 in std::function<void ()>::operator()() const /usr/include/c++/11.2.0/bits/std_function.h:560
#20 0x7fa8a4a110 in sThreadInit /home/olv/projects/renderdoc/renderdoc/os/posix/posix_threading.cpp:173
#21 0x7fa74037f4 in start_thread (/usr/lib/libc.so.6+0x837f4)
#22 0x7fa746c558 in thread_start (/usr/lib/libc.so.6+0xec558)
previously allocated by thread T4 (ActiveRemoteCli) here:
#0 0x7fac352d00 in __interceptor_malloc /usr/src/debug/gcc/libsanitizer/asan/asan_malloc_linux.cpp:145
#1 0x7f9acc3c3c in ralloc_size ../src/util/ralloc.c:120
#2 0x7f9b0c77e8 in nir_shader_as_str_annotated ../src/compiler/nir/nir_print.c:1777
#3 0x7f9b0c7934 in nir_shader_as_str ../src/compiler/nir/nir_print.c:1789
#4 0x7f9ab856b4 in create_variant ../src/freedreno/ir3/ir3_shader.c:423
#5 0x7f9ab85828 in ir3_shader_create_variant ../src/freedreno/ir3/ir3_shader.c:449
#6 0x7f9a9d55f8 in tu_pipeline_builder_compile_shaders ../src/freedreno/vulkan/tu_pipeline.c:2836
#7 0x7f9a9e2b58 in tu_pipeline_builder_build ../src/freedreno/vulkan/tu_pipeline.c:3600
#8 0x7f9a9e4c18 in tu_graphics_pipeline_create ../src/freedreno/vulkan/tu_pipeline.c:3771
#9 0x7f9a9e4da8 in tu_CreateGraphicsPipelines ../src/freedreno/vulkan/tu_pipeline.c:3793
#10 0x7fa818fdb0 in bool WrappedVulkan::Serialise_vkCreateGraphicsPipelines<ReadSerialiser>(ReadSerialiser&, VkDevice_T*, VkPipelineCache_T*, unsigned int, VkGraphicsPipelineCreateInfo const*, VkAllocationCallbacks const*, VkPipeline_T**) /home/olv/projects/renderdoc/renderdoc/driver/vulkan/wrappers/vk_shader_funcs.cpp:437
#11 0x7fa7abc470 in WrappedVulkan::ProcessChunk(ReadSerialiser&, VulkanChunk) /home/olv/projects/renderdoc/renderdoc/driver/vulkan/vk_core.cpp:3180
#12 0x7fa7ab9f18 in WrappedVulkan::ReadLogInitialisation(RDCFile*, bool) /home/olv/projects/renderdoc/renderdoc/driver/vulkan/vk_core.cpp:2578
#13 0x7fa7c65a84 in VulkanReplay::ReadLogInitialisation(RDCFile*, bool) /home/olv/projects/renderdoc/renderdoc/driver/vulkan/vk_replay.cpp:224
#14 0x7fa85bc3d0 in ActiveRemoteClientThread /home/olv/projects/renderdoc/renderdoc/core/remote_server.cpp:554
#15 0x7fa85be1e0 in operator() /home/olv/projects/renderdoc/renderdoc/core/remote_server.cpp:1108
#16 0x7fa85c44fc in __invoke_impl<void, RenderDoc::BecomeRemoteServer(const rdcstr&, uint16_t, std::function<bool()>, RENDERDOC_PreviewWindowCallback)::<lambda()>&> /usr/include/c++/11.2.0/bits/invoke.h:61
#17 0x7fa85c3fe0 in __invoke_r<void, RenderDoc::BecomeRemoteServer(const rdcstr&, uint16_t, std::function<bool()>, RENDERDOC_PreviewWindowCallback)::<lambda()>&> /usr/include/c++/11.2.0/bits/invoke.h:154
#18 0x7fa85c3850 in _M_invoke /usr/include/c++/11.2.0/bits/std_function.h:291
#19 0x7fa8643138 in std::function<void ()>::operator()() const /usr/include/c++/11.2.0/bits/std_function.h:560
#20 0x7fa8a4a110 in sThreadInit /home/olv/projects/renderdoc/renderdoc/os/posix/posix_threading.cpp:173
#21 0x7fa74037f4 in start_thread (/usr/lib/libc.so.6+0x837f4)
#22 0x7fa746c558 in thread_start (/usr/lib/libc.so.6+0xec558)