ir_dereference_record nullptr segfault in radeonsi_dri.so
Submitted by cla..@...co.uk
Assigned to mes..@..op.org
Link to original bug (#108498)
Description
Created attachment 142095 tarball of GLSL source code for use in Fragmentarium
I'm using $ apt-cache policy libgl1-mesa-dri libgl1-mesa-dri: Installed: 18.1.7-1 Candidate: 18.1.7-1 Version table: 18.2.0-1 1 1 http://ftp.uk.debian.org/debian experimental/main amd64 Packages 18.1.9-1 500 500 http://ftp.uk.debian.org/debian unstable/main amd64 Packages *** 18.1.7-1 990 990 http://ftp.uk.debian.org/debian buster/main amd64 Packages 100 /var/lib/dpkg/status
I will try to compile upstream Mesa soon to see if it is a Debian-specific issue, or whether it has already been fixed in a later version.
Fragmentarium (from https://github.com/3Dickulus/FragM ) crashes inside radeonsi_dri.so when I try to compile part of a large shader project (~50kB of GLSL transcluded from the main 'raymond/example.frag'). The problematic part is the last half of 'raymond/Raymond-Trace.frag' in the attached tarball, setting #if 0 stops it from crashing and emits an error message in the shader compile log about missing function definitions (this is expected, the hard crash with #if 1 is not).
It seems to be caused by something that passes a nullptr as a field name in compiler/glsl/ir.cpp:1401, gdb backtrace is large:
Thread 1 "Fragmentarium-2" received signal SIGSEGV, Segmentation fault. __strcmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:173 173 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory.
(gdb) bt
#0 0x00007ffff64c40b6 in __strcmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:173
#1 0x00007fffe24c7d6d in glsl_type::field_type(char const*) const (this=<optimized out>, name=name@entry=0x0) at ../../../src/compiler/glsl_types.cpp:1228
#2 0x00007fffe24cba3f in ir_dereference_record::ir_dereference_record(ir_rvalue*, char const*) (this=0x555556f46e00, value=<optimized out>, field=0x0) at ../../../src/compiler/glsl/ir.cpp:1401
#3 0x00007fffe24ce720 in ir_dereference_record::clone(void*, hash_table*) const (this=<optimized out>, mem_ctx=<optimized out>, ht=<optimized out>) at ../../../src/compiler/glsl/list.h:58
#4 0x00007fffe2456ab4 in ast_expression::do_hir(exec_list*, _mesa_glsl_parse_state*, bool) (this=0x555556d12bf8, instructions=0x555556f459d0, state=0x555556341530, needs_rvalue=<optimized out>)
at ../../../src/compiler/glsl/ast.h:86
#5 0x00007fffe2458b43 in ast_expression_statement::hir(exec_list*, _mesa_glsl_parse_state*) (this=<optimized out>, instructions=<optimized out>, state=<optimized out>)
at ../../../src/compiler/glsl/ast_to_hir.cpp:2228
#6 0x00007fffe2458b9f in ast_compound_statement::hir(exec_list*, _mesa_glsl_parse_state*) (this=0x555556d12cc8, instructions=0x555556f459d0, state=0x555556341530)
at ../../../src/compiler/glsl/ast_to_hir.cpp:2244
#7 0x00007fffe2460f0e in ast_iteration_statement::hir(exec_list*, _mesa_glsl_parse_state*) (this=0x555556d12d28, instructions=<optimized out>, state=0x555556341530)
at ../../../src/compiler/glsl/ast_to_hir.cpp:6902
#8 0x00007fffe2458b9f in ast_compound_statement::hir(exec_list*, _mesa_glsl_parse_state*) (this=0x555556d12e70, instructions=0x555556ff6690, state=0x555556341530)
at ../../../src/compiler/glsl/ast_to_hir.cpp:2244
#9 0x00007fffe245f462 in ast_function_definition::hir(exec_list*, _mesa_glsl_parse_state*) (this=0x555556d12ed0, instructions=<optimized out>, state=0x555556341530)
at ../../../src/compiler/glsl/ast_to_hir.cpp:6182
#10 0x00007fffe2455b70 in _mesa_ast_to_hir(exec_list*, _mesa_glsl_parse_state*) (instructions=0x5555564c7570, state=0x555556341530) at ../../../src/compiler/glsl/ast_to_hir.cpp:156
#11 0x00007fffe24b9551 in _mesa_glsl_compile_shader(gl_context*, gl_shader*, bool, bool, bool) (ctx=ctx@entry=0x55555604a230, shader=shader@entry=0x555556496b40, dump_ast=dump_ast@entry=false, dump_hir=dump_hir@entry=false, force_recompile=force_recompile@entry=false) at ../../../src/compiler/glsl/glsl_parser_extras.cpp:2106
#12 0x00007fffe235b4d0 in _mesa_compile_shader (ctx=0x55555604a230, sh=0x555556496b40) at ../../../src/mesa/main/shaderapi.c:1131
#13 0x00007ffff748697f in QOpenGLFunctions::glCompileShader(unsigned int) (this=<optimized out>, shader=6) at opengl/qopenglfunctions.h:1280
#14 0x00007ffff748697f in QOpenGLShaderPrivate::compile(QOpenGLShader*) (this=this@entry=0x555556485120, q=q@entry=0x5555563adf10) at opengl/qopenglshaderprogram.cpp:352
#15 0x00007ffff7487275 in QOpenGLShader::compileSourceCode(char const*) (this=this@entry=0x5555563adf10, source=source@entry=0x555556b80488 "#version 330 compatibility\n// #donotrun\n\nconst float pi = 3.141592653589793;\nconst vec3 X = vec3(1.0, 0.0, 0.0);\nconst vec3 Y = vec3(0.0, 1.0, 0.0);\nconst vec3 Z = vec3(0.0, 0.0, 1.0);\n\n// #donotrun\n\n"...) at opengl/qopenglshaderprogram.cpp:678
#16 0x00007ffff748ce2e in QOpenGLShaderProgram::addShaderFromSourceCode(QFlags<QOpenGLShader::ShaderTypeBit>, char const*) (this=this@entry=0x7fffec005bf0, type=..., source=0x555556b80488 "#version 330 compatibility\n// #donotrun\n\nconst float pi = 3.141592653589793;\nconst vec3 X = vec3(1.0, 0.0, 0.0);\nconst vec3 Y = vec3(0.0, 1.0, 0.0);\nconst vec3 Z = vec3(0.0, 0.0, 1.0);\n\n// #donotrun\n\n"...)
at opengl/qopenglshaderprogram.cpp:980
#17 0x00007ffff748cf8b in QOpenGLShaderProgram::addShaderFromSourceCode(QFlags<QOpenGLShader::ShaderTypeBit>, QString const&) (this=0x7fffec005bf0, type=..., source=...)
at ../../include/QtCore/../../src/corelib/tools/qarraydata.h:206
#18 0x00005555555e0acd in Fragmentarium::GUI::DisplayWidget::initFragmentShader() (this=0x5555558e0c00)
at /home/claude/code/github.com/3Dickulus/FragM/Fragmentarium-Source/Fragmentarium/GUI/DisplayWidget.cpp:439
#19 0x00005555555deeaf in Fragmentarium::GUI::DisplayWidget::setFragmentShader(Fragmentarium::Parser::FragmentSource) (this=0x5555558e0c00, fs=...)
at /home/claude/code/github.com/3Dickulus/FragM/Fragmentarium-Source/Fragmentarium/GUI/DisplayWidget.cpp:183
#20 0x000055555561b6f2 in Fragmentarium::GUI::MainWindow::initializeFragment() (this=0x555555852650) at /home/claude/code/github.com/3Dickulus/FragM/Fragmentarium-Source/Fragmentarium/GUI/MainWindow.cpp:2239
#21 0x0000555555684895 in Fragmentarium::GUI::MainWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (_o=0x555555852650, _c=QMetaObject::InvokeMetaMethod, _id=35, _a=0x7fffffffcfd0)
at /home/claude/code/github.com/3Dickulus/FragM/Fragmentarium-Source/build/Fragmentarium-2.5.0_autogen/S5HU6OSMQS/moc_MainWindow.cpp:456
#22 0x00007ffff6b107cb in QMetaObject::activate(QObject*, int, int, void**) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#23 0x00007ffff7731ef2 in QAction::triggered(bool) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#24 0x00007ffff7734500 in QAction::activate(QAction::ActionEvent) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#25 0x00007ffff781fd2d in () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#26 0x00007ffff781ff65 in QAbstractButton::mouseReleaseEvent(QMouseEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#27 0x00007ffff7909cba in QToolButton::mouseReleaseEvent(QMouseEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#28 0x00007ffff77767d8 in QWidget::event(QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#29 0x00007ffff7909d63 in QToolButton::event(QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#30 0x00007ffff77384a1 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#31 0x00007ffff773fd28 in QApplication::notify(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#32 0x00007ffff6ae7589 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#33 0x00007ffff773f029 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#34 0x00007ffff7791314 in () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#35 0x00007ffff7793e9e in () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#36 0x00007ffff77384a1 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#37 0x00007ffff773fae0 in QApplication::notify(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
---Type <return> to continue, or q <return> to quit---
#38 0x00007ffff6ae7589 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#39 0x00007ffff716baab in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) (event=0x7fffffffd8a0, receiver=0x555555aec440) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:237
#40 0x00007ffff716baab in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) (e=0x55555602a370) at kernel/qguiapplication.cpp:2081
#41 0x00007ffff716d9a5 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) (e=e@entry=0x55555602a370) at kernel/qguiapplication.cpp:1816
#42 0x00007ffff71480db in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) (flags=...) at kernel/qwindowsysteminterface.cpp:1032
#43 0x00007ffff2830eeb in QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x5555557ffb90, flags=...) at qeventdispatcher_glib.cpp:70
#44 0x00007ffff6ae625b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#45 0x00007ffff6aee3d2 in QCoreApplication::exec() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#46 0x00005555555d35f3 in main(int, char**) (argc=1, argv=0x7fffffffe158) at /home/claude/code/github.com/3Dickulus/FragM/Fragmentarium-Source/Fragmentarium/Main.cpp:199
Attachment 142095, "tarball of GLSL source code for use in Fragmentarium":
raymond.tar.gz
Version: 18.1