Skip to content

renderer crash in spec@glsl-1.30@execution@fs-large-local-array-out-of-bounds-write

Hi Gert, could you help take a look at this issue?

The crash was observed while running the test with either guest mesa 21.2.6 or 20.3.5. The client is crostini VM. The same crash can be seen on both intel and amd.

The crash is at (the linked hash is the exact virglrenderer version in the build): https://source.chromium.org/chromiumos/_/chromium/chromiumos/third_party/virglrenderer/+/62d2049677494fc179e470be5615a67ffe0ba80a:src/vrend_shader.c;l=2846

This MR seems to touch the codes around but I haven't done any bisect myself: !788 (merged)

Crash reason:  SIGSEGV /0x00000000
Crash address: 0x8
Process uptime: not available

Thread 0 (crashed)
 0  libvirglrenderer.so.1!get_temp [vrend_shader.c : 2846 + 0x0]
    rax = 0x00007adae3df04c0   rdx = 0x0000000000000000
    rcx = 0x0000000000000000   rbx = 0x00007adae3df0738
    rsi = 0x0000000000000000   rdi = 0x00007adae3df0738
    rbp = 0x00007adae3df0030   rsp = 0x00007adae3df0020
     r8 = 0x00007adae3df04c0    r9 = 0x00000000ffffffff
    r10 = 0x0000000000000000   r11 = 0x0000000000000001
    r12 = 0x0000000000000000   r13 = 0x00007adae3df0664
    r14 = 0x00007adae3df0654   r15 = 0x0000000000000000
    rip = 0x00007ade9fc0c71c
    Found by: given as instruction pointer in context
 1  libvirglrenderer.so.1!iter_instruction [vrend_shader.c : 4331 + 0x12]
    rbx = 0x00007adae3df0738   rbp = 0x00007adae3df0630
    rsp = 0x00007adae3df0040   r12 = 0x0000000000000000
    r13 = 0x00007adae3df0664   r14 = 0x00007adae3df0654
    r15 = 0x0000000000000000   rip = 0x00007ade9fbfb2d1
    Found by: call frame info
 2  libvirglrenderer.so.1!tgsi_iterate_shader [tgsi_iterate.c : 0 + 0xd]
    rbx = 0x00007adae3df0738   rbp = 0x00007adae3df0710
    rsp = 0x00007adae3df0640   r12 = 0x00007ade9fbd3e2c
    r13 = 0x00007adae3dfcbb8   r14 = 0x00007adae3df0654
    r15 = 0x00007adae3df0640   rip = 0x00007ade9fbf6cca
    Found by: call frame info
 3  libvirglrenderer.so.1!vrend_convert_shader [vrend_shader.c : 7886 + 0x8]
    rbx = 0x00007adadcadd900   rbp = 0x00007adae3dfcb80
    rsp = 0x00007adae3df0720   r12 = 0x00007adae3df11f0
    r13 = 0x00007adae3dfcbb8   r14 = 0x00007adadcd5bc70
    r15 = 0x00007adadcd5bc70   rip = 0x00007ade9fbfa4c3
    Found by: call frame info
 4  libvirglrenderer.so.1!analyze_instruction [vrend_shader.c : 7553 + 0x4]
    rbp = 0x00007adae3dfcb80   rsp = 0x00007adae3df0740
    rip = 0x00007ade9fbfab16
    Found by: stack scanning
 5  libvirglrenderer.so.1!prolog [vrend_shader.c : 5935 + 0x4]
    rbp = 0x00007ade9fbfab16   rsp = 0x00007adae3df0748
    rip = 0x00007ade9fbfab66
    Found by: call frame info
 6  libvirglrenderer.so.1!iter_instruction [vrend_shader.c : 0 + 0x12]
    rbp = 0x00007ade9fbfab66   rsp = 0x00007adae3df0750
    rip = 0x00007ade9fc01c8a
    Found by: call frame info
 7  libvirglrenderer.so.1!iter_declaration [vrend_shader.c : 1327 + 0x17]
    rbp = 0x00007ade9fbfab66   rsp = 0x00007adae3df0758
    rip = 0x00007ade9fc03bf9
    Found by: stack scanning
 8  libvirglrenderer.so.1!iter_immediate [vrend_shader.c : 2072 + 0x9]
    rbp = 0x00007ade9fbfab66   rsp = 0x00007adae3df0760
    rip = 0x00007ade9fc03c98
    Found by: stack scanning
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information