Webrender: regression: segmentation fault in nvidia Linux driver

Created on 3 May 2018  路  8Comments  路  Source: servo/webrender

cargo run -p webrender --example basic segfaults on my Linux system with this stack. I bisected this and found it was caused by #2650 which includes an upgrade from gleam 0.4.20 to 0.4.32. I haven't bisected further to see which gleam commit caused the regression. cc @kvark

#0  0x00007ffff294533f in ?? () from /usr/lib/x86_64-linux-gnu/libnvidia-glcore.so.390.48
#1  0x00007ffff2957436 in ?? () from /usr/lib/x86_64-linux-gnu/libnvidia-glcore.so.390.48
#2  0x00007ffff25117d5 in ?? () from /usr/lib/x86_64-linux-gnu/libnvidia-glcore.so.390.48
#3  0x0000555555eed443 in gleam::ffi_gl::Gl::DrawElements::h82f5e1eced377f2d (self=0x7ffff6297810, 
    mode=4, count=3, type_=5123, indices=0x0)
    at /home/mbrubeck/src/webrender/target/debug/build/gleam-b3dcb8a8100efbdd/out/gl_bindings.rs:2364
#4  0x0000555555ed1ab2 in _$LT$gleam..gl..GlFns$u20$as$u20$gleam..gl..Gl$GT$::draw_elements::h9038c4f94819c4bd (self=0x7ffff6297810, mode=4, count=3, element_type=5123, indices_offset=0)
    at /home/mbrubeck/.cargo/registry/src/github.com-1ecc6299db9ec823/gleam-0.4.34/src/gl_fns.rs:914
#5  0x00005555557e1959 in webrender::device::Device::draw_triangles_u16::he535b7d1cb1aac8c (
    self=0x7ffffffefd38, first_vertex=0, index_count=3) at webrender/src/device.rs:1891
#6  0x0000555555a3c8ac in webrender::shade::LazilyCompiledShader::new::he30f5309719f8d69 (kind=..., 
    name=..., features=..., device=0x7ffffffefd38, precache=true) at webrender/src/shade.rs:96
#7  0x0000555555a3d87a in webrender::shade::BrushShader::new::h18d92eb7215b45ad (name=..., 
    device=0x7ffffffefd38, features=..., precache=true) at webrender/src/shade.rs:193
#8  0x0000555555a4062a in webrender::shade::Shaders::new::hb60dbfd1d39c4d25 (device=0x7ffffffefd38, 
    gl_type=gleam::gl::GlType::Gl, options=0x7fffffffc638) at webrender/src/shade.rs:486
#9  0x00005555559aaf44 in webrender::renderer::Renderer::new::h3d1f0c9012baa014 (gl=..., notifier=..., 
    options=...) at webrender/src/renderer.rs:1438
soon bug

Most helpful comment

So we need to bind a dummy index buffer.

All 8 comments

This doesn't seem to be triggered by any gleam changes, but rather by this change on the webrender side:

https://github.com/servo/webrender/pull/2650/commits/8aef639563b37cd6b1e1ab1fd9ea9bd503184a0e#diff-e799884e4c0ff043be9c0472539d1528R477

Interesting. The reason for creating and binding a VAO there is to cope with driver errors (reported now via KHR_debug): since we are issuing draw calls, we have to have some VAO in place.
It might be that we've always been doing this incorrectly, but NV driver detected the lack of VAO and stopped right before doing something dangerous.

I get a segfault on windows, it might not be the same issue but appears similar.
Problem present on latest commit d7a6d081384ce0da9dd359b0cf4b9f758aab1b67.
I'm using Nvidia as well.

I went back in git history and found that this is the last one which worked:
(Date: Wed Nov 22 18:03:13 2017 -0500) https://github.com/servo/webrender/commit/d43464fef93b2ecc3d7b3ea8d9940719fd652731
and this is the first which doesn't:
(Date: Sun Nov 26 13:45:58 2017 -0600) https://github.com/servo/webrender/commit/9749668e8831c5f8cc56754511b338c00076b2d7
(dates from git log)

x@DESKTOP-3PEVIUB MINGW64 /d/Creating/ext_projects/webrender/examples (master)
$ cargo run --bin basic
Finished dev [unoptimized + debuginfo] target(s) in 0.33s
Running D:\Creating\ext_projects\webrender\target\debug\basic.exe
OpenGL version 3.2.0 NVIDIA 411.70
Shader resource path: None
Device pixel ratio: 1
Loading shaders...
error: process didn't exit successfully: D:\Creating\ext_projects\webrender\target\debug\basic.exe (exit code: 3221225477)
Segmentation fault

@mocsy could you run it from visual studio and see the stack trace please?

@mbrubeck I wonder if NV driver creeps out because our VAO is empty. We need to play with it, try adding some buffer definitions in there.

Exception thrown at 0x0000000075D6E8D0 (nvoglv64.dll) in basic.exe: 0xC0000005: Access violation reading location 0x0000000000000000.

nvoglv64.dll!0000000075d6e8d0() (Unknown Source:0)
nvoglv64.dll!00000000755454cc() (Unknown Source:0)
basic.exe!gleam::ffi_gl::Gl::DrawElements(unsigned int self, int mode, unsigned int count, std::os::raw::c_void * type_) Line 2366 (d:\Creating\ext_projects\webrender\target\debug\buildgleam-0975db55dcf908b5\out\gl_bindings.rs:2366)
basic.exe!gleam::gl::{{impl}}::draw_elements(gleam::gl::GlFns * self, unsigned int mode, int count, unsigned int element_type, unsigned int indices_offset) Line 871 (c:\Users\x.cargo\registry\src\github.com-1ecc6299db9ec823gleam-0.6.0\src\gl_fns.rs:871)
basic.exe!webrender::device::gl::Device::draw_triangles_u16(int self, int first_vertex) Line 1972 (d:\Creating\ext_projects\webrender\webrender\src\device\gl.rs:1972)
basic.exe!webrender::shade::LazilyCompiledShader::new(str* kind, slice* name, webrender::device::gl::Device * features, bool device) Line 96 (d:\Creating\ext_projects\webrender\webrender\src\shade.rs:96)
basic.exe!webrender::shade::BrushShader::new(webrender::device::gl::Device * name, slice* device, bool features, bool precache) Line 196 (d:\Creating\ext_projects\webrender\webrender\src\shade.rs:196)
basic.exe!webrender::shade::Shaders::new(gleam::gl::GlType device, webrender::renderer::RendererOptions * gl_type) Line 483 (d:\Creating\ext_projects\webrender\webrender\src\shade.rs:483)
basic.exe!webrender::renderer::Renderer::new(webrender_api::api::Box gl, webrender::renderer::RendererOptions notifier) Line 1516 (d:\Creating\ext_projects\webrender\webrender\src\renderer.rs:1516)
basic.exe!basic::boilerplate::main_wrapper(basic::App * example, core::option::Option options) Line 167 (d:\Creating\ext_projects\webrender\examples\common\boilerplate.rs:167)
basic.exe!basic::main() Line 171 (d:\Creating\ext_projects\webrender\examples\basic.rs:171)
basic.exe!std::rt::lang_start::{{closure}}<()>(closure ) Line 74 (c:\projects\rust\src\libstd\rt.rs:74)
[Inline Frame] basic.exe!std::rt::lang_start_internal::{{closure}}() Line 59 (c:\projects\rust\src\libstd\rt.rs:59)
basic.exe!std::panicking::try::do_call() Line 310 (c:\projects\rust\src\libstd\panicking.rs:310)
basic.exe!panic_unwind::__rust_maybe_catch_panic() Line 105 (c:\projects\rust\src\libpanic_unwind\lib.rs:105)
[Inline Frame] basic.exe!std::panicking::try() Line 289 (c:\projects\rust\src\libstd\panicking.rs:289)
[Inline Frame] basic.exe!std::panic::catch_unwind() Line 392 (c:\projects\rust\src\libstd\panic.rs:392)
basic.exe!std::rt::lang_start_internal() Line 58 (c:\projects\rust\src\libstd\rt.rs:58)
basic.exe!std::rt::lang_start<()>(void(
)() main, __int64 argc, unsigned char * * argv) Line 74 (c:\projects\rust\src\libstd\rt.rs:74)
basic.exe!main() (Unknown Source:0)
[Inline Frame] basic.exe!invoke_main() Line 64 (f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl:64)
basic.exe!__scrt_common_main_seh() Line 253 (f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl:253)
kernel32.dll!00007ff8f4c73034() (Unknown Source:0)
ntdll.dll!00007ff8f77c1461() (Unknown Source:0)

I think indices: *const __gl_imports::raw::c_void becomes a null pointer.

indices_offset: GLuint has the value 0, then it's cast into pointer
indices_offset as *const c_void

So we need to bind a dummy index buffer.

Was this page helpful?
0 / 5 - 0 ratings