search

NVIDIA / egl-wayland

The EGLStream-based Wayland external platform
MIT License
275 stars 43 forks source link

Crash in libwayland-client when using nvidia driver #64

Closed git-bruh closed 1 year ago

git-bruh commented 1 year ago 
firefox[6175]: segfault at 7fd2bd927ad8 ip 00007fd2be2d4758 sp 00007fff2d056510 error 4 in libwayland-client.so.0.21.0[7fd2be2d2000+8000]

The crash occurs only when launching firefox, not in any other program.

(gdb) bt
#0  queue_event (display=0x56155f2efe40, len=4080) at ../src/wayland-client.c:1511
#1  0x00007fd2be2d4b5b in read_events (display=0x56155f2efe40) at ../src/wayland-client.c:1634
#2  0x00007fd2be2d4cb3 in wl_display_read_events (display=0x56155f2efe40)
    at ../src/wayland-client.c:1717
#3  0x00007fd2be2d4fc6 in wl_display_dispatch_queue
    (display=0x56155f2efe40, queue=0x56155f2eff10) at ../src/wayland-client.c:1956
#4  0x00007fd2be2d42da in wl_display_roundtrip_queue
    (display=0x56155f2efe40, queue=0x56155f2eff10) at ../src/wayland-client.c:1370
#5  0x00007fd2be2d4342 in wl_display_roundtrip (display=0x56155f2efe40)
    at ../src/wayland-client.c:1399
#6  0x00007fd2b3b2dc02 in  () at /usr/lib/firefox/libxul.so
#7  0x00007fd2b3b2e3f2 in  () at /usr/lib/firefox/libxul.so
#8  0x00007fd2b3b22299 in  () at /usr/lib/firefox/libxul.so
#9  0x00007fd2b3b2a0be in  () at /usr/lib/firefox/libxul.so
#10 0x00007fd2b3b2a6bd in  () at /usr/lib/firefox/libxul.so
#11 0x000056155e915d81 in  ()
#12 0x000056155e91515d in  ()
#13 0x00007fd2bfe951b7 in  () at /usr/lib/libc.so.6
#14 0x00007fd2bfe95275 in __libc_start_main () at /usr/lib/libc.so.6
#15 0x000056155e915511 in _start ()
(gdb) p *proxy
$10 = {object = {interface = 0x7fd2bd927ac0, implementation = 0x7fd2bd927bf0, id = 6}, 
  display = 0x56155f2efe40, queue = 0x56155f3339a0, flags = 0, refcount = 1, 
  user_data = 0x56155f330e60, dispatcher = 0x0, version = 3, tag = 0x0}
(gdb) p proxy->object
$11 = {interface = 0x7fd2bd927ac0, implementation = 0x7fd2bd927bf0, id = 6}
(gdb) p *proxy->object->interface
Cannot access memory at address 0x7fd2bd927ac0

Seems like a use after free

Dunno if it's a firefox bug, libwayland bug or nvidia bug. It only happens when using sway with gbm, not eglstreams. It doesn't impact any functionality either, firefox runs just fine, but with these messages:

[Parent 8381, Main Thread] WARNING: Failed to parse GL version!: file /home/testuser/.cache/kiss/proc/32123/build/firefox/widget/gtk/GfxInfo.cpp:271
[Parent 8381, Main Thread] WARNING: Failed to detect GL vendor!: file /home/testuser/.cache/kiss/proc/32123/build/firefox/widget/gtk/GfxInfo.cpp:342
Crash Annotation GraphicsCriticalError: |[0][GFX1-]: No GPUs detected via PCI (t=1.05835) [GFX1-]: No GPUs detected via PCI
Crash Annotation GraphicsCriticalError: |[0][GFX1-]: No GPUs detected via PCI (t=1.05835) |[1][GFX1-]: glxtest: process failed (received signal 11) (t=1.05838) [GFX1-]: glxtest: process failed (received signal 11)
Initializing context 0x7fa8d80055b1 surface (nil) on display 0x7fa8d80b10e0
GL_VENDOR: NVIDIA Corporation
mVendor: NVIDIA
GL_RENDERER: NVIDIA GeForce GTX 1660/PCIe/SSE2
mRenderer: Unknown
mIsMesa: 0
#0  0x00007fa95e3dd0cc in wl_display_read_events ()
    at /usr/lib/libwayland-client.so.0
#1  0x00007fa95e3dd981 in wl_display_dispatch_queue ()
    at /usr/lib/libwayland-client.so.0
#2  0x00007fa95e3ddc4f in wl_display_roundtrip_queue ()
    at /usr/lib/libwayland-client.so.0
#3  0x00007fa952810cc8 in wayland_egltest ()
    at /home/testuser/.cache/kiss/proc/32123/build/firefox/toolkit/xre/glxtest.cpp:933
#4  childgltest() ()
    at /home/testuser/.cache/kiss/proc/32123/build/firefox/toolkit/xre/glxtest.cpp:1151
#5  0x00007fa952810fa8 in fire_glxtest_process() ()
    at /home/testuser/.cache/kiss/proc/32123/build/firefox/toolkit/xre/glxtest.cpp:1200
#6  0x00007fa952805ddd in XREMain::XRE_mainInit(bool*)
    (this=this@entry=0x7ffc9f9dc8f0, aExitFlag=aExitFlag@entry=0x7ffc9f9dc86f)
    at /home/testuser/.cache/kiss/proc/32123/build/firefox/toolkit/xre/nsAppRunner.cpp:3992
#7  0x00007fa95280ddfe in XREMain::XRE_mainInit(bool*)
    (aExitFlag=0x7ffc9f9dc86f, this=0x7ffc9f9dc8f0)
    at /home/testuser/.cache/kiss/proc/32123/build/firefox/toolkit/xre/nsAppRunner.cpp:3879
#8  XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&)
    (this=this@entry=0x7ffc9f9dc8f0, argc=argc@entry=1, argv=argv@entry=0x7ffc9f9ddc18, aConfig=...)
    at /home/testuser/.cache/kiss/proc/32123/build/firefox/toolkit/xre/nsAppRunner.cpp:5867
#9  0x00007fa95280e192 in XRE_main(int, char**, mozilla::BootstrapConfig const&) (argc=1, argv=0x7ffc9f9ddc18, aConfig=...)
    at /home/testuser/.cache/kiss/proc/32123/build/firefox/toolkit/xre/nsAppRunner.cpp:5949
--Type <RET> for more, q to quit, c to continue without paging--c
#10 0x000055bbe4a072d8 in do_main(int, char**, char**) (argc=<optimized out>, argv=<optimized out>, envp=envp@entry=0x7ffc9f9ddc28) at /home/testuser/.cache/kiss/proc/32123/build/firefox/browser/app/nsBrowserApp.cpp:227
#11 0x000055bbe4a066f0 in main(int, char**, char**) (argc=<optimized out>, argv=<optimized out>, envp=0x7ffc9f9ddc28) at /home/testuser/.cache/kiss/proc/32123/build/firefox/browser/app/nsBrowserApp.cpp:414
git-bruh commented 1 year ago

https://github.com/mozilla/gecko-dev/blob/25ec642ed33ca83f25e88ec0f9f27e8ad8a29e24/toolkit/xre/glxtest.cpp#L985 ah it's already known