free_zombie_shaders() leave context in a bad state (access violation occurs)
System information
- OS: Windows 11
- GPU: Nvidia RTX A4000
- Mesa version: 24.0.6 (4.6 (Compatibility Profile))
Describe the issue
This failure was discovered in llvmpipe renderer:
The cleanup of shaders that occurs in free_zombie_shaders() leaves the context in a bad state. Before deleting the shader, free_zombie_shaders(...) nulls out whatever shader is currently bound to the llvmpipe draw_context (even if it isn't the shader being deleted). This seems to happen at the lowest level, without the higher level context being in the loop. This results in the context thinking nothing has changed when, in fact, there is no longer a shader set on the lowest level llvmpipe draw_context. After a call to free_zombie_shaders occurs, any subsequent draw call that occurs before a new shader is explicitly bound by the user will result in an access violation in draw_get_shader_info(...) because the draw->vs object was nulled out.
Simplified order of operations to cause crash
create context1
create context2
bind context1
create shader1 ---> shaders 1 & 2 created on context1
create shader2
bind shader1 ---> user explicitly binds shader1 on context1
draw anything ---> we experienced this problem issuing DrawArrays() command
bind context2
delete shader2 ---> shader2 scheduled for delete in free_zombie_shaders() for context1 because context2 is currently bound
bind context1
swap buffers ---> free_zombie_shaders() will get executed during swap buffers. Bound shader1 gets unbound at the lowest llvmpipe draw_context level. Higher level context unaware of the change
draw anything ---> User has not explicitly changed the shader. Still thinks shader1 is bound on context1, and should be able to issue draw commands without any problems. Access violation occurs in draw_get_shader_info because the shader is actually null