Visiting with Firefox e.g. https://developer.mozilla.org/de/demos/detail/orange-slice/launch makes firefox crash.
Program received signal SIGSEGV, Segmentation fault.
nouveau_fence_next (screen=screen@entry=0x5a5a5a5a) at ../../../../../../src/gallium/drivers/nouveau/nouveau_fence.c:226
226 if (screen->fence.current->state < NOUVEAU_FENCE_STATE_EMITTING)
(gdb) bt
#0 nouveau_fence_next (screen=screen@entry=0x5a5a5a5a) at ../../../../../../src/gallium/drivers/nouveau/nouveau_fence.c:226
#1 0x9b5b7fc0 in nv30_context_kick_notify (push=0x9b8f62b0) at ../../../../../../src/gallium/drivers/nouveau/nv30/nv30_context.c:48
#2 0xa0a0ea3e in pushbuf_submit (push=push@entry=0x9b8f62b0, chan=<optimized out>, chan=<optimized out>) at ../../nouveau/pushbuf.c:325
#3 0xa0a0ed7a in pushbuf_flush (push=push@entry=0x9b8f62b0) at ../../nouveau/pushbuf.c:402
#4 0xa0a0faca in nouveau_pushbuf_kick (push=0x9b8f62b0, chan=0xa40c5420) at ../../nouveau/pushbuf.c:774
#5 0x9b5b811f in PUSH_KICK (push=<optimized out>) at ../../../../../../src/gallium/drivers/nouveau/nouveau_winsys.h:56
#6 nv30_context_flush (pipe=0x9b986000, fence=0x0, flags=0) at ../../../../../../src/gallium/drivers/nouveau/nv30/nv30_context.c:83
#7 0x9b4b4e1c in st_flush (st=st@entry=0x989e8000, fence=fence@entry=0x0, flags=flags@entry=0) at ../../../../src/mesa/state_tracker/st_cb_flush.c:87
#8 0x9b4b4e82 in st_glFlush (ctx=0x98844000) at ../../../../src/mesa/state_tracker/st_cb_flush.c:121
#9 0x9b3b3065 in _mesa_flush (ctx=ctx@entry=0x98844000) at ../../../../src/mesa/main/context.c:1691
#10 0x9b3b3130 in _mesa_make_current (newCtx=newCtx@entry=0x0, drawBuffer=drawBuffer@entry=0x0, readBuffer=readBuffer@entry=0x0) at ../../../../src/mesa/main/context.c:1503
#11 0x9b4dee74 in st_api_make_current (stapi=0x9b779700 <st_gl_api>, stctxi=0x0, stdrawi=0x0, streadi=0x0) at ../../../../src/mesa/state_tracker/st_manager.c:746
#12 0x9b59d9ee in dri_unbind_context (cPriv=0x994e3120) at ../../../../../../../src/gallium/state_trackers/dri/drm/dri_context.c:215
#13 0x9b38db93 in driUnbindContext (pcp=0x994e3120) at ../../../../../../../src/mesa/drivers/dri/common/dri_util.c:578
#14 0x9b7df149 in dri2_unbind_context (context=0x9b9cbc20, new=0x0) at ../../../../src/glx/dri2_glx.c:184
#15 0x9b7b7985 in MakeContextCurrent (dpy=dpy@entry=0xb7191000, draw=draw@entry=0, read=read@entry=0, gc_user=gc_user@entry=0x0) at ../../../../src/glx/glxcurrent.c:245
#16 0x9b7b7a73 in glXMakeCurrent (dpy=0xb7191000, draw=0, gc=0x0) at ../../../../src/glx/glxcurrent.c:293
#17 0xb3d3916d in mozilla::gl::GLXLibrary::xMakeCurrent (this=0xb6e58470 <mozilla::gl::sGLXLibrary>, display=0xb7191000, drawable=drawable@entry=0, context=context@entry=0x0) at /build/buildd/firefox-31.0+build1/gfx/gl/GLContextProviderGLX.cpp:525
#18 0xb3d39d92 in mozilla::gl::GLContextGLX::~GLContextGLX (this=0x988dc800, __in_chrg=<optimized out>) at /build/buildd/firefox-31.0+build1/gfx/gl/GLContextProviderGLX.cpp:836
#19 0xb3d39e12 in mozilla::gl::GLContextGLX::~GLContextGLX (this=0x988dc800, __in_chrg=<optimized out>) at /build/buildd/firefox-31.0+build1/gfx/gl/GLContextProviderGLX.cpp:845
#20 0xb3d38ea0 in mozilla::detail::GenericRefCounted<(mozilla::detail::RefCountAtomicity)0>::Release (this=0x988dc800) at ../../dist/include/mozilla/GenericRefCounted.h:95
#21 0xb3ddc635 in nsRefPtr<mozilla::gl::GLContext>::assign_assuming_AddRef (this=this@entry=0x9b8eb84c, newPtr=newPtr@entry=0x0) at ../../dist/include/nsAutoPtr.h:882
#22 0xb4561170 in assign_with_AddRef (rawPtr=0x0, this=0x9b8eb84c) at ../../../dist/include/nsAutoPtr.h:866
#23 operator= (rhs=0x0, this=0x9b8eb84c) at ../../../dist/include/nsAutoPtr.h:964
#24 mozilla::WebGLContext::DestroyResourcesAndContext (this=this@entry=0x9b8eb800) at /build/buildd/firefox-31.0+build1/content/canvas/src/WebGLContext.cpp:284
#25 0xb45611bb in mozilla::WebGLContext::~WebGLContext (this=0x9b8eb800, __in_chrg=<optimized out>) at /build/buildd/firefox-31.0+build1/content/canvas/src/WebGLContext.cpp:203
#26 0xb455e330 in mozilla::WebGL1Context::~WebGL1Context (this=0x9b8eb800, __in_chrg=<optimized out>) at /build/buildd/firefox-31.0+build1/content/canvas/src/WebGL1Context.cpp:25
#27 0xb455ebe9 in mozilla::WebGLContext::DeleteCycleCollectable (this=0x9b8eb800) at /build/buildd/firefox-31.0+build1/content/canvas/src/WebGLContext.cpp:1397
#28 0xb455ebbb in mozilla::WebGLContext::cycleCollection::DeleteCycleCollectable (this=0xb6e2b500 <mozilla::WebGLContext::_cycleCollectorGlobal>, p=0x9b8eb800) at /build/buildd/firefox-31.0+build1/content/canvas/src/WebGLContext.h:152
#29 0xb3841504 in SnowWhiteKiller::~SnowWhiteKiller (this=this@entry=0xbfb4273c, __in_chrg=<optimized out>) at /build/buildd/firefox-31.0+build1/xpcom/base/nsCycleCollector.cpp:2403
#30 0xb3841d1b in ~RemoveSkippableVisitor (this=0xbfb4273c, __in_chrg=<optimized out>) at /build/buildd/firefox-31.0+build1/xpcom/base/nsCycleCollector.cpp:2495
#31 nsPurpleBuffer::RemoveSkippable (this=this@entry=0xb71e808c, aCollector=aCollector@entry=0xb71e8000, aRemoveChildlessNodes=aRemoveChildlessNodes@entry=false, aAsyncSnowWhiteFreeing=aAsyncSnowWhiteFreeing@entry=false, aCb=0xb44dbe35 <ClearCycleCollectorCleanupData()>) at /build/buildd/firefox-31.0+build1/xpcom/base/nsCycleCollector.cpp:2545
#32 0xb3841d73 in nsCycleCollector::ForgetSkippable (this=0xb71e8000, aRemoveChildlessNodes=aRemoveChildlessNodes@entry=false, aAsyncSnowWhiteFreeing=aAsyncSnowWhiteFreeing@entry=false) at /build/buildd/firefox-31.0+build1/xpcom/base/nsCycleCollector.cpp:2588
#33 0xb3841de4 in nsCycleCollector_forgetSkippable (aRemoveChildlessNodes=aRemoveChildlessNodes@entry=false, aAsyncSnowWhiteFreeing=false) at /build/buildd/firefox-31.0+build1/xpcom/base/nsCycleCollector.cpp:3820
#34 0xb42f6563 in FireForgetSkippable (aSuspected=aSuspected@entry=1250, aRemoveChildless=aRemoveChildless@entry=false) at /build/buildd/firefox-31.0+build1/dom/base/nsJSEnvironment.cpp:1781
#35 0xb42f82c6 in CCTimerFired (aTimer=0xa44cdb20, aClosure=0x0) at /build/buildd/firefox-31.0+build1/dom/base/nsJSEnvironment.cpp:2281
#36 0xb38782cb in nsTimerImpl::Fire (this=0xa44cdb20) at /build/buildd/firefox-31.0+build1/xpcom/threads/nsTimerImpl.cpp:566
#37 0xb3878390 in nsTimerEvent::Run (this=0xad4ec060) at /build/buildd/firefox-31.0+build1/xpcom/threads/nsTimerImpl.cpp:650
#38 0xb387557b in nsThread::ProcessNextEvent (this=0xb7152040, mayWait=false, result=0xbfb4292f) at /build/buildd/firefox-31.0+build1/xpcom/threads/nsThread.cpp:715
#39 0xb382954e in NS_ProcessNextEvent (thread=<optimized out>, mayWait=mayWait@entry=false) at /build/buildd/firefox-31.0+build1/xpcom/glue/nsThreadUtils.cpp:263
#40 0xb3a4ce3e in mozilla::ipc::MessagePump::Run (this=0xb7190b50, aDelegate=0xb711c7c0) at /build/buildd/firefox-31.0+build1/ipc/glue/MessagePump.cpp:95
#41 0xb3a3c13a in MessageLoop::RunInternal (this=this@entry=0xb711c7c0) at /build/buildd/firefox-31.0+build1/ipc/chromium/src/base/message_loop.cc:229
#42 0xb3a3c262 in RunHandler (this=0xb711c7c0) at /build/buildd/firefox-31.0+build1/ipc/chromium/src/base/message_loop.cc:222
#43 MessageLoop::Run (this=0xb711c7c0) at /build/buildd/firefox-31.0+build1/ipc/chromium/src/base/message_loop.cc:196
#44 0xb4203d2b in nsBaseAppShell::Run (this=0xaeb8bba0) at /build/buildd/firefox-31.0+build1/widget/xpwidgets/nsBaseAppShell.cpp:164
#45 0xb4bfa17f in nsAppStartup::Run (this=0xaeb7d0d0) at /build/buildd/firefox-31.0+build1/toolkit/components/startup/nsAppStartup.cpp:278
#46 0xb4bc7253 in XREMain::XRE_mainRun (this=this@entry=0xbfb42b70) at /build/buildd/firefox-31.0+build1/toolkit/xre/nsAppRunner.cpp:4019
#47 0xb4bc7523 in XREMain::XRE_main (this=this@entry=0xbfb42b70, argc=argc@entry=1, argv=argv@entry=0xbfb43ea4, aAppData=aAppData@entry=0xbfb42cd0) at /build/buildd/firefox-31.0+build1/toolkit/xre/nsAppRunner.cpp:4088
#48 0xb4bc7763 in XRE_main (argc=1, argv=0xbfb43ea4, aAppData=0xbfb42cd0, aFlags=0) at /build/buildd/firefox-31.0+build1/toolkit/xre/nsAppRunner.cpp:4300
#49 0xb7729973 in do_main (argc=1, argv=0xbfb43ea4, xreDirectory=0xb714f480) at /build/buildd/firefox-31.0+build1/browser/app/nsBrowserApp.cpp:282
#50 0xb7728fc9 in main (argc=1, argv=0xbfb43ea4) at /build/buildd/firefox-31.0+build1/browser/app/nsBrowserApp.cpp:643
(more details will follow)
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: libgl1-mesa-dri 10.1.3-0ubuntu0.1
ProcVersionSignature: Ubuntu 3.13.0-35.62-generic 3.13.11.6
Uname: Linux 3.13.0-35-generic i686
ApportVersion: 2.14.1-0ubuntu3.3
Architecture: i386
Date: Tue Sep 2 19:03:29 2014
InstallationDate: Installed on 2014-08-20 (13 days ago)
InstallationMedia: Lubuntu 14.04.1 LTS "Trusty Tahr" - Release i386 (20140722.2)
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: mesa
UpgradeStatus: No upgrade log present (probably fresh install)
Problem could be reproduced with following graphic adapters:
01:00.0 VGA compatible controller: NVIDIA Corporation NV40 [GeForce 6800] (rev a1)
01:00.0 VGA compatible controller: NVIDIA Corporation NV31 [GeForce FX 5600XT] (rev a1)
(Firefox probably blacklisted the second card for webgl, to be able to investigate on the issue I had to enable manually.)
But the crash happens for the first card with default settings.
As far as I could observe, Firefox creates 3 contexts, then destroys the last one but then still accesses the freed memory of the destroyed context.
I believe this crash got fixed by this upstream commit:
http://
Unfortunately this commit got only into 10.2.2.
But as Trusty Tahr is a LTS release it probably will stay a long time with users using older graphics cards.
Therefore I ask if this little patch could be added.
------
Building package libgl1-mesa-dri like this makes the crash for me go away:
mkdir -p ~/ubuntu/mesa; cd ~/ubuntu/mesa
apt-get source libgl1-mesa-dri
cd mesa-10.1.3
wget wget http://
echo "999-nv30_
patch -p1 < debian/
dpkg-buildpackage
cd ..
# sudo dpkg -i libgl1-
------
Other references where this bug seems to appear (just for reference):
https:/
https:/
https:/