Ubuntu
mesa package

mesa SIGSEGV in brw_update_renderbuffer_surface()

Bug #947544 reported by Rockwalrus
84
This bug affects 11 people
Affects Status Importance Assigned to Milestone
Mesa
Incomplete
High
mesa (Ubuntu)
Incomplete
Medium
Unassigned

Bug Description

crash during alt-tab

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: compiz-core 1:0.9.7.0~bzr2995-0ubuntu5
ProcVersionSignature: Ubuntu 3.2.0-17.27-generic 3.2.6
Uname: Linux 3.2.0-17-generic x86_64
.tmp.unity.support.test.0:

ApportVersion: 1.94-0ubuntu1
Architecture: amd64
CompizPlugins: [core,detection,composite,opengl,compiztoolbox,switcher,imgjpeg,maximumize,decor,grid,text,mousepoll,wall,thumbnail,move,imgpng,imgsvg,wobbly,fadedesktop,regex,resize,gnomecompat,place,notification,session,animation,workarounds,fade,winrules,expo,resizeinfo,animationaddon,trailfocus,scale,scalefilter,group,scaleaddon]
CompositorRunning: compiz
CrashCounter: 1
Date: Mon Mar 5 14:58:43 2012
DistUpgraded: Log time: 2011-10-21 20:21:41.774290
DistroCodename: precise
DistroVariant: ubuntu
DkmsStatus:
 virtualbox, 4.1.8, 3.0.0-16-generic, x86_64: installed
 virtualbox, 4.1.8, 3.2.0-17-generic, x86_64: installed
ExecutablePath: /usr/bin/compiz
GraphicsCard:
 Intel Corporation Mobile GM965/GL960 Integrated Graphics Controller (primary) [8086:2a02] (rev 0c) (prog-if 00 [VGA controller])
   Subsystem: Dell Latitude D630 [1028:01f9]
   Subsystem: Dell Device [1028:01f9]
MachineType: Dell Inc. Latitude D630
PccardctlIdent:
 Socket 0:
   no product info available
PccardctlStatus:
 Socket 0:
   no card
ProcCmdline: /usr/bin/compiz
ProcEnviron:
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcKernelCmdLine: root=UUID=2901cb8b-2558-464e-8c80-ce031718503a ro quiet splash crashkernel=384M-2G:64M,2G-:128M
SegvAnalysis:
 Segfault happened at: 0x7f9cb2c9bf5e: mov 0x218(%rax),%rbp
 PC (0x7f9cb2c9bf5e) ok
 source "0x218(%rax)" (0x00000218) not located in a known VMA region (needed readable region)!
 destination "%rbp" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: compiz
StacktraceTop:
 ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
 ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
 brw_upload_state () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
 brw_draw_prims () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
 ?? () from /usr/lib/x86_64-linux-gnu/dri/libdricore.so
Title: compiz crashed with SIGSEGV in brw_upload_state()
UpgradeStatus: Upgraded to precise on 2011-10-22 (135 days ago)
UserGroups: adm admin audio cdrom dialout dip floppy fuse lpadmin mythtv plugdev sambashare video
dmi.bios.date: 01/04/2010
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A17
dmi.board.name: 0KU184
dmi.board.vendor: Dell Inc.
dmi.chassis.type: 8
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvrA17:bd01/04/2010:svnDellInc.:pnLatitudeD630:pvr:rvnDellInc.:rn0KU184:rvr:cvnDellInc.:ct8:cvr:
dmi.product.name: Latitude D630
dmi.sys.vendor: Dell Inc.
version.compiz: compiz 1:0.9.7.0~bzr2995-0ubuntu5
version.ia32-libs: ia32-libs 20090808ubuntu33
version.libdrm2: libdrm2 2.4.30-1ubuntu1
version.libgl1-mesa-dri: libgl1-mesa-dri 8.0.1-0ubuntu2
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 8.0.1-0ubuntu2
version.xserver-xorg-core: xserver-xorg-core 2:1.11.4-0ubuntu4
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.6.99.901+git20120126-0ubuntu2
version.xserver-xorg-video-ati: xserver-xorg-video-ati N/A
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.17.0-1ubuntu4
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:0.0.16+git20111201+b5534a1-1build2

Revision history for this message
Rockwalrus (rockwalrus) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 brw_update_renderbuffer_surface (brw=0x7f9cbfe23040, rb=0x1edf420, unit=0) at brw_wm_surface_state.c:919
 brw_update_renderbuffer_surfaces (brw=0x7f9cbfe23040) at brw_wm_surface_state.c:1016
 brw_upload_state (brw=0x7f9cbfe23040) at brw_state_upload.c:503
 brw_try_draw_prims (max_index=<optimized out>, min_index=<optimized out>, ib=0x0, nr_prims=1, prim=0x7fff4a25eab0, arrays=0x1f48d48, ctx=0x7f9cbfe23040) at brw_draw.c:482
 brw_draw_prims (ctx=0x7f9cbfe23040, arrays=0x1f48d48, prim=0x7fff4a25eab0, nr_prims=1, ib=0x0, index_bounds_valid=<optimized out>, min_index=0, max_index=15, tfb_vertcount=0x0) at brw_draw.c:566

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in compiz (Ubuntu):
importance: Undecided → Medium
summary: - compiz crashed with SIGSEGV in brw_upload_state()
+ compiz crashed with SIGSEGV in brw_update_renderbuffer_surface()
tags: removed: need-amd64-retrace
Revision history for this message
Launchpad Janitor (janitor) wrote : Re: compiz crashed with SIGSEGV in brw_update_renderbuffer_surface()

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in compiz (Ubuntu):
status: New → Confirmed
Apport retracing service (apport)
tags: added: quantal running-unity
Daniel van Vugt (vanvugt)
affects: compiz (Ubuntu) → mesa (Ubuntu)
information type: Private → Public
Revision history for this message
In , Michael Gratton (mjog) wrote :

Multiple apps are getting a segfault in brw_update_renderbuffer_surface, including VLC, Compiz and Gazebo (which uses OGRE).

Ubuntu bug is reported here with a number of stack traces:

https://bugs.launchpad.net/ubuntu/+source/mesa/+bug/947544

I'll attach a complete, more recent one in a moment, but the head looks like this:

#0 brw_update_renderbuffer_surface (brw=0x403eb30, rb=0x4510500, unit=0) at brw_wm_surface_state.c:1109
#1 0x00007fffdc0e9ab0 in brw_update_renderbuffer_surfaces (brw=0x403eb30) at brw_wm_surface_state.c:1205
#2 0x00007fffdc0d3b02 in brw_upload_state (brw=brw@entry=0x403eb30) at brw_state_upload.c:498
#3 0x00007fffdc0c11a7 in brw_try_draw_prims (max_index=4294967295, min_index=4294952344, ib=<optimised out>,
    nr_prims=<optimised out>, prim=0x7fffffffc580, arrays=<optimised out>, ctx=0x403eb30) at brw_draw.c:493
#4 brw_draw_prims (ctx=0x403eb30, prim=0x7fffffffc580, nr_prims=<optimised out>, ib=<optimised out>,
    index_bounds_valid=<optimised out>, min_index=4294967295, max_index=4294967295, tfb_vertcount=0x0) at brw_draw.c:589
#5 0x00007fffd73a43da in vbo_handle_primitive_restart (ctx=<optimised out>, prim=<optimised out>, nr_prims=<optimised out>,
    ib=<optimised out>, index_bounds_valid=<optimised out>, min_index=<optimised out>, max_index=4294967295)
    at ../../../../../src/mesa/vbo/vbo_exec_array.c:570
#6 0x00007fffd73a53b4 in vbo_validated_drawrangeelements (ctx=ctx@entry=0x403eb30, mode=mode@entry=4,
    index_bounds_valid=index_bounds_valid@entry=0 '\000', start=start@entry=4294967295, end=end@entry=4294967295,
    count=count@entry=39690, type=type@entry=5123, indices=indices@entry=0x0, basevertex=basevertex@entry=0,
    numInstances=numInstances@entry=1, baseInstance=baseInstance@entry=0) at ../../../../../src/mesa/vbo/vbo_exec_array.c:867
#7 0x00007fffd73a5724 in vbo_exec_DrawElements (mode=4, count=39690, type=5123, indices=0x0)
    at ../../../../../src/mesa/vbo/vbo_exec_array.c:997
#8 0x00007fffd4c05124 in Ogre::GLRenderSystem::_render(Ogre::RenderOperation const&) ()
   from /usr/lib/x86_64-linux-gnu/OGRE-1.7.4/RenderSystem_GL.so

Revision history for this message
In , Michael Gratton (mjog) wrote :

Created attachment 75816
gazebo client stack trace

Stack trace from Gazebo simulator client crash. Occurs every 2 or 2 program executions.

Ubuntu 13.04:
linux 3.5.0-25-generic
mesa 9.0-0ubuntu1
libdrm 2.4.39-0ubuntu1

Revision history for this message
In , Michael Gratton (mjog) wrote :

This is on Sandybridge, an i7-2620M/HD3000.

Revision history for this message
Michael Gratton (mjog) wrote :

Reported upstream, I get this every few times I run the Gazebo simulator client.

Qantal, amd64, Sandybridge HD3000.

summary: - compiz crashed with SIGSEGV in brw_update_renderbuffer_surface()
+ mesa SIGSEGV in brw_update_renderbuffer_surface()
Bug Watch Updater (bug-watch-updater)
Changed in mesa:
importance: Unknown → High
status: Unknown → Confirmed
Revision history for this message
Roman (m01brv) wrote :

This or very similar crash (with the same stuff on top of the stack) appears very frequently with fullscreen windows, when the KWin option "suspend desktop effects for fullscreen windows" is turned on. This is similar to the fixed bug 974041, though that one looks different. The crash is typically trigerred by alt-tabbing from such a fullscreen window (with ~50% chance).

Revision history for this message
Michael Gratton (mjog) wrote :

Bug 974041 seems like an X server crash, while this involves clients crashing but X server remains up (although I suspect that after numerous such client crashes the system's stability in general starts to suffer). The cases I have encountered have all involved non-full-screen windows, also.

Revision history for this message
In , Eric Anholt (eric-anholt) wrote :

Do you have an exact command line and set of things to do to reproduce the problem? Perhaps an apitrace of a crashing application?

Revision history for this message
In , Michael Gratton (mjog) wrote :

It's easy to reproduce using Gazebo.

1. Install Gazebo: http://gazebosim.org/wiki/1.6/install
2. Run gzserver in one terminal
3. Run gzclient in another

Both processes use OpenGL, but only gzclient displays a gui. Starting gzserver will result in this error, but only occasionally. Starting gzclient will result in the error more frequently - perhaps once in every 5-10 invocations. Closing the gzclient window will also often produce the error.

Revision history for this message
In , Michael Gratton (mjog) wrote :

I can't attach the apitrace dumps to this bug because they are too big, so have uploaded them to a web server:

gzclient-1.7.1 successful startup: http://vee.net/tmp/fdo-61724/gzclient-1.7.1.trace-nosegfault
gzclient-1.7.1 segfault startup: http://vee.net/tmp/fdo-61724/gzclient-1.7.1.trace-segfault

Revision history for this message
In , Eric Anholt (eric-anholt) wrote :

Ran the segfault one in a loop both on ivb and gm45 for a while, with no segfaults. Were you seeing segfaults in the apitrace replay?

Bug Watch Updater (bug-watch-updater)
Changed in mesa:
status: Confirmed → Incomplete
Revision history for this message
In , Ross Schlaikjer (ross-schlaikjer) wrote :

Created attachment 80882
apitrace dump for glxgears

I am seeing what appears to be the same error. It is reproducible 100% of the time with glxgears.

I ran glxgears in apitrace (causing a segfault). Attatched is the raw apitrace.

Is there any other data that I can provide that would be useful?

Hardware is an Intel i7-2860QM.

The segfault is visible in the apitrace replay.
$ apitrace replay glxgears.trace
apitrace: warning: caught signal 11
1357: error: caught an unhandled exception
apitrace: info: taking default action for signal 11

gdb output for glxgears:

Running synchronized to the vertical refresh. The framerate should be
approximately the same as the monitor refresh rate.

Program received signal SIGSEGV, Segmentation fault.
brw_update_renderbuffer_surface (brw=0x7ffff7fae040, rb=0x61aa30, unit=0)
    at brw_wm_surface_state.c:954
954 brw_wm_surface_state.c: No such file or directory.
(gdb) l
949 in brw_wm_surface_state.c
(gdb) bt
#0 brw_update_renderbuffer_surface (brw=0x7ffff7fae040, rb=0x61aa30, unit=0)
    at brw_wm_surface_state.c:954
#1 0x00007ffff388c220 in brw_update_renderbuffer_surfaces (brw=0x7ffff7fae040)
    at brw_wm_surface_state.c:1047
#2 0x00007ffff38765a0 in brw_upload_state (brw=brw@entry=0x7ffff7fae040)
    at brw_state_upload.c:503
#3 0x00007ffff3864047 in brw_try_draw_prims (max_index=<optimized out>,
    min_index=<optimized out>, ib=0x0, nr_prims=2, prim=0x7ef4a0,
    arrays=0x67a810, ctx=0x7ffff7fae040) at brw_draw.c:482
#4 brw_draw_prims (ctx=0x7ffff7fae040, arrays=0x67a810, prim=0x7ef4a0,
    nr_prims=2, ib=0x0, index_bounds_valid=<optimized out>, min_index=0,
    max_index=161, tfb_vertcount=0x0) at brw_draw.c:566
#5 0x00007ffff39916ac in vbo_save_playback_vertex_list (ctx=0x7ffff7fae040,
    data=0x7eed08) at vbo/vbo_save_draw.c:298
#6 0x00007ffff38e2fe2 in ext_opcode_execute (node=0x7eed00, ctx=0x7ffff7fae040)
    at main/dlist.c:602
#7 execute_list (ctx=0x7ffff7fae040, list=<optimized out>) at main/dlist.c:7505
#8 0x00007ffff38e6a22 in _mesa_CallList (list=1) at main/dlist.c:8922
#9 0x00000000004023bc in draw () at glxgears.c:263
#10 0x0000000000401bc9 in draw_gears () at glxgears.c:315
#11 draw_frame (win=52428802, dpy=0x605010) at glxgears.c:340
#12 event_loop (win=52428802, dpy=0x605010) at glxgears.c:696
#13 main (argc=1, argv=<optimized out>) at glxgears.c:776

Revision history for this message
Oibaf (oibaf) wrote :

The used Ubuntu version is no longer supported, also, the upstream bug was closed due to lack of feedback.
Can you check if the problem is still reproducible on a newer Ubuntu?

Changed in mesa (Ubuntu):
status: Confirmed → Incomplete
To post a comment you must log in.