Mir/Unity8/USC crashes/freezes on nouveau (nv50) in pushbuf_kref() especially with multiple monitors, webbrowser-app or system settings
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical System Image |
Triaged
|
Critical
|
Unassigned | ||
Mesa |
New
|
Unknown
|
|||
Mir |
Triaged
|
High
|
Unassigned | ||
Nouveau Xorg driver |
Unknown
|
Medium
|
|||
Unity System Compositor |
Triaged
|
High
|
Unassigned | ||
libdrm (Ubuntu) |
Triaged
|
High
|
Unassigned | ||
mesa (Ubuntu) |
Triaged
|
High
|
Unassigned | ||
mir (Ubuntu) |
Triaged
|
High
|
Unassigned | ||
qtmir (Ubuntu) |
In Progress
|
High
|
Gerry Boland | ||
qtubuntu (Ubuntu) |
In Progress
|
High
|
Gerry Boland | ||
Bug Description
Unit8 froze up while I was trying to open system settings.
ProblemType: Crash
DistroRelease: Ubuntu 16.04
Package: unity8 8.11+16.
ProcVersionSign
Uname: Linux 4.4.0-9-generic x86_64
ApportVersion: 2.20-0ubuntu3
Architecture: amd64
Date: Fri Mar 4 19:12:54 2016
ExecutablePath: /usr/bin/unity8
InstallationDate: Installed on 2015-05-10 (299 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
ProcCmdline: unity8
SegvAnalysis:
Segfault happened at: 0x7f58d568706c: mov 0x8(%rsi),%edx
PC (0x7f58d568706c) ok
source "0x8(%rsi)" (0x00000008) not located in a known VMA region (needed readable region)!
destination "%edx" ok
Stack memory exhausted (SP below stack segment)
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: unity8
StacktraceTop:
?? () from /usr/lib/
?? () from /usr/lib/
?? () from /usr/lib/
?? () from /usr/lib/
?? () from /usr/lib/
Title: unity8 crashed with SIGSEGV
UpgradeStatus: Upgraded to xenial on 2015-11-07 (118 days ago)
UserGroups: adm autopilot cdrom dip lpadmin plugdev sambashare sudo
Related branches
- Unity8 CI Bot: Approve (continuous-integration)
- Ubuntu Phablet Team: Pending requested
-
Diff: 89 lines (+62/-8)1 file modifiedsrc/ubuntumirclient/qmirclientintegration.cpp (+62/-8)
- Unity8 CI Bot (community): Approve (continuous-integration)
- Mir development team: Pending requested
-
Diff: 110 lines (+64/-1)3 files modifiedsrc/platforms/mirserver/logging.cpp (+1/-0)
src/platforms/mirserver/logging.h (+1/-0)
src/platforms/mirserver/mirserverintegration.cpp (+62/-1)
information type: | Private → Public |
summary: |
- unity8 crashed with SIGSEGV + unity8 crashed with SIGSEGV on nouveau, in eglMakeCurrent() ... + nv50_flush() ... pushbuf_kref() |
Changed in mir (Ubuntu): | |
status: | New → Invalid |
Changed in mir: | |
status: | New → Invalid |
affects: | unity8 (Ubuntu) → qtmir (Ubuntu) |
tags: | added: unity8-desktop |
summary: |
- Mir crashes on nouveau (nv50) in pushbuf_kref() + Mir crashes on nouveau (nv50) in pushbuf_kref() especially with multiple + monitors |
Changed in canonical-devices-system-image: | |
importance: | High → Critical |
Changed in libdrm (Ubuntu): | |
importance: | High → Critical |
Changed in mesa (Ubuntu): | |
importance: | High → Critical |
Changed in mesa (Ubuntu): | |
status: | Confirmed → Invalid |
Changed in mir (Ubuntu): | |
importance: | Undecided → Critical |
Changed in qtmir (Ubuntu): | |
importance: | Medium → Critical |
Changed in libdrm (Ubuntu): | |
status: | Confirmed → Triaged |
summary: |
Mir/Unity8 crashes on nouveau (nv50) in pushbuf_kref() especially with - multiple monitors + multiple monitors or opening the web browser app |
summary: |
Mir/Unity8 crashes on nouveau (nv50) in pushbuf_kref() especially with - multiple monitors or opening the web browser app + multiple monitors, webbrowser-app or system settings |
summary: |
- Mir/Unity8 crashes on nouveau (nv50) in pushbuf_kref() especially with - multiple monitors, webbrowser-app or system settings + Mir/Unity8 crashes/freezes on nouveau (nv50) in pushbuf_kref() + especially with multiple monitors, webbrowser-app or system settings |
Changed in canonical-devices-system-image: | |
assignee: | nobody → Stephen M. Webb (bregma) |
milestone: | none → u8c-1 |
summary: |
- Mir/Unity8 crashes/freezes on nouveau (nv50) in pushbuf_kref() + Mir/Unity8/USC crashes/freezes on nouveau (nv50) in pushbuf_kref() especially with multiple monitors, webbrowser-app or system settings |
summary: |
- Mir/Unity8/USC crashes/freezes on nouveau (nv50) in pushbuf_kref() - especially with multiple monitors, webbrowser-app or system settings + nouveau (nv50) crashes/freezes in pushbuf_kref() |
summary: |
- nouveau (nv50) crashes/freezes in pushbuf_kref() + Mir/Unity8/USC crashes/freezes on nouveau (nv50) in pushbuf_kref() + especially with multiple monitors, webbrowser-app or system settings |
Changed in canonical-devices-system-image: | |
status: | Incomplete → Triaged |
Changed in canonical-devices-system-image: | |
milestone: | u8c-1 → u8c-2 |
Changed in qtubuntu (Ubuntu): | |
status: | New → In Progress |
assignee: | nobody → Gerry Boland (gerboland) |
Changed in qtmir (Ubuntu): | |
assignee: | nobody → Gerry Boland (gerboland) |
status: | Confirmed → In Progress |
Changed in qtubuntu (Ubuntu): | |
importance: | Undecided → High |
Changed in qtmir (Ubuntu): | |
importance: | Medium → High |
Changed in mir (Ubuntu): | |
importance: | Critical → High |
status: | Invalid → Triaged |
Changed in unity-system-compositor: | |
importance: | Medium → High |
status: | Confirmed → Triaged |
Changed in mir: | |
importance: | Medium → High |
status: | Confirmed → Triaged |
Changed in mesa (Ubuntu): | |
status: | Invalid → Triaged |
importance: | Critical → High |
Changed in libdrm (Ubuntu): | |
importance: | Critical → High |
Changed in nouveau: | |
importance: | Unknown → Medium |
status: | Unknown → In Progress |
Changed in nouveau: | |
status: | In Progress → Unknown |
Changed in mesa: | |
status: | Unknown → New |
Created attachment 118838
kernel log
I've encountered an easily reproducible segfault using the Firefox OS emulator while I was hacking the said operating. The Firefox OS emulator [1] is a fork of the Android emulator which is in turn a fork of qemu. In both cases the graphics part is untouched so it might be possible to reproduce the same issue in qemu even though I didn't have the time to try it.
Here's my full STR:
1) Build the Firefox OS emulator using the emulator-x86-kk target device ( git clone https:/ /github. com/mozilla- b2g/B2G. git ; cd B2G ; ./config.sh emulator-x86-kk ; ./build.sh )
2) Launch it from the tree using the run-emulator.sh script
3) Once Firefox OS has started quickly click on any application and keep clicking on buttons / input boxes / etc... The segfault will normally happen in a matter of seconds
I've reproduced the bug both on Fedora 22 and Gentoo so it doesn't look like distro-specific, these are the versions number taken from my Gentoo installation:
xf86-video-nouveau 1.0.11
libdrm 2.4.59
mesa 10.3.7
xorg-server 1.16.4
kernel 4.0.5
I've captured a stack trace of the segfault with gdb:
Program received signal SIGSEGV, Segmentation fault. libdrm_ nouveau. so.2 libdrm_ nouveau. so.2 libdrm_ nouveau. so.2 dri/nouveau_ dri.so dri/nouveau_ dri.so dri/nouveau_ dri.so dri/nouveau_ dri.so dri/nouveau_ dri.so dri/nouveau_ dri.so opengl/ host/libs/ Translator/ GLES_V2/ GLESv2Imp. cpp:576 context_ t::decode (this=0xc3dfdfd4, buf=0xc47ff008, len=5452, stream=0xc6400768) linux-x86/ obj/STATIC_ LIBRARIES/ libGLESv2_ dec_intermediat es/gl2_ dec.cpp: 565 opengl/ host/libs/ libOpenglRender /RenderThread. cpp:128 :Thread: :thread_ main (p_arg=0xc6400788) at sdk/emulator/ opengl/ shared/ OpenglOsUtils/ osThreadUnix. cpp:83 libpthread. so.0
[Switching to Thread 0xc3dfeb40 (LWP 9387)]
0xf689a323 in pushbuf_kref () from /usr/lib32/
(gdb) bt
#0 0xf689a323 in pushbuf_kref () from /usr/lib32/
#1 0xf689ab9f in pushbuf_validate () from /usr/lib32/
#2 0xf6ce47e8 in nv50_state_validate () from /usr/lib32/
#3 0xf6cf0a49 in nv50_draw_vbo () from /usr/lib32/
#4 0xf6b3846d in cso_draw_vbo () from /usr/lib32/
#5 0xf6a5f29e in st_draw_vbo () from /usr/lib32/
#6 0xf6a30cd3 in vbo_draw_arrays () from /usr/lib32/
#7 0xf6a30f37 in vbo_exec_DrawArrays () from /usr/lib32/
#8 0xf72ca52b in glDrawArrays (mode=4, first=0, count=6) at sdk/emulator/
#9 0xf74b9965 in gl2_decoder_
at out/host/
#10 0xf74b662c in RenderThread::Main (this=0xc6400788) at sdk/emulator/
#11 0xf74cdc3d in osUtils:
#12 0xf7f9711f in start_thread () from /lib32/
#13 0xf7d5f79e in clone () from /lib32/libc.so.6
I'm attaching the kernel log and the X log. Those may be "polluted" by other stuff as my machine has been running for some time since I've hit the bug. I'll try to provide cleaner ones right after I hit the bug. If more detailed information is needed (e.g. a backtrace with finer-grained debug information, etc...) I can provide it given some time to gather it.
[1] https:/ /developer. mozilla. org/en- US/docs/ Mozilla/ Firefox_ OS/Using_ the_B2G_ emulators