desktop-packages team mailing list archive

Thread
Date
[Bug 1378627] Re: chromium-browser crashed with SIGSEGV

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Bug Watch Updater <1378627@xxxxxxxxxxxxxxxxxx>
Date: Tue, 03 Feb 2015 18:23:46 -0000
Reply-to: Bug 1378627 <1378627@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Launchpad has imported 4 comments from the remote bug at
https://bugs.freedesktop.org/show_bug.cgi?id=82793.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2014-08-19T01:28:27+00:00 Loic-yhuel wrote:

It doesn't crash with LIBGL_DRI3_DISABLE=1.

mesa-dri-drivers-10.2.5-1.20140806.fc21.x86_64
xorg-x11-drv-intel-2.99.914-1.fc21.x86_64
libdrm-2.4.56-1.fc21.x86_64
xorg-x11-server-Xorg-1.16.0-1.fc21.x86_64
kernel-3.16.1-300.fc21.x86_64
google-chrome-unstable-38.0.2125.0-1.x86_64

I've tried Mesa master (76f687d5a5be9d3bce8d05bcfef97a3d74ca1f18) and
xf86-video-intel master (f5469681b620d9d6ccaf53e92ed31f931cb03b0d), but
it's the same.


Core was generated by `/opt/google/chrome-unstable/chrome --type=gpu-process --channel=2180.0.73132887'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  get_stencil_miptree (irb=<optimized out>) at brw_misc_state.c:225
225        if (irb->mt->stencil_mt)
(gdb) bt
#0  0x00007f80fb33a51f in brw_workaround_depthstencil_alignment (irb=<optimized out>) at brw_misc_state.c:225
#1  0x00007f80fb33a51f in brw_workaround_depthstencil_alignment (brw=0x3f6385fa2028, clear_mask=clear_mask@entry=50) at brw_misc_state.c:241
#2  0x00007f80fb2f09d0 in brw_clear (ctx=0x3f6385fa2028, mask=50) at brw_clear.c:235
#3  0x00007f8114982816 in  ()
#4  0x0000000000000000 in  ()
(gdb) up
#1  brw_workaround_depthstencil_alignment (brw=0x1fca0ea81028, clear_mask=clear_mask@entry=50) at brw_misc_state.c:241
241        struct intel_mipmap_tree *stencil_mt = get_stencil_miptree(stencil_irb);
(gdb) p *(struct intel_renderbuffer *)(brw->ctx->DrawBuffer->Attachment[BUFFER_DEPTH].Renderbuffer)
$11 = {Base = {Base = {Mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, 
        __size = '\000' <repeats 39 times>, __align = 0}, ClassID = 305419896, Name = 0, Label = 0x0, RefCount = 1, Width = 0, Height = 0, Depth = 0, Purgeable = 0 '\000', 
      AttachedAnytime = 0 '\000', NeedsFinishRenderTexture = 0 '\000', NumSamples = 0 '\000', InternalFormat = 6402, _BaseFormat = 6402, Format = MESA_FORMAT_Z24_UNORM_X8_UINT, TexImage = 0x0, 
      Delete = 0x7f41ed700240 <intel_delete_renderbuffer>, AllocStorage = 0x7f41ed701480 <intel_alloc_private_renderbuffer_storage>}, Buffer = 0x0, Map = 0x0, RowStride = 0, ColorType = 0}, 
  mt = 0x0, singlesample_mt = 0x0, mt_level = 0, mt_layer = 0, layer_count = 1, draw_x = 0, draw_y = 0, need_downsample = false, need_map_upsample = false, singlesample_mt_is_tmp = false}

The crash happens since mt is 0, but other members looks strange (Width,
Height, ...).

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1378627/comments/0

------------------------------------------------------------------------
On 2014-08-19T01:34:10+00:00 Loic-yhuel wrote:

Sorry, I printed the wrong attachment, but it's almost the same :
(gdb) p *(struct intel_renderbuffer *)(brw->ctx->DrawBuffer->Attachment[BUFFER_STENCIL].Renderbuffer)
$1 = {Base = {Base = {Mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, 
        __size = '\000' <repeats 39 times>, __align = 0}, ClassID = 305419896, Name = 0, Label = 0x0, RefCount = 1, Width = 0, Height = 0, Depth = 0, Purgeable = 0 '\000', 
      AttachedAnytime = 0 '\000', NeedsFinishRenderTexture = 0 '\000', NumSamples = 0 '\000', InternalFormat = 6401, _BaseFormat = 6401, Format = MESA_FORMAT_S_UINT8, TexImage = 0x0, Delete = 
    0x7f044aa94240 <intel_delete_renderbuffer>, AllocStorage = 0x7f044aa95480 <intel_alloc_private_renderbuffer_storage>}, Buffer = 0x0, Map = 0x0, RowStride = 0, ColorType = 0}, mt = 0x0, 
  singlesample_mt = 0x0, mt_level = 0, mt_layer = 0, layer_count = 1, draw_x = 0, draw_y = 0, need_downsample = false, need_map_upsample = false, singlesample_mt_is_tmp = false}

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1378627/comments/1

------------------------------------------------------------------------
On 2014-11-19T01:31:07+00:00 Loic-yhuel wrote:

I don't know why, but doesn't crash any more now.
It could be any update to the given packages, so I don't know if the root cause is fixed, or if some change just avoids the problem.

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1378627/comments/14

------------------------------------------------------------------------
On 2014-12-06T15:26:35+00:00 Chris Bainbridge wrote:


*** This bug has been marked as a duplicate of bug 77402 ***

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1378627/comments/18


** Changed in: mesa
       Status: Unknown => Invalid

** Changed in: mesa
   Importance: Unknown => Medium

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1378627

Title:
  chromium-browser crashed with SIGSEGV

Status in Chromium Browser:
  Unknown
Status in Mesa:
  Invalid
Status in chromium-browser package in Ubuntu:
  Fix Committed
Status in chromium-browser package in Debian:
  Confirmed
Status in chromium-browser package in Fedora:
  Unknown

Bug description:
  No idea what happened.

  ProblemType: Crash
  DistroRelease: Ubuntu 14.10
  Package: chromium-browser 37.0.2062.94-0ubuntu1~pkg1065
  ProcVersionSignature: Ubuntu 3.16.0-21.28-generic 3.16.4
  Uname: Linux 3.16.0-21-generic x86_64
  ApportVersion: 2.14.7-0ubuntu3
  Architecture: amd64
  CrashCounter: 1
  CurrentDesktop: Unity
  Date: Wed Oct  8 07:12:48 2014
  ExecutablePath: /usr/lib/chromium-browser/chromium-browser
  InstallationDate: Installed on 2013-12-22 (289 days ago)
  InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20131221)
  ProcCmdline: chromium-browser\ --type=gpu-process\ --channel=3043.0.199670400\ --supports-dual-gpus=false\ --gpu-driver-bug-workarounds=1,11,15\ --disable-accelerated-video-decode\ --gpu-vendor-id=0x8086\ --gpu-device-id=0x0126\ --gpu-driver-vendor\ --gpu-driver-versi
  SegvAnalysis:
   Segfault happened at: 0x7fc0e6b1963f:	mov    0x1f8(%rax),%r15
   PC (0x7fc0e6b1963f) ok
   source "0x1f8(%rax)" (0x000001f8) not located in a known VMA region (needed readable region)!
   destination "%r15" ok
  SegvReason: reading NULL VMA
  Signal: 11
  SourcePackage: chromium-browser
  StacktraceTop:
   ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
   ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
   ?? () from /usr/lib/chromium-browser/libs/libgpu.so
   ?? () from /usr/lib/chromium-browser/libs/libcontent.so
   ?? () from /usr/lib/chromium-browser/libs/libcontent.so
  Title: chromium-browser crashed with SIGSEGV
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm autopilot cdrom dip lpadmin plugdev sambashare scanner sudo
  modified.conffile..etc.default.chromium.browser: [deleted]
  mtime.conffile..etc.chromium.browser.default: 2014-09-14T18:16:36.315577

To manage notifications about this bug go to:
https://bugs.launchpad.net/chromium-browser/+bug/1378627/+subscriptions