Bug 697302

Summary: gnome-shell segfault on Nvidia GeForce4 MX 440
Product: [Fedora] Fedora Reporter: Ron Yorston <rmy>
Component: gnome-shellAssignee: Owen Taylor <otaylor>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 15CC: jskala, luigi.3010, maxamillion, otaylor, samkraju, walters
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-05 16:31:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
/var/log/messages none

Description Ron Yorston 2011-04-17 15:46:04 UTC 
Created attachment 492721 [details]
/var/log/messages

Description of problem:

Using the F15 Beta Live CD gnome-shell segfaults.  I have to turn off hardware acceleration to obtain fallback mode.

Version-Release number of selected component (if applicable):

gnome-shell-3.0.0-1.fc15

How reproducible:

Every time.

Steps to Reproduce:
1. Boot Live CD
2. Crash
  
Additional info:

lspci says my hardware is:

VGA compatible controller: nVidia Corporation NV17 [GeForce4 MX 440] (rev a3)
Comment 1 Ron Yorston 2011-06-05 14:45:57 UTC 
The problem persists on a fully updated F15 system.  After installing the debuginfo for mesa I got this traceback for the segfault:

Program terminated with signal 11, Segmentation fault.
#0  _mesa_base_fbo_format (ctx=0x0, internalFormat=36763)
    at main/fbobject.c:1134
1134          return ctx->Extensions.EXT_texture_snorm ? GL_RGBA : 0;
Missing separate debuginfos, use: debuginfo-install gnome-shell-3.0.2-1.fc15.i686
(gdb) where
#0  _mesa_base_fbo_format (ctx=0x0, internalFormat=36763)
    at main/fbobject.c:1134
#1  0x05be19f5 in _mesa_soft_renderbuffer_storage (ctx=0x0, rb=0xa1c3cb0, 
    internalFormat=36763, width=1280, height=1024) at main/renderbuffer.c:1696
#2  0x05ba7580 in _mesa_resize_framebuffer (ctx=0x0, fb=0xa1c3830, width=1280, 
    height=1024) at main/framebuffer.c:302
#3  0x05b5bdc4 in nouveau_update_renderbuffers (dri_ctx=0x9da2830, draw=
    0xa1c37b0) at nouveau_context.c:264
#4  0x05b62b9c in nouveau_set_texbuffer (dri_ctx=0x9da2830, target=34037, 
    format=8409, draw=0xa1c37b0) at nouveau_texture.c:606
#5  0x0079cce8 in dri2_bind_tex_image (dpy=0x9d26a70, drawable=16777240, 
    buffer=8414, attrib_list=0x0) at dri2_glx.c:712
#6  0x00773c44 in __glXBindTexImageEXT (dpy=0x9d26a70, drawable=16777240, 
    buffer=8414, attrib_list=0x0) at glxcmds.c:2298
#7  0x0100b703 in ?? () from /usr/lib/libclutter-glx-1.0.so.0
#8  0x0100bcaa in ?? () from /usr/lib/libclutter-glx-1.0.so.0
#9  0x0100be39 in ?? () from /usr/lib/libclutter-glx-1.0.so.0
#10 0x00ff93e2 in cogl_texture_get_gl_texture ()
   from /usr/lib/libclutter-glx-1.0.so.0
#11 0x00fecaa1 in cogl_pipeline_set_layer_texture ()
   from /usr/lib/libclutter-glx-1.0.so.0
#12 0x00ff403c in cogl_material_set_layer ()
   from /usr/lib/libclutter-glx-1.0.so.0

Evidently it's a null pointer dereference.  Looking at the code I applied this patch to replace the NULL context in the call to _mesa_resize_framebuffer with something a bit less null:

diff -up mesa-20110525/src/mesa/drivers/dri/nouveau/nouveau_context.c.nouveau-null-pointer mesa-20110525/src/mesa/drivers/dri/nouveau/nouveau_context.c
--- mesa-20110525/src/mesa/drivers/dri/nouveau/nouveau_context.c.nouveau-null-pointer   2011-05-25 03:44:16.000000000 +0100
+++ mesa-20110525/src/mesa/drivers/dri/nouveau/nouveau_context.c        2011-06-04 09:49:05.178447719 +0100
@@ -261,7 +261,7 @@ nouveau_update_renderbuffers(__DRIcontex
                assert(!ret);
        }

-       _mesa_resize_framebuffer(NULL, fb, draw->w, draw->h);
+       _mesa_resize_framebuffer(ctx, fb, draw->w, draw->h);
 }

 static void

With this patch gnome-shell no longer segfaults and does run after a fashion.  There were numerous graphical glitches, though, and eventually it hung.
Comment 2 Luigi Pardey 2012-02-05 16:31:51 UTC 
The same problem occurs in bug 705660, and it seems to be a nouveau-related
problem instead of gnome-shell.

in your /var/log/messages:
"localhost kernel: [  138.390949] gnome-shell[1697]: segfault at ccb ip
01c00e8f sp bfb959cc error 4 in nouveau_vieux_dri.so[1ba0000+326000]"


 Closing as Duplicate



-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers

*** This bug has been marked as a duplicate of bug 705660 ***