Bug 862466 - [abrt] firefox-15.0.1-1.fc17: nouveau_flush: Process /usr/lib/firefox/firefox was killed by signal 11 (SIGSEGV)
Summary: [abrt] firefox-15.0.1-1.fc17: nouveau_flush: Process /usr/lib/firefox/firefox...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: mesa
Version: 17
Hardware: i686
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Adam Jackson
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:95decfc42d92f23c5d009050113...
: 861604 870043 871199 882478 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-10-03 02:28 UTC by Darío
Modified: 2013-07-31 17:54 UTC (History)
15 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 987495 (view as bug list)
Environment:
Last Closed: 2013-07-31 17:53:51 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
File: core_backtrace (1.49 KB, text/plain)
2012-10-03 02:28 UTC, Darío
no flags Details
File: environ (3.85 KB, text/plain)
2012-10-03 02:28 UTC, Darío
no flags Details
File: backtrace (14.80 KB, text/plain)
2012-10-03 02:28 UTC, Darío
no flags Details
File: limits (1.29 KB, text/plain)
2012-10-03 02:28 UTC, Darío
no flags Details
File: cgroup (129 bytes, text/plain)
2012-10-03 02:28 UTC, Darío
no flags Details
File: maps (18.20 KB, text/plain)
2012-10-03 02:28 UTC, Darío
no flags Details
File: dso_list (6.11 KB, text/plain)
2012-10-03 02:28 UTC, Darío
no flags Details
File: build_ids (3.00 KB, text/plain)
2012-10-03 02:29 UTC, Darío
no flags Details
File: var_log_messages (396 bytes, text/plain)
2012-10-03 02:29 UTC, Darío
no flags Details
File: open_fds (199 bytes, text/plain)
2012-10-03 02:29 UTC, Darío
no flags Details

Description Darío 2012-10-03 02:28:45 UTC
Description of problem:
entre a mi cuenta y aparecio al inicio 

Version-Release number of selected component:
firefox-15.0.1-1.fc17

Additional info:
libreport version: 2.0.14
abrt_version:   2.0.13
backtrace_rating: 4
cmdline:        /usr/lib/firefox/firefox
crash_function: nouveau_flush
kernel:         3.5.4-2.fc17.i686

truncated backtrace:
:Thread no. 1 (10 frames)
: #0 nouveau_flush at nouveau_driver.c:70
: #2 _mesa_flush at main/context.c:1652
: #3 _mesa_make_current at main/context.c:1431
: #4 _mesa_meta_free at drivers/common/meta.c:417
: #5 nouveau_context_deinit at nouveau_context.c:182
: #6 nv10_context_destroy at nv10_context.c:414
: #7 nouveau_context_destroy at nouveau_context.c:199
: #8 driDestroyContext at ../common/dri_util.c:277
: #9 dri2_destroy_context at dri2_glx.c:132
: #10 glXDestroyContext at glxcmds.c:424

Comment 1 Darío 2012-10-03 02:28:48 UTC
Created attachment 620581 [details]
File: core_backtrace

Comment 2 Darío 2012-10-03 02:28:50 UTC
Created attachment 620582 [details]
File: environ

Comment 3 Darío 2012-10-03 02:28:52 UTC
Created attachment 620583 [details]
File: backtrace

Comment 4 Darío 2012-10-03 02:28:54 UTC
Created attachment 620584 [details]
File: limits

Comment 5 Darío 2012-10-03 02:28:55 UTC
Created attachment 620585 [details]
File: cgroup

Comment 6 Darío 2012-10-03 02:28:57 UTC
Created attachment 620586 [details]
File: maps

Comment 7 Darío 2012-10-03 02:28:59 UTC
Created attachment 620587 [details]
File: dso_list

Comment 8 Darío 2012-10-03 02:29:01 UTC
Created attachment 620588 [details]
File: build_ids

Comment 9 Darío 2012-10-03 02:29:02 UTC
Created attachment 620589 [details]
File: var_log_messages

Comment 10 Darío 2012-10-03 02:29:04 UTC
Created attachment 620590 [details]
File: open_fds

Comment 11 Jan Horak 2012-10-03 14:56:53 UTC
Looks like mesa issue, changing component.

Comment 12 Jan Horak 2012-10-03 14:57:35 UTC
*** Bug 861604 has been marked as a duplicate of this bug. ***

Comment 13 Michael Carney 2012-10-07 04:27:50 UTC
Problem happens for both firefox 15 and thunderbird 15, F17

Comment 14 Paul 2012-10-10 16:29:52 UTC
I got an abrt for this F17 Xfce Firefox 15.0.1 (reporting noted it was a dupe and directed me to this bug report. Happens when starting up Firefox but cannot see any problems caused by it aside from the abrt

Thanks,
Paul

Comment 15 Philippe Vouters 2012-10-29 18:01:38 UTC
Problem occurs with any code which uses the nouveau driver. This includes any graphical code (Firefox/Thunderbird to just name a few among many).

The call sequence is:

(gdb) where
#0  nouveau_flush (ctx=0xb7595000) at nouveau_driver.c:70
#1  nouveau_flush (ctx=0xb7595000) at nouveau_driver.c:57
#2  0xb71a80e1 in _mesa_flush (ctx=0xb7595000) at main/context.c:1652
#3  0xb71a8192 in _mesa_make_current (newCtx=newCtx@entry=0x0, 
    drawBuffer=drawBuffer@entry=0x0, readBuffer=readBuffer@entry=0x0)
    at main/context.c:1431
#4  0xb72dd86c in _mesa_meta_free (ctx=ctx@entry=0xb7595000)
    at drivers/common/meta.c:417
#5  0xb718536d in nouveau_context_deinit (ctx=ctx@entry=0xb7595000)
    at nouveau_context.c:182
#6  0xb719a429 in nv20_context_destroy (ctx=0xb7595000) at nv20_context.c:427
#7  0xb71853f3 in nouveau_context_destroy (dri_ctx=0xb7566ac0)
    at nouveau_context.c:199
#8  0xb7181adb in driDestroyContext (pcp=0xb7566ac0)
    at ../common/dri_util.c:277
#9  0x421af01b in dri2_destroy_context (context=0xb757c0c0) at dri2_glx.c:132
#10 0x42185e08 in glXDestroyContext (ctx=0xb757c0c0, dpy=0xb7504000)
    at glxcmds.c:424
#11 glXDestroyContext (dpy=0xb7504000, ctx=0xb757c0c0) at glxcmds.c:405
#12 0x42d0a76e in ?? () from /usr/lib/xulrunner-2/libxul.so
#13 0x42d0a8f2 in ?? () from /usr/lib/xulrunner-2/libxul.so
#14 0x42d01705 in ?? () from /usr/lib/xulrunner-2/libxul.so
#15 0x42d052b1 in ?? () from /usr/lib/xulrunner-2/libxul.so

This is because nouveau_driver.c at line 70 does NOT test for drawable == NULL hence the SIGSEGV at drawable->loaderPrivate memory access.


[New LWP 2533]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
Core was generated by `/usr/lib/firefox/firefox -remote openURL(about:blank,new-window)'.
Program terminated with signal 11, Segmentation fault.
#0  nouveau_flush (ctx=0xb7595000) at nouveau_driver.c:70
70                      dri2->flushFrontBuffer(drawable, drawable->loaderPrivate);
Missing separate debuginfos, use: debuginfo-install firefox-15.0.1-1.fc17.i686
(gdb) list
65                  ctx->DrawBuffer->_ColorDrawBufferIndexes[0] == BUFFER_FRONT_LEFT) {
66                      __DRIscreen *screen = nctx->screen->dri_screen;
67                      __DRIdri2LoaderExtension *dri2 = screen->dri2.loader;
68                      __DRIdrawable *drawable = nctx->dri_context->driDrawablePriv;
69      
70                      dri2->flushFrontBuffer(drawable, drawable->loaderPrivate);
71              }
72      }
73      
74      static void
(gdb) print drawable
$1 = (__DRIdrawable *) 0x0

Comment 16 Jan Horak 2012-11-01 12:34:31 UTC
*** Bug 871199 has been marked as a duplicate of this bug. ***

Comment 17 Jan Horak 2012-11-01 12:37:23 UTC
*** Bug 870043 has been marked as a duplicate of this bug. ***

Comment 18 Jan Horak 2012-12-05 13:27:38 UTC
*** Bug 882478 has been marked as a duplicate of this bug. ***

Comment 19 Philippe Vouters 2012-12-11 12:08:22 UTC
How to reproduce the problem and produce core files.

Ensure you run the nouveau Xorg driver.
Activate tail -f /var/log/messages in one terminal window.

To produce a core with Firefox:
Only start Firefox
/var/log/messages then says:
Dec 11 12:48:02 victor kernel: [11149.708428] firefox[16394]: segfault at 4 ip b7186359 sp bfb918d0 error 4 in nouveau_vieux_dri.so[b716f000+36d000]
Dec 11 12:48:03 victor kernel: [11150.008955] firefox[16419]: segfault at 4 ip b7186359 sp bffeea90 error 4 in nouveau_vieux_dri.so[b716f000+36d000]

To produce a core with Thunderbird:
Activate Thunderbird. Then File->Quit.
/var/log/messages then says:
Dec 11 12:47:36 victor kernel: [11123.406582] thunderbird[16322]: segfault at 4 ip b4fb8359 sp bff47d80 error 4 in nouveau_vieux_dri.so[b4fa1000+36d000]

To produce a core with Google Chrome:
Activate Google Chrome
/var/log/messages then says:
Dec 11 12:59:25 victor kernel: [11832.412421] chrome[16923]: segfault at 4 ip b1535359 sp bf9a0690 error 4 in nouveau_vieux_dri.so[b151e000+36d000]

Interestingly enough, Opera version 12.11 as well as evolution client version 3.4.4 do not produce any core file.

Comment 20 craig.ackerman 2012-12-19 13:09:28 UTC
Same issue with the nouveau driver. Firefox and xscreensaver can cause segfaults

# tail /var/log/messages
Dec 19 06:40:19 fedora1 kernel: [236537.411302] firefox[4670]: segfault at 4 ip b7138359 sp bf8056d0 error 4 in nouveau_vieux_dri.so[b7121000+36d000]

# uname -a 
Linux fedora1.localdomain 3.6.9-2.fc17.i686 #1 SMP Tue Dec 4 14:22:00 UTC 2012 i686 i686 i386 GNU/Linux

# rpm -qa|grep nouveau
xorg-x11-drv-nouveau-0.0.16-37.20120306gitf5d1cd2.fc17.i686

# lspci -v
01:00.0 VGA compatible controller: nVidia Corporation NV17 [GeForce4 MX 420] (rev a3) (prog-if 00 [VGA controller])
	Subsystem: nVidia Corporation Device 015a
	Flags: bus master, 66MHz, medium devsel, latency 64, IRQ 16
	Memory at fc000000 (32-bit, non-prefetchable) [size=16M]
	Memory at f4000000 (32-bit, prefetchable) [size=64M]
	Memory at f3f80000 (32-bit, prefetchable) [size=512K]
	Expansion ROM at f0000000 [disabled] [size=128K]
	Capabilities: [60] Power Management version 2
	Capabilities: [44] AGP version 2.0
	Kernel driver in use: nouveau

Comment 21 vhrobert 2013-02-21 05:36:42 UTC
I opened Firefox , thats it, and the bug report light came on

backtrace_rating: 4
Package: firefox-18.0.2-1.fc18
OS Release: Fedora release 18 (Spherical Cow)

Comment 22 jean-filip tripcevic 2013-02-23 09:17:59 UTC
I have two PC's. One running Fedora 17 and the other Fedora 18. I reported this bug on my F18 box. I didn't have the problem on F17. At least on my case it's a graphic card problem. Both my boxes are Pentium 4. The only difference is my F17 box has a newer NVIDA card whereas the F18 box has an older one. Here's the exception from the F18 box along with the VGA type:

Core was generated by `/usr/lib/firefox/firefox'.
Program terminated with signal 11, Segmentation fault.
#0  nouveau_flush (ctx=0xb759b000) at nouveau_driver.c:72
72			dri2->flushFrontBuffer(drawable, drawable->loaderPrivate);
(gdb) list
67		    ctx->DrawBuffer->_ColorDrawBufferIndexes[0] == BUFFER_FRONT_LEFT) {
68			__DRIscreen *screen = nctx->screen->dri_screen;
69			__DRIdri2LoaderExtension *dri2 = screen->dri2.loader;
70			__DRIdrawable *drawable = nctx->dri_context->driDrawablePriv;
71	
72			dri2->flushFrontBuffer(drawable, drawable->loaderPrivate);
73		}
74	}
75	
76	static void

01:00.0 VGA compatible controller: NVIDIA Corporation NV18 [GeForce4 MX 440 AGP 8x] (rev a2) (prog-if 00 [VGA controller])
	Subsystem: ASUSTeK Computer Inc. Device 80bb
	Flags: bus master, 66MHz, medium devsel, latency 32, IRQ 16
	Memory at fd000000 (32-bit, non-prefetchable) [size=16M]
	Memory at e8000000 (32-bit, prefetchable) [size=128M]
	Expansion ROM at fe9e0000 [disabled] [size=128K]
	Capabilities: [60] Power Management version 2
	Capabilities: [44] AGP version 3.0
	Kernel driver in use: nouveau

And here's the VGA from my F17 box that doesn't have the problem:

01:00.0 VGA compatible controller: nVidia Corporation NV44A [GeForce 6200] (rev a1) (prog-if 00 [VGA controller])
	Flags: bus master, 66MHz, medium devsel, latency 32, IRQ 16
	Memory at f8000000 (32-bit, non-prefetchable) [size=16M]
	Memory at e0000000 (32-bit, prefetchable) [size=256M]
	Memory at f9000000 (32-bit, non-prefetchable) [size=16M]
	[virtual] Expansion ROM at fa000000 [disabled] [size=128K]
	Capabilities: <access denied>
	Kernel driver in use: nouveau

I installed F18 on my F17 box and there's no exception. The NV44A works but the NV18 doesn't.

Comment 23 Michael Carney 2013-03-05 18:28:05 UTC
*Look* -- this bug has been with us since F17, Philippe Vouters has nicely already root-caused the problem and provided the fix. (Thanks, Philippe).

WHAT'S THE HOLDUP?

Comment 24 Paul Gresham 2013-03-22 03:12:15 UTC
This error occurs each time the browser is envoked.

backtrace_rating: 4
Package: firefox-19.0.2-1.fc18
OS Release: Fedora release 18 (Spherical Cow)

Comment 25 kurt.wenngren 2013-05-09 18:37:40 UTC
starting firefox

backtrace_rating: 4
cmdline:        /usr/lib/firefox/firefox
crash_function: nouveau_flush
executable:     /usr/lib/firefox/firefox
kernel:         3.8.11-200.fc18.i686
last_occurrence: 1368124100
package:        firefox-20.0-1.fc18
reason:         Process /usr/lib/firefox/firefox was killed by signal 11 (SIGSEGV)
runlevel:       N 5
uid:            1000
ureports_counter: 3
xsession_errors: abrt-applet: repeated problem in firefox-20.0-1.fc18, not showing the notification

Comment 26 Fedora End Of Life 2013-07-03 19:26:35 UTC
This message is a reminder that Fedora 17 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 17. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '17'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 17's end of life.

Bug Reporter:  Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 17 is end of life. If you 
would still like  to see this bug fixed and are able to reproduce it 
against a later version  of Fedora, you are encouraged  change the 
'version' to a later Fedora version prior to Fedora 17's end of life.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 27 Fedora End Of Life 2013-07-31 17:54:00 UTC
Fedora 17 changed to end-of-life (EOL) status on 2013-07-30. Fedora 17 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.