This bug is for crash report bp-6ff962c9-a170-4a76-9974-561a10191112. ``` Top 10 frames of crashing thread: 0 nouveau_dri.so nv30_fp_state_bind /build/mesa-_I81I2/mesa-18.0.5/build/src/gallium/drivers/nouveau/../../../../../src/gallium/drivers/nouveau/nv30/nv30_fragprog.c:174 1 nouveau_dri.so cso_delete_fragment_shader /build/mesa-_I81I2/mesa-18.0.5/build/src/gallium/auxiliary/../../../../src/gallium/auxiliary/cso_cache/cso_context.c:660 2 nouveau_dri.so destroy_program_variants /build/mesa-_I81I2/mesa-18.0.5/build/src/mesa/../../../src/mesa/state_tracker/st_program.c:261 3 nouveau_dri.so destroy_shader_program_variants_cb /build/mesa-_I81I2/mesa-18.0.5/build/src/mesa/../../../src/mesa/state_tracker/st_program.c:1824 4 nouveau_dri.so _mesa_HashWalk /build/mesa-_I81I2/mesa-18.0.5/build/src/mesa/../../../src/mesa/main/hash.c:336 5 nouveau_dri.so st_destroy_context /build/mesa-_I81I2/mesa-18.0.5/build/src/mesa/../../../src/mesa/state_tracker/st_context.c:657 6 nouveau_dri.so dri_destroy_context /build/mesa-_I81I2/mesa-18.0.5/build/src/gallium/state_trackers/dri/../../../../../src/gallium/state_trackers/dri/dri_context.c:239 7 nouveau_dri.so driDestroyContext /build/mesa-_I81I2/mesa-18.0.5/build/src/mesa/drivers/dri/common/../../../../../../src/mesa/drivers/dri/common/dri_util.c:530 8 libGL.so.1.2.0 dri2_destroy_context /build/mesa-_I81I2/mesa-18.0.5/build/src/glx/../../../src/glx/dri2_glx.c:123 9 libGL.so.1.2.0 glXDestroyContext /build/mesa-_I81I2/mesa-18.0.5/build/src/glx/../../../src/glx/glxcmds.c:471 ``` This is a NULL-pointer dereference in mesa's nouveau driver that causes crashes in content processes. The vast majority of the crashes are coming from Ubuntu 18.04 and older. More recent versions of mesa seem unaffected. I will file a bug in Ubuntu's tracker and link it back here.
Bug 1595704 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
This bug is for crash report bp-6ff962c9-a170-4a76-9974-561a10191112. ``` Top 10 frames of crashing thread: 0 nouveau_dri.so nv30_fp_state_bind /build/mesa-_I81I2/mesa-18.0.5/build/src/gallium/drivers/nouveau/../../../../../src/gallium/drivers/nouveau/nv30/nv30_fragprog.c:174 1 nouveau_dri.so cso_delete_fragment_shader /build/mesa-_I81I2/mesa-18.0.5/build/src/gallium/auxiliary/../../../../src/gallium/auxiliary/cso_cache/cso_context.c:660 2 nouveau_dri.so destroy_program_variants /build/mesa-_I81I2/mesa-18.0.5/build/src/mesa/../../../src/mesa/state_tracker/st_program.c:261 3 nouveau_dri.so destroy_shader_program_variants_cb /build/mesa-_I81I2/mesa-18.0.5/build/src/mesa/../../../src/mesa/state_tracker/st_program.c:1824 4 nouveau_dri.so _mesa_HashWalk /build/mesa-_I81I2/mesa-18.0.5/build/src/mesa/../../../src/mesa/main/hash.c:336 5 nouveau_dri.so st_destroy_context /build/mesa-_I81I2/mesa-18.0.5/build/src/mesa/../../../src/mesa/state_tracker/st_context.c:657 6 nouveau_dri.so dri_destroy_context /build/mesa-_I81I2/mesa-18.0.5/build/src/gallium/state_trackers/dri/../../../../../src/gallium/state_trackers/dri/dri_context.c:239 7 nouveau_dri.so driDestroyContext /build/mesa-_I81I2/mesa-18.0.5/build/src/mesa/drivers/dri/common/../../../../../../src/mesa/drivers/dri/common/dri_util.c:530 8 libGL.so.1.2.0 dri2_destroy_context /build/mesa-_I81I2/mesa-18.0.5/build/src/glx/../../../src/glx/dri2_glx.c:123 9 libGL.so.1.2.0 glXDestroyContext /build/mesa-_I81I2/mesa-18.0.5/build/src/glx/../../../src/glx/glxcmds.c:471 ``` This is a NULL-pointer dereference in mesa's nouveau driver that causes crashes in content processes. The vast majority of the crashes are coming from Debian 9 and older with older Ubuntu LTS ranking somewhat below that. More recent versions of mesa seem unaffected. I will file a bug in Debian's tracker and link it back here.