Closed Bug 1595704 Opened 5 years ago Closed 3 years ago

Crash in [@ nv30_fp_state_bind]

Categories

(External Software Affecting Firefox :: Other, defect, P3)

Product:
External Software Affecting Firefox
Component:
Other
Platform:
Unspecified
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: gsvelto, Unassigned)

References

Details

(Keywords: crash)

Crash Data

This bug is for crash report bp-6ff962c9-a170-4a76-9974-561a10191112.

Top 10 frames of crashing thread:

0 nouveau_dri.so nv30_fp_state_bind /build/mesa-_I81I2/mesa-18.0.5/build/src/gallium/drivers/nouveau/../../../../../src/gallium/drivers/nouveau/nv30/nv30_fragprog.c:174
1 nouveau_dri.so cso_delete_fragment_shader /build/mesa-_I81I2/mesa-18.0.5/build/src/gallium/auxiliary/../../../../src/gallium/auxiliary/cso_cache/cso_context.c:660
2 nouveau_dri.so destroy_program_variants /build/mesa-_I81I2/mesa-18.0.5/build/src/mesa/../../../src/mesa/state_tracker/st_program.c:261
3 nouveau_dri.so destroy_shader_program_variants_cb /build/mesa-_I81I2/mesa-18.0.5/build/src/mesa/../../../src/mesa/state_tracker/st_program.c:1824
4 nouveau_dri.so _mesa_HashWalk /build/mesa-_I81I2/mesa-18.0.5/build/src/mesa/../../../src/mesa/main/hash.c:336
5 nouveau_dri.so st_destroy_context /build/mesa-_I81I2/mesa-18.0.5/build/src/mesa/../../../src/mesa/state_tracker/st_context.c:657
6 nouveau_dri.so dri_destroy_context /build/mesa-_I81I2/mesa-18.0.5/build/src/gallium/state_trackers/dri/../../../../../src/gallium/state_trackers/dri/dri_context.c:239
7 nouveau_dri.so driDestroyContext /build/mesa-_I81I2/mesa-18.0.5/build/src/mesa/drivers/dri/common/../../../../../../src/mesa/drivers/dri/common/dri_util.c:530
8 libGL.so.1.2.0 dri2_destroy_context /build/mesa-_I81I2/mesa-18.0.5/build/src/glx/../../../src/glx/dri2_glx.c:123
9 libGL.so.1.2.0 glXDestroyContext /build/mesa-_I81I2/mesa-18.0.5/build/src/glx/../../../src/glx/glxcmds.c:471

This is a NULL-pointer dereference in mesa's nouveau driver that causes crashes in content processes. The vast majority of the crashes are coming from Debian 9 and older with older Ubuntu LTS ranking somewhat below that. More recent versions of mesa seem unaffected. I will file a bug in Debian's tracker and link it back here.

It seems that reporting a bug to Debian w/o having Debian installed is tricky business. I'll let this lie until I have some spare time to install Debian in a VM.

The priority flag is not set for this bug.
:marcia, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(mozillamarcia.knous)

This is not something we can fix ourselves but we should try and make sure that it's fixed upstream so setting to P3.

Priority: -- → P3
Flags: needinfo?(mozillamarcia.knous)
Crash Signature: [@ nv30_fp_state_bind] → [@ nv30_fp_state_bind] [@ nv50_validate_tic ]

On Nightly this crash signature has been spiking 10x in the last days, the crashes started to spike after March 27

status-firefox76: --- → affected
status-firefox77: --- → affected

The second signature is being handled in bug 1626898 so I'm removing it from here since it's a different crash. After that lands the driver responsible for this will be blocked so this should go away too.

Crash Signature: [@ nv30_fp_state_bind] [@ nv50_validate_tic ] → [@ nv30_fp_state_bind]
See Also: → nv50_validate_tic

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.