Bug 99396

Summary:	Crash in nouveau_dri.so when switching apps with alt-tab in Gnome
Product:	Mesa	Reporter:	afn2
Component:	Drivers/DRI/nouveau	Assignee:	Nouveau Project <nouveau>
Status:	RESOLVED MOVED	QA Contact:	Nouveau Project <nouveau>
Severity:	normal
Priority:	medium	CC:	bghome, ealloc, fdsfgs, ingvar, per.arnold, tommi.t.rantala
Version:	git
Hardware:	Other
OS:	All
Whiteboard:
i915 platform:		i915 features:
Attachments:	systemd journal output when the bug hits Systemd coredump

Description afn2 2017-01-13 13:06:13 UTC

Originally filed as a bug against Gnome (https://bugzilla.gnome.org/show_bug.cgi?id=777183) but they directed me here.

Intermittently, gnome-shell will crash with SIGSEGV when switching apps with alt-tab. See stack trace below.

Generally when this occurs, I'm running Firefox and Chromium, each with several windows open, and gnome-terminal. I'm not certain, but it seems to only happen when I mouse over the app switcher.

I'm running gnome-shell 3.22.2+18+gdf7727a-1 on Arch.

Please let me know what other information I can gather! I'll update the bug if I can come up with a reproducible way to trigger the crash.

Jan 12 12:37:20 mbp systemd-coredump[8769]: Process 8422 (gnome-shell) of user 1000 dumped core.
                                            
                                            Stack trace of thread 8422:
                                            #0  0x00007f63b1771793 __memmove_avx_unaligned_erms (libc.so.6)
                                            #1  0x00007f639e0baf40 n/a (nouveau_dri.so)
                                            #2  0x00007f639e1cb008 n/a (nouveau_dri.so)
                                            #3  0x00007f639e1c0355 n/a (nouveau_dri.so)
                                            #4  0x00007f639e1c0537 n/a (nouveau_dri.so)
                                            #5  0x00007f639e1cc3c4 n/a (nouveau_dri.so)
                                            #6  0x00007f639df1b922 n/a (nouveau_dri.so)
                                            #7  0x00007f639ddc6690 n/a (nouveau_dri.so)
                                            #8  0x00007f639dd763b7 n/a (nouveau_dri.so)
                                            #9  0x00007f639dd7bab5 n/a (nouveau_dri.so)
                                            #10 0x00007f639dd7c900 n/a (nouveau_dri.so)
                                            #11 0x00007f639dd005e7 n/a (nouveau_dri.so)
                                            #12 0x00007f639dd013e0 n/a (nouveau_dri.so)
                                            #13 0x00007f63af0e44ed n/a (libmutter-cogl.so)
                                            #14 0x00007f63af0d5b14 n/a (libmutter-cogl.so)
                                            #15 0x00007f63af10ae56 cogl_texture_allocate (libmutter-cogl.so)
                                            #16 0x00007f63af12640b n/a (libmutter-cogl.so)
                                            #17 0x00007f63af126909 cogl_texture_new_from_bitmap (libmutter-cogl.so)
                                            #18 0x00007f63b277e143 n/a (libmutter-clutter-1.0.so)
                                            #19 0x00007f63b275a85d clutter_actor_continue_paint (libmutter-clutter-1.0.so)
                                            #20 0x00007f63b2760aab n/a (libmutter-clutter-1.0.so)
                                            #21 0x00007f63b463daa0 n/a (libgnome-shell.so)
                                            #22 0x00007f63b1f26ecf g_closure_invoke (libgobject-2.0.so.0)
                                            #23 0x00007f63b1f3937d n/a (libgobject-2.0.so.0)
                                            #24 0x00007f63b1f41bcc g_signal_emit_valist (libgobject-2.0.so.0)
                                            #25 0x00007f63b1f41faf g_signal_emit (libgobject-2.0.so.0)
                                            #26 0x00007f63b275a8a3 clutter_actor_continue_paint (libmutter-clutter-1.0.so)
                                            #27 0x00007f63b2760aab n/a (libmutter-clutter-1.0.so)
                                            #28 0x00007f63b4647f90 n/a (libgnome-shell.so)
                                            #29 0x00007f63b1f26ecf g_closure_invoke (libgobject-2.0.so.0)
                                            #30 0x00007f63b1f3937d n/a (libgobject-2.0.so.0)
                                            #31 0x00007f63b1f41bcc g_signal_emit_valist (libgobject-2.0.so.0)
                                            #32 0x00007f63b1f41faf g_signal_emit (libgobject-2.0.so.0)
                                            #33 0x00007f63b275a8a3 clutter_actor_continue_paint (libmutter-clutter-1.0.so)
                                            #34 0x00007f63b2760aab n/a (libmutter-clutter-1.0.so)
                                            #35 0x00007f63b4656182 n/a (libgnome-shell.so)
                                            #36 0x00007f63b1f26ecf g_closure_invoke (libgobject-2.0.so.0)
                                            #37 0x00007f63b1f3937d n/a (libgobject-2.0.so.0)
                                            #37 0x00007f63b1f3937d n/a (libgobject-2.0.so.0)
                                            #38 0x00007f63b1f41bcc g_signal_emit_valist (libgobject-2.0.so.0)
                                            #39 0x00007f63b1f41faf g_signal_emit (libgobject-2.0.so.0)
                                            #40 0x00007f63b275a8a3 clutter_actor_continue_paint (libmutter-clutter-1.0.so)
                                            #41 0x00007f63b2760706 n/a (libmutter-clutter-1.0.so)
                                            #42 0x00007f63b463daa0 n/a (libgnome-shell.so)
                                            #43 0x00007f63b1f26ecf g_closure_invoke (libgobject-2.0.so.0)
                                            #44 0x00007f63b1f3937d n/a (libgobject-2.0.so.0)
                                            #45 0x00007f63b1f41bcc g_signal_emit_valist (libgobject-2.0.so.0)
                                            #46 0x00007f63b1f41faf g_signal_emit (libgobject-2.0.so.0)
                                            #47 0x00007f63b275a8a3 clutter_actor_continue_paint (libmutter-clutter-1.0.so)
                                            #48 0x00007f63b2760aab n/a (libmutter-clutter-1.0.so)
                                            #49 0x00007f63b463daa0 n/a (libgnome-shell.so)
                                            #50 0x00007f63b1f26ecf g_closure_invoke (libgobject-2.0.so.0)
                                            #51 0x00007f63b1f3937d n/a (libgobject-2.0.so.0)
                                            #52 0x00007f63b1f41bcc g_signal_emit_valist (libgobject-2.0.so.0)
                                            #53 0x00007f63b1f41faf g_signal_emit (libgobject-2.0.so.0)
                                            #54 0x00007f63b275a8a3 clutter_actor_continue_paint (libmutter-clutter-1.0.so)
                                            #55 0x00007f63b2760aab n/a (libmutter-clutter-1.0.so)
                                            #56 0x00007f63b463daa0 n/a (libgnome-shell.so)
                                            #57 0x00007f63b1f26ecf g_closure_invoke (libgobject-2.0.so.0)
                                            #58 0x00007f63b1f3937d n/a (libgobject-2.0.so.0)
                                            #59 0x00007f63b1f41bcc g_signal_emit_valist (libgobject-2.0.so.0)
                                            #60 0x00007f63b1f41faf g_signal_emit (libgobject-2.0.so.0)
                                            #61 0x00007f63b275a8a3 clutter_actor_continue_paint (libmutter-clutter-1.0.so)
                                            #62 0x00007f63b2760aab n/a (libmutter-clutter-1.0.so)
                                            #63 0x00007f63b27b347a n/a (libmutter-clutter-1.0.so)
                                            
                                            Stack trace of thread 8432:
                                            #0  0x00007f63b172848d poll (libc.so.6)
                                            #1  0x00007f63ada92ee1 n/a (libpulse.so.0)
                                            #2  0x00007f63ada846f1 pa_mainloop_poll (libpulse.so.0)
                                            #3  0x00007f63ada84d8e pa_mainloop_iterate (libpulse.so.0)
                                            #4  0x00007f63ada84e40 pa_mainloop_run (libpulse.so.0)
                                            #5  0x00007f63ada92e29 n/a (libpulse.so.0)
                                            #6  0x00007f63a31fcfe8 n/a (libpulsecommon-9.99.so)
                                            #7  0x00007f63b19ee454 start_thread (libpthread.so.0)
                                            #8  0x00007f63b17317df __clone (libc.so.6)
                                            
                                            Stack trace of thread 8434:
                                            #0  0x00007f63b19f410f pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0)
                                            #1  0x00007f63a492d4e0 PR_WaitCondVar (libnspr4.so)
                                            #2  0x00007f63ad55cbab n/a (libmozjs-24.so)
                                            #3  0x00007f63a4932d6c n/a (libnspr4.so)
                                            #4  0x00007f63b19ee454 start_thread (libpthread.so.0)
                                            #5  0x00007f63b17317df __clone (libc.so.6)
                                            
                                            Stack trace of thread 8424:
                                            #0  0x00007f63b172848d poll (libc.so.6)
                                            #1  0x00007f63b1c4e786 n/a (libglib-2.0.so.0)
                                            #2  0x00007f63b1c4e89c g_main_context_iteration (libglib-2.0.so.0)
                                            #3  0x00007f63b1c4e8e1 n/a (libglib-2.0.so.0)
                                            #4  0x00007f63b1c760d5 n/a (libglib-2.0.so.0)
                                            #5  0x00007f63b19ee454 start_thread (libpthread.so.0)
                                            #6  0x00007f63b17317df __clone (libc.so.6)
                                            
                                            Stack trace of thread 8433:
                                            #0  0x00007f63b19f410f pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0)
                                            #1  0x00007f63a492d4e0 PR_WaitCondVar (libnspr4.so)
                                            #2  0x00007f63ad4e8c0e n/a (libmozjs-24.so)
                                            #3  0x00007f63a4932d6c n/a (libnspr4.so)
                                            #4  0x00007f63b19ee454 start_thread (libpthread.so.0)
                                            #5  0x00007f63b17317df __clone (libc.so.6)
                                            
                                            Stack trace of thread 8767:
                                            #0  0x00007f63b172cf19 syscall (libc.so.6)
                                            #1  0x00007f63b1c9403a g_cond_wait_until (libglib-2.0.so.0)
                                            #2  0x00007f63b1c22e89 n/a (libglib-2.0.so.0)
                                            #3  0x00007f63b1c76aa6 n/a (libglib-2.0.so.0)
                                            #4  0x00007f63b1c760d5 n/a (libglib-2.0.so.0)
                                            #5  0x00007f63b19ee454 start_thread (libpthread.so.0)
                                            #6  0x00007f63b17317df __clone (libc.so.6)
                                            
                                            Stack trace of thread 8429:
                                            #0  0x00007f63b172848d poll (libc.so.6)
                                            #1  0x00007f63b1c4e786 n/a (libglib-2.0.so.0)
                                            #2  0x00007f63b1c4e89c g_main_context_iteration (libglib-2.0.so.0)
                                            #3  0x00007f639c2404bd n/a (libdconfsettings.so)
                                            #4  0x00007f63b1c760d5 n/a (libglib-2.0.so.0)
                                            #5  0x00007f63b19ee454 start_thread (libpthread.so.0)
                                            #6  0x00007f63b17317df __clone (libc.so.6)
                                            
                                            Stack trace of thread 8425:
                                            #0  0x00007f63b172848d poll (libc.so.6)
                                            #1  0x00007f63b1c4e786 n/a (libglib-2.0.so.0)
                                            #2  0x00007f63b1c4eb12 g_main_loop_run (libglib-2.0.so.0)
                                            #3  0x00007f63b2234316 n/a (libgio-2.0.so.0)
                                            #4  0x00007f63b1c760d5 n/a (libglib-2.0.so.0)
                                            #5  0x00007f63b19ee454 start_thread (libpthread.so.0)
                                            #6  0x00007f63b17317df __clone (libc.so.6)

Comment 1 afn2 2017-01-13 14:05:47 UTC

I've managed to reproduce the crash fairly consistently by doing the following:

1. Open two Firefox windows on one virtual desktop
2. Open a gnome-terminal window on another desktop
3. Repeatedly alt-tab between Firefox and gnome-terminal.

Comment 2 afn2 2017-01-19 03:10:01 UTC

FYI, I've managed to reproduce this bug with both mesa 13.0.3 as well as the current HEAD of master (180653c357d19ca88f7895f59874a58fac99cc53). I've also reproduced it with various versions of the kernel (most recently, 4.9.4 and 4.10-rc4).

This only happens with nouveau + mesa, not with the proprietary nvidia driver, which leads me to believe that the bug is most likely in mesa and not in gnome.

I'm happy to dig deep into this but I'd appreciate some pointers on where to look. Thanks!

Comment 3 Ilia Mirkin 2017-01-19 03:35:25 UTC

A backtrace would be a good start (with symbols, obviously). Also, make a mention of which GPU you're using. Lastly, I'm not sure if gnome-shell has jumped on the "let's use GL from multiple threads" bandwagon, but if so, that's just plain broken on nouveau for now - no point in trying to debug further.

Comment 4 afn2 2017-01-19 04:29:04 UTC

Thanks for the reply, Ilia. The video card is a GeForce 750M (GK107) in a mid-2014 MacBook Pro Retina.

I rebuilt the library without stripping symbols and then reproduced the crash. Here's an updated stack trace. Luckily it doesn't appear that there are multiple threads doing GL work:

Jan 18 23:22:24 mbp systemd-coredump[23240]: Process 23187 (gnome-shell) of user 1000 dumped core.

Stack trace of thread 23187:
#0  0x00007f8e82236793 __memmove_avx_unaligned_erms (libc.so.6)
#1  0x00007f8e6eb59160 nouveau_scratch_data (nouveau_dri.so)
#2  0x00007f8e6ec65b58 nvc0_update_user_vbufs_shared (nouveau_dri.so)
#3  0x00007f8e6ec5aea5 nvc0_state_validate (nouveau_dri.so)
#4  0x00007f8e6ec5b087 nvc0_state_validate_3d (nouveau_dri.so)
#5  0x00007f8e6ec66f14 nvc0_draw_vbo (nouveau_dri.so)
#6  0x00007f8e6e9bfe12 cso_draw_arrays (nouveau_dri.so)
#7  0x00007f8e6e8773d0 st_pbo_draw (nouveau_dri.so)
#8  0x00007f8e6e82e897 try_pbo_upload_common (nouveau_dri.so)
#9  0x00007f8e6e833f95 st_TexSubImage (nouveau_dri.so)
#10 0x00007f8e6e834de0 st_TexImage (nouveau_dri.so)
#11 0x00007f8e6e7b8f47 teximage (nouveau_dri.so)
#12 0x00007f8e6e7b9d40 _mesa_TexImage2D (nouveau_dri.so)
#13 0x00007f8e7fba94ed n/a (libmutter-cogl.so)
#14 0x00007f8e7fb9ab14 n/a (libmutter-cogl.so)
#15 0x00007f8e7fbcfe56 cogl_texture_allocate (libmutter-cogl.so)
#16 0x00007f8e7fbeb40b n/a (libmutter-cogl.so)
#17 0x00007f8e7fbeb909 cogl_texture_new_from_bitmap (libmutter-cogl.so)
#18 0x00007f8e83243143 n/a (libmutter-clutter-1.0.so)
#19 0x00007f8e8321f85d clutter_actor_continue_paint (libmutter-clutter-1.0.so)
#20 0x00007f8e83225aab n/a (libmutter-clutter-1.0.so)
#21 0x00007f8e85102aa0 n/a (libgnome-shell.so)
#22 0x00007f8e829ebecf g_closure_invoke (libgobject-2.0.so.0)
#23 0x00007f8e829fe37d n/a (libgobject-2.0.so.0)
#24 0x00007f8e82a06bcc g_signal_emit_valist (libgobject-2.0.so.0)
#25 0x00007f8e82a06faf g_signal_emit (libgobject-2.0.so.0)
#26 0x00007f8e8321f8a3 clutter_actor_continue_paint (libmutter-clutter-1.0.so)
#27 0x00007f8e83225aab n/a (libmutter-clutter-1.0.so)
#28 0x00007f8e8510cf90 n/a (libgnome-shell.so)
#29 0x00007f8e829ebecf g_closure_invoke (libgobject-2.0.so.0)
#30 0x00007f8e829fe37d n/a (libgobject-2.0.so.0)
#31 0x00007f8e82a06bcc g_signal_emit_valist (libgobject-2.0.so.0)
#32 0x00007f8e82a06faf g_signal_emit (libgobject-2.0.so.0)
#33 0x00007f8e8321f8a3 clutter_actor_continue_paint (libmutter-clutter-1.0.so)
#34 0x00007f8e83225aab n/a (libmutter-clutter-1.0.so)
#35 0x00007f8e8511b182 n/a (libgnome-shell.so)
#36 0x00007f8e829ebecf g_closure_invoke (libgobject-2.0.so.0)
#37 0x00007f8e829fe37d n/a (libgobject-2.0.so.0)
#38 0x00007f8e82a06bcc g_signal_emit_valist (libgobject-2.0.so.0)
#39 0x00007f8e82a06faf g_signal_emit (libgobject-2.0.so.0)
#40 0x00007f8e8321f8a3 clutter_actor_continue_paint (libmutter-clutter-1.0.so)
#41 0x00007f8e83225706 n/a (libmutter-clutter-1.0.so)
#42 0x00007f8e85102aa0 n/a (libgnome-shell.so)
#43 0x00007f8e829ebecf g_closure_invoke (libgobject-2.0.so.0)
#44 0x00007f8e829fe37d n/a (libgobject-2.0.so.0)
#45 0x00007f8e82a06bcc g_signal_emit_valist (libgobject-2.0.so.0)
#46 0x00007f8e82a06faf g_signal_emit (libgobject-2.0.so.0)
#47 0x00007f8e8321f8a3 clutter_actor_continue_paint (libmutter-clutter-1.0.so)
#48 0x00007f8e83225aab n/a (libmutter-clutter-1.0.so)
#49 0x00007f8e85102aa0 n/a (libgnome-shell.so)
#50 0x00007f8e829ebecf g_closure_invoke (libgobject-2.0.so.0)
#51 0x00007f8e829fe37d n/a (libgobject-2.0.so.0)
#52 0x00007f8e82a06bcc g_signal_emit_valist (libgobject-2.0.so.0)
#53 0x00007f8e82a06faf g_signal_emit (libgobject-2.0.so.0)
#54 0x00007f8e8321f8a3 clutter_actor_continue_paint (libmutter-clutter-1.0.so)
#55 0x00007f8e83225aab n/a (libmutter-clutter-1.0.so)
#56 0x00007f8e85102aa0 n/a (libgnome-shell.so)
#57 0x00007f8e829ebecf g_closure_invoke (libgobject-2.0.so.0)
#58 0x00007f8e829fe37d n/a (libgobject-2.0.so.0)
#59 0x00007f8e82a06bcc g_signal_emit_valist (libgobject-2.0.so.0)
#60 0x00007f8e82a06faf g_signal_emit (libgobject-2.0.so.0)
#61 0x00007f8e8321f8a3 clutter_actor_continue_paint (libmutter-clutter-1.0.so)
#62 0x00007f8e83225aab n/a (libmutter-clutter-1.0.so)
#63 0x00007f8e8327847a n/a (libmutter-clutter-1.0.so)

Stack trace of thread 23196:
#0  0x00007f8e821ed48d poll (libc.so.6)
#1  0x00007f8e82713786 n/a (libglib-2.0.so.0)
#2  0x00007f8e8271389c g_main_context_iteration (libglib-2.0.so.0)
#3  0x00007f8e64ecc4bd n/a (libdconfsettings.so)
#4  0x00007f8e8273b0d5 n/a (libglib-2.0.so.0)
#5  0x00007f8e824b3454 start_thread (libpthread.so.0)
#6  0x00007f8e821f67df __clone (libc.so.6)

Stack trace of thread 23189:
#0  0x00007f8e821ed48d poll (libc.so.6)
#1  0x00007f8e82713786 n/a (libglib-2.0.so.0)
#2  0x00007f8e8271389c g_main_context_iteration (libglib-2.0.so.0)
#3  0x00007f8e827138e1 n/a (libglib-2.0.so.0)
#4  0x00007f8e8273b0d5 n/a (libglib-2.0.so.0)
#5  0x00007f8e824b3454 start_thread (libpthread.so.0)
#6  0x00007f8e821f67df __clone (libc.so.6)

Stack trace of thread 23199:
#0  0x00007f8e821ed48d poll (libc.so.6)
#1  0x00007f8e7e557ee1 n/a (libpulse.so.0)
#2  0x00007f8e7e5496f1 pa_mainloop_poll (libpulse.so.0)
#3  0x00007f8e7e549d8e pa_mainloop_iterate (libpulse.so.0)
#4  0x00007f8e7e549e40 pa_mainloop_run (libpulse.so.0)
#5  0x00007f8e7e557e29 n/a (libpulse.so.0)
#6  0x00007f8e73cbdfe8 n/a (libpulsecommon-9.99.so)
#7  0x00007f8e824b3454 start_thread (libpthread.so.0)
#8  0x00007f8e821f67df __clone (libc.so.6)

Stack trace of thread 23200:
#0  0x00007f8e824b910f pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0)
#1  0x00007f8e753ee4e0 PR_WaitCondVar (libnspr4.so)
#2  0x00007f8e7dfadc0e n/a (libmozjs-24.so)
#3  0x00007f8e753f3d6c n/a (libnspr4.so)
#4  0x00007f8e824b3454 start_thread (libpthread.so.0)
#5  0x00007f8e821f67df __clone (libc.so.6)

Stack trace of thread 23194:
#0  0x00007f8e821f1f19 syscall (libc.so.6)
#1  0x00007f8e8275903a g_cond_wait_until (libglib-2.0.so.0)
#2  0x00007f8e826e7e89 n/a (libglib-2.0.so.0)
#3  0x00007f8e826e84ac g_async_queue_timeout_pop (libglib-2.0.so.0)
#4  0x00007f8e8273bb9d n/a (libglib-2.0.so.0)
#5  0x00007f8e8273b0d5 n/a (libglib-2.0.so.0)
#6  0x00007f8e824b3454 start_thread (libpthread.so.0)
#7  0x00007f8e821f67df __clone (libc.so.6)

Stack trace of thread 23190:
#0  0x00007f8e821ed48d poll (libc.so.6)
#1  0x00007f8e82713786 n/a (libglib-2.0.so.0)
#2  0x00007f8e82713b12 g_main_loop_run (libglib-2.0.so.0)
#3  0x00007f8e82cf9316 n/a (libgio-2.0.so.0)
#4  0x00007f8e8273b0d5 n/a (libglib-2.0.so.0)
#5  0x00007f8e824b3454 start_thread (libpthread.so.0)
#6  0x00007f8e821f67df __clone (libc.so.6)

Stack trace of thread 23201:
#0  0x00007f8e824b910f pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0)
#1  0x00007f8e753ee4e0 PR_WaitCondVar (libnspr4.so)
#2  0x00007f8e7e021bab n/a (libmozjs-24.so)
#3  0x00007f8e753f3d6c n/a (libnspr4.so)
#4  0x00007f8e824b3454 start_thread (libpthread.so.0)
#5  0x00007f8e821f67df __clone (libc.so.6)

Thanks again!
Tony

Comment 5 Per Arnold Blaasmo 2017-01-30 09:08:06 UTC

I seem to experience the same problem.
I am using Fedora 25.
gnome-shell-3.22.2-2.fc25.x86_64
kernel-4.9.5-200.fc25.x86_64
xorg-x11-drv-nouveau-1.0.13-1.fc25.x86_64
mesa 13.0.3-1.fc25.x86_64

Not sure if it is related, but in the system log I get:

jan. 30 08:45:43 nordt0206.corp.atmel.com kernel: nouveau 0000:02:00.0: gnome-shell[18725]: fail ttm_validate
jan. 30 08:45:43 nordt0206.corp.atmel.com kernel: nouveau 0000:02:00.0: gnome-shell[18725]: validating bo list
jan. 30 08:45:43 nordt0206.corp.atmel.com kernel: nouveau 0000:02:00.0: gnome-shell[18725]: validate: -12
jan. 30 08:45:43 nordt0206.corp.atmel.com kernel: nouveau 0000:02:00.0: gnome-shell[18725]: fail ttm_validate
jan. 30 08:45:43 nordt0206.corp.atmel.com kernel: nouveau 0000:02:00.0: gnome-shell[18725]: validating bo list
jan. 30 08:45:43 nordt0206.corp.atmel.com kernel: nouveau 0000:02:00.0: gnome-shell[18725]: validate: -12
jan. 30 08:45:43 nordt0206.corp.atmel.com kernel: nouveau 0000:02:00.0: gnome-shell[18725]: fail ttm_validate
jan. 30 08:45:43 nordt0206.corp.atmel.com kernel: nouveau 0000:02:00.0: gnome-shell[18725]: validating bo list
jan. 30 08:45:43 nordt0206.corp.atmel.com kernel: nouveau 0000:02:00.0: gnome-shell[18725]: validate: -12

...

jan. 30 08:46:21 nordt0206.corp.atmel.com org.gnome.Shell.desktop[18725]: nouveau: kernel rejected pushbuf: Cannot allocate memory
jan. 30 08:46:21 nordt0206.corp.atmel.com org.gnome.Shell.desktop[18725]: nouveau: ch2: krec 0 pushes 1 bufs 54 relocs 0
jan. 30 08:46:21 nordt0206.corp.atmel.com org.gnome.Shell.desktop[18725]: nouveau: ch2: buf 00000000 00000002 00000004 00000004 00000000
jan. 30 08:46:21 nordt0206.corp.atmel.com org.gnome.Shell.desktop[18725]: nouveau: ch2: buf 00000001 00000006 00000004 00000000 00000004
jan. 30 08:46:21 nordt0206.corp.atmel.com org.gnome.Shell.desktop[18725]: nouveau: ch2: buf 00000002 00000077 00000004 00000004 00000000
....

Comment 6 Tommi Rantala 2017-04-02 16:35:13 UTC

I'm also seeing this crash regularly with HP ZBook 15 G3, that has NVIDIA GPU. I'm using Fedora 25.

$ lspci|grep NVIDIA
01:00.0 VGA compatible controller: NVIDIA Corporation GM107GLM [Quadro M2000M] (rev a2)

(gdb) bt
#0  0x00007f3f8905a513 in __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:218
#1  0x00007f3f67656fa0 in memcpy (__len=48, __src=<optimized out>, __dest=<optimized out>) at /usr/include/bits/string3.h:53
#2  0x00007f3f67656fa0 in nouveau_scratch_data (nv=nv@entry=0x55eb41056660, data=<optimized out>, base=base@entry=0, size=size@entry=48, bo=bo@entry=0x7ffc757da7f0) at nouveau_buffer.c:1006
#3  0x00007f3f6776fad8 in nvc0_update_user_vbufs_shared (nvc0=0x55eb41056660) at nvc0/nvc0_vbo.c:292
#4  0x00007f3f67764e25 in nvc0_state_validate (nvc0=nvc0@entry=0x55eb41056660, mask=mask@entry=4294967295, validate_list=validate_list@entry=0x7f3f67e07020 <validate_list_3d>, size=size@entry=33, dirty=dirty@entry=0x55eb41056a60, bufctx=0x55eb4105a020) at nvc0/nvc0_state_validate.c:832
#5  0x00007f3f67765007 in nvc0_state_validate_3d (nvc0=nvc0@entry=0x55eb41056660, mask=mask@entry=4294967295) at nvc0/nvc0_state_validate.c:850
#6  0x00007f3f67770e94 in nvc0_draw_vbo (pipe=0x55eb41056660, info=0x7ffc757da990) at nvc0/nvc0_vbo.c:977
#7  0x00007f3f674d3ed2 in cso_draw_arrays (cso=cso@entry=0x55eb4103e530, mode=mode@entry=5, start=start@entry=0, count=count@entry=4) at cso_cache/cso_context.c:1686
#8  0x00007f3f6736a6d0 in st_pbo_draw (st=st@entry=0x55eb4105e810, addr=addr@entry=0x7ffc757dacc0, surface_width=<optimized out>, surface_height=<optimized out>) at state_tracker/st_pbo.c:283
#9  0x00007f3f673320f1 in try_pbo_upload_common (ctx=ctx@entry=0x55eb41069510, surface=0x55eb43688f90, addr=addr@entry=0x7ffc757dacc0, src_format=src_format@entry=PIPE_FORMAT_B8G8R8A8_UNORM)
    at state_tracker/st_cb_texture.c:1222
#10 0x00007f3f673378c5 in try_pbo_upload (unpack=0x55eb41084778, pixels=0x0, depth=1, height=27, width=96, zoffset=<optimized out>, yoffset=0, xoffset=0, dst_format=
    PIPE_FORMAT_B8G8R8A8_UNORM, type=5121, format=32993, texImage=0x55eb411707f0, dims=2, ctx=0x55eb41069510) at state_tracker/st_cb_texture.c:1337
#11 0x00007f3f673378c5 in st_TexSubImage (ctx=ctx@entry=0x55eb41069510, dims=dims@entry=2, texImage=texImage@entry=0x55eb411707f0, xoffset=xoffset@entry=0, yoffset=yoffset@entry=0, zoffset=zoffset@entry=0, width=96, height=27, depth=1, format=32993, type=5121, pixels=0x0, unpack=0x55eb41084778) at state_tracker/st_cb_texture.c:1450
#12 0x00007f3f67338710 in st_TexImage (ctx=0x55eb41069510, dims=2, texImage=0x55eb411707f0, format=32993, type=5121, pixels=0x0, unpack=0x55eb41084778) at state_tracker/st_cb_texture.c:1625
#13 0x00007f3f672bb697 in teximage (ctx=0x55eb41069510, compressed=compressed@entry=0 '\000', dims=dims@entry=2, target=3553, level=0, internalFormat=6408, width=96, height=27, depth=1, border=0, format=32993, type=5121, imageSize=0, pixels=0x0) at main/teximage.c:3066
#14 0x00007f3f672bc490 in _mesa_TexImage2D (target=<optimized out>, level=<optimized out>, internalFormat=<optimized out>, width=<optimized out>, height=<optimized out>, border=<optimized out>, format=32993, type=5121, pixels=0x0) at main/teximage.c:3105
#15 0x00007f3f8ba88bcd in _cogl_texture_driver_upload_to_gl (ctx=0x55eb41040350, gl_target=3553, gl_handle=<optimized out>, is_foreign=0, source_bmp=0x7f3f6805ed80, internal_gl_format=6408, source_gl_format=32993, source_gl_type=5121, error=0x7ffc757db160) at driver/gl/gl/cogl-texture-driver-gl.c:343
#16 0x00007f3f8ba7a1c4 in allocate_from_bitmap (loader=<optimized out>, loader=<optimized out>, error=0x7ffc757db160, tex_2d=0x55eb42d19940) at driver/gl/cogl-texture-2d-gl.c:253
#17 0x00007f3f8ba7a1c4 in _cogl_texture_2d_gl_allocate (tex=0x55eb42d19940, error=0x7ffc757db160) at driver/gl/cogl-texture-2d-gl.c:456
#18 0x00007f3f8baaf536 in cogl_texture_allocate (texture=texture@entry=0x55eb42d19940, error=error@entry=0x7ffc757db160) at cogl-texture.c:1398
#19 0x00007f3f8bacaacb in _cogl_texture_new_from_bitmap (bitmap=0x7f3f6805ed80, flags=flags@entry=COGL_TEXTURE_NO_SLICING, internal_format=internal_format@entry=COGL_PIXEL_FORMAT_BGRA_8888_PRE, can_convert_in_place=can_convert_in_place@entry=0, error=error@entry=0x7ffc757db1c0) at deprecated/cogl-auto-texture.c:246
#20 0x00007f3f8bacafc9 in cogl_texture_new_from_bitmap (bitmap=<optimized out>, flags=flags@entry=COGL_TEXTURE_NO_SLICING, internal_format=internal_format@entry=COGL_PIXEL_FORMAT_BGRA_8888_PRE)
    at deprecated/cogl-auto-texture.c:294
#21 0x00007f3f8e373053 in clutter_canvas_paint_content (content=<optimized out>, actor=0x55eb4338b290 [StDrawingArea], root=0x55eb439af060 [ClutterDummyNode]) at clutter-canvas.c:376
#22 0x00007f3f8e34f76d in clutter_actor_paint_node (root=0x55eb439af060 [ClutterDummyNode], actor=0x55eb4338b290 [StDrawingArea]) at clutter-actor.c:3709
#23 0x00007f3f8e34f76d in clutter_actor_continue_paint (self=self@entry=0x55eb4338b290 [StDrawingArea]) at clutter-actor.c:4014
#24 0x00007f3f8e3559bb in clutter_actor_paint (self=self@entry=0x55eb4338b290 [StDrawingArea]) at clutter-actor.c:3938
#25 0x00007f3f8e355cd9 in clutter_actor_paint (self=self@entry=0x55eb4338b290 [StDrawingArea]) at clutter-actor.c:3964
#26 0x00007f3f93e2aa00 in st_box_layout_paint (actor=<optimized out>) at st/st-box-layout.c:428
#30 0x00007f3f8add843f in <emit signal ??? on instance 0x55eb433639b0 [StBoxLayout]> (instance=instance@entry=0x55eb433639b0, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3447
    #27 0x00007f3f8adbd33f in g_closure_invoke (closure=closure@entry=0x55eb410fca90, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7ffc757db5a0, invocation_hint=invocation_hint@entry=0x7ffc757db520) at gclosure.c:804
    #28 0x00007f3f8adcf82d in signal_emit_unlocked_R (node=node@entry=0x55eb410fd790, detail=detail@entry=0, instance=instance@entry=0x55eb433639b0, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffc757db5a0) at gsignal.c:3673
    #29 0x00007f3f8add805f in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffc757db760) at gsignal.c:3391
#31 0x00007f3f8e34f7b3 in clutter_actor_continue_paint (self=self@entry=0x55eb433639b0 [StBoxLayout]) at clutter-actor.c:4018
#32 0x00007f3f8e3559bb in clutter_actor_paint (self=self@entry=0x55eb433639b0 [StBoxLayout]) at clutter-actor.c:3938
#33 0x00007f3f8e355cd9 in clutter_actor_paint (self=self@entry=0x55eb433639b0 [StBoxLayout]) at clutter-actor.c:3964
#34 0x00007f3f93e2aa00 in st_box_layout_paint (actor=<optimized out>) at st/st-box-layout.c:428
#38 0x00007f3f8add843f in <emit signal ??? on instance 0x55eb43512540 [StBoxLayout]> (instance=instance@entry=0x55eb43512540, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3447
    #35 0x00007f3f8adbd33f in g_closure_invoke (closure=closure@entry=0x55eb410fca90, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7ffc757dbbe0, invocation_hint=invocation_hint@entry=0x7ffc757dbb60) at gclosure.c:804
    #36 0x00007f3f8adcf82d in signal_emit_unlocked_R (node=node@entry=0x55eb410fd790, detail=detail@entry=0, instance=instance@entry=0x55eb43512540, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffc757dbbe0) at gsignal.c:3673
    #37 0x00007f3f8add805f in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffc757dbda0) at gsignal.c:3391
#39 0x00007f3f8e34f7b3 in clutter_actor_continue_paint (self=self@entry=0x55eb43512540 [StBoxLayout]) at clutter-actor.c:4018
#40 0x00007f3f8e3559bb in clutter_actor_paint (self=self@entry=0x55eb43512540 [StBoxLayout]) at clutter-actor.c:3938
#41 0x00007f3f8e355cd9 in clutter_actor_paint (self=self@entry=0x55eb43512540 [StBoxLayout]) at clutter-actor.c:3964
#42 0x00007f3f93e20530 in shell_generic_container_paint (actor=0x55eb43329f90 [ShellGenericContainer]) at shell-generic-container.c:149
#46 0x00007f3f8add843f in <emit signal ??? on instance 0x55eb43329f90 [ShellGenericContainer]> (instance=instance@entry=0x55eb43329f90, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3447
    #43 0x00007f3f8adbd33f in g_closure_invoke (closure=closure@entry=0x55eb410fca90, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7ffc757dc1d0, invocation_hint=invocation_hint@entry=0x7ffc757dc150) at gclosure.c:804
    #44 0x00007f3f8adcf82d in signal_emit_unlocked_R (node=node@entry=0x55eb410fd790, detail=detail@entry=0, instance=instance@entry=0x55eb43329f90, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffc757dc1d0) at gsignal.c:3673
    #45 0x00007f3f8add805f in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffc757dc390) at gsignal.c:3391
#47 0x00007f3f8e34f7b3 in clutter_actor_continue_paint (self=self@entry=0x55eb43329f90 [ShellGenericContainer]) at clutter-actor.c:4018
#48 0x00007f3f8e3559bb in clutter_actor_paint (self=0x55eb43329f90 [ShellGenericContainer]) at clutter-actor.c:3938
#49 0x00007f3f8e355d00 in clutter_actor_real_paint (actor=<optimized out>) at clutter-actor.c:3637
#53 0x00007f3f8add843f in <emit signal ??? on instance 0x55eb4332b750 [StBin]> (instance=instance@entry=0x55eb4332b750, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3447
    #50 0x00007f3f8adbd33f in g_closure_invoke (closure=closure@entry=0x55eb410fca90, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7ffc757dc7b0, invocation_hint=invocation_hint@entry=0x7ffc757dc730) at gclosure.c:804
    #51 0x00007f3f8adcf82d in signal_emit_unlocked_R (node=node@entry=0x55eb410fd790, detail=detail@entry=0, instance=instance@entry=0x55eb4332b750, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffc757dc7b0) at gsignal.c:3673
    #52 0x00007f3f8add805f in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffc757dc970) at gsignal.c:3391
#54 0x00007f3f8e34f7b3 in clutter_actor_continue_paint (self=self@entry=0x55eb4332b750 [StBin]) at clutter-actor.c:4018
#55 0x00007f3f8e3559bb in clutter_actor_paint (self=self@entry=0x55eb4332b750 [StBin]) at clutter-actor.c:3938
#56 0x00007f3f8e355cd9 in clutter_actor_paint (self=self@entry=0x55eb4332b750 [StBin]) at clutter-actor.c:3964
#57 0x00007f3f93e2aa00 in st_box_layout_paint (actor=<optimized out>) at st/st-box-layout.c:428
#61 0x00007f3f8add843f in <emit signal ??? on instance 0x55eb41b509a0 [StBoxLayout]> (instance=instance@entry=0x55eb41b509a0, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3447
    #58 0x00007f3f8adbd33f in g_closure_invoke (closure=closure@entry=0x55eb410fca90, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7ffc757dcdf0, invocation_hint=invocation_hint@entry=0x7ffc757dcd70) at gclosure.c:804
    #59 0x00007f3f8adcf82d in signal_emit_unlocked_R (node=node@entry=0x55eb410fd790, detail=detail@entry=0, instance=instance@entry=0x55eb41b509a0, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffc757dcdf0) at gsignal.c:3673
    #60 0x00007f3f8add805f in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffc757dcfb0) at gsignal.c:3391
#62 0x00007f3f8e34f7b3 in clutter_actor_continue_paint (self=self@entry=0x55eb41b509a0 [StBoxLayout]) at clutter-actor.c:4018
#63 0x00007f3f8e3559bb in clutter_actor_paint (self=self@entry=0x55eb41b509a0 [StBoxLayout]) at clutter-actor.c:3938
#64 0x00007f3f8e355cd9 in clutter_actor_paint (self=self@entry=0x55eb41b509a0 [StBoxLayout]) at clutter-actor.c:3964
#65 0x00007f3f93e20530 in shell_generic_container_paint (actor=0x55eb41b4e750 [ShellGenericContainer]) at shell-generic-container.c:149
#69 0x00007f3f8add843f in <emit signal ??? on instance 0x55eb41b4e750 [ShellGenericContainer]> (instance=instance@entry=0x55eb41b4e750, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3447
    #66 0x00007f3f8adbd33f in g_closure_invoke (closure=closure@entry=0x55eb410fca90, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7ffc757dd3e0, invocation_hint=invocation_hint@entry=0x7ffc757dd360) at gclosure.c:804
    #67 0x00007f3f8adcf82d in signal_emit_unlocked_R (node=node@entry=0x55eb410fd790, detail=detail@entry=0, instance=instance@entry=0x55eb41b4e750, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffc757dd3e0) at gsignal.c:3673
    #68 0x00007f3f8add805f in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffc757dd5a0) at gsignal.c:3391
#70 0x00007f3f8e34f7b3 in clutter_actor_continue_paint (self=self@entry=0x55eb41b4e750 [ShellGenericContainer]) at clutter-actor.c:4018
#71 0x00007f3f8e3559bb in clutter_actor_paint (self=self@entry=0x55eb41b4e750 [ShellGenericContainer]) at clutter-actor.c:3938
#72 0x00007f3f8e355cd9 in clutter_actor_paint (self=self@entry=0x55eb41b4e750 [ShellGenericContainer]) at clutter-actor.c:3964
#73 0x00007f3f93e2aa00 in st_box_layout_paint (actor=<optimized out>) at st/st-box-layout.c:428
#77 0x00007f3f8add843f in <emit signal ??? on instance 0x55eb41a24010 [StBoxLayout]> (instance=instance@entry=0x55eb41a24010, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3447
    #74 0x00007f3f8adbd33f in g_closure_invoke (closure=closure@entry=0x55eb410fca90, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7ffc757dda20, invocation_hint=invocation_hint@entry=0x7ffc757dd9a0) at gclosure.c:804
    #75 0x00007f3f8adcf82d in signal_emit_unlocked_R (node=node@entry=0x55eb410fd790, detail=detail@entry=0, instance=instance@entry=0x55eb41a24010, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffc757dda20) at gsignal.c:3673
    #76 0x00007f3f8add805f in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffc757ddbe0) at gsignal.c:3391
#78 0x00007f3f8e34f7b3 in clutter_actor_continue_paint (self=self@entry=0x55eb41a24010 [StBoxLayout]) at clutter-actor.c:4018
---Type <return> to continue, or q <return> to quit---
#79 0x00007f3f8e3559bb in clutter_actor_paint (self=self@entry=0x55eb41a24010 [StBoxLayout]) at clutter-actor.c:3938
#80 0x00007f3f8e355cd9 in clutter_actor_paint (self=self@entry=0x55eb41a24010 [StBoxLayout]) at clutter-actor.c:3964
#81 0x00007f3f93e20530 in shell_generic_container_paint (actor=0x55eb419e0540 [ShellGenericContainer]) at shell-generic-container.c:149
#85 0x00007f3f8add843f in <emit signal ??? on instance 0x55eb419e0540 [ShellGenericContainer]> (instance=instance@entry=0x55eb419e0540, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3447
    #82 0x00007f3f8adbd33f in g_closure_invoke (closure=closure@entry=0x55eb410fca90, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7ffc757de010, invocation_hint=invocation_hint@entry=0x7ffc757ddf90) at gclosure.c:804
    #83 0x00007f3f8adcf82d in signal_emit_unlocked_R (node=node@entry=0x55eb410fd790, detail=detail@entry=0, instance=instance@entry=0x55eb419e0540, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffc757de010) at gsignal.c:3673
    #84 0x00007f3f8add805f in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffc757de1d0) at gsignal.c:3391
#86 0x00007f3f8e34f7b3 in clutter_actor_continue_paint (self=self@entry=0x55eb419e0540 [ShellGenericContainer]) at clutter-actor.c:4018
#87 0x00007f3f8e3559bb in clutter_actor_paint (self=0x55eb419e0540 [ShellGenericContainer]) at clutter-actor.c:3938
#88 0x00007f3f8e355cd9 in clutter_actor_paint (self=<optimized out>) at clutter-actor.c:3964
#89 0x00007f3f8e3a83fa in clutter_stage_paint (self=<optimized out>) at clutter-stage.c:710
#90 0x00007f3f8f2b62a6 in meta_stage_paint (actor=0x55eb40fb0760 [MetaStage]) at backends/meta-stage.c:141
#94 0x00007f3f8add843f in <emit signal ??? on instance 0x55eb40fb0760 [MetaStage]> (instance=instance@entry=0x55eb40fb0760, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3447
    #91 0x00007f3f8adbd3e5 in g_closure_invoke (closure=closure@entry=0x55eb410fca90, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7ffc757de680, invocation_hint=invocation_hint@entry=0x7ffc757de600) at gclosure.c:804
    #92 0x00007f3f8adcf82d in signal_emit_unlocked_R (node=node@entry=0x55eb410fd790, detail=detail@entry=0, instance=instance@entry=0x55eb40fb0760, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffc757de680) at gsignal.c:3673
    #93 0x00007f3f8add805f in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffc757de840) at gsignal.c:3391
#95 0x00007f3f8e34f7b3 in clutter_actor_continue_paint (self=self@entry=0x55eb40fb0760 [MetaStage]) at clutter-actor.c:4018
#96 0x00007f3f8e3559bb in clutter_actor_paint (self=self@entry=0x55eb40fb0760 [MetaStage]) at clutter-actor.c:3938
#97 0x00007f3f8e355cd9 in clutter_actor_paint (self=self@entry=0x55eb40fb0760 [MetaStage]) at clutter-actor.c:3964
#98 0x00007f3f8e3ac4e5 in clutter_stage_do_paint_view (stage=stage@entry=0x55eb40fb0760 [MetaStage], view=view@entry=0x55eb41125140 [MetaRendererView], clip=clip@entry=0x7ffc757debe0) at clutter-stage.c:678
#99 0x00007f3f8e3ac553 in _clutter_stage_paint_view (stage=stage@entry=0x55eb40fb0760 [MetaStage], view=view@entry=0x55eb41125140 [MetaRendererView], clip=clip@entry=0x7ffc757debe0) at clutter-stage.c:694
#100 0x00007f3f8e341144 in paint_stage (stage_cogl=stage_cogl@entry=0x55eb4110f860 [MetaStageNative], view=view@entry=0x55eb41125140 [MetaRendererView], clip=clip@entry=0x7ffc757debe0)
    at cogl/clutter-stage-cogl.c:422
#101 0x00007f3f8e3414ee in clutter_stage_cogl_redraw_view (view=0x55eb41125140 [MetaRendererView], stage_window=0x55eb4110f860) at cogl/clutter-stage-cogl.c:667
#102 0x00007f3f8e3414ee in clutter_stage_cogl_redraw (stage_window=0x55eb4110f860) at cogl/clutter-stage-cogl.c:783
#103 0x00007f3f8f3334ae in meta_stage_native_redraw (stage_window=0x55eb4110f860) at backends/native/meta-stage-native.c:300
#104 0x00007f3f8e3a9357 in clutter_stage_do_redraw (stage=0x55eb40fb0760 [MetaStage]) at clutter-stage.c:1120
#105 0x00007f3f8e3a9357 in _clutter_stage_do_update (stage=0x55eb40fb0760 [MetaStage]) at clutter-stage.c:1176
#106 0x00007f3f8e394d49 in master_clock_update_stages (master_clock=0x55eb41127ec0 [ClutterMasterClockDefault], stages=0x55eb439e4e80 = {...}) at clutter-master-clock-default.c:443
#107 0x00007f3f8e394d49 in clutter_clock_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at clutter-master-clock-default.c:567
#108 0x00007f3f8aae4e52 in g_main_dispatch (context=0x55eb40f9d730) at gmain.c:3203
#109 0x00007f3f8aae4e52 in g_main_context_dispatch (context=context@entry=0x55eb40f9d730) at gmain.c:3856
#110 0x00007f3f8aae51d0 in g_main_context_iterate (context=0x55eb40f9d730, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3929
#111 0x00007f3f8aae54f2 in g_main_loop_run (loop=0x55eb4112b990) at gmain.c:4125
#112 0x00007f3f8f2e159c in meta_run () at core/main.c:572
#113 0x000055eb40aa1657 in main (argc=<optimized out>, argv=<optimized out>) at main.c:471



According to the coredump, the memcpy in nouveau_scratch_data() is failing because nv->scratch.map is invalid.

/usr/src/debug/mesa-13.0.4/src/gallium/drivers/nouveau/nouveau_buffer.c

/* Copy data to a scratch buffer and return address & bo the data resides in. */
uint64_t
nouveau_scratch_data(struct nouveau_context *nv,
                     const void *data, unsigned base, unsigned size,
                     struct nouveau_bo **bo)
{
   unsigned bgn = MAX2(base, nv->scratch.offset);
   unsigned end = bgn + size;

   if (end >= nv->scratch.end) {
      end = base + size;
      if (!nouveau_scratch_more(nv, end))
         return 0;
      bgn = base;
   }
   nv->scratch.offset = align(end, 4);

   memcpy(nv->scratch.map + bgn, (const uint8_t *)data + base, size);

   *bo = nv->scratch.current;
   return (*bo)->offset + (bgn - base);
}


(gdb) print nv->scratch
$2 = {map = 0x7f3f25a9c000 <error: Cannot access memory at address 0x7f3f25a9c000>, id = 1, wrap = 1, offset = 177264, end = 2097152, bo = {0x0, 0x55eb433792e0, 0x0, 0x0}, current = 0x55eb433792e0, 
  runout = 0x0, bo_size = 2097152}


The same 0x7f3f25a9c000 pointer value is also found in bo->map and nv->scratch.current.map

(gdb) print bo->map
$6 = (void *) 0x7f3f25a9c000

(gdb) print nv->scratch.current.map
$9 = (void *) 0x7f3f25a9c000

Comment 7 Ingvar Hagelund 2017-04-27 07:27:42 UTC

Created attachment 131077 [details]
systemd journal output when the bug hits

Comment 8 Ingvar Hagelund 2017-04-27 07:28:22 UTC

I have a similar crash, running Fedora 25/x86_64, Linux kernel-4.10.11-200.fc25.x86_64, Nvidia Quadro NVS 295.


$ lspci|grep NVIDIA
01:00.0 VGA compatible controller: NVIDIA Corporation G98 [Quadro NVS 295] (rev a1)

When the bug hits, the machine becomes completely inresponsive, even networking stops, and a reboot seems the only way to recover.

Kernel 4.9.14-200.fc25 seems to not have this bug.

Attached filtered systemd journal output when the bug hits.

Ingvar

Comment 9 Ingvar Hagelund 2017-04-27 07:31:26 UTC

(In reply to Ingvar Hagelund from comment #8)
> I have a similar crash, running Fedora 25/x86_64, Linux
> kernel-4.10.11-200.fc25.x86_64, Nvidia Quadro NVS 295.

... and xorg running with the following versions:

mesa-dri-drivers-13.0.4-3.fc25.x86_64
xorg-x11-drv-nouveau-1.0.14-2.fc25.x86_64
xorg-x11-server-Xwayland-1.19.3-1.fc25.x86_64
xorg-x11-server-Xorg-1.19.3-1.fc25.x86_64

Comment 10 Géza Búza 2017-05-10 11:57:25 UTC

Created attachment 131294 [details]
Systemd coredump

This bug affects the latest Mesa version.

Environment:
Mesa: 17.0.5
Kernel: 4.10.13
Gnome Shell: 3.24.1

I attached the gnome_shell_coredump.log for reference.

Comment 11 GitLab Migration User 2019-09-18 20:44:34 UTC

-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/mesa/mesa/issues/1123.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.