Firefox (several versions: 29, 30, 31) always crashes on exit if hardware acceleration turned on (parameter "layers.acceleration.force-enabled" switched to "true"). Automatic crash report here: https://crash-stats.mozilla.com/report/index/e8397029-4c99-41a3-9cfc-a260e2140718
The same is with Mesa 10.3: https://crash-stats.mozilla.com/report/index/71106bc2-022a-45e3-b092-aecc62140723
Can you resolve the r600_dri.so symbols?
(In reply to comment #2) > Can you resolve the r600_dri.so symbols? If you'll explain me how to.
(In reply to comment #3) > (In reply to comment #2) > > Can you resolve the r600_dri.so symbols? > > If you'll explain me how to. First of all, make sure r600_dri.so has debugging symbols, i.e. is built with -g and not stripped. If the Mozilla crash reporter still doesn't resolve the symbols then, try addr2line <frame address> -e /path/to/r600_dri.so for every r600_dri.so frame. BTW, I notice the crash involves libgallium.so.0.0.0, which is an Ubuntu specialty. Can your reproduce the problem with a build of upstream Mesa 10.1?
(In reply to comment #4) > (In reply to comment #3) > > (In reply to comment #2) > > > Can you resolve the r600_dri.so symbols? > > > > If you'll explain me how to. > > First of all, make sure r600_dri.so has debugging symbols, i.e. is built > with -g and not stripped. > > If the Mozilla crash reporter still doesn't resolve the symbols then, try > > addr2line <frame address> -e /path/to/r600_dri.so > > for every r600_dri.so frame. Sorry, but I don't understand how to determine how r600_dri.so was built and etc.
(In reply to comment #5) > Sorry, but I don't understand how to determine how r600_dri.so was built and > etc. Since you seem to be using Ubuntu, installing the libgl1-mesa-dri-dbg package should make sure there are debugging symbols for r600_dri.so.
(In reply to comment #6) > (In reply to comment #5) > > Sorry, but I don't understand how to determine how r600_dri.so was built and > > etc. > > Since you seem to be using Ubuntu, installing the libgl1-mesa-dri-dbg > package should make sure there are debugging symbols for r600_dri.so. Yes, I'm using Kubuntu. And Libgl1-mesa-dri-dbg recently installed. Last report is here: https://crash-stats.mozilla.com/report/index/eee0e46e-1b64-4288-b9ac-fd5a82140804
(In reply to comment #7) > Yes, I'm using Kubuntu. And Libgl1-mesa-dri-dbg recently installed. Last > report is here: It still doesn't resolve the symbols, please use addr2line.
(In reply to comment #8) > (In reply to comment #7) > > Yes, I'm using Kubuntu. And Libgl1-mesa-dri-dbg recently installed. Last > > report is here: > > It still doesn't resolve the symbols, please use addr2line. With what frame address I should use it or how to determine it ?
In the crash report referenced in comment 7, frame 1 says r600_dri.so@0x1ba0a1, so the address of frame 1 is 0x1ba0a1.
addr2line 0x1ba0a1 -e /usr/lib/x86_64-linux-gnu/dri/r600_dri.so /build/buildd/mesa-10.3~git1408060730.c40d7d+gallium/build/dri/src/mesa/../../../../src/mesa/state_tracker/st_cb_drawpixels.c:1102 addr2line 0x18c0b9 -e /usr/lib/x86_64-linux-gnu/dri/r600_dri.so /build/buildd/mesa-10.3~git1408060730.c40d7d+gallium/build/dri/src/mesa/../../../../src/mesa/vbo/vbo_attrib_tmp.h:161 addr2line 0x1145dd -e /usr/lib/x86_64-linux-gnu/dri/r600_dri.so /build/buildd/mesa-10.3~git1408060730.c40d7d+gallium/build/dri/src/mesa/../../../../src/mesa/main/glformats.c:418 addr2line 0x93e6b -e /usr/lib/x86_64-linux-gnu/dri/r600_dri.so /build/buildd/mesa-10.3~git1408060730.c40d7d+gallium/build/dri/src/mesa/../../../../src/mesa/main/context.c:1255 addr2line 0x190220 -e /usr/lib/x86_64-linux-gnu/dri/r600_dri.so /build/buildd/mesa-10.3~git1408060730.c40d7d+gallium/build/dri/src/mesa/../../../../src/gallium/auxiliary/util/u_format_r11g11b10f.h:112 addr2line 0x28ea1f -e /usr/lib/x86_64-linux-gnu/dri/r600_dri.so /build/buildd/mesa-10.3~git1408060730.c40d7d+gallium/build/dri/src/glsl/../../../../src/glsl/list.h:440 (discriminator 2) addr2line 0x2657be -e /usr/lib/x86_64-linux-gnu/dri/r600_dri.so /build/buildd/mesa-10.3~git1408060730.c40d7d+gallium/build/dri/src/glsl/../../../../src/glsl/ir_clone.cpp:193 addr2line 0x2621e2 -e /usr/lib/x86_64-linux-gnu/dri/r600_dri.so /build/buildd/mesa-10.3~git1408060730.c40d7d+gallium/build/dri/src/glsl/../../../../src/glsl/ir.cpp:632 addr2line 0x42cce -e /usr/lib/x86_64-linux-gnu/dri/r600_dri.so ??:0 addr2line 0x1c318 -e /usr/lib/x86_64-linux-gnu/dri/r600_dri.so ??:0
Is it enough or may be something I did wrong ? Please tell me if so.
You didn't do anything particularly wrong (though note that for the frames that say libGL.so.1.2.0@*, you need to pass libGL.so.1.2.0 instead of r600_dri.so to addr2line), but the resolved source code lines don't seem to have any sensible correspondence. :( Are you sure Firefox was using the same /usr/lib/x86_64-linux-gnu/dri/r600_dri.so file when it crashed? Would it be possible for you to run Firefox in gdb, reproduce the crash and then attach the output of bt full?
I have some difficulties getting bt (don't know why): Starting program: /usr/lib/firefox/firefox [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fffe9be4700 (LWP 4870)] [Thread 0x7fffe9be4700 (LWP 4870) exited] [New Thread 0x7fffe9be4700 (LWP 4873)] [New Thread 0x7fffe2eff700 (LWP 4874)] [New Thread 0x7fffe1ee6700 (LWP 4875)] [New Thread 0x7fffe16e5700 (LWP 4876)] [New Thread 0x7fffe0aff700 (LWP 4877)] [New Thread 0x7fffdeed0700 (LWP 4880)] [New Thread 0x7fffde4ff700 (LWP 4881)] [New Thread 0x7fffe3030700 (LWP 4882)] [New Thread 0x7fffdd5ff700 (LWP 4883)] [New Thread 0x7fffdc7ff700 (LWP 4884)] [New Thread 0x7fffe0ee4700 (LWP 4885)] [New Thread 0x7fffde6cf700 (LWP 4886)] [New Thread 0x7fffddcfe700 (LWP 4887)] [New Thread 0x7fffdcdfe700 (LWP 4888)] [New Thread 0x7fffc17ff700 (LWP 4889)] [New Thread 0x7fffc09ff700 (LWP 4890)] [New Thread 0x7fffc03ff700 (LWP 4891)] [New Thread 0x7fffbfbfe700 (LWP 4892)] [New Thread 0x7fffbf3fd700 (LWP 4893)] [New Thread 0x7fffbebfc700 (LWP 4894)] [New Thread 0x7fffbe1ff700 (LWP 4895)] [New Thread 0x7fffbd9fe700 (LWP 4896)] [Thread 0x7fffdc7ff700 (LWP 4884) exited] [New Thread 0x7fffbcfff700 (LWP 4897)] [Thread 0x7fffbf3fd700 (LWP 4893) exited] [Thread 0x7fffbebfc700 (LWP 4894) exited] [New Thread 0x7fffbc7fe700 (LWP 4898)] [New Thread 0x7fffdc7ff700 (LWP 4899)] [New Thread 0x7fffbf3fd700 (LWP 4900)] [Thread 0x7fffdc7ff700 (LWP 4899) exited] [Thread 0x7fffbfbfe700 (LWP 4892) exited] [Thread 0x7fffbf3fd700 (LWP 4900) exited] [New Thread 0x7fffbf3fd700 (LWP 4901)] [Thread 0x7fffbf3fd700 (LWP 4901) exited] [New Thread 0x7fffbf3fd700 (LWP 4902)] [Thread 0x7fffbc7fe700 (LWP 4898) exited] [New Thread 0x7fffbc7fe700 (LWP 4903)] [New Thread 0x7fffdc7ff700 (LWP 4904)] [Thread 0x7fffbf3fd700 (LWP 4902) exited] [Thread 0x7fffbc7fe700 (LWP 4903) exited] [New Thread 0x7fffbf3fd700 (LWP 4905)] [New Thread 0x7fffbc7fe700 (LWP 4906)] [New Thread 0x7fffbfbfe700 (LWP 4907)] Program received signal SIGSEGV, Segmentation fault. PatchJump (label=..., jump=...) at /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h:716 716 /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h: Немає такого файла або каталогу. Quit #0 PatchJump (label=..., jump=...) at /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h:716 No locals. #1 js::jit::JitRuntime::patchIonBackedges (this=<optimized out>, rt=<optimized out>, target=target@entry=js::jit::JitRuntime::BackedgeLoopHeader) at /build/buildd/firefox-31.0+build1/js/src/jit/Ion.cpp:412 iter = {iter = 0x7fffbaaec5e0} #2 0x00007ffff32cab85 in js::jit::InterruptCheck (cx=0x7fffde553480) at /build/buildd/firefox-31.0+build1/js/src/jit/VMFunctions.cpp:523 No locals. #3 0x00007ffff7e5627a in ?? () No symbol table info available. #4 0x00007fffffff78b8 in ?? () No symbol table info available. #5 0x00007fffffff7840 in ?? () No symbol table info available. #6 0x00007ffff54f0840 in DeepCloneObjectLiteralInfo () from /usr/lib/firefox/libxul.so No symbol table info available. #7 0x00007fffe0d34880 in ?? () No symbol table info available. #8 0x00007fffdb8e8b59 in ?? () No symbol table info available. #9 0x0000000000000601 in ?? () No symbol table info available. #10 0x00007fffffff78b8 in ?? () No symbol table info available. #11 0xfffbffffe0b77700 in ?? () No symbol table info available. #12 0xfffbffffdb721b00 in ?? () No symbol table info available. #13 0x24a0f352d0012900 in ?? () No symbol table info available. #14 0x00007fffffff7990 in ?? () No symbol table info available. #15 0xfff8800000000058 in ?? () No symbol table info available. #16 0x00007fffdb730a80 in ?? () No symbol table info available. #17 0x0000000000000000 in ?? () No symbol table info available. Quit P.S. libgl1-mesa-dri-dbg and firefox-dbg is definitely installed. Any suggestions ?
There are only two r600_dri.so files: locate r600_dri.so /usr/lib/i386-linux-gnu/dri/r600_dri.so /usr/lib/x86_64-linux-gnu/dri/r600_dri.so And trying the one in i386-linux-gnu directory gives nothing. Only x86_64 version gives something (https://crash-stats.mozilla.com/report/index/b964df8c-1a33-4302-ba89-686422140811): addr2line 0x1ee641 -e /usr/lib/x86_64-linux-gnu/dri/r600_dri.so /build/buildd/mesa-10.3~git1408111930.904ed3+gallium/build/dri/src/mesa/../../../../src/gallium/auxiliary/util/u_inlines.h:151 addr2line 0x1c0669 -e /usr/lib/x86_64-linux-gnu/dri/r600_dri.so /build/buildd/mesa-10.3~git1408111930.904ed3+gallium/build/dri/src/mesa/../../../../src/mesa/state_tracker/st_cb_texture.c:157 addr2line 0x14da8d -e /usr/lib/x86_64-linux-gnu/dri/r600_dri.so /build/buildd/mesa-10.3~git1408111930.904ed3+gallium/build/dri/src/mesa/../../../../src/mesa/main/shared.c:298 addr2line 0x940bb -e /usr/lib/x86_64-linux-gnu/dri/r600_dri.so /build/buildd/mesa-10.3~git1408111930.904ed3+gallium/build/dri/src/mesa/../../../../src/mesa/main/context.c:1255 addr2line 0x1c47e0 -e /usr/lib/x86_64-linux-gnu/dri/r600_dri.so /build/buildd/mesa-10.3~git1408111930.904ed3+gallium/build/dri/src/mesa/../../../../src/mesa/state_tracker/st_context.c:333 addr2line 0x29adce -e /usr/lib/x86_64-linux-gnu/dri/r600_dri.so /build/buildd/mesa-10.3~git1408111930.904ed3+gallium/build/dri/src/gallium/state_trackers/dri/../../../../../../src/gallium/state_trackers/dri/dri_context.c:194 addr2line 0x2977f2 -e /usr/lib/x86_64-linux-gnu/dri/r600_dri.so /build/buildd/mesa-10.3~git1408111930.904ed3+gallium/build/dri/src/mesa/drivers/dri/common/../../../../../../../src/mesa/drivers/dri/common/dri_util.c:487
Okay, looks like it's crashing in st_texture_release_all_sampler_views(), specifically on this line of pipe_sampler_view_reference(): old_view->context->sampler_view_destroy(old_view->context, old_view); Maybe old_view->context is no longer a valid context. (In reply to comment #14) > I have some difficulties getting bt (don't know why): That looks like a different crash. Or maybe this is actually part of the normal operation of the JavaScript JIT; what happens if you run 'continue' when this happens?
Yeah, and not the only one, because I had to run 'continue' several times. But when crash after firefox closing happend I still could not run bt ('no stack' reply on my 'bt' try): Starting program: /usr/lib/firefox/firefox [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fffe9be4700 (LWP 4433)] [Thread 0x7fffe9be4700 (LWP 4433) exited] [New Thread 0x7fffe9be4700 (LWP 4436)] [New Thread 0x7fffe2eff700 (LWP 4437)] [New Thread 0x7fffe1ee6700 (LWP 4438)] [New Thread 0x7fffe16e5700 (LWP 4439)] [New Thread 0x7fffe0934700 (LWP 4440)] [New Thread 0x7fffdebff700 (LWP 4443)] [New Thread 0x7fffde3fe700 (LWP 4444)] [New Thread 0x7fffe3030700 (LWP 4445)] [New Thread 0x7fffdd4ff700 (LWP 4446)] [New Thread 0x7fffdc6ff700 (LWP 4447)] [New Thread 0x7fffe0ee4700 (LWP 4448)] [New Thread 0x7fffddbfd700 (LWP 4449)] [New Thread 0x7fffdccfe700 (LWP 4450)] [New Thread 0x7fffdbefe700 (LWP 4451)] [New Thread 0x7fffc15ff700 (LWP 4452)] [New Thread 0x7fffc07ff700 (LWP 4454)] [New Thread 0x7fffc01ff700 (LWP 4455)] [New Thread 0x7fffbf6ff700 (LWP 4456)] [New Thread 0x7fffbeefe700 (LWP 4457)] [New Thread 0x7fffbe6fd700 (LWP 4458)] [New Thread 0x7fffbdbff700 (LWP 4459)] [New Thread 0x7fffbd3fe700 (LWP 4460)] [Thread 0x7fffdc6ff700 (LWP 4447) exited] [Thread 0x7fffbe6fd700 (LWP 4458) exited] [Thread 0x7fffbf6ff700 (LWP 4456) exited] [New Thread 0x7fffbc9ff700 (LWP 4461)] [New Thread 0x7fffbc1fe700 (LWP 4462)] [Thread 0x7fffbeefe700 (LWP 4457) exited] [New Thread 0x7fffdc6ff700 (LWP 4463)] [New Thread 0x7fffbe6fd700 (LWP 4464)] [New Thread 0x7fffbeefe700 (LWP 4465)] [New Thread 0x7fffbf6ff700 (LWP 4466)] [New Thread 0x7fffbb9fd700 (LWP 4467)] [Thread 0x7fffbe6fd700 (LWP 4464) exited] [Thread 0x7fffbc1fe700 (LWP 4462) exited] [Thread 0x7fffbb9fd700 (LWP 4467) exited] [Thread 0x7fffbf6ff700 (LWP 4466) exited] [Thread 0x7fffbeefe700 (LWP 4465) exited] [New Thread 0x7fffbe6fd700 (LWP 4468)] [Thread 0x7fffdc6ff700 (LWP 4463) exited] [New Thread 0x7fffdc6ff700 (LWP 4469)] [Thread 0x7fffbe6fd700 (LWP 4468) exited] [New Thread 0x7fffbe6fd700 (LWP 4470)] [Thread 0x7fffdc6ff700 (LWP 4469) exited] [New Thread 0x7fffdc6ff700 (LWP 4471)] [Thread 0x7fffdc6ff700 (LWP 4471) exited] [New Thread 0x7fffdc6ff700 (LWP 4472)] [Thread 0x7fffbe6fd700 (LWP 4470) exited] [New Thread 0x7fffbe6fd700 (LWP 4473)] [Thread 0x7fffbe6fd700 (LWP 4473) exited] [New Thread 0x7fffbe6fd700 (LWP 4474)] [New Thread 0x7fffbc1fe700 (LWP 4475)] [New Thread 0x7fffbeefe700 (LWP 4476)] Program received signal SIGSEGV, Segmentation fault. PatchJump (label=..., jump=...) at /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h:716 716 /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h: Немає такого файла або каталогу. Continuing. [Thread 0x7fffbc1fe700 (LWP 4475) exited] Program received signal SIGSEGV, Segmentation fault. PatchJump (label=..., jump=...) at /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h:716 716 in /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h Continuing. [New Thread 0x7fffbc1fe700 (LWP 4515)] [New Thread 0x7fffbb9fd700 (LWP 4516)] [New Thread 0x7fffb1eff700 (LWP 4517)] [Thread 0x7fffdc6ff700 (LWP 4472) exited] [New Thread 0x7fffb0cff700 (LWP 4518)] [New Thread 0x7fffb04fe700 (LWP 4519)] [New Thread 0x7fffaf396700 (LWP 4520)] [New Thread 0x7fffaeb95700 (LWP 4521)] [New Thread 0x7fffae394700 (LWP 4522)] [New Thread 0x7fffadb93700 (LWP 4523)] [New Thread 0x7fffad392700 (LWP 4524)] [New Thread 0x7fffac98e700 (LWP 4525)] [New Thread 0x7fffabaff700 (LWP 4526)] [New Thread 0x7fffab2fe700 (LWP 4527)] [New Thread 0x7fffbf948700 (LWP 4528)] Program received signal SIGSEGV, Segmentation fault. PatchJump (label=..., jump=...) at /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h:716 716 in /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h Continuing. Program received signal SIGSEGV, Segmentation fault. PatchJump (label=..., jump=...) at /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h:716 716 in /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h Continuing. [New Thread 0x7fffdc6ff700 (LWP 4533)] Program received signal SIGSEGV, Segmentation fault. PatchJump (label=..., jump=...) at /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h:716 716 in /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h Continuing. Program received signal SIGSEGV, Segmentation fault. PatchJump (label=..., jump=...) at /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h:716 716 in /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h Continuing. [New Thread 0x7fffa96ff700 (LWP 4545)] Program received signal SIGSEGV, Segmentation fault. PatchJump (label=..., jump=...) at /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h:716 716 in /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h Continuing. Program received signal SIGSEGV, Segmentation fault. PatchJump (label=..., jump=...) at /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h:716 716 in /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h Continuing. Program received signal SIGSEGV, Segmentation fault. PatchJump (label=..., jump=...) at /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h:716 716 in /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h Continuing. [New Thread 0x7fffa8efe700 (LWP 4551)] [Thread 0x7fffbc1fe700 (LWP 4515) exited] [New Thread 0x7fffbc1fe700 (LWP 4554)] [New Thread 0x7fffa5fff700 (LWP 4555)] Program received signal SIGSEGV, Segmentation fault. PatchJump (label=..., jump=...) at /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h:716 716 in /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h Continuing. Program received signal SIGSEGV, Segmentation fault. PatchJump (label=..., jump=...) at /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h:716 716 in /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h Continuing. [New Thread 0x7fffa4eff700 (LWP 4565)] [New Thread 0x7fffa46fe700 (LWP 4566)] [New Thread 0x7fffa34ff700 (LWP 4568)] [Thread 0x7fffa8efe700 (LWP 4551) exited] [New Thread 0x7fffa8efe700 (LWP 4569)] [New Thread 0x7fffa29ff700 (LWP 4570)] [New Thread 0x7fffa1dff700 (LWP 4571)] [New Thread 0x7fffa13ff700 (LWP 4587)] [New Thread 0x7fffa0dff700 (LWP 4588)] [New Thread 0x7fffa05fe700 (LWP 4589)] [Thread 0x7fffa05fe700 (LWP 4589) exited] [Thread 0x7fffa34ff700 (LWP 4568) exited] [New Thread 0x7fffa05fe700 (LWP 4590)] [New Thread 0x7fffa34ff700 (LWP 4600)] [New Thread 0x7fff976ff700 (LWP 4601)] [New Thread 0x7fff96efe700 (LWP 4603)] [New Thread 0x7fff960ff700 (LWP 4604)] [New Thread 0x7fff94fff700 (LWP 4607)] [Thread 0x7fff94fff700 (LWP 4607) exited] [New Thread 0x7fff94fff700 (LWP 4611)] [Thread 0x7fffaf396700 (LWP 4520) exited] [Thread 0x7fffdc6ff700 (LWP 4533) exited] [Thread 0x7fffadb93700 (LWP 4523) exited] [Thread 0x7fff960ff700 (LWP 4604) exited] [Thread 0x7fffa4eff700 (LWP 4565) exited] [Thread 0x7fff96efe700 (LWP 4603) exited] [Thread 0x7fffa96ff700 (LWP 4545) exited] [Thread 0x7fff976ff700 (LWP 4601) exited] [Thread 0x7fffabaff700 (LWP 4526) exited] [Thread 0x7fffa46fe700 (LWP 4566) exited] [Thread 0x7fffe2eff700 (LWP 4437) exited] [Thread 0x7fffac98e700 (LWP 4525) exited] [New Thread 0x7fffac98e700 (LWP 4613)] [Thread 0x7fffac98e700 (LWP 4613) exited] [Thread 0x7fffab2fe700 (LWP 4527) exited] [Thread 0x7fffbf948700 (LWP 4528) exited] [New Thread 0x7fffac98e700 (LWP 4615)] [Thread 0x7fffad392700 (LWP 4524) exited] [Thread 0x7fffb04fe700 (LWP 4519) exited] [Thread 0x7fffac98e700 (LWP 4615) exited] [Thread 0x7fffae394700 (LWP 4522) exited] [Thread 0x7fffe3030700 (LWP 4445) exited] [Thread 0x7fffbd3fe700 (LWP 4460) exited] [Thread 0x7fffc07ff700 (LWP 4454) exited] [Thread 0x7fffc15ff700 (LWP 4452) exited] [Thread 0x7fffa13ff700 (LWP 4587) exited] [Thread 0x7fffbc9ff700 (LWP 4461) exited] [Thread 0x7fffbe6fd700 (LWP 4474) exited] [Thread 0x7fffa29ff700 (LWP 4570) exited] [Thread 0x7fffc01ff700 (LWP 4455) exited] [Thread 0x7fffa0dff700 (LWP 4588) exited] [Thread 0x7fffbdbff700 (LWP 4459) exited] [Thread 0x7fffdd4ff700 (LWP 4446) exited] [Thread 0x7fffa5fff700 (LWP 4555) exited] [Thread 0x7fffbc1fe700 (LWP 4554) exited] [Thread 0x7fffa34ff700 (LWP 4600) exited] [Thread 0x7fffb0cff700 (LWP 4518) exited] [Thread 0x7fffb1eff700 (LWP 4517) exited] [Thread 0x7fffa8efe700 (LWP 4569) exited] [Thread 0x7fffbb9fd700 (LWP 4516) exited] [Thread 0x7fffa05fe700 (LWP 4590) exited] Program received signal SIGSEGV, Segmentation fault. 0x0000000000000000 in ?? () Continuing. [Thread 0x7fffdccfe700 (LWP 4450) exited] [Thread 0x7fff94fff700 (LWP 4611) exited] [Thread 0x7fffa1dff700 (LWP 4571) exited] [Thread 0x7fffaeb95700 (LWP 4521) exited] [Thread 0x7fffbeefe700 (LWP 4476) exited] [Thread 0x7fffdbefe700 (LWP 4451) exited] [Thread 0x7fffddbfd700 (LWP 4449) exited] [Thread 0x7fffe0ee4700 (LWP 4448) exited] [Thread 0x7fffde3fe700 (LWP 4444) exited] [Thread 0x7fffdebff700 (LWP 4443) exited] [Thread 0x7fffe0934700 (LWP 4440) exited] [Thread 0x7fffe16e5700 (LWP 4439) exited] [Thread 0x7fffe1ee6700 (LWP 4438) exited] [Thread 0x7fffe9be4700 (LWP 4436) exited] [Inferior 1 (process 4417) exited with code 013] The program is not being run. No stack. No stack. No stack.
(In reply to comment #17) > But when crash after firefox closing happend I still could not run bt ('no > stack' reply on my 'bt' try): [...] > Program received signal SIGSEGV, Segmentation fault. > 0x0000000000000000 in ?? () > Continuing. I think this is the crash, so you should run 'bt full' here instead of 'continue'. > [Inferior 1 (process 4417) exited with code 013] > The program is not being run. > No stack. There is no stack because the process terminated.
Yes, it seems several crash happens during debugging. But Firefox not closed. And at last I reached the crash that happens after closing Firefox. But if several crashes happens before the crash closing Firefox, how it could be possible to backtrace it ? If I try to run bt/bt full immediately after first segmentation fault, it writes the following: #0 PatchJump (label=..., jump=...) at /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h:716 No locals. #1 js::jit::JitRuntime::patchIonBackedges (this=<optimized out>, rt=<optimized out>, target=target@entry=js::jit::JitRuntime::BackedgeLoopHeader) at /build/buildd/firefox-31.0+build1/js/src/jit/Ion.cpp:412 iter = {iter = 0x7fffb95d1de0} #2 0x00007ffff32cab85 in js::jit::InterruptCheck (cx=0x7fffdeb54480) at /build/buildd/firefox-31.0+build1/js/src/jit/VMFunctions.cpp:523 No locals. #3 0x00007ffff7e5527a in ?? () No symbol table info available. #4 0x00007fffffff78b8 in ?? () No symbol table info available. #5 0x00007fffffff7840 in ?? () No symbol table info available. #6 0x00007ffff54f0840 in DeepCloneObjectLiteralInfo () from /usr/lib/firefox/libxul.so No symbol table info available. #7 0x00007fffe0d34880 in ?? () No symbol table info available. #8 0x00007fffe0adde71 in ?? () No symbol table info available. #9 0x0000000000000601 in ?? () No symbol table info available. #10 0x00007fffffff78b8 in ?? () No symbol table info available. #11 0xfffbffffbdc542b0 in ?? () No symbol table info available. #12 0xfffbffffdb521b00 in ?? () No symbol table info available. #13 0x4cfbc8b851ea6000 in ?? () No symbol table info available. #14 0x00007fffffff7990 in ?? () No symbol table info available. #15 0xfff8800000000058 in ?? () No symbol table info available. #16 0x00007fffdb530a80 in ?? () No symbol table info available. #17 0x0000000000000000 in ?? () No symbol table info available. #0 PatchJump (label=..., jump=...) at /build/buildd/firefox-31.0+build1/js/src/jit/x64/Assembler-x64.h:716 #1 js::jit::JitRuntime::patchIonBackedges (this=<optimized out>, rt=<optimized out>, target=target@entry=js::jit::JitRuntime::BackedgeLoopHeader) at /build/buildd/firefox-31.0+build1/js/src/jit/Ion.cpp:412 #2 0x00007ffff32cab85 in js::jit::InterruptCheck (cx=0x7fffdeb54480) at /build/buildd/firefox-31.0+build1/js/src/jit/VMFunctions.cpp:523 #3 0x00007ffff7e5527a in ?? () #4 0x00007fffffff78b8 in ?? () #5 0x00007fffffff7840 in ?? () #6 0x00007ffff54f0840 in DeepCloneObjectLiteralInfo () from /usr/lib/firefox/libxul.so #7 0x00007fffe0d34880 in ?? () #8 0x00007fffe0adde71 in ?? () #9 0x0000000000000601 in ?? () #10 0x00007fffffff78b8 in ?? () #11 0xfffbffffbdc542b0 in ?? () #12 0xfffbffffdb521b00 in ?? () #13 0x4cfbc8b851ea6000 in ?? () #14 0x00007fffffff7990 in ?? () #15 0xfff8800000000058 in ?? () #16 0x00007fffdb530a80 in ?? () #17 0x0000000000000000 in ?? () Where are those damn symbols ? o_O
Created attachment 104576 [details] Debugging output
Recently tried another way. Please, look at attachment. May be this way result will be something helpfull (?)
What happens if you set this environment variable and test firefox? R600_DEBUG=nosb
(In reply to comment #22) > What happens if you set this environment variable and test firefox? > > R600_DEBUG=nosb Whan do you mean 'test firefox' ? Try to debug it again ?
No, just try to reproduce the bug while the environment variable is set.
Recently tried: exec=env R600_DEBUG=nosb firefox After exiting firefox crashed too. P.S. Let me guess, you need output (do you ?)
(In reply to comment #25) > Recently tried: > > exec=env R600_DEBUG=nosb firefox > > After exiting firefox crashed too. > > P.S. Let me guess, you need output (do you ?) Not really. Your previous backtrace showed that it doesn't crash in Mesa. I just don't understand why.
(In reply to comment #17) > Program received signal SIGSEGV, Segmentation fault. > PatchJump (label=..., jump=...) at When it says 'PatchJump (label=..., jump=...) at [...]', it's not a crash but normal JavaScript JIT operation. Run 'continue' in that case. > Program received signal SIGSEGV, Segmentation fault. > 0x0000000000000000 in ?? () Only when it says '0x0000000000000000 in ?? ()' is it the crash you're looking for. Run 'bt full' in that case and attach the output here.
(In reply to comment #27) > (In reply to comment #17) > > Program received signal SIGSEGV, Segmentation fault. > > PatchJump (label=..., jump=...) at > > When it says 'PatchJump (label=..., jump=...) at [...]', it's not a crash > but normal JavaScript JIT operation. Run 'continue' in that case. > > > > Program received signal SIGSEGV, Segmentation fault. > > 0x0000000000000000 in ?? () > > Only when it says '0x0000000000000000 in ?? ()' is it the crash you're > looking for. Run 'bt full' in that case and attach the output here. I told already that bt / bt full gives nothing: Program received signal SIGSEGV, Segmentation fault. 0x00007fffe09f1d89 in ?? () (gdb) bt full #0 0x00007fffe09f1d89 in ?? () No symbol table info available. #1 0x0000000000000500 in ?? () No symbol table info available. #2 0x00007fffb86d3900 in ?? () No symbol table info available. #3 0x0000000000000003 in ?? () No symbol table info available. #4 0xfffbffffb86d0f00 in ?? () No symbol table info available. #5 0xfffaffffdd4a9720 in ?? () No symbol table info available. Any suggestions ?
(In reply to comment #28) > Program received signal SIGSEGV, Segmentation fault. > 0x00007fffe09f1d89 in ?? () Since this is not 0x0000000000000000, this looks like a different crash, or maybe still just normal JavaScript JIT operation. Please continue until you get a SIGSEGV at 0x0000000000000000, then try bt full.
(In reply to comment #29) > (In reply to comment #28) > > Program received signal SIGSEGV, Segmentation fault. > > 0x00007fffe09f1d89 in ?? () > > Since this is not 0x0000000000000000, this looks like a different crash, or > maybe still just normal JavaScript JIT operation. Please continue until you > get a SIGSEGV at 0x0000000000000000, then try bt full. Please, look in Debugging output attachment. There are two times #17 0x0000000000000000 in ?? () And then 'No symbol table info available.' appears when I enter 'bt full'.
Here it is another one time again: Program received signal SIGSEGV, Segmentation fault. 0x0000000000000000 in ?? () (gdb) bt full #0 0x0000000000000000 in ?? () No symbol table info available. #1 0x00007fffb5eeb842 in pipe_sampler_view_reference (view=0x0, ptr=0x7fff9bda5160) at ../../../../src/gallium/auxiliary/util/u_inlines.h:151 old_view = <optimized out> #2 st_texture_release_all_sampler_views (stObj=stObj@entry=0x7fffacd0c800) at ../../../../src/mesa/state_tracker/st_texture.c:515 i = 0 #3 0x00007fffb5ebceba in st_DeleteTextureObject (ctx=0x7fffb2e24000, texObj=0x7fffacd0c800) at ../../../../src/mesa/state_tracker/st_cb_texture.c:158 No locals. #4 0x00007fffb5e47a6e in free_shared_state (shared=<optimized out>, ctx=<optimized out>) at ../../../../src/mesa/main/shared.c:298 No locals. #5 _mesa_reference_shared_state (ctx=ctx@entry=0x7fffb2e24000, ptr=ptr@entry=0x7fffb2e24000, state=state@entry=0x0) at ../../../../src/mesa/main/shared.c:389 old = 0x7fffbaa6d640 delete = <optimized out> __PRETTY_FUNCTION__ = "_mesa_reference_shared_state" #6 0x00007fffb5d8d7ec in _mesa_free_context_data (ctx=ctx@entry=0x7fffb2e24000) at ../../../../src/mesa/main/context.c:1255 No locals. #7 0x00007fffb5ec0fa1 in st_destroy_context (st=0x7fffb2e5c000) at ../../../../src/mesa/state_tracker/st_context.c:367 pipe = 0x7fffb7e5c000 cso = 0x7fffb2e75000 ctx = 0x7fffb2e24000 i = 4 #8 0x00007fffb5f9850f in dri_destroy_context (cPriv=<optimized out>) at ../../../../../../src/gallium/state_trackers/dri/dri_context.c:174 No locals. #9 0x00007fffb5f94fa3 in driDestroyContext (pcp=0x7fffb7e30f40) at ../../../../../../../src/mesa/drivers/dri/common/dri_util.c:487 No locals. #10 0x00007fffb7bb2daf in ?? () from /usr/lib/x86_64-linux-gnu/mesa/libGL.so.1 No symbol table info available. #11 0x00007fffb7b8c3b9 in glXDestroyContext () from /usr/lib/x86_64-linux-gnu/mesa/libGL.so.1 No symbol table info available. #12 0x00007ffff211d8f6 in mozilla::gl::GLContextGLX::~GLContextGLX (this=0x7fffb2e4e000, __in_chrg=<optimized out>) at /build/buildd/firefox-31.0+build1/gfx/gl/GLContextProviderGLX.cpp:840 No locals. #13 0x00007ffff211d935 in mozilla::gl::GLContextGLX::~GLContextGLX (this=0x7fffb2e4e000, __in_chrg=<optimized out>) at /build/buildd/firefox-31.0+build1/gfx/gl/GLContextProviderGLX.cpp:845 No locals. #14 0x00007ffff214ce4f in gfxPlatform::Shutdown () at /build/buildd/firefox-31.0+build1/gfx/thebes/gfxPlatform.cpp:484 No locals. #15 0x00007ffff256be4c in LayoutModuleDtor () at /build/buildd/firefox-31.0+build1/layout/build/nsLayoutModule.cpp:1257 No locals. #16 0x00007ffff1d064be in nsComponentManagerImpl::KnownModule::~KnownModule (this=0x7fffe8cc0c40, __in_chrg=<optimized out>) at /build/buildd/firefox-31.0+build1/xpcom/components/nsComponentManager.h:226 No locals. #17 0x00007ffff1d09401 in nsAutoPtr<nsComponentManagerImpl::KnownModule>::~nsAutoPtr (this=<optimized out>, __in_chrg=<optimized out>) at ../../dist/include/nsAutoPtr.h:72 No locals. #18 0x00007ffff1d09438 in Destruct (e=0x7ffff6c828c8) at ../../dist/include/nsTArray.h:536 No locals. #19 DestructRange (count=59, start=0, this=0x7ffff6c5caf8) at ../../dist/include/nsTArray.h:1585 iter = 0x7ffff6c828c8 end = 0x7ffff6c829e0 #20 RemoveElementsAt (count=59, start=0, this=0x7ffff6c5caf8) at ../../dist/include/nsTArray.h:1302 No locals. #21 nsTArray_Impl<nsAutoPtr<nsComponentManagerImpl::KnownModule>, nsTArrayInfallibleAllocator>::Clear (this=this@entry=0x7ffff6c5caf8) at ../../dist/include/nsTArray.h:1313 No locals. #22 0x00007ffff1d094cf in nsComponentManagerImpl::Shutdown (this=0x7ffff6c5c9e0) at /build/buildd/firefox-31.0+build1/xpcom/components/nsComponentManager.cpp:788 No locals. #23 0x00007ffff1cd1292 in mozilla::ShutdownXPCOM (servMgr=<optimized out>) at /build/buildd/firefox-31.0+build1/xpcom/build/nsXPComInit.cpp:909 rv = <optimized out> moduleLoaders = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>} #24 0x00007ffff2df0675 in ScopedXPCOMStartup::~ScopedXPCOMStartup (this=0x7ffff6c77728, __in_chrg=<optimized out>) at /build/buildd/firefox-31.0+build1/toolkit/xre/nsAppRunner.cpp:1202 appStartup = {<nsCOMPtr_base> = {mRawPtr = 0x7fffdd938060}, <No data fields>} ---Type <return> to continue, or q <return> to quit---
Created attachment 105815 [details] [review] hack Could you please test this patch?
Sorry, but again I don't know how. Do I need to compile MESA from source to try your patch ?
Yes. I cannot reproduce this bug, so there's nothing else I can do.
(In reply to comment #34) > Yes. > > I cannot reproduce this bug, so there's nothing else I can do. Steps to reproduce the bug: -Set "layers.acceleration.force-enabled" to true -Set "layers.offmainthreadcomposition.enabled" to true -Launch Firefox with MOZ_USE_OMTC=1 environment variable -Exit Firefox To verify that Firefox uses OpenGL acceleration, go to about:support and in the graphics section, "GPU Accelerated Windows" should be "1/1 OpenGL (OMTC)". I'm able to reproduce the bug on AMD RV770 and Intel 945GM.
(In reply to comment #35) > > Steps to reproduce the bug: > > -Set "layers.acceleration.force-enabled" to true > -Set "layers.offmainthreadcomposition.enabled" to true > -Launch Firefox with MOZ_USE_OMTC=1 environment variable > -Exit Firefox > > To verify that Firefox uses OpenGL acceleration, go to about:support and in > the graphics section, "GPU Accelerated Windows" should be "1/1 OpenGL > (OMTC)". Confirmed on Evergreen with firefox 31.0-2.fc19.x86_64 Marek, your patch doesn't fix the crash.
Firefox 32. MESA 10.4-Git. Still crashes.
same here with and without your patch and the settings described in comment #35. (r600g radeon hd5770)
Firefox 33.0~b7. MESA 10.4~git. Still crashes.
Created attachment 107124 [details] [review] possible fix Could you please test this patch?
No longer crashes after applying the patch here!
(In reply to comment #40) > Created attachment 107124 [details] [review] [review] > possible fix > > Could you please test this patch? Tested-by: Benjamin Bellec <b.bellec@gmail.com> Your patch fixes the crash. Tested on Evergreen.
Commit?
The patch was rejected. Christian said he would take a look at the issue.
(In reply to Marek Olšák from comment #44) > The patch was rejected. Christian said he would take a look at the issue. I unfortunately got distracted by something else. Feel free to commit the workaround for now, just add another code comment that we should take a closer look sooner or later.
I pushed the patch. Closing.
*** Bug 89745 has been marked as a duplicate of this bug. ***
*** Bug 82109 has been marked as a duplicate of this bug. ***
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.