Bug#955747: libgl1-mesa-dri: all GL programms crash on startup
Hello Felix Rublack,
I do not know if the maintainer are able to reproduce this issue,
but instead or additional to the strace a backtrace of the crash
might help them. The easiest way might be to install systemd-coredump
and look at "journalctl -e" after a crash. More info in [1].
(Even better with debug symbols installed.)
Nevertheless the segfault lines in dmesg lead to
following locations in iris_dri.so:
mpv/vo:
function iris_resource_bo called from function stream_state:
https://sources.debian.org/src/mesa/20.0.2-1/src/gallium/drivers/iris/iris_resource.h/#L290
https://sources.debian.org/src/mesa/20.0.2-1/src/gallium/drivers/iris/iris_blorp.c/#L60 until L63
vlc:
glxgears:
function GEN9_3DSTATE_VERTEX_ELEMENTS_pack called from iris_blorp_exec:
file src/intel/genxml/gen9_pack.h, line 6901. (unfortunately a generated file?)
maybe related to https://sources.debian.org/src/mesa/20.0.2-1/src/intel/blorp/blorp_genX_exec.h/#L550
Kind regards,
Bernhard
[1] https://wiki.debian.org/HowToGetABacktrace
From submitter:
[ 37.001269] mpv/vo[1739]: segfault at a0 ip 00007fe5d34a62a8 sp 00007fe5e6092de0 error 4 in iris_dri.so[7fe5d2a8d000+d2e000]
[ 37.001276] Code: 44 24 18 48 c7 44 24 10 00 00 00 00 48 c7 44 24 18 00 00 00 00 50 4c 8d 4c 24 18 e8 e2 a4 b6 ff 48 8b 44 24 18 31 d2 48 89 ef <4c> 8b b0 a0 00 00 00 4c 89 f6 e8 09 94 fd ff 48 8b bd 28 01 00 00
[ 46.419999] vlc[1778]: segfault at 24 ip 00007fcc272a4c06 sp 00007fcbf9e01c50 error 6 in iris_dri.so[7fcc2688b000+d2e000]
[ 46.420006] Code: 7e 30 44 01 ff 81 ff ff ff 00 00 0f 87 ab 17 00 00 49 01 c7 4c 89 7e 38 48 85 c0 0f 84 2c 02 00 00 83 ea 01 81 ca 00 00 09 78 <89> 10 48 8d 50 04 45 85 ed 74 74 41 8d 75 ff 48 8d 74 f0 0c 66 0f
[ 57.343120] glxgears[1785]: segfault at 24 ip 00007f4a1467ec06 sp 00007ffd2389b2f0 error 6 in iris_dri.so[7f4a13c65000+d2e000]
[ 57.343126] Code: 7e 30 44 01 ff 81 ff ff ff 00 00 0f 87 ab 17 00 00 49 01 c7 4c 89 7e 38 48 85 c0 0f 84 2c 02 00 00 83 ea 01 81 ca 00 00 09 78 <89> 10 48 8d 50 04 45 85 ed 74 74 41 8d 75 ff 48 8d 74 f0 0c 66 0f
https://wiki.debian.org/InterpretingKernelOutputAtProcessCrash
"error 4" == 0: no page found, 0: read access, 1: user-mode access
"error 6" == 0: no page found, 1: write access, 1: user-mode access
echo -n "find /b ..., ..., 0x" && \
> echo "44 24 18 48 c7 44 24 10 00 00 00 00 48 c7 44 24 18 00 00 00 00 50 4c 8d 4c 24 18 e8 e2 a4 b6 ff 48 8b 44 24 18 31 d2 48 89 ef <4c> 8b b0 a0 00 00 00 4c 89 f6 e8 09 94 fd ff 48 8b bd 28 01 00 00" \
> | sed 's/[<>]//g' | sed 's/ /, 0x/g'
find /b ..., ..., 0x44, 0x24, 0x18, 0x48, 0xc7, 0x44, 0x24, 0x10, 0x00, 0x00, 0x00, 0x00, 0x48, 0xc7, 0x44, 0x24, 0x18, 0x00, 0x00, 0x00, 0x00, 0x50, 0x4c, 0x8d, 0x4c, 0x24, 0x18, 0xe8, 0xe2, 0xa4, 0xb6, 0xff, 0x48, 0x8b, 0x44, 0x24, 0x18, 0x31, 0xd2, 0x48, 0x89, 0xef, 0x4c, 0x8b, 0xb0, 0xa0, 0x00, 0x00, 0x00, 0x4c, 0x89, 0xf6, 0xe8, 0x09, 0x94, 0xfd, 0xff, 0x48, 0x8b, 0xbd, 0x28, 0x01, 0x00, 0x00
$ echo -n "find /b ..., ..., 0x" && \
> echo "7e 30 44 01 ff 81 ff ff ff 00 00 0f 87 ab 17 00 00 49 01 c7 4c 89 7e 38 48 85 c0 0f 84 2c 02 00 00 83 ea 01 81 ca 00 00 09 78 <89> 10 48 8d 50 04 45 85 ed 74 74 41 8d 75 ff 48 8d 74 f0 0c 66 0f" \
> | sed 's/[<>]//g' | sed 's/ /, 0x/g'
find /b ..., ..., 0x7e, 0x30, 0x44, 0x01, 0xff, 0x81, 0xff, 0xff, 0xff, 0x00, 0x00, 0x0f, 0x87, 0xab, 0x17, 0x00, 0x00, 0x49, 0x01, 0xc7, 0x4c, 0x89, 0x7e, 0x38, 0x48, 0x85, 0xc0, 0x0f, 0x84, 0x2c, 0x02, 0x00, 0x00, 0x83, 0xea, 0x01, 0x81, 0xca, 0x00, 0x00, 0x09, 0x78, 0x89, 0x10, 0x48, 0x8d, 0x50, 0x04, 0x45, 0x85, 0xed, 0x74, 0x74, 0x41, 0x8d, 0x75, 0xff, 0x48, 0x8d, 0x74, 0xf0, 0x0c, 0x66, 0x0f
############
# Unstable amd64 qemu VM 2020-04-04
apt update
apt dist-upgrade
apt install systemd-coredump sddm xserver-xorg openbox xterm gdb mesa-utils mesa-utils-dbgsym libgl1-mesa-dri-dbgsym
gdb -q
set width 0
set pagination off
file /usr/bin/glxgears
b main
set environment LD_PRELOAD=/usr/lib/x86_64-linux-gnu/dri/iris_dri.so
run
dele 1
info share
find ...
b * (... + 42)
info b
$ gdb -q
(gdb) set width 0
(gdb) set pagination off
(gdb) file /usr/bin/glxgears
Reading symbols from /usr/bin/glxgears...
Reading symbols from /usr/lib/debug/.build-id/40/dc623a2c150d26c9229676fba7f45a49aed7d7.debug...
(gdb) b main
Breakpoint 1 at 0x2410: file glxgears.c, line 723.
(gdb) set environment LD_PRELOAD=/usr/lib/x86_64-linux-gnu/dri/iris_dri.so
(gdb) run
Starting program: /usr/bin/glxgears
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Breakpoint 1, main (argc=1, argv=0x7fffffffe608) at glxgears.c:723
723 glxgears.c: Datei oder Verzeichnis nicht gefunden.
(gdb) dele 1
(gdb) info share
From To Syms Read Shared Object Library
...
0x00007ffff6a5e010 0x00007ffff7788b1e Yes /usr/lib/x86_64-linux-gnu/dri/iris_dri.so
...
(*): Shared library is missing debugging information.
(gdb) find /b 0x00007ffff6a5e010, 0x00007ffff7788b1e, 0x44, 0x24, 0x18, 0x48, 0xc7, 0x44, 0x24, 0x10, 0x00, 0x00, 0x00, 0x00, 0x48, 0xc7, 0x44, 0x24, 0x18, 0x00, 0x00, 0x00, 0x00, 0x50, 0x4c, 0x8d, 0x4c, 0x24, 0x18, 0xe8, 0xe2, 0xa4, 0xb6, 0xff, 0x48, 0x8b, 0x44, 0x24, 0x18, 0x31, 0xd2, 0x48, 0x89, 0xef, 0x4c, 0x8b, 0xb0, 0xa0, 0x00, 0x00, 0x00, 0x4c, 0x89, 0xf6, 0xe8, 0x09, 0x94, 0xfd, 0xff, 0x48, 0x8b, 0xbd, 0x28, 0x01, 0x00, 0x00
0x7ffff747427e <stream_state+46>
1 pattern found.
(gdb) b * (0x7ffff747427e + 42)
Breakpoint 2 at 0x7ffff74742a8: file ../src/gallium/drivers/iris/iris_resource.h, line 290.
(gdb) info b
Num Type Disp Enb Address What
2 breakpoint keep y 0x00007ffff74742a8 in iris_resource_bo at ../src/gallium/drivers/iris/iris_resource.h:290
(gdb) disassemble /r (0x7ffff747427e + 42) -50, (0x7ffff747427e + 42) +30
Dump of assembler code from 0x7ffff7474276 to 0x7ffff74742c6:
0x00007ffff7474276 <stream_state+38>: 89 44 24 20 mov %eax,0x20(%rsp)
0x00007ffff747427a <stream_state+42>: 31 c0 xor %eax,%eax
0x00007ffff747427c <stream_state+44>: 48 8d 44 24 18 lea 0x18(%rsp),%rax
0x00007ffff7474281 <stream_state+49>: 48 c7 44 24 10 00 00 00 00 movq $0x0,0x10(%rsp)
0x00007ffff747428a <stream_state+58>: 48 c7 44 24 18 00 00 00 00 movq $0x0,0x18(%rsp)
0x00007ffff7474293 <stream_state+67>: 50 push %rax
0x00007ffff7474294 <stream_state+68>: 4c 8d 4c 24 18 lea 0x18(%rsp),%r9
0x00007ffff7474299 <stream_state+73>: e8 e2 a4 b6 ff callq 0x7ffff6fde780 <u_upload_alloc>
0x00007ffff747429e <stream_state+78>: 48 8b 44 24 18 mov 0x18(%rsp),%rax
0x00007ffff74742a3 <stream_state+83>: 31 d2 xor %edx,%edx
0x00007ffff74742a5 <stream_state+85>: 48 89 ef mov %rbp,%rdi
>>>0x00007ffff74742a8 <stream_state+88>: 4c 8b b0 a0 00 00 00 mov 0xa0(%rax),%r14
0x00007ffff74742af <stream_state+95>: 4c 89 f6 mov %r14,%rsi
0x00007ffff74742b2 <stream_state+98>: e8 09 94 fd ff callq 0x7ffff744d6c0 <iris_use_pinned_bo>
0x00007ffff74742b7 <stream_state+103>: 48 8b bd 28 01 00 00 mov 0x128(%rbp),%rdi
0x00007ffff74742be <stream_state+110>: 58 pop %rax
0x00007ffff74742bf <stream_state+111>: 5a pop %rdx
0x00007ffff74742c0 <stream_state+112>: 48 85 ff test %rdi,%rdi
0x00007ffff74742c3 <stream_state+115>: 74 0f je 0x7ffff74742d4 <stream_state+132>
0x00007ffff74742c5 <stream_state+117>: 41 8b 75 00 mov 0x0(%r13),%esi
End of assembler dump.
(gdb) b *0x00007ffff74742a5
Breakpoint 3 at 0x7ffff74742a5: file ../src/gallium/drivers/iris/iris_resource.h, line 290.
(gdb) b *0x00007ffff74742a3
Breakpoint 4 at 0x7ffff74742a3: file ../src/gallium/drivers/iris/iris_resource.h, line 290.
(gdb) b *0x00007ffff747429e
Breakpoint 5 at 0x7ffff747429e: file ../src/gallium/drivers/iris/iris_resource.h, line 290.
(gdb) b *0x00007ffff7474299
Breakpoint 6 at 0x7ffff7474299: file ../src/gallium/drivers/iris/iris_blorp.c, line 60.
(gdb) info b
Num Type Disp Enb Address What
2 breakpoint keep y 0x00007ffff74742a8 in iris_resource_bo at ../src/gallium/drivers/iris/iris_resource.h:290
3 breakpoint keep y 0x00007ffff7474c06 in GEN9_3DSTATE_VERTEX_ELEMENTS_pack at src/intel/genxml/gen9_pack.h:6901
4 breakpoint keep y 0x00007ffff74742a5 in stream_state at ../src/gallium/drivers/iris/iris_resource.h:290
5 breakpoint keep y 0x00007ffff74742a3 in stream_state at ../src/gallium/drivers/iris/iris_resource.h:290
6 breakpoint keep y 0x00007ffff747429e in iris_resource_bo at ../src/gallium/drivers/iris/iris_resource.h:290
- https://sources.debian.org/src/mesa/20.0.2-1/src/gallium/drivers/iris/iris_blorp.c/#L60 until L63
(gdb) find /b 0x00007ffff6a5e010, 0x00007ffff7788b1e, 0x7e, 0x30, 0x44, 0x01, 0xff, 0x81, 0xff, 0xff, 0xff, 0x00, 0x00, 0x0f, 0x87, 0xab, 0x17, 0x00, 0x00, 0x49, 0x01, 0xc7, 0x4c, 0x89, 0x7e, 0x38, 0x48, 0x85, 0xc0, 0x0f, 0x84, 0x2c, 0x02, 0x00, 0x00, 0x83, 0xea, 0x01, 0x81, 0xca, 0x00, 0x00, 0x09, 0x78, 0x89, 0x10, 0x48, 0x8d, 0x50, 0x04, 0x45, 0x85, 0xed, 0x74, 0x74, 0x41, 0x8d, 0x75, 0xff, 0x48, 0x8d, 0x74, 0xf0, 0x0c, 0x66, 0x0f
0x7ffff7474bdc <iris_blorp_exec+1820>
1 pattern found.
(gdb) b * (0x7ffff7474bdc + 42)
Breakpoint 7 at 0x7ffff7474c06: file src/intel/genxml/gen9_pack.h, line 6901.
(gdb) info b
Num Type Disp Enb Address What
7 breakpoint keep y 0x00007ffff7474c06 in GEN9_3DSTATE_VERTEX_ELEMENTS_pack at src/intel/genxml/gen9_pack.h:6901
(gdb) disassemble /r (0x7ffff7474bdc + 42) -50, (0x7ffff7474bdc + 42) +30
Dump of assembler code from 0x7ffff7474bd4 to 0x7ffff7474c24:
0x00007ffff7474bd4 <iris_blorp_exec+1812>: 8b 46 38 mov 0x38(%rsi),%eax
0x00007ffff7474bd7 <iris_blorp_exec+1815>: 48 89 c7 mov %rax,%rdi
0x00007ffff7474bda <iris_blorp_exec+1818>: 48 2b 7e 30 sub 0x30(%rsi),%rdi
0x00007ffff7474bde <iris_blorp_exec+1822>: 44 01 ff add %r15d,%edi
0x00007ffff7474be1 <iris_blorp_exec+1825>: 81 ff ff ff 00 00 cmp $0xffff,%edi
0x00007ffff7474be7 <iris_blorp_exec+1831>: 0f 87 ab 17 00 00 ja 0x7ffff7476398 <iris_blorp_exec+7896>
0x00007ffff7474bed <iris_blorp_exec+1837>: 49 01 c7 add %rax,%r15
0x00007ffff7474bf0 <iris_blorp_exec+1840>: 4c 89 7e 38 mov %r15,0x38(%rsi)
0x00007ffff7474bf4 <iris_blorp_exec+1844>: 48 85 c0 test %rax,%rax
0x00007ffff7474bf7 <iris_blorp_exec+1847>: 0f 84 2c 02 00 00 je 0x7ffff7474e29 <iris_blorp_exec+2409>
0x00007ffff7474bfd <iris_blorp_exec+1853>: 83 ea 01 sub $0x1,%edx
0x00007ffff7474c00 <iris_blorp_exec+1856>: 81 ca 00 00 09 78 or $0x78090000,%edx
>>>0x00007ffff7474c06 <iris_blorp_exec+1862>: 89 10 mov %edx,(%rax)
0x00007ffff7474c08 <iris_blorp_exec+1864>: 48 8d 50 04 lea 0x4(%rax),%rdx
0x00007ffff7474c0c <iris_blorp_exec+1868>: 45 85 ed test %r13d,%r13d
0x00007ffff7474c0f <iris_blorp_exec+1871>: 74 74 je 0x7ffff7474c85 <iris_blorp_exec+1989>
0x00007ffff7474c11 <iris_blorp_exec+1873>: 41 8d 75 ff lea -0x1(%r13),%esi
0x00007ffff7474c15 <iris_blorp_exec+1877>: 48 8d 74 f0 0c lea 0xc(%rax,%rsi,8),%rsi
0x00007ffff7474c1a <iris_blorp_exec+1882>: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
0x00007ffff7474c20 <iris_blorp_exec+1888>: 41 0f b6 46 04 movzbl 0x4(%r14),%eax
End of assembler dump.
(gdb) b *0x00007ffff7474c00
Breakpoint 8 at 0x7ffff7474c00: file src/intel/genxml/gen9_pack.h, line 6901.
(gdb) b *0x00007ffff7474bfd
Breakpoint 9 at 0x7ffff7474bfd: file src/intel/genxml/gen9_pack.h, line 6901.
(gdb) b *0x00007ffff7474bf7
Breakpoint 10 at 0x7ffff7474bf7: file ../src/intel/blorp/blorp_genX_exec.h, line 550.
(gdb) b *0x00007ffff7474bf4
Breakpoint 11 at 0x7ffff7474bf4: file ../src/intel/blorp/blorp_genX_exec.h, line 550.
(gdb) b *0x00007ffff7474bf0
Breakpoint 12 at 0x7ffff7474bf0: file ../src/gallium/drivers/iris/iris_batch.h, line 193.
(gdb) b *0x00007ffff7474bed
Breakpoint 13 at 0x7ffff7474bed: file ../src/gallium/drivers/iris/iris_batch.h, line 193.
(gdb) b *0x00007ffff7474be7
Breakpoint 14 at 0x7ffff7474be7: file ../src/gallium/drivers/iris/iris_batch.h, line 177.
(gdb) b *0x00007ffff7474be1
Breakpoint 15 at 0x7ffff7474be1: file ../src/gallium/drivers/iris/iris_batch.h, line 177.
(gdb) b *0x00007ffff7474bde
Breakpoint 16 at 0x7ffff7474bde: file ../src/gallium/drivers/iris/iris_batch.h, line 177.
(gdb) b *0x00007ffff7474bda
Breakpoint 17 at 0x7ffff7474bda: file ../src/gallium/drivers/iris/iris_batch.h, line 177.
(gdb) b *0x00007ffff7474bd7
Breakpoint 18 at 0x7ffff7474bd7: file ../src/gallium/drivers/iris/iris_batch.h, line 177.
(gdb) b *0x00007ffff7474bd4
Breakpoint 19 at 0x7ffff7474bd4: file ../src/gallium/drivers/iris/iris_batch.h, line 191.
(gdb) info b
Num Type Disp Enb Address What
...
8 breakpoint keep y 0x00007ffff7474c00 in GEN9_3DSTATE_VERTEX_ELEMENTS_pack at src/intel/genxml/gen9_pack.h:6901
9 breakpoint keep y 0x00007ffff7474bfd in blorp_emit_vertex_elements at src/intel/genxml/gen9_pack.h:6901
10 breakpoint keep y 0x00007ffff7474bf7 in blorp_emit_vertex_elements at ../src/intel/blorp/blorp_genX_exec.h:550
11 breakpoint keep y 0x00007ffff7474bf4 in blorp_emit_vertex_elements at ../src/intel/blorp/blorp_genX_exec.h:550
12 breakpoint keep y 0x00007ffff7474bf0 in iris_get_command_space at ../src/gallium/drivers/iris/iris_batch.h:193
13 breakpoint keep y 0x00007ffff7474bed in iris_get_command_space at ../src/gallium/drivers/iris/iris_batch.h:193
14 breakpoint keep y 0x00007ffff7474be7 in iris_require_command_space at ../src/gallium/drivers/iris/iris_batch.h:177
15 breakpoint keep y 0x00007ffff7474be1 in iris_require_command_space at ../src/gallium/drivers/iris/iris_batch.h:177
16 breakpoint keep y 0x00007ffff7474bde in iris_require_command_space at ../src/gallium/drivers/iris/iris_batch.h:177
17 breakpoint keep y 0x00007ffff7474bda in iris_batch_bytes_used at ../src/gallium/drivers/iris/iris_batch.h:177
18 breakpoint keep y 0x00007ffff7474bd7 in iris_batch_bytes_used at ../src/gallium/drivers/iris/iris_batch.h:177
19 breakpoint keep y 0x00007ffff7474bd4 in iris_require_command_space at ../src/gallium/drivers/iris/iris_batch.h:191
- Maybe somewhere in https://sources.debian.org/src/mesa/20.0.2-1/src/intel/blorp/blorp_genX_exec.h/#L550
Reply to: