Bug#1116427: panfrost: on ARM Mali G52 applications segfault in gallium/drivers/panfrost/pan_fb_preload.c:L876
Source: mesa
Version: 25.0.7-2
Severity: serious
Tags: patch
Forwarded: https://gitlab.freedesktop.org/mesa/mesa/-/issues/13191
X-Debbugs-Cc: debian-arm@lists.debian.org
User: debian-arm@lists.debian.org
Usertags: arm64
Hi,
I have an MNT Reform 2 with BananaPi A311D which comes with a ARM Mali G52 GPU
using the mesa panfrost driver. With 25.0.7, I get frequent segmentation faults
of several GUI applications after minutes or seconds of use. I can trigger the
problem very quickly by scrolling up and down the chat history in gajim. I
added the gdb backtrace to the end of this mail.
Luckily the issue is known upstream (see the Forwarded pseudo-header), fixed in
version 25.2.0 and very small and easy to backport to mesa 25.0.7 from Trixie.
I created a MR with the backported patch here:
https://salsa.debian.org/xorg-team/lib/mesa/-/merge_requests/62
I made this bug RC severity because the frequent crashes make using the
platform with GUI applications nearly unusable and creates data-loss when
applications crash before the save button was pressed.
Do you need help with getting this uploaded to trixie-updates?
Thanks!
cheers, josch
-- System Information:
Debian Release: 13.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable')
Architecture: arm64 (aarch64)
Foreign Architectures: armhf, i386, amd64
Kernel: Linux 6.12.38-mnt-reform-arm64 (SMP w/6 CPU threads)
Kernel taint flags: TAINT_CRAP, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
#0 0x0000ffffc2f57c14 in pan_preload_emit_varying_buffer (pool=<optimized out>, coordinates=<optimized out>) at ../src/gallium/drivers/panfrost/pan_fb_preload.c:876
#1 pan_preload_emit_dcd (cache=<optimized out>, pool=<optimized out>, fb=0xffffffffd3f0, zs=false, coordinates=<optimized out>, tsd=<optimized out>, out=<optimized out>, always_write=<optimized out>)
at ../src/gallium/drivers/panfrost/pan_fb_preload.c:1090
#2 pan_preload_emit_pre_frame_dcd (cache=cache@entry=0x33d8030, desc_pool=desc_pool@entry=0x35d7fe8, fb=fb@entry=0xffffffffd3f0, zs=zs@entry=false, coords=coords@entry=177171712, tsd=tsd@entry=177107200)
at ../src/gallium/drivers/panfrost/pan_fb_preload.c:1261
#3 0x0000ffffc2f58ca0 in pan_preload_fb_part (cache=0x33d8030, pool=0x35d7fe8, fb=0xffffffffd3f0, zs=false, coords=177171712, tsd=177107200) at ../src/gallium/drivers/panfrost/pan_fb_preload.c:1336
#4 pan_preload_fb_v7 (cache=0x33d8030, pool=pool@entry=0x35d7fe8, fb=fb@entry=0xffffffffd3f0, tsd=177107200, jobs=jobs@entry=0xffffffffd278) at ../src/gallium/drivers/panfrost/pan_fb_preload.c:1374
#5 0x0000ffffc2f595f0 in jm_preload_fb_v7 (batch=batch@entry=0x35d7ea8, fb=fb@entry=0xffffffffd3f0) at ../src/gallium/drivers/panfrost/pan_jm.c:253
#6 0x0000ffffc2f5183c in submit_batch (batch=0x35d7ea8, fb=0xffffffffd3f0) at ../src/gallium/drivers/panfrost/pan_cmdstream.c:4172
#7 0x0000ffffc2f2b120 in panfrost_batch_submit (ctx=ctx@entry=0x35d7900, batch=0x35d7ea8) at ../src/gallium/drivers/panfrost/pan_job.c:689
#8 0x0000ffffc2f2c01c in panfrost_flush_all_batches (ctx=ctx@entry=0x35d7900, reason=reason@entry=0x0) at ../src/gallium/drivers/panfrost/pan_job.c:726
#9 0x0000ffffc2f28008 in panfrost_flush (pipe=0x35d7900, fence=0x639dbb0, flags=<optimized out>) at ../src/gallium/drivers/panfrost/pan_context.c:111
#10 0x0000ffffc20c23fc in _mesa_fence_sync (ctx=0x35ee7c0, condition=37143, flags=0) at ../src/mesa/main/syncobj.c:297
#11 0x0000fffff439b970 in gsk_gl_frame_submit (frame=0x3412480 [GskGLFrame], pass_type=<optimized out>, vertex_buffer=0x38fd3b0 [GskGLMappedBuffer], globals_buffer=<optimized out>, op=0x0)
at ../../../gsk/gpu/gskglframe.c:202
#12 0x0000fffff43b57a0 in gsk_gpu_renderer_render (renderer=0x32eb840 [GskGLRenderer], root=0x62110c0 [GskContainerNode], region=<optimized out>) at ../../../gsk/gpu/gskgpurenderer.c:439
#13 0x0000fffff4360388 in gsk_renderer_render (renderer=renderer@entry=0x32eb840 [GskGLRenderer], root=root@entry=0x62110c0 [GskContainerNode], region=region@entry=0x5ea5d50) at ../../../gsk/gskrenderer.c:473
#14 0x0000fffff40e7a60 in gtk_widget_render (widget=<optimized out>, surface=0x33c6ee0 [GdkWaylandToplevel], region=region@entry=0x5ea5d50) at ../../../gtk/gtkwidget.c:12120
#15 0x0000fffff40efd38 in surface_render (surface=<optimized out>, region=region@entry=0x5ea5d50, widget=<optimized out>) at ../../../gtk/gtkwindow.c:4830
#20 0x0000fffff6c86320 in <emit signal 'render' on instance 0x33c6ee0 [GdkWaylandToplevel]> (instance=instance@entry=0x33c6ee0, signal_id=<optimized out>, detail=detail@entry=0) at ../../../gobject/gsignal.c:3597
#16 0x0000fffff429ff7c in _gdk_marshal_BOOLEAN__BOXEDv
(closure=0x37024a0, return_value=0xffffffffdda8, instance=<optimized out>, args=..., marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x33a3430) at gdk/gdkmarshalers.c:130
#17 0x0000fffff6c68b98 in _g_closure_invoke_va
(closure=closure@entry=0x37024a0, return_value=return_value@entry=0xffffffffdda8, instance=instance@entry=0x33c6ee0, args=..., n_params=n_params@entry=1, param_types=param_types@entry=0x33a3430)
at ../../../gobject/gclosure.c:898
#18 0x0000fffff6c7fb24 in signal_emit_valist_unlocked (instance=instance@entry=0x33c6ee0, signal_id=signal_id@entry=419, detail=detail@entry=0, var_args=...) at ../../../gobject/gsignal.c:3438
#19 0x0000fffff6c86278 in g_signal_emit_valist (instance=0x33c6ee0, signal_id=419, detail=0, var_args=...) at ../../../gobject/gsignal.c:3277
#21 0x0000fffff4342f38 in gdk_surface_paint_on_clock (clock=<optimized out>, data=0x33c6ee0) at ../../../gdk/gdksurface.c:1459
#22 gdk_surface_paint_on_clock (clock=<optimized out>, data=0x33c6ee0) at ../../../gdk/gdksurface.c:1435
#26 0x0000fffff6c86320 in <emit signal 'paint' on instance 0x2ce16f0 [GdkFrameClockIdle]> (instance=<optimized out>, signal_id=<optimized out>, detail=detail@entry=0) at ../../../gobject/gsignal.c:3597
#23 0x0000fffff6c68b98 in _g_closure_invoke_va
(closure=closure@entry=0x33a3b50, return_value=return_value@entry=0x0, instance=instance@entry=0x2ce16f0, args=..., n_params=n_params@entry=0, param_types=param_types@entry=0x0)
at ../../../gobject/gclosure.c:898
#24 0x0000fffff6c80964 in signal_emit_valist_unlocked (instance=instance@entry=0x2ce16f0, signal_id=signal_id@entry=428, detail=detail@entry=0, var_args=...) at ../../../gobject/gsignal.c:3438
#25 0x0000fffff6c86278 in g_signal_emit_valist (instance=0x2ce16f0, signal_id=428, detail=0, var_args=...) at ../../../gobject/gsignal.c:3277
#27 0x0000fffff4327c2c in _gdk_frame_clock_emit_paint (frame_clock=<optimized out>) at ../../../gdk/gdkframeclock.c:735
#28 0x0000fffff4328cc0 in gdk_frame_clock_paint_idle (data=data@entry=0x2ce16f0) at ../../../gdk/gdkframeclockidle.c:634
#29 0x0000fffff4328f60 in gdk_frame_clock_flush_idle (data=0x2ce16f0, data@entry=<error reading variable: value has been optimized out>) at ../../../gdk/gdkframeclockidle.c:400
#30 0x0000fffff6da2990 in g_timeout_dispatch (source=0x3057dd0, callback=<optimized out>, user_data=<optimized out>) at ../../../glib/gmain.c:5111
#31 0x0000fffff6d9f374 in g_main_dispatch (context=context@entry=0x113d600) at ../../../glib/gmain.c:3398
#32 0x0000fffff6da183c in g_main_context_dispatch_unlocked (context=0x113d600) at ../../../glib/gmain.c:4249
#33 g_main_context_iterate_unlocked (context=context@entry=0x113d600, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4314
#34 0x0000fffff6da20e4 in g_main_context_iteration (context=context@entry=0x113d600, may_block=may_block@entry=1) at ../../../glib/gmain.c:4379
#35 0x0000fffff544f74c in g_application_run (application=0x1b188a0 [gajim+gtk+application+GajimApplication], argc=1, argv=0x1645a30) at ../../../gio/gapplication.c:2715
#36 0x0000fffff7236a94 in ffi_call_SYSV () at ../src/aarch64/sysv.S:141
#37 0x0000fffff7236088 in ffi_call_int (cif=cif@entry=0x1a81620, fn=<optimized out>, orig_rvalue=orig_rvalue@entry=0xffffffffe878, avalue=0xfe0620, closure=closure@entry=0x0) at ../src/aarch64/ffi.c:832
#38 0x0000fffff72365ac in ffi_call (cif=cif@entry=0x1a81620, fn=<optimized out>, rvalue=rvalue@entry=0xffffffffe878, avalue=<optimized out>) at ../src/aarch64/ffi.c:841
#39 0x0000fffff6f052d8 in pygi_invoke_c_callable (function_cache=0x1a81560, state=0xffffffffe908, py_args=<optimized out>, py_kwargs=<optimized out>) at ../gi/pygi-invoke.c:731
#40 0x0000fffff6f0798c in pygi_function_cache_invoke (function_cache=<optimized out>, py_args=<optimized out>, py_kwargs=<optimized out>) at ../gi/pygi-cache.c:941
#41 0x00000000005179cc in _PyObject_Call (tstate=0xa6c840 <_PyRuntime+283040>, callable=0xfffff55f4e30, args=0xffffe8490c00, kwargs=<optimized out>) at ../Objects/call.c:361
#42 0x00000000004c5a1c in PyObject_Call (callable=<optimized out>, args=<optimized out>, kwargs=<optimized out>) at ../Objects/call.c:373
--Type <RET> for more, q to quit, c to continue without paging--c
#43 _PyEval_EvalFrameDefault (tstate=0xa6c840 <_PyRuntime+283040>, frame=0xfffff7fe7188, throwflag=177172320) at ../Python/generated_cases.c.h:1355
#44 0x00000000004bd320 in _PyEval_EvalFrame (tstate=0xa6c840 <_PyRuntime+283040>, frame=0xfffff7fe7020, throwflag=0) at ../Include/internal/pycore_ceval.h:119
#45 _PyEval_Vector (args=0x0, argcount=0, kwnames=0x0, tstate=0xa6c840 <_PyRuntime+283040>, func=0xfffff7c61440, locals=<optimized out>)
at ../Python/ceval.c:1816
#46 PyEval_EvalCode (co=<optimized out>, globals=0xfffff7730400, locals=<optimized out>) at ../Python/ceval.c:604
#47 0x0000000000640abc in run_eval_code_obj (tstate=0xa6c840 <_PyRuntime+283040>, co=0xfffff7c15e30, globals=0xfffff7730400, locals=0xfffff7730400)
at ../Python/pythonrun.c:1381
#48 0x000000000063c4b0 in run_mod
(mod=<optimized out>, filename=<optimized out>, globals=0xfffff7730400, locals=0xfffff7730400, flags=<optimized out>, arena=<optimized out>, interactive_src=<optimized out>, generate_new_source=<optimized out>) at ../Python/pythonrun.c:1466
#49 0x000000000065ffb0 in pyrun_file
(fp=fp@entry=0xb0c6e0, filename=filename@entry=0xfffff7730570, start=start@entry=257, globals=globals@entry=0xfffff7730400, locals=locals@entry=0xfffff7730400, closeit=closeit@entry=1, flags=flags@entry=0xffffffffee38) at ../Python/pythonrun.c:1295
#50 0x000000000065f854 in _PyRun_SimpleFileObject
(fp=fp@entry=0xb0c6e0, filename=filename@entry=0xfffff7730570, closeit=closeit@entry=1, flags=flags@entry=0xffffffffee38) at ../Python/pythonrun.c:517
#51 0x000000000065f5f0 in _PyRun_AnyFileObject (fp=0xb0c6e0, filename=0xfffff7730570, closeit=1, flags=0xffffffffee38) at ../Python/pythonrun.c:77
#52 0x000000000065d8f8 in pymain_run_file_obj (program_name=0xfffff77b0570, filename=0xfffff7730570, skip_source_first_line=0) at ../Modules/main.c:410
#53 pymain_run_file (config=0xa3ef38 <_PyRuntime+96408>) at ../Modules/main.c:429
#54 pymain_run_python (exitcode=0xffffffffee2c) at ../Modules/main.c:697
#55 Py_RunMain () at ../Modules/main.c:776
#56 0x000000000060b148 in Py_BytesMain (argc=<optimized out>, argv=<optimized out>) at ../Modules/main.c:830
#57 0x0000fffff7cb229c in __libc_start_call_main (main=main@entry=0x609d74 <_start+52>, argc=argc@entry=2, argv=argv@entry=0xfffffffff088)
at ../sysdeps/nptl/libc_start_call_main.h:58
#58 0x0000fffff7cb237c in __libc_start_main_impl
(main=0x609d74 <_start+52>, argc=2, argv=0xfffffffff088, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=<optimized out>)
at ../csu/libc-start.c:360
#59 0x0000000000609d70 in _start ()
Reply to: