Bug#1033222: libgl1-mesa-dri: Segmentation fault with nouveau_dri.so

[Bernhard Übelacker]

On Mon, 20 Mar 2023 11:34:43 +0100 Christophe Lohr 
<christophe.l...@cegetel.net> wrote:

Package: libgl1-mesa-dri
Version: 22.3.3-1
Severity: normal
X-Debbugs-Cc: christophe.l...@cegetel.net

Dear Maintainer,
  Xorg is carshing with a segfault:

(EE) Backtrace:
(EE) 0: /usr/lib/xorg/Xorg (OsLookupColor+0x139) [0x55c365ce4cf9]
(EE) 1: /lib/x86_64-linux-gnu/libc.so.6 (__sigaction+0x40) [0x7f00ef25af90]
(EE) 2: /usr/lib/x86_64-linux-gnu/dri/nouveau_dri.so 
(nouveau_drm_screen_create+0x4406c) [0x7f00ed75999c]
(EE) 3: /usr/lib/x86_64-linux-gnu/dri/nouveau_dri.so 
(nouveau_drm_screen_create+0x1e4c9) [0x7f00ed733df9]
(EE) 4: /usr/lib/x86_64-linux-gnu/dri/nouveau_dri.so 
(nouveau_drm_screen_create+0x266) [0x7f00ed715b96]
(EE) unw_get_proc_name failed: no unwind info found [-10]
../..
Fatal server error:
(EE) Caught signal 11 (Segmentation fault). Server aborting
(EE)

Hello,
tried to get some symbols for the given backtrace.


2:   0x00007ffff6b5999c <nouveau_screen_fini+76>: mov    0x20(%rax),%rdi
   in nouveau_pushbuf_destroy at 
../src/gallium/drivers/nouveau/nouveau_screen.c:244

3:    0x00007ffff6b33df4 <nvc0_screen_destroy+260>:        call   0x7ffff6b59950 
<nouveau_screen_fini>
   in nvc0_screen_destroy at 
../src/gallium/drivers/nouveau/nvc0/nvc0_screen.c:740

4:    0x00007ffff6b15b93 <nouveau_drm_screen_create+611>:  call   *0x10(%rax)
   in nouveau_drm_screen_create at 
../src/gallium/winsys/nouveau/drm/nouveau_drm_winsys.c:133


An internet search leads to:
  https://docs.mesa3d.org/relnotes/22.3.7.html
Sam Edwards (1):
    nouveau: Fix null dereference in nouveau_pushbuf_destroy


So this looks exactly like the place of above frame 2,
and the issue might be fixed by this commit:
  
https://gitlab.freedesktop.org/mesa/mesa/-/commit/4585f21de47af5e2b1a018a052ac0aaf5f1f3ac5
  
https://gitlab.freedesktop.org/italove/mesa/-/commit/9de997bde67df43a9e10a05f9b48419ee4cfec25
  https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/21611


Unfortunately stable/bookworm seems to just have received mesa 22.3.6:
  
https://sources.debian.org/src/mesa/22.3.6-1%2Bdeb12u1/src/gallium/drivers/nouveau/nouveau_screen.c/#L244

A workaround might be to locally rebuild mesa with this patch applied.
And testing/trixie might no longer be affected with a mesa version above 22.3.7.

Kind regards,
Bernhard
# 2024-03-26 Debian stable/bookworm qemu x86_64 VM


apt install libgl1-mesa-dri gdb coreutils-dbgsym


wget 
https://snapshot.debian.org/archive/debian/20230113T215719Z/pool/main/m/mesa/libgl1-mesa-dri_22.3.3-1_amd64.deb
wget 
https://snapshot.debian.org/archive/debian/20230113T215719Z/pool/main/m/mesa/libglapi-mesa_22.3.3-1_amd64.deb
wget 
https://snapshot.debian.org/archive/debian-debug/20230113T151646Z/pool/main/m/mesa/libglapi-mesa-dbgsym_22.3.3-1_amd64.deb
dpkg -i *22.3.3*


gdb -q --args /bin/true
set pagination off
set width 0
set environment LD_DEBUG = libs
tb main
run
call dlopen("/usr/lib/x86_64-linux-gnu/dri/nouveau_dri.so",0x101)
disassemble 
nouveau_drm_screen_create+0x266-20,nouveau_drm_screen_create+0x266+20
b *nouveau_drm_screen_create+611
disassemble 
nouveau_drm_screen_create+0x1e4c9-20,nouveau_drm_screen_create+0x1e4c9+20
b* 0x00007ffff6b33df4
disassemble 
nouveau_drm_screen_create+0x4406c-20,nouveau_drm_screen_create+0x4406c+20
b *0x00007ffff6b5999c
info b