[Bug 1056511] Re: Xorg crashed with SIGABRT in memcpy() from NVRefreshArea()
Maarten Lankhorst
maarten.lankhorst at canonical.com
Thu Oct 25 09:48:38 UTC 2012
** Description changed:
+ [IMPACT]
+ * When falling back to no acceleration, mostly on fermi geforces, a bigger buffer can be accelerated, which can segfault.
+
+ [TESTCASE]
+ * Boot with a GF119 and set resolution set to 1680x1050 with xrandr, then try to move some window past the end of the screen. This should cause a crash, or maybe the first part is already sufficient.
+
+ [Regression Potential]
+ The change is localized to NVRefreshArea, so unlikely to cause many regressions. However some other fixes are SRU'd too, so as a whole we should watch for any new bug reports with nouveau during the proposed stage.
+
+ [Other Info]
+ After I found the commit fixing the issue, it was very issue for me to reproduce based on how it fixes it. The bug only happens on specific resolutions due to how memory is managed.
+
+ [Original bug report]
Try to update Gnome in Ubuntu 12.10 (uptodate)
-
#9 0x00007f9bf13f0291 in memcpy (__len=4404, __src=0x7f9bf11dcdd8, __dest=0x7f9beab19388) at /usr/include/x86_64-linux-gnu/bits/string3.h:52
No locals.
#10 NVRefreshArea (pScrn=0x7f9bf4fc8f50, num=<optimized out>, pbox=0x7fffaf9eec40) at ../../src/nv_shadow.c:56
- pNv = 0x7f9bf4fc9a90
- x1 = 290
- y1 = 98
- x2 = 1391
- y2 = 1061
- width = 4404
- height = <optimized out>
- cpp = 4
- FBPitch = 6912
- max_height = <optimized out>
- src = 0x7f9bf11dcdd8 <Address 0x7f9bf11dcdd8 out of bounds>
- dst = 0x7f9beab19388 <Address 0x7f9beab19388 out of bounds>
+ pNv = 0x7f9bf4fc9a90
+ x1 = 290
+ y1 = 98
+ x2 = 1391
+ y2 = 1061
+ width = 4404
+ height = <optimized out>
+ cpp = 4
+ FBPitch = 6912
+ max_height = <optimized out>
+ src = 0x7f9bf11dcdd8 <Address 0x7f9bf11dcdd8 out of bounds>
+ dst = 0x7f9beab19388 <Address 0x7f9beab19388 out of bounds>
#11 0x00007f9bf03622e1 in ShadowPolyFillRect (pDraw=0x7f9bf8ea16b0, pGC=0x7f9bf5007580, nRectsInit=2, pRectsInit=<optimized out>) at ../../../../hw/xfree86/shadowfb/shadow.c:1189
- box = {x1 = 290, y1 = 98, x2 = 1391, y2 = 1078}
- boxNotEmpty = 1
- pRects = <optimized out>
- nRects = <optimized out>
- pPriv = 0x7f9bf4fc56d0
- pGCPriv = 0x7f9bf5007630
- oldFuncs = 0x7f9bf05681c0
+ box = {x1 = 290, y1 = 98, x2 = 1391, y2 = 1078}
+ boxNotEmpty = 1
+ pRects = <optimized out>
+ nRects = <optimized out>
+ pPriv = 0x7f9bf4fc56d0
+ pGCPriv = 0x7f9bf5007630
+ oldFuncs = 0x7f9bf05681c0
ProblemType: Crash
DistroRelease: Ubuntu 12.10
Package: xserver-xorg-core 2:1.13.0-0ubuntu4
ProcVersionSignature: hostname 3.5.0-15.23-generic 3.5.4
Uname: Linux 3.5.0-15-generic x86_64
.tmp.unity.support.test.1:
ApportVersion: 2.5.2-0ubuntu4
Architecture: amd64
CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins'
CompositorRunning: None
Date: Sat Sep 22 20:38:24 2012
DistUpgraded: Fresh install
DistroCodename: quantal
DistroVariant: ubuntu
ExecutablePath: /usr/bin/Xorg
ExtraDebuggingInterest: Yes
GraphicsCard:
NVIDIA Corporation GF119 [GeForce GT 520] [10de:1040] (rev a1) (prog-if 00 [VGA controller])
Subsystem: XFX Pine Group Inc. Device [1682:301a]
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Alpha amd64 (20120909)
MachineType: To be filled by O.E.M. To be filled by O.E.M.
ProcCmdline: /usr/bin/X :0 vt7 -br -nolisten tcp -auth /var/run/xauth/A:0-XhOtgb
ProcEnviron:
TERM=linux
PATH=(custom, no user)
LANG=en_US.UTF-8
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.5.0-15-generic root=/dev/mapper/Linux-hostname ro
Signal: 6
SourcePackage: xorg-server
StacktraceTop:
?? () from /usr/lib/xorg/modules/drivers/nouveau_drv.so
?? () from /usr/lib/xorg/modules/libshadowfb.so
miPaintWindow ()
miWindowExposures ()
miHandleValidateExposures ()
Title: Xorg crashed with SIGABRT in miPaintWindow()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:
dmi.bios.date: 04/18/2012
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 1208
dmi.board.asset.tag: To be filled by O.E.M.
dmi.board.name: M5A97
dmi.board.vendor: ASUSTeK COMPUTER INC.
dmi.board.version: Rev 1.xx
dmi.chassis.asset.tag: To Be Filled By O.E.M.
dmi.chassis.type: 3
dmi.chassis.vendor: To Be Filled By O.E.M.
dmi.chassis.version: To Be Filled By O.E.M.
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr1208:bd04/18/2012:svnTobefilledbyO.E.M.:pnTobefilledbyO.E.M.:pvrTobefilledbyO.E.M.:rvnASUSTeKCOMPUTERINC.:rnM5A97:rvrRev1.xx:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.:
dmi.product.name: To be filled by O.E.M.
dmi.product.version: To be filled by O.E.M.
dmi.sys.vendor: To be filled by O.E.M.
version.compiz: compiz 1:0.9.8.2+bzr3377-0ubuntu1
version.ia32-libs: ia32-libs N/A
version.libdrm2: libdrm2 2.4.39-0ubuntu1
version.libgl1-mesa-dri: libgl1-mesa-dri 9.0~git20120917.7cfd42ce-0ubuntu3
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 9.0~git20120917.7cfd42ce-0ubuntu3
version.xserver-xorg-core: xserver-xorg-core 2:1.13.0-0ubuntu4
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.7.3-0ubuntu1
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:6.99.99~git20120913.8637f772-0ubuntu1
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.20.8-0ubuntu1
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.2-0ubuntu1
** Changed in: xorg-server (Ubuntu)
Status: In Progress => Won't Fix
** Changed in: xorg-server (Ubuntu)
Status: Won't Fix => Fix Committed
** Changed in: xserver-xorg-video-nouveau (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1056511
Title:
Xorg crashed with SIGABRT in memcpy() from NVRefreshArea()
Status in “xorg-server” package in Ubuntu:
Fix Committed
Status in “xserver-xorg-video-nouveau” package in Ubuntu:
Fix Committed
Bug description:
[IMPACT]
* When falling back to no acceleration, mostly on fermi geforces, a bigger buffer can be accelerated, which can segfault.
[TESTCASE]
* Boot with a GF119 and set resolution set to 1680x1050 with xrandr, then try to move some window past the end of the screen. This should cause a crash, or maybe the first part is already sufficient.
[Regression Potential]
The change is localized to NVRefreshArea, so unlikely to cause many regressions. However some other fixes are SRU'd too, so as a whole we should watch for any new bug reports with nouveau during the proposed stage.
[Other Info]
After I found the commit fixing the issue, it was very issue for me to reproduce based on how it fixes it. The bug only happens on specific resolutions due to how memory is managed.
[Original bug report]
Try to update Gnome in Ubuntu 12.10 (uptodate)
#9 0x00007f9bf13f0291 in memcpy (__len=4404, __src=0x7f9bf11dcdd8, __dest=0x7f9beab19388) at /usr/include/x86_64-linux-gnu/bits/string3.h:52
No locals.
#10 NVRefreshArea (pScrn=0x7f9bf4fc8f50, num=<optimized out>, pbox=0x7fffaf9eec40) at ../../src/nv_shadow.c:56
pNv = 0x7f9bf4fc9a90
x1 = 290
y1 = 98
x2 = 1391
y2 = 1061
width = 4404
height = <optimized out>
cpp = 4
FBPitch = 6912
max_height = <optimized out>
src = 0x7f9bf11dcdd8 <Address 0x7f9bf11dcdd8 out of bounds>
dst = 0x7f9beab19388 <Address 0x7f9beab19388 out of bounds>
#11 0x00007f9bf03622e1 in ShadowPolyFillRect (pDraw=0x7f9bf8ea16b0, pGC=0x7f9bf5007580, nRectsInit=2, pRectsInit=<optimized out>) at ../../../../hw/xfree86/shadowfb/shadow.c:1189
box = {x1 = 290, y1 = 98, x2 = 1391, y2 = 1078}
boxNotEmpty = 1
pRects = <optimized out>
nRects = <optimized out>
pPriv = 0x7f9bf4fc56d0
pGCPriv = 0x7f9bf5007630
oldFuncs = 0x7f9bf05681c0
ProblemType: Crash
DistroRelease: Ubuntu 12.10
Package: xserver-xorg-core 2:1.13.0-0ubuntu4
ProcVersionSignature: hostname 3.5.0-15.23-generic 3.5.4
Uname: Linux 3.5.0-15-generic x86_64
.tmp.unity.support.test.1:
ApportVersion: 2.5.2-0ubuntu4
Architecture: amd64
CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins'
CompositorRunning: None
Date: Sat Sep 22 20:38:24 2012
DistUpgraded: Fresh install
DistroCodename: quantal
DistroVariant: ubuntu
ExecutablePath: /usr/bin/Xorg
ExtraDebuggingInterest: Yes
GraphicsCard:
NVIDIA Corporation GF119 [GeForce GT 520] [10de:1040] (rev a1) (prog-if 00 [VGA controller])
Subsystem: XFX Pine Group Inc. Device [1682:301a]
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Alpha amd64 (20120909)
MachineType: To be filled by O.E.M. To be filled by O.E.M.
ProcCmdline: /usr/bin/X :0 vt7 -br -nolisten tcp -auth /var/run/xauth/A:0-XhOtgb
ProcEnviron:
TERM=linux
PATH=(custom, no user)
LANG=en_US.UTF-8
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.5.0-15-generic root=/dev/mapper/Linux-hostname ro
Signal: 6
SourcePackage: xorg-server
StacktraceTop:
?? () from /usr/lib/xorg/modules/drivers/nouveau_drv.so
?? () from /usr/lib/xorg/modules/libshadowfb.so
miPaintWindow ()
miWindowExposures ()
miHandleValidateExposures ()
Title: Xorg crashed with SIGABRT in miPaintWindow()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:
dmi.bios.date: 04/18/2012
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 1208
dmi.board.asset.tag: To be filled by O.E.M.
dmi.board.name: M5A97
dmi.board.vendor: ASUSTeK COMPUTER INC.
dmi.board.version: Rev 1.xx
dmi.chassis.asset.tag: To Be Filled By O.E.M.
dmi.chassis.type: 3
dmi.chassis.vendor: To Be Filled By O.E.M.
dmi.chassis.version: To Be Filled By O.E.M.
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr1208:bd04/18/2012:svnTobefilledbyO.E.M.:pnTobefilledbyO.E.M.:pvrTobefilledbyO.E.M.:rvnASUSTeKCOMPUTERINC.:rnM5A97:rvrRev1.xx:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.:
dmi.product.name: To be filled by O.E.M.
dmi.product.version: To be filled by O.E.M.
dmi.sys.vendor: To be filled by O.E.M.
version.compiz: compiz 1:0.9.8.2+bzr3377-0ubuntu1
version.ia32-libs: ia32-libs N/A
version.libdrm2: libdrm2 2.4.39-0ubuntu1
version.libgl1-mesa-dri: libgl1-mesa-dri 9.0~git20120917.7cfd42ce-0ubuntu3
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 9.0~git20120917.7cfd42ce-0ubuntu3
version.xserver-xorg-core: xserver-xorg-core 2:1.13.0-0ubuntu4
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.7.3-0ubuntu1
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:6.99.99~git20120913.8637f772-0ubuntu1
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.20.8-0ubuntu1
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.2-0ubuntu1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1056511/+subscriptions
More information about the Ubuntu-sponsors
mailing list