Xorg crashed with SIGABRT in memcpy() from NVRefreshArea()
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xserver-xorg-video-nouveau (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[IMPACT]
* When falling back to no acceleration, mostly on fermi geforces, a bigger buffer can be accelerated, which can segfault.
[TESTCASE]
* Boot with a GF119 and set resolution set to 1680x1050 with xrandr, then try to move some window past the end of the screen. This should cause a crash, or maybe the first part is already sufficient.
[Regression Potential]
The change is localized to NVRefreshArea, so unlikely to cause many regressions. However some other fixes are SRU'd too, so as a whole we should watch for any new bug reports with nouveau during the proposed stage.
[Other Info]
After I found the commit fixing the issue, it was very issue for me to reproduce based on how it fixes it. The bug only happens on specific resolutions due to how memory is managed.
[Original bug report]
Try to update Gnome in Ubuntu 12.10 (uptodate)
#9 0x00007f9bf13f0291 in memcpy (__len=4404, __src=0x7f9bf11
No locals.
#10 NVRefreshArea (pScrn=
pNv = 0x7f9bf4fc9a90
x1 = 290
y1 = 98
x2 = 1391
y2 = 1061
width = 4404
height = <optimized out>
cpp = 4
FBPitch = 6912
max_height = <optimized out>
src = 0x7f9bf11dcdd8 <Address 0x7f9bf11dcdd8 out of bounds>
dst = 0x7f9beab19388 <Address 0x7f9beab19388 out of bounds>
#11 0x00007f9bf03622e1 in ShadowPolyFillRect (pDraw=
box = {x1 = 290, y1 = 98, x2 = 1391, y2 = 1078}
boxNotEmpty = 1
pRects = <optimized out>
nRects = <optimized out>
pPriv = 0x7f9bf4fc56d0
pGCPriv = 0x7f9bf5007630
oldFuncs = 0x7f9bf05681c0
ProblemType: Crash
DistroRelease: Ubuntu 12.10
Package: xserver-xorg-core 2:1.13.0-0ubuntu4
ProcVersionSign
Uname: Linux 3.5.0-15-generic x86_64
.tmp.unity.
ApportVersion: 2.5.2-0ubuntu4
Architecture: amd64
CompizPlugins: No value set for `/apps/
CompositorRunning: None
Date: Sat Sep 22 20:38:24 2012
DistUpgraded: Fresh install
DistroCodename: quantal
DistroVariant: ubuntu
ExecutablePath: /usr/bin/Xorg
ExtraDebuggingI
GraphicsCard:
NVIDIA Corporation GF119 [GeForce GT 520] [10de:1040] (rev a1) (prog-if 00 [VGA controller])
Subsystem: XFX Pine Group Inc. Device [1682:301a]
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Alpha amd64 (20120909)
MachineType: To be filled by O.E.M. To be filled by O.E.M.
ProcCmdline: /usr/bin/X :0 vt7 -br -nolisten tcp -auth /var/run/
ProcEnviron:
TERM=linux
PATH=(custom, no user)
LANG=en_US.UTF-8
ProcKernelCmdLine: BOOT_IMAGE=
Signal: 6
SourcePackage: xorg-server
StacktraceTop:
?? () from /usr/lib/
?? () from /usr/lib/
miPaintWindow ()
miWindowExposures ()
miHandleValida
Title: Xorg crashed with SIGABRT in miPaintWindow()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:
dmi.bios.date: 04/18/2012
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 1208
dmi.board.
dmi.board.name: M5A97
dmi.board.vendor: ASUSTeK COMPUTER INC.
dmi.board.version: Rev 1.xx
dmi.chassis.
dmi.chassis.type: 3
dmi.chassis.vendor: To Be Filled By O.E.M.
dmi.chassis.
dmi.modalias: dmi:bvnAmerican
dmi.product.name: To be filled by O.E.M.
dmi.product.
dmi.sys.vendor: To be filled by O.E.M.
version.compiz: compiz 1:0.9.8.
version.ia32-libs: ia32-libs N/A
version.libdrm2: libdrm2 2.4.39-0ubuntu1
version.
version.
version.
version.
version.
version.
version.
version.
summary: |
- Xorg crashed with SIGABRT in memcpy() + Xorg crashed with SIGABRT in memcpy() from NVRefreshArea() |
description: | updated |
Changed in xorg-server (Ubuntu): | |
importance: | Medium → High |
visibility: | private → public |
Changed in xorg-server (Ubuntu): | |
assignee: | nobody → Maarten Lankhorst (mlankhorst) |
description: | updated |
Changed in xorg-server (Ubuntu): | |
status: | In Progress → Won't Fix |
status: | Won't Fix → Fix Committed |
Changed in xserver-xorg-video-nouveau (Ubuntu): | |
status: | New → Fix Committed |
no longer affects: | xorg-server (Ubuntu Quantal) |
no longer affects: | xorg-server (Ubuntu) |
StacktraceTop: dcdd8, __dest= 0x7f9beab19388) at /usr/include/ x86_64- linux-gnu/ bits/string3. h:52 0x7f9bf4fc8f50, num=<optimized out>, pbox=0x7fffaf9e ec40) at ../../src/ nv_shadow. c:56 0x7f9bf8ea16b0, pGC=0x7f9bf5007580, nRectsInit=2, pRectsInit= <optimized out>) at ../../. ./../hw/ xfree86/ shadowfb/ shadow. c:1189 0x7f9bf8ea16b0, prgn=prgn@ entry=0x7f9bf8f 007d0, what=what@entry=0) at ../../mi/ miexpose. c:641 a16b0, prgn=0x7f9bf8f0 07d0, other_exposed=0x0) at ../../mi/ miexpose. c:470
memcpy (__len=4404, __src=0x7f9bf11
NVRefreshArea (pScrn=
ShadowPolyFillRect (pDraw=
miPaintWindow (pWin=<optimized out>, pWin@entry=
miWindowExposures (pWin=0x7f9bf8e