Xorg crashed with SIGABRT in memcpy() from NVRefreshArea()

StacktraceTop:
 memcpy (__len=4404, __src=0x7f9bf11dcdd8, __dest=0x7f9beab19388) at /usr/include/x86_64-linux-gnu/bits/string3.h:52
 NVRefreshArea (pScrn=0x7f9bf4fc8f50, num=<optimized out>, pbox=0x7fffaf9eec40) at ../../src/nv_shadow.c:56
 ShadowPolyFillRect (pDraw=0x7f9bf8ea16b0, pGC=0x7f9bf5007580, nRectsInit=2, pRectsInit=<optimized out>) at ../../../../hw/xfree86/shadowfb/shadow.c:1189
 miPaintWindow (pWin=<optimized out>, pWin@entry=0x7f9bf8ea16b0, prgn=prgn@entry=0x7f9bf8f007d0, what=what@entry=0) at ../../mi/miexpose.c:641
 miWindowExposures (pWin=0x7f9bf8ea16b0, prgn=0x7f9bf8f007d0, other_exposed=0x0) at ../../mi/miexpose.c:470

Status changed to 'Confirmed' because the bug affects multiple users.

it also affects me: Nvidia GT 640

It appears, when I start thunderbird. But it doesn't happen, when booting from LiveDVD.

This specific issue seems likely to be fixed upstream in the commit "shadowfb: fix segfault due to reading outside of shadow buffer"

Can you try to do a build with the attached debdiff to see if it fixes the problem?

The attachment "1.0.2-0ubuntu3+bug1056511~try1 debdiff" of this bug report has been identified as being a patch in the form of a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-sponsors team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

The upstream delta includes the following changes that don't have referenced bugs in launchpad or test cases:

  * Fix race condition in vblank
  * Fix prime rendering with kwin

Why are these appropriate to include in SRU without test cases?

(unsubscribing sponsors since it seems that the debdiff there is superseeded by a 1.0.3 update which got uploaded since)

The vblank corruption fix happens on triple buffering and is debian bug #686474 there. Since xserver 1.12+ has enabled triple buffering by default, and nouveau on ubuntu always enables vblank, I was hoping to include it there. I can't reproduce the corruption since vblank is not enabled on fermi cards, and is pretty much random memory corruption in xserver.

I think the kwin fix can be reverted for now, it had a regression in virtualbox rendering which was fixed in another commit later.

This bug was fixed in the package xserver-xorg-video-nouveau - 1:1.0.4-0ubuntu1

---------------
xserver-xorg-video-nouveau (1:1.0.4-0ubuntu1) raring; urgency=low

  * Sync from unreleased debian experimental git.
  * Remaining differences:
    - Try to enable vblank if available (LP: #1019131)
      - 100-vblank-on.diff
 -- Maarten Lankhorst <email address hidden> Thu, 15 Nov 2012 11:02:38 +0100

Maarten thanks for the response re the two missing changes. Based on your feedback (that the kwin fix can be reverted) I'm rejecting the upload of 1:1.0.3-0ubuntu0.1

The next step is to upload again, minus the kwin fix, and with a bug reference in the changelog about the vblank. Since it seems untestable, just document that fact and recommend a test plan to verify vblank still works in said bug report.

Thanks for being patient and dilligent on this.

Another suferrer of this bug... Is there a chance of seeing a fix backported to Quantal?
Thank you for figuring this out!

~Dimo

I've re-uploaded it 2 weeks ago, I'm just waiting for it to get accepted into proposed

Hello martyfelker, or anyone else affected,

Accepted xserver-xorg-video-nouveau into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/xserver-xorg-video-nouveau/1:1.0.3-0ubuntu0.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Cannot do this. As stated I am running Saucy not Quantel.

On Wed, Sep 11, 2013 at 9:06 PM, Steve Langasek <
<email address hidden>> wrote:

> Hello martyfelker, or anyone else affected,
>
> Accepted xserver-xorg-video-nouveau into quantal-proposed. The package
> will build now and be available at http://launchpad.net/ubuntu/+source
> /xserver-xorg-video-nouveau/1:1.0.3-0ubuntu0.2 in a few hours, and then
> in the -proposed repository.
>
> Please help us by testing this new package. See
> https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
> enable and use -proposed. Your feedback will aid us getting this update
> out to other Ubuntu users.
>
> If this package fixes the bug for you, please add a comment to this bug,
> mentioning the version of the package you tested, and change the tag
> from verification-needed to verification-done. If it does not fix the
> bug for you, please add a comment stating that, and change the tag to
> verification-failed. In either case, details of your testing will help
> us make a better decision.
>
> Further information regarding the verification process can be found at
> https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
> advance!
>
>
> ** Changed in: xserver-xorg-video-nouveau (Ubuntu Quantal)
> Status: New => Fix Committed
>
> ** Tags added: verification-needed
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1056511
>
> Title:
> Xorg crashed with SIGABRT in memcpy() from NVRefreshArea()
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1056511/+subscriptions
>

tested again on my tv at a 1680x1050 resolution, seems to work.

This bug was fixed in the package xserver-xorg-video-nouveau - 1:1.0.3-0ubuntu0.2

---------------
xserver-xorg-video-nouveau (1:1.0.3-0ubuntu0.2) quantal-proposed; urgency=low

  * Revert kwin fix, it caused a regression.
    - 101-Revert-nouveau-dri2-fix-pixmap-window-offset-calcs.patch

xserver-xorg-video-nouveau (1:1.0.3-0ubuntu0.1) quantal-proposed; urgency=low

  [ Maarten Lankhorst ]
  * New upstream bugfix release
  * Fix SIBABRT in NVRefreshArea (LP: #1056511)
  * Fix race condition in vblank
  * Add solid fill acceleration (LP: #1010794)
  * Cleanup download/upload screen functions (LP: #1010794)
  * Fix prime rendering with kwin

xserver-xorg-video-nouveau (1:1.0.3-1) UNRELEASED; urgency=low

  [ Maarten Lankhorst ]
  * New upstream release.
  * Drop 02-drm-nouveau-newabi.patch and require libdrm 2.4.34

  [ Timo Aaltonen ]
  * watch: Use the .gz tarball, and update the url.
 -- Maarten Lankhorst <email address hidden> Thu, 28 Feb 2013 12:35:09 +0100

The verification of the Stable Release Update for xserver-xorg-video-nouveau has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.