Bug 55832

Summary: xf86-video-nouveau-1.0.2 - Xorg crashes once a week : segmentation fault in NVRefreshArea
Product: xorg Reporter: Juergen Rose <rose>
Component: Driver/nouveauAssignee: Nouveau Project <nouveau>
Status: RESOLVED INVALID QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: medium CC: lawrence.sowers
Version: 7.4 (2008.09)   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Juergen Rose 2012-10-10 10:01:37 UTC 
About once in a week the X server is crashing at a system with a GeForce GT 520 due to segmentation fault, see also Gentoo bug at https://bugs.gentoo.org/show_bug.cgi?id=437282. 

I tried to debug the xorg-drivers corresponding http://www.x.org/wiki/Development/Documentation/ServerDebugging, i.e. I recompiled xf86-video-nouveau xf86-video-modesetting xorg-drivers xorg-server xorg-x11 with the debugging option (CFLAGS="-march=native -O2 -ggdb"). I attached the debugger to /usr/bin/Xorg and got the following output:

root@leopard:/root(4)# gdb /usr/bin/Xorg $(pidof Xorg)
GNU gdb (Gentoo 7.5 p1) 7.5
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.gentoo.org/>...
Reading symbols from /usr/bin/Xorg...done.
Attaching to program: /usr/bin/Xorg, process 7210

warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
Reading symbols from /usr/lib64/libudev.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libudev.so.1
Reading symbols from /usr/lib64/libgcrypt.so.11...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libgcrypt.so.11
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /usr/lib64/libpciaccess.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libpciaccess.so.0
Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done.
[New LWP 7283]
[New LWP 7282]
[New LWP 7281]
[New LWP 7280]
[New LWP 7279]
[New LWP 7278]
[New LWP 7277]
[New LWP 7276]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Loaded symbols for /lib64/libpthread.so.0
Reading symbols from /usr/lib64/libdrm.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libdrm.so.2
Reading symbols from /usr/lib64/libpixman-1.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libpixman-1.so.0
Reading symbols from /usr/lib64/libXfont.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libXfont.so.1
...
Reading symbols from /usr/lib64/xorg/modules/extensions/libglx.so...done.
Loaded symbols for /usr/lib64/xorg/modules/extensions/libglx.so
Reading symbols from /usr/lib64/xorg/modules/drivers/nouveau_drv.so...done.
Loaded symbols for /usr/lib64/xorg/modules/drivers/nouveau_drv.so
Reading symbols from /usr/lib64/libdrm_nouveau.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libdrm_nouveau.so.2
Reading symbols from /usr/lib64/xorg/modules/libfb.so...done.
Loaded symbols for /usr/lib64/xorg/modules/libfb.so
Reading symbols from /usr/lib64/xorg/modules/libexa.so...done.
Loaded symbols for /usr/lib64/xorg/modules/libexa.so
Reading symbols from /usr/lib64/xorg/modules/libshadowfb.so...done.
Loaded symbols for /usr/lib64/xorg/modules/libshadowfb.so
Reading symbols from /usr/lib64/dri/swrast_dri.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/dri/swrast_dri.so
...
Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libnss_files.so.2
0x00007f1f92f4a0e3 in select () from /lib64/libc.so.6
(gdb) cont
Continuing.


After one day of working I see in the debugger window:

...
(gdb) cont
Continuing.


Program received signal SIGSEGV, Segmentation fault.
NVRefreshArea (pScrn=0x10c4420, num=<optimized out>, pbox=<optimized out>) at /usr/include/bits/string3.h:52
52        return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));


(gdb) bt f
#0  NVRefreshArea (pScrn=0x10c4420, num=<optimized out>, pbox=<optimized out>) at /usr/include/bits/string3.h:52
        pNv = 0x10c49a0
        x1 = <optimized out>
        y1 = <optimized out>
        x2 = <optimized out>
        y2 = <optimized out>
        width = 1340
        height = <optimized out>
        cpp = 4
        FBPitch = 7680
        max_height = 1211
        src = <optimized out>
        dst = <optimized out>
\#1  0x00007f1f91019f5a in ShadowCopyArea (pSrc=0x3c39750, pDst=0x3f65130, pGC=0x14fe0b0, srcx=<optimized out>, srcy=<optimized out>, 
    width=<optimized out>, height=75, dstx=0, dsty=0)
    at /var/tmp/portage/x11-base/xorg-server-1.13.0/work/xorg-server-1.13.0/hw/xfree86/shadowfb/shadow.c:618
        ret = <optimized out>
        box = {x1 = 1585, y1 = 1136, x2 = 2225, y2 = 1211}
        boxNotEmpty = 1
        pPriv = 0x10cd450
        pGCPriv = 0x14fe160
        oldFuncs = 0x7f1f9121e1c0 <ShadowGCFuncs>
#2  0x0000000000436f43 in ProcCopyArea (client=0x147b480)
    at /var/tmp/portage/x11-base/xorg-server-1.13.0/work/xorg-server-1.13.0/dix/dispatch.c:1622
        pDst = 0x3f65130
        pSrc = 0x3c39750
        pGC = 0x14fe0b0
        stuff = 0x3f416d8
        pRgn = <optimized out>
        rc = <optimized out>
#3  0x000000000043aee1 in Dispatch () at /var/tmp/portage/x11-base/xorg-server-1.13.0/work/xorg-server-1.13.0/dix/dispatch.c:428
        clientReady = 0x13f60b0
        result = <optimized out>
        client = 0x147b480
        nready = 0
        icheck = 0x819eb0 <checkForInput>
        start_tick = 6080
#4  0x0000000000429b14 in main (argc=9, argv=<optimized out>, envp=<optimized out>)
    at /var/tmp/portage/x11-base/xorg-server-1.13.0/work/xorg-server-1.13.0/dix/main.c:295
        i = <optimized out>
        alwaysCheckForInput = {0, 1}

(gdb) cont
Continuing.

Program received signal SIGABRT, Aborted.
0x00007f1f92e9db65 in raise () from /lib64/libc.so.6


In Xorg.0.log I find:


rose@leopard:/home/rose(9)$ tail -n45 /var/log/Xorg.0.log.old 
[ 88071.660] (II) NOUVEAU(0): Modeline "1280x960"x0.0  108.00  1280 1376 1488 1800  960 961 964 1000 +hsync +vsync (60.0 kHz e)
[ 88455.794] (EE) 
[ 88455.794] (EE) Backtrace:
[ 88455.816] (EE) 0: /usr/bin/Xorg (xorg_backtrace+0x34) [0x5954f4]
[ 88455.816] (EE) 1: /usr/bin/Xorg (0x400000+0x1992f9) [0x5992f9]
[ 88455.816] (EE) 2: /lib64/libpthread.so.0 (0x7f1f941ec000+0x10bf0) [0x7f1f941fcbf0]
[ 88455.816] (EE) 3: /usr/lib64/xorg/modules/drivers/nouveau_drv.so (0x7f1f91cde000+0x10cf8) [0x7f1f91ceecf8]
[ 88455.816] (EE) 4: /usr/lib64/xorg/modules/libshadowfb.so (0x7f1f91016000+0x3f5a) [0x7f1f91019f5a]
[ 88455.816] (EE) 5: /usr/bin/Xorg (0x400000+0x36f43) [0x436f43]
[ 88455.816] (EE) 6: /usr/bin/Xorg (0x400000+0x3aee1) [0x43aee1]
[ 88455.816] (EE) 7: /usr/bin/Xorg (0x400000+0x29b14) [0x429b14]
[ 88455.816] (EE) 8: /lib64/libc.so.6 (__libc_start_main+0xed) [0x7f1f92e8a60d]
[ 88455.816] (EE) 9: /usr/bin/Xorg (0x400000+0x29e5d) [0x429e5d]
[ 88455.816] (EE) 
[ 88455.816] (EE) Segmentation fault at address 0x7f1f9101e0d4
[ 88455.816] 
Fatal server error:
[ 88455.816] Caught signal 11 (Segmentation fault). Server aborting
[ 88455.816] 
[ 88455.816] (EE) 
Please consult the The X.Org Foundation support 
         at http://wiki.x.org
 for help. 
[ 88455.816] (EE) Please also check the log file at "/var/log/Xorg.0.log" for additional information.
[ 88455.816] (EE) 
[ 88455.841] (II) evdev: Power Button: Close
[ 88455.841] (II) UnloadModule: "evdev"
[ 88455.857] (II) evdev: Power Button: Close
[ 88455.857] (II) UnloadModule: "evdev"
[ 88455.873] (II) evdev: Microsoft Wired Keyboard 600: Close
[ 88455.873] (II) UnloadModule: "evdev"
[ 88455.889] (II) evdev: Microsoft Wired Keyboard 600: Close
[ 88455.889] (II) UnloadModule: "evdev"
[ 88455.905] (II) evdev: Microsoft Wired Keyboard 600: Close
[ 88455.905] (II) UnloadModule: "evdev"
[ 88455.921] (II) evdev: HID 046a:0023: Close
[ 88455.921] (II) UnloadModule: "evdev"
[ 88455.937] (II) evdev: HID 046a:0023: Close
[ 88455.937] (II) UnloadModule: "evdev"
[ 88455.953] (II) evdev: Logitech USB-PS/2 Optical Mouse: Close
[ 88455.953] (II) UnloadModule: "evdev"
[ 88455.969] (II) evdev: Logitech USB-PS/2 Optical Mouse: Close
[ 88455.969] (II) UnloadModule: "evdev"
[ 88455.970] (II) NOUVEAU(0): NVLeaveVT is called.
[ 88456.005] Server terminated with error (1). Closing log file.





root@leopard:/usr/src(18)# lspci -v -s 01:00.0
01:00.0 VGA compatible controller: NVIDIA Corporation GF119 [GeForce GT 520] (rev a1) (prog-if 00 [VGA controller])
        Subsystem: ASUSTeK Computer Inc. Device 83c1
        Flags: bus master, fast devsel, latency 0, IRQ 16
        Memory at fa000000 (32-bit, non-prefetchable) [size=16M]
        Memory at f0000000 (64-bit, prefetchable) [size=128M]
        Memory at f8000000 (64-bit, prefetchable) [size=32M]
        I/O ports at e000 [size=128]
        Expansion ROM at fb000000 [disabled] [size=512K]
        Capabilities: [60] Power Management version 3
        Capabilities: [68] MSI: Enable- Count=1/1 Maskable- 64bit+
        Capabilities: [78] Express Endpoint, MSI 00
        Capabilities: [b4] Vendor Specific Information: Len=14 <?>
        Capabilities: [100] Virtual Channel
        Capabilities: [128] Power Budgeting <?>
        Capabilities: [600] Vendor Specific Information: ID=0001 Rev=1 Len=024 <?>
        Kernel driver in use: nouveau



The following xorg-nouveau related packages are now installed:

x11-drivers/xf86-video-nouveau-1.0.2
root@leopard:/root(3)# qlist -Iv xorg
x11-base/xorg-drivers-1.13
x11-base/xorg-server-1.13.0
x11-base/xorg-x11-7.4-r2
x11-misc/xorg-cf-files-1.0.4


But I experience this issue already about six months, i.e, starting with xf86-video-nouveau-0.0.16_pre20120322 and xorg-server-1.12.0-r1.
Comment 1 Marcin Slusarz 2012-10-15 17:48:19 UTC 
Please attach full kernel and xserver logs as described here: http://nouveau.freedesktop.org/wiki/Bugs#HowToReport

And next time it will crash, "print" (gdb command) as many variables from: http://cgit.freedesktop.org/nouveau/xf86-video-nouveau/tree/src/nv_shadow.c#n32
as possible, in particular pNv->scanout->map.
Comment 3 Ilia Mirkin 2013-08-24 19:01:04 UTC 
Please re-test this with the latest software (kernel, xf86-video-nouveau).
Comment 4 Ilia Mirkin 2013-09-26 23:16:52 UTC 
No response to re-test request in over a month. Closing as invalid.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.