Actually I think even without the detailed hw logs this issue is clear enough we can go ahead with the SRU.
** Description changed: - Binary package hint: xserver-xorg-video-intel - + [Impact] + On certain affected hardware, results in X server crash when looking at certain kinds of large images. + + [Development Solution] + Upstream fixed this bug in the 2.13.x version of -intel that we are shipping in natty. + + [Stable Solution] + The attached patch is a cherrypick from the upstream tree that applies to the 2.12.x version of -intel in maverick. This patch is also the listed solution on the upstream bug report. + + [Test Case] + On affected hardware, disable font antialiasing and load http://launchpadlibrarian.net/29956668/crash.html in firefox. + This will cause a segfault of the X server. + + The fix will prevent this segfault from occuring, and instead firefox + will display the words "GOODBYE WORLD!" + + [Regression Potential] + Essentially none. This changes what happens when the uxa_pixmap_is_offscreen() call returns False. Before, it would fail the assertion test and terminate the X server. Pretty much any other behavior besides that is going to be an improvement! + + That said, there are two subsequent commits on top of this one (which is + why the patch in the description of this bug is different than that + proposed). Near as I can tell these address other unrelated issues and + so I'm omitting them for now. It is conceivable though that this patch + provides an incomplete solution and those other patches should be + backported too. But one step at a time; if this patch alone is + sufficient to solve the issue it is the least risk way to go. + + [Original Report] Problem: - If I disable font antialiasing and attempt to access - http://launchpadlibrarian.net/29956668/crash.html in firefox my xserver aborts. This should not happen. The webpage should simply display the words "GOODBYE WORLD!" in very large text. + If I disable font antialiasing and attempt to access + http://launchpadlibrarian.net/29956668/crash.html in firefox my xserver aborts. This should not happen. The webpage should simply display the words "GOODBYE WORLD!" in very large text. Note: text does not need to be very large. For example http://joe- editor.sourceforge.net/ also triggers the bug. Description: Ubuntu 10.10 Release: 10.10 xserver-xorg-video-intel: - Installed: 2:2.12.0-1ubuntu5.1 - Candidate: 2:2.12.0-1ubuntu5.1 - Version table: - *** 2:2.12.0-1ubuntu5.1 0 - 500 http://gb.archive.ubuntu.com/ubuntu/ maverick-updates/main i386 Packages - 100 /var/lib/dpkg/status - 2:2.12.0-1ubuntu5 0 - 500 http://gb.archive.ubuntu.com/ubuntu/ maverick/main i386 Packages - + Installed: 2:2.12.0-1ubuntu5.1 + Candidate: 2:2.12.0-1ubuntu5.1 + Version table: + *** 2:2.12.0-1ubuntu5.1 0 + 500 http://gb.archive.ubuntu.com/ubuntu/ maverick-updates/main i386 Packages + 100 /var/lib/dpkg/status + 2:2.12.0-1ubuntu5 0 + 500 http://gb.archive.ubuntu.com/ubuntu/ maverick/main i386 Packages Backtrace: #0 0x00681416 in __kernel_vsyscall () No symbol table info available. #1 0x00298941 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 - resultvar = <value optimised out> - pid = 3960820 - selftid = 1949 + resultvar = <value optimised out> + pid = 3960820 + selftid = 1949 #2 0x0029be42 in abort () at abort.c:92 - act = {__sigaction_handler = {sa_handler = 0x468, - sa_sigaction = 0x468}, sa_mask = {__val = {3966032, 120, 3965888, - 3960820, 3965888, 108, 3212918176, 3010141, 198339232, 3960820, - 3960820, 109, 3212918376, 2944968, 198339336, 198339336, 108, - 198339232, 0, 4222451712, 198339336, 198339437, 198339336, - 198339336, 198339444, 198339636, 198339336, 198339636, 0, 0, 0, - 0}}, sa_flags = 0, sa_restorer = 0x4} - sigs = {__val = {32, 0 <repeats 31 times>}} + act = {__sigaction_handler = {sa_handler = 0x468, + sa_sigaction = 0x468}, sa_mask = {__val = {3966032, 120, 3965888, + 3960820, 3965888, 108, 3212918176, 3010141, 198339232, 3960820, + 3960820, 109, 3212918376, 2944968, 198339336, 198339336, 108, + 198339232, 0, 4222451712, 198339336, 198339437, 198339336, + 198339336, 198339444, 198339636, 198339336, 198339636, 0, 0, 0, + 0}}, sa_flags = 0, sa_restorer = 0x4} + sigs = {__val = {32, 0 <repeats 31 times>}} #3 0x002918e8 in __assert_fail ( - assertion=0x200098 "uxa_pixmap_is_offscreen(src_pixmap)", - file=0x200080 "../../uxa/uxa-glyphs.c", line=986, - function=0x200124 "uxa_glyphs_via_mask") at assert.c:81 - buf = 0xbd26c38 "X: ../../uxa/uxa-glyphs.c:986: uxa_glyphs_via_mask: Assertion `uxa_pixmap_is_offscreen(src_pixmap)' failed.\n" - #4 0x001ef988 in uxa_glyphs_via_mask (op=3 '\003', pSrc=0xbb11b58, - pDst=0xbb366a8, maskFormat=0xb2bb7f0, xSrc=8, ySrc=77, nlist=1, - list=0xbf814570, glyphs=0xbf814170) at ../../uxa/uxa-glyphs.c:986 - src_pixmap = 0xbd26440 - src_x = 0 - glyph = 0xbb34bb8 - src_y = 0 - priv = 0xbd26440 - screen = 0x9c01750 - mask = 0xbd26a48 - y = 52 - pixmap = 0xbd26938 - width = <value optimised out> - dst_off_x = 6 - dst_off_y = 25 - box = {x1 = 6, y1 = 25, x2 = 145, y2 = 93} - component_alpha = 0 - glyph_atlas = <value optimised out> - x = 2 - height = <value optimised out> - error = 0 - #5 uxa_glyphs (op=3 '\003', pSrc=0xbb11b58, pDst=0xbb366a8, - maskFormat=0xb2bb7f0, xSrc=8, ySrc=77, nlist=1, list=0xbf814570, - glyphs=0xbf814170) at ../../uxa/uxa-glyphs.c:1151 - screen = 0x9c01750 - uxa_screen = <value optimised out> - xDst = 2 - yDst = 198338872 - extents = {x1 = 0, y1 = 0, x2 = 0, y2 = 0} - width = 0 - height = 0 - ret = <value optimised out> - localDst = 0x8 - #6 0x08122ae9 in damageGlyphs (op=6 '\006', pSrc=0xbb11b58, pDst=0xbb366a8, - maskFormat=0xb2bb7f0, xSrc=<value optimised out>, - ySrc=<value optimised out>, nlist=1, list=0xbf814570, glyphs=0xbf814170) - at ../../../miext/damage/damage.c:718 - pScreen = <value optimised out> - #7 0x081bea90 in CompositeGlyphs (op=0 '\000', pSrc=0xbb11b58, - pDst=0xbb366a8, maskFormat=0xb2bb7f0, xSrc=<value optimised out>, - ySrc=<value optimised out>, nlist=1, lists=0xbf814570, glyphs=0xbf814170) - at ../../render/glyph.c:604 + assertion=0x200098 "uxa_pixmap_is_offscreen(src_pixmap)", + file=0x200080 "../../uxa/uxa-glyphs.c", line=986, + function=0x200124 "uxa_glyphs_via_mask") at assert.c:81 + buf = 0xbd26c38 "X: ../../uxa/uxa-glyphs.c:986: uxa_glyphs_via_mask: Assertion `uxa_pixmap_is_offscreen(src_pixmap)' failed.\n" + #4 0x001ef988 in uxa_glyphs_via_mask (op=3 '\003', pSrc=0xbb11b58, + pDst=0xbb366a8, maskFormat=0xb2bb7f0, xSrc=8, ySrc=77, nlist=1, + list=0xbf814570, glyphs=0xbf814170) at ../../uxa/uxa-glyphs.c:986 + src_pixmap = 0xbd26440 + src_x = 0 + glyph = 0xbb34bb8 + src_y = 0 + priv = 0xbd26440 + screen = 0x9c01750 + mask = 0xbd26a48 + y = 52 + pixmap = 0xbd26938 + width = <value optimised out> + dst_off_x = 6 + dst_off_y = 25 + box = {x1 = 6, y1 = 25, x2 = 145, y2 = 93} + component_alpha = 0 + glyph_atlas = <value optimised out> + x = 2 + height = <value optimised out> + error = 0 + #5 uxa_glyphs (op=3 '\003', pSrc=0xbb11b58, pDst=0xbb366a8, + maskFormat=0xb2bb7f0, xSrc=8, ySrc=77, nlist=1, list=0xbf814570, + glyphs=0xbf814170) at ../../uxa/uxa-glyphs.c:1151 + screen = 0x9c01750 + uxa_screen = <value optimised out> + xDst = 2 + yDst = 198338872 + extents = {x1 = 0, y1 = 0, x2 = 0, y2 = 0} + width = 0 + height = 0 + ret = <value optimised out> + localDst = 0x8 + #6 0x08122ae9 in damageGlyphs (op=6 '\006', pSrc=0xbb11b58, pDst=0xbb366a8, + maskFormat=0xb2bb7f0, xSrc=<value optimised out>, + ySrc=<value optimised out>, nlist=1, list=0xbf814570, glyphs=0xbf814170) + at ../../../miext/damage/damage.c:718 + pScreen = <value optimised out> + #7 0x081bea90 in CompositeGlyphs (op=0 '\000', pSrc=0xbb11b58, + pDst=0xbb366a8, maskFormat=0xb2bb7f0, xSrc=<value optimised out>, + ySrc=<value optimised out>, nlist=1, lists=0xbf814570, glyphs=0xbf814170) + at ../../render/glyph.c:604 No locals. #8 0x0811c463 in ProcRenderCompositeGlyphs (client=0xb62e338) - at ../../render/render.c:1435 - glyphSet = 0xb72e468 - pSrc = 0xbb11b58 - pDst = 0xbb366a8 - pFormat = 0xb2bb7f0 - listsLocal = {{xOff = 8, yOff = 77, len = 6 '\006', - format = 0xb2bb7f0}, {xOff = 0, yOff = 0, len = 0 '\000', - format = 0x0} <repeats 52 times>, {xOff = 24081, yOff = 2064, - len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0, - len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0, - len = 0 '\000', format = 0xb62e338}, {xOff = 0, yOff = 0, - len = 0 '\000', format = 0x0}, {xOff = 4084, yOff = 2079, - len = 8 '\b', format = 0xb303cf0}, {xOff = 18536, yOff = -16511, - len = 102 'f', format = 0x8202544}, {xOff = 0, yOff = 0, - len = 136 '\210', format = 0x0}, {xOff = 0, yOff = 0, - len = 0 '\000', format = 0x0}, {xOff = 14369, yOff = 2055, - len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0, - len = 244 '\364', format = 0xb62e338}, {xOff = 9536, yOff = 2080, - len = 184 '\270', format = 0x8104a2e}} - lists = 0xbf81457c - listsBase = 0xbf814570 - glyphsLocal = {0xbb34bb8, 0xb9f2868, 0xb78ace0, 0xbaf1088, 0xbaf1088, - 0xbaf1088, 0x0 <repeats 250 times>} - glyph = <value optimised out> - glyphs = 0xbf814188 - glyphsBase = 0xbf814170 - buffer = <value optimised out> - end = 0xba105b0 "\225\021\003" - nglyph = -1082048120 - nlist = 1 - space = <value optimised out> - size = <value optimised out> - rc = <value optimised out> + at ../../render/render.c:1435 + glyphSet = 0xb72e468 + pSrc = 0xbb11b58 + pDst = 0xbb366a8 + pFormat = 0xb2bb7f0 + listsLocal = {{xOff = 8, yOff = 77, len = 6 '\006', + format = 0xb2bb7f0}, {xOff = 0, yOff = 0, len = 0 '\000', + format = 0x0} <repeats 52 times>, {xOff = 24081, yOff = 2064, + len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0, + len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0, + len = 0 '\000', format = 0xb62e338}, {xOff = 0, yOff = 0, + len = 0 '\000', format = 0x0}, {xOff = 4084, yOff = 2079, + len = 8 '\b', format = 0xb303cf0}, {xOff = 18536, yOff = -16511, + len = 102 'f', format = 0x8202544}, {xOff = 0, yOff = 0, + len = 136 '\210', format = 0x0}, {xOff = 0, yOff = 0, + len = 0 '\000', format = 0x0}, {xOff = 14369, yOff = 2055, + len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0, + len = 244 '\364', format = 0xb62e338}, {xOff = 9536, yOff = 2080, + len = 184 '\270', format = 0x8104a2e}} + lists = 0xbf81457c + listsBase = 0xbf814570 + glyphsLocal = {0xbb34bb8, 0xb9f2868, 0xb78ace0, 0xbaf1088, 0xbaf1088, + 0xbaf1088, 0x0 <repeats 250 times>} + glyph = <value optimised out> + glyphs = 0xbf814188 + glyphsBase = 0xbf814170 + buffer = <value optimised out> + end = 0xba105b0 "\225\021\003" + nglyph = -1082048120 + nlist = 1 + space = <value optimised out> + size = <value optimised out> + rc = <value optimised out> #9 0x08118293 in ProcRenderDispatch (client=0x6) at ../../render/render.c:2051 No locals. #10 0x0806e087 in Dispatch () at ../../dix/dispatch.c:432 - result = <value optimised out> - client = 0xb62e338 - nready = 0 - start_tick = 260 + result = <value optimised out> + client = 0xb62e338 + nready = 0 + start_tick = 260 #11 0x080625ba in main (argc=6, argv=0xbf814a04, envp=0xbf814a20) - at ../../dix/main.c:291 - i = 1 - alwaysCheckForInput = {0, 1} - - - Tracked bug down to uxa/uxa-glyphs.c in the xserver-xorg-video-intel driver. I looked at the latest git of the driver and knocked together the following patch which seems to work. Not sure of the quality of the code though: + at ../../dix/main.c:291 + i = 1 + alwaysCheckForInput = {0, 1} + + Tracked bug down to uxa/uxa-glyphs.c in the xserver-xorg-video-intel + driver. I looked at the latest git of the driver and knocked together + the following patch which seems to work. Not sure of the quality of the + code though: --- a/uxa/uxa-glyphs.c 2010-06-24 21:29:37.000000000 +0100 +++ b/uxa/uxa-glyphs.c 2010-12-31 19:51:49.000000000 +0000 @@ -164,8 +164,12 @@ - INTEL_CREATE_PIXMAP_TILING_X); - if (!pixmap) - goto bail; + INTEL_CREATE_PIXMAP_TILING_X); + if (!pixmap) + goto bail; - assert (uxa_pixmap_is_offscreen(pixmap)); - + if (!uxa_pixmap_is_offscreen(pixmap)) { + /* Presume shadow is in-effect */ + pScreen->DestroyPixmap(pixmap); + uxa_unrealize_glyph_caches(pScreen); + return TRUE; + } - component_alpha = NeedsComponent(pPictFormat->format); - picture = CreatePicture(0, &pixmap->drawable, pPictFormat, - CPComponentAlpha, &component_alpha, + component_alpha = NeedsComponent(pPictFormat->format); + picture = CreatePicture(0, &pixmap->drawable, pPictFormat, + CPComponentAlpha, &component_alpha, @@ -780,9 +784,8 @@ - - mask_pixmap = - uxa_get_drawable_pixmap(this_atlas->pDrawable); + + mask_pixmap = + uxa_get_drawable_pixmap(this_atlas->pDrawable); - assert (uxa_pixmap_is_offscreen(mask_pixmap)); - - if (!uxa_screen->info->prepare_composite(op, + if (!uxa_pixmap_is_offscreen(mask_pixmap) || + !uxa_screen->info->prepare_composite(op, - localSrc, this_atlas, pDst, - src_pixmap, mask_pixmap, dst_pixmap)) - return -1; + localSrc, this_atlas, pDst, + src_pixmap, mask_pixmap, dst_pixmap)) + return -1; @@ -983,9 +986,8 @@ - - src_pixmap = - uxa_get_drawable_pixmap(this_atlas->pDrawable); + + src_pixmap = + uxa_get_drawable_pixmap(this_atlas->pDrawable); - assert (uxa_pixmap_is_offscreen(src_pixmap)); - - if (!uxa_screen->info->prepare_composite(PictOpAdd, + if (!uxa_pixmap_is_offscreen(src_pixmap) || + !uxa_screen->info->prepare_composite(PictOpAdd, - this_atlas, NULL, mask, - src_pixmap, NULL, pixmap)) - return -1; + this_atlas, NULL, mask, + src_pixmap, NULL, pixmap)) + return -1; ** Changed in: xserver-xorg-video-intel (Ubuntu) Importance: Medium => High ** Changed in: xserver-xorg-video-intel (Ubuntu) Status: Incomplete => Triaged ** Summary changed: - Large non-antialiased text causes xserver to abort + [SRU] Large non-antialiased text causes xserver to abort ** Also affects: xserver-xorg-video-intel (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: xserver-xorg-video-intel (Ubuntu Natty) Importance: High Status: Triaged ** Changed in: xserver-xorg-video-intel (Ubuntu Maverick) Status: New => Triaged ** Changed in: xserver-xorg-video-intel (Ubuntu Maverick) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu-X, which is subscribed to xserver-xorg-video-intel in ubuntu. https://bugs.launchpad.net/bugs/696957 Title: [SRU] Large non-antialiased text causes xserver to abort _______________________________________________ Mailing list: https://launchpad.net/~ubuntu-x-swat Post to : ubuntu-x-swat@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-x-swat More help : https://help.launchpad.net/ListHelp