Bug#469642: Signal 11 at libGLcore.so(_mesa_update_draw_buffer_bounds+0x59)
Package: xserver-xorg-core
Version: 2:1.1.1-21etch4
The following backtrace has been seen repeatedly on a Dell PWS 390
running in amd64 mode with an nVidia NV44 (Quadro NVS 285) card using
the nv driver. Matlab 7.5.0 seems particularly prone to triggering the
problem, but it isn't the only culprit.
----------------------------------
Backtrace:
0: /usr/bin/X(xf86SigHandler+0x6d) [0x4720bd]
1: /lib/libc.so.6 [0x2adf4b6a3110]
2: /usr/lib/xorg/modules/extensions/libGLcore.so(_mesa_update_draw_buffer_bounds+0x59) [0x2adf55fa0d89]
3: /usr/lib/xorg/modules/extensions/libGLcore.so [0x2adf5609514d]
4: /usr/lib/xorg/modules/extensions/libglx.so(DoMakeCurrent+0x511) [0x2adf4c237ad1]
5: /usr/lib/xorg/modules/extensions/libglx.so [0x2adf4c23a2b4]
6: /usr/bin/X(Dispatch+0x1b9) [0x448179]
7: /usr/bin/X(main+0x44d) [0x430f9d]
8: /lib/libc.so.6(__libc_start_main+0xda) [0x2adf4b6904ca]
9: /usr/bin/X(FontFileCompleteXLFD+0xa2) [0x43029a]
Fatal server error:
Caught signal 11. Server aborting
-----------------------------------
A similar backtrace was reported on 2007-02-05 by Ed Schofield; see
https://bugs.launchpad.net/ubuntu/+source/linux-restricted-modules-2.6.22/+bug/71913/comments/4
Unfortunately, that Launchpad entry has collected a lot of possibly
unrelated backtraces from various people; the one of interest here
isn't its main focus.
A look at a disassembly of _mesa_update_draw_buffer_bounds indicates
that the crash is actually in the inlined function update_framebuffer_size()
and results from some Attachment's Renderbuffer pointing to a stray
memory location. The fault occurs while dereferencing rb->Width, so
rb is non-NULL (there is an explicit test for this in the code)
and rb+0x10 is pointing outside valid memory. haveSize appears to be
false, so this must be the first Attachment with a non-NULL Renderbuffer.
Reply to: