On Mon, 2009-09-28 at 16:58 +0200, Julien Cristau wrote: > > Does this still happen with server 1.6.3.901? There's a > signal-related > fix in there, although it's kind of a long shot.
Yes, it does still happen after upgrade (last time ~ 5 minutes ago). A gdb session is attached, with as much information as I could reasonably gather without knowing anything about X internals. Is there any other information that I could supply? Does anybody want the core file? Thomas
Core was generated by `/usr/bin/X -br -nolisten tcp :0 vt7 -auth /var/run/xauth/A:0-Be6ZAT'. Program terminated with signal 6, Aborted. #0 0xffffe410 in __kernel_vsyscall () (gdb) bt full #0 0xffffe410 in __kernel_vsyscall () No symbol table info available. #1 0xb7bde3d0 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 resultvar = <value optimized out> pid = -1211047948 selftid = 4461 #2 0xb7be1a85 in *__GI_abort () at abort.c:88 act = {__sigaction_handler = {sa_handler = 0x1, sa_sigaction = 0x1}, sa_mask = {__val = {3216826184, 3081377788, 136444272, 4, 3216826288, 3216826276, 3081361264, 3081380132, 3082956628, 3216826352, 3086272112, 134611646, 3216826200, 0, 0, 136690792, 136273568, 3083923808, 1, 136222616, 3216826216, 135484561, 136255000, 3083923808, 3216826264, 156887200, 3082938977, 136255352, 16, 3216826344, 3216826296, 21505}}, sa_flags = -1212030607, sa_restorer = 0x81f1618} sigs = {__val = {32, 0 <repeats 31 times>}} #3 0x080ad535 in ddxGiveUp () at ../../../../hw/xfree86/common/xf86Init.c:1417 i = <value optimized out> #4 0x0813b80d in AbortServer () at ../../os/log.c:397 No locals. #5 0x0813be0e in FatalError (f=0x81c94f0 "Caught signal %d. Server aborting\n") at ../../os/log.c:522 beenhere = 1 #6 0x080c1e13 in xf86SigHandler (signo=11) at ../../../../hw/xfree86/common/xf86Events.c:387 No locals. #7 <signal handler called> No symbol table info available. #8 0x080b7945 in xf86SIGIO (sig=29) at ../../../../../hw/xfree86/os-support/linux/../shared/sigio.c:110 i = <value optimized out> ready = {fds_bits = {3072, -1078139880, 135537224, 154986920, 64, -1078139976, 135484561, 154108840, 136177084, -1078139912, -1211047948, -1211043488, 154981320, -1078139928, -1212008298, -1211043488, 154981320, 154981312, 136177084, 154981320, 136675704, -1078139912, 135484561, 154981320, 136177084, -1078139880, 135761828, 154981320, 136242664, 136510104, 136177084, 144530640}} to = {tv_sec = 0, tv_usec = 0} save_errno = 0 r = -1 #9 <signal handler called> No symbol table info available. #10 memmove () at ../sysdeps/i386/i686/memmove.S:102 No locals. #11 0x08133dc5 in WriteToClient (who=0x8b9a650, count=4, __buf=0x8938338) at ../../os/io.c:826 oc = 0x8b9a5c8 oco = 0x84f19d0 padBytes = 0 #12 0x080a2d8f in ProcGetProperty (client=0x8b9a650) at ../../dix/property.c:543 pProp = 0x9204b18 prevProp = <value optimized out> n = <value optimized out> len = 4 ind = 143885112 rc = <value optimized out> pWin = 0x8824350 reply = {type = 1 '\1', format = 32 ' ', sequenceNumber = 19024, length = 1, propertyType = 6, bytesAfter = 0, nItems = 1, pad1 = 0, pad2 = 24, pad3 = 0} ---Type <return> to continue, or q <return> to quit--- win_mode = <value optimized out> prop_mode = 1 #13 0x0808c8b7 in Dispatch () at ../../dix/dispatch.c:456 result = <value optimized out> client = 0x8b9a650 nready = 0 start_tick = 12000 #14 0x08071b8a in main (argc=8, argv=0xbfbce924, envp=Cannot access memory at address 0x8 ) at ../../dix/main.c:397 i = <value optimized out> alwaysCheckForInput = {0, 1} (gdb) up 11 #11 0x08133dc5 in WriteToClient (who=0x8b9a650, count=4, __buf=0x8938338) at ../../os/io.c:826 826 ../../os/io.c: No such file or directory. in ../../os/io.c (gdb) p *oco $1 = {next = 0x899b858, size = 4096, buf = 0x9260890 "\1 PJ\1", count = 32} (gdb) p oco->buf + oco->count $2 = (unsigned char *) 0x92608b0 "" (gdb) p *(oco->buf + oco->count) $3 = 0 '\0' (gdb) p *(oco->buf + oco->count+1) $4 = 0 '\0' (gdb) p *(oco->buf + oco->count+2) $5 = 0 '\0' (gdb) p *(oco->buf + oco->count+3) $6 = 0 '\0' (gdb) p *oc $7 = {fd = 25, input = 0x84d6da0, output = 0x84f19d0, auth_id = 275, conn_time = 0, trans_conn = 0x8b9a610} (gdb) p padBytes $8 = 0 (gdb) down #10 memmove () at ../sysdeps/i386/i686/memmove.S:102 102 ../sysdeps/i386/i686/memmove.S: No such file or directory. in ../sysdeps/i386/i686/memmove.S Current language: auto; currently asm (gdb) disassemble Dump of assembler code for function memmove: 0xb7c2b5b0 <memmove+0>: push %edi 0xb7c2b5b1 <memmove+1>: mov 0x10(%esp),%ecx 0xb7c2b5b5 <memmove+5>: mov 0x8(%esp),%edi 0xb7c2b5b9 <memmove+9>: mov %esi,%edx 0xb7c2b5bb <memmove+11>: mov 0xc(%esp),%esi 0xb7c2b5bf <memmove+15>: mov %edi,%eax 0xb7c2b5c1 <memmove+17>: sub %esi,%eax 0xb7c2b5c3 <memmove+19>: cmp %eax,%edi 0xb7c2b5c5 <memmove+21>: jae 0xb7c2b5dd <memmove+45> 0xb7c2b5c7 <memmove+23>: cld 0xb7c2b5c8 <memmove+24>: shr %ecx 0xb7c2b5ca <memmove+26>: jae 0xb7c2b5cd <memmove+29> 0xb7c2b5cc <memmove+28>: movsb %ds:(%esi),%es:(%edi) 0xb7c2b5cd <memmove+29>: shr %ecx 0xb7c2b5cf <memmove+31>: jae 0xb7c2b5d3 <memmove+35> 0xb7c2b5d1 <memmove+33>: movsw %ds:(%esi),%es:(%edi) 0xb7c2b5d3 <memmove+35>: rep movsl %ds:(%esi),%es:(%edi) 0xb7c2b5d5 <memmove+37>: mov %edx,%esi 0xb7c2b5d7 <memmove+39>: mov 0x8(%esp),%eax 0xb7c2b5db <memmove+43>: pop %edi 0xb7c2b5dc <memmove+44>: ret 0xb7c2b5dd <memmove+45>: std 0xb7c2b5de <memmove+46>: lea -0x1(%edi,%ecx,1),%edi 0xb7c2b5e2 <memmove+50>: lea -0x1(%esi,%ecx,1),%esi 0xb7c2b5e6 <memmove+54>: shr %ecx 0xb7c2b5e8 <memmove+56>: jae 0xb7c2b5eb <memmove+59> 0xb7c2b5ea <memmove+58>: movsb %ds:(%esi),%es:(%edi) 0xb7c2b5eb <memmove+59>: sub $0x1,%edi 0xb7c2b5ee <memmove+62>: sub $0x1,%esi 0xb7c2b5f1 <memmove+65>: shr %ecx 0xb7c2b5f3 <memmove+67>: jae 0xb7c2b5f7 <memmove+71> 0xb7c2b5f5 <memmove+69>: movsw %ds:(%esi),%es:(%edi) 0xb7c2b5f7 <memmove+71>: sub $0x2,%edi 0xb7c2b5fa <memmove+74>: sub $0x2,%esi 0xb7c2b5fd <memmove+77>: rep movsl %ds:(%esi),%es:(%edi) 0xb7c2b5ff <memmove+79>: mov %edx,%esi 0xb7c2b601 <memmove+81>: mov 0x8(%esp),%eax 0xb7c2b605 <memmove+85>: cld 0xb7c2b606 <memmove+86>: pop %edi 0xb7c2b607 <memmove+87>: ret End of assembler dump.