On Sat, Dec 18, 2004 at 07:44:24PM -0500, Branden Robinson wrote:
> Can you reproduce the problem with xserver-xfree86-dbg? Install the
> package and tell debconf you want to use that X server. Then restart the X
> server and try to reproduce the bug (hopefully, this is easy). If it
> doesn't crash, let us know. If a bug is in the XFree86 X server's ELF
> module loader, you likely won't see it when you use the debugging server.
> We still want to know that information. If it does crash, become root,
> enable core dumps ("ulimit -c unlimited" in bash), start the X server as
> root and reproduce the crash again:
I've tried to start the server in 3 different ways:
1. As a normal user using the command "X"
2. As a normal user using the command "startx $(which x-terminal-emulator)"
3. As root using the command "startx $(which x-terminal-emulator)"
Of these, #1 and #3 crash when I run the gv client, #2 doesn't (after
a few tries, anyway; #1 and #3 seem to crash always).
#3 indeed produces a core file in /etc/X11/, after which it goes into
some kind of an endless loop (after printing "When reporting a server
crash..."), eating all CPU it gets and unable to be killed even with
-KILL. #1 doesn't go into an endless loop, but doesn't produce a core
file either.
Unfortunately gdb doesn't seem able to give useful information:
------------------------------------------------------------
# gdb /usr/X11R6/bin/XFree86-debug /etc/X11/core
GNU gdb 6.1-debian
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-linux"...Using host libthread_db library
"/lib/tls/libthread_db.so.1".
Core was generated by `/usr/X11R6/bin/X :1'.
Program terminated with signal 6, Aborted.
Cannot access memory at address 0xb8000e28
#0 0xb7e17ed9 in ?? ()
(gdb) bt
#0 0xb7e17ed9 in ?? ()
Cannot access memory at address 0xbfffed10
(gdb)
------------------------------------------------------------
However I tried to attach to a running X process and was able to get
the following backtrace (running the crash-provoking client
immediately after issuing the first 'cont' command):
------------------------------------------------------------
Script started on Sun Dec 19 17:07:08 2004
lh:~# ps |grep XFre
lh:~# ps uax |grep XFre
root 2130 0.7 0.8 147812 4512 ? S 17:07 0:00 XFree86-debug
root 2145 0.0 0.1 3300 520 pts/1 R+ 17:07 0:00 grep XFre
lh:~# gdb /usr/X11/bin/XFree86-debug 2130
GNU gdb 6.1-debian
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-linux"...Using host libthread_db library
"/lib/tls/libthread_db.so.1".
Attaching to program: /usr/X11R6/bin/XFree86-debug, process 2130
Reading symbols from /usr/lib/libfreetype.so.6...done.
Loaded symbols for /usr/lib/libfreetype.so.6
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /lib/tls/libm.so.6...Reading symbols from
/usr/lib/debug//lib/tls/libm-2.3.2.so...done.
done.
Loaded symbols for /lib/tls/libm.so.6
Reading symbols from /lib/tls/libc.so.6...Reading symbols from
/usr/lib/debug//lib/tls/libc-2.3.2.so...done.
done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/ld-linux.so.2...Reading symbols from
/usr/lib/debug//lib/ld-2.3.2.so...done.
done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/tls/libnss_files.so.2...Reading symbols from
/usr/lib/debug//lib/tls/libnss_files-2.3.2.so...done.
done.
Loaded symbols for /lib/tls/libnss_files.so.2
0xb7ec43b8 in ___newselect_nocancel () from /lib/tls/libc.so.6
(gdb) cont
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x0853ba9a in fbBlt (srcLine=0x23f2762c, srcStride=21641, srcX=0,
dstLine=0xbffff4fc, dstStride=21641, dstX=0, width=692512, height=0,
alu=3, pm=16777215, bpp=32, reverse=0, upsidedown=0) at fbblt.c:180
180 fbblt.c: No such file or directory.
in fbblt.c
(gdb) bt
#0 0x0853ba9a in fbBlt (srcLine=0x23f2762c, srcStride=21641, srcX=0,
dstLine=0xbffff4fc, dstStride=21641, dstX=0, width=692512, height=0,
alu=3, pm=16777215, bpp=32, reverse=0, upsidedown=0) at fbblt.c:180
#1 0x0853c9c7 in fbBltStip (src=0x23f12408, srcStride=21641, srcX=0,
dst=0xbffea2d8, dstStride=21641, dstX=0, width=692512, height=1, alu=3,
pm=16777215, bpp=32) at fbblt.c:919
#2 0x0854952f in fbGetImage (pDrawable=0x7cca8008, x=0, y=32396, w=21641,
h=1, format=2, planeMask=16777215, d=0xbffea2d8 "") at fbimage.c:330
#3 0x08377086 in XAAGetImage (pDraw=0x7cca8008, sx=0, sy=32396, w=21641, h=1,
format=2, planemask=16777215, pdstLine=0xbffea2d8 "") at xaaInit.c:281
#4 0x086250d5 in miBSGetImage (pDrawable=0x7cca8008, sx=0, sy=32396, w=21641,
h=1, format=2, planemask=16777215, pdstLine=0xbffea2d8 "")
at mibstore.c:613
#5 0x0863ecf7 in miSpriteGetImage (pDrawable=0x7cca8008, sx=0, sy=32396,
w=21641, h=1, format=2, planemask=16777215, pdstLine=0xbffea2d8 "")
at misprite.c:495
#6 0x084e86c6 in DoGetImage (client=0x8ce6e30, format=2, drawable=2097335,
x=0, y=32396, width=21641, height=1, planemask=16777215, im_return=0x0)
at dispatch.c:2244
#7 0x084e8920 in ProcGetImage (client=0x8ce6e30) at dispatch.c:2338
#8 0x084e3688 in Dispatch () at dispatch.c:450
#9 0x084fabfc in main (argc=1, argv=0xbffffae4, envp=0xbffffaec) at main.c:469
(gdb) bt full
#0 0x0853ba9a in fbBlt (srcLine=0x23f2762c, srcStride=21641, srcX=0,
dstLine=0xbffff4fc, dstStride=21641, dstX=0, width=692512, height=0,
alu=3, pm=16777215, bpp=32, reverse=0, upsidedown=0) at fbblt.c:180
src = (FbBits *) 0x23f1240c
dst = (FbBits *) 0xbffea2d8
leftShift = 0
rightShift = 0
startmask = 0
endmask = 0
bits = 0
bits1 = 0
n = 21640
nmiddle = 21641
destInvarient = 0
startbyte = 0
endbyte = 0
_ca1 = 0
_cx1 = 4278190080
_ca2 = 16777215
_cx2 = 0
#1 0x0853c9c7 in fbBltStip (src=0x23f12408, srcStride=21641, srcX=0,
dst=0xbffea2d8, dstStride=21641, dstX=0, width=692512, height=1, alu=3,
pm=16777215, bpp=32) at fbblt.c:919
No locals.
#2 0x0854952f in fbGetImage (pDrawable=0x7cca8008, x=0, y=32396, w=21641,
h=1, format=2, planeMask=16777215, d=0xbffea2d8 "") at fbimage.c:330
pm = 16777215
src = (FbBits *) 0x7cca8058
srcStride = 21641
srcBpp = 32
srcXoff = 0
srcYoff = 0
dst = (FbStip *) 0xbffea2d8
dstStride = 21641
#3 0x08377086 in XAAGetImage (pDraw=0x7cca8008, sx=0, sy=32396, w=21641, h=1,
format=2, planemask=16777215, pdstLine=0xbffea2d8 "") at xaaInit.c:281
pScreen = 0x8b87c68
infoRec = 0x8ba15e8
pScrn = 0x8b72fd8
#4 0x086250d5 in miBSGetImage (pDrawable=0x7cca8008, sx=0, sy=32396, w=21641,
h=1, format=2, planemask=16777215, pdstLine=0xbffea2d8 "")
at mibstore.c:613
pScreen = 0x8b87c68
bounds = {x1 = 0, y1 = 0, x2 = 0, y2 = 0}
depth = 0 '\0'
#5 0x0863ecf7 in miSpriteGetImage (pDrawable=0x7cca8008, sx=0, sy=32396,
w=21641, h=1, format=2, planemask=16777215, pdstLine=0xbffea2d8 "")
at misprite.c:495
pScreen = 0x8b87c68
pScreenPriv = 0x8b85918
#6 0x084e86c6 in DoGetImage (client=0x8ce6e30, format=2, drawable=2097335,
x=0, y=32396, width=21641, height=1, planemask=16777215, im_return=0x0)
at dispatch.c:2244
pDraw = 0x7cca8008
nlines = 1
linesPerBuf = 1
linesDone = 0
widthBytesLine = 86564
length = 86564
plane = 0
pBuf = 0xbffea2d8 ""
xgi = {type = 1 '\001', depth = 24 '\030', sequenceNumber = 33,
length = 21641, visual = 0, pad3 = 0, pad4 = 0, pad5 = 0, pad6 = 3221222792,
pad7 = 139608336}
pVisibleRegion = 0x0
#7 0x084e8920 in ProcGetImage (client=0x8ce6e30) at dispatch.c:2338
stuff = (xGetImageReq *) 0x8ce7068
#8 0x084e3688 in Dispatch () at dispatch.c:450
clientReady = (int *) 0xbffff5f4
result = 20
client = 0x8ce6e30
nready = 0
icheck = (HWEventQueuePtr *) 0x8b5d088
start_tick = 200
#9 0x084fabfc in main (argc=1, argv=0xbffffae4, envp=0xbffffaec) at main.c:469
i = 1
j = 2
k = 2
error = -1208272102
xauthfile = 0x0
alwaysCheckForInput = {0, 1}
(gdb) cont
Continuing.
Program received signal SIGABRT, Aborted.
0xb7e17ed9 in raise () from /lib/tls/libc.so.6
(gdb) cont
Continuing.
Program terminated with signal SIGABRT, Aborted.
The program no longer exists.
(gdb) quit
lh:~# exit
Script done on Sun Dec 19 17:10:26 2004
------------------------------------------------------------
Hope this information helps. If there's still something I can do to
gather more information, I'll be happy to.
Sami
