[mdb-discuss] spurious mdb stops in "sigacthandler" when debugging b117 Xorg ?

Mon, 6 Jul 2009 20:32:04 +0200 

Xorg is receiving lots of SIGPOLL signals when the mouse
is moved.  And a few SIGALRM signal.  Neither should
cause mdb to stop.


Btw. with gdb the same problem exists:

...
(gdb) c
Continuing.

Program received signal SIGTRAP, Trace/breakpoint trap.
<signal handler called>

(gdb) x/i $pc
0xceaf03b1 <sigacthandler+1>:   mov    %esp,%ebp

(gdb) info break
Num Type           Disp Enb Address    What
3   hw watchpoint  keep y              *(int *) (141515160 + 248)
        stop only if *(int *) (141515160 + 248) <= 0
        breakpoint already hit 4 times


2009/7/6 Edward Pilatowicz <edward.pilatowicz at sun.com>:
> hey jurgen,
>
> so mdb normally stops after it recieves any signal listed by ::bp/$b.
>
> the entry point for signal handling is sigacthandler(), so it seems the
> process did just get a signal.
>
> are you sure the processes didn't just recieve one of the signals
> listed by ::bp/$b?
>
> perhaps there is some faulty logic in mdb or procfs that attempts
> to filter out signals not listed by ::bp/$b?
>
> ed
>
> On Sun, Jul 05, 2009 at 09:33:58AM -0700, J?rgen Keil wrote:
>> I'm trying to debug an Xorg mouse problem in b116 or newer, on 32-bit x86.
>> The problem is that under unknown conditions the mouse pointer jumps to
>> the upper left screen corner.
>> ( http://www.opensolaris.org/jive/thread.jspa?threadID=105715&tstart=0 )
>>
>>
>> Unfortunately, when I recompile Xorg from source and run that, the problem
>> disappears. So that adding printfs to Xorg, or trying to compile Xorg 
>> binaries
>> with certain changesets removed can't be used to narrow down the problem.
>>
>>
>> For that reason I'm now trying to debug the problem with mdb using the 
>> original
>> b116 / b117 Xorg 32-bit binary. ?The idea was to set a "conditional" mdb 
>> write
>> access breakpoint on the mouse driver's "y" coordinate, that triggers only in
>> case "y" was changed to a value of 0:
>>
>> # mdb -p `pgrep -x Xorg`
>> Loading modules: [ ld.so.1 libproc.so.1 libnvpair.so.1 libuutil.so.1 
>> libavl.so.1 ]
>> > GetPointerEvents+113/i
>> GetPointerEvents+0x113: ? ? ? ? movl ? %ecx,-0x20(%ebp)
>> > :b
>> > :c
>> mdb: stop at GetPointerEvents+0x113
>> mdb: target stopped at:
>> GetPointerEvents+0x113: movl ? %ecx,-0x20(%ebp)
>> > <eax=X
>> ? ? ? ? ? ? ? ? 86f5998
>>
>> At this point, %eax contains a pointer to the mouse driver's
>> state structure, and offset 0xf8 in that structure is the current
>> "x" coordinate, and offset 0xfc is the "y" coordinate.
>>
>> The following should set a conditional write access breakpoint,
>> that stops only when "y" has been changed to 0:
>>
>> > 0x86f5998+0xfc::wp -w -L 4 -c ",*(0x86f5998+0xfc)!=0:c"
>> > :c
>> mdb: stop at GetPointerEvents+0x113
>> mdb: target stopped at:
>> GetPointerEvents+0x113: movl ? %ecx,-0x20(%ebp)
>> > $b
>> ? ?ID S TA HT LM Description ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?Action
>> ----- - -- -- -- ---------------------------------------- 
>> ----------------------
>> [ 1 ] + T ? 0 ?0 stop on SIGINT ? ? ? ? ? ? ? ? ? ? ? ? ? -
>> [ 2 ] + T ? 0 ?0 stop on SIGQUIT ? ? ? ? ? ? ? ? ? ? ? ? ?-
>> [ 3 ] + T ? 0 ?0 stop on SIGILL ? ? ? ? ? ? ? ? ? ? ? ? ? -
>> [ 4 ] + T ? 0 ?0 stop on SIGTRAP ? ? ? ? ? ? ? ? ? ? ? ? ?-
>> [ 5 ] + T ? 0 ?0 stop on SIGABRT ? ? ? ? ? ? ? ? ? ? ? ? ?-
>> [ 6 ] + T ? 0 ?0 stop on SIGEMT ? ? ? ? ? ? ? ? ? ? ? ? ? -
>> [ 7 ] + T ? 0 ?0 stop on SIGFPE ? ? ? ? ? ? ? ? ? ? ? ? ? -
>> [ 8 ] + T ? 0 ?0 stop on SIGBUS ? ? ? ? ? ? ? ? ? ? ? ? ? -
>> [ 9 ] + T ? 0 ?0 stop on SIGSEGV ? ? ? ? ? ? ? ? ? ? ? ? ?-
>> [ 10] + T ? 0 ?0 stop on SIGSYS ? ? ? ? ? ? ? ? ? ? ? ? ? -
>> [ 11] + T ? 0 ?0 stop on SIGXCPU ? ? ? ? ? ? ? ? ? ? ? ? ?-
>> [ 12] + T ? 0 ?0 stop on SIGXFSZ ? ? ? ? ? ? ? ? ? ? ? ? ?-
>> < 13> + ? ? 2 ?0 stop at GetPointerEvents+0x113 ? ? ? ? ? -
>> [ 14] + ? ? 2 ?0 stop on write of [0x86f5a94, 0x86f5a98) ?,*(0x86f5998+0xfc 
>> ...
>> > ::delete 13
>> > :c
>>
>> ? ?... Xorg is running for some time ...
>>
>> mdb: target stopped at:
>> libc_hwcap1.so.1`sigacthandler+1: ? ? ? movl ? %esp,%ebp
>> > 0x86f5998+0xf8/XX
>> 0x86f5a90: ? ? ?274 ? ? ? ? ? ? 36d
>>
>>
>> Now this is something I don't understand and looks like a mdb bug:
>> After some time using the mouse in Xorg we do stop in mdb, but
>> the "y" value didn't change to 0 ?
>>
>> Seems we didn't stop because of the write access breakpoint.
>> But why did we stop?
>>
>> > $C
>> 08047758 libc_hwcap1.so.1`sigacthandler+1(86f5768)
>> 08047788 xf86SigioReadInput+0x2f(15, 86f5768, 8047858, 80dfe15)
>> 08047858 xf86SIGIO+0x1a9(16, 0, 8047920)
>> 0804786c libc_hwcap1.so.1`__sighndlr+0xf(16, 0, 8047920, 80dfdf8)
>> 080478dc libc_hwcap1.so.1`call_user_handler+0x2af(16)
>> 0804790c libc_hwcap1.so.1`sigacthandler+0xdf(16, 0, 8047920)
>> 08047b38 SecurityLookupIDByType+0xe(878cc00, 1600286, 3, 20)
>> 08047b58 dixLookupGC+0x22(8047b7c, 1600286, 878cc00, 20)
>> 08047b98 ProcChangeGC+0x37(878cc00, 38)
>> 08047c28 Dispatch+0x44f(840a418, 840a41c, 8409930, 840a8b8, 840a8ec, 820694c)
>> 08047d18 main+0x605(9, 8047d50, 8047d78, 8047d0c)
>> 08047d44 _start+0x7d(9, 8047e20, 8047e32, 8047e35, 8047e3f, 8047e43)
>> > ::status
>> debugging PID 950 (32-bit)
>> file: /usr/X11/bin/i386/Xorg
>> threading model: native threads
>> status: stopped after a single-step
>> > $b
>> ? ?ID S TA HT LM Description ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?Action
>> ----- - -- -- -- ---------------------------------------- 
>> ----------------------
>> [ 1 ] + T ? 0 ?0 stop on SIGINT ? ? ? ? ? ? ? ? ? ? ? ? ? -
>> [ 2 ] + T ? 0 ?0 stop on SIGQUIT ? ? ? ? ? ? ? ? ? ? ? ? ?-
>> [ 3 ] + T ? 0 ?0 stop on SIGILL ? ? ? ? ? ? ? ? ? ? ? ? ? -
>> [ 4 ] + T ? 0 ?0 stop on SIGTRAP ? ? ? ? ? ? ? ? ? ? ? ? ?-
>> [ 5 ] + T ? 0 ?0 stop on SIGABRT ? ? ? ? ? ? ? ? ? ? ? ? ?-
>> [ 6 ] + T ? 0 ?0 stop on SIGEMT ? ? ? ? ? ? ? ? ? ? ? ? ? -
>> [ 7 ] + T ? 0 ?0 stop on SIGFPE ? ? ? ? ? ? ? ? ? ? ? ? ? -
>> [ 8 ] + T ? 0 ?0 stop on SIGBUS ? ? ? ? ? ? ? ? ? ? ? ? ? -
>> [ 9 ] + T ? 0 ?0 stop on SIGSEGV ? ? ? ? ? ? ? ? ? ? ? ? ?-
>> [ 10] + T ? 0 ?0 stop on SIGSYS ? ? ? ? ? ? ? ? ? ? ? ? ? -
>> [ 11] + T ? 0 ?0 stop on SIGXCPU ? ? ? ? ? ? ? ? ? ? ? ? ?-
>> [ 12] + T ? 0 ?0 stop on SIGXFSZ ? ? ? ? ? ? ? ? ? ? ? ? ?-
>> [ 14] + ? ?594 ?0 stop on write of [0x86f5a94, 0x86f5a98) ?,*(0x86f5998+0xfc 
>> ...
>> > :c
>>
>>
>> ? ?... Xorg is running for some time ...
>>
>> mdb: target stopped at:
>> libc_hwcap1.so.1`sigacthandler+1: ? ? ? movl ? %esp,%ebp
>> > ::status
>> debugging PID 950 (32-bit)
>> file: /usr/X11/bin/i386/Xorg
>> threading model: native threads
>> status: stopped after a single-step
>> > $b
>> ? ?ID S TA HT LM Description ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?Action
>> ----- - -- -- -- ---------------------------------------- 
>> ----------------------
>> [ 1 ] + T ? 0 ?0 stop on SIGINT ? ? ? ? ? ? ? ? ? ? ? ? ? -
>> [ 2 ] + T ? 0 ?0 stop on SIGQUIT ? ? ? ? ? ? ? ? ? ? ? ? ?-
>> [ 3 ] + T ? 0 ?0 stop on SIGILL ? ? ? ? ? ? ? ? ? ? ? ? ? -
>> [ 4 ] + T ? 0 ?0 stop on SIGTRAP ? ? ? ? ? ? ? ? ? ? ? ? ?-
>> [ 5 ] + T ? 0 ?0 stop on SIGABRT ? ? ? ? ? ? ? ? ? ? ? ? ?-
>> [ 6 ] + T ? 0 ?0 stop on SIGEMT ? ? ? ? ? ? ? ? ? ? ? ? ? -
>> [ 7 ] + T ? 0 ?0 stop on SIGFPE ? ? ? ? ? ? ? ? ? ? ? ? ? -
>> [ 8 ] + T ? 0 ?0 stop on SIGBUS ? ? ? ? ? ? ? ? ? ? ? ? ? -
>> [ 9 ] + T ? 0 ?0 stop on SIGSEGV ? ? ? ? ? ? ? ? ? ? ? ? ?-
>> [ 10] + T ? 0 ?0 stop on SIGSYS ? ? ? ? ? ? ? ? ? ? ? ? ? -
>> [ 11] + T ? 0 ?0 stop on SIGXCPU ? ? ? ? ? ? ? ? ? ? ? ? ?-
>> [ 12] + T ? 0 ?0 stop on SIGXFSZ ? ? ? ? ? ? ? ? ? ? ? ? ?-
>> [ 14] + ? ?980 ?0 stop on write of [0x86f5a94, 0x86f5a98) ?,*(0x86f5998+0xfc 
>> ...
>> > $C
>> 08045e88 libc_hwcap1.so.1`sigacthandler+1(86f5768)
>> 08045eb8 xf86SigioReadInput+0x2f(15, 86f5768, 8045f88, 80dfe15)
>> 08045f88 xf86SIGIO+0x1a9(16, 0, 8046050)
>> 08045f9c libc_hwcap1.so.1`__sighndlr+0xf(16, 0, 8046050, 80dfdf8)
>> 0804600c libc_hwcap1.so.1`call_user_handler+0x2af(16)
>> 0804603c libc_hwcap1.so.1`sigacthandler+0xdf(16, 0, 8046050)
>> 080462d8 libpixman-1.so.0`pixman_op+0x1b3(80463b0, 92e2f98, 92e2fa4, 
>> ce971100, 1
>> , 0)
>> 08046338 libpixman-1.so.0`pixman_region_subtract+0x9f(80463b0, 92e2f98, 
>> 92e2fa4
>> , 814b358, 92e2fc8)
>> 08046358 miSubtract+0x24(80463b0, 92e2f98, 92e2fa4, cd679552)
>> 080463d8 libexa.so`exaCopyDirty+0x104(8046530, 92e2fa4, 92e2f98, 0, 94c18e8,
>> bfbbef00)
>> 08046438 libexa.so`exaDoMoveInPixmap+0x138(8046530, cd68e938, 8046468, 
>> cd679e7e
>> )
>> 080464c8 libexa.so`exaDoMigration+0x54c(8046520, 2, 1)
>> 08046598 libexa.so`exaTryDriverCompositeRects+0x17a(c, 92e2ee8, 8861280, 3,
>> 80466e4, 80465f0)
>> 08046618 libexa.so`exaCompositeRects+0x196(c, 92e2ee8, 8861280, 3, 80466e4,
>> cd68e3dc)
>> 08046648 libexa.so`exaGlyphsToMask+0x2f(8861280, 80466e0, 1, 80466d0)
>> 08047308 libexa.so`exaGlyphs+0x925(3, 882d118, 881ed70, 844c6b8, 4f, 42)
>> 08047398 damageGlyphs+0x26f(3, 882d118, 881ed70, 844c6b8, 4f, 42)
>> 080473d8 CompositeGlyphs+0x70(3, 882d118, 881ed70, 844c6b8, 4f, 42)
>> 08047b78 ProcRenderCompositeGlyphs+0x4c0(878cc00, 8, 878cc00, 818bb94)
>> 08047b98 ProcRenderDispatch+0x38(878cc00, 95)
>> 08047c28 Dispatch+0x44f(840a418, 840a41c, 8409930, 840a8b8, 840a8ec, 820694c)
>> 08047d18 main+0x605(9, 8047d50, 8047d78, 8047d0c)
>> 08047d44 _start+0x7d(9, 8047e20, 8047e32, 8047e35, 8047e3f, 8047e43)
>> > 0x86f5998+0xf8/XX
>> 0x86f5a90: ? ? ?2bc ? ? ? ? ? ? 2b0
>>
>>
>> It happened again, we stopped for an unknown reason.
>>
>> Btw. when I move the mouse to the upper left corner,
>> the write access breakpoint works as expected, like this:
>>
>> > :c
>> mdb: stop on write of [0x86f5a94, 0x86f5a98)
>> mdb: target stopped at:
>> GetPointerEvents+0x65a: movl ? %eax,0xfc(%esi)
>> > 0x86f5998+0xf8/XX
>> 0x86f5a90: ? ? ?2 ? ? ? ? ? ? ? 0
>> --
>> This message posted from opensolaris.org
>> _______________________________________________
>> mdb-discuss mailing list
>> mdb-discuss at opensolaris.org
>

Reply via email to