I'm trying to debug an Xorg mouse problem in b116 or newer, on 32-bit x86.
The problem is that under unknown conditions the mouse pointer jumps to
the upper left screen corner.
( http://www.opensolaris.org/jive/thread.jspa?threadID=105715&tstart=0 )
Unfortunately, when I recompile Xorg from source and run that, the problem
disappears. So that adding printfs to Xorg, or trying to compile Xorg binaries
with certain changesets removed can't be used to narrow down the problem.
For that reason I'm now trying to debug the problem with mdb using the original
b116 / b117 Xorg 32-bit binary. The idea was to set a "conditional" mdb write
access breakpoint on the mouse driver's "y" coordinate, that triggers only in
case "y" was changed to a value of 0:
# mdb -p `pgrep -x Xorg`
Loading modules: [ ld.so.1 libproc.so.1 libnvpair.so.1 libuutil.so.1
libavl.so.1 ]
> GetPointerEvents+113/i
GetPointerEvents+0x113: movl %ecx,-0x20(%ebp)
> :b
> :c
mdb: stop at GetPointerEvents+0x113
mdb: target stopped at:
GetPointerEvents+0x113: movl %ecx,-0x20(%ebp)
> <eax=X
86f5998
At this point, %eax contains a pointer to the mouse driver's
state structure, and offset 0xf8 in that structure is the current
"x" coordinate, and offset 0xfc is the "y" coordinate.
The following should set a conditional write access breakpoint,
that stops only when "y" has been changed to 0:
> 0x86f5998+0xfc::wp -w -L 4 -c ",*(0x86f5998+0xfc)!=0:c"
> :c
mdb: stop at GetPointerEvents+0x113
mdb: target stopped at:
GetPointerEvents+0x113: movl %ecx,-0x20(%ebp)
> $b
ID S TA HT LM Description Action
----- - -- -- -- ---------------------------------------- ----------------------
[ 1 ] + T 0 0 stop on SIGINT -
[ 2 ] + T 0 0 stop on SIGQUIT -
[ 3 ] + T 0 0 stop on SIGILL -
[ 4 ] + T 0 0 stop on SIGTRAP -
[ 5 ] + T 0 0 stop on SIGABRT -
[ 6 ] + T 0 0 stop on SIGEMT -
[ 7 ] + T 0 0 stop on SIGFPE -
[ 8 ] + T 0 0 stop on SIGBUS -
[ 9 ] + T 0 0 stop on SIGSEGV -
[ 10] + T 0 0 stop on SIGSYS -
[ 11] + T 0 0 stop on SIGXCPU -
[ 12] + T 0 0 stop on SIGXFSZ -
< 13> + 2 0 stop at GetPointerEvents+0x113 -
[ 14] + 2 0 stop on write of [0x86f5a94, 0x86f5a98) ,*(0x86f5998+0xfc ...
> ::delete 13
> :c
... Xorg is running for some time ...
mdb: target stopped at:
libc_hwcap1.so.1`sigacthandler+1: movl %esp,%ebp
> 0x86f5998+0xf8/XX
0x86f5a90: 274 36d
Now this is something I don't understand and looks like a mdb bug:
After some time using the mouse in Xorg we do stop in mdb, but
the "y" value didn't change to 0 ?
Seems we didn't stop because of the write access breakpoint.
But why did we stop?
> $C
08047758 libc_hwcap1.so.1`sigacthandler+1(86f5768)
08047788 xf86SigioReadInput+0x2f(15, 86f5768, 8047858, 80dfe15)
08047858 xf86SIGIO+0x1a9(16, 0, 8047920)
0804786c libc_hwcap1.so.1`__sighndlr+0xf(16, 0, 8047920, 80dfdf8)
080478dc libc_hwcap1.so.1`call_user_handler+0x2af(16)
0804790c libc_hwcap1.so.1`sigacthandler+0xdf(16, 0, 8047920)
08047b38 SecurityLookupIDByType+0xe(878cc00, 1600286, 3, 20)
08047b58 dixLookupGC+0x22(8047b7c, 1600286, 878cc00, 20)
08047b98 ProcChangeGC+0x37(878cc00, 38)
08047c28 Dispatch+0x44f(840a418, 840a41c, 8409930, 840a8b8, 840a8ec, 820694c)
08047d18 main+0x605(9, 8047d50, 8047d78, 8047d0c)
08047d44 _start+0x7d(9, 8047e20, 8047e32, 8047e35, 8047e3f, 8047e43)
> ::status
debugging PID 950 (32-bit)
file: /usr/X11/bin/i386/Xorg
threading model: native threads
status: stopped after a single-step
> $b
ID S TA HT LM Description Action
----- - -- -- -- ---------------------------------------- ----------------------
[ 1 ] + T 0 0 stop on SIGINT -
[ 2 ] + T 0 0 stop on SIGQUIT -
[ 3 ] + T 0 0 stop on SIGILL -
[ 4 ] + T 0 0 stop on SIGTRAP -
[ 5 ] + T 0 0 stop on SIGABRT -
[ 6 ] + T 0 0 stop on SIGEMT -
[ 7 ] + T 0 0 stop on SIGFPE -
[ 8 ] + T 0 0 stop on SIGBUS -
[ 9 ] + T 0 0 stop on SIGSEGV -
[ 10] + T 0 0 stop on SIGSYS -
[ 11] + T 0 0 stop on SIGXCPU -
[ 12] + T 0 0 stop on SIGXFSZ -
[ 14] + 594 0 stop on write of [0x86f5a94, 0x86f5a98) ,*(0x86f5998+0xfc ...
> :c
... Xorg is running for some time ...
mdb: target stopped at:
libc_hwcap1.so.1`sigacthandler+1: movl %esp,%ebp
> ::status
debugging PID 950 (32-bit)
file: /usr/X11/bin/i386/Xorg
threading model: native threads
status: stopped after a single-step
> $b
ID S TA HT LM Description Action
----- - -- -- -- ---------------------------------------- ----------------------
[ 1 ] + T 0 0 stop on SIGINT -
[ 2 ] + T 0 0 stop on SIGQUIT -
[ 3 ] + T 0 0 stop on SIGILL -
[ 4 ] + T 0 0 stop on SIGTRAP -
[ 5 ] + T 0 0 stop on SIGABRT -
[ 6 ] + T 0 0 stop on SIGEMT -
[ 7 ] + T 0 0 stop on SIGFPE -
[ 8 ] + T 0 0 stop on SIGBUS -
[ 9 ] + T 0 0 stop on SIGSEGV -
[ 10] + T 0 0 stop on SIGSYS -
[ 11] + T 0 0 stop on SIGXCPU -
[ 12] + T 0 0 stop on SIGXFSZ -
[ 14] + 980 0 stop on write of [0x86f5a94, 0x86f5a98) ,*(0x86f5998+0xfc ...
> $C
08045e88 libc_hwcap1.so.1`sigacthandler+1(86f5768)
08045eb8 xf86SigioReadInput+0x2f(15, 86f5768, 8045f88, 80dfe15)
08045f88 xf86SIGIO+0x1a9(16, 0, 8046050)
08045f9c libc_hwcap1.so.1`__sighndlr+0xf(16, 0, 8046050, 80dfdf8)
0804600c libc_hwcap1.so.1`call_user_handler+0x2af(16)
0804603c libc_hwcap1.so.1`sigacthandler+0xdf(16, 0, 8046050)
080462d8 libpixman-1.so.0`pixman_op+0x1b3(80463b0, 92e2f98, 92e2fa4, ce971100, 1
, 0)
08046338 libpixman-1.so.0`pixman_region_subtract+0x9f(80463b0, 92e2f98, 92e2fa4
, 814b358, 92e2fc8)
08046358 miSubtract+0x24(80463b0, 92e2f98, 92e2fa4, cd679552)
080463d8 libexa.so`exaCopyDirty+0x104(8046530, 92e2fa4, 92e2f98, 0, 94c18e8,
bfbbef00)
08046438 libexa.so`exaDoMoveInPixmap+0x138(8046530, cd68e938, 8046468, cd679e7e
)
080464c8 libexa.so`exaDoMigration+0x54c(8046520, 2, 1)
08046598 libexa.so`exaTryDriverCompositeRects+0x17a(c, 92e2ee8, 8861280, 3,
80466e4, 80465f0)
08046618 libexa.so`exaCompositeRects+0x196(c, 92e2ee8, 8861280, 3, 80466e4,
cd68e3dc)
08046648 libexa.so`exaGlyphsToMask+0x2f(8861280, 80466e0, 1, 80466d0)
08047308 libexa.so`exaGlyphs+0x925(3, 882d118, 881ed70, 844c6b8, 4f, 42)
08047398 damageGlyphs+0x26f(3, 882d118, 881ed70, 844c6b8, 4f, 42)
080473d8 CompositeGlyphs+0x70(3, 882d118, 881ed70, 844c6b8, 4f, 42)
08047b78 ProcRenderCompositeGlyphs+0x4c0(878cc00, 8, 878cc00, 818bb94)
08047b98 ProcRenderDispatch+0x38(878cc00, 95)
08047c28 Dispatch+0x44f(840a418, 840a41c, 8409930, 840a8b8, 840a8ec, 820694c)
08047d18 main+0x605(9, 8047d50, 8047d78, 8047d0c)
08047d44 _start+0x7d(9, 8047e20, 8047e32, 8047e35, 8047e3f, 8047e43)
> 0x86f5998+0xf8/XX
0x86f5a90: 2bc 2b0
It happened again, we stopped for an unknown reason.
Btw. when I move the mouse to the upper left corner,
the write access breakpoint works as expected, like this:
> :c
mdb: stop on write of [0x86f5a94, 0x86f5a98)
mdb: target stopped at:
GetPointerEvents+0x65a: movl %eax,0xfc(%esi)
> 0x86f5998+0xf8/XX
0x86f5a90: 2 0
--
This message posted from opensolaris.org
