On Mon, 2009-09-28 at 16:58 +0200, Julien Cristau wrote: > > Does this still happen with server 1.6.3.901? There's a > signal-related > fix in there, although it's kind of a long shot. Yes, it does still happen after upgrade (last time ~ 5 minutes ago). A gdb session is attached, with as much information as I could reasonably gather without knowing anything about X internals. Is there any other information that I could supply? Does anybody want the core file? Thomas
Core was generated by `/usr/bin/X -br -nolisten tcp :0 vt7 -auth /var/run/xauth/A:0-Be6ZAT'.
Program terminated with signal 6, Aborted.
#0 0xffffe410 in __kernel_vsyscall ()
(gdb) bt full
#0 0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1 0xb7bde3d0 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
resultvar = <value optimized out>
pid = -1211047948
selftid = 4461
#2 0xb7be1a85 in *__GI_abort () at abort.c:88
act = {__sigaction_handler = {sa_handler = 0x1, sa_sigaction = 0x1}, sa_mask = {__val = {3216826184,
3081377788, 136444272, 4, 3216826288, 3216826276, 3081361264, 3081380132, 3082956628, 3216826352,
3086272112, 134611646, 3216826200, 0, 0, 136690792, 136273568, 3083923808, 1, 136222616, 3216826216,
135484561, 136255000, 3083923808, 3216826264, 156887200, 3082938977, 136255352, 16, 3216826344,
3216826296, 21505}}, sa_flags = -1212030607, sa_restorer = 0x81f1618}
sigs = {__val = {32, 0 <repeats 31 times>}}
#3 0x080ad535 in ddxGiveUp () at ../../../../hw/xfree86/common/xf86Init.c:1417
i = <value optimized out>
#4 0x0813b80d in AbortServer () at ../../os/log.c:397
No locals.
#5 0x0813be0e in FatalError (f=0x81c94f0 "Caught signal %d. Server aborting\n") at ../../os/log.c:522
beenhere = 1
#6 0x080c1e13 in xf86SigHandler (signo=11) at ../../../../hw/xfree86/common/xf86Events.c:387
No locals.
#7 <signal handler called>
No symbol table info available.
#8 0x080b7945 in xf86SIGIO (sig=29) at ../../../../../hw/xfree86/os-support/linux/../shared/sigio.c:110
i = <value optimized out>
ready = {fds_bits = {3072, -1078139880, 135537224, 154986920, 64, -1078139976, 135484561, 154108840,
136177084, -1078139912, -1211047948, -1211043488, 154981320, -1078139928, -1212008298, -1211043488,
154981320, 154981312, 136177084, 154981320, 136675704, -1078139912, 135484561, 154981320, 136177084,
-1078139880, 135761828, 154981320, 136242664, 136510104, 136177084, 144530640}}
to = {tv_sec = 0, tv_usec = 0}
save_errno = 0
r = -1
#9 <signal handler called>
No symbol table info available.
#10 memmove () at ../sysdeps/i386/i686/memmove.S:102
No locals.
#11 0x08133dc5 in WriteToClient (who=0x8b9a650, count=4, __buf=0x8938338) at ../../os/io.c:826
oc = 0x8b9a5c8
oco = 0x84f19d0
padBytes = 0
#12 0x080a2d8f in ProcGetProperty (client=0x8b9a650) at ../../dix/property.c:543
pProp = 0x9204b18
prevProp = <value optimized out>
n = <value optimized out>
len = 4
ind = 143885112
rc = <value optimized out>
pWin = 0x8824350
reply = {type = 1 '\1', format = 32 ' ', sequenceNumber = 19024, length = 1, propertyType = 6,
bytesAfter = 0, nItems = 1, pad1 = 0, pad2 = 24, pad3 = 0}
---Type <return> to continue, or q <return> to quit---
win_mode = <value optimized out>
prop_mode = 1
#13 0x0808c8b7 in Dispatch () at ../../dix/dispatch.c:456
result = <value optimized out>
client = 0x8b9a650
nready = 0
start_tick = 12000
#14 0x08071b8a in main (argc=8, argv=0xbfbce924, envp=Cannot access memory at address 0x8
) at ../../dix/main.c:397
i = <value optimized out>
alwaysCheckForInput = {0, 1}
(gdb) up 11
#11 0x08133dc5 in WriteToClient (who=0x8b9a650, count=4, __buf=0x8938338) at ../../os/io.c:826
826 ../../os/io.c: No such file or directory.
in ../../os/io.c
(gdb) p *oco
$1 = {next = 0x899b858, size = 4096, buf = 0x9260890 "\1 PJ\1", count = 32}
(gdb) p oco->buf + oco->count
$2 = (unsigned char *) 0x92608b0 ""
(gdb) p *(oco->buf + oco->count)
$3 = 0 '\0'
(gdb) p *(oco->buf + oco->count+1)
$4 = 0 '\0'
(gdb) p *(oco->buf + oco->count+2)
$5 = 0 '\0'
(gdb) p *(oco->buf + oco->count+3)
$6 = 0 '\0'
(gdb) p *oc
$7 = {fd = 25, input = 0x84d6da0, output = 0x84f19d0, auth_id = 275, conn_time = 0, trans_conn = 0x8b9a610}
(gdb) p padBytes
$8 = 0
(gdb) down
#10 memmove () at ../sysdeps/i386/i686/memmove.S:102
102 ../sysdeps/i386/i686/memmove.S: No such file or directory.
in ../sysdeps/i386/i686/memmove.S
Current language: auto; currently asm
(gdb) disassemble
Dump of assembler code for function memmove:
0xb7c2b5b0 <memmove+0>: push %edi
0xb7c2b5b1 <memmove+1>: mov 0x10(%esp),%ecx
0xb7c2b5b5 <memmove+5>: mov 0x8(%esp),%edi
0xb7c2b5b9 <memmove+9>: mov %esi,%edx
0xb7c2b5bb <memmove+11>: mov 0xc(%esp),%esi
0xb7c2b5bf <memmove+15>: mov %edi,%eax
0xb7c2b5c1 <memmove+17>: sub %esi,%eax
0xb7c2b5c3 <memmove+19>: cmp %eax,%edi
0xb7c2b5c5 <memmove+21>: jae 0xb7c2b5dd <memmove+45>
0xb7c2b5c7 <memmove+23>: cld
0xb7c2b5c8 <memmove+24>: shr %ecx
0xb7c2b5ca <memmove+26>: jae 0xb7c2b5cd <memmove+29>
0xb7c2b5cc <memmove+28>: movsb %ds:(%esi),%es:(%edi)
0xb7c2b5cd <memmove+29>: shr %ecx
0xb7c2b5cf <memmove+31>: jae 0xb7c2b5d3 <memmove+35>
0xb7c2b5d1 <memmove+33>: movsw %ds:(%esi),%es:(%edi)
0xb7c2b5d3 <memmove+35>: rep movsl %ds:(%esi),%es:(%edi)
0xb7c2b5d5 <memmove+37>: mov %edx,%esi
0xb7c2b5d7 <memmove+39>: mov 0x8(%esp),%eax
0xb7c2b5db <memmove+43>: pop %edi
0xb7c2b5dc <memmove+44>: ret
0xb7c2b5dd <memmove+45>: std
0xb7c2b5de <memmove+46>: lea -0x1(%edi,%ecx,1),%edi
0xb7c2b5e2 <memmove+50>: lea -0x1(%esi,%ecx,1),%esi
0xb7c2b5e6 <memmove+54>: shr %ecx
0xb7c2b5e8 <memmove+56>: jae 0xb7c2b5eb <memmove+59>
0xb7c2b5ea <memmove+58>: movsb %ds:(%esi),%es:(%edi)
0xb7c2b5eb <memmove+59>: sub $0x1,%edi
0xb7c2b5ee <memmove+62>: sub $0x1,%esi
0xb7c2b5f1 <memmove+65>: shr %ecx
0xb7c2b5f3 <memmove+67>: jae 0xb7c2b5f7 <memmove+71>
0xb7c2b5f5 <memmove+69>: movsw %ds:(%esi),%es:(%edi)
0xb7c2b5f7 <memmove+71>: sub $0x2,%edi
0xb7c2b5fa <memmove+74>: sub $0x2,%esi
0xb7c2b5fd <memmove+77>: rep movsl %ds:(%esi),%es:(%edi)
0xb7c2b5ff <memmove+79>: mov %edx,%esi
0xb7c2b601 <memmove+81>: mov 0x8(%esp),%eax
0xb7c2b605 <memmove+85>: cld
0xb7c2b606 <memmove+86>: pop %edi
0xb7c2b607 <memmove+87>: ret
End of assembler dump.