Bug#629611: xserver-xorg: reproducible X server segfault
Cyril Brulebois writes:
>
> thanks for the test case, even though I can't reproduce it. A full
> backtrace might be nice:
> http://pkg-xorg.alioth.debian.org/howto/use-gdb.html
Here's what I got from that.
(gdb) bt full
#0 0x0fb028bc in *__GI_raise (sig=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
r4 = <value optimized out>
r7 = <value optimized out>
r12 = <value optimized out>
r5 = 6
r8 = <value optimized out>
r10 = <value optimized out>
r0 = 250
r3 = <value optimized out>
r6 = <value optimized out>
r9 = <value optimized out>
r11 = <value optimized out>
sc_ret = <value optimized out>
pid = 0
selftid = 3834
#1 0x0fb07f74 in *__GI_abort () at abort.c:92
act = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0},
sa_mask = {__val = {0, 0, 520, 520, 130, 1211959296, 1211959296,
270448596, 270404504, 0, 268549068, 1208098800, 1208101096,
3216205408, 1208020332, 263000940, 264540768, 3216205408,
263533356, 270448596, 270448652, 270448596, 0, 270420228,
270448592, 3216205472, 1208047712, 671106084, 32, 0, 264373708,
0}}, sa_flags = 0, sa_restorer = 0xfba7b1c <__close_nocancel+8>}
sigs = {__val = {32, 0 <repeats 31 times>}}
#2 0x1007be98 in ddxGiveUp () at ../../../../hw/xfree86/common/xf86Init.c:1214
i = <value optimized out>
#3 0x1007bf8c in AbortDDX () at ../../../../hw/xfree86/common/xf86Init.c:1260
i = 1
#4 0x1006dea4 in AbortServer () at ../../os/log.c:404
No locals.
#5 0x1006e67c in FatalError (
f=0x101b1094 "Caught signal %d (%s). Server aborting\n")
at ../../os/log.c:529
args = {{gpr = 3 '\003', fpr = 0 '\000', reserved = 0,
overflow_arg_area = 0xbfb36778, reg_save_area = 0xbfb366f8}}
beenhere = 1
#6 0x1007a70c in OsSigHandler (signo=11, sip=0xbfb367e0,
unused=<value optimized out>) at ../../os/osinit.c:156
No locals.
#7 <signal handler called>
No symbol table info available.
#8 fb24_32BltDown (srcLine=0x4802b804 "", srcStride=128,
srcX=<value optimized out>,
dstLine=0x483d01dc <Address 0x483d01dc out of bounds>, dstStride=5632,
dstX=<value optimized out>, width=524, height=15, alu=3, pm=4294967295)
at ../../fb/fb24_32.c:133
s0 = <value optimized out>
s1 = <value optimized out>
src = 0x4802bff4
dst = 0x483d07d0 <Address 0x483d07d0 out of bounds>
w = <value optimized out>
pixel = <value optimized out>
_ca1 = 0
_cx1 = 0
_ca2 = 4294967295
_cx2 = 0
#9 0x0f68a2c8 in fb24_32CopyMtoN (pSrcDrawable=<value optimized out>,
pDstDrawable=<value optimized out>, pGC=0x10226e20, pbox=0xbfb36ef8,
nbox=1, dx=-499, dy=-370, reverse=<value optimized out>, upsidedown=0,
bitplane=0, closure=0x0) at ../../fb/fb24_32.c:514
pPriv = 0x1054b610
src = 0x48024000 ""
srcStride = 128
dst = 0x48089000 <Address 0x48089000 out of bounds>
dstStride = 5632
blt = 0xf6894a0 <fb24_32BltDown>
srcXoff = 0
srcYoff = 0
dstXoff = 0
dstYoff = 0
#10 0x10174338 in miCopyRegion (pSrcDrawable=0x10226e80,
pDstDrawable=<value optimized out>, pGC=<value optimized out>,
pDstRegion=<value optimized out>, dx=-499, dy=-370,
copyProc=0xf68a140 <fb24_32CopyMtoN>, bitPlane=0, closure=0x0)
at ../../mi/micopy.c:138
reverse = <value optimized out>
upsidedown = <value optimized out>
pbox = <value optimized out>
nbox = <value optimized out>
pboxNew1 = <value optimized out>
pboxNew2 = <value optimized out>
pboxBase = <value optimized out>
pboxNext = <value optimized out>
pboxTmp = <value optimized out>
#11 0x1017498c in miDoCopy (pSrcDrawable=0x10226e80, pDstDrawable=0x10226320,
pGC=0x10226e20, xIn=1, yIn=0, widthSrc=524, heightSrc=256, xOut=500,
yOut=370, copyProc=0xf68a140 <fb24_32CopyMtoN>, bitPlane=0, closure=0x0)
at ../../mi/micopy.c:338
prgnSrcClip = 0x0
freeSrcClip = 0
prgnExposed = <value optimized out>
rgnDst = {extents = {x1 = 500, y1 = 370, x2 = 1024, y2 = 626},
data = 0x0}
dx = -499
dy = -370
box_x1 = <value optimized out>
box_y1 = <value optimized out>
box_x2 = <value optimized out>
box_y2 = <value optimized out>
fastSrc = <value optimized out>
fastDst = 1
fastExpose = 1
#12 0x0f695fa0 in fbCopyArea (pSrcDrawable=<value optimized out>,
pDstDrawable=<value optimized out>, pGC=<value optimized out>,
xIn=<value optimized out>, yIn=<value optimized out>,
widthSrc=<value optimized out>, heightSrc=<value optimized out>,
xOut=<value optimized out>, yOut=0) at ../../fb/fbcopy.c:344
copy = <value optimized out>
#13 0x0f6139a4 in XAACopyAreaFallback (pSrc=0x10226e80, pDst=0x10226320,
pGC=0x10226e20, srcx=1, srcy=0, width=524, height=256, dstx=1, dsty=0)
at ../../../../hw/xfree86/xaa/xaaFallback.c:85
pGCPriv = 0x1054b5c0
oldFuncs = 0xf673fd8
#14 0x0f614e6c in XAACopyArea (pSrcDrawable=0x10226e80,
pDstDrawable=0x10226320, pGC=0x10226e20, srcx=1, srcy=0, width=524,
height=256, dstx=1, dsty=0) at ../../../../hw/xfree86/xaa/xaaCpyArea.c:72
infoRec = 0x1022acb0
#15 0x0f65f454 in cwCopyArea (pSrc=0x10226e80, pDst=0x10226320,
pGC=0x10226e20, srcx=1, srcy=0, w=524, h=256, dstx=1, dsty=0)
at ../../../miext/cw/cw_ops.c:201
pGCPrivate = 0x10225f28
dst_off_x = 0
dst_off_y = 0
pBackingDst = 0x10226320
pBackingGC = 0x10226e20
src_off_x = 0
src_off_y = 0
pBackingSrc = 0x10226e80
#16 0x100f3d54 in damageCopyArea (pSrc=0x10226e80, pDst=0x10226320,
pGC=0x10226e20, srcx=1, srcy=0, width=524, height=256, dstx=1, dsty=0)
at ../../../miext/damage/damage.c:949
ret = <value optimized out>
pGCPriv = <value optimized out>
oldFuncs = 0x101e8668
#17 0x100cee24 in doShmPutImage (client=0x10226c98) at ../../Xext/shm.c:508
pPixmap = 0x10226e80
#18 ProcShmPutImage (client=0x10226c98) at ../../Xext/shm.c:891
pGC = 0x10226e20
pDraw = 0x10226320
length = <value optimized out>
shmdesc = 0x1045aba0
#19 0x100d01a4 in ProcShmDispatch (client=<value optimized out>)
at ../../Xext/shm.c:1145
No locals.
#20 0x1004a1f0 in Dispatch () at ../../dix/dispatch.c:439
result = <value optimized out>
client = <value optimized out>
nready = 0
start_tick = 0
#21 0x1001d0d4 in main (argc=4, argv=0xbfb37554, envp=<value optimized out>)
at ../../dix/main.c:283
i = 1
alwaysCheckForInput = {0, 1}
(gdb)
--
Alan Curry
Reply to: