Subject: xsrc/21911: XdecNetBSD server crashes on alpha 3000/400 with PMAGB-B
To: None <gnats-bugs@gnats.netbsd.org>
From: None <agrier@poofygoof.com>
List: netbsd-bugs
Date: 06/16/2003 18:22:40
>Number: 21911
>Category: xsrc
>Synopsis: XdecNetBSD server crashes on alpha 3000/400 with PMAGB-B
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: xsrc-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Jun 17 01:23:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:
>Release: NetBSD 1.6.1
>Organization:
Aaron J. Grier | "Not your ordinary poofy goof." | agrier@poofygoof.com
>Environment:
System: NetBSD elrond 1.6.1 NetBSD 1.6.1 (TCWSCONS) #0: Wed Apr 30 10:11:42 PDT 2003 agrier@elrond.poofy.goof.com:/var/obj/TCWSCONS alpha
Architecture: alpha
Machine: alpha
compiled with "-g" from circa Jun 8th sources. (not that it's a
fast-moving X server by any means...) system libraries are out-of-the-
box 1.6.1.
/usr/X11R6/bin/XdecNetBSD:
-lz.0 => /usr/lib/libz.so.0
-lm.0 => /usr/lib/libm.so.0
-lc.12 => /usr/lib/libc.so.12
>Description:
the XdecNetBSD server randomly crashes on 3000/400 with PMAGB-B
framebuffer.
it's crashing with sig 11:
#0 0x12015b034 in cfbDoBitbltCopy (pSrc=0x1204e4800, pDst=0x1204dc700, alu=3,
prgnDst=0x1ffffeed8, pptSrc=0x1ffffee60, planemask=18446744073709551615)
at cfbbltC.c:549
549 *pdst = MROP_MASK(bits1, *pdst, startmask);
here's the full backtrace:
#0 0x12015b034 in cfbDoBitbltCopy (pSrc=0x1204e4800, pDst=0x1204dc700, alu=3,
prgnDst=0x1ffffeed8, pptSrc=0x1ffffee60, planemask=18446744073709551615)
at cfbbltC.c:549
#1 0x120158bc4 in cfbDoBitblt (pSrc=0x1204e4800, pDst=0x1204dc700, alu=3,
prgnDst=0x1ffffeed8, pptSrc=0x1ffffee60, planemask=18446744073709551615)
at cfbbitblt.c:325
#2 0x120158984 in cfbBitBlt (pSrcDrawable=0x1204e4800,
pDstDrawable=0x1204dc700, pGC=0x120537c00, srcx=0, srcy=0, width=32,
height=32, dstx=494, dsty=113, doBitBlt=0x120158b00 <cfbDoBitblt>,
bitPlane=0) at cfbbitblt.c:278
#3 0x120006ce4 in decSfbCopyArea (pSrcDrawable=0x1204e4800,
pDstDrawable=0x1204dc700, pGC=0x120537c00, srcx=0, srcy=0, width=32,
height=32, dstx=494, dsty=113) at sfbbitblt.c:100
#4 0x12021f72c in miSpriteCopyArea (pSrc=0x1204e4800, pDst=0x1204dc700,
pGC=0x120537c00, srcx=0, srcy=0, w=32, h=32, dstx=494, dsty=113)
at misprite.c:1070
#5 0x120214668 in miDCMoveCursor (pScreen=0x12047ec00, pCursor=0x12056c780,
x=494, y=113, w=32, h=32, dx=12, dy=14, source=1, mask=0)
at midispcur.c:611
#6 0x120225538 in miSpriteSetCursor (pScreen=0x12047ec00,
pCursor=0x12056c780, x=507, y=128) at misprite.c:1957
#7 0x120225610 in miSpriteMoveCursor (pScreen=0x12047ec00, x=507, y=128)
at misprite.c:1985
#8 0x120211fa4 in miPointerUpdate () at mipointer.c:361
#9 0x120022290 in ProcessInputEvents () at decIo.c:73
#10 0x1200361c0 in Dispatch () at dispatch.c:244
#11 0x120059308 in main (argc=4, argv=0x1fffff490) at main.c:400
(gdb) print /x startmask
$2 = 0xffff000000000000
(gdb) print bits1
$3 = 0
(gdb) print pdst
$4 = (long unsigned int *) 0x16084a6e8
>How-To-Repeat:
I've had it die while I've been sitting in front of it actively working;
I've had it die idling at an xdm-generated login prompt; I've had it die
when nobody's home. (although it's possibly my cat is jumping on the
desk and wiggling the mouse cursor around.) at this point I'm not even
sure if it's crashing at the same location, since this is the first
crash I've gotten with a debug-compiled XdecNetBSD.
I can provide a corefile and the server binary to anybody interested.
>Fix:
it looks to be mouse cursor-related, and my guess is that a pointer is
getting corrupted somehow during cursor updates, possibly due to 64-bit
uncleanliness, but I'll be damned if I can make heads or tails of the
code at this point in time. figured I'd send-pr so somebody a bit more
familiar can take a look.
>Release-Note:
>Audit-Trail:
>Unformatted: