I have found a repeatable way to crash X, but it probably isn't so easy
to replicate for others.
Environment:
- NetBSD/amd64 8.0 userland + X (I have the debug set installed)
- pkgsrc-2018Q3 packages
- MesaLib18 from pkgsrc-current, installed on top of the older MesaLib
- emulators/vice but built from svn
(https://sourceforge.net/projects/vice-emu/) with gtk3+ GUI.
(VICE plans a release soon, and since I'm a committer there too I
wanted to check if it is working)
- running xpet from vice; probably my display settings are relevant.
- I have a Radeon graphics card.
I had to use MesaLib18 because the one that comes with pkgsrc-2018Q3
failed to work with xpet; when initializing it terminates with
CRITICAL: Could not realize GL context: No available configurations for the given RGBA pixel format
where the last part of that message is an error reported from
gtk_gl_area_make_current().
At least MesaLib 18 gets me past that.
When quitting xpet, it itself crashes but also the X server crashes.
This doesn't happen when I run x64, one of the other emulators. The
difference may be the size of the emulator screen: xpet's is much
bigger, almost as tall as my monitor (1200 px).
Xorg.0.log ends with:
[1781131.594] (EE) Segmentation fault at address 0x7b31a7c1bdbd
[1781131.594] (EE)
Fatal server error:
[1781131.594] (EE) Caught signal 11 (Segmentation fault). Server aborting
[1781131.594] (EE)
[1781131.594] (EE)
Please consult the The X.Org Foundation support
at http://wiki.X.Org
for help.
[1781131.594] (EE) Please also check the log file at "/var/log/Xorg.0.log" for additional information.
[1781131.594] (EE)
[1781131.595] (II) AIGLX: Suspending AIGLX clients for VT switch
I have a core dump, and gdb thinks this:
#0 0x00000000992ef59e in xf86RotateFreeShadow ()
#1 0x00007b31a7c1dabe in RADEONLeaveVT_KMS (arg=0x7b31b194d800)
at /usr/xsrc/external/mit/xf86-video-ati-kms/dist/src/radeon_kms.c:2381
#2 0x00000000992bcea4 in ?? ()
#3 0x00000000993c2f23 in glxDRILeaveVT (scrn=0x7b31b194d800)
at /usr/xsrc/external/mit/xorg-server/dist/glx/glxdri2.c:839
#4 0x00000000992d0640 in AbortDDX ()
#5 0x00000000993b38fa in AbortServer ()
#6 0x00000000993b4601 in FatalError ()
#7 0x00000000993b8cee in ?? ()
#8 <signal handler called>
#9 0x00007b31a7c1bdbd in RADEONBlockHandler_KMS (arg=<optimized out>,
pTimeout=<optimized out>, pReadmask=<optimized out>)
at /usr/xsrc/external/mit/xf86-video-ati-kms/dist/src/radeon_kms.c:1104
#10 0x0000000099297999 in BlockHandler ()
#11 0x00000000993bd260 in WaitForSomething ()
#12 0x000000009928696d in Dispatch ()
#13 0x000000009925a505 in dix_main ()
#14 0x000000009925a05b in ___start ()
#15 0x00007b31b206d000 in ?? ()
#16 0x0000000000000005 in ?? ()
#17 0x00007f7fffa20bf8 in ?? ()
#18 0x00007f7fffa20c09 in ?? ()
#19 0x00007f7fffa20c0c in ?? ()
#20 0x00007f7fffa20c11 in ?? ()
#21 0x00007f7fffa20c17 in ?? ()
#22 0x0000000000000000 in ?? ()
The actual crash seems to happen in frame #9,
#9 0x00007b31a7c1bdbd in RADEONBlockHandler_KMS (arg=<optimized out>,
pTimeout=<optimized out>, pReadmask=<optimized out>)
at /usr/xsrc/external/mit/xf86-video-ati-kms/dist/src/radeon_kms.c:1104
(gdb) info locals
pScreen = <optimized out>
pScrn = 0x7b31b194d800
info = 0x7b31b1957000
xf86_config = 0x7b31b19222c0
c = 0
+--/usr/xsrc/external/mit/xf86-video-ati-kms/dist/src/radeon_kms.c----------+
|1085 static void RADEONBlockHandler_KMS(BLOCKHANDLER_ARGS_DECL) |
|1086 { |
|1087 SCREEN_PTR(arg); |
|1088 ScrnInfoPtr pScrn = xf86ScreenToScrn(pScreen); |
|1089 RADEONInfoPtr info = RADEONPTR(pScrn); |
|1090 xf86CrtcConfigPtr xf86_config = XF86_CRTC_CONFIG_PTR(pScrn); |
|1091 int c; |
|1092 |
|1093 pScreen->BlockHandler = info->BlockHandler; |
|1094 (*pScreen->BlockHandler) (BLOCKHANDLER_ARGS); |
|1095 pScreen->BlockHandler = RADEONBlockHandler_KMS; |
|1096 |
|1097 #ifdef RADEON_PIXMAP_SHARING |
|1098 if (!pScreen->isGPU) |
|1099 #endif |
|1100 { |
|1101 for (c = 0; c < xf86_config->num_crtc; c++) { |
|1102 if (info->tear_free) |
|1103 radeon_scanout_flip(pScreen, info, xf86_config->crt|
>|1104 else if (info->shadow_primary |
|1105 #if XF86_CRTC_VERSION >= 4 |
|1106 || xf86_config->crtc[c]->driverIsPerformingTra|
|1107 #endif |
|1108 ) |
|1109 radeon_scanout_update(xf86_config->crtc[c]); |
|1110 } |
|1111 } |
|1112 |
|1113 radeon_cs_flush_indirect(pScrn); |
|1114 |
|1115 #ifdef RADEON_PIXMAP_SHARING |
|1116 radeon_dirty_update(pScrn); |
|1117 #endif |
|1118 } |
|1119 |
+---------------------------------------------------------------------------+
netbsd-thr LWP 1 In: RADEONBlockHandler_KMS L1104 PC: 0x7b31a7c1bdbd
(gdb) print info
$1 = (RADEONInfoPtr) 0x7b31b1957000
(gdb) print info -> tear_free
$2 = 0
(gdb) print xf86_config->crtc
$3 = (xf86CrtcPtr *) 0x48a026b0489026a
(gdb) print xf86_config->crtc[c]
Cannot access memory at address 0x48a026b0489026a
It looks like xf86_config->crtc got corrupted; in fact the whole of
*xf86_config looks suspect:
(gdb) print *xf86_config
$5 = {num_output = 76087737, output = 0x48a01ea048901e9,
compat_output = 76087912, num_crtc = 76153449, crtc = 0x48a026b0489026a,
minWidth = 76153210, minHeight = 76218747, maxWidth = 76153273,
maxHeight = 76218855, rotation_damage = 0x48b01ea048a01e9,
rotation_damage_registered = 76153385, dga_flags = 76218923,
dga_address = 327357798877364782, dga_modes = 0x48b0266048a0265,
dga_nmode = 76153448, dga_width = 76218985, dga_height = 76153450,
dga_stride = 76218987, dga_save_mode = 0x48c017b048b017a,
funcs = 0x48c01e7048b01b9, CreateScreenResources = 0x48c01ea048b01e9,
CloseScreen = 0x48c01ed048b01ec, cursor_info = 0x48c022b048b0229,
cursor = 0x48c022f048b022e,
cursor_image = 0x48c0266048b0265 <error: Cannot access memory at address 0x48c
0266048b0265>, cursor_on = 76218984, cursor_fg = 76284521,
cursor_bg = 76218986, options = 0x48d017b048c017a, debug_modes = 76284345,
BlockHandler = 0x48d01ea048c01e9, xf86_crtc_notify = 0x48d01ed048c01ec,
name = 0x48d01f9048c01f8 <error: Cannot access memory at address 0x48d01f9048c
01f8>, provider_funcs = 0x48d022b048c0229, randr_provider = 0x48d022f048c022e}
xf86_config comes from pScrn somehow, but *pScrn looks ok:
(gdb) print *pScrn
$7 = {driverVersion = 7348224, driverName = 0x7b31a7c5e400 "radeon",
pScreen = 0x7b31b1952000, scrnIndex = 0, configured = 1, origIndex = 0,
imageByteOrder = 0, bitmapScanlineUnit = 32, bitmapScanlinePad = 32,
bitmapBitOrder = 0, numFormats = 0, formats = {{depth = 0 '\000',
bitsPerPixel = 0 '\000', scanlinePad = 0 '\000'}, {depth = 0 '\000',
bitsPerPixel = 0 '\000', scanlinePad = 0 '\000'}, {depth = 0 '\000',
bitsPerPixel = 0 '\000', scanlinePad = 0 '\000'}, {depth = 0 '\000',
bitsPerPixel = 0 '\000', scanlinePad = 0 '\000'}, {depth = 0 '\000',
bitsPerPixel = 0 '\000', scanlinePad = 0 '\000'}, {depth = 0 '\000',
bitsPerPixel = 0 '\000', scanlinePad = 0 '\000'}, {depth = 0 '\000',
bitsPerPixel = 0 '\000', scanlinePad = 0 '\000'}, {depth = 0 '\000',
bitsPerPixel = 0 '\000', scanlinePad = 0 '\000'}}, fbFormat = {
depth = 24 '\030', bitsPerPixel = 32 ' ', scanlinePad = 32 ' '},
bitsPerPixel = 32, pixmap24 = Pix24Use32, depth = 24, depthFrom = X_DEFAULT,
bitsPerPixelFrom = X_PROBED, weight = {red = 8, green = 8, blue = 8},
mask = {red = 16711680, green = 65280, blue = 255}, offset = {red = 16,
green = 8, blue = 0}, rgbBits = 8, gamma = {red = 1, green = 1, blue = 1},
defaultVisual = 4, maxHValue = 0, maxVValue = 0, virtualX = 1920,
virtualY = 1200, xInc = 0, virtualFrom = X_PROBED, displayWidth = 1920,
frameX0 = 0, frameY0 = 0, frameX1 = 1919, frameY1 = 1199, zoomLocked = 0,
modePool = 0x0, modes = 0x7b31b1da4fb0, currentMode = 0x7b31b1da4fb0,
confScreen = 0x7b31b1901200, monitor = 0x7b31b19221e0,
display = 0x7b31b193b2f0, entityList = 0x7b31b19193e0, numEntities = 1,
widthmm = 0, heightmm = 0, xDpi = 96, yDpi = 96,
name = 0x7b31a7c65037 "RADEON", driverPrivate = 0x7b31b1957000,
privates = 0x7b31b19193d0, drv = 0x7b31b194b080, module = 0x7b31b192c2a0,
colorKey = 0, overlayFlags = 0,
chipset = 0x7b31a7c664e6 "ATI Radeon HD 5450", ramdac = 0x0,
clockchip = 0x0, progClock = 0, numClocks = 0, clock = {
0 <repeats 128 times>}, videoRam = 0, biosBase = 0, memPhysBase = 0,
fbOffset = 0, memClk = 0, flipPixels = 0, options = 0x7b31b191a770,
chipID = 0, chipRev = 0, vtSema = 1, silkenMouse = 1, clockRanges = 0x0,
adjustFlags = 0, preferClone = 0, reservedInt = {0 <repeats 16 times>},
entityInstanceList = 0x7b31b19193e8, vgaDev = 0x0, reservedPtr = {
0x0 <repeats 14 times>}, Probe = 0x0,
PreInit = 0x7b31a7c1c61d <RADEONPreInit_KMS>,
ScreenInit = 0x7b31a7c1e0f6 <RADEONScreenInit_KMS>, SwitchMode = 0x992ff7d6,
AdjustFrame = 0x992be7bf, EnterVT = 0x993c2f46 <glxDRIEnterVT>,
LeaveVT = 0x7b31a7c1da7c <RADEONLeaveVT_KMS>,
FreeScreen = 0x7b31a7c1d9bd <RADEONFreeScreen_KMS>,
ValidMode = 0x7b31a7c1e971 <RADEONValidMode>,
EnableDisableFBAccess = 0x992ffb5c,
SetDGAMode = 0x992da8cf <xf86SetDGAMode>, ChangeGamma = 0x992f0ca5,
PointerMoved = 0x992f0b42, PMEvent = 0x0,
DPMSSet = 0x992f61a8 <xf86DPMSSet>, LoadPalette = 0x0, SetOverscan = 0x0,
DriverFunc = 0x0, ModeSet = 0x992be76f, reservedFuncs = {0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, is_gpu = 0, capabilities = 0}
XF86_CRTC_CONFIG_PTR is defined here:
./xorg-server/dist/hw/xfree86/modes/xf86Crtc.h:#define XF86_CRTC_CONFIG_PTR(p) ((xf86CrtcConfigPtr) ((p)->privates[xf86CrtcConfigPrivateIndex].ptr))
(gdb) print xf86CrtcConfigPrivateIndex
$8 = 0
(gdb) print pScrn->privates
$10 = (DevUnion *) 0x7b31b19193d0
(gdb) print pScrn->privates[0]
$9 = {ptr = 0x7b31b19222c0, val = 135453362758336, uval = 135453362758336,
fptr = 0x7b31b19222c0}
This is more or less where my research got stuck.
-Olaf.
--
___ Olaf 'Rhialto' Seibert -- "What good is a Ring of Power
\X/ rhialto/at/falu.nl -- if you're unable...to Speak." - Agent Elrond
Attachment:
signature.asc
Description: PGP signature