xserver-xfree86: xserver (ATI or Radeon something 7500) crashes on variouslaunches of programcs from within X.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xfree86 (Debian) |
Fix Released
|
Unknown
|
|||
xfree86 (Ubuntu) |
Invalid
|
High
|
Daniel Stone |
Bug Description
Automatically imported from Debian bug report #284448 http://
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #1 |
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Daniel Stone (daniels) wrote : | #2 |
This bug report is incredibly vague, filed on XFree86 (and thus automatically
imported), does not contain the right information, and is basically useless.
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#3 |
severity 284448 important
tag 284448 + moreinfo upstream
retitle 284448 xserver-xfree86: [ati/radeon] server crashes while doing unspecified activity on Radeon 'something' 7500
thanks
> Justification: unknown, X-windows crashes which is unacceptable for a production system
If the justification is "unknown", it might as well not be present.
This bug is not a report of a Policy violation, nor does failure of the X
server to work on a particular piece of video hardware -- notably one which you
haven't actually identified -- constitute a bug which renders the package
"unsuitable" for release.
A crashing bug that affected all users of xserver-xfree86 would be a different
story.
> The data below are not really applicable, because I've put in another
> video card. I've spent more than a day re/configuring. Problem is,
> that various launches (from gnome panel, from terminal) of various
> programs (rxvt, galeon, wmware) cause the Xserver to crash. (I
> sincerely hope) it is specific to the ati or radeon video card/driver
> `ati' or `radeon'.
Probably -- most crashing bugs are in hardware specific code, either in the 2D
XFree86 driver, or the 3D DRI driver.
> I've used the ati video card happily without problems for over a year.
> I had to change from stable to sarge because xfree 4.1.0 didn't
> support the card. Since 3 dec 2004 somehow, X-server crashes. It
> might have been the upgrade to 4.3.0.dfsg.1-8 at some upgrade to
> `sarge' in the past, but I can't find any earlier problemless xserver
> anymore from the archives to test this hypothesis.
Are you aware of snapshot.
at which package version this regression in functionality took place.
> The data below is not so accurate w.r.t the video card, since that has
> been replaced in this machine. Sorry about that.
We're simply going to have to have accurate information before we can proceed.
[The following is a form letter.]
Can you reproduce the problem with xserver-
package and tell debconf you want to use that X server. Then restart the X
server and try to reproduce the bug (should be easy). If it doesn't crash,
let us know. If it does crash, become root, enable core dumps ("ulimit -c
unlimited" in bash), start the X server as root and reproduce the crash
again:
# startx $(which x-terminal-
(If no X server is running at DISPLAY=:0, you can leave off the "-- :1"
part).
This will launch the X server running a lone terminal client with no window
manager. Run the client that provokes the crash from the terminal prompt.
If the X server crashes, it should leave a core dump in /etc/X11.
We then run the GNU Debugger, GDB, on the core file and executable. We're
interested in a backtrace of execution. The X server has a signal handler
in it so it can do things like exit gracefully (restoring the text console,
and so forth), so we're not actually interested in all the stack frames --
just those "above" the signal handler.
Here's an example GDB session I logged after provoking an artificial server
crash (with "kill -SEGV").
% gdb $(which XFree86-debug) core
GNU gdb 6.1-debian
Copyrig...
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #4 |
Message-ID: <email address hidden>
Date: Tue, 7 Dec 2004 17:06:46 -0500
From: Branden Robinson <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: Re: Bug#284448: xserver-xfree86: xserver (ATI or Radeon something 7500) crashes on
variouslaunches of programcs from within X.
--HFD/Dq8JdnjNvyuv
Content-Type: text/plain; charset=us-ascii
Content-
Content-
severity 284448 important
tag 284448 + moreinfo upstream
retitle 284448 xserver-xfree86: [ati/radeon] server crashes while doing uns=
pecified activity on Radeon 'something' 7500
thanks
> Justification: unknown, X-windows crashes which is unacceptable for a pro=
duction system
If the justification is "unknown", it might as well not be present.
This bug is not a report of a Policy violation, nor does failure of the X
server to work on a particular piece of video hardware -- notably one which=
you
haven't actually identified -- constitute a bug which renders the package
"unsuitable" for release.
A crashing bug that affected all users of xserver-xfree86 would be a differ=
ent
story.
> The data below are not really applicable, because I've put in another
> video card. I've spent more than a day re/configuring. Problem is,
> that various launches (from gnome panel, from terminal) of various
> programs (rxvt, galeon, wmware) cause the Xserver to crash. (I
> sincerely hope) it is specific to the ati or radeon video card/driver
> `ati' or `radeon'.
Probably -- most crashing bugs are in hardware specific code, either in the=
2D
XFree86 driver, or the 3D DRI driver.
> I've used the ati video card happily without problems for over a year.
> I had to change from stable to sarge because xfree 4.1.0 didn't
> support the card. Since 3 dec 2004 somehow, X-server crashes. It
> might have been the upgrade to 4.3.0.dfsg.1-8 at some upgrade to
> `sarge' in the past, but I can't find any earlier problemless xserver
> anymore from the archives to test this hypothesis.
Are you aware of snapshot.
now
at which package version this regression in functionality took place.
> The data below is not so accurate w.r.t the video card, since that has
> been replaced in this machine. Sorry about that.=20
We're simply going to have to have accurate information before we can proce=
ed.
[The following is a form letter.]
Can you reproduce the problem with xserver-
package and tell debconf you want to use that X server. Then restart the X
server and try to reproduce the bug (should be easy). If it doesn't crash,
let us know. If it does crash, become root, enable core dumps ("ulimit -c
unlimited" in bash), start the X server as root and reproduce the crash
again:
# startx $(which x-terminal-
(If no X server is running at DISPLAY=3D:0, you can leave off the "-- :1"
part).
This will launch the X server running a lone terminal client with no window
manager. Run the client that provokes the crash from the terminal prompt.
If the X server crashes, it should leave a core dump in /etc/X11.
We then run the GN...
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#5 |
Branden Robinson wrote:
>If the justification is "unknown", it might as well not be present.
>
>
>
Sorry, this is my first bug report (after using debian for many years,
since 0.7 or so), and I believe the script suggested that.
>This bug is not a report of a Policy violation, nor does failure of the X
>server to work on a particular piece of video hardware -- notably one which you
>haven't actually identified -- constitute a bug which renders the package
>"unsuitable" for release.
>
>
>
unsuitable it is, therefore. But since today it has become worse. My
computer at home, with---from lspci:
0000:01:00.0 VGA compatible controller: Silicon Integrated Systems [SiS]
86C326 5598/6326 (rev d2)
---graphics card now shows the same behaviour.
X-Server crashes on rxvt launch from gnome panel. Happened several
times now. I had a xserver-
am using that now, hoping it won't die on my while composing the message...
>A crashing bug that affected all users of xserver-xfree86 would be a different
>story.
>
>
>
Well, so first there was the ati/radeon 7500 and now the SiS 6326.
>>The data below are not really applicable, because I've put in another
>>video card. I've spent more than a day re/configuring. Problem is,
>>that various launches (from gnome panel, from terminal) of various
>>programs (rxvt, galeon, wmware) cause the Xserver to crash. (I
>>sincerely hope) it is specific to the ati or radeon video card/driver
>>`ati' or `radeon'.
>>
>>
>
>Probably -- most crashing bugs are in hardware specific code, either in the 2D
>XFree86 driver, or the 3D DRI driver.
>
>
>
I believe I am not using 3D, not using DRI in the case of the ati/radeon
7500 (I commented the module out at some stage without positive effect).
>>I've used the ati video card happily without problems for over a year.
>>I had to change from stable to sarge because xfree 4.1.0 didn't
>>support the card. Since 3 dec 2004 somehow, X-server crashes. It
>>might have been the upgrade to 4.3.0.dfsg.1-8 at some upgrade to
>>`sarge' in the past, but I can't find any earlier problemless xserver
>>anymore from the archives to test this hypothesis.
>>
>>
>
>Are you aware of snapshot.
>at which package version this regression in functionality took place.
>
>
>
No, I wasn't unfortunately. I needed it desparately.
>>The data below is not so accurate w.r.t the video card, since that has
>>been replaced in this machine. Sorry about that.
>>
>>
>
>We're simply going to have to have accurate information before we can proceed.
>
>[The following is a form letter.]
>
>
>
Thanks---I will try this. In a way I am happy that this problem now
occurs at home as well.
I was extremely frustrated finding a solution for my crashing X-server
at work, having spent more than a day on it very unsuccesfully.
Now I can spend some of my own time on the problem.
---david
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #6 |
Message-ID: <email address hidden>
Date: Wed, 08 Dec 2004 23:09:22 +0100
From: "David A. van Leeuwen" <email address hidden>
To: Branden Robinson <email address hidden>, <email address hidden>
Subject: Re: Bug#284448: xserver-xfree86: xserver (ATI or Radeon something
7500) crashes on variouslaunches of programcs from within X.
Branden Robinson wrote:
>If the justification is "unknown", it might as well not be present.
>
>
>
Sorry, this is my first bug report (after using debian for many years,
since 0.7 or so), and I believe the script suggested that.
>This bug is not a report of a Policy violation, nor does failure of the X
>server to work on a particular piece of video hardware -- notably one which you
>haven't actually identified -- constitute a bug which renders the package
>"unsuitable" for release.
>
>
>
unsuitable it is, therefore. But since today it has become worse. My
computer at home, with---from lspci:
0000:01:00.0 VGA compatible controller: Silicon Integrated Systems [SiS]
86C326 5598/6326 (rev d2)
---graphics card now shows the same behaviour.
X-Server crashes on rxvt launch from gnome panel. Happened several
times now. I had a xserver-
am using that now, hoping it won't die on my while composing the message...
>A crashing bug that affected all users of xserver-xfree86 would be a different
>story.
>
>
>
Well, so first there was the ati/radeon 7500 and now the SiS 6326.
>>The data below are not really applicable, because I've put in another
>>video card. I've spent more than a day re/configuring. Problem is,
>>that various launches (from gnome panel, from terminal) of various
>>programs (rxvt, galeon, wmware) cause the Xserver to crash. (I
>>sincerely hope) it is specific to the ati or radeon video card/driver
>>`ati' or `radeon'.
>>
>>
>
>Probably -- most crashing bugs are in hardware specific code, either in the 2D
>XFree86 driver, or the 3D DRI driver.
>
>
>
I believe I am not using 3D, not using DRI in the case of the ati/radeon
7500 (I commented the module out at some stage without positive effect).
>>I've used the ati video card happily without problems for over a year.
>>I had to change from stable to sarge because xfree 4.1.0 didn't
>>support the card. Since 3 dec 2004 somehow, X-server crashes. It
>>might have been the upgrade to 4.3.0.dfsg.1-8 at some upgrade to
>>`sarge' in the past, but I can't find any earlier problemless xserver
>>anymore from the archives to test this hypothesis.
>>
>>
>
>Are you aware of snapshot.
>at which package version this regression in functionality took place.
>
>
>
No, I wasn't unfortunately. I needed it desparately.
>>The data below is not so accurate w.r.t the video card, since that has
>>been replaced in this machine. Sorry about that.
>>
>>
>
>We're simply going to have to have accurate information before we can proceed.
>
>[The following is a form letter.]
>
>
>
Thanks---I will try this. In a way I am happy that this problem now
occurs at home as well.
I was extremely frustrated finding a solution for my crashing X-server
at ...
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#7 |
Branden Robinson wrote:
>tag 284448 + moreinfo upstream
>
>
>We're simply going to have to have accurate information before we can proceed.
>
>[The following is a form letter.]
>
>Can you reproduce the problem with xserver-
>
>
Situation is as follows:
- I can reproduce the bug with xserver-
/usr/bin/
- I cannot reproduce the bug with xserver-
- I can also not reproduce the bug running as root with
xserver-
- I can also not reproduce the bug with xserver-
This all holds for the SiS 6326 card at home.
I am sorry I can't reproduce the bug under the -dbg package. It all
seems to me that the xserver-
little broken. Maybe a recompile alone would solve my problems.
---david
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#8 |
On Sat, 2004-12-11 at 22:32 +0100, David A. van Leeuwen wrote:
>
> I am sorry I can't reproduce the bug under the -dbg package.
The logfile you attach does seem to be from the debugging X server
though?
--
Earthling Michel Dänzer | Debian (powerpc), X and DRI developer
Libre software enthusiast | http://
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #9 |
Message-Id: <email address hidden>
Date: Sat, 11 Dec 2004 18:41:31 -0500
From: Michel =?ISO-8859-
To: "David A. van Leeuwen" <email address hidden>, <email address hidden>
Cc: Branden Robinson <email address hidden>
Subject: Re: Bug#284448: xserver-xfree86: xserver (ATI or Radeon something
7500) crashes on variouslaunches of programcs from within X.
On Sat, 2004-12-11 at 22:32 +0100, David A. van Leeuwen wrote:
>=20
> I am sorry I can't reproduce the bug under the -dbg package.
The logfile you attach does seem to be from the debugging X server
though?
--=20
Earthling Michel D=C3=A4nzer | Debian (powerpc), X and DRI develop=
er
Libre software enthusiast | http://
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#10 |
Branden Robinson wrote:
> % gdb $(which XFree86-debug) core
>
>
>If you could send us something smiliar, that would be very helpful.
>
>
>
OK, I got it. After another upgrade to `testing' today, and a reboot
for a kernel parameter earlier today, My SiS6326 card started to crash
more consistently, even with the dfsg.1-4 package. So I tried the
-dbg_4.3.0.dfsg.1-8 package under root and unlimited core size, and
after a while trying I caught the crash.
I hope Mozilla (in which I can't seem to include text from a file---i
must attach---sorry) shows the bug report properly.
I've noticed that a typical behaviour is: server either crashes on one
of the first 10-or-so launches of clients (doesn't matter which), or it
doesn't, and then tends to live very long.
I hope this information help you.
---david
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#11 |
retitle 284448 xserver-xfree86: [sis] SEGV in memcpy() called from fs_read_list_info() on 86C326 5598/6326 rev 210
tag 284448 + upstream
thanks
On Wed, Dec 08, 2004 at 11:09:22PM +0100, David A. van Leeuwen wrote:
> Branden Robinson wrote:
>
> >If the justification is "unknown", it might as well not be present.
> >
> Sorry, this is my first bug report (after using debian for many years,
> since 0.7 or so), and I believe the script suggested that.
Hmm, okay. Well, this might be a difference of opinion between me and the
person who wrote that, so let's not worry about it for now. :)
> >This bug is not a report of a Policy violation, nor does failure of the
> >X server to work on a particular piece of video hardware -- notably one
> >which you haven't actually identified -- constitute a bug which renders
> >the package "unsuitable" for release.
> >
> >
> unsuitable it is, therefore. But since today it has become worse. My
> computer at home, with---from lspci:
> 0000:01:00.0 VGA compatible controller: Silicon Integrated Systems [SiS]
> 86C326 5598/6326 (rev d2)
> ---graphics card now shows the same behaviour.
>
> X-Server crashes on rxvt launch from gnome panel. Happened several
> times now. I had a xserver-
> am using that now, hoping it won't die on my while composing the message...
Apparently it didn't.
> >A crashing bug that affected all users of xserver-xfree86 would be a
> >different
> >story.
> >
> Well, so first there was the ati/radeon 7500 and now the SiS 6326.
We have been updating both the ati/radeon and sis drivers during the
4.3.0-* period.
There could be distinct issues with each driver, and you're unlucky enough
to see both of them.
Believe me, if the X server were completely busted for everyone, I'd know
it.
> I believe I am not using 3D, not using DRI in the case of the ati/radeon
> 7500 (I commented the module out at some stage without positive effect).
Okay.
I think we're looking at separate defects here. I'm going to repurpose this
bug to focus solely on the SiS issue.
--
G. Branden Robinson | It's extremely difficult to govern
Debian GNU/Linux | when you control all three branches
<email address hidden> | of government.
http://
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #12 |
Message-ID: <email address hidden>
Date: Wed, 15 Dec 2004 14:36:14 -0500
From: Branden Robinson <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: Re: Bug#284448: xserver-xfree86: xserver (ATI or Radeon something 7500) crashes on
variouslaunches of programcs from within X.
--zOcTNEe3AzgCmdo9
Content-Type: text/plain; charset=us-ascii
Content-
Content-
retitle 284448 xserver-xfree86: [sis] SEGV in memcpy() called from fs_read_=
list_info() on 86C326 5598/6326 rev 210
tag 284448 + upstream
thanks
On Wed, Dec 08, 2004 at 11:09:22PM +0100, David A. van Leeuwen wrote:
> Branden Robinson wrote:
>=20
> >If the justification is "unknown", it might as well not be present.
> >
> Sorry, this is my first bug report (after using debian for many years,=20
> since 0.7 or so), and I believe the script suggested that.
Hmm, okay. Well, this might be a difference of opinion between me and the
person who wrote that, so let's not worry about it for now. :)
> >This bug is not a report of a Policy violation, nor does failure of the
> >X server to work on a particular piece of video hardware -- notably one
> >which you haven't actually identified -- constitute a bug which renders
> >the package "unsuitable" for release.
> >=20
> >
> unsuitable it is, therefore. But since today it has become worse. My=20
> computer at home, with---from lspci:
> 0000:01:00.0 VGA compatible controller: Silicon Integrated Systems [SiS]=
=20
> 86C326 5598/6326 (rev d2)
> ---graphics card now shows the same behaviour.=20
>=20
> X-Server crashes on rxvt launch from gnome panel. Happened several=20
> times now. I had a xserver-
> am using that now, hoping it won't die on my while composing the message.=
=2E.
Apparently it didn't.
> >A crashing bug that affected all users of xserver-xfree86 would be a=20
> >different
> >story.
> >
> Well, so first there was the ati/radeon 7500 and now the SiS 6326.=20
We have been updating both the ati/radeon and sis drivers during the
4.3.0-* period.
There could be distinct issues with each driver, and you're unlucky enough
to see both of them.
Believe me, if the X server were completely busted for everyone, I'd know
it.
> I believe I am not using 3D, not using DRI in the case of the ati/radeon=
=20
> 7500 (I commented the module out at some stage without positive effect).
Okay.
I think we're looking at separate defects here. I'm going to repurpose this
bug to focus solely on the SiS issue.
--=20
G. Branden Robinson | It's extremely difficult to govern
Debian GNU/Linux | when you control all three branches
<email address hidden> | of government.
http://
--zOcTNEe3AzgCmdo9
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iEYEARECAAYFAkH
qtQAmwUaHE0WiDk
=uvNb
-----END ...
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#13 |
On Sun, Dec 12, 2004 at 11:11:44PM +0100, David A. van Leeuwen wrote:
> OK, I got it. After another upgrade to `testing' today, and a reboot
> for a kernel parameter earlier today, My SiS6326 card started to crash
> more consistently, even with the dfsg.1-4 package. So I tried the
> -dbg_4.3.0.dfsg.1-8 package under root and unlimited core size, and
> after a while trying I caught the crash.
>
> I hope Mozilla (in which I can't seem to include text from a file---i
> must attach---sorry) shows the bug report properly.
>
> I've noticed that a typical behaviour is: server either crashes on one
> of the first 10-or-so launches of clients (doesn't matter which), or it
> doesn't, and then tends to live very long.
>
> I hope this information help you.
Hmm, well, given your backtrace, I might have been wrong about this being
SiS-specific.
See below.
> (gdb) bt
> #0 0x400f46b1 in kill () from /lib/libc.so.6
> #1 0x400f4435 in raise () from /lib/libc.so.6
> #2 0x400f5978 in abort () from /lib/libc.so.6
> #3 0x0847454c in ddxGiveUp () at xf86Init.c:1173
> #4 0x0847462b in AbortDDX () at xf86Init.c:1224
> #5 0x08516e5f in AbortServer () at utils.c:436
> #6 0x085187eb in FatalError (
> f=0x8a36fa0 "Caught signal %d. Server aborting\n") at utils.c:1421
> #7 0x0848f646 in xf86SigHandler (signo=11) at xf86Events.c:1230
> #8 <signal handler called>
> #9 0x40142a1f in memcpy () from /lib/libc.so.6
> #10 0x0892a025 in fs_read_list_info (fpe=0x8bcf350, blockrec=0x8d65198)
> at fserve.c:2376
> #11 0x089286fc in fs_read_reply (fpe=0x8bcf350, client=0x0) at fserve.c:1310
> #12 0x08928810 in fs_wakeup (fpe=0x8bcf350, mask=0x8b57f60) at fserve.c:1349
> #13 0x0850ae1d in FontWakeup (data=0x0, count=1, LastSelectMask=
> at dixfonts.c:190
> #14 0x084e759f in WakeupHandler (result=1, pReadmask=
> at dixutils.c:459
> #15 0x085107cb in WaitForSomething (pClientsReady=
> #16 0x084de1dc in Dispatch () at dispatch.c:379
> #17 0x084f58c4 in main (argc=2, argv=0xbffffda4, envp=0xbffffdb0)
> at main.c:469
> (gdb) bt full -7
> #11 0x089286fc in fs_read_reply (fpe=0x8bcf350, client=0x0) at fserve.c:1310
> conn = 0x8bcf378
> blockrec = 0x8d65198
> ret = 1
> err = 85
> rep = (fsGenericReply *) 0x8bcf808
> #12 0x08928810 in fs_wakeup (fpe=0x8bcf350, mask=0x8b57f60) at fserve.c:1349
> LastSelectMask = (fd_set *) 0x8b57f60
> conn = 0x8bcf378
> #13 0x0850ae1d in FontWakeup (data=0x0, count=1, LastSelectMask=
> at dixfonts.c:190
> i = 0
> fpe = 0x8bcf350
> #14 0x084e759f in WakeupHandler (result=1, pReadmask=
> at dixutils.c:459
> i = 3
> j = 1074663374
> #15 0x085107cb in WaitForSomething (pClientsReady=
> i = 1
> waittime = {tv_sec = 30, tv_usec = 0}
> wt = (struct timeval *) 0xbffff8b0
> timeout = 599800
> standbyTimeout = 1199800
> suspendTimeout = 1799800
> offTimeout = 2399800
> clientsReadable = {fds_bits = {0 <repeats 32 times>}}
> clientsWritable = {fds_bits = {1, 34572, -1073743944, 137854978,
> 148262064, 2048, -1073743912, 1, 146208600, 146208600, -1073743912,
> 137858932, 148262296, 81928, 0, 10750...
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #14 |
Message-ID: <email address hidden>
Date: Wed, 15 Dec 2004 15:29:54 -0500
From: Branden Robinson <email address hidden>
To: <email address hidden>
Subject: Re: Bug#284448: Got it. back traced core dump
--+mSjbC2tVdWE/Wop
Content-Type: text/plain; charset=us-ascii
Content-
Content-
On Sun, Dec 12, 2004 at 11:11:44PM +0100, David A. van Leeuwen wrote:
> OK, I got it. After another upgrade to `testing' today, and a reboot=20
> for a kernel parameter earlier today, My SiS6326 card started to crash=20
> more consistently, even with the dfsg.1-4 package. So I tried the=20
> -dbg_4.3.0.dfsg.1-8 package under root and unlimited core size, and=20
> after a while trying I caught the crash.
>=20
> I hope Mozilla (in which I can't seem to include text from a file---i=20
> must attach---sorry) shows the bug report properly.
>=20
> I've noticed that a typical behaviour is: server either crashes on one=20
> of the first 10-or-so launches of clients (doesn't matter which), or it=
=20
> doesn't, and then tends to live very long.
>=20
> I hope this information help you.
Hmm, well, given your backtrace, I might have been wrong about this being
SiS-specific.
See below.
> (gdb) bt
> #0 0x400f46b1 in kill () from /lib/libc.so.6
> #1 0x400f4435 in raise () from /lib/libc.so.6
> #2 0x400f5978 in abort () from /lib/libc.so.6
> #3 0x0847454c in ddxGiveUp () at xf86Init.c:1173
> #4 0x0847462b in AbortDDX () at xf86Init.c:1224
> #5 0x08516e5f in AbortServer () at utils.c:436
> #6 0x085187eb in FatalError (
> f=3D0x8a36fa0 "Caught signal %d. Server aborting\n") at utils.c:1421
> #7 0x0848f646 in xf86SigHandler (signo=3D11) at xf86Events.c:1230
> #8 <signal handler called>
> #9 0x40142a1f in memcpy () from /lib/libc.so.6
> #10 0x0892a025 in fs_read_list_info (fpe=3D0x8bcf350, blockrec=
8)
> at fserve.c:2376
> #11 0x089286fc in fs_read_reply (fpe=3D0x8bcf350, client=3D0x0) at fserve=
=2Ec:1310
> #12 0x08928810 in fs_wakeup (fpe=3D0x8bcf350, mask=3D0x8b57f60) at fserve=
=2Ec:1349
> #13 0x0850ae1d in FontWakeup (data=3D0x0, count=3D1, LastSelectMask=
b57f60)
> at dixfonts.c:190
> #14 0x084e759f in WakeupHandler (result=3D1, pReadmask=
> at dixutils.c:459
> #15 0x085107cb in WaitForSomething (pClientsReady=
r.c:353
> #16 0x084de1dc in Dispatch () at dispatch.c:379
> #17 0x084f58c4 in main (argc=3D2, argv=3D0xbffffda4, envp=3D0xbffffdb0)
> at main.c:469
> (gdb) bt full -7
> #11 0x089286fc in fs_read_reply (fpe=3D0x8bcf350, client=3D0x0) at fserve=
=2Ec:1310
> conn =3D 0x8bcf378
> blockrec =3D 0x8d65198
> ret =3D 1
> err =3D 85
> rep =3D (fsGenericReply *) 0x8bcf808
> #12 0x08928810 in fs_wakeup (fpe=3D0x8bcf350, mask=3D0x8b57f60) at fserve=
=2Ec:1349
> LastSelectMask =3D (fd_set *) 0x8b57f60
> conn =3D 0x8bcf378
> #13 0x0850ae1d in FontWakeup (data=3D0x0, count=3D1, LastSelectMask=
b57f60)
> at dixfonts.c:190
> i =3D 0
> fpe =3D 0x8bcf350
> #14 0x084e759f in WakeupHandler (result=3D1, pReadmask=
> at dixutils.c:459
> i =3D 3
> j =3D 1074663374
> #15 0x085107cb in Wait...
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#15 |
Branden Robinson wrote:
>Hmm, well, given your backtrace, I might have been wrong about this being
>SiS-specific.
>
>
>
>>#7 0x0848f646 in xf86SigHandler (signo=11) at xf86Events.c:1230
>>#8 <signal handler called>
>>#9 0x40142a1f in memcpy () from /lib/libc.so.6
>>
>>
>Can you show us the output of "bt full -9" instead, please?
>
Sorry---I got the idea of `7' wrong.
There seems no debug info inthe memcpy() libc call.
---david
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #16 |
Message-ID: <email address hidden>
Date: Thu, 16 Dec 2004 10:29:12 +0100
From: "David A. van Leeuwen" <email address hidden>
To: Branden Robinson <email address hidden>, <email address hidden>
CC: <email address hidden>
Subject: Re: Bug#284448: Got it. back traced core dump
-------
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-
Branden Robinson wrote:
>Hmm, well, given your backtrace, I might have been wrong about this being
>SiS-specific.
>
>
>
>>#7 0x0848f646 in xf86SigHandler (signo=11) at xf86Events.c:1230
>>#8 <signal handler called>
>>#9 0x40142a1f in memcpy () from /lib/libc.so.6
>>
>>
>Can you show us the output of "bt full -9" instead, please?
>
Sorry---I got the idea of `7' wrong.
There seems no debug info inthe memcpy() libc call.
---david
-------
Content-Type: text/plain;
name="bt-9.out"
Content-
Content-
filename=
(gdb) bt full -9
#9 0x40142a1f in memcpy () from /lib/libc.so.6
No symbol table info available.
#10 0x0892a025 in fs_read_list_info (fpe=0x8bcf350, blockrec=0x8d65198)
at fserve.c:2376
binfo = 0x8d651b4
rep = (fsListFontsWit
buf = 0x10c3a3fc <Address 0x10c3a3fc out of bounds>
conn = 0x8bcf378
pi = (fsPropInfo *) 0x8bcf83c
po = (fsPropOffset *) 0x8bcf844
pd = 0x8bcf894
ret = 1
err = 146600824
#11 0x089286fc in fs_read_reply (fpe=0x8bcf350, client=0x0) at fserve.c:1310
conn = 0x8bcf378
blockrec = 0x8d65198
ret = 1
err = 85
rep = (fsGenericReply *) 0x8bcf808
#12 0x08928810 in fs_wakeup (fpe=0x8bcf350, mask=0x8b57f60) at fserve.c:1349
LastSelectMask = (fd_set *) 0x8b57f60
conn = 0x8bcf378
#13 0x0850ae1d in FontWakeup (data=0x0, count=1, LastSelectMask=
at dixfonts.c:190
i = 0
fpe = 0x8bcf350
#14 0x084e759f in WakeupHandler (result=1, pReadmask=
at dixutils.c:459
i = 3
j = 1074663374
#15 0x085107cb in WaitForSomething (pClientsReady=
i = 1
waittime = {tv_sec = 30, tv_usec = 0}
wt = (struct timeval *) 0xbffff8b0
timeout = 599800
standbyTimeout = 1199800
suspendTimeout = 1799800
offTimeout = 2399800
clientsReadable = {fds_bits = {0 <repeats 32 times>}}
clientsWritable = {fds_bits = {1, 34572, -1073743944, 137854978,
148262064, 2048, -1073743912, 1, 146208600, 146208600, -1073743912,
137858932, 148262296, 81928, 0, 1075039169, 146208600, 857, 0,
1075818748, 0, 1075818728, 1075818732, -1073743888, 1075818656,
1075818656, -1073743816, 1075039169, 1075818656, 0, 1053956, 1075818656}}
curclient = 16
selecterr = 0
nready = 1
devicesReadable = {fds_bits = {16, 0, 0, 0, 16, 148264696,
-1073744072, 139360755, 148264744, 148263348, 148263320, 146600824, 1,
148261712, -1073743752, 139511553, 148264744, 139510958, 148262504,
-1073743792, -1073743892, -1073743796, 0, 148262232, 7, 56, 1075818656,
1075815968, 1075818656, 1075818656, -1073743976, 1075035747}}
now = 43454
someReady = 0
#16 0x084de1dc in Dispatch () at dispatch.c:379
clientReady = (int *) 0xbffff8e4
result = 0
client ...
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
This looks like an Xlibs bug.
-----------
#10 0x0892a025 in fs_read_list_info (fpe=0x8bcf350, blockrec=0x8d65198)
at fserve.c:2376
binfo = 0x8d651b4
rep = (fsListFontsWit
buf = 0x10c3a3fc <Address 0x10c3a3fc out of bounds> <---
conn = 0x8bcf378
pi = (fsPropInfo *) 0x8bcf83c
po = (fsPropOffset *) 0x8bcf844
pd = 0x8bcf894 <------
ret = 1
err = 146600824
-----------
The source of Xfont/fc/fserve.c at this point (in fs_read_list_info)
looks like this:
if (conn->
{
memcpy (binfo->name, buf, rep->nameLength);
buf += _fs_pad_length (rep->nameLength);
}
pi = (fsPropInfo *) buf;
buf += SIZEOF (fsPropInfo);
po = (fsPropOffset *) buf;
buf += pi->num_offsets * SIZEOF (fsPropOffset);
pd = (pointer) buf; <------
buf += pi->data_len; <------
if (conn->
{
memcpy (binfo->name, buf, rep->nameLength);
buf += _fs_pad_length (rep->nameLength);
}
-----------
From the fact that "pd" is set to a legal value in the debugging
output, while "buf" (after adding "pi->data_len") is "out of bounds" I
would very much assume that "pi->data_len" contains garbage.
As regards why it does this, I have no idea.
Are these patches in the Debian SVN:
http://
http://
http://
Thomas
--
Thomas Winischhofer
Vienna/Austria
thomas AT winischhofer DOT net *** http://
twini AT xfree86 DOT org
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #18 |
Message-ID: <email address hidden>
Date: Fri, 17 Dec 2004 12:22:25 +0100
From: Thomas Winischhofer <email address hidden>
To: <email address hidden>
Subject: Re: Bug#284448: xserver-xfree86: xserver (ATI or Radeon something
7500) crashes on variouslaunches of programcs from within X.
This looks like an Xlibs bug.
-----------
#10 0x0892a025 in fs_read_list_info (fpe=0x8bcf350, blockrec=0x8d65198)
at fserve.c:2376
binfo = 0x8d651b4
rep = (fsListFontsWit
buf = 0x10c3a3fc <Address 0x10c3a3fc out of bounds> <---
conn = 0x8bcf378
pi = (fsPropInfo *) 0x8bcf83c
po = (fsPropOffset *) 0x8bcf844
pd = 0x8bcf894 <------
ret = 1
err = 146600824
-----------
The source of Xfont/fc/fserve.c at this point (in fs_read_list_info)
looks like this:
if (conn->
{
memcpy (binfo->name, buf, rep->nameLength);
buf += _fs_pad_length (rep->nameLength);
}
pi = (fsPropInfo *) buf;
buf += SIZEOF (fsPropInfo);
po = (fsPropOffset *) buf;
buf += pi->num_offsets * SIZEOF (fsPropOffset);
pd = (pointer) buf; <------
buf += pi->data_len; <------
if (conn->
{
memcpy (binfo->name, buf, rep->nameLength);
buf += _fs_pad_length (rep->nameLength);
}
-----------
From the fact that "pd" is set to a legal value in the debugging
output, while "buf" (after adding "pi->data_len") is "out of bounds" I
would very much assume that "pi->data_len" contains garbage.
As regards why it does this, I have no idea.
Are these patches in the Debian SVN:
http://
http://
http://
Thomas
--
Thomas Winischhofer
Vienna/Austria
thomas AT winischhofer DOT net *** http://
twini AT xfree86 DOT org
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#19 |
Maybe this helps in tracing the bug:
(gdb) up 10
#10 0x0892a025 in fs_read_list_info (fpe=0x8bcf350, blockrec=0x8d65198)
at fserve.c:2376
2376 in fserve.c
(gdb) p *pi
$1 = {num_offsets = 4, data_len = 134654824}
so it seems pi->data_len is fairly huge, maybe it is not initialized
earlier?
---david
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #20 |
Message-ID: <email address hidden>
Date: Sun, 26 Dec 2004 12:08:28 +0100
From: "David A. van Leeuwen" <email address hidden>
To: <email address hidden>
CC: <email address hidden>
Subject: more info on SEGV in memcpy
Maybe this helps in tracing the bug:
(gdb) up 10
#10 0x0892a025 in fs_read_list_info (fpe=0x8bcf350, blockrec=0x8d65198)
at fserve.c:2376
2376 in fserve.c
(gdb) p *pi
$1 = {num_offsets = 4, data_len = 134654824}
so it seems pi->data_len is fairly huge, maybe it is not initialized
earlier?
---david
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#21 |
reassign 284448 xfree86
retitle 284448 xfree86: font library has very poor bounds-checking and can SEGV xfs and the X server
tag 284448 = upstream fixed-upstream patch
thanks
On Fri, Dec 17, 2004 at 12:22:25PM +0100, Thomas Winischhofer wrote:
> This looks like an Xlibs bug.
Yeah, it's one of those annoying static libraries that is linked both into
xfs and the X server.
> From the fact that "pd" is set to a legal value in the debugging
> output, while "buf" (after adding "pi->data_len") is "out of bounds" I
> would very much assume that "pi->data_len" contains garbage.
>
> As regards why it does this, I have no idea.
>
> Are these patches in the Debian SVN:
>
> http://
> http://
> http://
No. Fortunately all of the above predate the XFree86 1.1 relicensing.
I'm attaching a patch that should be bolted onto
debian/
--
G. Branden Robinson | Damnit, we're all going to die;
Debian GNU/Linux | let's die doing something *useful*!
<email address hidden> | -- Hal Clement, on comments that
http://
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #22 |
Message-ID: <email address hidden>
Date: Fri, 25 Mar 2005 20:13:45 -0500
From: Branden Robinson <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: Re: Bug#284448: xserver-xfree86: xserver (ATI or Radeon something 7500) crashes on
variouslaunches of programcs from within X.
--1fZJyN7nFm/tosmV
Content-Type: multipart/mixed; boundary=
Content-
--KC+fneiph5CALyUl
Content-Type: text/plain; charset=us-ascii
Content-
Content-
reassign 284448 xfree86
retitle 284448 xfree86: font library has very poor bounds-checking and can =
SEGV xfs and the X server
tag 284448 =3D upstream fixed-upstream patch
thanks
On Fri, Dec 17, 2004 at 12:22:25PM +0100, Thomas Winischhofer wrote:
> This looks like an Xlibs bug.
Yeah, it's one of those annoying static libraries that is linked both into
xfs and the X server.
> From the fact that "pd" is set to a legal value in the debugging=20
> output, while "buf" (after adding "pi->data_len") is "out of bounds" I=20
> would very much assume that "pi->data_len" contains garbage.
>=20
> As regards why it does this, I have no idea.
>=20
> Are these patches in the Debian SVN:
>=20
> http://
=2E22&r2=3D3.22.2.1
> http://
=2E23&r2=3D3.24
> http://
2=3D3.27
No. Fortunately all of the above predate the XFree86 1.1 relicensing.
I'm attaching a patch that should be bolted onto
debian/
--=20
G. Branden Robinson | Damnit, we're all going to die;
Debian GNU/Linux | let's die doing something *useful*!
<email address hidden> | -- Hal Clement, on comments that
http://
--KC+fneiph5CALyUl
Content-Type: text/plain; charset=us-ascii
Content-
Content-
3.25 +52 -2 xc/lib/
603. Add font bounds checking to the X server side of the font server
interface (Chisato Yamauchi, David Dawes).
3.26 +18 -35 xc/lib/
Combine two sets of bounds tests into one. (Chisato Yamauchi)
3.27 +2 -2 xc/lib/
Fix potential segfault.
Index: xc/lib/
=3D=3D=
=3D=3D=
=3D=3D=
RCS file: /cvs/xc/
retrieving revision 3.22.2.1
retrieving revision 3.27
diff -u -r3.22.2.1 -r3.27
--- xc/lib/
+++ xc/lib/
@@ -24,7 +24,7 @@
in this Software without prior written authorization from The Open Group.
=20
*/
-/* $XFree86: xc/lib/
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#23 |
# Automatically generated email from bts, devscripts version 2.8.14
# fixed in Debian X Strike Force XFree86 repository; to view, run "svn diff -r 2242:2243 svn://necrotic.
tags 284448 + pending
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#24 |
Source: xfree86
Source-Version: 4.3.0.dfsg.1-13
We believe that the bug you reported is fixed in the latest version of
xfree86, which is due to be installed in the Debian FTP archive:
lbxproxy_
to pool/main/
libdps-
to pool/main/
libdps1-
to pool/main/
libdps1_
to pool/main/
libice-
to pool/main/
libice6-
to pool/main/
libice6_
to pool/main/
libsm-dev_
to pool/main/
libsm6-
to pool/main/
libsm6_
to pool/main/
libx11-
to pool/main/
libx11-
to pool/main/
libx11-
to pool/main/
libxaw6-
to pool/main/
libxaw6-
to pool/main/
libxaw6_
to pool/main/
libxaw7-
to pool/main/
libxaw7-
to pool/main/
libxaw7_
to pool/main/
libxext-
to pool/main/
libxext6-
to pool/main/
libxext6_
to pool/main/
libxft1-
to pool/main/
libxft1_
to pool/main/
libxi-dev_
to pool/main/
libxi6-
to pool/main/
libxi6_
to pool/main/
libxmu-
to pool/main/
libxmu6-
to pool/main/
libxmu6_
to pool/main/
libxmuu-
to pool/main/
libxmuu1-
to pool...
Changed in xfree86: | |
status: | Unknown → Fix Released |
Automatically imported from Debian bug report #284448 http:// bugs.debian. org/284448