Ubuntu
xorg-server package

Xephyr crashes with Segmentation fault in fbOddTile/memcpy() on LPIA arch

Bug #298868 reported by ooze
2
Affects Status Importance Assigned to Milestone
xorg-server (Ubuntu)
Expired
High
Unassigned

Bug Description

When trying to run `xephyr :1` on Intrepid LPIA, the Xephyr window shows up but then crashes immediately. This is a completely new virtual machine built with the command

ubuntu-vm-builder kvm intrepid -v --arch lpia --debug

This is more information about the setup;

uname -a
Linux ubuntu 2.6.24-4-lpia #1 SMP Fri Oct 24 13:13:03 UTC 2008 i686 GNU/Linux

ii xserver-xephyr 2:1.5.2-2ubuntu3 nested X server

[backtrace]
#0 0xb7bf9106 in memcpy () from /lib/libc.so.6
No symbol table info available.
#1 0x093536c0 in ?? ()
No symbol table info available.
#2 0x080d4a46 in fbOddTile (dst=0xb79bd000, dstStride=640, dstX=0,
    width=20480, height=116, tile=0x93536c0, tileStride=4, tileWidth=128,
    tileHeight=4, alu=3, pm=4294967295, bpp=32, xRot=0, yRot=0)
    at ../../fb/fbtile.c:152
 tileX = 1
 tileY = <value optimized out>
 widthTmp = -1213603840
 h = 4
 w = 154482368
 x = 0
 y = 360
#3 0x080d4af0 in fbTile (dst=0xb79bd000, dstStride=640, dstX=0,
    width=20480, height=480, tile=0x93536c0, tileStride=4, tileWidth=128,
    tileHeight=4, alu=3, pm=4294967295, bpp=32, xRot=0, yRot=0)
    at ../../fb/fbtile.c:200
No locals.
#4 0x080ccb9a in fbFill (pDrawable=0x92df0d0, pGC=0x92deee8, x=0, y=0,
    width=640, height=480) at ../../fb/fbfill.c:147
 pTile = <value optimized out>
 dst = (FbBits *) 0xb79bd000
 dstStride = 640
 dstBpp = <value optimized out>
 dstXoff = 0
 dstYoff = 0
 pPriv = (FbGCPrivPtr) 0x92def6c
#5 0x080ccf47 in fbPolyFillRect (pDrawable=0x92df0d0, pGC=0x92deee8,
    nrect=0, prect=0x9359768) at ../../fb/fbfillrect.c:77
 pClip = (RegionPtr) 0x92df100
 pbox = <value optimized out>
 extentX1 = 0
 extentX2 = 640
 extentY1 = 0
 extentY2 = 480
 fullX1 = 0
 fullX2 = 640
 fullY1 = 0
 fullY2 = 480
 partX1 = <value optimized out>
 partX2 = <value optimized out>
 partY1 = <value optimized out>
 partY2 = <value optimized out>
 xorg = 0
 yorg = 0
 n = 0
#6 0x08174875 in damagePolyFillRect (pDrawable=0x92df0d0, pGC=0x92deee8,
    nRects=1, pRects=0x9359768) at ../../../miext/damage/damage.c:1337
 pGCPriv = (DamageGCPrivPtr) 0x92def54
 oldFuncs = (GCFuncs *) 0x81ecec0
#7 0x080e3af1 in miPaintWindow (pWin=0x92df0d0, prgn=0xbfe99b38, what=0)
    at ../../mi/miexpose.c:646
 pScreen = <value optimized out>
 gcval = {{val = 3, ptr = 0x3}, {val = 1, ptr = 0x1}, {
    val = 154482320, ptr = 0x9353690}, {val = 0, ptr = 0x0}, {val = 0,
    ptr = 0x0}}
 gcmask = <value optimized out>
 pGC = (GCPtr) 0x92deee8
 i = -1
 pbox = <value optimized out>
 prect = (xRectangle *) 0x9359768
 numRects = 1
 draw_x_off = 0
 draw_y_off = 0
 tile_x_off = <value optimized out>
 tile_y_off = <value optimized out>
 fill = <value optimized out>
 drawable = (DrawablePtr) 0x92df0d0
#8 0x080e3e58 in miWindowExposures (pWin=0x92df0d0, prgn=0xbfe99b38,
    other_exposed=0x0) at ../../mi/miexpose.c:517
 expRec = {extents = {x1 = -25800, y1 = -16407, x2 = -3840,
    y2 = 2349}, data = 0x92de768}
 exposures = (RegionPtr) 0xbfe99b38
#9 0x08093c37 in MapWindow (pWin=0x92df0d0, client=0x92cd580)
    at ../../dix/window.c:2838
 temp = {extents = {x1 = 0, y1 = 0, x2 = 640, y2 = 480}, data = 0x0}
 pScreen = (ScreenPtr) 0x92d1cd8
 pParent = (WindowPtr) 0x0
 dosave = <value optimized out>
 pLayerWin = <value optimized out>
#10 0x08093e45 in InitRootWindow (pWin=0x92df0d0) at ../../dix/window.c:492
 pScreen = (ScreenPtr) 0x92d1cd8
#11 0x0808e81d in main (argc=2, argv=0xbfe99c94, envp=Cannot access memory at address 0xc
)
    at ../../dix/main.c:422
 i = 1
 error = 134800406
 xauthfile = <value optimized out>
 alwaysCheckForInput = {0, 1}

[lspci]
00:00.0 Host bridge [0600]: Intel Corporation 440FX - 82441FX PMC [Natoma] [8086:1237] (rev 02)
00:02.0 VGA compatible controller [0300]: Cirrus Logic GD 5446 [1013:00b8]

See original description
Revision history for this message
Bryce Harrington (bryce) wrote : Re: Xephyr crashes with Segmentation fault on LPIA arch

[This is an automated message]

Hi philippe-gauthier,

Please attach the output of `lspci -vvnn`, and attach your /var/log/Xorg.0.log file from after reproducing this issue. If you've made any customizations to your /etc/X11/xorg.conf please attach that as well.

Changed in xorg-server:
status: New → Incomplete
Revision history for this message
ooze (zoe-gauthier) wrote :
Revision history for this message
ooze (zoe-gauthier) wrote :
Bryce Harrington (bryce)
Changed in xorg-server:
status: Incomplete → Confirmed
Revision history for this message
Bryce Harrington (bryce) wrote :

Thanks for those files. Could you please collect a full backtrace - see http://wiki.ubuntu.com/X/Backtracing for directions.

Changed in xorg-server:
status: Confirmed → Incomplete
Revision history for this message
ooze (zoe-gauthier) wrote :
Bryce Harrington (bryce)
Changed in xorg-server:
importance: Undecided → Medium
status: Incomplete → Confirmed
Revision history for this message
Bryce Harrington (bryce) wrote :

Thanks for the backtrace Philippe. This indicates what function the crash occurred, however doesn't give us much in the way of state. The crashes are definitely happening in xserver code rather than in the driver, which is good in a way since we may have a chance at solving it, but it would be helpful to have the additional information a full backtrace would provide. Could you please install the dbg packages for xserver, reproduce the crash in gdb, and collect a 'backtrace full'? See http://wiki.ubuntu.com/X/Backtracing for more guidance.

description: updated
Changed in xorg-server:
status: Confirmed → Incomplete
Bryce Harrington (bryce)
description: updated
Revision history for this message
ooze (zoe-gauthier) wrote :
Revision history for this message
Bryce Harrington (bryce) wrote :

Thanks, that looks much better.

Looks like it's crashing in the memcpy from fbBlt. This looks like the same pattern as bug 337608 although the particulars of the backtrace differ so not certain that it's a dupe.

description: updated
Changed in xorg-server (Ubuntu):
importance: Medium → High
status: Incomplete → Triaged
Revision history for this message
Bryce Harrington (bryce) wrote :

Like with 337608, I'm not sure how to debug this further; should probably go upstream next.

Bryce Harrington (bryce)
tags: added: intrepid
Revision history for this message
Bryce Harrington (bryce) wrote :

[This is an automatic notification.]

Hi Philippe,

This bug was reported against an earlier version of Ubuntu, can you
test if it still occurs on Lucid?

Please note we also provide technical support for older versions of
Ubuntu, but not in the bug tracker. Instead, to raise the issue through
normal support channels, please see:

    http://www.ubuntu.com/support

If you are the original reporter and can still reproduce the issue on
Lucid, please run the following command to refresh the report:

  apport-collect 298868

If you are not the original reporter, please file a new bug report, so
we can work with you as the original reporter instead (you can reference
bug 298868 in your report if you think it may be related):

  ubuntu-bug xorg

If by chance you can no longer reproduce the issue on Lucid or if you
feel it is no longer relevant, please mark the bug report 'Fix Released'
or 'Invalid' as appropriate, at the following URL:

  https://bugs.launchpad.net/ubuntu/+bug/298868

Changed in xorg-server (Ubuntu):
status: Triaged → Incomplete
tags: added: needs-retested-on-lucid-by-june
Bryce Harrington (bryce)
tags: added: hardy
Revision history for this message
Bryce Harrington (bryce) wrote :

We're closing this bug since it is has been some time with no response from the original reporter. However, if the issue still exists please feel free to reopen with the requested information. Also, if you could, please test against the latest development version of Ubuntu, since this confirms the bug is one we may be able to pass upstream for help.

Changed in xorg-server (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.