NetBSD Problem Report #38099

From martin@duskware.de  Sun Feb 24 19:32:25 2008
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id ADFF563B853
	for <gnats-bugs@gnats.netbsd.org>; Sun, 24 Feb 2008 19:32:25 +0000 (UTC)
Message-Id: <20080224192950.8C70D63B853@narn.NetBSD.org>
Date: Sun, 24 Feb 2008 19:29:50 +0000 (UTC)
From: frank@phoenix.owl.de
Reply-To: frank@phoenix.owl.de
To: netbsd-bugs-owner@NetBSD.org
Subject: Xamiga crash with 16-bit screen modes
X-Send-Pr-Version: www-1.0

>Number:         38099
>Category:       port-amiga
>Synopsis:       Xamiga crash with 16-bit screen modes
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    port-amiga-maintainer
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Feb 24 19:35:00 +0000 2008
>Closed-Date:    Thu May 22 09:11:46 +0000 2008
>Last-Modified:  Thu May 22 09:11:46 +0000 2008
>Originator:     Frank Wille
>Release:        NetBSD/amiga 4.0 Release
>Organization:
>Environment:
A3000, CSPPC 060/50, 128+16 MB Fast RAM, Cybervision 64

>Description:
Segmentation fault on "startx", when using a 16-bit screen mode on the Cybervision 64 (probably other graphics boards as well). A simple window manager like twm is enough to get the crash.

The graphics display opens in the correct resolution and depth, but crashes before the X-server can paint the initial window background.

The X-server "Xamiga" segfaults and a core dump provides the following information. Stack frame backtrace:

#0  0x00091be2 in cfb16FillBoxTile32sCopy ()
#1  0x0008a8b0 in cfb16FillBoxTileOdd ()
#2  0x00088222 in cfb16PaintWindow ()
#3  0x0010ed34 in miWindowExposures ()
#4  0x00025fc0 in MapWindow ()
#5  0x00026106 in InitRootWindow ()
#6  0x0000686a in main ()
#7  0x00005de4 in __start ()

The registers:

d0             0x0      0
d1             0x2      2
d2             0x1      1
d3             0x178500 1541376
d4             0x5      5
d5             0xdffecb4        234876084
d6             0x60dec  396780
d7             0x2037c  131964
a0             0x0      0x0
a1             0x178500 0x178500
a2             0x178500 0x178500
a3             0xdffebe0        0xdffebe0
a4             0x0      0x0
a5             0x0      0x0
fp             0xdffeb08        0xdffeb08
sp             0xdffea9c        0xdffea9c
ps             0x4      0x4
pc             0x91be2  0x91be2
fpcontrol      0x0      0x0
fpstatus       0x8      0x8
fpiaddr        0x81b60ce        0x81b60ce

Disassembly of the crash location:
[...]
0x91bd4 <cfb16FillBoxTile32sCopy+56>:   moveal %a1@(16),%a0
0x91bd8 <cfb16FillBoxTile32sCopy+60>:   movel %a1,%sp@-
0x91bda <cfb16FillBoxTile32sCopy+62>:   moveal %a0@(372),%a0
0x91bde <cfb16FillBoxTile32sCopy+66>:   jsr %a0@
0x91be0 <cfb16FillBoxTile32sCopy+68>:   addql #4,%sp
0x91be2 <cfb16FillBoxTile32sCopy+70>:   movel %a0@(32),%fp@(-24)  <-- HERE
[...]

Whatever function is called from cfb16FillBoxTile32sCopy() returns a NULL pointer, which leads to the seg-fault when dereferencing it.

My tests with different Xamiga releases have shown that the Xamiga from the NetBSD 1.6 release was the last one which worked with 16 bit screen modes. The segmentation fault occurs with 2.0.2, 3.1.1 and 4.0!

>How-To-Repeat:
frank@phoenix grfconfig /dev/grf5
 1: 800x600x8   57.0kHz @ 92Hz flags: +hsync +vsync
 2: 800x600x16  57.8kHz @ 90Hz flags: +hsync +vsync
 3: 1024x768x8  72.8kHz @ 92Hz flags: default
 4: 1024x768x16 67.2kHz @ 83Hz flags: default
 5: 1152x900x8  68.9kHz @ 74Hz flags: default
 6: 1152x900x16 62.1kHz @ 66Hz flags: default
Console: 640x480 (80x60)        31.2kHz @ 59Hz flags: default
frank@phoenix cat .xserverrc 
X -dev /dev/grf5 -mode 2

frank@phoenix startx

The XKEYBOARD keymap compiler (xkbcomp) reports:
> Error:            Can't find file "amiga" for symbols include
>                   Exiting
>                   Abandoning symbols file "usa1"
Errors from xkbcomp are not fatal to the X server
Could not init font path element /usr/X11R6/lib/X11/fonts/CID/, removing from list!
X connection to :0.0 broken (explicit kill or server shutdown).
[1]   Segmentation fault      X -dev /dev/grf5...

>Fix:
None known.

>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->closed
State-Changed-By: is@NetBSD.org
State-Changed-When: Thu, 22 May 2008 09:11:46 +0000
State-Changed-Why:
Submitter reported he can't reproduce it anymore.


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.