-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all,
In wmii-3.1, it is possible to overload libixp with lots of 9P
traffic, maintained _continuously_ for about a minute, such that it
freezes. Attached is a GDB backtrace of the frozen state.
You can reproduce this bug via the following steps.
1. Open two xterms in the same column.
2. Run "wmiir read /event" in the first xterm, so you can see what
is happening.
3. Run the following command in the second xterm. (Increase the
value of the $LOAD variable if this is not enough to freeze libixp
on your system.)
LOAD=100; for i in `seq $LOAD`; do echo $i; (while :; do echo 'Key
Mod1-j' | wmiir write /event; done)& done
4. Wait until all the subprocesses have been spawned (hopefully wmii
will have frozen by now).
5. Verify that wmii has frozen by running "wmiir read /" and
noticing that no output is produced. Also, your shortcuts will not
produce any effect.
Thanks for your attention.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFD64xmV9O7RYnKMcRAtjLAJ0bMFCHusvf/64MMAtOoSqDKwri6wCfQXHs
UhO0LLxf7qc4Az4y/xnEHkQ=
=2IQP
-----END PGP SIGNATURE-----
(gdb) bt
#0 0xffffe410 in __kernel_vsyscall ()
#1 0xb7ea25c3 in write () from /lib/tls/i686/cmov/libc.so.6
#2 0x08061554 in ixp_send_message (fd=5, msg=0x8067680, msize=22,
errstr=0xbfe3ee70) at transport.c:26
#3 0x08060b7d in ixp_server_respond_fcall (c=0x80a0c90, fcall=0x80a0ca8)
at server.c:132
#4 0x0805858a in write_event (event=0xbfe3ef94 "Key Mod1-j\n") at fs.c:1603
#5 0x080581f1 in xwrite (c=0x80ae638, fcall=0x80641e0) at fs.c:1525
#6 0x0805840a in do_fcall (c=0x80ae638) at fs.c:1573
#7 0x080609aa in handle_conns (s=0x806f7a0) at server.c:80
#8 0x08060a47 in ixp_server_loop (s=0x806f7a0) at server.c:99
#9 0x0805d4a1 in main (argc=3, argv=0xbfe3f294) at wm.c:352
(gdb) bt full
#0 0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1 0xb7ea25c3 in write () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#2 0x08061554 in ixp_send_message (fd=5, msg=0x8067680, msize=22,
errstr=0xbfe3ee70) at transport.c:26
num = 0
r = 24
#3 0x08060b7d in ixp_server_respond_fcall (c=0x80a0c90, fcall=0x80a0ca8)
at server.c:132
errstr = 0x0
msize = 22
#4 0x0805858a in write_event (event=0xbfe3ef94 "Key Mod1-j\n") at fs.c:1603
m = (IXPMap *) 0x809e888
c = (IXPConn *) 0x80a0c90
i = 2
#5 0x080581f1 in xwrite (c=0x80ae638, fcall=0x80641e0) at fs.c:1525
buf = "Key Mod1-j\n\000\000\000\000\000XC�hC�\000\000\002\000P\001\000\000\000\000\000\000�-\000\000XC� C�,\000\000 C�0���g� C��*�XC�\b\000\000\000\000\000\000\000P\001\000\000(C�\002\000\000\000\020\000\000\000(����\005\b\213v\006\b\006\000\000\000\000\000\000\000\000\000\023\000(�㿺�\005\b\214v\006\b\000\000\000\000\000\000\023\000q*�h��\036\000\000\000\204v\006\bC%�\030---Type <return> to continue, or q <return> to quit---
\000\000\000�\025\006\b\b\000\000\000\204v\006\b\036\000\000\000\030", '\0' <repeats 11 times>, "h��\030"...
tmp = 0x80676a2 ""
m = (IXPMap *) 0x80b12c8
i = 134613806
i1 = 0
i2 = 0
i3 = 0
dir_type = 0 '\0'
type = 19 '\023'
len = 134641280
f = (Frame *) 0x2000
cl = (Client *) 0xbfe3f0c0
#6 0x0805840a in do_fcall (c=0x80ae638) at fs.c:1573
fcall = {id = 118 'v', tag = 65535, fid = 75920, maxmsg = 8192,
version = "9P2000", '\0' <repeats 25 times>, oldtag = 0,
errstr = "file not found", '\0' <repeats 113 times>, qid = {type = 0 '\0',
version = 0, path = 5348024557502464, dir_type = 0 '\0'}, iounit = 2048,
aqid = {type = 0 '\0', version = 0, path = 0, dir_type = 0 '\0'},
afid = 4294967295, uname = "sun", '\0' <repeats 28 times>,
aname = '\0' <repeats 127 times>, perm = 128,
name = "status", '\0' <repeats 121 times>, mode = 1 '\001', newfid = 75920,
---Type <return> to continue, or q <return> to quit---
nwname = 1, wname = {"event", '\0' <repeats 122 times>,
"sel\000us\000\000\000s", '\0' <repeats 117 times>,
"ctl\000\000s", '\0' <repeats 121 times>,
'\0' <repeats 127 times> <repeats 13 times>}, nwqid = 1, wqid = {{
type = 0 '\0', version = 0, path = 5348024557502464, dir_type = 0 '\0'},
{type = 128 '\200', version = 0, path = 844429225230336,
dir_type = 0 '\0'}, {type = 0 '\0', version = 0,
path = 5629503829311488, dir_type = 0 '\0'}, {type = 0 '\0',
version = 0, path = 0, dir_type = 0 '\0'} <repeats 13 times>},
offset = 0, count = 11, stat = {type = 0, dev = 0, qid = {type = 0 '\0',
version = 0, path = 0, dir_type = 0 '\0'}, mode = 0, atime = 0,
mtime = 0, length = 0, name = '\0' <repeats 127 times>,
uid = '\0' <repeats 31 times>, gid = '\0' <repeats 31 times>,
muid = '\0' <repeats 31 times>}, nstat = 0,
data = "Key Mod1-j\n01:17:00 PDT 2006 20.27 7.98 3.40d\nMod1-f\nMod1-s\nMod1-m\nMod1-a\nMod1-p\nMod1-t\nMod1-0\nMod1-1\nMod1-2\nMod1-3\nMod1-4\nMod1-5\nMod1-6\nMod1-7\nMod1-8\nMod1-9\nMod1-Return\nMod1-Shift-h\nMod1-Shift-l\nMod1"...}
msize = 34
errstr = 0x0
#7 0x080609aa in handle_conns (s=0x806f7a0) at server.c:80
i = 11
#8 0x08060a47 in ixp_server_loop (s=0x806f7a0) at server.c:99
---Type <return> to continue, or q <return> to quit---
r = 1
#9 0x0805d4a1 in main (argc=3, argv=0xbfe3f294) at wm.c:352
i = 4
checkwm = 0
address = 0xbfe3f9f5 "unix"
errstr = 0x0
wa = {background_pixmap = 1, background_pixel = 24641422,
border_pixmap = 3219386944, border_pixel = 3086139392,
bit_gravity = 134516522, win_gravity = 0, backing_store = -1075578389,
backing_planes = 3085862014, backing_pixel = 134521697,
save_under = 134625696, event_mask = 1605640,
do_not_propagate_mask = 134519521, override_redirect = 1,
colormap = 3219387044, cursor = 4194309}
(gdb)
Received on Tue Sep 19 2006 - 10:45:57 UTC
This archive was generated by hypermail 2.2.0 : Sun Jul 13 2008 - 16:14:05 UTC