Hi there again, another X server crash when working with XI2 master devices, this time it's reproducible :-). So, what happens is: * create a new MD * set it as clientpointer for some (special) window * removeMD * BAAM! Ok, what does 'special' mean? It works with the root window, for instance, but crashes with a GNOME3 terminal. I can reproduce the crash 100% when running GNOME3 in failsafe mode (with metacity) on debian testing like this: $ gcc -L/usr/X11R6/lib -lX11 -lXi crashme.c $ xwininfo | grep "Window id" | awk '{print $4}' | xargs ./a.out select a GNOME terminal. see it crash. Attached is the server log and the crasher program. I can give more info on installed software versions when needed
Created attachment 53765 [details] log of crashed session
Created attachment 53766 [details] minimal sample program exercising the crash
[ 38328.188] [dix] ClientPointer not paired with a keyboard. This is a bug. [ 38328.275] Backtrace: [ 38328.348] 0: /usr/bin/Xorg (xorg_backtrace+0x26) [0x7f00fb71f8f6] [ 38328.349] 1: /usr/bin/Xorg (0x7f00fb59b000+0x188559) [0x7f00fb723559] [ 38328.349] 2: /lib/x86_64-linux-gnu/libpthread.so.0 (0x7f00fa8c3000+0xf020) [0x7f00fa8d2020] [ 38328.349] 3: /usr/bin/Xorg (0x7f00fb59b000+0x13d5a0) [0x7f00fb6d85a0] [ 38328.349] 4: /usr/bin/Xorg (WriteEventsToClient+0x8b) [0x7f00fb5f691b] [ 38328.349] 5: /usr/bin/Xorg (TryClientEvents+0x106) [0x7f00fb5f6c46] [ 38328.349] 6: /usr/bin/Xorg (DeliverEventsToWindow+0x31b) [0x7f00fb5fa39b] [ 38328.350] 7: /usr/bin/Xorg (0x7f00fb59b000+0x11be0a) [0x7f00fb6b6e0a] [ 38328.350] 8: /usr/bin/Xorg (0x7f00fb59b000+0x11be70) [0x7f00fb6b6e70] [ 38328.350] 9: /usr/bin/Xorg (0x7f00fb59b000+0x49dbd) [0x7f00fb5e4dbd] [ 38328.350] 10: /usr/bin/Xorg (DisableDevice+0x229) [0x7f00fb5e62b9] [ 38328.350] 11: /usr/bin/Xorg (0x7f00fb59b000+0x123688) [0x7f00fb6be688] [ 38328.350] 12: /usr/bin/Xorg (0x7f00fb59b000+0x51f59) [0x7f00fb5ecf59] [ 38328.351] 13: /usr/bin/Xorg (0x7f00fb59b000+0x411ba) [0x7f00fb5dc1ba] [ 38328.351] 14: /lib/x86_64-linux-gnu/libc.so.6 (__libc_start_main+0xfd) [0x7f00f95eeead] [ 38328.351] 15: /usr/bin/Xorg (0x7f00fb59b000+0x414ad) [0x7f00fb5dc4ad] [ 38328.351] Segmentation fault at address 0x1a0 [ 38328.351]
Created attachment 53926 [details] [review] 0001-Xi-when-removing-a-device-reset-ClientPointers-where.patch First half, fixes the crash but now I get a crash in the xfixes code that can't handle NULL cursors.
The two patches: http://patchwork.freedesktop.org/patch/8018/ http://patchwork.freedesktop.org/patch/8019/ (same as attachment 53926 [details] [review])
I believe this is fixed on master. Blocking 1.11 as I want to pull this fix into 1.11 as well.
In 1.11-branch
Master commits: d2ebbcdaf6b13d70eee704b1764ff349e1be22a0 and 372a6f10dc2d74d2d179e8b92449e9b8636a99ef 1.11 commits: 20efd3c15829d8fbb3610d5af41b67a627e63d21 and 8c73f6bcbdc04380cc41d9f6dc7e849c7c4f9298
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.