Random crash, I don't have a way to reliably reproduce this one, it usually takes about an hour of easystroke running to reproduce. Program terminated with signal 11, Segmentation fault. #0 0x080866d2 in FindChildForEvent (dev=0xbc36a40, event=0xb9de408) at ../../dix/events.c:2222 2222 if (w->parent == event) (gdb) bt #0 0x080866d2 in FindChildForEvent (dev=0xbc36a40, event=0xb9de408) at ../../dix/events.c:2222 #1 0x08086731 in FixUpEventFromWindow (pDev=0xbc36a40, xE=0xc489bb8, pWin=0xb9de408, child=0, calcChild=1) at ../../dix/events.c:2251 #2 0x0808a5a3 in DeliverGrabbedEvent (event=0xc1ac368, thisDev=0xbc36a40, deactivateGrab=0) at ../../dix/events.c:3867 #3 0x0816369c in ProcessRawEvent (ev=0xc1ac368, device=0xbc36a40) at ../../Xi/exevents.c:1014 #4 0x08163806 in ProcessOtherEvent (ev=0xc1ac368, device=0xbc36a40) at ../../Xi/exevents.c:1061 #5 0x0818b9b3 in ProcessKeyboardEvent (ev=0xc1ac368, keybd=0xbc36a40) at ../../xkb/xkbPrKeyEv.c:182 #6 0x080a71c2 in mieqProcessDeviceEvent (dev=0xbc36a40, event=0xc1ac368, screen=0x90fc3a8) at ../../mi/mieq.c:406 #7 0x080a73be in mieqProcessInputEvents () at ../../mi/mieq.c:465 #8 0x080c79f6 in ProcessInputEvents () at ../../../../hw/xfree86/common/xf86Events.c:171 #9 0x08079949 in Dispatch () at ../../dix/dispatch.c:394 #10 0x080670ae in main (argc=8, argv=0xbf9ebb74, envp=0xbf9ebb98) at ../../dix/main.c:282 (gdb) print pSprite->spriteTraceGood $1 = 4 (gdb) print pSprite->spriteTrace[0]->drawable.depth $2 = 24 '\30' (gdb) print pSprite->spriteTrace[1]->drawable.depth $3 = 24 '\30' (gdb) print pSprite->spriteTrace[2]->drawable.depth $4 = 72 'H'
fwiw, drawable.id (in hex) is more helpful, it's the id of the window so you can easily enough get the client and the root window. but for now I'll have to wait for something reproducible.
The two valid windows were the root window and an application, and the two invalid windows are subwindows that have just been destroyed. I can reproduce the issue using the attached test program now (backtrace is a little different since there's only one subwindow that is being killed. It needs to be adjusted for whatever device you want to use to reproduce the bug. Make sure that the cursor is in the window and then click and move the cursor wildly. The server will usually crash after a few clicks due to the sprite trace being partially invalid.
Created attachment 28579 [details] test case
It looks like WindowsRestructured() only updates the sprite trace if the device is the sprite owner, but FindChildForEvent doesn't care whether this is the case. The following fixes the crash, but I don't know if that's the right approach: diff --git a/dix/events.c b/dix/events.c index ec6aff7..9d26707 100644 --- a/dix/events.c +++ b/dix/events.c @@ -2841,7 +2841,7 @@ WindowsRestructured(void) DeviceIntPtr pDev = inputInfo.devices; while(pDev) { - if (DevHasCursor(pDev)) + if (IsPointerDevice(pDev)) CheckMotion(NULL, pDev); pDev = pDev->next; }
Created attachment 28611 [details] [review] 0001-dix-update-the-sprite-trace-for-all-masters-floating.patch I think the condition has to be the same as in ProcessOtherEvents. Only update for masters and floating slaves as all others share the sprite window with their attached master. I need to check if that messes up XI2 enter/leave events for attached slave devices though.
(In reply to comment #5) > Created an attachment (id=28611) [details] > 0001-dix-update-the-sprite-trace-for-all-masters-floating.patch > > I think the condition has to be the same as in ProcessOtherEvents. Only update > for masters and floating slaves as all others share the sprite window with > their attached master. > > I need to check if that messes up XI2 enter/leave events for attached slave > devices though. > Confirming that this patch fixes the issue.
pushed as 6c292d17053eb2a7e7054e51210f423dbc0cb7e8, thanks for testing!
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.