Created attachment 20159 [details] Xorg.0.log output and xorg.conf I have a test machine running ubuntu 8.10 that is running this version of the X server: X.Org X Server 1.5.2 Release Date: 10 October 2008 X Protocol Version 11, Revision 0 Build Operating System: Linux 2.6.24-19-server i686 Ubuntu Current Operating System: Linux fred-desktop 2.6.27-7-generic #1 SMP Tue Nov 4 19:33:20 UTC 2008 i686 Build Date: 24 October 2008 08:00:16AM xorg-server 2:1.5.2-2ubuntu3 (buildd@rothera.buildd) The x11vnc (http://www.karlrunge.com/x11vnc) VNC server uses XFixesGetCursorImage() to retrieve the current cursor's pixels. Normally this is working fine with X.Org X Server 1.5.2. However, at a critical point when GDM is starting the user's X session, this crash occurs nearly always: Backtrace: 0: /usr/X11R6/bin/X(xf86SigHandler+0x79) [0x80c3009] 1: [0xb7f89400] 2: /usr/X11R6/bin/X [0x8158279] 3: /usr/X11R6/bin/X(CallCallbacks+0x4e) [0x80909ae] 4: /usr/X11R6/bin/X(XaceHook+0x7e) [0x815702e] 5: /usr/X11R6/bin/X(ProcXFixesGetCursorImageAndName+0x8b) [0x8147e9b] 6: /usr/X11R6/bin/X [0x814639c] 7: /usr/X11R6/bin/X(Dispatch+0x34f) [0x808c89f] 8: /usr/X11R6/bin/X(main+0x47d) [0x8071d1d] 9: /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb7b93685] 10: /usr/X11R6/bin/X [0x8071101] Saw signal 11. Server aborting. (II) Macintosh mouse button emulation: Close (II) UnloadModule: "evdev" (II) ImPS/2 Generic Wheel Mouse: Close (II) UnloadModule: "evdev" (II) AT Translated Set 2 keyboard: Close (II) UnloadModule: "evdev" (II) AIGLX: Suspending AIGLX clients for VT switch (II) CHROME(0): VIALeaveVT (II) CHROME(0): [drm] Cleaning up DMA ring-buffer. (II) CHROME(0): ViaCursorStore (II) CHROME(0): VIARestore (II) CHROME(0): ViaDisablePrimaryFIFO Some others are reporting this problem: http://ubuntuforums.org/showthread.php?t=965695 http://ubuntuforums.org/showthread.php?t=968044 The way this mode works is that x11vnc exports via VNC the X server when it is showing the GDM greeter login. The user connects via VNC and then logs in via his username and password. GDM then starts the user's X session. Normally at this point GDM will kill all clients (via XKillClient(3)) however, one uses the GDM 'KillInitClients=false' setting to prevent this. Previously this worked fine and the user would not be disconnected after he logs in. Now, however, the X server actually crashes right after he logs in. It is not clear to me what could be making the X server vulnerable that this point with GDM starts the users X session... Karl Runge
I am experiencing the crash with version 1.6.0 (also with x11vnc when session is starting): X.Org X Server 1.6.0 Release Date: 2009-2-25 X Protocol Version 11, Revision 0 Build Operating System: Linux 2.6.24-23-server i686 Ubuntu Current Operating System: Linux mic 2.6.28-14-generic #46-Ubuntu SMP Wed Jul 8 07:21:34 UTC 2009 i686 Build Date: 09 April 2009 02:10:02AM xorg-server 2:1.6.0-0ubuntu14 (buildd@rothera.buildd) ..... ..... Backtrace: 0: /usr/X11R6/bin/X(xorg_backtrace+0x3b) [0x813518b] 1: /usr/X11R6/bin/X(xf86SigHandler+0x55) [0x80c7be5] 2: [0xb7fe0400] 3: /usr/X11R6/bin/X [0x8161a55] 4: /usr/X11R6/bin/X(CallCallbacks+0x4e) [0x80916be] 5: /usr/X11R6/bin/X(XaceHook+0x7e) [0x815ff5e] 6: /usr/X11R6/bin/X(ProcXFixesGetCursorImageAndName+0x8b) [0x814cb3b] 7: /usr/X11R6/bin/X [0x814af7c] 8: /usr/X11R6/bin/X(Dispatch+0x33f) [0x808d57f] 9: /usr/X11R6/bin/X(main+0x3bd) [0x80722ed] 10: /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb7ba7775] 11: /usr/X11R6/bin/X [0x80717a1] Saw signal 11. Server aborting. Please let me know if I can provide more info.
I too am having this problem. http://ubuntuforums.org/showthread.php?p=7798663
I still see this bug in: X.Org X Server 1.7.7 Release Date: 2010-05-04 I saw this testing with the mandriva 2010.1 live CD. XFixesGetCursorImage() induces the X server crash; as in my original bug report x11vnc was used. Note that KDM (not GMD) is used this time (mandriva live CD.) Is this bug ever going to be addressed??? Searching on ProcXFixesGetCursorImageAndName, I found this bug report: https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/526919 that induces the same X server SEGV but does not use x11vnc.
Created attachment 37760 [details] [review] Scope callback data for use by callback.
Thank you very much Chris. So, if I understand things correctly, the patch you included in your post will at some point be applied to http://cgit.freedesktop.org/xorg/xserver/tree/Xext/xace.c and ultimately make it into an Xorg release? I don't see your changes in http://cgit.freedesktop.org/xorg/xserver/tree/Xext/xace.c so I assume that means no Xorg release has them. Am I correct about that, or have I missed something? Karl
No, the fix that Chris added doesn't fix this issue. Please see RedHat's bugzilla database. https://bugzilla.redhat.com/show_bug.cgi?id=1357694 which has a valid fix to bump the refcount on used cursors.
Actually, Chris fix might fix this error, but there's another crash. As reported in the RedHat database.
-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/xserver/issues/375.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.