X.org server 1.8.0 Tag (Released by Gentoo) X.org is configured for a 2×2 screen layout (each screen 1280×1024, a total resolution of 2560×2048, using Xinerama) X.org remotely controlled using x11vnc – The SegFault – (gdb) c Continuing. Program received signal SIGSEGV, Segmentation fault. 0×00000000005e078f in miDCSaveUnderCursor (pDev=0×18d6790, pScreen=0×1290440, x=323, y=265, w=26, h=32) at midispcur.c:536 536 pSave = pBuffer->pSave; – The Backtrace – (gdb) bt #0 0×00000000005e078f in miDCSaveUnderCursor (pDev=0×18d6790, pScreen=0×1290440, x=323, y=265, w=26, h=32) at midispcur.c:536 #1 0×00000000005f55a8 in miSpriteSaveUnderCursor (pDev=0×18d6790, pScreen=0×1290440) at misprite.c:1039 #2 0×00000000005f4f92 in miSpriteSetCursor (pDev=0×18d6790, pScreen=0×1290440, pCursor=0×259be50, x=332, y=274) at misprite.c:902 #3 0×00000000005d760f in xf86CursorSetCursor (pDev=0×18d6790, pScreen=0×1290440, pCurs=0×259be50, x=332, y=274) at xf86Cursor.c:377 #4 0×0000000000469664 in miPointerUpdateSprite (pDev=0×18d6790) at mipointer.c:402 #5 0×00000000004fb939 in ProcXTestFakeInput (client=0×1a284d0) at xtest.c:454 #6 0×00000000004fba42 in ProcXTestDispatch (client=0×1a284d0) at xtest.c:487 #7 0×000000000042ded8 in Dispatch () at dispatch.c:439 #8 0×0000000000424bf3 in main (argc=8, argv=0×7fff36312dd8, envp=0×7fff36312e20) at main.c:286 – The source code in question – File: dix/events.c / Lines: 299-303 299 Bool 300 DevHasCursor(DeviceIntPtr pDev) 301 { 302 return pDev->spriteInfo->spriteOwner; 303 } File: mi/midispcur.c / Lines: 62-64 62 /* per device private data */ 63 static int miDCSpriteKeyIndex; 64 static DevPrivateKey miDCSpriteKey = &miDCSpriteKeyIndex; File: mi/midispcur.c / Lines: 78-81 78 #define MIDCBUFFER(dev) \ 79 ((DevHasCursor(dev)) ? \ 80 (miDCBufferPtr)dixLookupPrivate(&dev->devPrivates, miDCSpriteKey) : \ 81 (miDCBufferPtr)dixLookupPrivate(&dev->u.master->devPrivates, miDCSpriteKey)) File: mi/midispcur.c / Lines: 522-537 522 static Bool 523 miDCSaveUnderCursor (DeviceIntPtr pDev, ScreenPtr pScreen, 524 int x, int y, int w, int h) 525 { 526 miDCScreenPtr pScreenPriv; 527 miDCBufferPtr pBuffer; 528 PixmapPtr pSave; 529 WindowPtr pWin; 530 GCPtr pGC; 531 532 pScreenPriv = (miDCScreenPtr)dixLookupPrivate(&pScreen->devPrivates, 533 miDCScreenKey); 534 pBuffer = MIDCBUFFER(pDev); 535 536 pSave = pBuffer->pSave; 537 pWin = WindowTable[pScreen->myNum]; – Analysis: What does pBuffer contain? – (gdb) print pBuffer $1 = (miDCBufferPtr) 0×0 – Analysis: What does pDev contain? – (gdb) print pDev $2 = (DeviceIntPtr) 0×18d6790 (gdb) print *pDev $3 = {public = {devicePrivate = 0×0, processInputProc = 0×56bd73 <ProcessKeyboardEvent>, realInputProc = 0×56bd73 <ProcessKeyboardEvent>, enqueueInputProc = 0×44ac4c <EnqueueEvent>, on = 0}, next = 0×19e1e70, startup = 1, deviceProc = 0×45cfab <CoreKeyboardProc>, inited = 1, enabled = 1, coreEvents = 1, deviceGrab = {grabTime = {months = 0, milliseconds = 132503957}, fromPassiveGrab = 0, implicitGrab = 0, activeGrab = {next = 0×0, resource = 0, device = 0×0, window = 0×0, ownerEvents = 0, keyboardMode = 0, pointerMode = 0, grabtype = GRABTYPE_CORE, type = 0 ‘\000′, modifiersDetail = {exact = 0, pMask = 0×0}, modifierDevice = 0×0, detail = {exact = 0, pMask = 0×0}, confineTo = 0×0, cursor = 0×0, eventMask = 0, deviceMask = 0, xi2mask = { "\000\000" <repeats 42 times>}}, grab = 0×0, activatingKey = 0 ‘\000′, ActivateGrab = 0×44bc90 <ActivateKeyboardGrab>, DeactivateGrab = 0×44be4f <DeactivateKeyboardGrab>, sync = {frozen = 0, state = 0, other = 0×0, event = 0×0}}, type = 3, xinput_type = 0, name = 0×18d6bb0 "Virtual core XTEST keyboard", id = 5, key = 0×18d6c00, valuator = 0×0, button = 0×0, focus = 0×18dd4d0, proximity = 0×0, absolute = 0×0, kbdfeed = 0×18d6c80, ptrfeed = 0×0, intfeed = 0×0, stringfeed = 0×0, bell = 0×0, leds = 0×0, xkb_interest = 0×0, config_info = 0×0, devPrivates = 0×18d7400, nPrivates = 0, unwrapProc = 0×53f984 <xkbUnwrapProc>, spriteInfo = 0×18d6b08, u = {master = 0×15d5750, lastSlave = 0×15d5750}, last = {valuators = { 0 <repeats 36 times>}, remainder = {0 <repeats 36 times>}, numValuators = 0, slave = 0×0}, properties = {properties = 0×18d6550, handlers = 0×18d65a0}} – Analysis – MIDCBUFFER: What does DevHasCursor(dev) return? – (gdb) print *pDev->spriteInfo $4 = {sprite = 0×18d5220, spriteOwner = 0, paired = 0×15d5750} (gdb) print pDev->spriteInfo->spriteOwner $5 = 0 – Analysis – MIDCBUFFER: What does dev->u.master->devPrivates contain? – (gdb) print pDev->u.master $6 = (DeviceIntPtr) 0×15d5750 (gdb) print pDev->u.master->devPrivates $7 = (PrivateRec *) 0×15d5bb0 – Analysis – MIDCBUFFER: Are the private key and index defined? – (gdb) print miDCSpriteKey $8 = (DevPrivateKey) 0×87e3dc (gdb) print miDCSpriteKeyIndex $9 = 47 – Analysis – MIDCBUFFER: What does dixLookupPrivate return? – (gdb) print pDev->u.master->devPrivates[*miDCSpriteKey] $11 = {state = 1, value = 0×0} – Final Thoughts – There’s another bug (#24181) that appears to be the same (or very very close) to this. Git Tag 1.8.0.901 contains a patch (and it’s revert) about not thrashing resources when displaying the software cursor across screens. It’s not clear if that patch is intended to resolve this problem, but it needs to be tested if Git Tag 1.8.0.901 resolves this problem. If that doesn’t, then it needs to be tested if Git Master resolves this problem. Any help would be appreciated.
> There’s another bug (#24181) that appears to be the same (or very very close) > to this. https://bugs.freedesktop.org/show_bug.cgi?id=24181 > Git Tag 1.8.0.901 contains a patch (and it’s revert) about not thrashing > resources when displaying the software cursor across screens. It’s not clear > if that patch is intended to resolve this problem, but it needs to be tested if > Git Tag 1.8.0.901 resolves this problem. If that doesn’t, then it needs to be > tested if Git Master resolves this problem. Any help would be appreciated. The Patch: http://cgit.freedesktop.org/xorg/xserver/commit/?h=server-1.8-branch&id=049a36cd402da9219e60221f5671f94a8f8f687f The Revert: http://cgit.freedesktop.org/xorg/xserver/commit/?h=server-1.8-branch&id=feb39870e0d2c5917c8da1951c721f6f72cb4d39
I've confirmed that Git Tag 1.8.0.901 does not resolve this problem. I've not tried un-reverting the revert commit however. > > > Git Tag 1.8.0.901 contains a patch (and it’s revert) about not thrashing > > resources when displaying the software cursor across screens. It’s not clear > > if that patch is intended to resolve this problem, but it needs to be tested if > > Git Tag 1.8.0.901 resolves this problem. If that doesn’t, then it needs to be > > tested if Git Master resolves this problem. Any help would be appreciated. > > The Patch: > > http://cgit.freedesktop.org/xorg/xserver/commit/?h=server-1.8-branch&id=049a36cd402da9219e60221f5671f94a8f8f687f > > > The Revert: > > http://cgit.freedesktop.org/xorg/xserver/commit/?h=server-1.8-branch&id=feb39870e0d2c5917c8da1951c721f6f72cb4d39
From the git sources, It appears that the patch in question had been revised and applied to the master branch (518f3b189b6c8aa28b62837d14309fd06163ccbb). However, even after applying that patch to the 1.8.0.901, X still segfaults. Please help, this bug makes using X.org remotely difficult.
-- Current Observations -- The function miDCSaveUnderCursor is never called until the crash. This seems to be the first time it's called. -- Occurrences of miDCSpriteKey -- static defs: ./mi/midispcur.c:63:static int miDCSpriteKeyIndex; ./mi/midispcur.c:64:static DevPrivateKey miDCSpriteKey = &miDCSpriteKeyIndex; macro MIDCBUFFER: ./mi/midispcur.c:80: (miDCBufferPtr)dixLookupPrivate(&dev->devPrivates, miDCSpriteKey) : \ ./mi/midispcur.c:81: (miDCBufferPtr)dixLookupPrivate(&dev->u.master->devPrivates, miDCSpriteKey)) from function miDCDeviceInitialize: ./mi/midispcur.c:883: dixSetPrivate(&pDev->devPrivates, miDCSpriteKey, pBuffer); from function miDCDeviceCleanup: ./mi/midispcur.c:925: dixSetPrivate(&pDev->devPrivates, miDCSpriteKey, NULL); -- Questions -- what calls miDCDeviceInitialize? -- Occurrences of miDCDeviceInitialize -- function prototype: ./mi/midispcur.c:123:static Bool miDCDeviceInitialize(DeviceIntPtr pDev, ScreenPtr pScreen); static defs: ./mi/midispcur.c:134: miDCDeviceInitialize, function itself: ./mi/midispcur.c:878:miDCDeviceInitialize(DeviceIntPtr pDev, ScreenPtr pScreen) -- Questions -- What calls how about miDCFuncs? -- Occurrences of miDCFuncs -- static defs: ./mi/midispcur.c:126:static miSpriteCursorFuncRec miDCFuncs = { from function miDCInitialize: ./mi/midispcur.c:153: if (!miSpriteInitialize (pScreen, &miDCFuncs, screenFuncs)) -- Questions -- What calls how about miDCInitialize? -- Occurrences of miDCInitialize -- function itself: ./mi/midispcur.c:139:miDCInitialize (ScreenPtr pScreen, miPointerScreenFuncPtr screenFuncs) function prototype: ./mi/mipointer.h:94:extern _X_EXPORT Bool miDCInitialize( from KdScreenInit: ./hw/kdrive/src/kdrive.c:1050: miDCInitialize(pScreen, &kdPointerScreenFuncs); others calls to the function: ./hw/vfb/InitOutput.c:928: miDCInitialize(pScreen, &vfbPointerCursorFuncs); ./hw/xnest/Screen.c:312: miDCInitialize(pScreen, &xnestPointerCursorFuncs); /* init SW rendering */ ./hw/dmx/dmxscrinit.c:295: miDCInitialize(pScreen, &dmxPointerCursorFuncs); ./hw/xwin/winscrinit.c:422: miDCInitialize (pScreen, &g_winPointerCursorFuncs); ./hw/xwin/winscrinit.c:753: if (!miDCInitialize (pScreen, &g_winPointerCursorFuncs)) ./hw/xquartz/xpr/xprCursor.c:360: if (!miDCInitialize(pScreen, &quartzScreenFuncsRec)) -- Contents of pBuffer and pDev->devPrivates[*miDCSpriteKey] in miDCSaveUnderCursor -- (gdb) Continuing. Breakpoint 1, miDCSaveUnderCursor (pDev=0x228a3a0, pScreen=0x1ef8f00, x=203, y=813, w=26, h=32) at midispcur.c:532 532 pScreenPriv = (miDCScreenPtr)dixLookupPrivate(&pScreen->devPrivates, (gdb) print pDev $1 = (DeviceIntPtr) 0x228a3a0 (gdb) print pBuffer $2 = (miDCBufferPtr) 0x100000000a (gdb) print pDev->devPrivates $3 = (PrivateRec *) 0x228a810 (gdb) print pDev->devPrivates[*miDCSpriteKey] $4 = {state = 0, value = 0x0} (gdb) n 534 pBuffer = MIDCBUFFER(pDev); (gdb) print pDev->devPrivates[*miDCSpriteKey] $5 = {state = 0, value = 0x0} (gdb) n 536 pSave = pBuffer->pSave; (gdb) print pDev->devPrivates[*miDCSpriteKey] $6 = {state = 0, value = 0x0} (gdb) n Program received signal SIGSEGV, Segmentation fault. 0x00000000005e078f in miDCSaveUnderCursor (pDev=0x228a3a0, pScreen=0x1ef8f00, x=203, y=813, w=26, h=32) at midispcur.c:536 536 pSave = pBuffer->pSave; (gdb) print pDev->devPrivates[*miDCSpriteKey] $7 = {state = 0, value = 0x0} (gdb) print pBuffer $8 = (miDCBufferPtr) 0x0 -- Possible Theory of this Bug -- From the above list of calls to miDCInitialize, only certain parts of X call miDCInitialize to initialize the SW rendering engine. However, something with Xinerama triggers a call to miDCSaveUnderCursor. Since miDCInitialize had not yet been called, the miDCSprintKey private had not been setup yet. So when miDCSaveUnderCursor calls dixLookupPrivate, it sees that the private doesn't exist and then creates it, returning back a new private with a NULL value. It then tries to call the pSave method on that private resulting in the segfault we have.
I've just posted bug 29212 which looks to be a very similar segfault but in miDCRestoreUnderCursor and occured for use while using Xvfb.
I have same crashes after connect bluetooth keyboard With bluetooth mouse everything ok, crash only when i connect keyboard. After connecting, the keyboard works and i can use it. Failure occurs in the interval between 30 seconds and 5 minutes after connecting. It does not depend on whether I'm typing on a keyboard or not. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: xserver-xorg 1:7.6+7ubuntu7.1 ProcVersionSignature: Ubuntu 3.0.0-15.26-generic 3.0.13 Uname: Linux 3.0.0-15-generic i686 NonfreeKernelModules: nvidia ApportVersion: 1.23-0ubuntu4 Architecture: i386 Date: Sun Feb 12 16:08:39 2012 InstallationMedia: Ubuntu 11.10 "Oneiric" - Build i386 LIVE Binary 20120208-10:12 ProcEnviron: PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: xorg UpgradeStatus: No upgrade log present (probably fresh install)
Created attachment 57140 [details] dgb log
-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/xserver/issues/396.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.