Hi, when injecting input via XTEST into an XI2 master device, the X server sometimes segfaults at dix/events.c:3443. The offending code is xkbi= gdev->key->xkbInfo; in static Bool CheckPassiveGrabsOnWindow(). Obviously 'key' is NULL there. Happens on Ubuntu 10.10 with X server 1.9. I hope that's enough info, but I can provide X log and backtrace if needed... Cheers, Christian
please provide more info, mainly what are the events you're injecting? how often does this happen and can you reproduce it reliably? if gdev->key is NULL then there must be some testcase to reproduce this 100% of the time.
Seems https://bugs.freedesktop.org/show_bug.cgi?id=31601 is triggered before that one here, so atm I'm unable to reproduce it :-(
Ok, I was wrong. This one is indeed triggered as well. Here's some info: Program received signal SIGSEGV, Segmentation fault. CheckPassiveGrabsOnWindow (pWin=<value optimized out>, device=<value optimized out>, event=0xa0010d8, checkCore=1 '\001') at ../../dix/events.c:3443 3443 ../../dix/events.c: No such file or directory. in ../../dix/events.c (gdb) bt #0 CheckPassiveGrabsOnWindow (pWin=<value optimized out>, device=<value optimized out>, event=0xa0010d8, checkCore=1 '\001') at ../../dix/events.c:3443 #1 0x0807ad9a in CheckDeviceGrabs (device=0xa306860, event=0xa0010d8, checkFirst=0) at ../../dix/events.c:3640 #2 0x0812ae27 in ProcessOtherEvent (ev=0xa0010d8, device=0xa306860) at ../../Xi/exevents.c:1056 #3 0x08156d73 in XkbHandleActions (dev=0xa306860, kbd=0xa306860, event=0xa0010d8) at ../../xkb/xkbActions.c:1211 #4 0x081573f0 in XkbProcessKeyboardEvent (event=0xa0010d8, keybd=0xa306860) at ../../xkb/xkbPrKeyEv.c:139 #5 0x0814f3b7 in AccessXFilterPressEvent (event=0xa0010d8, keybd=0xa306860) at ../../xkb/xkbAccessX.c:561 #6 0x08157754 in ProcessKeyboardEvent (ev=0xa30d8c8, keybd=0xa306860) at ../../xkb/xkbPrKeyEv.c:174 #7 0x080e7698 in mieqProcessDeviceEvent (dev=0xa306860, event=0xa0010d8, screen=0x0) at ../../mi/mieq.c:412 #8 0x080f852b in ProcXTestFakeInput (client=<value optimized out>) at ../../Xext/xtest.c:452 #9 0x0806e087 in Dispatch () at ../../dix/dispatch.c:432 #10 0x080625ba in main (argc=8, argv=0xbfba8ab4, envp=0xbfba8ad8) at ../../dix/main.c:291 (gdb) i locals gdev = 0xa30d8c8 xkbi = <value optimized out> grab = 0xa308b60 tempGrab = {next = 0x0, resource = 420, device = 0xa306860, window = 0xa010090, ownerEvents = 0, keyboardMode = 0, pointerMode = 0, grabtype = GRABTYPE_CORE, type = 2 '\002', modifiersDetail = {exact = 0, pMask = 0x0}, modifierDevice = 0xa0f1b48, detail = { exact = 43, pMask = 0x0}, confineTo = 0x0, cursor = 0x3, eventMask = 1, deviceMask = 11, xi2mask = {"\003\000", "\000\b", "\000\000\v", "\000\000", "\214\177\272", "\277", <incomplete sequence \360\235>, "\016\nH", "\177\272\277", "P\003\003", "\000\270$", "/\n\v", "\000\000", "\b\000", "\000\336Z", "\020\b\240", "\372\372\t", "\270$/", "\n\226\027", "7\000P", "\001\373\t", "\320\t)", "\n\000", "\000\000", <incomplete sequence \330>, "\316\373\t", "\370\374", <incomplete sequence \372>, "\t\375\377", "\000\000\a", "\000<", "\330}\272", "\277\244B", "\000\n\030", "\004\061\n", "\364?", <incomplete sequence \312>, "\000\000", "\003\000\001", "\000\000", "\354}\272", "\277\344}", "\272\277", <incomplete sequence \350>, "}\272\277", "ะพ.", "\n\330\020"}} match = 0 (gdb) p gdev->key $5 = (KeyClassPtr) 0x20 (gdb) p gdev->key->xkbInfo Cannot access memory at address 0x84 Looking at the code, key can't be NULL, that was bullshit. Still, there's this segfault... HTH, am still struggling to reproduce it reliably...
Created attachment 40393 [details] X log file of occuring segfault and here's the logfile of the crash in question...
Seems this is still the case with XServer 1.10. Here's another backtrace, I'll try to find a way to reliably reproduce this. (gdb) bt #0 CheckPassiveGrabsOnWindow (pWin=0x956ff08, device=0x99b2ca8, event=0x9541468, checkCore=1 '\001', activate=1 '\001') at ../../dix/events.c:3672 #1 0x0807b60c in CheckDeviceGrabs (device=0x99b2ca8, event=0x9541468, ancestor=0x0) at ../../dix/events.c:3968 #2 0x08132d6c in ProcessOtherEvent (ev=0x9541468, device=0x99b2ca8) at ../../Xi/exevents.c:2100 #3 0x08157322 in ProcessPointerEvent (ev=0x9541468, mouse=0x99b2ca8) at ../../xkb/xkbAccessX.c:729 #4 0x080ea270 in mieqProcessDeviceEvent (dev=0x99b2ca8, event=0x9541468, screen=0x0) at ../../mi/mieq.c:460 #5 0x080fcef6 in ProcXTestFakeInput (client=0x1) at ../../Xext/xtest.c:431 #6 0x08070167 in Dispatch () at ../../dix/dispatch.c:431 #7 0x0806281c in main (argc=8, argv=0xbfe12b14, envp=0xbfe12b38) at ../../dix/main.c:287 (gdb) i locals gdev = 0x989fa68 xkbi = 0x0 count = 0 rc = <value optimized out> xE = 0x0 core = {u = {u = {type = 19 '\023', detail = 58 ':', sequenceNumber = 59}, keyButtonPointer = {pad00 = 3881491, time = 159754120, root = 1, event = 3219201752, child = 134713312, rootX = 7900, rootY = -16415, eventX = 2, eventY = 0, state = 2040, sameScreen = 147 '\223', pad1 = 9 '\t'}, enterLeave = {pad00 = 3881491, time = 159754120, root = 1, event = 3219201752, child = 134713312, rootX = 7900, rootY = -16415, eventX = 2, eventY = 0, state = 2040, mode = 147 '\223', flags = 9 '\t'}, focus = {pad00 = 3881491, window = 159754120, mode = 1 '\001', pad1 = 0 '\000', pad2 = 0 '\000', pad3 = 0 '\000'}, expose = {pad00 = 3881491, window = 159754120, x = 1, y = 0, width = 7896, height = 49121, count = 36832, pad2 = 2055}, graphicsExposure = {pad00 = 3881491, drawable = 159754120, x = 1, y = 0, width = 7896, height = 49121, minorEvent = 36832, count = 2055, majorEvent = 220 '\334', pad1 = 30 '\036', pad2 = 225 '\341', pad3 = 191 '\277'}, noExposure = {pad00 = 3881491, drawable = 159754120, minorEvent = 1, majorEvent = 0 '\000', bpad = 0 '\000'}, visibility = {pad00 = 3881491, window = 159754120, state = 1 '\001', pad1 = 0 '\000', pad2 = 0 '\000', pad3 = 0 '\000'}, createNotify = {pad00 = 3881491, parent = 159754120, window = 1, x = 7896, y = -16415, width = 36832, height = 2055, borderWidth = 7900, override = 225 '\341', bpad = 191 '\277'}, destroyNotify = {pad00 = 3881491, event = 159754120, window = 1}, unmapNotify = {pad00 = 3881491, event = 159754120, window = 1, fromConfigure = 216 '\330', pad1 = 30 '\036', pad2 = 225 '\341', pad3 = 191 '\277'}, mapNotify = {pad00 = 3881491, event = 159754120, window = 1, override = 216 '\330', pad1 = 30 '\036', pad2 = 225 '\341', pad3 = 191 '\277'}, mapRequest = {pad00 = 3881491, parent = 159754120, window = 1}, reparent = {pad00 = 3881491, event = 159754120, window = 1, parent = 3219201752, x = -28704, y = 2055, override = 220 '\334', pad1 = 30 '\036', pad2 = 225 '\341', pad3 = 191 '\277'}, configureNotify = {pad00 = 3881491, event = 159754120, window = 1, aboveSibling = 3219201752, x = -28704, y = 2055, width = 7900, height = 49121, borderWidth = 2, override = 0 '\000', bpad = 0 '\000'}, configureRequest = {pad00 = 3881491, parent = 159754120, window = 1, sibling = 3219201752, x = -28704, y = 2055, width = 7900, height = 49121, borderWidth = 2, valueMask = 0, pad1 = 160630776}, gravity = {pad00 = 3881491, event = 159754120, window = 1, x = 7896, y = -16415, pad1 = 134713312, pad2 = 3219201756, pad3 = 2, pad4 = 160630776}, resizeRequest = {pad00 = 3881491, window = 159754120, width = 1, height = 0}, circulate = {pad00 = 3881491, event = 159754120, window = 1, parent = 3219201752, place = 224 '\340', pad1 = 143 '\217', pad2 = 7 '\a', pad3 = 8 '\b'}, property = {pad00 = 3881491, window = 159754120, atom = 1, time = 3219201752, state = 224 '\340', pad1 = 143 '\217', pad2 = 2055}, selectionClear = { pad00 = 3881491, time = 159754120, window = 1, atom = 3219201752}, selectionRequest = {pad00 = 3881491, time = 159754120, owner = 1, requestor = 3219201752, selection = 134713312, target = 3219201756, property = 2}, selectionNotify = {pad00 = 3881491, time = 159754120, requestor = 1, selection = 3219201752, target = 134713312, property = 3219201756}, colormap = {pad00 = 3881491, window = 159754120, colormap = 1, new = 216 '\330', state = 30 '\036', pad1 = 225 '\341', pad2 = 191 '\277'}, mappingNotify = {pad00 = 3881491, request = 136 '\210', firstKeyCode = 167 '\247', count = 133 '\205', pad1 = 9 '\t'}, clientMessage = {pad00 = 3881491, window = 159754120, u = {l = {type = 1, longs0 = -1075765544, longs1 = 134713312, longs2 = -1075765540, longs3 = 2, longs4 = 160630776}, s = {type = 1, shorts0 = 7896, shorts1 = -16415, shorts2 = -28704, shorts3 = 2055, shorts4 = 7900, shorts5 = -16415, shorts6 = 2, shorts7 = 0, shorts8 = 2040, shorts9 = 2451}, b = {type = 1, bytes = "\330\036\341\277\340\217\a\b\334\036\341\277\002\000\000\000\370\a\223\t"}}}}} pSprite = 0x99dad80 grab = 0x9a184a8 tempGrab = {next = 0x0, resource = 3219201576, device = 0x99b2ca8, window = 0x956ff08, ownerEvents = 0, keyboardMode = 0, pointerMode = 0, grabtype = GRABTYPE_CORE, type = 4 '\004', modifiersDetail = {exact = 0, pMask = 0x0}, modifierDevice = 0x99de238, detail = {exact = 1, pMask = 0x0}, confineTo = 0x0, cursor = 0xbfe11ea8, eventMask = 3881064, deviceMask = 159038004, xi2mask = {"Q\000", "\000\340\004", "\004\000", <incomplete sequence \364>, "\177\037\b", "h\024T", "\t\377\377", "\377\377x", "8w\t", "\345\214\033", "\000\001", "\000\000 ", "\000\000", "\000\000", "\000\000", "\000\001\001", "\000R\t", "\000\000", "\000h\024", "T\t", "\000\000", "\000\000", "\000\000", "\000\000\001", "\000\000", "\024\000", "#\024", "\000\000", "\000\000", "\000\254 ", "\b\377\377", "\377\377\230", "\336e\t", "\364\217*", "\000\300\243", "*\000\254", "\037", <incomplete sequence \341\277>, "\250\036", <incomplete sequence \341>, "\277\035", <incomplete sequence \304>, "\033\000", "\000\000", "\364\177;", "\000\364\177"}} grabinfo = <value optimized out> match = <value optimized out>
I wonder if this one fixes it unintentionally http://patchwork.freedesktop.org/patch/6539/ If this is still an issue, I'd appreciate if you could attach the code you use to trigger this bug
On Mon, August 1, 2011 05:53, bugzilla-daemon@freedesktop.org wrote: > https://bugs.freedesktop.org/show_bug.cgi?id=31600 > > --- Comment #6 from Peter Hutterer <peter.hutterer@who-t.net> 2011-07-31 > 20:53:49 PDT --- > I wonder if this one fixes it unintentionally > http://patchwork.freedesktop.org/patch/6539/ > > If this is still an issue, I'd appreciate if you could attach the code you > use > to trigger this bug I'm on vacation right now, but it's on my agenda. Will check as soon as I come back...
Hi! First, sorry for the long delay, I was busy with other stuff. Second, I'm not running into this issue anymore with xserver 1.11.1. So this _seems_ fixed. 'Seems' cause I'm still not able to reproduce it reliably. However, there definitely is a noticable change in behaviour: When running compiz 0.8.4 as window manager, some windows do not accept xtestfakedevicekeyevent() keyboard input anymore - this was not the case before xserver 1.11.1. With metacity 2.30.1 it works as before - guess it's different grabbing semantics in the WMs... Dunno if 'bug not popping up anymore but I don't know if it could again' is enough to close this bug report... Cheers, Christian
Well let's close it then, and if it comes back, you can always reopen (and hopefully provide a test case).
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.