Launchpad has imported 2 comments from the remote bug at https://bugs.freedesktop.org/show_bug.cgi?id=52496.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2012-07-25T17:35:27+00:00 Yaroslav Halchenko wrote: Reported originally: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681796 Happens with xserver-xorg-core 1.12.1.902-1 top backtrace from gdb: Program received signal SIGSEGV, Segmentation fault. XIChangeDeviceProperty (dev=dev@entry=0x7f4bac237fa0, property=<optimized out>, type=type@entry=19, format=format@entry=8, mode=<optimized out>, mode@entry=0, len=len@entry=1, value=value@entry=0x7fff092e860f, sendevent=sendevent@entry=1) at ../../Xi/xiproperty.c:772 772 ../../Xi/xiproperty.c: No such file or directory. #0 XIChangeDeviceProperty (dev=dev@entry=0x7f4bac237fa0, property=<optimized out>, type=type@entry=19, format=format@entry=8, mode=<optimized out>, mode@entry=0, len=len@entry=1, value=value@entry=0x7fff092e860f, sendevent=sendevent@entry=1) at ../../Xi/xiproperty.c:772 #1 0x00007f4ba813c20f in DisableDevice (dev=0x7f4bac237fa0, sendevent=sendevent@entry=1 '\001') at ../../dix/devices.c:481 #2 0x00007f4ba817e344 in xf86VTSwitch () at ../../../../hw/xfree86/common/xf86Events.c:454 #3 xf86Wakeup (blockData=<optimized out>, err=<optimized out>, pReadmask=<optimized out>) at ../../../../hw/xfree86/common/xf86Events.c:285 #4 0x00007f4ba8146d9b in WakeupHandler (result=result@entry=-1, pReadmask=pReadmask@entry=0x7f4 here is an excerpt from xiproperty.c for that location: 766 /* run through all handlers with checkonly TRUE, then again with 767 * checkonly FALSE. Handlers MUST return error codes on the 768 * checkonly run, errors on the second run are ignored */ 769 do { 770 handler = dev->properties.handlers; 771 while (handler) { 772 if (handler->SetProperty) { 773 rc = handler->SetProperty(dev, prop->propertyName, 774 &new_value, checkonly); 775 if (checkonly && rc != Success) { 776 free(new_value.data); 777 return rc; 778 } 779 } 780 handler = handler->next; 781 } 782 checkonly = !checkonly; 783 } while (!checkonly); Reply at: https://bugs.launchpad.net/oem- priority/+bug/956071/comments/12 ------------------------------------------------------------------------ On 2012-07-29T22:52:41+00:00 Kevin-freedesktop-bugz wrote: I believe I've been encountering the same crash, though I usually get it a few minutes after resuming from suspend. This is on an ASUS EeePC 1005HA running Debian Wheezy The Debian package is xserver-xorg-core 2:1.12.1.902-1. The log shows this: [ 12941.730] (--) synaptics: SynPS/2 Synaptics TouchPad: touchpad found [ 13139.273] [ 13139.273] Backtrace: [ 13139.347] 0: /usr/bin/Xorg (xorg_backtrace+0x49) [0xb7772099] [ 13139.347] 1: /usr/bin/Xorg (0xb75f5000+0x180a86) [0xb7775a86] [ 13139.347] 2: (vdso) (__kernel_rt_sigreturn+0x0) [0xb75d640c] [ 13139.347] 3: /usr/bin/Xorg (XIChangeDeviceProperty+0x198) [0xb770d188] [ 13139.348] 4: /usr/bin/Xorg (0xb75f5000+0x118829) [0xb770d829] [ 13139.348] 5: /usr/bin/Xorg (0xb75f5000+0x10f7d4) [0xb77047d4] [ 13139.348] 6: /usr/bin/Xorg (0xb75f5000+0x3c365) [0xb7631365] [ 13139.348] 7: /usr/bin/Xorg (0xb75f5000+0x29e95) [0xb761ee95] [ 13139.348] 8: /lib/i386-linux-gnu/i686/cmov/libc.so.6 (__libc_start_main+0xe6) [0xb7293e46] [ 13139.348] 9: /usr/bin/Xorg (0xb75f5000+0x2a1e9) [0xb761f1e9] [ 13139.348] [ 13139.349] Segmentation fault at address 0x9 [ 13139.349] Fatal server error: [ 13139.349] Caught signal 11 (Segmentation fault). Server aborting I got a core file as well: Core was generated by `/usr/bin/Xorg :0 -br -verbose -novtswitch -auth /var/run/gdm3/auth-for-Debian-g'. Program terminated with signal 11, Segmentation fault. #0 XIChangeDeviceProperty (dev=dev@entry=0xb7bcd898, property=135, type=type@entry=19, format=format@entry=8, mode=<optimized out>, mode@entry=0, len=len@entry=1, value=value@entry=0xbfbfb16f, sendevent=sendevent@entry=1) at ../../Xi/xiproperty.c:772 772 ../../Xi/xiproperty.c: No such file or directory. (gdb) bt #0 XIChangeDeviceProperty (dev=dev@entry=0xb7bcd898, property=135, type=type@entry=19, format=format@entry=8, mode=<optimized out>, mode@entry=0, len=len@entry=1, value=value@entry=0xbfbfb16f, sendevent=sendevent@entry=1) at ../../Xi/xiproperty.c:772 #1 0xb75c2aa3 in DisableDevice (dev=dev@entry=0xb7bcd898, sendevent=sendevent@entry=1 '\001') at ../../dix/devices.c:481 #2 0xb75c2ced in RemoveDevice (dev=dev@entry=0xb7bcd898, sendevent=sendevent@entry=1 '\001') at ../../dix/devices.c:1059 #3 0xb7618fac in DeleteInputDeviceRequest (pDev=0xb7bcd898) at ../../../../hw/xfree86/common/xf86Xinput.c:1013 #4 0xb75be4d0 in CloseDeviceList (listHead=listHead@entry=0xb7784444) at ../../dix/devices.c:964 #5 0xb75befa0 in CloseDownDevices () at ../../dix/devices.c:993 #6 0xb7716595 in AbortServer () at ../../os/log.c:475 #7 0xb77166c5 in FatalError (f=f@entry=0xb773b448 "Caught signal %d (%s). Server aborting\n") at ../../os/log.c:611 #8 0xb770eae8 in OsSigHandler (sip=0xbfbfb4ac, signo=11, unused=<optimized out>) at ../../os/osinit.c:146 #9 OsSigHandler (signo=11, sip=0xbfbfb4ac, unused=0xbfbfb52c) at ../../os/osinit.c:107 #10 <signal handler called> #11 XIChangeDeviceProperty (dev=0xb7bcd898, property=property@entry=281, type=19, format=format@entry=8, mode=<optimized out>, len=1, value=value@entry=0xb7c52ddc, sendevent=sendevent@entry=1) at ../../Xi/xiproperty.c:772 #12 0xb76a6829 in change_property (data=0xb7c52ddc, len=<optimized out>, mode=<optimized out>, format=8, type=<optimized out>, property=281, dev=<optimized out>, client=<optimized out>) at ../../Xi/xiproperty.c:354 #13 ProcXChangeDeviceProperty (client=0xb7c3cf40) at ../../Xi/xiproperty.c:908 #14 0xb769d7d4 in ProcIDispatch (client=0xb7c3cf40) at ../../Xi/extinit.c:410 #15 0xb75ca365 in Dispatch () at ../../dix/dispatch.c:428 #16 0xb75b7e95 in main (argc=10, argv=0xbfbfba54, envp=0xbfbfba80) at ../../dix/main.c:288 (gdb) frame 11 #11 XIChangeDeviceProperty (dev=0xb7bcd898, property=property@entry=281, type=19, format=format@entry=8, mode=<optimized out>, len=1, value=value@entry=0xb7c52ddc, sendevent=sendevent@entry=1) at ../../Xi/xiproperty.c:772 772 if (handler->SetProperty) { (gdb) list 767 * checkonly FALSE. Handlers MUST return error codes on the 768 * checkonly run, errors on the second run are ignored */ 769 do { 770 handler = dev->properties.handlers; 771 while (handler) { 772 if (handler->SetProperty) { 773 rc = handler->SetProperty(dev, prop->propertyName, 774 &new_value, checkonly); 775 if (checkonly && rc != Success) { 776 free(new_value.data); (gdb) p handler $1 = (XIPropertyHandlerPtr) 0x1 (gdb) p handler->SetProperty Cannot access memory at address 0x9 Note that this gives the address as 0x9, same as the log file. I believe this has been the address listed in the log every time I've seen this crash. (gdb) p *dev $2 = {public = {devicePrivate = 0xb7bb95f0, processInputProc = 0xb76c81a0 <ProcessKeyboardEvent>, realInputProc = 0xb76c81a0 <ProcessKeyboardEvent>, enqueueInputProc = 0xb75d2590 <EnqueueEvent>, on = 0}, next = 0x0, startup = 1, deviceProc = 0xb6710110, inited = 1, enabled = 0, coreEvents = 4, deviceGrab = { grabTime = {months = 0, milliseconds = 5068631}, fromPassiveGrab = 0, implicitGrab = 0, activeGrab = 0xb7bcdb48, grab = 0x0, activatingKey = 0 '\000', ActivateGrab = 0xb75dafc0 <ActivateKeyboardGrab>, DeactivateGrab = 0xb75dade0 <DeactivateKeyboardGrab>, sync = {frozen = 0, state = 0, other = 0x0, event = 0xb7bcde50}}, type = 3, xinput_type = 96, name = 0xb7bce088 "SynPS/2 Synaptics TouchPad", id = 13, key = 0x0, valuator = 0xb7bce6b8, touch = 0xb7bd02a8, button = 0xb7bce160, focus = 0x0, proximity = 0x0, kbdfeed = 0x0, ptrfeed = 0xb7bd0148, intfeed = 0x0, stringfeed = 0x0, bell = 0x0, leds = 0x0, xkb_interest = 0x0, config_info = 0xb7bce0a8 "udev:/sys/devices/platform/i8042/serio1/input/input8/event8", unused_classes = 0x0, saved_master_id = 0, devPrivates = 0xb7bcdb00, unwrapProc = 0xb76c6560 <xkbUnwrapProc>, spriteInfo = 0xb7bcdae4, master = 0x0, lastSlave = 0x0, last = {valuators = {3322.2696093537093, 3055.4704689213017, -13769.111570356075, 272483.30117348192, 0 <repeats 32 times>}, numValuators = 4, slave = 0x0, scroll = 0xb7bce7d0, num_touches = 2, touches = 0xb7bd07f0}, properties = {properties = 0xb7bd2588, handlers = 0xb7bd25c0}, transform = {m = {{0, 0, 0}, {0, 0, 0}, {0, 0, 0}}}, xtest_master_id = 0} Looks like it might be an issue in Synaptics. (gdb) p dev->properties.handlers $3 = (XIPropertyHandlerPtr) 0xb7bd25c0 (gdb) p dev->properties.handlers->next $4 = (struct _XIPropertyHandler *) 0xb7bd0130 (gdb) p dev->properties.handlers->next->next $5 = (struct _XIPropertyHandler *) 0xb7bd00a8 (gdb) p dev->properties.handlers->next->next->next $6 = (struct _XIPropertyHandler *) 0xb7bd0020 (gdb) p dev->properties.handlers->next->next->next->next $7 = (struct _XIPropertyHandler *) 0xb7bcff98 (gdb) p dev->properties.handlers->next->next->next->next->next $8 = (struct _XIPropertyHandler *) 0x1 (gdb) p *dev->properties.handlers->next->next->next->next $9 = {next = 0x1, id = 1, SetProperty = 0xb75e9e10 <AccelSetProfileProperty>, GetProperty = 0, DeleteProperty = 0} The handler with the invalid "next" pointer has AccelSetProfileProperty for its SetProperty member. I hope that helps narrow it down. Reply at: https://bugs.launchpad.net/oem- priority/+bug/956071/comments/21 ** Changed in: xorg-server Status: Unknown => Confirmed ** Changed in: xorg-server Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/956071 Title: Xorg crashed with SIGSEGV in XIGetDeviceProperty() To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/956071/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
