Bug 531884
| Summary: | Crashes when fiddling with input devices | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Bastien Nocera <bnocera> |
| Component: | xorg-x11-server | Assignee: | Peter Hutterer <peter.hutterer> |
| Status: | CLOSED CANTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | rawhide | CC: | marko.macek, mcepl, mcepl, peter.hutterer, xgl-maint |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-11-08 23:21:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
What did you do to get this crash? just plug/unplug or something more? Since this bugzilla report was filed, there have been several major updates in various components of the Xorg system, which may have resolved this issue. Users who have experienced this problem are encouraged to upgrade their system to the latest version of their packages (at least F12Beta, but even better if the very latest versions). Please, if you experience this problem on the up-to-date system, let us now in the comment for this bug, or whether the upgraded system works for you. If you won't be able to reply in one month, I will have to close this bug as INSUFFICIENT_DATA. Thank you. [This is a bulk message for all open Fedora Rawhide Xorg-related bugs. I'm adding myself to the CC list for each bug, so I'll see any comments you make after this and do my best to make sure every issue gets proper attention.] (In reply to comment #1) > What did you do to get this crash? just plug/unplug or something more? That's what happens when hid2hci runs on a Logitech keyboard/mouse dongle. I think the problem is that the input device created in USB mode disappears pretty much straight away when switching to Bluetooth mode. was this a once-off thing? I just plugged+unplugged hardware and software emulation devices as fast as I could but didn't see anything like this. Is is consistently reproducible? if so, can you get me the valgrind output from X for when this happens? It was consistently reproduceable, unfortunately, the Logitech dongle "died", and doesn't load its own firmware anymore, meaning it just shows up as a Broadcom Bluetooth dongle as opposed to a Logitech USB HID proxy device. Want to close this? Closing as CANTFIX for now, please reopen when that occurs again. Still unable to reproduce it and the property screwup indicates some memory corruption somewhere. opened new bug 550948 |
hal-0.5.13-9.fc12.x86_64 xorg-x11-server-Xorg-1.7.0-1.fc12.x86_64 xorg-x11-drv-evdev-2.3.0-1.fc12.x86_64 double-free error from libc #0 0x000000349bc33575 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x000000349bc34d55 in abort () at abort.c:92 #2 0x000000349bc70393 in __libc_message (do_abort=<value optimized out>, fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:186 #3 0x000000349bc75dc6 in malloc_printerr (action=3, str=0x349bd3fc1e "free(): invalid pointer", ptr=<value optimized out>) at malloc.c:6264 #4 0x00000000004e2553 in XIDeleteAllDeviceProperties (device=0x17c0860) at xiproperty.c:622 #5 0x00000000004257b4 in CloseDevice (dev=0x17c0860) at devices.c:833 #6 0x00000000004268a5 in RemoveDevice (dev=0x17c0860, sendevent=1 '\001') at devices.c:993 #7 0x0000000000479114 in DeleteInputDeviceRequest (pDev=0x17c0860) at xf86Xinput.c:671 #8 0x0000000000455c30 in remove_device (dev=0x17c0860) at hal.c:72 #9 0x0000000000455ccf in device_removed (ctx=<value optimized out>, udi=<value optimized out>) at hal.c:90 #10 0x00000034aac0bb68 in filter_func (connection=0x14f8ab0, message=0x191dc10, user_data=0x14fac90) at libhal.c:1067 #11 0x00000034a14109d6 in dbus_connection_dispatch (connection=0x14f8ab0) at dbus-connection.c:4444 #12 0x00000034a1410bff in _dbus_connection_read_write_dispatch (connection=0x14f8ab0, timeout_milliseconds=0, dispatch=1) at dbus-connection.c:3469 #13 0x00000000004558db in wakeup_handler (data=0x7d23c0, err=<value optimized out>, read_mask=<value optimized out>) at dbus-core.c:57 #14 0x00000000004318eb in WakeupHandler (result=-1, pReadmask=0x7dc6a0) at dixutils.c:413 #15 0x000000000045bd77 in WaitForSomething (pClientsReady=<value optimized out>) at WaitFor.c:232 #16 0x000000000042c322 in Dispatch () at dispatch.c:381 #17 0x0000000000421c9a in main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at main.c:285 (gdb) frame 4 #4 0x00000000004e2553 in XIDeleteAllDeviceProperties (device=0x17c0860) at xiproperty.c:622 622 XIDestroyDeviceProperty(prop); (gdb) list 617 618 for (prop = device->properties.properties; prop; prop = next) 619 { 620 next = prop->next; 621 send_property_event(device, prop->propertyName, XIPropertyDeleted); 622 XIDestroyDeviceProperty(prop); 623 } 624 625 /* Now free all handlers */ 626 curr_handler = device->properties.handlers; (gdb) p prop $2 = (XIPropertyRec *) 0x5cd (gdb) p device $3 = (struct _DeviceIntRec *) 0x17c0860