Description of problem: I encountered this while trying to set up multiple input devices for use with a pair-programming setup. > xinput create-master "Second Seat" > xinput reattach "HID 0430:0100" "Second Seat pointer" After this, Xorg segfaults once I move the reattached mouse. Version-Release number of selected component: xorg-x11-server-Xorg-1.18.4-4.fc24 Additional info: reporter: libreport-2.7.2 executable: /usr/libexec/Xorg kernel: 4.7.6-200.fc24.x86_64 pkg_fingerprint: 73BD E983 81B4 6521 pkg_vendor: Fedora Project runlevel: N 5 type: xorg uid: 0 Truncated backtrace: 0: /usr/libexec/Xorg (OsLookupColor+0x139) [0x59f679] 1: /lib64/libc.so.6 (__restore_rt+0x0) [0x7f488cff776f] 2: /usr/libexec/Xorg (AssignTypeAndName+0x5c14) [0x536874] 3: /usr/libexec/Xorg (miPointerSetPosition+0x366) [0x586b46] 4: /usr/libexec/Xorg (CreateDefaultStipple+0xece) [0x44e23e] 5: /usr/libexec/Xorg (set_button_up+0x253) [0x44dc13] 6: /usr/libexec/Xorg (GetPointerEvents+0xef) [0x44f3df] 7: /usr/libexec/Xorg (QueuePointerEvents+0x20) [0x44f990] 8: /usr/lib64/xorg/modules/input/libinput_drv.so (_init+0x1860) [0x7f4884060b00] 9: /usr/libexec/Xorg (xf86Wakeup+0xe6) [0x479c36] 10: /usr/libexec/Xorg (WakeupHandler+0x6d) [0x43b94d] 11: /usr/libexec/Xorg (WaitForSomething+0x1e9) [0x597fb9] 12: /usr/libexec/Xorg (SendErrorToClient+0x10e) [0x436c5e] 13: /usr/libexec/Xorg (remove_fs_handlers+0x463) [0x43ae63] 14: /lib64/libc.so.6 (__libc_start_main+0xf1) [0x7f488cfe3731] 15: /usr/libexec/Xorg (_start+0x29) [0x424d59] 16: ? (?+0x29) [0x29]
Created attachment 1209989 [details] File: Xorg.0.log
Created attachment 1209990 [details] File: backtrace
Created attachment 1209991 [details] File: dmesg
Created attachment 1209992 [details] File: dso_list
Created attachment 1209993 [details] File: etc_X11_xorg_conf_d.tar.gz
Created attachment 1209994 [details] File: usr_share_xorg_conf_d.tar.gz
two comments: this looks like a race condition somewhere. if I wait a couple of seconds before moving the newly reattached device, I don't seem to get crashes. I get *a lot* of unrelated memory issues when I e.g. zap the server. DeletePassiveGrabFromList() triggers a SIGABRT during xreallocarray even though all the input data looks correct so we probably have memory corruption elsewhere. This particular segfault is caused by a list->next pointer being NULL, simply said this cannot happen without unrelated memory corruption.
Created attachment 1211191 [details] valgrind of xserver master still present on xserver master. valgrind output from xserver master (5dcb0666b) when calling create-master and reattach, followed by some mouse movement (no crash) and a server zap. just attaching this here so I don't lose it.
xorg-x11-server-1.19.0-0.8.rc2.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-e4f4f6d55c
xorg-x11-server-1.18.4-5.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-d63369e361
xorg-x11-server-1.19.0-0.8.rc2.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-e4f4f6d55c
xorg-x11-server-1.18.4-5.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-d63369e361
xorg-x11-server-1.18.4-5.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
xorg-x11-server-1.19.0-0.8.rc2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.