Bug 550948 - X server crashes when switching input devices
Summary: X server crashes when switching input devices
Keywords:
Status: CLOSED DUPLICATE of bug 540584
Alias: None
Product: Fedora
Classification: Fedora
Component: xorg-x11-server
Version: 12
Hardware: All
OS: Linux
low
high
Target Milestone: ---
Assignee: X/OpenGL Maintenance List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-12-28 08:56 UTC by Marko Macek
Modified: 2010-02-01 15:17 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-01-19 21:39:34 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
Xorg log file (62.10 KB, text/plain)
2009-12-28 08:57 UTC, Marko Macek 		no flags Details
valgrind output (44.62 KB, text/plain)
2009-12-28 08:59 UTC, Marko Macek 		no flags Details
more valgrind output (better stack traces) (43.49 KB, text/plain)
2010-01-19 17:32 UTC, Marko Macek 		no flags Details
View All

Description Marko Macek 2009-12-28 08:56:07 UTC 
probably dup bug 531884 (can't reopen)

I use an usb-switch device to switch keyboard+mouse between machines. This has worked fine for 4+ years (even works with fine Windows, except twice as slow).

But in Fedora 12 on a new machine I have a problem:

*** glibc detected *** /usr/bin/Xorg: free(): invalid pointer: 0x00000000026bc390 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3384674576]
/usr/bin/Xorg(XIDeleteAllDeviceProperties+0x33)[0x4e2673]
/usr/bin/Xorg[0x425714]
/usr/bin/Xorg(RemoveDevice+0x165)[0x426935]
/usr/bin/Xorg(DeleteInputDeviceRequest+0x54)[0x479144]
/usr/bin/Xorg[0x455c50]
/usr/bin/Xorg[0x455cef]
/usr/lib64/libhal.so.1[0x339220bb68]
/lib64/libdbus-1.so.3(dbus_connection_dispatch+0x336)[0x3389e109d6]
/lib64/libdbus-1.so.3[0x3389e10bff]
/usr/bin/Xorg[0x4558fb]
/usr/bin/Xorg(WakeupHandler+0x4b)[0x43196b]
/usr/bin/Xorg(WaitForSomething+0x1d7)[0x45bd97]
/usr/bin/Xorg[0x42c3b2]
/usr/bin/Xorg[0x421cfa]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x338461eb1d]
/usr/bin/Xorg[0x4218a9]

---

The configuration to reproduce is this

computer - switch - hub - keyboard + 2 mice

I can reproduce it reliably (<10 switches) with just one mouse without valgrind, but with valgrind I could only reproduce it after adding another mouse.

Installation: Fedora 12, x86-64, AMD motherboard+cpu
Comment 1 Marko Macek 2009-12-28 08:57:48 UTC 
Created attachment 380607 [details]
Xorg log file
Comment 2 Marko Macek 2009-12-28 08:59:09 UTC 
Created attachment 380608 [details]
valgrind output

valgrind seems to crash in this
Comment 3 Marko Macek 2010-01-19 17:32:57 UTC 
Created attachment 385448 [details]
more valgrind output (better stack traces)

Attaching another valgrind output log. This one has more debug info that was previously missing, but I couldn't crash the server again under valgrind (crash easily without).

The most relevant log seems to be:

==3808== Invalid write of size 1
==3808==    at 0x4EB6CC: _XkbSetIndicatorMap (xkb.c:3093)
==3808==    by 0x4EB933: ProcXkbSetIndicatorMap (xkb.c:3160)
==3808==    by 0x42C69B: Dispatch (dispatch.c:445)
==3808==    by 0x421CF9: main (main.c:285)
==3808==  Address 0x88a8568 is 8 bytes inside a block of size 392 free'd
==3808==    at 0x4A04D72: free (vg_replace_malloc.c:325)
==3808==    by 0x50AC4E: SrvXkbFreeKeyboard (XKBAlloc.c:289)
==3808==    by 0x4FE30D: XkbFreeInfo (xkbInit.c:679)
==3808==    by 0x4254C3: FreeDeviceClass (devices.c:671)
==3808==    by 0x425656: FreeAllDeviceClasses (devices.c:801)
==3808==    by 0x425775: CloseDevice (devices.c:849)
==3808==    by 0x426934: RemoveDevice (devices.c:993)
==3808==    by 0x479143: DeleteInputDeviceRequest (xf86Xinput.c:671)
==3808==    by 0x455C4F: remove_device (hal.c:72)
==3808==    by 0x455CEE: device_removed (hal.c:90)
==3808==    by 0x339220BB67: filter_func (libhal.c:1067)
==3808==    by 0x3389E109D5: dbus_connection_dispatch (dbus-connection.c:4444)
Comment 4 Peter Hutterer 2010-01-19 21:39:34 UTC 

*** This bug has been marked as a duplicate of bug 540584 ***
Note You need to log in before you can comment on or make changes to this bug.