Ubuntu
xorg-server package

Xorg crashes after connect bluetooth keyboard

Bug #930936 reported by Dmitry
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
X.Org X server
Unknown
High
xorg-server (Ubuntu)
Fix Released
High
Unassigned
Lucid
Won't Fix
High
Unassigned
Oneiric
Fix Released
High
Unassigned
Precise
Fix Released
High
Unassigned

Bug Description

SRU Criteria
============
[Impact]
The X server may crash after connecting a bluetooth keyboard.

[Development Fix]
The Q series is not open for development yet.

[Stable Fix]
Please see the attached patch midispcur.c.patch.

[Test Case]
Connect a bluetooth keyboard and use it for five minutes. Check if X server has crashed.

[Regression Potential]
Low. The patch merely short circuits code that may dereference a NULL pointer. It is possible that this causes a further issue, but such an issue is likely to be at worst just as bad as without this fix.

Original Bug Report
===================
X crashes after connect bluetooth keyboard.
With bluetooth mouse everything ok, crash only when i connect keyboard.

After connecting the keyboard works and i can use it. Failure occurs in the interval between 30 seconds and 5 minutes after connecting. It does not depend on whether I'm typing on a keyboard or not.

On Ubuntu Lucid same error

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: xserver-xorg 1:7.6+7ubuntu7.1
ProcVersionSignature: Ubuntu 3.0.0-15.26-generic 3.0.13
Uname: Linux 3.0.0-15-generic i686
NonfreeKernelModules: nvidia
ApportVersion: 1.23-0ubuntu4
Architecture: i386
Date: Sun Feb 12 16:08:39 2012
InstallationMedia: Ubuntu 11.10 "Oneiric" - Build i386 LIVE Binary 20120208-10:12
ProcEnviron:
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: xorg
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
In , Martin Jansa (martin-jansa) wrote :
Download full text (4.5 KiB)

Hello,

on armv4t (neo freerunner) we're using xorg from git master and 1.7 branch. There is reproducible segfault in miPointerUpdateSprite()

Not sure where exactly, because first it occured in miDCRestoreUnderCursor(), so commented this function out and tested again and it occured in miDCSaveUnderCursor(), so I commented this one too and it occured in miDCPutUpCursor().

With all miPointerUpdateSprite() calls commented out it works good (just cursor background isn't redrawn).

Another workaround is to run Xorg with -nocursor.

Easiest way to reproduce this is run terminal (vala-terminal) and on screen keyboard (illume-keyboard) and type wery quickly. Maybe its because every key-press is highlighted with key drawn slightly above keyboard, so we're redrawing the same part of screen twice (for cursor-left redraw and key up&down - maybe some concurrency).

Maybe the problem lives in DDX driver for SMedia Glamo graphics http://git.openmoko.org/?p=xf86-video-glamo.git;a=summary

   1.
      Program received signal SIGSEGV, Segmentation fault.
   2.
      [Switching to Thread 0x4001edc0 (LWP 1701)]
   3.
      0x0013c9b4 in miDCRestoreUnderCursor ()
   4.
      Current language: auto; currently asm
   5.
      (gdb) back
   6.
      #0 0x0013c9b4 in miDCRestoreUnderCursor ()
   7.
      #1 0x00160780 in miSpriteRemoveCursor ()
   8.
      #2 0x00160934 in miSpriteSetCursor ()
   9.
      #3 0x00160a40 in miSpriteMoveCursor ()
  10.
      #4 0x00056ad4 in miPointerUpdateSprite ()
  11.
      #5 0x0009da28 in ProcXTestFakeInput ()
  12.
      #6 0x0004fc58 in Dispatch ()
  13.
      #7 0x000216a8 in main ()
  14.

  15.
      /* now i commented miDCRestoreUnderCursor out from Xorg */
  16.

  17.
      Program received signal SIGSEGV, Segmentation fault.
  18.
      [Switching to Thread 0x4001edc0 (LWP 2175)]
  19.
      0x0013c8e4 in miDCSaveUnderCursor ()
  20.
      Current language: auto; currently asm
  21.
      (gdb) back
  22.
      #0 0x0013c8e4 in miDCSaveUnderCursor ()
  23.
      #1 0x001602d4 in miSpriteSaveUnderCursor ()
  24.
      #2 0x0016078c in miSpriteSetCursor ()
  25.
      #3 0x001608e0 in miSpriteMoveCursor ()
  26.
      #4 0x00056ad4 in miPointerUpdateSprite ()
  27.
      #5 0x0009da28 in ProcXTestFakeInput ()
  28.
      #6 0x0004fc58 in Dispatch ()
  29.
      #7 0x000216a8 in main ()
  30.

  31.
      /* now i commented miDCSaveUnderCursor out from Xorg */
  32.

  33.
      Program received signal SIGSEGV, Segmentation fault.
  34.
      [Switching to Thread 0x4001edc0 (LWP 2306)]
  35.
      0x0013d500 in miDCPutUpCursor ()
  36.
      Current language: auto; currently asm
  37.
      (gdb) back
  38.
      #0 0x0013d500 in miDCPutUpCursor ()
  39.
      #1 0x0015ffc8 in miSpriteRestoreCursor ()
  40.
      #2 0x00160734 in miSpriteMoveCursor ()
  41.
      #3 0x00056ad4 in miPointerUpdateSprite ()
  42.
      #4 0x0009da20 in ProcXTestFakeInput ()
  43.
      #5 0x0004fc58 in Dispatch ()
  44.
      #6 0x000216a8 in main ()
  45.

  46.
      /* It works ok when I removed every miPointerUpdateSprite call, or when Xorg is executed with -nocursor */
  47.
  ...

Read more...

Revision history for this message
In , Martin Jansa (martin-jansa) wrote :

Created attachment 29880
backtrace - better format

Revision history for this message
In , Swhite-freedesktop (swhite-freedesktop) wrote :

Bug 29212 and bug 27942 look similar to this one.

Revision history for this message
Dmitry (pfzim) wrote :
Revision history for this message
Dmitry (pfzim) wrote :
Revision history for this message
Dmitry (pfzim) wrote :
Revision history for this message
Dmitry (pfzim) wrote :
Revision history for this message
Dmitry (pfzim) wrote :
Dmitry (pfzim)
description: updated
Dmitry (pfzim)
summary: - X crashes after connect bluetooth keyboard
+ Xorg crashes after connect bluetooth keyboard
Revision history for this message
Dmitry (pfzim) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "midispcur.c.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Bryce Harrington (bryce)
tags: added: precise
Bryce Harrington (bryce)
Changed in xorg-server (Ubuntu Precise):
status: New → Fix Committed
Changed in xorg-server (Ubuntu Oneiric):
status: New → Triaged
Changed in xorg-server (Ubuntu Lucid):
status: New → Triaged
importance: Undecided → High
Changed in xorg-server (Ubuntu Precise):
importance: Undecided → High
Changed in xorg-server (Ubuntu Oneiric):
importance: Undecided → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xorg-server - 2:1.11.4-0ubuntu8

---------------
xorg-server (2:1.11.4-0ubuntu8) precise; urgency=low

  [ Chase Douglas ]
  * Fix crash at startup due to input option abi break (LP: #931397)
    - Revert two commits from upstream 1.12 input stack

  [ Bryce Harrington ]
  * debian/patches/227_null_ptr_midispcur.patch:
    - Check for NULL pointer before dereferencing pointer from
      miGetDCDevice. Fixes crash after connecting a bluetooth keyboard.
      (LP: #930936)

  [ Chase Douglas ]
  * Fix mouse warping and clipping (LP: #948938)
    - Add temporary patch 503_fix_mouse_warp.patch
  * Implement passive touch ungrab (LP: #968726)
    - Add temporary patch 503_implement_passive_touch_ungrab.patch
  * Bump lintian standards to 3.9.3
 -- Chase Douglas <email address hidden> Thu, 29 Mar 2012 18:09:19 -0700

Changed in xorg-server (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Dmitry (pfzim) wrote :

Thank you for release fix, but how about Ubuntu Oneiric? I use XBMCbuntu, it based on Ubuntu Oneiric. :-/

Revision history for this message
Timo Aaltonen (tjaalton) wrote :

please send the patch upstream, see http://www.x.org/wiki/Development/Documentation/SubmittingPatches

Revision history for this message
Chase Douglas (chasedouglas) wrote :

It looks like this wasn't actually enabled in the 1.11.4-0ubuntu8 package:

http://anonscm.debian.org/gitweb/?p=pkg-xorg/xserver/xorg-server.git;a=commitdiff;h=d8e24bf6634b0ef80a21ac1d1b13412d88aa7800;hp=3a70935e497c908419a2704e699e615d148718d3

This has been fixed in this packaging commit, and will be applied for 1.11.4-0ubuntu11:

http://anonscm.debian.org/gitweb/?p=pkg-xorg/xserver/xorg-server.git;a=commitdiff;h=5042d16f315953b76dc59a6d8063638a42f23b18;hp=362e84eae058b86a7a67b8993d0a1a2b57fac9a1

Changed in xorg-server (Ubuntu Precise):
status: Fix Released → Fix Committed
description: updated
Bryce Harrington (bryce)
Changed in xorg-server (Ubuntu Oneiric):
status: Triaged → Fix Committed
Revision history for this message
Clint Byrum (clint-fewbar) wrote :

Hello Xorg devs!

It would appear that this fix was already released for precise, as of 2:1.11.4-0ubuntu10.1 the message shows:

  [ Bryce Harrington ]
  * Enable 227_null_ptr_midispcur.patch to apply

That version was included in Quantal, so this is all Fix Released for precise and quantal. Just wanted to clarify that before accepting into oneiric-proposed.

Changed in xorg-server (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in xorg-server (Ubuntu):
status: Fix Committed → Fix Released
tags: added: verification-needed
Revision history for this message
Clint Byrum (clint-fewbar) wrote : Please test proposed package

Hello Dmitry, or anyone else affected,

Accepted xorg-server into oneiric-proposed. The package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Revision history for this message
Bryce Harrington (bryce) wrote :

Given this has been in -proposed for several months now without apparent incident, can we push it out?

Revision history for this message
Steve Langasek (vorlon) wrote :

Do we know that anyone is using the oneiric-proposed X server at all?

Silence is not a very confidence-inspiring metric.

Revision history for this message
Dmitry (pfzim) wrote :

Continue crashing

Revision history for this message
Bryce Harrington (bryce) wrote :

@Dmitry, "continue crashing" - do you have Xorg from oneiric-proposed installed? Post your /var/log/Xorg.0.log.old from after a crash.

Revision history for this message
Brian Murray (brian-murray) wrote : Verification still needed

The fix for this bug has been awaiting testing feedback in the -proposed repository for oneiric for more than 90 days. Please test this fix and update the bug appropriately with the results. In the event that the fix for this bug is still not verified 15 days from now, the package will be removed from the -proposed repository.

tags: added: removal-candidate
Revision history for this message
Dmitry (pfzim) wrote :

You a crazy!
Look at patch. It add only:
if (!pBuffer)
       return FALSE;

I don't how to install -proposed, it's too difficult.

Revision history for this message
Dmitry (pfzim) wrote :

Yesterday I install xserver from oneiric-proposed. Don't know do this correct or not, but bluetooth keyboard work without crash xserver.

Brian Murray (brian-murray)
tags: added: verification-done
removed: verification-needed
tags: removed: removal-candidate
Revision history for this message
Colin Watson (cjwatson) wrote : Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xorg-server - 2:1.10.4-1ubuntu4.3

---------------
xorg-server (2:1.10.4-1ubuntu4.3) oneiric-proposed; urgency=low

  * debian/patches/227_null_ptr_midispcur.patch:
    - Check for NULL pointer before dereferencing pointer from
      miGetDCDevice. Fixes crash after connecting a bluetooth keyboard.
      (LP: #930936)
 -- Bryce Harrington <email address hidden> Thu, 17 May 2012 19:20:08 -0700

Changed in xorg-server (Ubuntu Oneiric):
status: Fix Committed → Fix Released
todaioan (alan-ar06)
Changed in xorg-server (Ubuntu Lucid):
status: Triaged → Fix Committed
Adolfo Jayme Barrientos (fitojb)
Changed in xorg-server (Ubuntu Lucid):
status: Fix Committed → Triaged
Revision history for this message
In , Bryce Harrington (bryce) wrote :

Created attachment 74395
227_null_ptr_midispcur.patch

The stacktrace looks very similar to the one in this downstream Ubuntu bug:
https://bugs.launchpad.net/xorg-server/+bug/930936

The patch we added to Ubuntu for that bug is attached. It was confirmed to fix the issue by that user, but would be helpful if others could test it as well.

Bug Watch Updater (bug-watch-updater)
Changed in xorg-server:
importance: Unknown → High
status: Unknown → Confirmed
Revision history for this message
In , Peter Hutterer (peter-hutterer) wrote :

(In reply to comment #3)
> The patch we added to Ubuntu for that bug is attached. It was confirmed to
> fix the issue by that user, but would be helpful if others could test it as
> well.

it doesn't fix the issue, it merely papers over the crash. would be useful to find a reproducible test case for the upstream git server. What versions do you see this one on? launchpad suggests 1.10 and 1.11, both of which are out of date by now.

Revision history for this message
Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in xorg-server (Ubuntu Lucid):
status: Triaged → Won't Fix
Revision history for this message
In , Gitlab-migration (gitlab-migration) wrote :

-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/xserver/issues/383.

Bug Watch Updater (bug-watch-updater)
Changed in xorg-server:
status: Confirmed → Unknown
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.