Xorg crashes after connect bluetooth keyboard
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
X.Org X server |
Unknown
|
High
|
|||
xorg-server (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Lucid |
Won't Fix
|
High
|
Unassigned | ||
Oneiric |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Unassigned |
Bug Description
SRU Criteria
============
[Impact]
The X server may crash after connecting a bluetooth keyboard.
[Development Fix]
The Q series is not open for development yet.
[Stable Fix]
Please see the attached patch midispcur.c.patch.
[Test Case]
Connect a bluetooth keyboard and use it for five minutes. Check if X server has crashed.
[Regression Potential]
Low. The patch merely short circuits code that may dereference a NULL pointer. It is possible that this causes a further issue, but such an issue is likely to be at worst just as bad as without this fix.
Original Bug Report
===================
X crashes after connect bluetooth keyboard.
With bluetooth mouse everything ok, crash only when i connect keyboard.
After connecting the keyboard works and i can use it. Failure occurs in the interval between 30 seconds and 5 minutes after connecting. It does not depend on whether I'm typing on a keyboard or not.
On Ubuntu Lucid same error
ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: xserver-xorg 1:7.6+7ubuntu7.1
ProcVersionSign
Uname: Linux 3.0.0-15-generic i686
NonfreeKernelMo
ApportVersion: 1.23-0ubuntu4
Architecture: i386
Date: Sun Feb 12 16:08:39 2012
InstallationMedia: Ubuntu 11.10 "Oneiric" - Build i386 LIVE Binary 20120208-10:12
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: xorg
UpgradeStatus: No upgrade log present (probably fresh install)
description: | updated |
summary: |
- X crashes after connect bluetooth keyboard + Xorg crashes after connect bluetooth keyboard |
tags: | added: precise |
Changed in xorg-server (Ubuntu Precise): | |
status: | New → Fix Committed |
Changed in xorg-server (Ubuntu Oneiric): | |
status: | New → Triaged |
Changed in xorg-server (Ubuntu Lucid): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in xorg-server (Ubuntu Precise): | |
importance: | Undecided → High |
Changed in xorg-server (Ubuntu Oneiric): | |
importance: | Undecided → High |
Changed in xorg-server (Ubuntu Oneiric): | |
status: | Triaged → Fix Committed |
tags: |
added: verification-done removed: verification-needed |
tags: | removed: removal-candidate |
Changed in xorg-server (Ubuntu Lucid): | |
status: | Triaged → Fix Committed |
Changed in xorg-server (Ubuntu Lucid): | |
status: | Fix Committed → Triaged |
Changed in xorg-server: | |
importance: | Unknown → High |
status: | Unknown → Confirmed |
Changed in xorg-server: | |
status: | Confirmed → Unknown |
Hello,
on armv4t (neo freerunner) we're using xorg from git master and 1.7 branch. There is reproducible segfault in miPointerUpdate Sprite( )
Not sure where exactly, because first it occured in miDCRestoreUnde rCursor( ), so commented this function out and tested again and it occured in miDCSaveUnderCu rsor(), so I commented this one too and it occured in miDCPutUpCursor().
With all miPointerUpdate Sprite( ) calls commented out it works good (just cursor background isn't redrawn).
Another workaround is to run Xorg with -nocursor.
Easiest way to reproduce this is run terminal (vala-terminal) and on screen keyboard (illume-keyboard) and type wery quickly. Maybe its because every key-press is highlighted with key drawn slightly above keyboard, so we're redrawing the same part of screen twice (for cursor-left redraw and key up&down - maybe some concurrency).
Maybe the problem lives in DDX driver for SMedia Glamo graphics http:// git.openmoko. org/?p= xf86-video- glamo.git; a=summary
1. rCursor () rCursor () ursor () Sprite ()
Program received signal SIGSEGV, Segmentation fault.
2.
[Switching to Thread 0x4001edc0 (LWP 1701)]
3.
0x0013c9b4 in miDCRestoreUnde
4.
Current language: auto; currently asm
5.
(gdb) back
6.
#0 0x0013c9b4 in miDCRestoreUnde
7.
#1 0x00160780 in miSpriteRemoveC
8.
#2 0x00160934 in miSpriteSetCursor ()
9.
#3 0x00160a40 in miSpriteMoveCursor ()
10.
#4 0x00056ad4 in miPointerUpdate
11.
#5 0x0009da28 in ProcXTestFakeInput ()
12.
#6 0x0004fc58 in Dispatch ()
13.
#7 0x000216a8 in main ()
14.
15. rCursor out from Xorg */
/* now i commented miDCRestoreUnde
16.
17. erCursor () Sprite ()
Program received signal SIGSEGV, Segmentation fault.
18.
[Switching to Thread 0x4001edc0 (LWP 2175)]
19.
0x0013c8e4 in miDCSaveUnderCursor ()
20.
Current language: auto; currently asm
21.
(gdb) back
22.
#0 0x0013c8e4 in miDCSaveUnderCursor ()
23.
#1 0x001602d4 in miSpriteSaveUnd
24.
#2 0x0016078c in miSpriteSetCursor ()
25.
#3 0x001608e0 in miSpriteMoveCursor ()
26.
#4 0x00056ad4 in miPointerUpdate
27.
#5 0x0009da28 in ProcXTestFakeInput ()
28.
#6 0x0004fc58 in Dispatch ()
29.
#7 0x000216a8 in main ()
30.
31.
/* now i commented miDCSaveUnderCursor out from Xorg */
32.
33. Cursor () Sprite ()
Program received signal SIGSEGV, Segmentation fault.
34.
[Switching to Thread 0x4001edc0 (LWP 2306)]
35.
0x0013d500 in miDCPutUpCursor ()
36.
Current language: auto; currently asm
37.
(gdb) back
38.
#0 0x0013d500 in miDCPutUpCursor ()
39.
#1 0x0015ffc8 in miSpriteRestore
40.
#2 0x00160734 in miSpriteMoveCursor ()
41.
#3 0x00056ad4 in miPointerUpdate
42.
#4 0x0009da20 in ProcXTestFakeInput ()
43.
#5 0x0004fc58 in Dispatch ()
44.
#6 0x000216a8 in main ()
45.
46. Sprite call, or when Xorg is executed with -nocursor */
/* It works ok when I removed every miPointerUpdate
47.
...