Debian
xserver-xorg-input-synaptics package

  1. Bug #1172094
  2. Comment #6

Comment 6 for bug 1172094

Revision history for this message
In , Kevin-freedesktop-bugz (kevin-freedesktop-bugz) wrote :

I believe I've been encountering the same crash, though I usually get it a few minutes after resuming from suspend. This is on an ASUS EeePC 1005HA running Debian Wheezy The Debian package is xserver-xorg-core 2:1.12.1.902-1. The log shows this:

[ 12941.730] (--) synaptics: SynPS/2 Synaptics TouchPad: touchpad found
[ 13139.273]
[ 13139.273] Backtrace:
[ 13139.347] 0: /usr/bin/Xorg (xorg_backtrace+0x49) [0xb7772099]
[ 13139.347] 1: /usr/bin/Xorg (0xb75f5000+0x180a86) [0xb7775a86]
[ 13139.347] 2: (vdso) (__kernel_rt_sigreturn+0x0) [0xb75d640c]
[ 13139.347] 3: /usr/bin/Xorg (XIChangeDeviceProperty+0x198) [0xb770d188]
[ 13139.348] 4: /usr/bin/Xorg (0xb75f5000+0x118829) [0xb770d829]
[ 13139.348] 5: /usr/bin/Xorg (0xb75f5000+0x10f7d4) [0xb77047d4]
[ 13139.348] 6: /usr/bin/Xorg (0xb75f5000+0x3c365) [0xb7631365]
[ 13139.348] 7: /usr/bin/Xorg (0xb75f5000+0x29e95) [0xb761ee95]
[ 13139.348] 8: /lib/i386-linux-gnu/i686/cmov/libc.so.6 (__libc_start_main+0xe6) [0xb7293e46]
[ 13139.348] 9: /usr/bin/Xorg (0xb75f5000+0x2a1e9) [0xb761f1e9]
[ 13139.348]
[ 13139.349] Segmentation fault at address 0x9
[ 13139.349]
Fatal server error:
[ 13139.349] Caught signal 11 (Segmentation fault). Server aborting

I got a core file as well:

Core was generated by `/usr/bin/Xorg :0 -br -verbose -novtswitch -auth /var/run/gdm3/auth-for-Debian-g'.
Program terminated with signal 11, Segmentation fault.
#0 XIChangeDeviceProperty (dev=dev@entry=0xb7bcd898, property=135, type=type@entry=19, format=format@entry=8, mode=<optimized out>, mode@entry=0, len=len@entry=1,
    value=value@entry=0xbfbfb16f, sendevent=sendevent@entry=1) at ../../Xi/xiproperty.c:772
772 ../../Xi/xiproperty.c: No such file or directory.
(gdb) bt
#0 XIChangeDeviceProperty (dev=dev@entry=0xb7bcd898, property=135, type=type@entry=19, format=format@entry=8, mode=<optimized out>, mode@entry=0, len=len@entry=1,
    value=value@entry=0xbfbfb16f, sendevent=sendevent@entry=1) at ../../Xi/xiproperty.c:772
#1 0xb75c2aa3 in DisableDevice (dev=dev@entry=0xb7bcd898, sendevent=sendevent@entry=1 '\001') at ../../dix/devices.c:481
#2 0xb75c2ced in RemoveDevice (dev=dev@entry=0xb7bcd898, sendevent=sendevent@entry=1 '\001') at ../../dix/devices.c:1059
#3 0xb7618fac in DeleteInputDeviceRequest (pDev=0xb7bcd898) at ../../../../hw/xfree86/common/xf86Xinput.c:1013
#4 0xb75be4d0 in CloseDeviceList (listHead=listHead@entry=0xb7784444) at ../../dix/devices.c:964
#5 0xb75befa0 in CloseDownDevices () at ../../dix/devices.c:993
#6 0xb7716595 in AbortServer () at ../../os/log.c:475
#7 0xb77166c5 in FatalError (f=f@entry=0xb773b448 "Caught signal %d (%s). Server aborting\n") at ../../os/log.c:611
#8 0xb770eae8 in OsSigHandler (sip=0xbfbfb4ac, signo=11, unused=<optimized out>) at ../../os/osinit.c:146
#9 OsSigHandler (signo=11, sip=0xbfbfb4ac, unused=0xbfbfb52c) at ../../os/osinit.c:107
#10 <signal handler called>
#11 XIChangeDeviceProperty (dev=0xb7bcd898, property=property@entry=281, type=19, format=format@entry=8, mode=<optimized out>, len=1, value=value@entry=0xb7c52ddc,
    sendevent=sendevent@entry=1) at ../../Xi/xiproperty.c:772
#12 0xb76a6829 in change_property (data=0xb7c52ddc, len=<optimized out>, mode=<optimized out>, format=8, type=<optimized out>, property=281, dev=<optimized out>,
    client=<optimized out>) at ../../Xi/xiproperty.c:354
#13 ProcXChangeDeviceProperty (client=0xb7c3cf40) at ../../Xi/xiproperty.c:908
#14 0xb769d7d4 in ProcIDispatch (client=0xb7c3cf40) at ../../Xi/extinit.c:410
#15 0xb75ca365 in Dispatch () at ../../dix/dispatch.c:428
#16 0xb75b7e95 in main (argc=10, argv=0xbfbfba54, envp=0xbfbfba80) at ../../dix/main.c:288
(gdb) frame 11
#11 XIChangeDeviceProperty (dev=0xb7bcd898, property=property@entry=281, type=19, format=format@entry=8, mode=<optimized out>, len=1, value=value@entry=0xb7c52ddc,
    sendevent=sendevent@entry=1) at ../../Xi/xiproperty.c:772
772 if (handler->SetProperty) {
(gdb) list
767 * checkonly FALSE. Handlers MUST return error codes on the
768 * checkonly run, errors on the second run are ignored */
769 do {
770 handler = dev->properties.handlers;
771 while (handler) {
772 if (handler->SetProperty) {
773 rc = handler->SetProperty(dev, prop->propertyName,
774 &new_value, checkonly);
775 if (checkonly && rc != Success) {
776 free(new_value.data);
(gdb) p handler
$1 = (XIPropertyHandlerPtr) 0x1
(gdb) p handler->SetProperty
Cannot access memory at address 0x9

Note that this gives the address as 0x9, same as the log file. I believe this has been the address listed in the log every time I've seen this crash.

(gdb) p *dev
$2 = {public = {devicePrivate = 0xb7bb95f0, processInputProc = 0xb76c81a0 <ProcessKeyboardEvent>, realInputProc = 0xb76c81a0 <ProcessKeyboardEvent>,
    enqueueInputProc = 0xb75d2590 <EnqueueEvent>, on = 0}, next = 0x0, startup = 1, deviceProc = 0xb6710110, inited = 1, enabled = 0, coreEvents = 4, deviceGrab = {
    grabTime = {months = 0, milliseconds = 5068631}, fromPassiveGrab = 0, implicitGrab = 0, activeGrab = 0xb7bcdb48, grab = 0x0, activatingKey = 0 '\000',
    ActivateGrab = 0xb75dafc0 <ActivateKeyboardGrab>, DeactivateGrab = 0xb75dade0 <DeactivateKeyboardGrab>, sync = {frozen = 0, state = 0, other = 0x0,
      event = 0xb7bcde50}}, type = 3, xinput_type = 96, name = 0xb7bce088 "SynPS/2 Synaptics TouchPad", id = 13, key = 0x0, valuator = 0xb7bce6b8, touch = 0xb7bd02a8,
  button = 0xb7bce160, focus = 0x0, proximity = 0x0, kbdfeed = 0x0, ptrfeed = 0xb7bd0148, intfeed = 0x0, stringfeed = 0x0, bell = 0x0, leds = 0x0, xkb_interest = 0x0,
  config_info = 0xb7bce0a8 "udev:/sys/devices/platform/i8042/serio1/input/input8/event8", unused_classes = 0x0, saved_master_id = 0, devPrivates = 0xb7bcdb00,
  unwrapProc = 0xb76c6560 <xkbUnwrapProc>, spriteInfo = 0xb7bcdae4, master = 0x0, lastSlave = 0x0, last = {valuators = {3322.2696093537093, 3055.4704689213017,
      -13769.111570356075, 272483.30117348192, 0 <repeats 32 times>}, numValuators = 4, slave = 0x0, scroll = 0xb7bce7d0, num_touches = 2, touches = 0xb7bd07f0},
  properties = {properties = 0xb7bd2588, handlers = 0xb7bd25c0}, transform = {m = {{0, 0, 0}, {0, 0, 0}, {0, 0, 0}}}, xtest_master_id = 0}

Looks like it might be an issue in Synaptics.

(gdb) p dev->properties.handlers
$3 = (XIPropertyHandlerPtr) 0xb7bd25c0
(gdb) p dev->properties.handlers->next
$4 = (struct _XIPropertyHandler *) 0xb7bd0130
(gdb) p dev->properties.handlers->next->next
$5 = (struct _XIPropertyHandler *) 0xb7bd00a8
(gdb) p dev->properties.handlers->next->next->next
$6 = (struct _XIPropertyHandler *) 0xb7bd0020
(gdb) p dev->properties.handlers->next->next->next->next
$7 = (struct _XIPropertyHandler *) 0xb7bcff98
(gdb) p dev->properties.handlers->next->next->next->next->next
$8 = (struct _XIPropertyHandler *) 0x1
(gdb) p *dev->properties.handlers->next->next->next->next
$9 = {next = 0x1, id = 1, SetProperty = 0xb75e9e10 <AccelSetProfileProperty>, GetProperty = 0, DeleteProperty = 0}

The handler with the invalid "next" pointer has AccelSetProfileProperty for its SetProperty member. I hope that helps narrow it down.