ubuntu-x-swat team mailing list archive

Thread
Date

[Bug 767159] Re: udevadm trigger --action=change crashes X.Org Server

To: ubuntu-x-swat@xxxxxxxxxxxxxxxxxxx
From: Michael Thayer <767159@xxxxxxxxxxxxxxxxxx>
Date: Wed, 09 Nov 2011 10:44:49 -0000
Reply-to: Bug 767159 <767159@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I intercepted this in gdb, with the following result (unfortunately I
couldn't find a debug symbol package for the evdev driver):

Program received signal SIGSEGV, Segmentation fault.
0x00960600 in ?? () from /usr/lib/xorg/modules/input/evdev_drv.so
(gdb) bt
#0  0x00960600 in ?? () from /usr/lib/xorg/modules/input/evdev_drv.so
#1  0x08076243 in WakeupHandler (result=1, pReadmask=0x82463e0)
    at ../../dix/dixutils.c:419
#2  0x080a3fa5 in WaitForSomething (pClientsReady=0x8fdeca8)
    at ../../os/WaitFor.c:235
#3  0x08071ed2 in Dispatch () at ../../dix/dispatch.c:367
#4  0x0806470c in main (argc=8, argv=0xbf968064, envp=0xbf968088)
    at ../../dix/main.c:287
(gdb) frame 1
#1  0x08076243 in WakeupHandler (result=1, pReadmask=0x82463e0)
    at ../../dix/dixutils.c:419
419	../../dix/dixutils.c: No such file or directory.
	in ../../dix/dixutils.c
(gdb) p i
$1 = 3
(gdb) p handlers[i]
$2 = {BlockHandler = 0x9604b0, WakeupHandler = 0x9605e0, 
  blockData = 0x8fd06f8, deleted = 1}
(gdb) frame 0
#0  0x00960600 in ?? () from /usr/lib/xorg/modules/input/evdev_drv.so
(gdb) disassemble 0x9605e0,0x00960620
Dump of assembler code from 0x9605e0 to 0x960620:
   0x009605e0:	sub    $0xc,%esp
   0x009605e3:	mov    %esi,0x4(%esp)
   0x009605e7:	mov    0x10(%esp),%esi
   0x009605eb:	mov    %ebx,(%esp)
   0x009605ee:	mov    %edi,0x8(%esp)
   0x009605f2:	call   0x95bca7
   0x009605f7:	add    $0x59fd,%ebx
   0x009605fd:	mov    0x2c(%esi),%eax
=> 0x00960600:	cmpb   $0x0,0x1a5(%eax)
   0x00960607:	jne    0x960618
   0x00960609:	mov    (%esp),%ebx
   0x0096060c:	mov    0x4(%esp),%esi
   0x00960610:	mov    0x8(%esp),%edi
   0x00960614:	add    $0xc,%esp
   0x00960617:	ret    
   0x00960618:	mov    0x1b0(%eax),%edi
   0x0096061e:	call   0x95ba4c <GetTimeInMillis@plt>
End of assembler dump.
(gdb) info registers 
eax            0x19	25
ecx            0x91836a8	152581800
edx            0x8fd06f8	150800120
ebx            0x965ff4	9854964
esp            0xbf967c70	0xbf967c70
ebp            0x1	0x1
esi            0x8fd06f8	150800120
edi            0x20	32
eip            0x960600	0x960600
eflags         0x13212	[ AF IF #12 #13 RF ]
cs             0x73	115
ss             0x7b	123
ds             0x7b	123
es             0x7b	123
fs             0x0	0
gs             0x33	51
(gdb) 
Matching the evdev source code to the disassembly, it looks like the crash is at line:
xserver-xorg-input-evdev-2.6.0/src/emuMB.c:273:     if (pEvdev->emulateMB.pending)
with pEvdev == 0x19.

-- 
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to xorg-server in Ubuntu.
https://bugs.launchpad.net/bugs/767159

Title:
  udevadm trigger --action=change crashes X.Org Server

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/767159/+subscriptions

References

[Bug 767159] [NEW] udevadm trigger --action=change crashes X.Org Server
From: Michael Thayer, 2011-04-20