Ubuntu
xserver-xorg-input-evdev package

Xorg crashed with SIGSEGV in RemoveDevice() - segfault at 1010 error 4 in evdev_drv.so

Bug #709977 reported by Jean-Baptiste Lallement
218
This bug affects 38 people
Affects Status Importance Assigned to Milestone
xserver-xorg-input-evdev (Ubuntu)
Fix Released
Critical
Unassigned
Natty
Fix Released
Critical
Unassigned

Bug Description

After an upgrade to xserver-xorg-input-evdev | 1:2.6.0-1ubuntu1, X crashes at start when it adds the input device.
Downgrading to xserver-xorg-input-evdev 2.3.2-6ubuntu3 fixes the problem.

Here is the relevant bits of the Xorg.log:
[ 11.706] (II) config/udev: Adding input device Logitech USB Receiver (/dev/input/event3)
[ 11.706] (**) Logitech USB Receiver: Applying InputClass "evdev pointer catchall"
[ 11.706] (**) Logitech USB Receiver: Applying InputClass "evdev keyboard catchall"
[ 11.706] (**) Logitech USB Receiver: always reports core events
[ 11.706] (**) Logitech USB Receiver: Device: "/dev/input/event3"
[ 11.710] (--) Logitech USB Receiver: Found 12 mouse buttons
[ 11.710] (--) Logitech USB Receiver: Found scroll wheel(s)
[ 11.710] (--) Logitech USB Receiver: Found relative axes
[ 11.710] (--) Logitech USB Receiver: Found x and y relative axes
[ 11.710] (--) Logitech USB Receiver: Found absolute axes
[ 11.710]
Backtrace:
[ 11.710] 0: /usr/bin/X (xorg_backtrace+0x26) [0x45be16]
[ 11.710] 1: /usr/bin/X (0x400000+0x59c9a) [0x459c9a]
[ 11.710] 2: /lib/libpthread.so.0 (0x7f097981e000+0xfc80) [0x7f097982dc80]
[ 11.710] 3: /usr/lib/xorg/modules/input/evdev_drv.so (0x7f0974789000+0x639d) [0x7f097478f39d]
[ 11.710] 4: /usr/lib/xorg/modules/input/evdev_drv.so (0x7f0974789000+0x439d) [0x7f097478d39d]
[ 11.710] 5: /usr/bin/X (0x400000+0x87897) [0x487897]
[ 11.710] 6: /usr/bin/X (NewInputDeviceRequest+0x3b7) [0x487e87]
[ 11.710] 7: /usr/bin/X (0x400000+0x80588) [0x480588]
[ 11.710] 8: /usr/bin/X (0x400000+0x80b3e) [0x480b3e]
[ 11.710] 9: /usr/bin/X (config_init+0x9) [0x469349]
[ 11.710] 10: /usr/bin/X (InitInput+0x95) [0x466ee5]
[ 11.710] 11: /usr/bin/X (0x400000+0x218d6) [0x4218d6]
[ 11.710] 12: /lib/libc.so.6 (__libc_start_main+0xfe) [0x7f0978787d1e]
[ 11.710] 13: /usr/bin/X (0x400000+0x214b9) [0x4214b9]
[ 11.710] Segmentation fault at address 0x1010
[ 11.710]
Caught signal 11 (Segmentation fault). Server aborting

ProblemType: Crash
DistroRelease: Ubuntu 11.04
Package: xserver-xorg-core 2:1.9.0.902-1ubuntu4
ProcVersionSignature: Ubuntu 2.6.38-1.28-generic 2.6.38-rc2
Uname: Linux 2.6.38-1-generic x86_64
Architecture: amd64
DRM.card0.DP.1:
 status: disconnected
 enabled: disabled
 dpms: On
 modes:
 edid-base64:
DRM.card0.HDMI.A.1:
 status: disconnected
 enabled: disabled
 dpms: On
 modes:
 edid-base64:
Date: Sun Jan 30 01:21:19 2011
DistUpgraded: Fresh install
DistroCodename: natty
DistroVariant: ubuntu
ExecutablePath: /usr/bin/Xorg
GdmLog2: Not present
GraphicsCard: Subsystem: PC Partner Limited Device [174b:1482]
MachineType: Gigabyte Technology Co., Ltd. GA-890GPA-UD3H
ProcCmdline: /usr/bin/X :0 -br -verbose -auth /var/run/gdm/auth-for-gdm-a76dDR/database -nolisten tcp vt7
ProcCwd: /etc/X11
ProcEnviron:
 LANG=en_US.UTF-8
 PATH=(custom, no user)
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.38-1-generic root=UUID=30fc9e49-b3c8-4ea6-aec8-d504895ea7eb ro single
ProcKernelCmdLine_: BOOT_IMAGE=/boot/vmlinuz-2.6.38-1-generic root=UUID=30fc9e49-b3c8-4ea6-aec8-d504895ea7eb ro single
SegvAnalysis: Failure: Unknown offset literal: retq
Signal: 11
SourcePackage: xorg-server
StacktraceTop:
 ?? () from /usr/lib/xorg/modules/input/evdev_drv.so
 ?? ()
 ?? ()
 ?? () from /usr/lib/xorg/modules/input/evdev_drv.so
 ?? ()
Title: Xorg crashed with SIGSEGV
UnitySupportTest:

UserGroups:

dmi.bios.date: 07/23/2010
dmi.bios.vendor: Award Software International, Inc.
dmi.bios.version: FD
dmi.board.name: GA-890GPA-UD3H
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.board.version: x.x
dmi.chassis.type: 3
dmi.chassis.vendor: Gigabyte Technology Co., Ltd.
dmi.modalias: dmi:bvnAwardSoftwareInternational,Inc.:bvrFD:bd07/23/2010:svnGigabyteTechnologyCo.,Ltd.:pnGA-890GPA-UD3H:pvr:rvnGigabyteTechnologyCo.,Ltd.:rnGA-890GPA-UD3H:rvrx.x:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvr:
dmi.product.name: GA-890GPA-UD3H
dmi.sys.vendor: Gigabyte Technology Co., Ltd.
version.libdrm2: libdrm2 2.4.23-1ubuntu3
version.libgl1-mesa-glx: libgl1-mesa-glx 7.10-1ubuntu1
version.xserver-xorg: xserver-xorg 1:7.5+6ubuntu8
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:6.13.2+git20110124.fadee040-0ubuntu1
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.14.0-1ubuntu2
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:0.0.16+git20110107+b795ca6e-0ubuntu1

Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :
Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

Bug 709729 looks like a duplicate of this report.

Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

Setting to confirmed because of the very likely duplicates #709969, #709926, #709921, #709866, #709776, #709746, #709699, #709612

Changed in xorg-server (Ubuntu):
importance: Undecided → High
status: New → Confirmed
tags: added: regression-release
visibility: private → public
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 ?? () from /usr/lib/xorg/modules/input/evdev_drv.so
 ?? () from /usr/lib/xorg/modules/input/evdev_drv.so
 ?? ()
 ?? ()
 ?? ()

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

From the duplicates, only amd64 is affected.

summary: - Xorg crashed with SIGSEGV - segfault at 1010 error 4 in evdev_drv.so
+ Xorg crashed with SIGSEGV in RemoveDevice() - segfault at 1010 error 4
+ in evdev_drv.so
Jean-Baptiste Lallement (jibel)
Changed in xorg-server (Ubuntu Natty):
importance: High → Critical
Revision history for this message
Harry (harry33) wrote :

I very much doubt this is a bug in xorg-server (xserver 1.9 series).

The crash ([ 11.710] segmentation fault at address 0x1010) happens very clearly with Nvidia graphics cards and with nvidia-current binary drivers.
In fact with nvidia, the system will not even boot to gdm.
Also using wireless or bluetooth mouse causes x to crash.

But it is important to notice that this happens only with xserver-xorg-input-evdev_2.6.0 input driver (controlling mouse and kb).
Downgrading to previous version (2.3.2) fixes this completely.

This has also been tested with vanilla xserver-xorg-input-evdev (2.6.0) in Arch Linux and xserver 1.9.3 with same results.
So this is not Ubuntu-specific issue.

This might not even be a bug at all.
Evdev 2.6.0 might simply not support xserver 1.9.
Note, that evdev works well with xserver 1.10 series.
This can also be tested with the packages in xorg-edgers PPA.

The only issue, which can be considered a bug, is that this evdev driver (2.6.0) in Natty official repos:
- depends erraneously on virtual package xorg-input-abi-11 (which refers to xserver 1.9 series as a matter of fact)
- provides erraneously a virtual package xserver-xorg-input-11 (also refering to xserver 1.9 series).

Correct dependency is xorg-input-abi-12 and correct provided package is xserver-xorg-input-12.
This way this evdev 2.6.0 could not be even installed on systems with xserver 1.9.

Harry (harry33)
affects: xorg-server (Ubuntu Natty) → xserver-xorg-input-evdev (Ubuntu Natty)
Revision history for this message
Zuzkins (zuzkins-gmail) wrote :

for the downgrading part: it really helps.

Here is how i did it:

wgetted the package from https://launchpad.net/ubuntu/+source/xserver-xorg-input-evdev/1:2.3.2-6ubuntu3b1/+buildjob/2109048

and sudo dpkg -i xserver-xorg-input-evdev_2.3.2-6ubuntu3b1_amd64.deb

Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

See bug 709977 for packages to test.

Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

Wrong pasting, the bug number is bug 709915

Revision history for this message
Laurent Bigonville (bigon) wrote :

I can also confirm that it works with 1:2.6.0-1ubuntu2~nopatch101

Revision history for this message
Kees Cook (kees) wrote :

Fixed for me with 1:2.6.0-1ubuntu2~nopatch101, thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xserver-xorg-input-evdev - 1:2.6.0-1ubuntu2

---------------
xserver-xorg-input-evdev (1:2.6.0-1ubuntu2) natty; urgency=low

  * Disable patch 101-gestures.patch - Fix SIGSEGV in xserver.
    (LP: #709977)
 -- Bryce Harrington <email address hidden> Sun, 30 Jan 2011 10:06:05 -0800

Changed in xserver-xorg-input-evdev (Ubuntu Natty):
status: Confirmed → Fix Released
Revision history for this message
SheeEttin (sheeettin) wrote :

I wrangled an unstripped version of evdev into my system and I managed a better backtrace (I'm coming from bug #709915):

#0 0x00007fbc7c69c39d in GrailOpen (pInfo=0x1ffce20) at ../../src/evdev-grail.c:268
#1 0x00007fbc7c69a39d in EvdevProbe (drv=<value optimized out>, dev=<value optimized out>, flags=<value optimized out>)
    at ../../src/evdev.c:2021
#2 NewEvdevPreInit (drv=<value optimized out>, dev=<value optimized out>, flags=<value optimized out>)
    at ../../src/evdev.c:2277
#3 EvdevPreInit (drv=<value optimized out>, dev=<value optimized out>, flags=<value optimized out>)
    at ../../src/evdev.c:2218
#4 0x0000000000487897 in xf86NewInputDevice (idev=0x1ffcb10, pdev=0x7fff3d2c4278, enable=1 '\001')
    at ../../../../hw/xfree86/common/xf86Xinput.c:779
#5 0x0000000000487e87 in NewInputDeviceRequest (options=<value optimized out>, attrs=0x7fff3d2c4240, pdev=0x7fff3d2c4278)
    at ../../../../hw/xfree86/common/xf86Xinput.c:919
#6 0x0000000000480588 in device_added (udev_device=<value optimized out>) at ../../config/udev.c:186
#7 0x0000000000480a38 in wakeup_handler (data=<value optimized out>, err=<value optimized out>, read_mask=0x7ea700)
    at ../../config/udev.c:249
#8 0x00000000004362db in WakeupHandler (result=1, pReadmask=0x7ea700) at ../../dix/dixutils.c:419
#9 0x0000000000463766 in WaitForSomething (pClientsReady=0x1cf30a0) at ../../os/WaitFor.c:232
#10 0x00000000004407d2 in Dispatch () at ../../dix/dispatch.c:368
#11 0x000000000042190e in main (argc=8, argv=<value optimized out>, envp=<value optimized out>) at ../../dix/main.c:291

The output of gdb's "bt full" is attached.

Jean-Baptiste: you've noted in the summary that X is crashing in RemoveDevice() -- do we have the same bug here?

To post a comment you must log in.