Forwaring this bug from a Ubuntu reporter: https://bugs.edge.launchpad.net/ubuntu/+source/xorg-server/+bug/324368 [Problem] -synaptics can call XisbRead(NULL) in some circumstances. XisbRead doesn't check if the argument it's passed is NULL, and therefor segfaults at the point it dereferences the pointer. [Original Report] This happened during, or immediately after, a resume from RAM. I've suspended and resumed many other times without incident, so this may not be reproducible. #0 XisbRead (b=0x0) at ../../../../hw/xfree86/common/xisb.c:101 ret = <value optimized out> #1 0x00007f06594f4309 in ?? () from /usr/lib/xorg/modules/input//synaptics_drv.so #2 0x00007f06594f0c8a in ?? () from /usr/lib/xorg/modules/input//synaptics_drv.so #3 0x00000000004858bb in xf86Wakeup (blockData=<value optimized out>, err=<value optimized out>, pReadmask=<value optimized out>) at ../../../../hw/xfree86/common/xf86Events.c:271 sigstate = 1 LastSelectMask = (fd_set *) 0x7ddf20 devicesWithInput = {fds_bits = {16384, 0 <repeats 15 times>}} pInfo = (InputInfoPtr) 0x23ddfd0 #4 0x0000000000451cdb in WakeupHandler (result=1, pReadmask=0x7ddf20) at ../../dix/dixutils.c:418 i = 0 #5 0x00000000004ee4bf in WaitForSomething (pClientsReady=0x23dfaf0) at ../../os/WaitFor.c:231 i = 1 waittime = {tv_sec = 0, tv_usec = 923976} wt = (struct timeval *) 0x7fff79106740 timeout = <value optimized out> clientsReadable = {fds_bits = {0 <repeats 16 times>}} clientsWritable = {fds_bits = {35506112, 35585208, 35477280, 139665605120774, 108834960, 139665575263122, 126616504, 5472109, 35591776, 35591776, 35591776, 108834960, 35585208, 139665608215040, 84144416, 23161482}} curclient = <value optimized out> selecterr = 11 nready = <value optimized out> devicesReadable = {fds_bits = {0 <repeats 16 times>}} now = <value optimized out> someReady = 0 #6 0x000000000044dea0 in Dispatch () at ../../dix/dispatch.c:367 result = 0 client = (ClientPtr) 0x27bbe30 nready = -1 start_tick = <value optimized out> #7 0x0000000000433c0d in main (argc=10, argv=0x7fff79106938, envp=<value optimized out>) at ../../dix/main.c:397 i = 1 alwaysCheckForInput = {0, 1} ProblemType: Crash Architecture: amd64 DistroRelease: Ubuntu 9.04 ExecutablePath: /usr/bin/Xorg Package: xserver-xorg-core 2:1.5.99.902-0ubuntu1 ProcAttrCurrent: unconfined ProcCmdline: /usr/X11R6/bin/X :0 -br -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten tcp vt7 ProcEnviron: LC_COLLATE=C PATH=(custom, no user) LANG=en_GB.UTF-8 SHELL=/bin/zsh ProcVersion: Linux version 2.6.28-6-generic (buildd@crested) (gcc version 4.3.3 (Ubuntu 4.3.3-3ubuntu1) ) #17-Ubuntu SMP Fri Jan 30 15:35:08 UTC 2009
Created attachment 22501 [details] xorg.conf
Created attachment 22502 [details] lshal
Created attachment 22503 [details] lspci output
Created attachment 22504 [details] Xorg.0.log
Created attachment 22505 [details] [review] nullptr_xisbread.patch Checks for null pointer. (But why did -synaptics pass in a null ptr to begin with?)
I'm the original bug reporter, and am subscribed to this bug now if you need further information.
I looked at that code, but couldn't really find anything. Just putting a check for NULL in isn't really a solution either, we need to find the root of the problem, not just fix the symptom. Anything that makes this bug reproducible is appreciated.
Seems not to be easily reproducible. Both matt and kees saw the same crash, but only once each. They both saw it at the end of a convention in Berlin. Kees suspects it was related to yanking out a projector before/during/after a resume. I suspect matt was probably doing similarly (perhaps with the same model of projector). Unfortunately, as the conference is now over and the projectors were rented, we cannot test that hypothesis. But I hope it might provide a small clue.
Please note that Debian bugs 532375 and 541259 are also about this bug. As the submitter of one of those bugs, I was able to reproduce the problem so regularly that I had to uninstall the synaptics driver so that I didn't lose my session the majority of the times I resumed. I'm happy to provide more information or do more tests if that's needed.
Created attachment 30903 [details] [review] 0001-eventcomm-don-t-use-the-Xisb-buffers-for-reading.patch Janitor patch - don't use the Xisb buffers for eventcomm devices. This doesn't resolve the actual problem but since the use of the Xisb buffers was a bit dubious anyway it should rid it of that problem. Please let me know whether this patch fixes the issue.
The patch in comment #10 fixes the problem.
Pushed as commit 33413529dc35f0afc585d4297f86199393d19684. Thanks for testing!
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.