Bug 99390 - Xorg crashed with SIGABRT in libinput_device_config_tap_get_finger_count()
Summary: Xorg crashed with SIGABRT in libinput_device_config_tap_get_finger_count()
Status: RESOLVED DUPLICATE of bug 97117
Alias: None
Product: xorg
Classification: Unclassified
Component: Input/libinput (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Peter Hutterer
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-12 21:35 UTC by Tj
Modified: 2017-01-12 23:37 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Attachments
Xorg.log over lock/unlock event (52.18 KB, application/x-trash)
2017-01-12 21:35 UTC, Tj
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Tj 2017-01-12 21:35:22 UTC
Created attachment 128920 [details]
Xorg.log over lock/unlock event

Using Xubuntu 16.04, including light-locker, whenever the screen has been locked the X server will SIGABRT crash as soon as the user has entered their credentials. This happens 100% of the time.

The only related information I can find is a Debian bug report:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838462

I ran the crash report through gdb and it seems there is a null pointer dereference attempt for the 'device' without checking the pointer is valid.

DistroRelease: Ubuntu 16.04
Package: xserver-xorg-core 2:1.18.4-0ubuntu0.2
Uname: Linux 4.9.0-040900rc5-lowlatency x86_64

I ran the crash report through gdb and it seems there is a null pointer dereference attempt for the 'device' without checking the pointer is valid.

        signo = 11
#6 <signal handler called>
No locals.
#7 libinput_device_config_tap_get_finger_count (device=0x0) at libinput.c:3075
No locals.
#8 0x00007fcb5c100953 in xf86libinput_parse_tap_option (device=0x0, pInfo=0x5616b20d54e0)
    at ../../src/xf86libinput.c:1686
        tap = <optimised out>
#9 xf86libinput_parse_options (device=0x0, driver_data=0x5616b23406a0, pInfo=0x5616b20d54e0)
    at ../../src/xf86libinput.c:2134
        options = 0x5616b2340700
#10 xf86libinput_pre_init (drv=<optimised out>, pInfo=0x5616b20d54e0, flags=<optimised out>)
    at ../../src/xf86libinput.c:2465
        driver_data = 0x5616b23406a0
        shared_device = <optimised out>
        libinput = <optimised out>
        device = 0x0
        path = <optimised out>
#11 0x00005616b0d0f998 in xf86NewInputDevice (pInfo=0x5616b20d54e0, pdev=pdev@entry=0x7ffce92a7c60,
    enable=<optimised out>) at ../../../../hw/xfree86/common/xf86Xinput.c:900
        drv = 0x5616b1c9a840
        dev = 0x0
        paused = 0
        rval = <optimised out>
        path = 0x5616b2092fb0 "libinput"
#12 0x00005616b0d1091e in NewInputDeviceRequest (options=<optimised out>, attrs=0x5616b23a4ad0,
    pdev=pdev@entry=0x7ffce92a7c60) at ../../../../hw/xfree86/common/xf86Xinput.c:1049
        pInfo = <optimised out>
        option = <optimised out>
        rval = <optimised out>
        is_auto = <optimised out>
#13 0x00007fcb5c0ff5e7 in xf86libinput_hotplug_device (hotplug=0x5616b23482c0)
    at ../../src/xf86libinput.c:2224
        dev = 0x5616b10c8a40 <LastSelectMask>
#14 0x00007fcb5c0ff82c in xf86libinput_hotplug_device_cb (client=<optimised out>, closure=<optimised out>)
    at ../../src/xf86libinput.c:2241
        hotplug = <optimised out>




The NULL device bubbles up from

xserver-xorg-input-libinput-0.18.0/src/xf86libinput.c::xf86libinput_pre_init()

where it does

    is_subdevice = xf86libinput_is_subdevice(pInfo);
    if (!is_subdevice) {
       ...
    } else {
        InputInfoPtr parent;
        struct xf86libinput *parent_driver_data;

        parent = xf86libinput_get_parent(pInfo);
        if (!parent) {
            xf86IDrvMsg(pInfo, X_ERROR, "Failed to find parent device\n");
            goto fail;
        }
        xf86IDrvMsg(pInfo, X_INFO, "is a virtual subdevice\n");

        parent_driver_data = parent->private;
        shared_device = xf86libinput_shared_ref(parent_driver_data->shared_device);
        device = shared_device->device;
    }

At this point the parent device's private->shared_device->device node should provide a non-NULL pointer for the device.
Comment 1 Tj 2017-01-12 21:39:13 UTC
Note: I initially reported this as Ubuntu Bug

https://bugs.launchpad.net/xorg-server/+bug/1655752
Comment 2 Peter Hutterer 2017-01-12 23:37:26 UTC

*** This bug has been marked as a duplicate of bug 97117 ***


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.