Xorg crashes with AutoAddDevices "false"

Bug #931397 reported by Peter Wu on 2012-02-13
108
This bug affects 22 people
Affects Status Importance Assigned to Milestone
xorg-server (Ubuntu)
High
Chase Douglas
Precise
High
Chase Douglas

Bug Description

When AutoAddDevices is "false", Xorg crashes on startup. The xorg.conf file and a gdb session along with the command can be found at http://paste.ubuntu.com/840259/
For reference, with AutoAddDevices set to "true", the values are: http://paste.ubuntu.com/840271/

Tested with 2:1.11.4-0ubuntu1, the issue did not occur on Oneiric with and w/o xorg-edgers.
Installing xorg-edgers/ppa on Precise (version 2:1.11.99.902+git20120130.052ca3f2-0ubuntu0sarvatt2) solves the issue.

Timo Aaltonen (tjaalton) on 2012-02-14
Changed in xorg-server (Ubuntu):
importance: Undecided → High
status: New → Incomplete
status: Incomplete → Confirmed
Bryce Harrington (bryce) wrote :

Program received signal SIGSEGV, Segmentation fault.
__strcasecmp_l_sse42 () at ../sysdeps/x86_64/multiarch/strcmp-sse42.S:163
163 ../sysdeps/x86_64/multiarch/strcmp-sse42.S: No such file or directory.
(gdb) bt
#0 __strcasecmp_l_sse42 () at ../sysdeps/x86_64/multiarch/strcmp-sse42.S:163
#1 0x00005555555f37a2 in NewInputDeviceRequest (options=0x555555974c50, attrs=0x0, pdev=0x7fffffffe4b8)
    at ../../../../hw/xfree86/common/xf86Xinput.c:912
#2 0x00005555555e1136 in InitInput (argc=<optimized out>, argv=<optimized out>) at ../../../../hw/xfree86/common/xf86Init.c:893
#3 0x00005555555915d6 in main (argc=12, argv=<optimized out>, envp=<optimized out>) at ../../dix/main.c:258
(gdb) print *((InputOption*)0x555555974c50))
Junk after end of expression.
(gdb) print *((InputOption*)0x555555974c50)
$1 = {key = 0x555555974f00 "\220O\227UUU", value = 0x55555597a050 "CorePointer", next = 0x55555597a030}
(gdb) print *(((InputOption*)0x555555974c50)->next)
$2 = {key = 0x7ffff6006e6f <Address 0x7ffff6006e6f out of bounds>, value = 0x7ffff654f7c8 "\270\367T\366\377\177",
  next = 0x656d614e6e6f6974}
(gdb) print *(((InputOption*)0x555555974c50)->next->next)
Cannot access memory at address 0x656d614e6e6f6974
(gdb)

bugbot (bugbot) on 2012-02-23
tags: added: edgers
Peter Wu (lekensteyn) wrote :

Another setting that makes Xorg segfault is AutoEnableDevices "false". All these settings
have one common behavior: it xf86ConfigLayout.inputs to contain a list of devices.

In xf86Init.c:809 InitInput(), the loop is executed if the above condition (Auto*Devices
false) holds. An excerpt:
 808 /* Initialize all configured input devices */
 809 for (pInfo = xf86ConfigLayout.inputs; pInfo && *pInfo; pInfo++) {
 810 (*pInfo)->options = xf86AddNewOption((*pInfo)->options, "driver", (*pInfo)->driver);
 811 (*pInfo)->options = xf86AddNewOption((*pInfo)->options, "identifier", (*pInfo)->name);
 812 /* If one fails, the others will too */
 813 if (NewInputDeviceRequest((*pInfo)->options, NULL, &dev) == BadAlloc)
 814 break;
 815 }

Line 813 is the one to pay attention to. It passes xf86ConfigLayout.inputs->options to
NewInputDeviceRequest. This seems to be a XF86OptionPtr:
(gdb) print *(XF86OptionPtr)xf86ConfigLayout.inputs->options
$1 = {list = {next = 0x555555a17910}, opt_name = 0x555555a179a0 "CorePointer", opt_val = 0x555555a17980 "on", opt_used = 0, opt_comment = 0x0}

NewInputDeviceRequest expects an InputOption * which will look like:
(gdb) print *(InputOption*)xf86ConfigLayout.inputs->options
$2 = {key = 0x555555a17910 "@z\241UUU", value = 0x555555a179a0 "CorePointer", next = 0x555555a17980}
That's exactly the garbage that I got in the report. What's more important, what change
caused this? Xorg -configure segfaults as well, though I'm not sure if it's related to
this issue.

Peter Wu (lekensteyn) wrote :

Chase, I've subscribed you because you've committed a change here:
http://anonscm.debian.org/gitweb/?p=pkg-xorg/xserver/xorg-server.git;a=commitdiff;h=7ee1621364d2b6230bb1c02bbdb5b6abb74ad2ff

InputInfoPtr is not compatible with InputOption *, what should be done here?

Bryce Harrington (bryce) on 2012-02-24
Changed in xorg-server (Ubuntu):
assignee: nobody → Chase Douglas (chasedouglas)
milestone: none → ubuntu-12.04-beta-1
Martin Pitt (pitti) on 2012-03-02
Changed in xorg-server (Ubuntu):
milestone: ubuntu-12.04-beta-1 → ubuntu-12.04-beta-2
Fabian Köster (maestro-alubia) wrote :

Any progress on this? Anything I can do (debugging,...) to help?

tags: added: rls-mgr-p-tracking
Bryce Harrington (bryce) wrote :

<cnd> need to revert these two commits in our packaging branch:
<cnd> 7ee1621364d2b6230bb1c02bbdb5b6abb74ad2ff.
<cnd> 4b7dd4523c11ef4952b78e4164b2fa7b34588867

Chase Douglas (chasedouglas) wrote :

We are using a 1.11 xserver as our base, and then backporting the 1.12 input stack on top. Along the way, the input option api/abi was changed, but in a way that did not cause any compilation failures or even warnings due to bad programming style.

Two commits that were in the input stack were backported that were actually changes for the new input option abi instead of changes to the input subsystem. These commits may be found here:

http://anonscm.debian.org/gitweb/?p=pkg-xorg/xserver/xorg-server.git;a=commit;h=4b7dd4523c11ef4952b78e4164b2fa7b34588867

http://anonscm.debian.org/gitweb/?p=pkg-xorg/xserver/xorg-server.git;a=commit;h=7ee1621364d2b6230bb1c02bbdb5b6abb74ad2ff

Reverting these two commits fixes the crash.

Changed in xorg-server (Ubuntu Precise):
status: Confirmed → Fix Committed
Chase Douglas (chasedouglas) wrote :

The code path to trigger this bug occurs whenever either of the following occurs:

* An input device is created manually in xorg.conf or an xorg.conf.d snippet

* AutoAddDevices or AutoEnableDevices is set to false

Because these are very unusual scenarios, I plan to wait until after the beta 2 release freeze is lifted to release the fix into Precise.

Martin Pitt (pitti) on 2012-03-26
Changed in xorg-server (Ubuntu Precise):
milestone: ubuntu-12.04-beta-2 → ubuntu-12.04
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xorg-server - 2:1.11.4-0ubuntu8

---------------
xorg-server (2:1.11.4-0ubuntu8) precise; urgency=low

  [ Chase Douglas ]
  * Fix crash at startup due to input option abi break (LP: #931397)
    - Revert two commits from upstream 1.12 input stack

  [ Bryce Harrington ]
  * debian/patches/227_null_ptr_midispcur.patch:
    - Check for NULL pointer before dereferencing pointer from
      miGetDCDevice. Fixes crash after connecting a bluetooth keyboard.
      (LP: #930936)

  [ Chase Douglas ]
  * Fix mouse warping and clipping (LP: #948938)
    - Add temporary patch 503_fix_mouse_warp.patch
  * Implement passive touch ungrab (LP: #968726)
    - Add temporary patch 503_implement_passive_touch_ungrab.patch
  * Bump lintian standards to 3.9.3
 -- Chase Douglas <email address hidden> Thu, 29 Mar 2012 18:09:19 -0700

Changed in xorg-server (Ubuntu Precise):
status: Fix Committed → Fix Released
Pieter De Wit (pieter-insync) wrote :

Loaded for me, but none of the functions work:

Here is the output:

[ 69.849] (II) Using input driver 'evdev' for 'RF remote'
[ 69.849] (II) Loading /usr/lib/xorg/modules/input/evdev_drv.so
[ 69.849] (**) Option "SendCoreEvents"
[ 69.849] (**) RF remote: always reports core events
[ 69.849] (**) evdev: RF remote: Device: "/dev/input/dvb-ir"
[ 69.850] (--) evdev: RF remote: Vendor 0x70 Product 0x9202
[ 69.850] (--) evdev: RF remote: Found keys
[ 69.850] (II) evdev: RF remote: Configuring as keyboard
[ 69.850] (II) XINPUT: Adding extended input device "RF remote" (type: KEYBOARD, id 6)
[ 69.850] (**) Option "xkb_rules" "evdev"
[ 69.850] (**) Option "xkb_model" "evdev"
[ 69.850] (**) Option "xkb_layout" "us"
[ 69.853] (II) XKB: generating xkmfile /var/lib/xkb/server-D378AD8F86E560F712A83EE36E4E5E92C595B9BD.xkm

evtest shows the original events, Xserver is responding to the "normal" keys, not the remapped ones.

Thanks !

Chase Douglas (chasedouglas) wrote :

Hi Pieter,

Please file a new bug report for your issue. Then subscribe me.

Thanks!

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers