Xorg crashed with SIGABRT in libinput_device_config_tap_get_finger_count()

Bug #1655752 reported by TJ on 2017-01-11
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
X.Org X server
Unknown
Unknown
xorg-server (Debian)
New
Unknown
xserver-xorg-input-libinput (Ubuntu)
Medium
Unassigned
Xenial
Undecided
Unassigned
Yakkety
Undecided
Unassigned

Bug Description

Using Xubuntu 16.04, including light-locker, whenever the screen has been locked the X server will SIGABRT crash as soon as the user has entered their credentials. This happens 100% of the time.

The only related information I can find is a Debian bug report:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838462

I ran the crash report through gdb and it seems there is a null pointer dereference attempt for the 'device' without checking the pointer is valid.

        signo = 11
#6 <signal handler called>
No locals.
#7 libinput_device_config_tap_get_finger_count (device=0x0) at libinput.c:3075
No locals.
#8 0x00007fcb5c100953 in xf86libinput_parse_tap_option (device=0x0, pInfo=0x5616b20d54e0)
    at ../../src/xf86libinput.c:1686
        tap = <optimised out>
#9 xf86libinput_parse_options (device=0x0, driver_data=0x5616b23406a0, pInfo=0x5616b20d54e0)
    at ../../src/xf86libinput.c:2134
        options = 0x5616b2340700
#10 xf86libinput_pre_init (drv=<optimised out>, pInfo=0x5616b20d54e0, flags=<optimised out>)
    at ../../src/xf86libinput.c:2465
        driver_data = 0x5616b23406a0
        shared_device = <optimised out>
        libinput = <optimised out>
        device = 0x0
        path = <optimised out>
#11 0x00005616b0d0f998 in xf86NewInputDevice (pInfo=0x5616b20d54e0, pdev=pdev@entry=0x7ffce92a7c60,
    enable=<optimised out>) at ../../../../hw/xfree86/common/xf86Xinput.c:900
        drv = 0x5616b1c9a840
        dev = 0x0
        paused = 0
        rval = <optimised out>
        path = 0x5616b2092fb0 "libinput"
#12 0x00005616b0d1091e in NewInputDeviceRequest (options=<optimised out>, attrs=0x5616b23a4ad0,
    pdev=pdev@entry=0x7ffce92a7c60) at ../../../../hw/xfree86/common/xf86Xinput.c:1049
        pInfo = <optimised out>
        option = <optimised out>
        rval = <optimised out>
        is_auto = <optimised out>
#13 0x00007fcb5c0ff5e7 in xf86libinput_hotplug_device (hotplug=0x5616b23482c0)
    at ../../src/xf86libinput.c:2224
        dev = 0x5616b10c8a40 <LastSelectMask>
#14 0x00007fcb5c0ff82c in xf86libinput_hotplug_device_cb (client=<optimised out>, closure=<optimised out>)
    at ../../src/xf86libinput.c:2241
        hotplug = <optimised out>
#15 0x00005616b0cc5c71 in ProcessWorkQueue () at ../../dix/dixutils.c:526
        q = 0x5616b23a4960
        p = 0x5616b10c15d8 <workQueue>
#16 0x00005616b0e1c6dd in WaitForSomething (pClientsReady=pClientsReady@entry=0x5616b208caf0)
    at ../../os/WaitFor.c:176
        i = <optimised out>
        waittime = {tv_sec = 0, tv_usec = 32}
        wt = 0x0
        timeout = <optimised out>
        clientsReadable = {fds_bits = {0 <repeats 16 times>}}
        clientsWritable = {fds_bits = {0 <repeats 16 times>}}
        selecterr = <optimised out>
        nready = 0
        devicesReadable = {fds_bits = {0 <repeats 16 times>}}
        now = <optimised out>
        someReady = 0

ProblemType: Crash
DistroRelease: Ubuntu 16.04
Package: xserver-xorg-core 2:1.18.4-0ubuntu0.2
Uname: Linux 4.9.0-040900rc5-lowlatency x86_64
ApportVersion: 2.20.1-0ubuntu2.4
Architecture: amd64
CrashCounter: 1
Date: Wed Jan 11 18:06:23 2017
ExecutablePath: /usr/lib/xorg/Xorg
ExecutableTimestamp: 1478124781
ProcCmdline: /usr/lib/xorg/Xorg -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
ProcCwd: /
ProcEnviron:

Signal: 6
SourcePackage: xorg-server
StacktraceTop:
 libinput_device_config_tap_get_finger_count (device=0x0) at libinput.c:3075
 xf86libinput_parse_tap_option (device=0x0, pInfo=0x5616b20d54e0) at ../../src/xf86libinput.c:1686
 xf86libinput_parse_options (device=0x0, driver_data=0x5616b23406a0, pInfo=0x5616b20d54e0) at ../../src/xf86libinput.c:2134
 xf86libinput_pre_init (drv=<optimised out>, pInfo=0x5616b20d54e0, flags=<optimised out>) at ../../src/xf86libinput.c:2465
 xf86NewInputDevice (pInfo=0x5616b20d54e0, pdev=pdev@entry=0x7ffce92a7c60, enable=<optimised out>) at ../../../../hw/xfree86/common/xf86Xinput.c:900
Title: Xorg crashed with SIGABRT in libinput_device_config_tap_get_finger_count()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

TJ (tj) wrote :
information type: Private → Public

StacktraceTop:
 libinput_device_config_tap_get_finger_count () from /tmp/apport_sandbox_E5oWhM/usr/lib/x86_64-linux-gnu/libinput.so.10
 xf86libinput_pre_init () from /tmp/apport_sandbox_E5oWhM/usr/lib/xorg/modules/input/libinput_drv.so
 xf86NewInputDevice ()
 xf86libinput_hotplug_device () from /tmp/apport_sandbox_E5oWhM/usr/lib/xorg/modules/input/libinput_drv.so
 xf86libinput_hotplug_device_cb () from /tmp/apport_sandbox_E5oWhM/usr/lib/xorg/modules/input/libinput_drv.so

Changed in xorg-server (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
TJ (tj) wrote :

The NULL device bubbles up from

xserver-xorg-input-libinput-0.18.0/src/xf86libinput.c::xf86libinput_pre_init()

where it does

    is_subdevice = xf86libinput_is_subdevice(pInfo);
    if (!is_subdevice) {
       ...
    } else {
        InputInfoPtr parent;
        struct xf86libinput *parent_driver_data;

        parent = xf86libinput_get_parent(pInfo);
        if (!parent) {
            xf86IDrvMsg(pInfo, X_ERROR, "Failed to find parent device\n");
            goto fail;
        }
        xf86IDrvMsg(pInfo, X_INFO, "is a virtual subdevice\n");

        parent_driver_data = parent->private;
        shared_device = xf86libinput_shared_ref(parent_driver_data->shared_device);
        device = shared_device->device;
    }

At this point the parent device's private->shared_device->device node should provide a non-NULL pointer for the device.

Changed in xorg-server (Debian):
status: Unknown → New
TJ (tj) wrote :

The log file shows the input device(s) being removed upon system idle and the attempt to re-attach it failing.

TJ (tj) on 2017-01-15
no longer affects: xorg-server
Timo Aaltonen (tjaalton) on 2017-01-17
affects: xorg-server (Ubuntu) → xserver-xorg-input-libinput (Ubuntu)
TJ (tj) wrote :

I've backported the upstream fix to the Debian/Ubuntu package; Timo, are you able to update the Ubuntu packages for 16.04 + and also apply it to Debian package (I'll try to recall how to send the debdiff via email into the Debian bug tracker).

Changed in xserver-xorg-input-libinput (Ubuntu):
status: New → In Progress
assignee: nobody → TJ (tj)

The attachment "Debdiff containing backported upstream fix" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Timo Aaltonen (tjaalton) wrote :

debian and zesty already has 0.23 which fixed this

Changed in xserver-xorg-input-libinput (Ubuntu):
status: In Progress → Fix Released
TJ (tj) on 2017-01-20
Changed in xserver-xorg-input-libinput (Ubuntu):
assignee: TJ (tj) → nobody
Robie Basak (racb) wrote :

It looks like your backport also pulled in upstream commit 116cddba69b37246db564c1ddf772c0144c589f0. Was this intentional?

Hello TJ, or anyone else affected,

Accepted xserver-xorg-input-libinput into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/xserver-xorg-input-libinput/0.18.0-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in xserver-xorg-input-libinput (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed
Changed in xserver-xorg-input-libinput (Ubuntu Yakkety):
status: New → Fix Committed
Adam Conrad (adconrad) wrote :

Hello TJ, or anyone else affected,

Accepted xserver-xorg-input-libinput into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/xserver-xorg-input-libinput/0.19.0-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Timo Aaltonen (tjaalton) wrote :

TJ: this is still unverified

TJ (tj) wrote :

@Robie: "It looks like your backport also pulled in upstream commit 116cddba69b37246db564c1ddf772c0144c589f0. Was this intentional?"

No, from what I can see the backported commit 72bac84df9ce72f2baf730655ecc23f1692d1e64 removes and re-applies that specific change too.

@Timo: My local package version is higher than that in -proposed so it hadn't been applied locally. I'll report back after the next logout/reboot cycle.

TJ (tj) on 2017-02-21
tags: added: verification-done-xenial
Robie Basak (racb) wrote :

@TJ

Please could you explain what you tested and what the results were? Please also confirm the package version of the package you tested.

Changed in xserver-xorg-input-libinput (Ubuntu Xenial):
status: Fix Committed → Incomplete
Changed in xserver-xorg-input-libinput (Ubuntu Yakkety):
status: Fix Committed → Incomplete
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.