Bug 1535755
| Summary: | First stylus event causes libinput crash in tablet_update_artpen_rotation() | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Martin Kolman <mkolman> | ||||||||||||||||||||||||||||||||
| Component: | libinput | Assignee: | Peter Hutterer <peter.hutterer> | ||||||||||||||||||||||||||||||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||||||||||||||||||||||||||
| Severity: | unspecified | Docs Contact: | |||||||||||||||||||||||||||||||||
| Priority: | unspecified | ||||||||||||||||||||||||||||||||||
| Version: | 26 | CC: | alexl, bskeggs, caillon+fedoraproject, dchen, jglisse, john.j5live, mkolman, ofourdan, peter.hutterer, rhughes, rstrode, sandmann, xgl-maint | ||||||||||||||||||||||||||||||||
| Target Milestone: | --- | ||||||||||||||||||||||||||||||||||
| Target Release: | --- | ||||||||||||||||||||||||||||||||||
| Hardware: | x86_64 | ||||||||||||||||||||||||||||||||||
| OS: | Unspecified | ||||||||||||||||||||||||||||||||||
| URL: | https://retrace.fedoraproject.org/faf/reports/bthash/a7928d0c3595332fd93b493f252ab928fd8ed4eb | ||||||||||||||||||||||||||||||||||
| Whiteboard: | abrt_hash:079b81718618ad80c57f3608946015e3b6da275a; | ||||||||||||||||||||||||||||||||||
| Fixed In Version: | libinput-1.9.4-3.fc26 | Doc Type: | If docs needed, set a value | ||||||||||||||||||||||||||||||||
| Doc Text: | Story Points: | --- | |||||||||||||||||||||||||||||||||
| Clone Of: | Environment: | ||||||||||||||||||||||||||||||||||
| Last Closed: | 2018-02-20 16:38:53 UTC | Type: | --- | ||||||||||||||||||||||||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||||||||||||||||||||||||
| Documentation: | --- | CRM: | |||||||||||||||||||||||||||||||||
| Verified Versions: | Category: | --- | |||||||||||||||||||||||||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||||||||||||||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||||||||||||||||||||||
| Embargoed: | |||||||||||||||||||||||||||||||||||
| Attachments: |
|
||||||||||||||||||||||||||||||||||
|
Description
Martin Kolman
2018-01-18 02:08:35 UTC
Created attachment 1382699 [details]
File: backtrace
Created attachment 1382700 [details]
File: cgroup
Created attachment 1382701 [details]
File: core_backtrace
Created attachment 1382702 [details]
File: cpuinfo
Created attachment 1382703 [details]
File: dso_list
Created attachment 1382704 [details]
File: environ
Created attachment 1382705 [details]
File: exploitable
Created attachment 1382706 [details]
File: limits
Created attachment 1382707 [details]
File: maps
Created attachment 1382708 [details]
File: open_fds
Created attachment 1382709 [details]
File: proc_pid_status
Created attachment 1382710 [details]
File: var_log_messages
This looks like a libinput bug, can you verify this happens when you run sudo libinput debug-events from the tty? Best way for me to reproduce this is to have an evemu-record of the interaction that crashed it. Created attachment 1382848 [details]
evemu-record of using the aiptek tablet
(In reply to Peter Hutterer from comment #13) > This looks like a libinput bug, can you verify this happens when you run > sudo libinput debug-events from the tty? Yep - when I run it on a tty and touch the tablet with the stylus, it immediately segfaults (Segmentation fault). > > Best way for me to reproduce this is to have an evemu-record of the > interaction that crashed it. Attached a short interaction log (drawing on the tablet with the stylus) as comment 14. Was this recording from a neutral position? When I replay it here it doesn't crash but judging by the event sequence this was started when the pen was already in proximity of the tablet? If that's the case, please re-record, starting evemu before the pen is in proximity and stopping it after the pen left proximity again. ping? (In reply to Peter Hutterer from comment #17) > ping? Sorry, I was rather busy due to DevConf & related events. But I should be be able to do the recording in the next few days. Created attachment 1389477 [details]
evemu-record log started before the pen toched the tablet and ended after it left its sphere of influence
I recorded the log like this:
1) switched to a tty
2) connected the tablet
3) started recording while the pen was far from the tablet
4) moved the pen on tablet and startet to draw on it
5) moved the pen away from the tablet
6) stopped recording
Created attachment 1389478 [details]
evemu-record log of the pen never leaving the tablet
For comparison with the previous log I've recorded a log, where the pen never leaves the tablet:
1) switched to tty
2) connected the tablet
3) touched the tablet with the pen
4) started recording
5) drawn something on the tablet
6) stopped recording while the pen was still touching the tablet
I tested libinput 1.9.1, 1.9.4 and git master, none of them reproduce the crash. And none of them send events but that's because BTN_TOOL_PEN is never sent. What version of libinput are you using here? What other configuration do you have in place? I found the place where it crashes even though I can't figure out the event sequence that actually causes it to crash. To paper over this, please test this scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=24634583 The result of that will be that you don't get any events from the tablet, though that's already the case here anyway. Lemme know if that fixes the crash though, thanks. Ok, I think I found the issue while working on something else, but it's friday evening so consider this a brain dump only :) There's a mixup between BTN_TOOL_MOUSE and BTN_TOOL_AIRBRUSH in that we set the rotation axis inside libinput (because we have BTN_TOOL_MOUSE and ABS_TILT_X/Y). But then when checking for the axis, the tool type isn't set to MOUSE or LENS so we fall back on the regular tablet_update_artpen_rotation() check. That requires ABS_Z which doesn't exist on the device and boom, here's your NULL-pointer dereference. This happens on the first event because that's when we have to update all axes with the current value so the caller has the right information. Definitely a bug in libinput. Upstream bug is now: https://bugs.freedesktop.org/show_bug.cgi?id=104939 libinput-1.9.4-2.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-162d48a296 libinput-1.9.4-2.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-162d48a296 fwiw, I'm holiding back the libinput 1.10 release for this patch, please let me know if it fixes the issue. It'll only fix the crash, the tablet won't work because of other bugs. But hey, that's an improvement already ;) (In reply to Peter Hutterer from comment #26) > fwiw, I'm holiding back the libinput 1.10 release for this patch, please let > me know if it fixes the issue. It'll only fix the crash, the tablet won't > work because of other bugs. But hey, that's an improvement already ;) Sure, I'll try it out later today (later due to the crashes-your-session issue and I need my session till then :) ). So I figured out I can basically test this on a TTY without the danger of crashing my session. So I've tried it on a TTY with: libinput debug-events Then connecting the Aiptek tablet and drawing on it with the pen. That always crashed libinput before with libinput-1.9.0-1.fc26.x86_64 (segmentation fault), but it no longer happens and I get a stream of events instead when the pan is drawing on the tablet. So the update seems to work and fixes the crash (and I gave it positive karma). :) Thanks! Will merge this into the 1.10 release libinput-1.9.4-3.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-bdea546d95 libinput-1.9.4-3.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-bdea546d95 libinput-1.9.4-3.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report. |