Skip to content

libinput NULL pointer dereference in is_libinput_device crashes X on udev-reload

This Lenovo P14s laptop will see a crash in X when upgrading some packages on Archlinux, with the following signature:

#9  0x00007f692465bab0 in <signal handler called> () at /usr/lib/libc.so.6
#10 0x00007f69214f3e8c in is_libinput_device (pInfo=0x0) at /usr/src/debug/xf86-input-libinput/xf86-input-libinput-1.3.0/src/xf86libinput.c:1479
#11 swap_registered_device (pInfo=0x55bbebcf7600) at /usr/src/debug/xf86-input-libinput/xf86-input-libinput-1.3.0/src/xf86libinput.c:1500
#12 xf86libinput_destroy (dev=<optimized out>) at /usr/src/debug/xf86-input-libinput/xf86-input-libinput-1.3.0/src/xf86libinput.c:1526
#13 xf86libinput_device_control (dev=<optimized out>, mode=<optimized out>)                                                                                at /usr/src/debug/xf86-input-libinput/xf86-input-libinput-1.3.0/src/xf86libinput.c:1552
#14 0x000055bbeaeb31d8 in CloseDevice (dev=0x55bbebd7fcb0) at ../xorg-server-21.1.8/dix/devices.c:971
#15 0x000055bbeaeb35e1 in RemoveDevice (dev=0x55bbebd7fcb0, sendevent=<optimized out>) at ../xorg-server-21.1.8/dix/devices.c:1186
#16 0x000055bbeafc47e9 in DeleteInputDeviceRequest (pDev=0x55bbebd7fcb0) at ../xorg-server-21.1.8/hw/xfree86/common/xf86Xinput.c:1142
#17 0x000055bbeb019467 in remove_device (backend=0x55bbeb0495a4 "udev", dev=0x55bbebd7fcb0) at ../xorg-server-21.1.8/config/config.c:91
#18 remove_devices (backend=0x55bbeb0495a4 "udev", config_info=0x55bbebf23ef0 "udev:/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input2/event2")             at ../xorg-server-21.1.8/config/config.c:103
#19 device_removed (device=<optimized out>) at ../xorg-server-21.1.8/config/udev.c:347
#20 0x000055bbeb0196d8 in socket_handler (fd=<optimized out>, ready=<optimized out>, data=<optimized out>) at ../xorg-server-21.1.8/config/udev.c:374
#21 0x000055bbeaf968c2 in ospoll_wait (ospoll=0x55bbeb46e540, timeout=<optimized out>) at ../xorg-server-21.1.8/os/ospoll.c:657
#22 0x000055bbeaf91ec9 in WaitForSomething (are_ready=<optimized out>) at ../xorg-server-21.1.8/os/WaitFor.c:208
#23 0x000055bbeae8136f in Dispatch () at ../xorg-server-21.1.8/dix/dispatch.c:492
#24 dix_main (envp=<optimized out>, argv=0x7ffc91871a28, argc=7) at ../xorg-server-21.1.8/dix/main.c:272
#25 main (argc=7, argv=0x7ffc91871a28, envp=<optimized out>) at ../xorg-server-21.1.8/dix/stubmain.c:34

What triggers the reproduction is: /usr/share/libalpm/scripts/systemd-hook udev-reload which happens as part of the upgrade process

Please let me know what information I can provide to help debug this. It seems that is_libinput_device should never get a NULL argument and swap_registered_device seems fishy in its loop, but I am not sure what to do.

Edited by Arthur Huillet
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information