Null pointer in `CursorInfoPtr` causes segfault in xf86ScreenMoveCursor
On NixOS unstable channel with vanilla xserver-1.20.7 (also occurs with xserver-1.20.5), gnome-shell 3.34.3
Using nvidia optimus with driver 440.59, linux-5.5.2. If this turns out to be an upstream NVidia issue I would appreciate suggestions on how to report there.
The crash seems to be triggered by selecting text in a table, or perhaps moving the cursor into a formatted table?
Open a large image (6000x4000 24bit color in my example) and move the cursor into the image display area.
In both cases the x session will suddenly terminate. I was able to recover a core from systemd/coredumpctl. In both cases the core file gives the same backtrace in gdb:
[New LWP 1690] [New LWP 1661] [Thread debugging using libthread_db enabled] Using host libthread_db library "/nix/store/wx1vk75bpdr65g6xwxbj4rw0pk04v5j3-glibc-2.27/lib/libthread_db.so.1". Core was generated by `/nix/store/9lchmjf9hxynnhgv53irz1xk9c7f2s7w-xorg-server-1.20.7/bin/X -config /n'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00000000004c0d05 in xf86ScreenMoveCursor () [Current thread is 1 (Thread 0x7f4c25f68700 (LWP 1690))] (gdb) bt #0 0x00000000004c0d05 in xf86ScreenMoveCursor () #1 0x00000000004c1472 in xf86MoveCursor () #2 0x0000000000583d0b in miPointerMoveNoEvent () #3 0x0000000000584b40 in miPointerSetPosition () #4 0x0000000000457a80 in positionSprite.part.0 () #5 0x000000000045819d in fill_pointer_events () #6 0x000000000045984f in GetPointerEvents () #7 0x0000000000459e40 in QueuePointerEvents () #8 0x00007f4c264da377 in xf86libinput_handle_event () from /nix/store/3035bbjpxgbvx0xv05fw0skk6qh5dj7h-xf86-input-libinput-0.28.2/lib/xorg/modules/input/libinput_drv.so #9 0x00007f4c264daa70 in xf86libinput_read_input () from /nix/store/3035bbjpxgbvx0xv05fw0skk6qh5dj7h-xf86-input-libinput-0.28.2/lib/xorg/modules/input/libinput_drv.so #10 0x0000000000599d63 in InputReady () #11 0x000000000059c3a1 in ospoll_wait () #12 0x0000000000599bae in InputThreadDoWork () #13 0x00007f4c2b656ef7 in start_thread () from /nix/store/y9zg6ryffgc5c9y67fcmfdkyyiivjzpj-glibc-2.27/lib/libpthread.so.0 #14 0x00007f4c2b58c2af in clone () from /nix/store/y9zg6ryffgc5c9y67fcmfdkyyiivjzpj-glibc-2.27/lib/libc.so.6 (gdb)
I can provide the core file if requested.