Ubuntu
xserver-xorg-input-synaptics package

Crash when touching Apple trackpad with 11 fingers

Bug #974017 reported by Jussi Pakkanen
60
This bug affects 6 people
Affects Status Importance Assigned to Milestone
xserver-xorg-input-synaptics (Ubuntu)
Fix Released
Medium
Chase Douglas

Bug Description

The default number of touch records allocated in the synaptics driver is 10. The Apple multitouch trackpads support at least 11, which can occur spuriously with 10 fingers on the device. The synaptics driver does not do proper bounds checking on the touch record array, so when the 11th touch occurs the X server crashes.

Original bug report
===================
Using an Apple Magic Trackpad, pair it to the system and put down 11 fingers. Unity-2D will freeze immediately and after a while X gets restarted.

Running newest Precise with uTouch daily build PPA.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: unity-2d 5.8.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-21.34-generic 3.2.13
Uname: Linux 3.2.0-21-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0-0ubuntu4
Architecture: amd64
Date: Thu Apr 5 10:38:34 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120327.1)
PackageArchitecture: all
ProcEnviron:
 LANGUAGE=en_US:en
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/zsh
SourcePackage: unity-2d
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
Jussi Pakkanen (jpakkane) wrote :
Revision history for this message
Jussi Pakkanen (jpakkane) wrote :

This happens also with Unity 3D.

Omer Akram (om26er)
no longer affects: unity (Ubuntu)
Revision history for this message
Olli Ries (ories) wrote :

could confirm it in u3d

Revision history for this message
Chase Douglas (chasedouglas) wrote :

I think there are two bugs:

* The X server has to maintain the state of all logically active touches. By default, it allocates X (depending on device properties) number of touch records. When this number of touches is exhausted, say by putting lots of touches on the device, more touch records are allocated. If you touch fast enough, the server will fail to allocate fast enough to handle new touches, which come in during SIGIO context. The server then attempts to print an error message, but in a signal unsafe way, and X crashes under valgrind 100% of the time. I have not seen it crash in real life, but this is still bad and hampers investigation of the issue

* I can confirm that a different stack trace occurs when X crashes in real life, so this is likely a second issue.

Revision history for this message
Chase Douglas (chasedouglas) wrote :

I can't trigger this bug anymore after fixing the logging in signal context. I have uploaded the logging fix to ppa:chasedouglas/jupiter. Please install the X server from there and test.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unity (Ubuntu):
status: New → Confirmed
Changed in unity-2d (Ubuntu):
status: New → Confirmed
Revision history for this message
Robert Hooker (sarvatt) wrote :

Macs have an odd lid close mechanism where the lid itself is causing spurious input events, and after some time with the lid closed this same crash that is reproduced easily by pressing 10 fingers is happening so I'm duplicating X segfaults in valuator_mask_set_double to this bug because I'm confident its the same issue.

Changed in xorg-server (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Chase Douglas (chasedouglas)
summary: - Crash when touching trackpad with 10 fingers
+ Crash when touching Apple trackpad with 11 fingers
description: updated
no longer affects: unity-2d (Ubuntu)
no longer affects: unity (Ubuntu)
affects: xorg-server (Ubuntu) → xserver-xorg-input-synaptics (Ubuntu)
Changed in xserver-xorg-input-synaptics (Ubuntu):
status: Confirmed → In Progress
assignee: nobody → Chase Douglas (chasedouglas)
description: updated
Revision history for this message
Chase Douglas (chasedouglas) wrote :
Revision history for this message
Chase Douglas (chasedouglas) wrote :

To expand on my previous bug comment, I can reproduce the issue now that I know to try with 10 fingers and a nose instead of merely tapping and moving quickly with 10 fingers trying to generate a spurious 11th touch.

Revision history for this message
Robert Hooker (sarvatt) wrote :

Tested this with 20 fingers on the touchpad even and it's not crashing X anymore, thanks Chase!

Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xserver-xorg-input-synaptics - 1.5.99.902-0ubuntu4

---------------
xserver-xorg-input-synaptics (1.5.99.902-0ubuntu4) precise; urgency=low

  * Fix crash on Apple trackpads when touching with more than 10 fingers
    (LP: #974017)
    - Add temporary patch 202_touch_record_bounds_check.patch
 -- Chase Douglas <email address hidden> Mon, 09 Apr 2012 11:44:26 -0700

Changed in xserver-xorg-input-synaptics (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.