search

termux / termux-x11

Termux X11 add-on application.
https://termux.dev
GNU General Public License v3.0
2.2k stars 318 forks source link

[Bug]: Xserver Random crash on mouse event trigger (trackpad touch mode) #706

Closed Art-Chen closed 3 months ago

Art-Chen commented 3 months ago

Problem description

Cmdline: /system/bin/app_process / com.termux.x11.CmdEntryPoint :0
pid: 13175, tid: 13267, name: Thread-2  >>> /system/bin/app_process <<<
uid: 0
tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
pac_enabled_keys: 000000000000000f (PR_PAC_APIAKEY, PR_PAC_APIBKEY, PR_PAC_APDAKEY, PR_PAC_APDBKEY)
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000018
Cause: null pointer dereference
    x0  b400007a6ecb3520  x1  000000000043599c  x2  000000000043599c  x3  b400007a6ecd4a48
    x4  b400007a6ecd4b70  x5  0000000000000004  x6  0000007a5cf35408  x7  0000007a5cf36814
    x8  0000000000000000  x9  00000000fffffff9  x10 0000000000000018  x11 0000000000000001
    x12 0000000000000002  x13 0000000000000001  x14 0000000000000001  x15 0000000000000001
    x16 0000007a5b921c80  x17 0000007a5b84dc54  x18 0000007a5ac24000  x19 b400007a6ecb3520
    x20 000000000043599c  x21 0000000000000001  x22 0000000000000001  x23 b400007a6ecd5510
    x24 b400007a6ecd4900  x25 0000000000000270  x26 0000007a5cf35108  x27 000000000043599c
    x28 0000007a5cf37000  x29 0000007a5cf34dc0
    lr  0000007a5b84e204  sp  0000007a5cf34dc0  pc  0000007a5b84dce8  pst 0000000080001000

13 total frames
backtrace:
      #00 pc 0000000000237ce8  /data/app/~~jHU5KoMopkqKJNsiAj-OUQ==/com.termux.x11-LF3CpzGipoxjL8KKRz96wg==/base.apk!libXlorie.so (offset 0x570000) (ProcessVelocityData2D+148) (BuildId: 70c24986c5313848477ca7ad55c7f0a61e182461)
      #01 pc 0000000000238200  /data/app/~~jHU5KoMopkqKJNsiAj-OUQ==/com.termux.x11-LF3CpzGipoxjL8KKRz96wg==/base.apk!libXlorie.so (offset 0x570000) (BuildId: 70c24986c5313848477ca7ad55c7f0a61e182461)
      #02 pc 000000000022e608  /data/app/~~jHU5KoMopkqKJNsiAj-OUQ==/com.termux.x11-LF3CpzGipoxjL8KKRz96wg==/base.apk!libXlorie.so (offset 0x570000) (BuildId: 70c24986c5313848477ca7ad55c7f0a61e182461)
      #03 pc 000000000022e048  /data/app/~~jHU5KoMopkqKJNsiAj-OUQ==/com.termux.x11-LF3CpzGipoxjL8KKRz96wg==/base.apk!libXlorie.so (offset 0x570000) (GetPointerEvents+596) (BuildId: 70c24986c5313848477ca7ad55c7f0a61e182461)
      #04 pc 000000000022ddb8  /data/app/~~jHU5KoMopkqKJNsiAj-OUQ==/com.termux.x11-LF3CpzGipoxjL8KKRz96wg==/base.apk!libXlorie.so (offset 0x570000) (QueuePointerEvents+48) (BuildId: 70c24986c5313848477ca7ad55c7f0a61e182461)
      #05 pc 00000000000dad50  /data/app/~~jHU5KoMopkqKJNsiAj-OUQ==/com.termux.x11-LF3CpzGipoxjL8KKRz96wg==/base.apk!libXlorie.so (offset 0x570000) (BuildId: 70c24986c5313848477ca7ad55c7f0a61e182461)
      #06 pc 00000000002ec1d8  /data/app/~~jHU5KoMopkqKJNsiAj-OUQ==/com.termux.x11-LF3CpzGipoxjL8KKRz96wg==/base.apk!libXlorie.so (offset 0x570000) (BuildId: 70c24986c5313848477ca7ad55c7f0a61e182461)
      #07 pc 00000000002e4978  /data/app/~~jHU5KoMopkqKJNsiAj-OUQ==/com.termux.x11-LF3CpzGipoxjL8KKRz96wg==/base.apk!libXlorie.so (offset 0x570000) (WaitForSomething+424) (BuildId: 70c24986c5313848477ca7ad55c7f0a61e182461)
      #08 pc 0000000000210e3c  /data/app/~~jHU5KoMopkqKJNsiAj-OUQ==/com.termux.x11-LF3CpzGipoxjL8KKRz96wg==/base.apk!libXlorie.so (offset 0x570000) (BuildId: 70c24986c5313848477ca7ad55c7f0a61e182461)
      #09 pc 000000000021b2c0  /data/app/~~jHU5KoMopkqKJNsiAj-OUQ==/com.termux.x11-LF3CpzGipoxjL8KKRz96wg==/base.apk!libXlorie.so (offset 0x570000) (BuildId: 70c24986c5313848477ca7ad55c7f0a61e182461)
      #10 pc 00000000000da450  /data/app/~~jHU5KoMopkqKJNsiAj-OUQ==/com.termux.x11-LF3CpzGipoxjL8KKRz96wg==/base.apk!libXlorie.so (offset 0x570000) (BuildId: 70c24986c5313848477ca7ad55c7f0a61e182461)
      #11 pc 00000000000fd134  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+208) (BuildId: 1e3ca19bcae05c01b019c85f3f422e56)
      #12 pc 0000000000096ae4  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+68) (BuildId: 1e3ca19bcae05c01b019c85f3f422e56)

npe on FeedTrackers:

static inline void
FeedTrackers(DeviceVelocityPtr vel, double dx, double dy, int cur_t)
{
    int n;

    for (n = 0; n < vel->num_tracker; n++) {
        vel->tracker[n].dx += dx;
        vel->tracker[n].dy += dy;
    }
    n = (vel->cur_tracker + 1) % vel->num_tracker;
    **vel->tracker[n].dx = 0.0;**
    vel->tracker[n].dy = 0.0;
    vel->tracker[n].time = cur_t;
    vel->tracker[n].dir = GetDirection(dx, dy);
    DebugAccelF("motion [dx: %f dy: %f dir:%d diff: %d]\n",
                dx, dy, vel->tracker[n].dir,
                cur_t - vel->tracker[vel->cur_tracker].time);
    vel->cur_tracker = n;
}

looks like vel->tracker is null

  237cbc: eb09015f      cmp x10, x9
  237cc0: 54fffe6b      b.lt    0x237c8c <ProcessVelocityData2D+0x38>
  237cc4: b9400e68      ldr w8, [x19, #0xc]
  237cc8: 11000508      add w8, w8, #0x1
  237ccc: 1ac90d0a      sdiv    w10, w8, w9
  237cd0: 1b09a155      msub    w21, w10, w9, w8
  237cd4: 1e780029      fcvtzs  w9, d1
  237cd8: 93407eb6      sxtw    x22, w21
  237cdc: 8b35c6c8      add x8, x22, w21, sxtw #1
  237ce0: d37df10a      lsl x10, x8, #3
  237ce4: f9400268      ldr x8, [x19]
  **237ce8: f82a691f        str xzr, [x8, x10]**

x8 is null, x10 looks like is n (which is 0x18).

btw, it's my local build and synced with the latest source. working normal on the last sync (git head hash: 4e7763b4aa34e7516a35005cde4e17b63f131a47)

What steps will reproduce the bug?

Start a Game via wine, and touch the screen to move the pointer, or just using the external mouse also can trigger this bug. It may caused by the relative mouse issue? (not correct, just the guess).

What is the expected behavior?

Working normal without Xserver crashed.

twaik commented 3 months ago

Wait, it works when built locally but does not work if downloaded from github? Sounds like nonsense, builds must be same in both cases.

Art-Chen commented 3 months ago

Wait, it works when built locally but does not work if downloaded from github? Sounds like nonsense, builds must be same in both cases.

Sorry, i means the local build that from git head: 4e7763b4aa34e7516a35005cde4e17b63f131a47 hasn't this issue, so the issue may cause by the change after 4e7763b4aa34e7516a35005cde4e17b63f131a47.

Art-Chen commented 3 months ago

Looks like the changes after https://github.com/termux/termux-x11/commit/4e7763b4aa34e7516a35005cde4e17b63f131a47 has no effect for this issue. Issue closed.