Bug 434733 - Crash on simulated touch input via uinput at xi2ProcessTouch
Summary: Crash on simulated touch input via uinput at xi2ProcessTouch
Status: RESOLVED UPSTREAM
Alias: None
Product: kde
Classification: I don't know
Component: general (show other bugs)
Version: unspecified
Platform: Arch Linux Linux
: NOR normal
Target Milestone: ---
Assignee: Unassigned bugs mailing-list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-03-21 22:00 UTC by henry
Modified: 2021-03-22 15:58 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments
libinput debug-events (12.00 KB, text/x-log)
2021-03-21 22:00 UTC, henry
Details

Note You need to log in before you can comment on or make changes to this bug.
Description henry 2021-03-21 22:00:41 UTC
Created attachment 136931 [details]
libinput debug-events

SUMMARY

Simulating touch events via uinput and rapidly removing and adding a simulated device back while sending input events crashes any KDE program (I have tested so far at least). Programs like firefox or xterm are unaffected.

STEPS TO REPRODUCE

- Create a simulated touch screen via uinput for example like that: https://github.com/H-M-H/Weylus/blob/1c6837d85c7bf7db3c2524f19d21cf7a4f6bf84a/lib/linux/uinput.c#L185-L247
- Delete the device.
- Create it anew.
- Send touch events all the time.

OBSERVED RESULT
Every KDE program I have tested so far crashes here (KCharSelect in this case):

#4  0x00007ff8f1e0a4f3 in QXcbConnection::xi2ProcessTouch(void*, QXcbWindow*) () from /usr/lib/libQt5XcbQpa.so.5
#5  0x00007ff8f1ddb84f in QXcbConnection::handleXcbEvent(xcb_generic_event_t*) () from /usr/lib/libQt5XcbQpa.so.5
#6  0x00007ff8f1ddcc69 in QXcbConnection::processXcbEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5XcbQpa.so.5
#7  0x00007ff8f1e00164 in ?? () from /usr/lib/libQt5XcbQpa.so.5
#8  0x00007ff8f4a62b84 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#9  0x00007ff8f4ab6c21 in ?? () from /usr/lib/libglib-2.0.so.0
#10 0x00007ff8f4a613b1 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#11 0x00007ff8f6283691 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#12 0x00007ff8f62293ac in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#13 0x00007ff8f6231844 in QCoreApplication::exec() () from /usr/lib/libQt5Core.so.5
#14 0x000055db93c547c5 in ?? ()
#15 0x00007ff8f5bf0b25 in __libc_start_main () from /usr/lib/libc.so.6
#16 0x000055db93c5488e in ?? ()
[Inferior 1 (process 6631) detached]

Attached is the output of `libinput debug-events` during the crash.
Comment 1 Nate Graham 2021-03-22 02:23:06 UTC
Based on the backtrace, the bug appears to be in Qt. Please report it at https://bugreports.qt.io/. Thanks!
Comment 2 henry 2021-03-22 15:58:19 UTC
Alright, I filed a bug report over there as well: https://bugreports.qt.io/browse/QTBUG-92054