Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-40820

Crash in QXcbConnection::deviceForId

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: 5.3.1
    • Fix Version/s: 5.3.2, 5.4.0
    • Labels:
      None
    • Environment:
      Running Gentoo Linux, Xorg 1.15.1, libXi 1.7.2, XCB 1.10. External mouse is a Razer Orochi. All running on an Acer laptop with keyboard/touchpad for standard input.
    • Commits:
      f1bce3bc17ebb99b1512b07499988538465c78a2 8f547c4252ab687dfd8147b77de2a3c5e8914a84

      Description

      When rapidly removing/inserting an input device, Qt applications have a tendency to crash in

      QXcbConnection::deviceForId, with the following backtrace:
      #6  QXcbConnection::deviceForId (this=this@entry=0xcb7fe0, id=<error reading variable: Cannot access memory at address 0x7fffeb57c27c>) at qxcbconnection_xi2.cpp:340
      #7  0x00007faad32cb35b in QXcbConnection::xi2SetupDevices (this=this@entry=0xcb7fe0) at qxcbconnection_xi2.cpp:212
      #8  0x00007faad32cc260 in QXcbConnection::xi2HandleHierachyEvent (this=this@entry=0xcb7fe0, event=0x7faacc00dc90) at qxcbconnection_xi2.cpp:595
      #9  0x00007faad32cca32 in xi2HandleHierachyEvent (event=0x7faacc00dc90, this=0xcb7fe0) at qxcbconnection_xi2.cpp:593
      #10 QXcbConnection::xi2HandleEvent (this=this@entry=0xcb7fe0, event=event@entry=0x7faacc00dc90) at qxcbconnection_xi2.cpp:427
      #11 0x00007faad32ad755 in QXcbConnection::handleXcbEvent (this=this@entry=0xcb7fe0, event=event@entry=0x7faacc00dc90) at qxcbconnection.cpp:911
      #12 0x00007faad32ae89b in QXcbConnection::processXcbEvents (this=0xcb7fe0) at qxcbconnection.cpp:1241
      #13 0x00007faae05ff00a in QObject::event (this=0xcb7fe0, e=<optimized out>) at kernel/qobject.cpp:1241
      #14 0x00007faae12df9ec in QApplicationPrivate::notify_helper (this=0xca5d60, receiver=0xcb7fe0, e=0x7faacc00a240) at kernel/qapplication.cpp:3522
      #15 0x00007faae12e51c6 in QApplication::notify (this=0x7fffeb57cee0, receiver=0xcb7fe0, e=0x7faacc00a240) at kernel/qapplication.cpp:3305
      #16 0x00007faae05ce1db in QCoreApplication::notifyInternal (this=0x7fffeb57cee0, receiver=0xcb7fe0, event=event@entry=0x7faacc00a240) at kernel/qcoreapplication.cpp:935
      #17 0x00007faae05d0332 in sendEvent (event=0x7faacc00a240, receiver=<optimized out>) at kernel/qcoreapplication.h:237
      #18 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=0, event_type@entry=<error reading variable: Cannot access memory at address 0x7fffeb57cb7c>, 
          data=0xc9add0) at kernel/qcoreapplication.cpp:1539
      #19 0x00007faae05d098a in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0) at kernel/qcoreapplication.cpp:1397
      #20 0x00007faae0626e93 in postEventSourceDispatch (s=0xce6940) at kernel/qeventdispatcher_glib.cpp:279
      #21 0x00007faada3ed9c4 in g_main_dispatch (context=0x7faacc001e00) at /usr/src/debug/dev-libs/glib-2.40.0-r1/glib-2.40.0/glib/gmain.c:3064
      #22 g_main_context_dispatch (context=context@entry=0x7faacc001e00) at /usr/src/debug/dev-libs/glib-2.40.0-r1/glib-2.40.0/glib/gmain.c:3663
      #23 0x00007faada3edca5 in g_main_context_iterate (context=context@entry=0x7faacc001e00, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
          at /usr/src/debug/dev-libs/glib-2.40.0-r1/glib-2.40.0/glib/gmain.c:3734
      #24 0x00007faada3edd6c in g_main_context_iteration (context=0x7faacc001e00, may_block=1) at /usr/src/debug/dev-libs/glib-2.40.0-r1/glib-2.40.0/glib/gmain.c:3795
      #25 0x00007faae06272ab in QEventDispatcherGlib::processEvents (this=0xce8030, flags=...) at kernel/qeventdispatcher_glib.cpp:426
      #26 0x00007faae05cb832 in QEventLoop::exec (this=this@entry=0x7fffeb57cd90, flags=..., flags@entry=...) at kernel/qeventloop.cpp:212
      #27 0x00007faae05d371c in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1188
      #28 0x00007faae0afd03c in QGuiApplication::exec () at kernel/qguiapplication.cpp:1450
      #29 0x00007faae12ddf85 in QApplication::exec () at kernel/qapplication.cpp:2767
      #30 0x0000000000436060 in main (argc=1, argv=<optimized out>) at /usr/src/debug/kde-base/plasma-workspace-9999/plasma-workspace-9999/shell/main.cpp:117
      

      This happened to me randomly in Plasma 5, when I assume I was unplugging an external USB mouse (I wasn't paying close attention at the time). I can reliably reproduce this issue by plugging in my mouse and rapidly removing and inserting the hid-generic kernel module (causing the mouse to appear/disappear from Xorg). This causes Qt 5 applications to rapidly crash with the same backtrace.

      Digging around using gdb, I think found a race between QXcbConnection::xi2SetupDevices querying for the list of devices using XIQueryDevice, and QXcbConnection::deviceForId asking for similar information from a specific device using XIQueryDevice again. The second call returns a null pointer, which then cause the crash.

      Thanks for looking into this!

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              Assignee:
              allan.jensen Allan Sandfeld Jensen
              Reporter:
              mjdsys Matthew Dawson
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes