Canonical System Image

Crash because uncaught exception in mir::events::add_touch

Bug #1437357 reported by Albert Astals Cid
26
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Canonical System Image
Fix Released
Critical
kevin gunn
Canonical System Image ww22-2015 "ota4"
Mir
Fix Released
Critical
Robert Carr
Mir 0.14.0
0.13
Fix Released
Critical
Robert Carr
Mir 0.13.1
mir (Ubuntu)
Fix Released
Undecided
Unassigned
qtmir (Ubuntu)
Vivid
Fix Released
Undecided
Daniel d'Andrada

Bug Description

Timo has a crash in which unity8 crashes because a throw exception in mir::events::add_touch is not caught

libmirclient8 0.12.1+15.04.20150324-0ubuntu1
qtmir-android 0.4.4+15.04.20150318-0ubuntu1

See original description
Tags: input

Related branches

lp:~dandrader/qtmir/oneUpDownPerEvent-lp1437357
Gerry Boland (community): Approve
PS Jenkins bot (community): Approve (continuous-integration)
Diff: 505 lines (+268/-46)
7 files modified
src/common/debughelpers.cpp (+47/-0)
src/common/debughelpers.h (+5/-1)
src/platforms/mirserver/CMakeLists.txt (+5/-3)
src/platforms/mirserver/qteventfeeder.cpp (+66/-23)
src/platforms/mirserver/qteventfeeder.h (+4/-1)
tests/mirserver/QtEventFeeder/mock_qtwindowsystem.h (+5/-0)
tests/mirserver/QtEventFeeder/qteventfeeder_test.cpp (+136/-18)
lp:~mir-team/mir/reduce-event-pedantism-for-1437357
PS Jenkins bot (community): Approve (continuous-integration)
Kevin DuBois (community): Approve
Alan Griffiths: Needs Information
Alexandros Frantzis (community): Approve
Alberto Aguirre (community): Approve
Chris Halse Rogers: Approve
Diff: 22 lines (+4/-1)
1 file modified
src/client/events/event_builders.cpp (+4/-1)
lp:ubuntu/wily/qtmir
lp:ubuntu/wily-proposed/mir
Revision history for this message
Albert Astals Cid (aacid) wrote :
Revision history for this message
Albert Astals Cid (aacid) wrote :
description: updated
Daniel d'Andrada (dandrader)
Changed in qtmir:
assignee: nobody → Daniel d'Andrada (dandrader)
status: New → In Progress
kevin gunn (kgunn72)
Changed in qtmir:
status: In Progress → Fix Released
Changed in qtmir (Ubuntu Vivid):
status: New → Fix Released
Changed in canonical-devices-system-image:
status: New → Fix Released
Pat McGowan (pat-mcgowan)
Changed in canonical-devices-system-image:
milestone: none → ww22-2015
Revision history for this message
Daniel d'Andrada (dandrader) wrote :

As bug 1454711 shows, it's still possible to make it crash like that if you rapidly tap with many fingers simultaneously on the screen.

You get that in unity8.log:

"""
qtmir.mir.input: Would move a touch that wasn't pressed before (id = 15 ). Making it press instead.
qtmir.mir.input: There's a touch (id = 14 ) missing. Releasing it.
qtmir.mir.input: There's a touch (id = 20 ) missing. Releasing it.
qtmir.mir.input: There's a touch (id = 26 ) missing. Releasing it.
qtmir.mir.input: There's a touch (id = 33 ) missing. Releasing it.
qtmir.mir.input: Would move a touch that wasn't pressed before (id = 36 ). Making it press instead.
qtmir.mir.input: There's a touch (id = 35 ) missing. Releasing it.
terminate called after throwing an instance of 'boost::exception_detail::clone_impl<boost::exception_detail::error_info_injector<std::logic_error> >'
  what(): Only one touch up/down may be reported per event
"""

So mir is sending incomplete touch streams and qtmir tries to clean them up (filling in the gaps) before dispatching those events to apps. But then it doesn't do such a very good job at it and mir complains, throwing an exception

Changed in qtmir:
status: Fix Released → In Progress
Pat McGowan (pat-mcgowan)
Changed in canonical-devices-system-image:
status: Fix Released → In Progress
importance: Undecided → High
assignee: nobody → kevin gunn (kgunn72)
Revision history for this message
Daniel d'Andrada (dandrader) wrote :

Look at this sequence of events:

Received MirTouchInputEvent(
    (id=608,action=change,x=431.625,y=1374.28),
    (id=609,action=up,x=189.835,y=1458.24),
    (id=604,action=change,x=217.811,y=351.817),
    (id=611,action=change,x=621.461,y=425.778),
    (id=612,action=change,x=820.288,y=794.586))

Received MirTouchInputEvent(
    (id=609,action=change,x=189.835,y=1458.24),
    (id=604,action=change,x=217.811,y=351.817),
    (id=611,action=up,x=621.461,y=425.778),
    (id=612,action=change,x=820.288,y=794.586))

This is unacceptable.

- Touch 608 disappeared from the touch stream without being released
- Touch 609 is released but then is moved in the next event!

You can get this info by adding his line to /usr/share/upstart/sessions/unity8.conf:
initctl set-env QT_LOGGING_RULES="qtmir.mir.input.debug=true"

Revision history for this message
kevin gunn (kgunn72) wrote :

marking this critical, as you can lay your entire hand on the device and get a reboot as reported in the now duped bug 1454711

Changed in mir:
assignee: nobody → Robert Carr (robertcarr)
importance: Undecided → Critical
Pat McGowan (pat-mcgowan)
Changed in canonical-devices-system-image:
importance: High → Critical
Revision history for this message
Robert Carr (robertcarr) wrote :

I am investigating!

I have a few thoughts:

1. This exception probably should be caught in production (or maybe Mir should just be logging a warning here), this at least
would lead to just quirky behavior with high number of touches (it probably works pretty well...).
2. We should determine whether the kernel driver is outputting a valid stream.

In the case the kernel is outputting an invalid event stream 1 may be the best solution we can get for now. It may be possible to write an event stream validater/transformer (and actually there is more validation in devel than release) but I don't think its possible to get perfect.

If the kernel is outputting a valid event stream then there must be some problem in the Mir InputReader

Revision history for this message
Robert Carr (robertcarr) wrote :

15:28 < racarr> It's looking like https://bugs.launchpad.net/mir/+bug/1437357 may be fixed in trunk and or/prefer-event-builders
15:28 < ubot5> Ubuntu bug 1437357 in Canonical System Image "Crash because uncaught exception in mir::events::add_touch" [Critical,In
               progress]
15:29 < racarr> maybe the messed up action mapping
15:29 < racarr> was causing the events to get malformed in the
15:29 < racarr> nested dispatcher?
15:29 < racarr> I dunno
15:29 < racarr> but I ran now
15:29 < racarr> mir server -> nested -> client
15:29 < racarr> (havnet built u8 yet)
15:29 < racarr> and uh
15:30 < racarr> I didn't validate the whole event stream but the crash doesnt occur and now the client is using mir::events::add_touch
15:30 < racarr> so either 1. The bug is fixed.
15:30 < racarr> 2. Qtmirs attempt to fix an invalid touch stream is making it more invalid causing the crash

Revision history for this message
Robert Carr (robertcarr) wrote :

I've confirmed some stuff.

1. The touch stream is invalid to Mir clients...though it seems QtMir is corrupting it further causing the crash (because as I mentioned, prefer-event-builders will not crash and it uses mev::make_event in the client receiver).

2. The touch stream seems to be invalid out of the kernel

You can see two slots with ABS_MT_TRACKING_ID=-1 without delineation by EV_SYN means two touches are coming up per frame which is a violation of the MT Slot protocol B. It seems likely the kernel driver will require a fix...reminds me of an issue we fixed on Barajas....gonna do some research.

[1431646178.314365] input: Received event time=1431646178314298000 (0.037888 ms ago) type=EV_ABS code=ABS_MT_SLOT value=0
[1431646178.315485] input: Received event time=1431646178314298000 (0.866195 ms ago) type=EV_ABS code=ABS_MT_TRACKING_ID value=-1
[1431646178.315693] input: Received event time=1431646178314298000 (1.375965 ms ago) type=EV_ABS code=ABS_MT_SLOT value=1
[1431646178.316354] input: Received event time=1431646178314298000 (2.033118 ms ago) type=EV_ABS code=ABS_MT_POSITION_X value=322
[1431646178.316657] input: Received event time=1431646178314298000 (2.340272 ms ago) type=EV_ABS code=ABS_MT_POSITION_Y value=905
[1431646178.317064] input: Received event time=1431646178314298000 (2.745965 ms ago) type=EV_ABS code=ABS_MT_TOUCH_MINOR value=4
[1431646178.317152] input: Received event time=1431646178314298000 (2.837734 ms ago) type=EV_ABS code=ABS_MT_SLOT value=2
[1431646178.317992] input: Received event time=1431646178314298000 (3.672041 ms ago) type=EV_ABS code=ABS_MT_TOUCH_MAJOR value=4
[1431646178.318252] input: Received event time=1431646178314298000 (3.934657 ms ago) type=EV_ABS code=ABS_MT_SLOT value=4
[1431646178.318603] input: Received event time=1431646178314298000 (4.285195 ms ago) type=EV_ABS code=ABS_MT_TRACKING_ID value=-1
[1431646178.318907] input: Received event time=1431646178314298000 (4.586272 ms ago) type=EV_SYN code=0 value=0

Revision history for this message
Robert Carr (robertcarr) wrote :

Err sorry had some confusion between the type A protocol and the type B protocol...so, yet to prove that the kernel stream is invalid :).

Daniel van Vugt (vanvugt)
tags: added: input
Daniel van Vugt (vanvugt)
Changed in mir:
milestone: none → 0.14.0
status: New → In Progress
Cemil Azizoglu (cemil-azizoglu)
Changed in mir:
milestone: 0.14.0 → 0.13.1
Cemil Azizoglu (cemil-azizoglu)
affects: mir → ubuntu-rtm
Changed in ubuntu-rtm:
milestone: 0.13.1 → none
affects: ubuntu-rtm → mir
Changed in mir:
milestone: none → 0.13.1
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

Fix committed into lp:mir at revision None, scheduled for release in mir, milestone 0.14.0

Changed in mir:
status: In Progress → Fix Committed
Revision history for this message
Daniel van Vugt (vanvugt) wrote :

And fix committed to lp:mir/0.13 at revision 2542

Changed in mir:
milestone: 0.13.1 → 0.14.0
Pat McGowan (pat-mcgowan)
Changed in canonical-devices-system-image:
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mir - 0.13.1+15.10.20150520-0ubuntu1

---------------
mir (0.13.1+15.10.20150520-0ubuntu1) wily; urgency=medium

  [ Cemil Azizoglu ]
  * New upstream release 0.13.1 (https://launchpad.net/mir/+milestone/0.13.1)
    - ABI summary: No ABI break. Servers and clients do not need rebuilding.
      . Mirclient ABI unchanged at 8
      . Mircommon ABI unchanged at 4
      . Mirplatform ABI unchanged at 7
      . Mirserver ABI unchanged at 31
    - Bug fixes:
      . Can't load app purchase UI without a U1 account (LP: #1450377)
      . Crash because uncaught exception in mir::events::add_touch (LP: #1437357)

 -- CI Train Bot <email address hidden> Wed, 20 May 2015 21:20:15 +0000

Changed in mir (Ubuntu):
status: New → Fix Released
Daniel van Vugt (vanvugt)
Changed in mir:
status: Fix Committed → Fix Released
Gerry Boland (gerboland)
Changed in qtmir:
status: In Progress → Fix Released
Michał Sawicz (saviq)
Changed in qtmir (Ubuntu Vivid):
assignee: nobody → Daniel d'Andrada (dandrader)
no longer affects: qtmir
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.