Reproducible test case: * XI 2.0 client * select for button events on window * on the first touch begin (emulated press), XIGrabDevice(VCP, button mask) * touch end * touch begin * XIUngrabDevice(VCP) This triggers a bug: [229201.069] (EE) BUG: triggered 'if (ti->listeners[0].type != LISTENER_GRAB && ti->listeners[0].type != LISTENER_POINTER_GRAB)' [229201.069] (EE) BUG: exevents.c:1044 in ActivateEarlyAccept() [229201.069] (EE) [229201.069] (EE) Backtrace: [229201.069] (EE) 0: Xorg (ActivateEarlyAccept+0xa7) [0x5859a3] [229201.069] (EE) 1: Xorg (DeliverTouchBeginEvent+0xc6) [0x587690] [229201.070] (EE) 2: Xorg (DeliverTouchEvent+0x10e) [0x587a9e] [229201.070] (EE) 3: Xorg (DeliverTouchEvents+0x116) [0x587ca8] [229201.070] (EE) 4: Xorg (ProcessTouchEvent+0x2bc) [0x586ed4] [229201.070] (EE) 5: Xorg (ProcessOtherEvent+0xa5) [0x587588] [229201.070] (EE) 6: Xorg (TouchEventHistoryReplay+0xac) [0x474e92] [229201.070] (EE) 7: Xorg (TouchPuntToNextOwner+0xb7) [0x585c55] [229201.071] (EE) 8: Xorg (TouchRejected+0x104) [0x585e52] [229201.071] (EE) 9: Xorg (ProcessTouchOwnershipEvent+0x5c) [0x585edf] [229201.071] (EE) 10: Xorg (ProcessOtherEvent+0xba) [0x58759d] [229201.071] (EE) 11: Xorg (ProcessPointerEvent+0x2a6) [0x5c1e98] [229201.071] (EE) 12: Xorg (mieqProcessDeviceEvent+0x1f3) [0x5ffab4] [229201.071] (EE) 13: Xorg (TouchListenerAcceptReject+0x26a) [0x4764a6] [229201.072] (EE) 14: Xorg (DeactivatePointerGrab+0x106) [0x448087] [229201.072] (EE) 15: Xorg (ProcXIUngrabDevice+0x10a) [0x598494] [229201.072] (EE) 16: Xorg (ProcIDispatch+0x78) [0x58aaab] [229201.072] (EE) 17: Xorg (Dispatch+0x30d) [0x43347e] [229201.072] (EE) 18: Xorg (main+0x61d) [0x4981e5] [229201.072] (EE) 19: /lib64/libc.so.6 (__libc_start_main+0xf5) [0x3df5621b75] [229201.073] (EE) 20: Xorg (_start+0x29) [0x423a19] [229201.073] (EE) 21: ? (?+0x29) [0x29] [229201.073] (EE) and then later a SIGABORT (double free) on FreeGrab(), or just a segfault when accessing a dangling pointer. Possibly related: (EE) BUG: triggered 'if (!pGrab)' (EE) BUG: grabs.c:256 in FreeGrab() (EE) (EE) Backtrace: (EE) 0: /opt/xorg/bin/Xorg (FreeGrab+0x54) [0x45d47c] (EE) 1: /opt/xorg/bin/Xorg (UpdateTouchesForGrab+0x135) [0x447d4e] (EE) 2: /opt/xorg/bin/Xorg (ActivatePointerGrab+0x1ba) [0x447f3d] (EE) 3: /opt/xorg/bin/Xorg (GrabDevice+0x3e6) [0x4503d0] (EE) 4: /opt/xorg/bin/Xorg (ProcXIGrabDevice+0x21f) [0x59826b] (EE) 5: /opt/xorg/bin/Xorg (ProcIDispatch+0x78) [0x58aaab] (EE) 6: /opt/xorg/bin/Xorg (Dispatch+0x30d) [0x43347e] (EE) 7: /opt/xorg/bin/Xorg (main+0x61d) [0x4981e5] (EE) 8: /lib64/libc.so.6 (__libc_start_main+0xf5) [0x3df5621b75] (EE) 9: /opt/xorg/bin/Xorg (_start+0x29) [0x423a19] (EE) 10: ? (?+0x29) [0x29] (EE) above happens when there is no grab active (i.e. I tapped outside of the target area in gnome-shell) when XIGrabDevice is issued. This may be unrelated, just noticed it in the backlog. master is on 77e51d5bbb97eb5c9d9dbff9a7c44d7e53620e68.
A WIP patch has been submitted to updates-testing for Fedora. Will go upstream after testing: http://pkgs.fedoraproject.org/cgit/xorg-x11-server.git/commit/?id=198a41aea747f87b3d6514e3c81d0bcf1b89e408
http://patchwork.freedesktop.org/patch/14030/
commit 8eeaa74bc241acb41f1d3ed64971e0b01e794776 Author: Peter Hutterer <peter.hutterer@who-t.net> Date: Tue Jul 9 13:27:19 2013 +1000 dix: when ungrabbing an active grab, accept pointer grabs (#66720)
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.