Bug 423862

Summary: Crash on KWin windowed mode toggle to fullscreen
Product: [Plasma] kwin Reporter: RJVB <rjvbertin>
Component: wayland-genericAssignee: KWin default assignee <kwin-bugs-null>
Status: RESOLVED UPSTREAM    
Severity: crash Keywords: drkonqi
Priority: NOR    
Version: 5.13.3   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description RJVB 2020-07-04 09:00:46 UTC 
Application: konsole (18.11.70)
 (Compiled from sources)
Qt Version: 5.9.8
Frameworks Version: 5.60.0
Operating System: Linux 4.14.23-ck1-mainline-core2-rjvb x86_64
Windowing system: Wayland
Distribution: Ubuntu 14.04.6 LTS

-- Information about the crash:
- What I was doing when the application crashed:
Testing kwin_wayland (5.13.3) in windowed mode under X11. I get this crash systematically when I toggle the window fullscreen (via the WM, or even change its size). It happens with Qt 5.9.8 and Qt 5.12.6 .

I don't see in the backtrace exactly how this is a KWin bug (and not one in Qt) but I'm reporting it here because it's KWin that triggers the bug

- Unusual behaviour I noticed:
Just before the application crashes I notice a reduction in font size, as if the DPI setting changed (it's set to 86DPI in the "parent" X11 session)

The crash can be reproduced every time.

-- Backtrace:
Application: Konsole (konsole), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f9c230d4840 (LWP 20094))]

Thread 3 (Thread 0x7f9c082dd700 (LWP 20097)):
#0  0x00007f9c1b601d5f in ppoll () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007f9c1c40b6af in qt_safe_poll(pollfd*, unsigned long, timespec const*) () from /opt/local/libexec/qt512/lib/libQt5Core.so.5
#2  0x00007f9c1c40c98d in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /opt/local/libexec/qt512/lib/libQt5Core.so.5
#3  0x00007f9c1c3b75df in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /opt/local/libexec/qt512/lib/libQt5Core.so.5
#4  0x00007f9c1c1f77b7 in QThread::exec() () from /opt/local/libexec/qt512/lib/libQt5Core.so.5
#5  0x00007f9c1def4840 in QDBusConnectionManager::run() () from /opt/local/libexec/qt512/lib/libQt5DBus.so.5
#6  0x00007f9c1c1f8946 in QThreadPrivate::start(void*) () from /opt/local/libexec/qt512/lib/libQt5Core.so.5
#7  0x00007f9c19cfb184 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#8  0x00007f9c1b60f03d in clone () from /lib/x86_64-linux-gnu/libc.so.6

Thread 2 (Thread 0x7f9c0acdf700 (LWP 20096)):
#0  0x00007f9c19cff404 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/x86_64-linux-gnu/libpthread.so.0
#1  0x00007f9c0be71a6b in cnd_wait (cond=<optimized out>, mtx=<optimized out>) at ../mesa-18.3.3/include/c11/threads_posix.h:155
#2  util_queue_thread_func (input=<optimized out>) at ../mesa-18.3.3/src/util/u_queue.c:270
#3  0x00007f9c0be723b6 in impl_thrd_routine (p=<optimized out>) at ../mesa-18.3.3/include/c11/threads_posix.h:87
#4  0x00007f9c19cfb184 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#5  0x00007f9c1b60f03d in clone () from /lib/x86_64-linux-gnu/libc.so.6

Thread 1 (Thread 0x7f9c230d4840 (LWP 20094)):
[KCrash Handler]
#6  QScopedPointer<QtWaylandClient::QWaylandCursor, QScopedPointerDeleter<QtWaylandClient::QWaylandCursor> >::operator! (this=0xa0) at /opt/local/libexec/qt512/include/QtCore/qscopedpointer.h:123
#7  QtWaylandClient::QWaylandScreen::waylandCursor (this=0x0) at /opt/local/var/lnxports/build/_opt_local_site-ports_qt_qt5/qt5-qtwayland/work/qtwayland-everywhere-src-5.12.6/src/client/qwaylandscreen.cpp:187
#8  0x00007f9c0de8a12e in QtWaylandClient::QWaylandInputDevice::setCursor (this=<optimized out>, newShape=Qt::ArrowCursor, screen=<optimized out>) at /opt/local/var/lnxports/build/_opt_local_site-ports_qt_qt5/qt5-qtwayland/work/qtwayland-everywhere-src-5.12.6/src/client/qwaylandinputdevice.cpp:367
#9  QtWaylandClient::QWaylandInputDevice::setCursor (this=0x197ea30, cursor=..., screen=0x0) at /opt/local/var/lnxports/build/_opt_local_site-ports_qt_qt5/qt5-qtwayland/work/qtwayland-everywhere-src-5.12.6/src/client/qwaylandinputdevice.cpp:386
#10 0x00007f9c0de960c1 in QtWaylandClient::QWaylandWindow::setMouseCursor (this=<optimized out>, device=0x0, cursor=...) at /opt/local/var/lnxports/build/_opt_local_site-ports_qt_qt5/qt5-qtwayland/work/qtwayland-everywhere-src-5.12.6/src/client/qwaylandwindow.cpp:992
#11 QtWaylandClient::QWaylandWindow::restoreMouseCursor (this=<optimized out>, device=0x0) at /opt/local/var/lnxports/build/_opt_local_site-ports_qt_qt5/qt5-qtwayland/work/qtwayland-everywhere-src-5.12.6/src/client/qwaylandwindow.cpp:997
#12 0x00007f9bfd65bda5 in QtWaylandClient::QWaylandBradientDecoration::handleMouse (this=0x1dddbc0, inputDevice=0x197ea30, local=..., global=..., b=..., mods=...) at /opt/local/var/lnxports/build/_opt_local_site-ports_qt_qt5/qt5-qtwayland/work/qtwayland-everywhere-src-5.12.6/src/plugins/decorations/bradient/main.cpp:277
#13 0x00007f9c0de95d5e in QtWaylandClient::QWaylandWindow::handleMouseEventWithDecoration (this=0x1d97920, inputDevice=0x197ea30, e=...) at /opt/local/var/lnxports/build/_opt_local_site-ports_qt_qt5/qt5-qtwayland/work/qtwayland-everywhere-src-5.12.6/src/client/qwaylandwindow.cpp:926
#14 0x00007f9c0de95ae0 in QtWaylandClient::QWaylandWindow::handleMouse (this=0x1d97920, inputDevice=0x197ea30, e=...) at /opt/local/var/lnxports/build/_opt_local_site-ports_qt_qt5/qt5-qtwayland/work/qtwayland-everywhere-src-5.12.6/src/client/qwaylandwindow.cpp:876
#15 0x00007f9c0de8a563 in QtWaylandClient::QWaylandInputDevice::Pointer::pointer_enter (this=0x19809e0, serial=<optimized out>, surface=<optimized out>, sx=157952, sy=48128) at /opt/local/var/lnxports/build/_opt_local_site-ports_qt_qt5/qt5-qtwayland/work/qtwayland-everywhere-src-5.12.6/src/client/qwaylandinputdevice.cpp:472
#16 0x00007f9c0c9142cc in ffi_call_unix64 () from /opt/local/lib/libffi.so.6
#17 0x00007f9c0c912f5c in ffi_call () from /opt/local/lib/libffi.so.6
#18 0x00007f9c0d5e8ef1 in wl_closure_invoke (closure=<optimized out>, flags=<optimized out>, target=<optimized out>, opcode=0, data=<optimized out>) at src/connection.c:1018
#19 0x00007f9c0d5e7215 in dispatch_event (display=<optimized out>, queue=<optimized out>) at src/wayland-client.c:1445
#20 0x00007f9c0d5e6a44 in dispatch_queue (display=0x196d110, queue=<optimized out>) at src/wayland-client.c:1591
#21 wl_display_dispatch_queue_pending (display=0x196d110, queue=0x196d1e0) at src/wayland-client.c:1833
#22 0x00007f9c0de8ecc3 in QtWaylandClient::QWaylandDisplay::flushRequests (this=0x1979e20) at /opt/local/var/lnxports/build/_opt_local_site-ports_qt_qt5/qt5-qtwayland/work/qtwayland-everywhere-src-5.12.6/src/client/qwaylanddisplay.cpp:191
#23 0x00007f9c1c3eba27 in QMetaObject::activate(QObject*, int, int, void**) () from /opt/local/libexec/qt512/lib/libQt5Core.so.5
#24 0x00007f9c1c3f3893 in QSocketNotifier::event(QEvent*) () from /opt/local/libexec/qt512/lib/libQt5Core.so.5
#25 0x00007f9c1d3b834d in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /opt/local/libexec/qt512/lib/libQt5Widgets.so.5
#26 0x00007f9c1d3b9729 in QApplication::notify(QObject*, QEvent*) () from /opt/local/libexec/qt512/lib/libQt5Widgets.so.5
#27 0x00007f9c1c3bba73 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /opt/local/libexec/qt512/lib/libQt5Core.so.5
#28 0x00007f9c1c40c133 in QEventDispatcherUNIXPrivate::activateSocketNotifiers() () from /opt/local/libexec/qt512/lib/libQt5Core.so.5
#29 0x00007f9c1c40ca79 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /opt/local/libexec/qt512/lib/libQt5Core.so.5
#30 0x00007f9c0debc9ea in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /opt/local/libexec/qt512/lib/libQt5WaylandClient.so.5
#31 0x00007f9c1c3b75df in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /opt/local/libexec/qt512/lib/libQt5Core.so.5
#32 0x00007f9c1c3bc031 in QCoreApplication::exec() () from /opt/local/libexec/qt512/lib/libQt5Core.so.5
#33 0x00007f9c22d346a0 in kdemain (argc=<optimized out>, argv=<optimized out>) at /opt/local/var/lnxports/build/_opt_local_site-ports_kf5_konsole5/kf5-konsole-devel/work/kf5-konsole-5/src/main.cpp:207
#34 0x00007f9c1b532f45 in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#35 0x0000000000400989 in _start ()

Reported using DrKonqi
Comment 1 Christoph Feck 2020-07-04 11:44:22 UTC 
Crash is in Qt. Please don't try QtWayland on this hopelessly outdated Qt version.
Comment 2 RJVB 2020-07-04 12:48:44 UTC 
The backtrace is with Qt 5.12 which is still in LTS support AFAIK, and there are plenty of ways to crash Qt by doing stupid things that lead to dereferencing a null "this" pointer as happens here. So I wouldn't shrug off responsibility to upstream so easily. 

FWIW, the crash does NOT happen when I use one of Qt's own Wayland compositor examples.

Testing this (with more current KWin and Qt versions) takes less than a minute when you have an X11 session running. If that doesn't reproduce the issue than this report can be closed more properly. Is there a kwin appimage I could test with myself?
Comment 3 Christoph Feck 2020-07-04 14:39:36 UTC 
How is this related to KWin? It is Konsole that is crashing. Also, what versions of Wayland libraries does Ubuntu 14.04 ship?
Comment 4 RJVB 2020-07-04 15:44:57 UTC 
I get the same crash in any KDE application (possibly in any Qt application) that I expose to a size change of Kwin's windowed-mode window. You're right though that KWin cannot crash other apps directly, it must just send the signal do change the cursor but some other layer must act on that from within the application space. I can only presume that this is KDE functionality - in the KDE platform theme plugin maybe, in a component that we don't see in the backtrace because of the asynchronous nature of the event and signal mechanisms.

It is relevant to ask however why KWin would send a cursor-change signal to its clients. I can see why itself might react to a window size change with a (temporary?) cursor change, but not why the client windows would be concerned. And FWIW, I also don't see the change in text size that I see in the Wayland/Kwin clients when I make the window fullscreen when I use "qwindow-compositor" instead.

I'm not using the system wayland libraries; I've basically turned my Kubuntu 14.04 into a rolling release by updating more and more libraries myself; Wayland is at 1.18.0 .
Comment 5 Christoph Feck 2020-07-05 01:34:03 UTC 
AKA Frankenstein OS... Anyway, I suggest to test with a proper distribution which ships recent versions of anything, at least Kubuntu 20.04 LTS, preferably something newer.
Comment 6 RJVB 2020-07-05 07:58:18 UTC 
That would have to be in a VM or off a LiveCD or similar, which might be too different to trigger the issue even with my current versions. An appimage KWin version would not be in that (potential) situation and also be a lot easier to test for me. But I take it then that doesn't exist?
Comment 7 RJVB 2020-07-05 08:02:05 UTC 
BTW, does anyone have an idea why an application running under a "Kwin-dowed" Wayland session would end up where the crash occurs when the session window is resized?