Bug 440778

Summary: Crash when invoking send-keyboard-input shortcut in wayland
Product: [Applications] systemsettings Reporter: Jiri Slaby <jirislaby>
Component: kcm_khotkeysAssignee: Michael Jansen <kde>
Status: RESOLVED UNMAINTAINED    
Severity: normal CC: groot, kde, kdelibs-bugs-null, nate, nicolas.fella, plasma-bugs-null
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Jiri Slaby 2021-08-09 10:57:20 UTC 
SUMMARY
I have kded5 configured to output this key sequence when pressing ctrl+alt+shift+a:
Shift+A:c:k:e:d:-:b:y:Shift+;:Space:Shift+J:i:r:i:Space:Shift+S:l:a:b:y:Space:<:j:i:r:i:s:l:a:b:y:Shift+@:k:e:r:n:e:l:.:o:r:g:Shift+>

It always used to work. Now I switched from X11 to wayland and kded5 crashes in XQueryExtension:
> #2  <signal handler called> () at ../sysdeps/unix/sysv/linux/sigaction.c
> #3  0x00007f550492bb3e in XQueryExtension
>     (dpy=dpy@entry=0x5628d28aa030, name=name@entry=0x7f54fc12e019 "XInputExtension", major_opcode=major_opcode@entry=0x7ffd4d60744c, first_event=first_event@entry=0x7ffd4d607450, first_error=first_error@entry=0x7ffd4d607454)
>     at /usr/src/debug/libX11-1.7.2-1.1.x86_64/src/QuExt.c:62
> #4  0x00007f54fc12bd62 in get_xinput_base (dpy=0x5628d28aa030) at /usr/src/debug/libXtst-1.2.3-2.4.x86_64/src/XTest.c:79
> #5  find_display (dpy=0x5628d28aa030) at /usr/src/debug/libXtst-1.2.3-2.4.x86_64/src/XTest.c:83
> #6  find_display (dpy=0x5628d28aa030) at /usr/src/debug/libXtst-1.2.3-2.4.x86_64/src/XTest.c:83
> #7  0x00007f54fc12cf42 in XTestQueryExtension (dpy=0x5628d28aa030, event_base_return=0x7ffd4d6074f8, error_base_return=0x7ffd4d6074fc, major_return=0x7ffd4d607500, minor_return=0x7ffd4d607508)
>     at /usr/src/debug/libXtst-1.2.3-2.4.x86_64/src/XTest.c:101
> #8  0x00007f54fc3e8bda in KHotKeys::xtest () at /usr/src/debug/khotkeys5-5.22.4-1.1.x86_64/libkhotkeysprivate/shortcuts_handler.cpp:113
> #9  KHotKeys::xtest () at /usr/src/debug/khotkeys5-5.22.4-1.1.x86_64/libkhotkeysprivate/shortcuts_handler.cpp:107
> #10 KHotKeys::ShortcutsHandler::send_macro_key(QKeySequence const&, unsigned long) (key=<optimized out>, window_P=1, this=<optimized out>) at /usr/src/debug/khotkeys5-5.22.4-1.1.x86_64/libkhotkeysprivate/shortcuts_handler.cpp:163
> #11 0x00007f54fc3db406 in KHotKeys::ShortcutsHandler::send_macro_key(QKeySequence const&, unsigned long) (this=<optimized out>, window_P=1, key=...) at /usr/src/debug/khotkeys5-5.22.4-1.1.x86_64/libkhotkeysprivate/shortcuts_handler.cpp:150
> #12 KHotKeys::KeyboardInputAction::execute() (this=0x5628d2a59a30) at /usr/src/debug/khotkeys5-5.22.4-1.1.x86_64/libkhotkeysprivate/actions/keyboard_input_action.cpp:150
> #13 0x00007f54fc3d41bd in KHotKeys::ActionData::execute() (this=0x5628d2a597c0) at /usr/src/debug/khotkeys5-5.22.4-1.1.x86_64/libkhotkeysprivate/action_data/action_data.cpp:93
> #14 0x00007f5505376fe8 in doActivate<false>(QObject*, int, void**) (sender=0x5628d2a1f240, signal_index=4, argv=0x7ffd4d6077a0) at kernel/qobject.cpp:3898
> #15 0x00007f550537047f in QMetaObject::activate(QObject*, QMetaObject const*, int, void**)
>     (sender=sender@entry=0x5628d2a1f240, m=m@entry=0x7f55066330a0 <QAction::staticMetaObject>, local_signal_index=local_signal_index@entry=1, argv=argv@entry=0x7ffd4d6077a0) at kernel/qobject.cpp:3946
> #16 0x00007f5506114182 in QAction::triggered(bool) (this=this@entry=0x5628d2a1f240, _t1=<optimized out>) at .moc/moc_qaction.cpp:376
> #17 0x00007f5506116db4 in QAction::activate(QAction::ActionEvent) (this=0x5628d2a1f240, event=<optimized out>) at kernel/qaction.cpp:1161
> #18 0x00007f54fffeeacc in QAction::trigger() (this=0x5628d2a1f240) at /usr/include/qt5/QtWidgets/qaction.h:187
> #19 KGlobalAccelPrivate::_k_invokeAction(QString const&, QString const&, long long) (this=0x7ffd4d607810, componentUnique=..., actionUnique=<optimized out>, timestamp=0)
>     at /usr/src/debug/kglobalaccel-5.84.0-1.2.x86_64/src/kglobalaccel.cpp:453
> #20 0x00007f5505376fb3 in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0x7ffd4d607970, r=0x7f5500002650 <(anonymous namespace)::Q_QGS_s_instance::innerFunction()::holder>, this=0x5628d2d65650)
>     at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
> #21 doActivate<false>(QObject*, int, void**) (sender=0x5628d2cfa1d0, signal_index=3, argv=0x7ffd4d607970) at kernel/qobject.cpp:3886
> #22 0x00007f550537047f in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (sender=<optimized out>, m=<optimized out>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffd4d607970) at kernel/qobject.cpp:3946
> #23 0x00007f54ffffabf4 in OrgKdeKglobalaccelComponentInterface::globalShortcutPressed(QString const&, QString const&, long long) (_t3=<optimized out>, _t2=<optimized out>, _t1=<optimized out>, this=<optimized out>)
>     at /usr/src/debug/kglobalaccel-5.84.0-1.2.x86_64/build/src/kglobalaccel_component_interface.moc:227
> #24 OrgKdeKglobalaccelComponentInterface::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (_o=_o@entry=0x5628d2cfa1d0, _c=_c@entry=QMetaObject::InvokeMetaMethod, _id=_id@entry=0, _a=_a@entry=0x7ffd4d607ac0)
>     at /usr/src/debug/kglobalaccel-5.84.0-1.2.x86_64/build/src/kglobalaccel_component_interface.moc:121
> #25 0x00007f54ffffad7b in OrgKdeKglobalaccelComponentInterface::qt_metacall(QMetaObject::Call, int, void**) (this=0x5628d2cfa1d0, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x7ffd4d607ac0)
>     at /usr/src/debug/kglobalaccel-5.84.0-1.2.x86_64/build/src/kglobalaccel_component_interface.moc:196
> #26 0x00007f55056da6bb in  () at /lib64/libQt5DBus.so.5
> #27 0x00007f550536cf5e in QObject::event(QEvent*) (this=0x5628d2cfa1d0, e=0x7f54f800e070) at kernel/qobject.cpp:1314
> #28 0x00007f550611aa7f in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x5628d2cfa1d0, e=0x7f54f800e070) at kernel/qapplication.cpp:3632
> #29 0x00007f550534096a in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x5628d2cfa1d0, event=0x7f54f800e070) at kernel/qcoreapplication.cpp:1064
> #30 0x00007f55053439b7 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (receiver=0x0, event_type=0, data=0x5628d287dba0) at kernel/qcoreapplication.cpp:1821
> #31 0x00007f55053987d3 in postEventSourceDispatch(GSource*, GSourceFunc, gpointer) (s=s@entry=0x5628d29596b0) at kernel/qeventdispatcher_glib.cpp:277
> #32 0x00007f5503e3f80f in g_main_dispatch (context=0x5628d29389e0) at ../glib/gmain.c:3337
> #33 g_main_context_dispatch (context=0x5628d29389e0) at ../glib/gmain.c:4055
> #34 0x00007f5503e3fb98 in g_main_context_iterate (context=context@entry=0x5628d29389e0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4131
> #35 0x00007f5503e3fc4f in g_main_context_iteration (context=0x5628d29389e0, may_block=1) at ../glib/gmain.c:4196
> #36 0x00007f5505397e54 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x5628d2958f40, flags=...) at kernel/qeventdispatcher_glib.cpp:423
> #37 0x00007f550533f36b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffd4d607f20, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
> #38 0x00007f5505347650 in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
> #39 0x00005628d266441f in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kded-5.84.0-1.1.x86_64/src/kded.cpp:782


SOFTWARE/OS VERSIONS
Operating System: openSUSE Tumbleweed 20210803
KDE Plasma Version: 5.22.3
KDE Frameworks Version: 5.84.0
Qt Version: 5.15.2
Kernel Version: 5.13.1-1.gbebf622-default (64-bit)
Graphics Platform: Wayland
Processors: 4 × Intel® Core™ i7-6600U CPU @ 2.60GHz
Memory: 15.1 GiB of RAM
Graphics Processor: Mesa DRI Intel® HD Graphics 520
Comment 1 Jiri Slaby 2021-08-09 10:58:35 UTC 
(In reply to Jiri Slaby from comment #0)
> It always used to work. Now I switched from X11 to wayland and kded5 crashes
> in XQueryExtension:

(No matter if I press it while in wayland or X11 window.)
Comment 2 Jiri Slaby 2021-08-09 12:33:22 UTC 
(In reply to Jiri Slaby from comment #0)
> > #3  0x00007f550492bb3e in XQueryExtension
> >     (dpy=dpy@entry=0x5628d28aa030, name=name@entry=0x7f54fc12e019 "XInputExtension", major_opcode=major_opcode@entry=0x7ffd4d60744c, first_event=first_event@entry=0x7ffd4d607450, first_error=first_error@entry=0x7ffd4d607454)

   0x00007f550492bb36 <+102>:   test   %rax,%rax
   0x00007f550492bb39 <+105>:   je     0x7f550492bb40 <XQueryExtension+112>
   0x00007f550492bb3b <+107>:   mov    %rbp,%rdi
=> 0x00007f550492bb3e <+110>:   call   *(%rax)

(gdb) p/x $rax
$5 = 0x31

include/X11/Xlibint.h:#define LockDisplay(d)         if ((d)->lock_fns) (*(d)->lock_fns->lock_display)(d)

(gdb) p dpy->lock_fns
$6 = (struct _XLockPtrs *) 0x31

Well, (d)->lock_fns is not NULL in that 'if', but is bogus, so it crashes.
Comment 3 Jiri Slaby 2021-08-09 12:46:00 UTC 
(In reply to Jiri Slaby from comment #2)
> (gdb) p/x $rax
> $5 = 0x31

Seems to be 0x31 every time. So no corruption, or a deterministic one.
Comment 4 Nate Graham 2021-08-09 16:56:54 UTC 
Feel free to submit a merge request to fix it!
Comment 5 Jiri Slaby 2021-08-10 03:57:33 UTC 
(In reply to Nate Graham from comment #4)
> Feel free to submit a merge request to fix it!

If I only knew what the root cause is -- I only described the symptoms... The Display is callocated (so zeroed) and lock_fns explicitly set to NULL in OpenDisplay. lock_fns is then touched (Xmalloc-ed) only in _XInitDisplayLock.

Anyway, whole _XDisplay structure seems to be mangled:
> $4 = {ext_data = 0x7f169265d0a0 <wl_display_interface>, free_funcs = 0x7f1692509d70, fd = 1, conn_checker = 0, proto_major_version = 904794160,
>   proto_minor_version = 21891, vendor = 0x558335ee1100 "", resource_base = 4294967296, resource_mask = 94022033870896, resource_id = 0, resource_shift = 0,
>   resource_alloc = 0x0, byte_order = 904802176, bitmap_unit = 21891, bitmap_pad = 0, bitmap_bit_order = 0, nformats = 0, pixmap_format = 0x0, vnumber = 0,
>   release = 0, head = 0x3, tail = 0xf8, qlen = 256, last_request_read = 94022033919856, request = 0, last_req = 0x0, buffer = 0x0,
>   bufptr = 0x1 <error: Cannot access memory at address 0x1>, bufmax = 0x558335ee10e8 "\350\020\356\065\203U", max_request_size = 904794344,
>   db = 0x558335ee1030, synchandler = 0x558335ee1100, display_name = 0x558335ee1100 "", default_screen = 904794160, nscreens = 21891, screens = 0x0,
>   motion_buffer = 0, flags = 0, min_keycode = 0, max_keycode = 0, keysyms = 0x0, modifiermap = 0xdd00000000, keysyms_per_keycode = 0, xdefaults = 0x0,
>   scratch_buffer = 0x0, scratch_length = 0, ext_number = 0, ext_procs = 0x0, event_vec = {0xe1, 0x7f16903b4640, 0x558335f569e0, 0x6400000001, 0x7f16903b3c68,
>     0x7f1695fa7680 <QMapDataBase::shared_null>, 0x1, 0x0, 0x0, 0x0, 0x7f16903b3c68, 0x7f1695fa7680 <QMapDataBase::shared_null>, 0x1, 0x0, 0x0, 0x0,
>     0x7f16903b3c68, 0x7f1695fa7680 <QMapDataBase::shared_null>, 0x1, 0x0, 0x0, 0x0, 0x7f16903b3c68, 0x7f1695fa7680 <QMapDataBase::shared_null>, 0x1, 0x0,
>     0x0, 0x0, 0x21,
>     0x7f16925aa460 <QtWaylandClient::QWaylandWindowManagerIntegration::wlHandleListenerGlobal(void*, wl_registry*, unsigned int, QString const&, unsigned int)>, 0x558335edacc0, 0x0, 0x31, 0x7f16959c1a00 <main_arena>, 0x558335ee0ed0, 0x5583357d3840 <QHashData::shared_null>, 0x0, 0x0, 0x31, 0x200000001, 0x100000000,
>     0x558335ee1260, 0x0, 0x0, 0x31, 0x558335ed97e0, 0x0, 0x626b782f6769666e, 0x558335ee1200, 0x0, 0x31, 0x73782f656d6f682f, 0x6f632e2f7962616c,
>     0x626b782f6769666e, 0x0, 0x0, 0x31, 0x558335ee1310, 0x558335ed97a0, 0x558335ee1410, 0x0, 0x0, 0x41, 0x6168732f7273752f, 0x6c61636f6c2f6572,
>     0x5f434c2f73632f65, 0x534547415353454d, 0x6f6d2e6362696c2f, 0x0, 0x0, 0x41, 0x558335ee1370, 0x7f1600000001, 0x558335edba20, 0x5583363fd630, 0x0, 0x0,
>     0x0, 0x21, 0x558335edca90, 0xffffffffffffffff, 0x0, 0x21, 0x626b782f6374652f, 0x0, 0x62, 0x21, 0x558335eb2e40, 0x0, 0x0, 0x71, 0x2700000001, 0x28, 0x18,
>     0x5f00700077007a, 0x6d006900720070, 0x5f007900720061, 0x65006c00650073, 0x6f006900740063, 0x650064005f006e, 0x65006300690076, 0x6e0061006d005f,
>     0x72006500670061, 0x310076005f, 0x31, 0x558335f6d710, 0x400, 0x558335f4b830, 0x200000001bd, 0x0, 0x31, 0x100000001, 0x2, 0x18, 0xde78c2c000000034, 0x30,
>     0x21, 0x31646f4d, 0x0, 0x0, 0x61, 0x7f1696190750 <vtable for QObjectPrivate+16>, 0x558335eb5570, 0x0, 0x5583357d38f0 <QListData::shared_null>,
>     0x35ee1130, 0x0, 0x0}, wire_vec = {0x558335eb4ba0, 0x0, 0x0, 0x0, 0x21, 0x7f169265de18 <vtable for QtWaylandClient::QWaylandTabletManagerV2+16>,
>     0x558335eec340, 0x0, 0x101, 0xc00000001, 0xe, 0x18, 0x24, 0xa00000060, 0x2c, 0xa00000060, 0x74, 0xa00000060, 0x558336020de0, 0x1000000a0, 0x18,
>     0xa00000060, 0x0, 0x0, 0x48, 0xa00000060, 0x58, 0xa00000060, 0xc, 0xa00000060, 0x0, 0x114, 0x0, 0xa00000060, 0x50f00, 0x0, 0x558336020480,
>     0x558336011de0, 0x0, 0x100003176, 0x101, 0xa00000001, 0xe, 0x18, 0x0, 0xa00000060, 0x558335f759b0, 0x1000000a0, 0xc, 0xa00000060, 0x28, 0xa00000060,
>     0x44, 0xa00000060, 0x5c, 0xa00000060, 0x78, 0xa00000060, 0x0, 0x114, 0x90, 0xa00000060, 0x0, 0x115, 0x224, 0xa00000060, 0x240, 0x600000060, 0x2ac,
>     0xa00000060, 0x2c0, 0x600000060, 0x21, 0x7f169265dfa0 <vtable for QtWaylandClient::QWaylandShm+16>, 0x558335eec750, 0x558335eeca40, 0x31, 0x700000001,
>     0x8, 0x18, 0x75006e0069006c, 0x6200660078, 0x111, 0xac00000001, 0x7f16000000e8, 0x18, 0x7372657600000007, 0x5006e6f69, 0x6775626564, 0x6863726100000007,
>     0x300716572, 0x3e00444949, 0x702d74712e67726f, 0x512e7463656a6f72, 0x50512e4150512e74, 0x496d726f6674616c, 0x697461726765746e, 0x726f746361466e6f,
>     0x61667265746e4979, 0x332e352e6563, 0x73616c6300000009, 0x656d614e73, 0x6e694c5100000019, 0x65746e4962467875, 0x506e6f6974617267, 0x42006e6967756c,
>     0x6174654d00000008, 0x7f0061746144, 0x558335ed9688, 0x7fff8b1f4660, 0x558335eb4840, 0x7fff8b1f46d8, 0x0, 0x5583357d38c0 <QArrayData::shared_null>,
>     0x5583357d38c0 <QArrayData::shared_null>, 0x5583357d38c0 <QArrayData::shared_null>, 0x31, 0x558335ee2091, 0x0, 0x0, 0x558335ed9680, 0x558335ee19d0, 0x21,
>     0xa100000001, 0x558335eda830, 0x558335eda630, 0x31, 0x700000001}, lock_meaning = 8, lock = 0x18, async_handlers = 0x6c007900610077,
>   bigreq_size = 429503938657, lock_fns = 0x31, idlist_alloc = 0x800000001, key_bindings = 0x7f1600000009, cursor_font = 24, atoms = 0x7379654b00000004,
>   mode_switch = 3473408, num_lock = 7340079, context_db = 0x71, error_vec = 0x558335ed9680, cms = {
>     defaultCCCs = 0x5583357d38c0 <QArrayData::shared_null> "\377\377\377\377", clientCmaps = 0x0, perVisualIntensityMaps = 0x0}, im_filters = 0x0,
>   qfree = 0x0, next_event_serial_num = 0, flushes = 0x0, im_fd_info = 0x558335ee29a0, im_fd_length = 897398976,
>   conn_watchers = 0x5583357d38c0 <QArrayData::shared_null>, watcher_count = 8, filedes = 0x0, savedsynchandler = 0x71, resource_max = 94022033877024,
>   xcmisc_opcode = 897398976, xkb_info = 0x0, trans_conn = 0x0, xcb = 0x0, next_cookie = 0, generic_event_vec = {0x0, 0x0, 0x558335ee1950,
>     0x5583357d38c0 <QArrayData::shared_null>, 0x5583357d38c0 <QArrayData::shared_null>, 0x100000008, 0x0, 0x41, 0x100000001, 0x2, 0x18, 0x0, 0xa00000060,
>     0x756c506e6f697461, 0x6f006e6967, 0x41, 0x100000001, 0x2, 0x18, 0x0, 0xa00000060, 0x10a00000006c0067, 0x100000080, 0x31, 0x558335ee28b1, 0x0, 0x0,
>     0x558335eda4e0, 0x558335eda7c0, 0x51, 0x558335ede290, 0x558335edf100, 0x7f169546b0c0, 0x7f16962c9400, 0x0, 0x558335ede290, 0x558335edf100,
>     0x7f169546b0c0, 0x7f16962c9400, 0x71, 0x558335eb91e0, 0x5583357d38c0 <QArrayData::shared_null>, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x558335ed97c0,
>     0x5583357d38c0 <QArrayData::shared_null>, 0x5583357d38c0 <QArrayData::shared_null>, 0x100000008, 0x0, 0x71, 0x558335ee2db0,
>     0x5583357d38c0 <QArrayData::shared_null>, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x558335ee2e40, 0x5583357d38c0 <QArrayData::shared_null>,
>     0x5583357d38c0 <QArrayData::shared_null>, 0x100000008, 0x0, 0x81, 0x2b00000002, 0x2d, 0x18, 0x7200730075002f, 0x620069006c002f, 0x71002f00340036,
>     0x70002f00350074, 0x6900670075006c, 0x70002f0073006e, 0x6600740061006c, 0x73006d0072006f, 0x620069006c002f, 0x63006e00760071, 0x6f0073002e, 0x100000000,
>     0x21, 0x6c2f343662696c2f, 0x2e74617078656269, 0x312e6f73, 0x21, 0x6c00343662696c2f, 0x2e74617078656269, 0x7f00312e6f73, 0x21, 0xffffffff00000003,
>     0x558335ed9790, 0x20, 0x31, 0xb00000001, 0x0, 0x558335eda570, 0x0, 0x558335ed9770, 0xa1, 0x7f169265def0, 0x558335eeb670, 0x558335ee0ed0, 0x0, 0x0,
>     0x71002f00000000, 0x5583357d38f0 <QListData::shared_null>, 0x5583357d38c0 <QArrayData::shared_null>, 0x70002f00000000, 0x0,
>     0x5583357d38c0 <QArrayData::shared_null>, 0x620069006c0000, 0x0, 0x0, 0x0, 0x0, 0x558335ed90e0, 0x32007800000002, 0x0, 0xa1, 0x3e00000002, 0x40, 0x18,
>     0x7200730075002f, 0x620069006c002f, 0x71002f00340036}, generic_event_copy_vec = {0x70002f00350074, 0x6900670075006c, 0x70002f0073006e, 0x6600740061006c,
>     0x73006d0072006f, 0x620069006c002f, 0x79006100770071, 0x64006e0061006c, 0x6f00630078002d, 0x73006f0070006d, 0x2d006500740069, 0x2e006c00670065, 0x6f0073,
>     0x51, 0x1600000001, 0x17, 0x18, 0x6100740053002f, 0x4e007300750074, 0x6600690074006f, 0x57007200650069, 0x68006300740061, 0x720065, 0x51, 0x558335edddc0,
>     0x558335ede290, 0x7f169546b0c0, 0x7f16962c9400, 0x0, 0x558335edddc0, 0x558335ede290, 0x7f169546b0c0, 0x7f16962c9400, 0x111, 0xa800000001, 0x7f16000000e8,
>     0x18, 0x7372657600000007, 0x5006e6f69, 0x6775626564, 0x6863726100000007, 0x300716572, 0x3e00444949, 0x702d74712e67726f, 0x512e7463656a6f72,
>     0x50512e4150512e74, 0x496d726f6674616c, 0x697461726765746e, 0x726f746361466e6f, 0x61667265746e4979, 0x332e352e6563, 0x73616c6300000009, 0x656d614e73,
>     0x6c67455100000017, 0x726765746e495346, 0x756c506e6f697461, 0x8006e6967, 0x617461446174654d, 0x7fff8b1f4800, 0x7f1695d18213
>      <QListData::realloc_grow(int)+51>, 0x7fff8b1f47f0, 0x7fff8b1f47e0, 0x2, 0x0, 0x5583357d38c0 <QArrayData::shared_null>,
>     0x5583357d38c0 <QArrayData::shared_null>, 0x5583357d38c0 <QArrayData::shared_null>, 0x31, 0x5583362e8071, 0x558335ed9410, 0x558335ee1920, 0x558335ee2db0,
>     0x558335ee1c20, 0x41, 0x200000001, 0x2, 0x18, 0x0, 0xa00000060, 0x558335ee2d90, 0x100000080, 0x81, 0x2900000001, 0x2a, 0x18, 0x5f00700077007a,
>     0x6200790065006b, 0x6400720061006f, 0x6f00680073005f, 0x75006300740072, 0x69005f00730074, 0x6200690068006e, 0x6d005f00740069, 0x670061006e0061,
>     0x76005f00720065, 0x558300000031, 0x1000000a0, 0x101, 0xc00000001, 0x7f160000000e, 0x18, 0x24, 0xa00000060, 0x2c, 0xa00000060, 0xa0, 0xa00000060,
>     0x558335ed9710, 0x1000000a0, 0x18, 0xa00000060, 0x0, 0x0, 0x70, 0xa00000060, 0x80, 0xa00000060, 0xc, 0xa00000060, 0x0, 0x114, 0x0, 0xa00000060, 0x50f00,
>     0x0, 0x7fff8b1f47e0, 0x10, 0x0}, cookiejar = 0x5583357d38c0 <QArrayData::shared_null>, error_threads = 0x111, exit_handler = 0xac00000001,
>   exit_handler_data = 0xe8}


dpy->lock is 0x18
dpy->lock_meaning is 0x8
(gdb) p *dpy->screens
Cannot access memory at address 0x0
(gdb) p dpy->nscreens
$16 = 21891


OTOH, for example dpy->im_fd_info looks to be correct:
> (gdb) p *dpy->im_fd_info
> $15 = {fd = 1, read_callback = 0x558335ee2280, call_data = 0x558335ee2180 "\001", watch_data = 0x31, next = 0xb00000001}

For another crash:
(gdb) p *dpy->screens
Cannot access memory at address 0x0
(gdb) p dpy->nscreens
$1 = 22056
(gdb) p dpy->lock
$2 = (struct _XLockInfo *) 0x18
(gdb) p/x dpy->lock_meaning
$3 = 0x8
(gdb) p *dpy->im_fd_info
$4 = {fd = 1, read_callback = 0x5628d28ab280, call_data = 0x5628d28ab180 "\001", watch_data = 0x31, next = 0xb00000001}
Comment 6 David Redondo 2021-08-10 08:05:02 UTC 
We probably should not be in this X code path at all on Wayland?
Comment 7 Jiri Slaby 2021-08-10 08:07:09 UTC 
(In reply to David Redondo from comment #6)
> We probably should not be in this X code path at all on Wayland?

That's what I think too -- if I am in a wayland window. Not sure what should happen when in Xwayland window, but maybe libX11 should not be invoked too. In any way, both these scenario crash.
Comment 8 Jiri Slaby 2021-08-10 08:49:36 UTC 
(In reply to Jiri Slaby from comment #7)
> (In reply to David Redondo from comment #6)
> > We probably should not be in this X code path at all on Wayland?
> 
> That's what I think too -- if I am in a wayland window.

It's likely that khotkeys (ShortcutsHandler::send_macro_key in particular) do not support wayland quite yet.
Comment 9 Nate Graham 2024-03-04 19:42:02 UTC 
As announced in https://pointieststick.com/2023/07/26/what-we-plan-to-remove-in-plasma-6/ and https://community.kde.org/Plasma/Plasma_6#Removals, I'm afraid KHotKeys has reached end-of-life in Plasma 6. Accordingly, all bug reports and feature requests for it must be closed now.

Most of what KHotKeys could do can already be done with the newer KGlobalAccel system in Plasma 6. A few features such as mouse gestures and triggering conditions based on changes to window states are not yet implemented in the new system. These will be added in the future if and when resources materialize for them, and/or when a kind soul submits patches to implement them! :) Meanwhile, the 3rd-party "Mouse Actions" app (https://github.com/jersou/mouse-actions) may be usable for implementing your own mouse gestures again.

Thanks for your understanding, everyone.