Bug 442104

SUMMARY

kwin_wayland segmentation faulted in KWin::LibInput::Context::closeRestricted when logging out of Plasma 5.22.5 on Wayland in a Fedora 35 KDE Plasma installation. The screen went black and then Plasma restarted. 

Core was generated by `kwin_wayland --wayland_fd 4 --xwayland /usr/libexec/startplasma-waylandsession'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fe383646a95 in KWin::LibInput::Context::closeRestricted (this=0x558b8b8fb7a0, fd=33) at /usr/src/debug/kwin-5.22.5-1.fc35.x86_64/src/libinput/context.cpp:146
Downloading source file /usr/src/debug/kwin-5.22.5-1.fc35.x86_64/src/libinput/context.cpp...
146         kwinApp()->platform()->session()->closeRestricted(fd);
[Current thread is 1 (Thread 0x7fe36d78d640 (LWP 2255))]

(gdb) bt
#0  0x00007fe383646a95 in KWin::LibInput::Context::closeRestricted(int) (this=0x558b8b8fb7a0, fd=33)
    at /usr/src/debug/kwin-5.22.5-1.fc35.x86_64/src/libinput/context.cpp:146
#1  KWin::LibInput::Context::closeRestrictedCallBack(int, void*) (fd=33, user_data=0x558b8b8fb7a0)
    at /usr/src/debug/kwin-5.22.5-1.fc35.x86_64/src/libinput/context.cpp:97
#2  0x00007fe380e19101 in close_restricted
    (libinput=<optimized out>, libinput=0x558b8b8fb7c0, fd=<optimized out>) at ../src/libinput.c:2054
#3  evdev_device_suspend (device=device@entry=0x558b8b9b8bf0) at ../src/evdev.c:2871
#4  0x00007fe380e22e76 in evdev_device_remove (device=0x558b8b9b8bf0) at ../src/evdev.c:2961
#5  0x00007fe380e129e4 in evdev_device_dispatch (data=0x558b8b9b8bf0) at ../src/evdev.c:1144
#6  0x00007fe380e0e667 in libinput_dispatch (libinput=0x558b8b8fb7c0) at ../src/libinput.c:2209
#7  0x00007fe383646e7d in KWin::LibInput::Context::dispatch()
    (this=<optimized out>, this=<optimized out>)
    at /usr/src/debug/kwin-5.22.5-1.fc35.x86_64/src/libinput/context.cpp:80
#8  KWin::LibInput::Connection::handleEvent() (this=0x558b8b966300)
    at /usr/src/debug/kwin-5.22.5-1.fc35.x86_64/src/libinput/connection.cpp:231
#9  0x00007fe381c573a9 in QtPrivate::QSlotObjectBase::call(QObject*, void**)
    (a=0x7fe36d78c850, r=<optimized out>, this=0x7fe3640047b0)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#10 doActivate<false>(QObject*, int, void**)
    (sender=0x7fe3640046d0, signal_index=3, argv=0x7fe36d78c850) at kernel/qobject.cpp:3886
#11 0x00007fe381c52327 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**)
    (sender=sender@entry=0x7fe3640046d0, m=m@entry=0x7fe381efc460 <QSocketNotifier::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fe36d78c850)
    at kernel/qobject.cpp:3946
#12 0x00007fe381c59b4a in QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) (this=this@entry=0x7fe3640046d0, _t1=..., _t2=<optimized out>, _t3=...) at .moc/moc_qsocketnotifier.cpp:178
#13 0x00007fe381c5a363 in QSocketNotifier::event(QEvent*) (this=0x7fe3640046d0, e=0x7fe36d78c950) at kernel/qsocketnotifier.cpp:302
#14 0x00007fe3828b3443 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x7fe3640046d0, e=0x7fe36d78c950) at kernel/qapplication.cpp:3632
#15 0x00007fe381c23798 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x7fe3640046d0, event=0x7fe36d78c950) at kernel/qcoreapplication.cpp:1064
#16 0x00007fe381c755ff in socketNotifierSourceDispatch(GSource*, GSourceFunc, gpointer) (source=0x7fe364004470) at kernel/qeventdispatcher_glib.cpp:107
#17 0x00007fe37f2d233f in g_main_dispatch (context=0x7fe364000c20) at ../glib/gmain.c:3381
#18 g_main_context_dispatch (context=0x7fe364000c20) at ../glib/gmain.c:4099
#19 0x00007fe37f327288 in g_main_context_iterate.constprop.0 (context=context@entry=0x7fe364000c20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4175
#20 0x00007fe37f2cf9e3 in g_main_context_iteration (context=0x7fe364000c20, may_block=1) at ../glib/gmain.c:4240
#21 0x00007fe381c74b78 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7fe364000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#22 0x00007fe381c221a2 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7fe36d78cbd0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#23 0x00007fe381a652aa in QThread::exec() (this=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#24 0x00007fe381a664a6 in QThreadPrivate::start(void*) (arg=0x558b8b9bc0d0) at thread/qthread_unix.cpp:329
#25 0x00007fe3813caaaf in start_thread (arg=<optimized out>) at pthread_create.c:434
#26 0x00007fe38144f300 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

The crashes started after an update with updates-testing enabled which included libinput-1.18.901-1.fc35 on 2021-9-3. I downgraded to libinput-1.18.1-1.fc35 and rebooted. The crashes didn't happen when logging out of Plasma with libinput-1.18.1-1.fc35. A change between libinput-1.18.1-1.fc35 and libinput-1.18.901-1.fc35 might be involved in these crashes. The crash happened 4/4 times when logging out of Plasma with libinput-1.18.901-1.fc35 using a mouse, but it didn't happen when I logged out using a touchpad. 

STEPS TO REPRODUCE
1. Boot a Fedora 35 KDE Plasma installation 
2. Log in to Plasma on Wayland
3. Start konsole 
4. sudo dnf offline-upgrade download
5. sudo dnf offline-upgrade reboot
6. Log in to Plasma on Wayland
7. Log out of Plasma by selecting the Application Launcher menu > Leave > Log out > OK using a mouse

OBSERVED RESULT
kwin_wayland segmentation faulted in KWin::LibInput::Context::closeRestricted when logging out of Plasma with libinput-1.18.901-1.fc35

EXPECTED RESULT
Plasma would log out normally.

SOFTWARE/OS VERSIONS 
Linux/KDE Plasma: Fedora 35
(available in About System)
KDE Plasma Version: 5.22.5
KDE Frameworks Version: 5.85.0
Qt Version: 5.15.2

ADDITIONAL INFORMATION
I reported this problem at https://bugzilla.redhat.com/show_bug.cgi?id=2001135