Bug 468576

Summary: Middle-clicking various things (certain Panel widgets, KWin-drawn titlebars) crashes the app being middle-clicked in KCheckAccelerators::eventFilter()
Product: [Frameworks and Libraries] frameworks-kxmlgui Reporter: Ryan Y <ryuichi.ya220>
Component: generalAssignee: kdelibs bugs <kdelibs-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: nate, niccolo.venerandi
Priority: NOR    
Version: 5.104.0   
Target Milestone: ---   
Platform: Fedora RPMs   
OS: Linux   
Latest Commit: https://invent.kde.org/frameworks/kxmlgui/commit/5c5fa19a91d2d599d3a4874b3ca2eed28b5baa4e Version Fixed In: 5.106
Sentry Crash Report:

Description Ryan Y 2023-04-16 14:54:54 UTC 
SUMMARY
Middle-clicking on some panel widgets (e.g. to mute all speakers) crashes plasmashell.

STEPS TO REPRODUCE
1.  Middle-click the volume panel icon

OBSERVED RESULT
Crashes plasmashell

EXPECTED RESULT
Does not crash plasmashell

SOFTWARE/OS VERSIONS
Operating System: Fedora Linux 37
KDE Plasma Version: 5.27.4
KDE Frameworks Version: 5.104.0
Qt Version: 5.15.8
Kernel Version: 6.2.10-200.fc37.x86_64 (64-bit)
Graphics Platform: X11

ADDITIONAL INFORMATION
I'm using Breeze as my application style theme. It also happens on a Wayland session.

On my system, middle-clicking the titlebar buttons crashes KWin as well. So it might not be an issue in plasmashell but in Qt or something.

A backtrace generated by gdb:
Thread 1 "plasmashell" received signal SIGSEGV, Segmentation fault.
0x00007fb191bdc8ef in QWidgetPrivate::pointInsideRectAndMask (p=..., this=0x5637162b5800) at ../../include/QtWidgets/5.15.8/QtWidgets/private/../../../../../src/widgets/kernel/qwidget_p.h:840
                                                                                                                                                                                                                                            
840	    return q->rect().contains(p) && (!extra || !extra->hasMask || q->testAttribute(Qt::WA_MouseNoMask)

Thread 1 (Thread 0x7fb18c91a980 (LWP 13671) "plasmashell"):
#0  0x00007fb191bdc8ef in QWidgetPrivate::pointInsideRectAndMask (p=..., this=0x5637162b5800) at ../../include/QtWidgets/5.15.8/QtWidgets/private/../../../../../src/widgets/kernel/qwidget_p.h:840
#1  QWidgetPrivate::childAt_helper (this=0x5637162b5800, p=..., ignoreChildrenInDestructor=ignoreChildrenInDestructor@entry=false) at kernel/qwidget.cpp:10176
#2  0x00007fb191bdc97f in QWidget::childAt (this=this@entry=0x563718302d30, p=...) at kernel/qwidget.cpp:10168
#3  0x00007fb1931f19a9 in KCheckAccelerators::eventFilter (this=0x563715ba84c0, obj=0x563718302d30, e=0x7ffc580c8f00) at /usr/src/debug/kf5-kxmlgui-5.104.0-1.fc37.x86_64/src/kcheckaccelerators.cpp:174
#4  0x00007fb190e9d1d1 in QCoreApplicationPrivate::sendThroughApplicationEventFilters (this=this@entry=0x563715698e30, receiver=receiver@entry=0x563718302d30, event=event@entry=0x7ffc580c8f00) at kernel/qcoreapplication.cpp:1172
#5  0x00007fb191baeda0 in QApplicationPrivate::notify_helper (this=0x563715698e30, receiver=0x563718302d30, e=0x7ffc580c8f00) at kernel/qapplication.cpp:3611
#6  0x00007fb190e9d4e8 in QCoreApplication::notifyInternal2 (receiver=0x563718302d30, event=0x7ffc580c8f00) at kernel/qcoreapplication.cpp:1064
#7  0x00007fb190e9d6f2 in QCoreApplication::sendSpontaneousEvent (receiver=<optimized out>, event=<optimized out>) at kernel/qcoreapplication.cpp:1474
#8  0x00007fb19136ad6d in QGuiApplicationPrivate::processMouseEvent (e=0x56371ac07b20) at kernel/qguiapplication.cpp:2278
#9  0x00007fb191349f1c in QWindowSystemInterface::sendWindowSystemEvents (flags=flags@entry=...) at kernel/qwindowsysteminterface.cpp:1169
#10 0x00007fb17f116a7e in xcbSourceDispatch (source=<optimized out>) at qxcbeventdispatcher.cpp:105
#11 0x00007fb18fc65c7f in g_main_dispatch (context=0x7fb178005010) at ../glib/gmain.c:3454
#12 g_main_context_dispatch (context=0x7fb178005010) at ../glib/gmain.c:4172
#13 0x00007fb18fcbc118 in g_main_context_iterate.constprop.0 (context=0x7fb178005010, block=1, dispatch=1, self=<optimized out>) at ../glib/gmain.c:4248
#14 0x00007fb18fc62f00 in g_main_context_iteration (context=0x7fb178005010, may_block=1) at ../glib/gmain.c:4313
#15 0x00007fb190eee5fa in QEventDispatcherGlib::processEvents (this=0x563715773d80, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#16 0x00007fb190e9bf3a in QEventLoop::exec (this=this@entry=0x7ffc580c9290, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#17 0x00007fb190ea4002 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#18 0x00007fb19135fad0 in QGuiApplication::exec () at kernel/qguiapplication.cpp:1863
#19 0x00007fb191baecd9 in QApplication::exec () at kernel/qapplication.cpp:2832
#20 0x0000563713e266ac in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/plasma-workspace-5.27.4.1-1.fc37.x86_64/shell/main.cpp:235
Detaching from program: /usr/bin/plasmashell, process 13671
[Inferior 1 (process 13671) detached]
Comment 1 Nate Graham 2023-04-17 16:54:14 UTC 
Interesting, cannot reproduce on Fedora 37 myself. Are you by any chance using a non-Breeze *Plasma* theme?

> On my system, middle-clicking the titlebar buttons crashes KWin as well
Yes, seems more likely. I can't reproduce that either.

Does any of this happen in the Wayland session too? Or only on X11?
Comment 2 Ryan Y 2023-04-17 23:45:53 UTC 
I'm using Breeze Dark.

Yes, it happens in the Wayland session too.
Comment 3 Nate Graham 2023-04-18 15:25:44 UTC 
Thanks. Let's see if the kwin_wayland crash is the same thing. If so, it points to a deeper bug. So can you please attach a backtrace of the kwin_wayland using the `coredumpctl` command-line program, as detailed in https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports#Retrieving_a_backtrace_using_coredumpctl?

Thanks!
Comment 4 Ryan Y 2023-04-19 03:54:09 UTC 
I'm not a professional but it looks like the same issue. 

#0  QRect::width (this=<optimized out>) at kernel/qwidget.h:860
#1  QWidget::rect (this=0x5616e95b60d0) at kernel/qwidget.h:860
#2  QWidgetPrivate::pointInsideRectAndMask (p=..., this=0x5616e95b1f80) at ../../include/QtWidgets/5.15.8/QtWidgets/private/../../../../../src/widgets/kernel/qwidget_p.h:840
#3  QWidgetPrivate::childAt_helper (this=0x5616e95b1f80, p=..., ignoreChildrenInDestructor=ignoreChildrenInDestructor@entry=false) at kernel/qwidget.cpp:10176
#4  0x00007fd1a09dc97f in QWidget::childAt (this=this@entry=0x5616e95b60d0, p=...) at kernel/qwidget.cpp:10168
#5  0x00007fd1a01a99a9 in KCheckAccelerators::eventFilter (this=0x5616e84030b0, obj=0x5616e95b60d0, e=0x7ffec66dd250) at /usr/src/debug/kf5-kxmlgui-5.104.0-1.fc37.x86_64/src/kcheckaccelerators.cpp:174
#6  0x00007fd1a129d1d1 in QCoreApplicationPrivate::sendThroughApplicationEventFilters (this=this@entry=0x5616e81f4cb0, receiver=receiver@entry=0x5616e95b60d0, event=event@entry=0x7ffec66dd250) at kernel/qcoreapplication.cpp:1172
#7  0x00007fd1a09aeda0 in QApplicationPrivate::notify_helper (this=0x5616e81f4cb0, receiver=0x5616e95b60d0, e=0x7ffec66dd250) at kernel/qapplication.cpp:3611
#8  0x00007fd1a129d4e8 in QCoreApplication::notifyInternal2 (receiver=0x5616e95b60d0, event=0x7ffec66dd250) at kernel/qcoreapplication.cpp:1064
#9  0x00007fd1a129d6d2 in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>) at kernel/qcoreapplication.cpp:1462
#10 0x00007fd1a29f42ff in KDecoration2::Decoration::mousePressEvent (this=<optimized out>, event=0x7ffec66dd250) at /usr/src/debug/kdecoration-5.27.4-1.fc37.x86_64/src/decoration.cpp:365
#11 0x00007fd1a29f1b07 in KDecoration2::Decoration::event (this=<optimized out>, event=<optimized out>) at /usr/src/debug/kdecoration-5.27.4-1.fc37.x86_64/src/decoration.cpp:294
#12 0x00007fd1a09aed62 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x5616e9587240, e=0x7ffec66dd250) at kernel/qapplication.cpp:3640
#13 0x00007fd1a129d4e8 in QCoreApplication::notifyInternal2 (receiver=0x5616e9587240, event=0x7ffec66dd250) at kernel/qcoreapplication.cpp:1064
#14 0x00007fd1a129d6d2 in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>) at kernel/qcoreapplication.cpp:1462
#15 0x00007fd1a2c4e60d in KWin::DecorationEventFilter::pointerEvent (this=<optimized out>, event=0x7ffec66dd380, nativeButton=<optimized out>) at /usr/src/debug/kwin-5.27.4.1-1.fc37.x86_64/src/input.cpp:1396
#16 0x00007fd1a2c8e5d5 in std::__invoke_impl<bool, bool (KWin::InputEventFilter::*&)(KWin::MouseEvent*, unsigned int), KWin::InputEventFilter* const&, KWin::MouseEvent*&, unsigned int&> (__f=<optimized out>,
    __t=@0x5616e85cb280: 0x5616e85cbb10) at /usr/include/c++/12/bits/invoke.h:71
#17 std::__invoke<bool (KWin::InputEventFilter::*&)(KWin::MouseEvent*, unsigned int), KWin::InputEventFilter* const&, KWin::MouseEvent*&, unsigned int&> (__fn=<optimized out>) at /usr/include/c++/12/bits/invoke.h:96
#18 std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)>::__call<bool, KWin::InputEventFilter* const&, 0ul, 1ul, 2ul>(std::tuple<KWin::InputEventFilter* const&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) (__args=..., this=<optimized out>) at /usr/include/c++/12/functional:495
#19 std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)>::operator()<KWin::InputEventFilter* const&, bool>(KWin::InputEventFilter* const&) (
    this=<optimized out>) at /usr/include/c++/12/functional:580
#20 __gnu_cxx::__ops::_Iter_pred<std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)> >::operator()<KWin::InputEventFilter* const*>(KWin::InputEventFilter* const*) (__it=0x5616e85cb280, this=<optimized out>) at /usr/include/c++/12/bits/predefined_ops.h:318
#21 std::__find_if<KWin::InputEventFilter* const*, __gnu_cxx::__ops::_Iter_pred<std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)> > >(KWin::InputEventFilter* const*, KWin::InputEventFilter* const*, __gnu_cxx::__ops::_Iter_pred<std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)> >, std::random_access_iterator_tag) (__pred=..., __last=0x5616e85cb2b0, __first=0x5616e85cb280) at /usr/include/c++/12/bits/stl_algobase.h:2079
#22 std::__find_if<KWin::InputEventFilter* const*, __gnu_cxx::__ops::_Iter_pred<std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)> > >(KWin::InputEventFilter* const*, KWin::InputEventFilter* const*, __gnu_cxx::__ops::_Iter_pred<std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)> >) (__pred=...,
    __last=0x5616e85cb2b0, __first=0x5616e85cb228) at /usr/include/c++/12/bits/stl_algobase.h:2112
#23 std::find_if<KWin::InputEventFilter* const*, std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)> >(KWin::InputEventFilter* const*, KWin::InputEventFilter* const*, std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)>) (__pred=..., __last=0x5616e85cb2b0, __first=0x5616e85cb228)
    at /usr/include/c++/12/bits/stl_algo.h:3877
#24 std::none_of<KWin::InputEventFilter* const*, std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)> >(KWin::InputEventFilter* const*, KWin::InputEventFilter* const*, std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)>) (__pred=..., __last=0x5616e85cb2b0, __first=0x5616e85cb228)
    at /usr/include/c++/12/bits/stl_algo.h:474
#25 std::any_of<KWin::InputEventFilter* const*, std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)> >(KWin::InputEventFilter* const*, KWin::InputEventFilter* const*, std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)>) (__pred=..., __last=0x5616e85cb2b0, __first=0x5616e85cb228)
    at /usr/include/c++/12/bits/stl_algo.h:493
#26 KWin::InputRedirection::processFilters<std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)> >(std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)>) (function=..., this=<optimized out>) at /usr/src/debug/kwin-5.27.4.1-1.fc37.x86_64/src/input.h:193
#27 KWin::PointerInputRedirection::processButton (this=0x5616e82d8930, button=274, state=KWin::InputRedirection::PointerButtonPressed, time=..., device=<optimized out>)
    at /usr/src/debug/kwin-5.27.4.1-1.fc37.x86_64/src/pointer_input.cpp:280
#28 0x00007fd1a12d0e96 in QtPrivate::QSlotObjectBase::call (a=0x7ffec66dd560, r=<optimized out>, this=0x5616e84025b0) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#29 doActivate<false> (sender=0x5616e83fb5e0, signal_index=4, argv=0x7ffec66dd560) at kernel/qobject.cpp:3923
#30 0x00007fd1a12cbe27 in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7fd1a2ff7500 <KWin::InputDevice::staticMetaObject>, local_signal_index=local_signal_index@entry=1, argv=argv@entry=0x7ffec66dd560)
    at kernel/qobject.cpp:3983
#31 0x00007fd1a2ba52b3 in KWin::InputDevice::pointerButtonChanged (this=<optimized out>, _t1=<optimized out>, _t2=<optimized out>, _t3=..., _t4=<optimized out>)
    at /usr/src/debug/kwin-5.27.4.1-1.fc37.x86_64/redhat-linux-build/src/kwin_autogen/TAC5DWH4SE/moc_inputdevice.cpp:663
#32 0x00007fd1a2dbd931 in KWin::LibInput::Connection::processEvents (this=0x5616e83633e0) at /usr/src/debug/kwin-5.27.4.1-1.fc37.x86_64/src/backends/libinput/connection.cpp:351
#33 0x00007fd1a12c8134 in QObject::event (this=0x5616e82484a0, e=0x7fd150007c60) at kernel/qobject.cpp:1347
#34 0x00007fd1a09aed62 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x5616e82484a0, e=0x7fd150007c60) at kernel/qapplication.cpp:3640
#35 0x00007fd1a129d4e8 in QCoreApplication::notifyInternal2 (receiver=0x5616e82484a0, event=0x7fd150007c60) at kernel/qcoreapplication.cpp:1064
#36 0x00007fd1a129d6d2 in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>) at kernel/qcoreapplication.cpp:1462
#37 0x00007fd1a12a0854 in QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=data@entry=0x5616e81f4e20) at kernel/qcoreapplication.cpp:1821
#38 0x00007fd1a12ebb45 in QEventDispatcherUNIX::processEvents (this=0x5616e820fee0, flags=...) at kernel/qeventdispatcher_unix.cpp:468
#39 0x00005616e79e5701 in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#40 0x00007fd1a129bf3a in QEventLoop::exec (this=this@entry=0x7ffec66dd990, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#41 0x00007fd1a12a4002 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#42 0x00007fd1a175fad0 in QGuiApplication::exec () at kernel/qguiapplication.cpp:1863
#43 0x00007fd1a09aecd9 in QApplication::exec () at kernel/qapplication.cpp:2832
#44 0x00005616e7905d21 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kwin-5.27.4.1-1.fc37.x86_64/src/main_wayland.cpp:628
Comment 5 Nate Graham 2023-04-19 16:21:48 UTC 
Thanks!
Comment 6 Bug Janitor Service 2023-04-20 08:51:22 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/kxmlgui/-/merge_requests/165
Comment 7 David Redondo 2023-04-20 11:25:12 UTC 
Git commit 259c50ff99515e54e4b19ad233e847653429fa82 by David Redondo.
Committed on 20/04/2023 at 11:12.
Pushed by davidre into branch 'master'.

kcheckaccelerators: Don't blindly cast to QWidget

The object that receives the event is not necessarily a QWidget
FIXED-IN:5.106

M  +4    -5    src/kcheckaccelerators.cpp

https://invent.kde.org/frameworks/kxmlgui/commit/259c50ff99515e54e4b19ad233e847653429fa82
Comment 8 Ryan Y 2023-04-20 11:52:19 UTC 
Does this mean the fix has already been merged? That's awesome.

Thank you, Nate and David!
Comment 9 David Redondo 2023-04-20 13:19:56 UTC 
Git commit 5c5fa19a91d2d599d3a4874b3ca2eed28b5baa4e by David Redondo.
Committed on 20/04/2023 at 13:05.
Pushed by davidre into branch 'kf5'.

kcheckaccelerators: Don't blindly cast to QWidget

The object that receives the event is not necessarily a QWidget
FIXED-IN:5.106


(cherry picked from commit 259c50ff99515e54e4b19ad233e847653429fa82)

M  +4    -5    src/kcheckaccelerators.cpp

https://invent.kde.org/frameworks/kxmlgui/commit/5c5fa19a91d2d599d3a4874b3ca2eed28b5baa4e
Comment 10 Nate Graham 2023-04-20 22:09:06 UTC 
Wow, that was a fast fix. Thanks a lot, David!