Created attachment 97046 [details] xscope output recording the events around text selection After starting an untrusted X11 session (with the Security Extension enabled), selecting text (=putting text on the PRIMARY clipboard) causes the plasma workspace (taskbar, clock, desktops, desktop widgets, etc) to freeze and become non-responsive to input for ten seconds. In addition to the above, if I then try to READ from the clipboard (e.g. by selecting text in another program, or using xsel), then the program that initiates the clipboard read request freezes as well. If I use "ssh -Y" instead of "ssh -X" (or "xauth -f /tmp/myauthfile generate :0 . trusted" instead of "untrusted"), then the problem does not occur. Steps to reproduce: 1. Set up an untrusted X11 forwarding session, e.g. via "ssh -X localhost" (or via xauth) 2. Open a program with text input, e.g. "kdialog --textinputbox x y" 3. Select text with the mouse 4. Release the mouse 5. Open the terminal and run xsel (OR go to a GUI program like Firefox or Chrome and try to paste the contents of PRIMARY via the mousewheel). Actual result: After step 4, the plasma workspace is frozen for 10 (ten) seconds (can't interact with taskbar, clock isn't ticking, etc.). At step 5, xsel does not immediately return the clipboard (it does not exit until I press ^C, I waited for at least one minute) (if you try to paste in a GUI program, the program freezes) Expected result: At step 4 and 5, the UI should never freeze and become non-responsive. At step 5, xsel should immediately return (might be a bug in xsel?). Additional information: I recorded the data over the X11 protocol using xscope and attached a fragment as x11-select-freeze.log (cutting the head and tail of the logs, but anything in between is not modified). It shows that the ChangeProperty request was rejected with Access error. The stderr of the original program (kdialog) shows a similar issue: X Error: BadAccess (attempt to access private resource denied) 10 Major opcode: 18 (X_ChangeProperty) Resource id: 0x4c0003f Based on the above information, I think that the request was generated by QXcbClipboard::sendSelection. Here is the stack trace of the thread that seems to be busy when plasmashell is frozen. I captured it right after step 4 using $ sudo gdb -q -p `pidof plasmashell` -batch -ex 'thread apply all bt' Thread 1 (Thread 0x7f3fe1021800 (LWP 29489)): #0 0x00007f3fdb65fe23 in select () from /usr/lib/libc.so.6 #1 0x00007f3fcd7b8de0 in ?? () from /usr/lib/libQt5XcbQpa.so.5 #2 0x00007f3fcd7b93ff in ?? () from /usr/lib/libQt5XcbQpa.so.5 #3 0x00007f3fcd7baf00 in ?? () from /usr/lib/libQt5XcbQpa.so.5 #4 0x00007f3fdc2795a9 in QInternalMimeData::formats() const () from /usr/lib/libQt5Gui.so.5 #5 0x00007f3f20caf700 in ?? () from /usr/lib/qt/plugins/plasma/dataengine/plasma_engine_clipboard.so #6 0x00007f3fdbf591a7 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/libQt5Core.so.5 #7 0x00007f3fdc5e6d1e in QClipboard::changed(QClipboard::Mode) () from /usr/lib/libQt5Gui.so.5 #8 0x00007f3fcd7b9629 in ?? () from /usr/lib/libQt5XcbQpa.so.5 #9 0x00007f3fcd7c2048 in QXcbConnection::handleXcbEvent(xcb_generic_event_t*) () from /usr/lib/libQt5XcbQpa.so.5 #10 0x00007f3fcd7c2b73 in QXcbConnection::processXcbEvents() () from /usr/lib/libQt5XcbQpa.so.5 #11 0x00007f3fdbf5a1e1 in QObject::event(QEvent*) () from /usr/lib/libQt5Core.so.5 #12 0x00007f3fdca2e9ac in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5 #13 0x00007f3fdca33e86 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5 #14 0x00007f3fdbf2abab in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQt5Core.so.5 #15 0x00007f3fdbf2cfa6 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/libQt5Core.so.5 #16 0x00007f3fdbf81143 in ?? () from /usr/lib/libQt5Core.so.5 #17 0x00007f3fd85d7dc7 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #18 0x00007f3fd85d8020 in ?? () from /usr/lib/libglib-2.0.so.0 #19 0x00007f3fd85d80cc in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #20 0x00007f3fdbf8154f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5 #21 0x00007f3fdbf2857a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5 #22 0x00007f3fdbf3053c in QCoreApplication::exec() () from /usr/lib/libQt5Core.so.5 #23 0x0000000000431304 in main ()
Created attachment 97047 [details] Full output of sudo gdb -q -p `pidof plasmashell` -batch -ex 'thread apply all bt'
I found this bug while selecting text, but the same happens when I use Ctrl+C to copy to the clipboard.
select can be a blocking system call. Would it be possible for you to get debug symbols for Qt so we can see where this is? Also this is deep in Qt, so we'll have to report this upstream.
I digged up an old debug build of Qt (5.5.1) and got the following. It seems to get stuck for too long in QXcbClipboard::waitForClipboardEvent. Thread 1 (Thread 0x7f714e57d800 (LWP 27821)): #0 0x00007f7148264e23 in select () from /usr/lib/libc.so.6 #1 0x00007f7139800b90 in QXcbClipboard::waitForClipboardEvent (this=this@entry=0xdd5f50, win=win@entry=33554495, type=type@entry=31, timeout=timeout@entry=5000, checkManager=checkManager@entry=false) at qxcbclipboard.cpp:932 #2 0x00007f71398011af in QXcbClipboard::getSelection (this=0xdd5f50, selection=1, target=341, property=346, time=673078026, time@entry=0) at qxcbclipboard.cpp:1020 #3 0x00007f7139802cb0 in QXcbClipboard::getDataInFormat (fmtAtom=<optimized out>, modeAtom=<optimized out>, this=<optimized out>) at qxcbclipboard.cpp:1005 #4 QXcbClipboardMime::formats_sys (this=0x36126d0) at qxcbclipboard.cpp:97 #5 0x00007f71490b2fd9 in QInternalMimeData::formats (this=<optimized out>) at kernel/qdnd.cpp:207 #6 0x00007f708c33a700 in ?? () from /usr/lib/qt/plugins/plasma/dataengine/plasma_engine_clipboard.so #7 0x00007f7148b73fb7 in QtPrivate::QSlotObjectBase::call (a=0x7fff1721bac0, r=0x376b520, this=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qobject_impl.h:124 #8 QMetaObject::activate (sender=0x31f9540, signalOffset=<optimized out>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fff1721bac0) at kernel/qobject.cpp:3698 #9 0x00007f7148b74927 in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7f71496eb400 <QClipboard::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fff1721bac0) at kernel/qobject.cpp:3578 #10 0x00007f7149420bee in QClipboard::changed (this=<optimized out>, _t1=QClipboard::Selection) at .moc/moc_qclipboard.cpp:158 #11 0x00007f7149098383 in QPlatformClipboard::emitChanged (this=this@entry=0xdd5f50, mode=mode@entry=QClipboard::Selection) at kernel/qplatformclipboard.cpp:119 #12 0x00007f71398013d9 in QXcbClipboard::handleXFixesSelectionRequest (this=0xdd5f50, event=event@entry=0x7f7130004aa0) at qxcbclipboard.cpp:754 #13 0x00007f7139807f58 in QXcbConnection::handleXcbEvent (this=this@entry=0xdb4860, event=event@entry=0x7f7130004aa0) at qxcbconnection.cpp:1157 #14 0x00007f7139808bd3 in QXcbConnection::processXcbEvents (this=0xdb4860) at qxcbconnection.cpp:1527 #15 0x00007f7148b74ff1 in QObject::event (this=0xdb4860, e=<optimized out>) at kernel/qobject.cpp:1239 #16 0x00007f7149d0d01c in QApplicationPrivate::notify_helper (this=this@entry=0xdab410, receiver=receiver@entry=0xdb4860, e=e@entry=0x7f7130004320) at kernel/qapplication.cpp:3716 #17 0x00007f7149d124f6 in QApplication::notify (this=0x7fff1721c2d0, receiver=0xdb4860, e=0x7f7130004320) at kernel/qapplication.cpp:3499 #18 0x00007f7148b459ab in QCoreApplication::notifyInternal (this=0x7fff1721c2d0, receiver=0xdb4860, event=event@entry=0x7f7130004320) at kernel/qcoreapplication.cpp:965 #19 0x00007f7148b47da6 in QCoreApplication::sendEvent (event=0x7f7130004320, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:224 #20 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0xda15d0) at kernel/qcoreapplication.cpp:1593 #21 0x00007f7148b48288 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0) at kernel/qcoreapplication.cpp:1451 #22 0x00007f7148b9bf43 in postEventSourceDispatch (s=0xde00b0) at kernel/qeventdispatcher_glib.cpp:271 #23 0x00007f7144957dc7 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #24 0x00007f7144958020 in ?? () from /usr/lib/libglib-2.0.so.0 #25 0x00007f71449580cc in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #26 0x00007f7148b9c34f in QEventDispatcherGlib::processEvents (this=0xe02720, flags=...) at kernel/qeventdispatcher_glib.cpp:418 #27 0x00007f7148b4337a in QEventLoop::exec (this=this@entry=0x7fff1721c170, flags=..., flags@entry=...) at kernel/qeventloop.cpp:204 #28 0x00007f7148b4b33c in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1229 #29 0x0000000000431304 in main ()
Can reproduce the problem. Thanks
I've just tested this on plasmashell 5.20.2 and I can't reproduce the issue. Can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved. I'm setting status to "needsinfo" pending your response, please change back to "reported" or "resolved" when you respond, thanks.
Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging If you have already provided the requested information, please mark the bug as REPORTED so that the KDE team knows that the bug is ready to be confirmed. Thank you for helping us make KDE software even better for everyone!
This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging Thank you for helping us make KDE software even better for everyone!