370232 – crash in kwayland when closing plasmashell in wayland session

Bug 370232 - crash in kwayland when closing plasmashell in wayland session

Summary: crash in kwayland when closing plasmashell in wayland session

Status:	RESOLVED FIXED

Alias:	None

Product:	kwayland
Classification:	Frameworks and Libraries
Component:	general (show other bugs)
Version:	unspecified
Platform:	Compiled Sources Linux

Importance:	VHI crash
Target Milestone:	---
Assignee:	Martin Flöser

URL:	https://phabricator.kde.org/D3004
Keywords:

Depends on:
Blocks:

Reported:	2016-10-07 06:53 UTC by Bhushan Shah
Modified:	2016-10-11 05:41 UTC (History)
CC List:	0 users

See Also:
Latest Commit:	http://commits.kde.org/kwayland/c0aa3a4a2f13b7ab36755c3fac77b278bd842ed1
Version Fixed In:	5.28
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Bhushan Shah 2016-10-07 06:53:35 UTC

Sometimes kwin_wayland crashes when exiting plasmashell.

#0  0x00007f12e72b4779 in KWayland::Server::ClientConnection::flush ( this=0x18c4cd0) at /home/bshah/kdesrc/source/kwayland/src/server/clientconnection.cpp:98
#1  0x00007f12e7316bf2 in KWayland::Server::ShellSurfaceInterface::requestSize (this=0x17c2cd0, size=...) at /home/bshah/kdesrc/source/kwayland/src/server/shell_interface.cpp:254
#2  0x00007f12ee2caa6a in KWin::ShellClient::requestGeometry ( this=0x14b5240, rect=...) at /home/bshah/kdesrc/source/kwin/shell_client.cpp:912 #3  0x00007f12ee2ca920 in KWin::ShellClient::setGeometry (this=0x14b5240, x=1366, y=522, w=322, h=290, force=KWin::AbstractClient::NormalGeometrySet) at /home/bshah/kdesrc/source/kwin/shell_client.cpp:471
#4  0x00007f12ee1075c4 in KWin::AbstractClient::setGeometry ( this=0x14b5240, r=..., force=KWin::AbstractClient::NormalGeometrySet) at /home/bshah/kdesrc/source/kwin/abstract_client.h:1010
#5  0x00007f12ee1c5c35 in KWin::AbstractClient::checkWorkspacePosition ( this=0x14b5240, oldGeometry=..., oldDesktop=-1, oldClientGeometry=...) at /home/bshah/kdesrc/source/kwin/geometry.cpp:1290
#6  0x00007f12ee1c2b38 in KWin::Workspace::updateClientArea ( this=0x114c770, force=false) at /home/bshah/kdesrc/source/kwin/geometry.cpp:302
#7  0x00007f12ee1c1b57 in KWin::Workspace::updateClientArea (this=0x114c770) at /home/bshah/kdesrc/source/kwin/geometry.cpp:314
#8  0x00007f12ee0cbaa5 in KWin::Workspace::init()::$_5::operator()(KWin::ShellClient*) const (this=0x1247730, c=0xc76500) at /home/bshah/kdesrc/source/kwin/workspace.cpp:433
#9  0x00007f12ee0cb9f4 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<KWin::ShellClient*>, void, KWin::Workspace::init()::$_5>::call(KWin::Workspace::init()::$_5&, void**) (f=..., arg=0x7ffc441dd8f0) at /usr/include/qt/QtCore/qobjectdefs_impl.h:501
#10 0x00007f12ee0cb9c1 in QtPrivate::Functor<KWin::Workspace::init()::$_5, 1>::call<QtPrivate::List<KWin::ShellClient*>, void>(KWin::Workspace::init()::$_5&, void*, void**) (f=..., arg=0x7ffc441dd8f0) at /usr/include/qt/QtCore/qobjectdefs_impl.h:558
#11 0x00007f12ee0cb95d in QtPrivate::QFunctorSlotObject<KWin::Workspace::init()::$_5, 1, QtPrivate::List<KWin::ShellClient*>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (which=1, this_=0x1247720, r=0x114c770, a=0x7ffc441dd8f0, ret=0x0) at /usr/include/qt/QtCore/qobject_impl.h:198
#12 0x00007f12e4c3b85e in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/libQt5Core.so.5
#13 0x00007f12ee34282f in KWin::WaylandServer::shellClientRemoved ( this=0x86bf30, _t1=0xc76500) at /home/bshah/kdesrc/build/kwin/moc_wayland_server.cpp:169
#14 0x00007f12ee2d7fc5 in KWin::WaylandServer::removeClient (this=0x86bf30, c=0xc76500) at /home/bshah/kdesrc/source/kwin/wayland_server.cpp:495
#15 0x00007f12ee2c8a62 in KWin::ShellClient::destroyClient (this=0xc76500) at /home/bshah/kdesrc/source/kwin/shell_client.cpp:274
#16 0x00007f12ee2d0f7a in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (KWin::ShellClient::*)()>::call(void (KWin::ShellClient::*)(), KWin::ShellClient*, void**) ( f=(void (KWin::ShellClient::*)(KWin::ShellClient * const)) 0x7f12ee2c88a0 <KWin::ShellClient::destroyClient()>, o=0xc76500, arg=0x7ffc441ddba0) at /usr/include/qt/QtCore/qobjectdefs_impl.h:507
#17 0x00007f12ee2d0ef0 in QtPrivate::FunctionPointer<void (KWin::ShellClient::*)()>::call<QtPrivate::List<>, void>(void (KWin::ShellClient::*)(), KWin::ShellClient*, void**) ( f=(void (KWin::ShellClient::*)(KWin::ShellClient * const)) 0x7f12ee2c88a0 <KWin::ShellClient::destroyClient()>, o=0xc76500, arg=0x7ffc441ddba0) at /usr/include/qt/QtCore/qobjectdefs_impl.h:526
#18 0x00007f12ee2d0e26 in QtPrivate::QSlotObject<void (KWin::ShellClient::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (which=1, this_=0x18c6bb0, r=0xc76500, a=0x7ffc441ddba0, ret=0x0) at /usr/include/qt/QtCore/qobject_impl.h:149
#19 0x00007f12e4c3b85e in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/libQt5Core.so.5
#20 0x00007f12e7338522 in KWayland::Server::Resource::unbound ( this=0x179ee70) at /home/bshah/kdesrc/build/kwayland/src/server/moc_resource.cpp:125 #21 0x00007f12e72f6f62 in KWayland::Server::Resource::Private::unbind ( r=0x13c1100) at /home/bshah/kdesrc/source/kwayland/src/server/resource.cpp:67
#22 0x00007f12dfffbaec in ?? () from /usr/lib/libwayland-server.so.0
#23 0x00007f12e000139d in wl_map_for_each () from /usr/lib/libwayland-server.so.0
#24 0x00007f12dfffc6f8 in wl_client_destroy () from /usr/lib/libwayland-server.so.0
#25 0x00007f12dfffc7d8 in ?? () from /usr/lib/libwayland-server.so.0
#26 0x00007f12dfffe852 in wl_event_loop_dispatch () from /usr/lib/libwayland-server.so.0
#27 0x00007f12e72bc131 in KWayland::Server::Display::Private::dispatch ( this=0x867b10) at /home/bshah/kdesrc/source/kwayland/src/server/display.cpp:131
#28 0x00007f12e72c0218 in KWayland::Server::Display::Private::installSocketNotifier()::$_0::operator()() const (this=0x869f20) at /home/bshah/kdesrc/source/kwayland/src/server/display.cpp:99
#29 0x00007f12e72c01e9 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, KWayland::Server::Display::Private::installSocketNotifier()::$_0>::call(KWayland::Server::Display::Private::installSocketNotifier()::$_0&, void**) (f=..., arg=0x7ffc441de140) at /usr/include/qt/QtCore/qobjectdefs_impl.h:501
#30 0x00007f12e72c01c1 in QtPrivate::Functor<KWayland::Server::Display::Private::installSocketNotifier()::$_0, 0>::call<QtPrivate::List<>, void>(KWayland::Server::Display::Private::installSocketNotifier()::$_0&, void*, void**) ( f=..., arg=0x7ffc441de140) at /usr/include/qt/QtCore/qobjectdefs_impl.h:558
#31 0x00007f12e72c015d in QtPrivate::QFunctorSlotObject<KWayland::Server::Display::Private::installSocketNotifier()::$_0, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (which=1, this_=0x869f10, r=0x851dd0, a=0x7ffc441de140, ret=0x0) at /usr/include/qt/QtCore/qobject_impl.h:198
#32 0x00007f12e4c3b85e in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/libQt5Core.so.5
#33 0x00007f12e4cb5c6e in QSocketNotifier::activated(int, QSocketNotifier::QPrivateSignal) () from /usr/lib/libQt5Core.so.5
#34 0x00007f12e4c48192 in QSocketNotifier::event(QEvent*) () from /usr/lib/libQt5Core.so.5
#35 0x00007f12e58efe3c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#36 0x00007f12e58f75b1 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#37 0x00007f12e4c0fc80 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/libQt5Core.so.5
#38 0x00007f12e4c60f3d in QEventDispatcherUNIXPrivate::activateSocketNotifiers() () from /usr/lib/libQt5Core.so.5
#39 0x00007f12e4c612e4 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#40 0x00007f12d44ab45d in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /opt/kde/lib64/plugins/platforms/KWinQpaPlugin.so
#41 0x00007f12e4c0e0da in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#42 0x00007f12e4c165cc in QCoreApplication::exec() () from /usr/lib/libQt5Core.so.5
#43 0x000000000040c6f4 in main (argc=4, argv=0x7ffc441defe8) at /home/bshah/kdesrc/source/kwin/main_wayland.cpp:741

Comment 1 Martin Flöser 2016-10-10 12:22:49 UTC

Addressed with https://phabricator.kde.org/D3004

Comment 2 Martin Flöser 2016-10-11 05:41:43 UTC

Git commit c0aa3a4a2f13b7ab36755c3fac77b278bd842ed1 by Martin Gräßlin.
Committed on 11/10/2016 at 05:41.
Pushed by graesslin into branch 'master'.

[server] Use deleteLater when a ClientConnection gets destroyed

Summary:
In the situation that a wl_client gets destroyed while still
wl_resources are around it can happen that one of them calls into the
ClientConnection during the cleanup handling which gets triggered at the
same time. This can then trigger a crash.

This change uses deleteLater for the ClientConnection and sets the hold
wl_client pointer to null instead of deleting directly. So the
ClientConnection is still around while the Resources gets cleaned up.
This is similar to the cleanup of Resource where on unbind the
wl_resource pointer is set to null and the Resource gets delete later.
FIXED-IN: 5.28

Reviewers: #plasma, bshah

Subscribers: plasma-devel

Tags: #plasma_on_wayland

Differential Revision: https://phabricator.kde.org/D3004

M  +42   -0    autotests/client/test_wayland_shell.cpp
M  +3    -0    autotests/server/test_display.cpp
M  +20   -3    src/server/clientconnection.cpp

http://commits.kde.org/kwayland/c0aa3a4a2f13b7ab36755c3fac77b278bd842ed1