432746 – Closing windows on Wayland often crashes in Breeze::Decoration::~Decoration()

Bug 432746 - Closing windows on Wayland often crashes in Breeze::Decoration::~Decoration()

Summary: Closing windows on Wayland often crashes in Breeze::Decoration::~Decoration()

Status:	RESOLVED FIXED

Alias:	None

Product:	Breeze
Classification:	Plasma
Component:	window decoration (show other bugs)
Version:	unspecified
Platform:	Other Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Plasma Bugs List

URL:
Keywords:	wayland-only

Depends on:
Blocks:

Reported:	2021-02-10 18:00 UTC by Nate Graham
Modified:	2021-10-24 14:11 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Nate Graham 2021-02-10 18:00:40 UTC

About 25% of the time, when I close a window on Wayland, KWin crashes. The chance of a crash increases to about 50% if the window decoration context menu is open at the moment I close the app.

Here's the backtrace:

free(): invalid pointer

Thread 1 "kwin_wayland" received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
49        return ret;
Missing separate debuginfos, use: zypper install Mesa-libEGL1-debuginfo-20.3.4-272.2.x86_64 kwin5-debuginfo-5.20.5-2.2.x86_64 libavif9-debuginfo-0.8.4-1.1.x86_64 libgthread-2_0-0-debuginfo-2.66.4-1.1.x86_64 libimobiledevice-1_0-6-debuginfo-1.3.0+git.20200910-1.1.x86_64 libplist-2_0-3-debuginfo-2.2.0-1.1.x86_64 libusbmuxd-2_0-6-debuginfo-2.0.2-1.1.x86_64 pipewire-modules-debuginfo-0.3.20-1.1.x86_64
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
#1  0x00007ffff42da864 in __GI_abort () at abort.c:79
#2  0x00007ffff4334047 in __libc_message
    (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff44463b0 "%s\n")
    at ../sysdeps/posix/libc_fatal.c:155
#3  0x00007ffff433bcec in malloc_printerr (str=str@entry=0x7ffff444459d "free(): invalid pointer")
    at malloc.c:5389
#4  0x00007ffff433d0bc in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0)
    at malloc.c:4201
#5  0x00007ffff7413981 in QtPrivate::QSlotObjectBase::destroyIfLastRef() (this=<optimized out>)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:395
#6  QtPrivate::QSlotObjectBase::destroyIfLastRef() (this=<optimized out>)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:394
#7  QObject::~QObject() (this=<optimized out>, __in_chrg=<optimized out>)
    at kernel/qobject.cpp:1068
#8  0x00007fffe41917e9 in Breeze::Decoration::~Decoration()
    (this=0x12d2570, __in_chrg=<optimized out>)
    at /home/nate/kde/src/breeze/kdecoration/breezedecoration.cpp:164
#9  0x00007ffff6cfa33b in KWin::AbstractClient::destroyDecoration() (this=0x113b980)
    at /home/nate/kde/src/kwin/src/abstract_client.cpp:2339
#10 0x00007ffff6e4cd13 in KWin::XdgSurfaceClient::destroyClient() (this=0x113b980)
    at /home/nate/kde/src/kwin/src/xdgshellclient.cpp:331
#11 0x00007ffff74158c6 in QtPrivate::QSlotObjectBase::call(QObject*, void**)
    (a=0x7fffffffc710, r=0x113b980, this=0x141f750)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#12 doActivate<false>(QObject*, int, void**)
    (sender=0x122cb10, signal_index=0, argv=argv@entry=0x7fffffffc710) at kernel/qobject.cpp:3886
#13 0x00007ffff740ec20 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**)
    (sender=sender@entry=0x122cb10, m=m@entry=0x7ffff76baa00 <QObject::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fffffffc710) at kernel/qobject.cpp:3946
#14 0x00007ffff740eccf in QObject::destroyed(QObject*)
    (this=this@entry=0x122cb10, _t1=<optimized out>, _t1@entry=0x122cb10)
    at .moc/moc_qobject.cpp:219
#15 0x00007ffff7413c4d in QObject::~QObject() (this=<optimized out>, __in_chrg=<optimized out>)
    at kernel/qobject.cpp:992
#16 0x00007ffff4ceeb86 in non-virtual thunk to KWaylandServer::XdgToplevelInterfacePrivate::xdg_toplevel_destroy_resource(QtWaylandServer::xdg_toplevel::Resource*) ()
    at /home/nate/kde/src/kwayland-server/src/server/xdgshell_interface.cpp:366
#17 0x00007ffff4d2cfe0 in QtWaylandServer::xdg_toplevel::destroy_func(wl_resource*)
    (client_resource=<optimized out>)
    at /home/nate/kde/build/kwayland-server/src/server/qwayland-server-xdg-shell.cpp:1031
#18 0x00007ffff4c0999f in destroy_resource (element=0x11ff720, data=data@entry=0x0, flags=0)
    at src/wayland-server.c:724
#19 0x00007ffff4c0b331 in wl_resource_destroy (resource=<optimized out>)
    at src/wayland-server.c:741
#20 0x00007ffff2bea42d in ffi_call_unix64 () at ../src/x86/unix64.S:106
#21 0x00007ffff2be64f9 in ffi_call_int
    (cif=<optimized out>, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>, closure=<optimized out>) at ../src/x86/ffi64.c:669
#22 0x00007ffff4c07005 in wl_closure_invoke
    (closure=closure@entry=0x10cbdf0, target=<optimized out>,

    target@entry=0x11ff720, opcode=opcode@entry=0, data=<optimized out>, 
    data@entry=0x141bbc0, flags=<optimized out>) at src/connection.c:1018
#23 0x00007ffff4c0aeec in wl_client_connection_data
    (fd=<optimized out>, mask=<optimized out>, data=<optimized out>) at src/wayland-server.c:432
#24 0x00007ffff4c09ae2 in wl_event_loop_dispatch (loop=0x5237c0, timeout=timeout@entry=0)
    at src/event-loop.c:1027
#25 0x00007ffff4ca9d78 in KWaylandServer::Display::dispatchEvents() (this=<optimized out>)
    at /home/nate/kde/src/kwayland-server/src/server/display.cpp:107
#26 0x00007ffff74158c6 in QtPrivate::QSlotObjectBase::call(QObject*, void**)
    (a=0x7fffffffd090, r=0x5771c0, this=0x54c720)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#27 doActivate<false>(QObject*, int, void**)
    (sender=0x130c720, signal_index=3, argv=argv@entry=0x7fffffffd090) at kernel/qobject.cpp:3886
#28 0x00007ffff740ec20 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**)
    (sender=sender@entry=0x130c720, m=m@entry=0x7ffff76c3a60 <QSocketNotifier::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fffffffd090)
    at kernel/qobject.cpp:3946
#29 0x00007ffff7418cff in QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) (this=this@entry=0x130c720, _t1=..., _t2=<optimized out>, _t3=...)
    at .moc/moc_qsocketnotifier.cpp:178
#30 0x00007ffff74194fb in QSocketNotifier::event(QEvent*) (this=0x130c720, e=0x7fffffffd1a0)
    at kernel/qsocketnotifier.cpp:302
#31 0x00007ffff510b50f in QApplicationPrivate::notify_helper(QObject*, QEvent*)
    (this=<optimized out>, receiver=0x130c720, e=0x7fffffffd1a0) at kernel/qapplication.cpp:3632
#32 0x00007ffff73df2ea in QCoreApplication::notifyInternal2(QObject*, QEvent*)
    (receiver=0x130c720, event=0x7fffffffd1a0) at kernel/qcoreapplication.cpp:1063
#33 0x00007ffff7433bab in QEventDispatcherUNIXPrivate::activateSocketNotifiers() (this=0x500f30)
    at kernel/qeventdispatcher_unix.cpp:304
#34 0x00007ffff743400b in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=...) at kernel/qeventdispatcher_unix.cpp:511
#35 0x00007ffff08421cd in  () at /usr/lib64/qt5/plugins/platforms/KWinQpaPlugin.so
#36 0x00007ffff73ddcab in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
    (this=this@entry=0x7fffffffd330, flags=..., flags@entry=...)
    at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#37 0x00007ffff73e5f20 in QCoreApplication::exec() ()
    at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#38 0x000000000042d25a in main(int, char**) (argc=<optimized out>, argv=<optimized out>)
    at /home/nate/kde/src/kwin/src/main_wayland.cpp:800

Comment 1 Nate Graham 2021-10-24 14:11:31 UTC

Fixed at some point; can no longer reproduce.