Bug 436287 - Crash when opening Discover (maybe fwupd?) with a tablet connected
Summary: Crash when opening Discover (maybe fwupd?) with a tablet connected
Status: RESOLVED FIXED
Alias: None
Product: kwin
Classification: Plasma
Component: wayland-generic (show other bugs)
Version: git master
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: KWin default assignee
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-28 00:46 UTC by Aleix Pol
Modified: 2021-04-29 14:19 UTC (History)
2 users (show)

See Also:
Latest Commit: https://invent.kde.org/plasma/kwin/commit/ccc5551ff000d73d5bcbd507cdf6c5e0f116abd7
Version Fixed In: 5.22

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Aleix Pol 2021-04-28 00:46:20 UTC 
Below is the backtrace, I reproduced it once when running fwupdmgr (which Discover supports as well as a backend). It somehow re-adds a tablet.

I haven't been able to put my finger where the problem is exactly.

#0  KWaylandServer::TabletSeatV2Interface::addTabletPad(QString const&, QString const&, QStringList const&, unsigned int, unsigned int, unsigned int, unsigned int, unsigned int, KWaylandServer::TabletV2Interface*)
    (this=0x561f8dc3ddc0, sysname=<optimized out>, name=<optimized out>, paths=<optimized out>, buttons=<optimized out>, rings=<optimized out>, strips=<optimized out>, modes=<optimized out>, currentMode=<optimized out>, tablet=<optimized out>) at /home/apol/devel/frameworks/kwayland-server/src/server/tablet_v2_interface.cpp:727
#1  0x00007f56fb991807 in KWin::TabletInputFilter::integrateDevice(KWin::LibInput::Device*) (this=0x561f8da42870, device=0x561f8d93ed90) at /home/apol/devel/frameworks/kwin/src/input.cpp:1612
#2  0x00007f56fb9a3fec in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<KWin::LibInput::Device*>, void, void (KWin::TabletInputFilter::*)(KWin::LibInput::Device*)>::call(void (KWin::TabletInputFilter::*)(KWin::LibInput::Device*), KWin::TabletInputFilter*, void**) (f=
    (void (KWin::TabletInputFilter::*)(KWin::TabletInputFilter * const, KWin::LibInput::Device *)) 0x7f56fb9913e0 <KWin::TabletInputFilter::integrateDevice(KWin::LibInput::Device*)>, o=0x561f8da42870, arg=0x7ffc0f57d760) at /home/apol/devel/kde5/include/QtCore/qobjectdefs_impl.h:152
#3  0x00007f56fb9a3f48 in QtPrivate::FunctionPointer<void (KWin::TabletInputFilter::*)(KWin::LibInput::Device*)>::call<QtPrivate::List<KWin::LibInput::Device*>, void>(void (KWin::TabletInputFilter::*)(KWin::LibInput::Device*), KWin::TabletInputFilter*, void**) (f=
    (void (KWin::TabletInputFilter::*)(KWin::TabletInputFilter * const, KWin::LibInput::Device *)) 0x7f56fb9913e0 <KWin::TabletInputFilter::integrateDevice(KWin::LibInput::Device*)>, o=0x561f8da42870, arg=0x7ffc0f57d760) at /home/apol/devel/kde5/include/QtCore/qobjectdefs_impl.h:185
#4  0x00007f56fb9a3e75 in QtPrivate::QSlotObject<void (KWin::TabletInputFilter::*)(KWin::LibInput::Device*), QtPrivate::List<KWin::LibInput::Device*>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (which=1, this_=0x561f8da9d5a0, r=0x561f8da42870, a=0x7ffc0f57d760, ret=0x0)
    at /home/apol/devel/kde5/include/QtCore/qobjectdefs_impl.h:418
#5  0x00007f56f89163d6 in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0x7ffc0f57d760, r=0x561f8da42870, this=0x561f8da9d5a0) at ../../include/QtCore/../../../../../devel/frameworks/qt5/qtbase/src/corelib/kernel/qobjectdefs_impl.h:398
#6  doActivate<false>(QObject*, int, void**) (sender=0x561f8cf19180, signal_index=18, argv=0x7ffc0f57d760) at /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qobject.cpp:3886
#7  0x00007f56fb853136 in KWin::LibInput::Connection::deviceAdded(KWin::LibInput::Device*) (this=0x561f8cf19180, _t1=0x561f8d93ed90) at src/kwin_autogen/PCJB6APXE6/moc_connection.cpp:724
#8  0x00007f56fb9e2773 in KWin::LibInput::Connection::processEvents() (this=0x561f8cf19180) at /home/apol/devel/frameworks/kwin/src/libinput/connection.cpp:376
#9  0x00007f56fb98edfc in KWin::InputRedirection::setupLibInput()::$_3::operator()() const (this=0x561f8cf317a0) at /home/apol/devel/frameworks/kwin/src/input.cpp:2315
#10 0x00007f56fb98eda6 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, KWin::InputRedirection::setupLibInput()::$_3>::call(KWin::InputRedirection::setupLibInput()::$_3&, void**) (f=..., arg=0x7f56e801b028) at /home/apol/devel/kde5/include/QtCore/qobjectdefs_impl.h:146
#11 0x00007f56fb98ed71 in QtPrivate::Functor<KWin::InputRedirection::setupLibInput()::$_3, 0>::call<QtPrivate::List<>, void>(KWin::InputRedirection::setupLibInput()::$_3&, void*, void**) (f=..., arg=0x7f56e801b028) at /home/apol/devel/kde5/include/QtCore/qobjectdefs_impl.h:256
#12 0x00007f56fb98ed1c in QtPrivate::QFunctorSlotObject<KWin::InputRedirection::setupLibInput()::$_3, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (which=1, this_=0x561f8cf31790, r=0x561f8cee6540, a=0x7f56e801b028, ret=0x0) at /home/apol/devel/kde5/include/QtCore/qobjectdefs_impl.h:443
#13 0x00007f56f890be21 in QObject::event(QEvent*) (this=0x561f8cee6540, e=0x7f56e801afe0) at /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qobject.cpp:1314
#14 0x00007f56f98aa17f in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x561f8cee6540, e=0x7f56e801afe0) at /home/apol/devel/frameworks/qt5/qtbase/src/widgets/kernel/qapplication.cpp:3632
#15 0x00007f56f88dfdfa in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x561f8cee6540, event=0x7f56e801afe0) at /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1064
#16 0x00007f56f88e2831 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (receiver=0x0, event_type=0, data=0x561f8ce17580) at /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1821
#17 0x00007f56f89346aa in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x561f8ce58150, flags=...) at /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qeventdispatcher_unix.cpp:468
#18 0x0000561f8cb706fd in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=...) at /home/apol/devel/frameworks/qt5/qtbase/src/platformsupport/eventdispatchers/qunixeventdispatcher.cpp:63
#19 0x00007f56f88de7ab in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffc0f57e050, flags=..., flags@entry=...) at ../../include/QtCore/../../../../../devel/frameworks/qt5/qtbase/src/corelib/global/qflags.h:69
#20 0x00007f56f88e6a30 in QCoreApplication::exec() () at ../../include/QtCore/../../../../../devel/frameworks/qt5/qtbase/src/corelib/global/qflags.h:121
#21 0x0000561f8cb3f3f0 in main(int, char**) (argc=5, argv=0x7ffc0f57eb78) at /home/apol/devel/frameworks/kwin/src/main_wayland.cpp:729
Comment 1 David Edmundson 2021-04-28 14:18:07 UTC 
From the trace it would appear like libinput_device_group_get_user_data doesn't get cleared when we remove a device.

i.e

we call integrateDevice:
        auto tablet = static_cast<KWaylandServer::TabletV2Interface *>(libinput_device_group_get_user_data(deviceGroup));
 
this is null, so we create a tablet and set the user data
then we create our tablet device


but then due to fwupd we call removeDevice() on both the tablet and tablet device

This does not explicitly call `libinput_device_group_set_user_data(myObject, null);


So the next time we add a device libinput_device_group_get_user_data returns a dangling pointer.
Comment 2 Bug Janitor Service 2021-04-28 14:21:59 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/908
Comment 3 David Edmundson 2021-04-28 22:44:16 UTC 
Git commit ccc5551ff000d73d5bcbd507cdf6c5e0f116abd7 by David Edmundson.
Committed on 28/04/2021 at 22:43.
Pushed by davidedmundson into branch 'master'.

[Input] Unset device group user data on teardown

M  +11   -2    src/input.cpp

https://invent.kde.org/plasma/kwin/commit/ccc5551ff000d73d5bcbd507cdf6c5e0f116abd7