448920 – kwin_wayland crashed in KWin::Xwl::WlSource::checkStartTransfer() when I tried to drag a screenshot from Spectacle to Discord

Bug 448920 - kwin_wayland crashed in KWin::Xwl::WlSource::checkStartTransfer() when I tried to drag a screenshot from Spectacle to Discord

Summary: kwin_wayland crashed in KWin::Xwl::WlSource::checkStartTransfer() when I trie...

Status:	RESOLVED FIXED

Alias:	None

Product:	kwin
Classification:	Plasma
Component:	wayland-generic (show other bugs)
Version:	master
Platform:	Neon Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	KWin default assignee

URL:
Keywords:	wayland

Depends on:
Blocks:

Reported:	2022-01-21 19:20 UTC by Patrick Silva
Modified:	2022-01-24 21:28 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:	https://invent.kde.org/plasma/kwin/commit/5079fa82360a012aa48687717d7e4be8d29e0b0f
Version Fixed In:	5.24
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Patrick Silva 2022-01-21 19:20:46 UTC

Summary says it all.

SOFTWARE/OS VERSIONS
Operating System: KDE neon Unstable Edition
KDE Plasma Version: 5.24.80
KDE Frameworks Version: 5.91.0
Qt Version: 5.15.3
Graphics Platform: Wayland




Thread 10 (Thread 0x7f5802023700 (LWP 11769)):
#0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x56332d892938) at ../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x56332d8928e8, cond=0x56332d892910) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=cond@entry=0x56332d892910, mutex=mutex@entry=0x56332d8928e8) at pthread_cond_wait.c:647
#3  0x00007f5802b91b1b in cnd_wait (mtx=0x56332d8928e8, cond=0x56332d892910) at ../include/c11/threads_posix.h:155
#4  util_queue_thread_func (input=input@entry=0x56332d893c50) at ../src/util/u_queue.c:294
#5  0x00007f5802b9171b in impl_thrd_routine (p=<optimized out>) at ../include/c11/threads_posix.h:87
#6  0x00007f5809b2b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#7  0x00007f580963c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 9 (Thread 0x7f57ce7e5700 (LWP 16848)):
#0  0x00007f580963c5ce in epoll_wait (epfd=86, events=events@entry=0x7f57ce7e47f0, maxevents=32, timeout=-1) at ../sysdeps/unix/sysv/linux/epoll_wait.c:30
#1  0x00007f57d66d327b in impl_pollfd_wait (object=<optimized out>, pfd=<optimized out>, ev=0x7f57ce7e49a0, n_ev=<optimized out>, timeout=<optimized out>) at ../spa/plugins/support/system.c:155
#2  0x00007f57d66c56f4 in loop_iterate (object=0x56332e76dde8, timeout=-1) at ../spa/plugins/support/loop.c:316
#3  0x00007f5809a820e0 in do_loop (user_data=0x56332d8f5b30) at ../src/pipewire/data-loop.c:80
#4  0x00007f5809b2b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#5  0x00007f580963c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 8 (Thread 0x7f5801021700 (LWP 11771)):
#0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x56332d892938) at ../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x56332d8928e8, cond=0x56332d892910) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=cond@entry=0x56332d892910, mutex=mutex@entry=0x56332d8928e8) at pthread_cond_wait.c:647
#3  0x00007f5802b91b1b in cnd_wait (mtx=0x56332d8928e8, cond=0x56332d892910) at ../include/c11/threads_posix.h:155
#4  util_queue_thread_func (input=input@entry=0x56332d893ec0) at ../src/util/u_queue.c:294
#5  0x00007f5802b9171b in impl_thrd_routine (p=<optimized out>) at ../include/c11/threads_posix.h:87
#6  0x00007f5809b2b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#7  0x00007f580963c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 7 (Thread 0x7f57ea534700 (LWP 11774)):
#0  0x00007f580962faff in __GI___poll (fds=0x7f57d8005240, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f5807b9a36e in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x7f57d8005240, timeout=<optimized out>, context=0x7f57d8000c20) at ../../../glib/gmain.c:4346
#2  g_main_context_iterate (context=context@entry=0x7f57d8000c20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4042
#3  0x00007f5807b9a4a3 in g_main_context_iteration (context=0x7f57d8000c20, may_block=may_block@entry=1) at ../../../glib/gmain.c:4108
#4  0x00007f5809f879d2 in QEventDispatcherGlib::processEvents (this=0x7f57d8000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007f5809f2bc7b in QEventLoop::exec (this=this@entry=0x7f57ea533bc0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:141
#6  0x00007f5809d45362 in QThread::exec (this=this@entry=0x56332dc7b380) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#7  0x00007f580b61b559 in QQmlThreadPrivate::run (this=0x56332dc7b380) at qml/ftw/qqmlthread.cpp:155
#8  0x00007f5809d46543 in QThreadPrivate::start (arg=0x56332dc7b380) at thread/qthread_unix.cpp:331
#9  0x00007f5809b2b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#10 0x00007f580963c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 6 (Thread 0x7f5801822700 (LWP 11770)):
#0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x56332d892938) at ../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x56332d8928e8, cond=0x56332d892910) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=cond@entry=0x56332d892910, mutex=mutex@entry=0x56332d8928e8) at pthread_cond_wait.c:647
#3  0x00007f5802b91b1b in cnd_wait (mtx=0x56332d8928e8, cond=0x56332d892910) at ../include/c11/threads_posix.h:155
#4  util_queue_thread_func (input=input@entry=0x56332d893e80) at ../src/util/u_queue.c:294
#5  0x00007f5802b9171b in impl_thrd_routine (p=<optimized out>) at ../include/c11/threads_posix.h:87
#6  0x00007f5809b2b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#7  0x00007f580963c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 5 (Thread 0x7f57d4f38700 (LWP 17426)):
#0  futex_abstimed_wait_cancelable (private=<optimized out>, abstime=0x7f57d4f37b50, clockid=<optimized out>, expected=0, futex_word=0x56332e655984) at ../sysdeps/nptl/futex-internal.h:320
#1  __pthread_cond_wait_common (abstime=0x7f57d4f37b50, clockid=<optimized out>, mutex=0x56332e655930, cond=0x56332e655958) at pthread_cond_wait.c:520
#2  __pthread_cond_timedwait (cond=cond@entry=0x56332e655958, mutex=mutex@entry=0x56332e655930, abstime=abstime@entry=0x7f57d4f37b50) at pthread_cond_wait.c:665
#3  0x00007f5809d4c668 in QWaitConditionPrivate::wait_relative (this=0x56332e655930, deadline=...) at thread/qwaitcondition_unix.cpp:136
#4  QWaitConditionPrivate::wait (deadline=..., this=0x56332e655930) at thread/qwaitcondition_unix.cpp:144
#5  QWaitCondition::wait (this=this@entry=0x56332e942340, mutex=mutex@entry=0x56332da3f7e8, deadline=...) at thread/qwaitcondition_unix.cpp:225
#6  0x00007f5809d49b71 in QThreadPoolThread::run (this=0x56332e942330) at ../../include/QtCore/../../src/corelib/thread/qmutex.h:275
#7  0x00007f5809d46543 in QThreadPrivate::start (arg=0x56332e942330) at thread/qthread_unix.cpp:331
#8  0x00007f5809b2b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#9  0x00007f580963c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 0x7f5802824700 (LWP 11768)):
#0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x56332d892938) at ../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x56332d8928e8, cond=0x56332d892910) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=cond@entry=0x56332d892910, mutex=mutex@entry=0x56332d8928e8) at pthread_cond_wait.c:647
#3  0x00007f5802b91b1b in cnd_wait (mtx=0x56332d8928e8, cond=0x56332d892910) at ../include/c11/threads_posix.h:155
#4  util_queue_thread_func (input=input@entry=0x56332d893a20) at ../src/util/u_queue.c:294
#5  0x00007f5802b9171b in impl_thrd_routine (p=<optimized out>) at ../include/c11/threads_posix.h:87
#6  0x00007f5809b2b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#7  0x00007f580963c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7f5804159700 (LWP 11764)):
#0  0x00007f580962faff in __GI___poll (fds=0x7f57fc0053c0, nfds=3, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f5807b9a36e in g_main_context_poll (priority=<optimized out>, n_fds=3, fds=0x7f57fc0053c0, timeout=<optimized out>, context=0x7f57fc001ce0) at ../../../glib/gmain.c:4346
#2  g_main_context_iterate (context=context@entry=0x7f57fc001ce0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4042
#3  0x00007f5807b9a4a3 in g_main_context_iteration (context=0x7f57fc001ce0, may_block=may_block@entry=1) at ../../../glib/gmain.c:4108
#4  0x00007f5809f879d2 in QEventDispatcherGlib::processEvents (this=0x7f57fc000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007f5809f2bc7b in QEventLoop::exec (this=this@entry=0x7f5804158bb0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:141
#6  0x00007f5809d45362 in QThread::exec (this=this@entry=0x7f580c596d80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#7  0x00007f580c512f4b in QDBusConnectionManager::run (this=0x7f580c596d80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:179
#8  0x00007f5809d46543 in QThreadPrivate::start (arg=0x7f580c596d80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:331
#9  0x00007f5809b2b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#10 0x00007f580963c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7f5800820700 (LWP 11772)):
#0  0x00007f580962faff in __GI___poll (fds=0x7f57e4005240, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f5807b9a36e in g_main_context_poll (priority=<optimized out>, n_fds=2, fds=0x7f57e4005240, timeout=<optimized out>, context=0x7f57e4000c20) at ../../../glib/gmain.c:4346
#2  g_main_context_iterate (context=context@entry=0x7f57e4000c20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4042
#3  0x00007f5807b9a4a3 in g_main_context_iteration (context=0x7f57e4000c20, may_block=may_block@entry=1) at ../../../glib/gmain.c:4108
#4  0x00007f5809f879d2 in QEventDispatcherGlib::processEvents (this=0x7f57e4000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007f5809f2bc7b in QEventLoop::exec (this=this@entry=0x7f580081fbe0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:141
#6  0x00007f5809d45362 in QThread::exec (this=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#7  0x00007f5809d46543 in QThreadPrivate::start (arg=0x56332d8976f0) at thread/qthread_unix.cpp:331
#8  0x00007f5809b2b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#9  0x00007f580963c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7f5804e0c680 (LWP 11757)):
#0  0x000056332c7ae099 in KWin::Xwl::WlSource::checkStartTransfer (this=this@entry=0x56332ede26d0, event=event@entry=0x56332edeb5e0) at ./src/xwl/selection_source.cpp:143
#1  0x000056332c7aef1d in KWin::Xwl::WlSource::checkStartTransfer (event=0x56332edeb5e0, this=0x56332ede26d0) at ./src/xwl/selection_source.cpp:124
#2  KWin::Xwl::WlSource::handleSelectionRequest (this=0x56332ede26d0, event=0x56332edeb5e0) at ./src/xwl/selection_source.cpp:79
#3  0x000056332c7a421c in KWin::Xwl::DataBridge::nativeEventFilter (this=0x56332e61b170, eventType=..., message=0x56332edeb5e0) at ./src/xwl/databridge.cpp:64
#4  0x00007f5809f2a60f in QAbstractEventDispatcher::filterNativeEvent (this=<optimized out>, eventType=..., message=message@entry=0x56332edeb5e0, result=result@entry=0x7ffcc1ca3058) at kernel/qabstracteventdispatcher.cpp:495
#5  0x000056332c7b5318 in KWin::Xwl::Xwayland::dispatchEvents (this=0x56332dc1a620) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qbytearray.h:463
#6  0x00007f5809f6419e in QtPrivate::QSlotObjectBase::call (a=0x7ffcc1ca31b0, r=0x56332dc1a620, this=0x56332dc82670) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#7  doActivate<false> (sender=0x56332e625f50, signal_index=3, argv=0x7ffcc1ca31b0) at kernel/qobject.cpp:3886
#8  0x00007f5809f5d567 in QMetaObject::activate (sender=sender@entry=0x56332e625f50, m=m@entry=0x7f580a1c9b40 <QSocketNotifier::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffcc1ca31b0) at kernel/qobject.cpp:3946
#9  0x00007f5809f68223 in QSocketNotifier::activated (this=this@entry=0x56332e625f50, _t1=..., _t2=<optimized out>, _t3=...) at .moc/moc_qsocketnotifier.cpp:178
#10 0x00007f5809f689c3 in QSocketNotifier::event (this=0x56332e625f50, e=0x7ffcc1ca3480) at kernel/qsocketnotifier.cpp:302
#11 0x00007f580aa51dc3 in QApplicationPrivate::notify_helper (this=this@entry=0x56332d6ebc30, receiver=receiver@entry=0x56332e625f50, e=e@entry=0x7ffcc1ca3480) at kernel/qapplication.cpp:3632
#12 0x00007f580aa5abb8 in QApplication::notify (this=0x7ffcc1ca38b0, receiver=0x56332e625f50, e=0x7ffcc1ca3480) at kernel/qapplication.cpp:3156
#13 0x00007f5809f2d17a in QCoreApplication::notifyInternal2 (receiver=0x56332e625f50, event=0x7ffcc1ca3480) at ../../include/QtCore/5.15.3/QtCore/private/../../../../../src/corelib/thread/qthread_p.h:332
#14 0x00007f5809f84bfb in QEventDispatcherUNIXPrivate::activateSocketNotifiers (this=0x56332d6f8230) at kernel/qeventdispatcher_unix.cpp:304
#15 0x00007f5809f8505b in QEventDispatcherUNIX::processEvents (this=<optimized out>, flags=...) at kernel/qeventdispatcher_unix.cpp:511
#16 0x000056332c8b8351 in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#17 0x00007f5809f2bc7b in QEventLoop::exec (this=this@entry=0x7ffcc1ca3610, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:141
#18 0x00007f5809f33e24 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#19 0x000056332c79ab5c in main (argc=<optimized out>, argv=<optimized out>) at ./src/main_wayland.cpp:727

Comment 1 Nate Graham 2022-01-23 19:18:33 UTC

Works for me FWIW. So it's not a 100% reproducible thing.

Comment 2 Vlad Zahorodnii 2022-01-24 12:04:48 UTC

It looks like WlSource::m_dsi gets deleted while dnd is active.

Comment 3 Bug Janitor Service 2022-01-24 14:17:58 UTC

A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/1936

Comment 4 Nate Graham 2022-01-24 21:22:41 UTC

Git commit fdea6d151ec31d80047eaf9bc1649394e5e9602a by Nate Graham, on behalf of David Edmundson.
Committed on 24/01/2022 at 20:43.
Pushed by ngraham into branch 'master'.

Fix xwayland DND crash

Drag and drop objects slightly outlive wayland's DND concept as we have
to cancel the client and wait for a response.

This normally is fine, except in the case that the drag ended because
the sender quit.

Calling setWlSource on drag ends creates a matching pair with
Dnd::startDrag where we first set the source and has parralels with
clipboard.

Selection::handleSelectionRequest checks for the presence of a source.

I could not reproduce the original bug.

M  +1    -0    src/xwl/dnd.cpp

https://invent.kde.org/plasma/kwin/commit/fdea6d151ec31d80047eaf9bc1649394e5e9602a

Comment 5 Nate Graham 2022-01-24 21:27:44 UTC

Git commit 5079fa82360a012aa48687717d7e4be8d29e0b0f by Nate Graham, on behalf of David Edmundson.
Committed on 24/01/2022 at 21:27.
Pushed by ngraham into branch 'Plasma/5.24'.

Fix xwayland DND crash

Drag and drop objects slightly outlive wayland's DND concept as we have
to cancel the client and wait for a response.

This normally is fine, except in the case that the drag ended because
the sender quit.

Calling setWlSource on drag ends creates a matching pair with
Dnd::startDrag where we first set the source and has parralels with
clipboard.

Selection::handleSelectionRequest checks for the presence of a source.

I could not reproduce the original bug.


(cherry picked from commit fdea6d151ec31d80047eaf9bc1649394e5e9602a)

M  +1    -0    src/xwl/dnd.cpp

https://invent.kde.org/plasma/kwin/commit/5079fa82360a012aa48687717d7e4be8d29e0b0f