449101 – (SEGV) KWin crashed in KWaylandServer::PrimarySelectionOfferV1Interface::PrimarySelectionOfferV1Interface after logging out

Bug 449101 - (SEGV) KWin crashed in KWaylandServer::PrimarySelectionOfferV1Interface::PrimarySelectionOfferV1Interface after logging out

Summary: (SEGV) KWin crashed in KWaylandServer::PrimarySelectionOfferV1Interface::Prim...

Status:	RESOLVED FIXED

Alias:	None

Product:	kwin
Classification:	Plasma
Component:	wayland-generic (show other bugs)
Version:	5.23.90
Platform:	Neon Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	KWin default assignee

URL:
Keywords:	wayland

Depends on:
Blocks:

Reported:	2022-01-24 21:31 UTC by postix
Modified:	2022-01-25 09:13 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:	https://invent.kde.org/plasma/kwin/commit/b04ad69d974b24de36a3444452a467f8f15c78b8
Version Fixed In:

Attachments
KWin support information (6.69 KB, text/plain) 2022-01-24 21:31 UTC, postix	Details
Full stacktrace (178.93 KB, text/plain) 2022-01-24 21:35 UTC, postix	Details
Journalctl log (371.48 KB, text/plain) 2022-01-24 21:42 UTC, postix	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description postix 2022-01-24 21:31:42 UTC

Created attachment 145891 [details]
KWin support information

SUMMARY

```
#0  0x00007f7418b447ae in QObjectPrivate::ConnectionData::resizeSignalVector (size=5, this=0x564c0fdae381) at kernel/qobject_p.h:294
#1  QObjectPrivate::addConnection (this=<optimized out>, signal=signal@entry=4, c=c@entry=0x564c11351d10) at kernel/qobject.cpp:326
#2  0x00007f7418b4769a in QObjectPrivate::connectImpl (sender=0x564c0e94bb10, signal_index=4, receiver=0x564c0fb98f40, slot=<optimized out>, slotObj=<optimized out>, type=<optimized out>, types=<optimized out>, 
    senderMetaObject=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qobject.h:132
#3  0x00007f7418b47b35 in QObject::connectImpl (sender=sender@entry=0x564c0e94bb10, signal=signal@entry=0x7ffcd9e7b5a0, receiver=receiver@entry=0x564c0fb98f40, slot=slot@entry=0x0, slotObj=0x564c0f790f70, 
    type=Qt::AutoConnection, types=0x0, senderMetaObject=<optimized out>) at kernel/qobject.cpp:5001
#4  0x00007f741aa431d0 in QObject::connect<void (KWaylandServer::AbstractDataSource::*)(const QString&), KWaylandServer::PrimarySelectionOfferV1Interface::PrimarySelectionOfferV1Interface(KWaylandServer::AbstractDataSource*, wl_resource*)::<lambda(const QString&)> > (type=Qt::AutoConnection, slot=..., context=0x564c0fb98f40, signal=
    (void (KWaylandServer::AbstractDataSource::*)(KWaylandServer::AbstractDataSource * const, const QString &)) 0x7f741aa07d40 <KWaylandServer::AbstractDataSource::mimeTypeOffered(QString const&)>, sender=0x564c0e94bb10)
    at /usr/include/c++/9/bits/move.h:99
#5  KWaylandServer::PrimarySelectionOfferV1Interface::PrimarySelectionOfferV1Interface (this=0x564c0fb98f40, source=0x564c0e94bb10, resource=<optimized out>) at ./src/server/primaryselectionoffer_v1_interface.cpp:68
#6  0x00007f741aa42a32 in KWaylandServer::PrimarySelectionDeviceV1InterfacePrivate::createDataOffer (this=0x564c105843d0, source=0x564c0e94bb10) at ./src/server/primaryselectiondevice_v1_interface.cpp:89
#7  0x00007f741aa42bd6 in KWaylandServer::PrimarySelectionDeviceV1Interface::sendSelection (this=0x564c100ef720, other=<optimized out>) at ./src/server/primaryselectiondevice_v1_interface.cpp:128
#8  0x00007f741aa49f45 in KWaylandServer::SeatInterface::setFocusedKeyboardSurface (this=0x564c0e7867e0, surface=0x564c0f7f4f30) at ./src/server/seat_interface.cpp:932
#9  0x00007f741aea6eeb in KWin::KeyboardInputRedirection::<lambda()>::operator() (__closure=0x564c0ed41270) at ./src/keyboard_input.cpp:141
#10 QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, KWin::KeyboardInputRedirection::init()::<lambda()> >::call (arg=<optimized out>, f=...)
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:146
#11 QtPrivate::Functor<KWin::KeyboardInputRedirection::init()::<lambda()>, 0>::call<QtPrivate::List<>, void> (arg=<optimized out>, f=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:256
#12 QtPrivate::QFunctorSlotObject<KWin::KeyboardInputRedirection::init()::<lambda()>, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=<optimized out>, this_=0x564c0ed41260, 
    r=<optimized out>, a=<optimized out>, ret=<optimized out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:443
#13 0x00007f7418b5219e in QtPrivate::QSlotObjectBase::call (a=0x7ffcd9e7b820, r=0x564c0e7ab6c0, this=0x564c0ed41260) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#14 doActivate<false> (sender=0x564c0eb32c30, signal_index=10, argv=0x7ffcd9e7b820) at kernel/qobject.cpp:3886
#15 0x00007f7418b4b567 in QMetaObject::activate (sender=sender@entry=0x564c0eb32c30, m=m@entry=0x7f741b0d4380 <KWin::Workspace::staticMetaObject>, local_signal_index=local_signal_index@entry=7, argv=argv@entry=0x7ffcd9e7b820)
    at kernel/qobject.cpp:3946
#16 0x00007f741addc566 in KWin::Workspace::clientActivated (this=this@entry=0x564c0eb32c30, _t1=<optimized out>) at ./obj-x86_64-linux-gnu/src/kwin_autogen/EWIEGA46WW/moc_workspace.cpp:693
#17 0x00007f741ae1f706 in KWin::Workspace::setActiveClient (this=0x564c0eb32c30, c=c@entry=0x7f739805eb20) at ./src/activation.cpp:267
#18 0x00007f741ae1448b in KWin::AbstractClient::setActive (this=this@entry=0x7f739805eb20, act=act@entry=true) at ./src/workspace.h:811
#19 0x00007f741afae35a in KWin::XdgToplevelClient::takeFocus (this=0x7f739805eb20) at ./src/xdgshellclient.cpp:1017
#20 0x00007f741ae1fc64 in KWin::Workspace::takeActivity (this=this@entry=0x564c0eb32c30, c=c@entry=0x7f739805eb20, flags=..., flags@entry=...) at ./src/activation.cpp:391
#21 0x00007f741ae20104 in KWin::Workspace::requestFocus (this=this@entry=0x564c0eb32c30, c=c@entry=0x7f739805eb20, force=force@entry=false) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qflags.h:121
#22 0x00007f741ae20827 in KWin::Workspace::activateNextClient (this=this@entry=0x564c0eb32c30, c=<optimized out>, c@entry=0x564c10391150) at ./src/activation.cpp:496
#23 0x00007f741ae209c9 in KWin::Workspace::clientHidden (this=this@entry=0x564c0eb32c30, c=c@entry=0x564c10391150) at ./src/activation.cpp:412
#24 0x00007f741af756a6 in KWin::Workspace::removeShellClient (this=0x564c0eb32c30, client=0x564c10391150) at ./src/workspace.cpp:822
#25 0x00007f7418b5219e in QtPrivate::QSlotObjectBase::call (a=0x7ffcd9e7bae0, r=0x564c0eb32c30, this=0x564c0ec67460) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#26 doActivate<false> (sender=0x564c0e757350, signal_index=4, argv=0x7ffcd9e7bae0) at kernel/qobject.cpp:3886
#27 0x00007f7418b4b567 in QMetaObject::activate (sender=sender@entry=0x564c0e757350, m=m@entry=0x7f741b0d45c0 <KWin::WaylandServer::staticMetaObject>, local_signal_index=local_signal_index@entry=1, argv=argv@entry=0x7ffcd9e7bae0)
    at kernel/qobject.cpp:3946
#28 0x00007f741addc3e6 in KWin::WaylandServer::shellClientRemoved (this=this@entry=0x564c0e757350, _t1=<optimized out>) at ./obj-x86_64-linux-gnu/src/kwin_autogen/EWIEGA46WW/moc_wayland_server.cpp:178
#29 0x00007f741af5b75f in KWin::WaylandServer::removeClient (this=0x564c0e757350, c=<optimized out>, c@entry=0x564c10391150) at ./src/wayland_server.cpp:707
#30 0x00007f741afa7a9c in KWin::XdgSurfaceClient::destroyClient (this=0x564c10391150) at ./src/wayland_server.h:281
#31 0x00007f741af763d0 in KWin::Workspace::~Workspace (this=0x564c0eb32c30, __in_chrg=<optimized out>) at ./src/workspace.cpp:479
#32 0x00007f741af76c6d in KWin::Workspace::~Workspace (this=0x564c0eb32c30, __in_chrg=<optimized out>) at ./src/workspace.cpp:470
#33 0x0000564c0c747c26 in KWin::ApplicationWayland::~ApplicationWayland (this=0x7ffcd9e7be70, __in_chrg=<optimized out>) at ./src/main_wayland.cpp:131
#34 0x0000564c0c7441b0 in main (argc=<optimized out>, argv=<optimized out>) at /usr/include/c++/9/bits/atomic_base.h:326
```

SOFTWARE/OS VERSIONS
Operating System: KDE neon Testing Edition
KDE Plasma Version: 5.23.90
KDE Frameworks Version: 5.91.0
Qt Version: 5.15.3
Kernel Version: 5.13.0-27-generic (64-bit)
Graphics Platform: Wayland
Graphics Processor: Radeon RX 580 Series

ADDITIONAL INFORMATION
Primary Monitor connected via DP
Secondyary Monitor connected via HDMI

Comment 1 postix 2022-01-24 21:35:32 UTC

Created attachment 145892 [details]
Full stacktrace

Comment 2 postix 2022-01-24 21:42:54 UTC

Created attachment 145893 [details]
Journalctl log

This log contains all the tests I had done before w/ detaching the HDMI monitor etc + the final crash, when I tried to log out in the end.

Comment 3 Bug Janitor Service 2022-01-25 08:06:48 UTC

A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwayland-server/-/merge_requests/348

Comment 4 Bug Janitor Service 2022-01-25 08:20:00 UTC

A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/1940

Comment 5 Vlad Zahorodnii 2022-01-25 08:31:29 UTC

Git commit 557b3825b27187a8bb0a85d21a8f58c041a96e57 by Vlad Zahorodnii.
Committed on 25/01/2022 at 07:59.
Pushed by vladz into branch 'master'.

Make data source objects "parentless"

The SeatInterface cleans up currentSelection and currentPrimarySelection
when the AbstractDataSource::aboutToBeDestroyed() signal is emitted, but
since the data source and primary data source have parent objects, they
can be potentially destroyed without emitting the aboutToBeDestroyed()
signal and thus leaving dangling pointers in SeatInterface.

M  +1    -2    src/server/datasource_interface.cpp
M  +1    -2    src/server/primaryselectionsource_v1_interface.cpp
M  +2    -2    src/server/seat_interface.cpp

https://invent.kde.org/plasma/kwayland-server/commit/557b3825b27187a8bb0a85d21a8f58c041a96e57

Comment 6 Vlad Zahorodnii 2022-01-25 08:32:02 UTC

Git commit 7d2ede8c750a9a02782126fe5dfa9b5d2c005824 by Vlad Zahorodnii.
Committed on 25/01/2022 at 08:31.
Pushed by vladz into branch 'Plasma/5.24'.

Make data source objects "parentless"

The SeatInterface cleans up currentSelection and currentPrimarySelection
when the AbstractDataSource::aboutToBeDestroyed() signal is emitted, but
since the data source and primary data source have parent objects, they
can be potentially destroyed without emitting the aboutToBeDestroyed()
signal and thus leaving dangling pointers in SeatInterface.


(cherry picked from commit 557b3825b27187a8bb0a85d21a8f58c041a96e57)

M  +1    -2    src/server/datasource_interface.cpp
M  +1    -2    src/server/primaryselectionsource_v1_interface.cpp
M  +2    -2    src/server/seat_interface.cpp

https://invent.kde.org/plasma/kwayland-server/commit/7d2ede8c750a9a02782126fe5dfa9b5d2c005824

Comment 7 Vlad Zahorodnii 2022-01-25 09:03:20 UTC

Git commit 6a0fd1d608bcbbbcd87b6b49368a2d11286fa6ec by Vlad Zahorodnii.
Committed on 25/01/2022 at 08:32.
Pushed by vladz into branch 'master'.

xwayland: Emit AbstractDataSource::aboutToBeDestroyed() signal

The seat needs the AbstractDataSource::aboutToBeDestroyed() signal to
properly clean up its tracked primary selection.

M  +5    -0    src/xwl/datasource.cpp
M  +12   -1    src/xwl/datasource.h

https://invent.kde.org/plasma/kwin/commit/6a0fd1d608bcbbbcd87b6b49368a2d11286fa6ec

Comment 8 Vlad Zahorodnii 2022-01-25 09:13:12 UTC

Git commit b04ad69d974b24de36a3444452a467f8f15c78b8 by Vlad Zahorodnii.
Committed on 25/01/2022 at 09:13.
Pushed by vladz into branch 'Plasma/5.24'.

xwayland: Emit AbstractDataSource::aboutToBeDestroyed() signal

The seat needs the AbstractDataSource::aboutToBeDestroyed() signal to
properly clean up its tracked primary selection.


(cherry picked from commit 6a0fd1d608bcbbbcd87b6b49368a2d11286fa6ec)

M  +5    -0    src/xwl/datasource.cpp
M  +12   -1    src/xwl/datasource.h

https://invent.kde.org/plasma/kwin/commit/b04ad69d974b24de36a3444452a467f8f15c78b8