452044 – (SEGV) Kwin_wayland crashed in KWaylandServer::SurfaceInterface::isMapped() const

Bug 452044 - (SEGV) Kwin_wayland crashed in KWaylandServer::SurfaceInterface::isMapped() const

Summary: (SEGV) Kwin_wayland crashed in KWaylandServer::SurfaceInterface::isMapped() c...

Status:	RESOLVED FIXED

Alias:	None

Product:	kwin
Classification:	Plasma
Component:	wayland-generic (show other bugs)
Version:	5.24.3
Platform:	openSUSE Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	KWin default assignee

URL:
Keywords:	wayland

Duplicates (1):	452797 (view as bug list)
Depends on:
Blocks:

Reported:	2022-03-29 17:48 UTC by postix
Modified:	2022-04-20 15:20 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:	https://invent.kde.org/plasma/kwayland-server/commit/6dcf73adaafeaa40c05e22df5f1c10af88df362b
Version Fixed In:	5.25
Sentry Crash Report:

Attachments
Full Backtrace (20.83 KB, text/plain) 2022-03-29 18:51 UTC, postix	Details
KWin Wayland Support Information (6.09 KB, text/plain) 2022-03-29 18:52 UTC, postix	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description postix 2022-03-29 17:48:28 UTC

SUMMARY

kwin_wayland crashed and teared down all running applications, when I hit the tab "Map" in the application Goldencheetah [1] 
[1] github.com/GoldenCheetah/GoldenCheetah (commit a0c2034fa90fb865cf1e2b4555c66f50af9cb4ed + GoldenCheetah/pull/3590)


```
#0  KWaylandServer::SurfaceInterface::isMapped() const (this=0x0) at /usr/include/qt5/QtCore/qscopedpointer.h:116
#1  0x00007f5ed3cf436a in KWaylandServer::SurfaceInterfacePrivate::computeEffectiveMapped() const (this=<optimized out>, this=0x563cf173c6a0) at /usr/src/debug/kwayland-server-5.24.3-1.1.x86_64/src/server/surface_interface.cpp:681
#2  KWaylandServer::SurfaceInterfacePrivate::updateEffectiveMapped() (this=this@entry=0x563cf173c6a0) at /usr/src/debug/kwayland-server-5.24.3-1.1.x86_64/src/server/surface_interface.cpp:686
#3  0x00007f5ed3cf7900 in KWaylandServer::SurfaceInterfacePrivate::applyState(KWaylandServer::SurfaceState*) (this=0x563cf173c6a0, next=<optimized out>) at /usr/src/debug/kwayland-server-5.24.3-1.1.x86_64/src/server/surface_interface.cpp:604
#4  0x00007f5ecfa2c572 in ffi_call_unix64 () at ../src/x86/unix64.S:105
#5  0x00007f5ecfa29296 in ffi_call_int (cif=<optimized out>, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>, closure=<optimized out>) at ../src/x86/ffi64.c:672
#6  0x00007f5ed0d4f090 in wl_closure_invoke (closure=closure@entry=0x563cf1808740, target=<optimized out>, target@entry=0x563cf1674990, opcode=opcode@entry=6, data=<optimized out>, data@entry=0x563cf174f0c0, flags=<optimized out>) at ../src/connection.c:1025
#7  0x00007f5ed0d53234 in wl_client_connection_data (fd=<optimized out>, mask=<optimized out>, data=0x563cf174f0c0) at ../src/wayland-server.c:437
#8  0x00007f5ed0d51cea in wl_event_loop_dispatch (loop=0x563cef112bf0, timeout=<optimized out>) at ../src/event-loop.c:1027
#9  0x00007f5ed3cbcac6 in KWaylandServer::Display::dispatchEvents() (this=<optimized out>) at /usr/src/debug/kwayland-server-5.24.3-1.1.x86_64/src/server/display.cpp:114
#10 0x00007f5ed1d80503 in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0x7ffe3f59c730, r=0x563cef12d0f0, this=0x563cef82ba60) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#11 doActivate<false>(QObject*, int, void**) (sender=0x563cef890240, signal_index=3, argv=0x7ffe3f59c730) at kernel/qobject.cpp:3886
#12 0x00007f5ed1d799cf in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (sender=sender@entry=0x563cef890240, m=m@entry=0x7f5ed201fac0, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffe3f59c730) at kernel/qobject.cpp:3946
#13 0x00007f5ed1d838df in QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) (this=this@entry=0x563cef890240, _t1=..., _t2=<optimized out>, _t3=...) at .moc/moc_qsocketnotifier.cpp:178
#14 0x00007f5ed1d840db in QSocketNotifier::event(QEvent*) (this=0x563cef890240, e=0x7ffe3f59c850) at kernel/qsocketnotifier.cpp:302
#15 0x00007f5ed2942a7f in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x563cef890240, e=0x7ffe3f59c850) at kernel/qapplication.cpp:3632
#16 0x00007f5ed1d49e3a in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x563cef890240, event=0x7ffe3f59c850) at kernel/qcoreapplication.cpp:1064
#17 0x00007f5ed1d9e74b in QEventDispatcherUNIXPrivate::activateSocketNotifiers() (this=0x563cef101c10) at kernel/qeventdispatcher_unix.cpp:304
#18 0x00007f5ed1d9ebab in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=...) at kernel/qeventdispatcher_unix.cpp:511
#19 0x0000563ceef19ccd in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=...) at qunixeventdispatcher.cpp:63
#20 0x00007f5ed1d4883b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffe3f59c9e0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#21 0x00007f5ed1d50b10 in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#22 0x00007f5ed219a25c in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1867
#23 0x00007f5ed29429f5 in QApplication::exec() () at kernel/qapplication.cpp:2824
#24 0x0000563ceee2efb5 in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kwin5-5.24.3-1.2.x86_64/src/main_wayland.cpp:727
```

SOFTWARE/OS VERSIONS
Operating System: openSUSE Tumbleweed 20220324
KDE Plasma Version: 5.24.3
KDE Frameworks Version: 5.92.0
Qt Version: 5.15.2
Kernel Version: 5.16.15-1-default (64-bit)
Graphics Platform: Wayland
Graphics Processor: AMD Radeon RX 580 Series

Comment 1 postix 2022-03-29 18:51:51 UTC

Created attachment 147824 [details]
Full Backtrace

Comment 2 postix 2022-03-29 18:52:17 UTC

Created attachment 147825 [details]
KWin Wayland Support Information

Comment 3 David Edmundson 2022-04-05 16:22:28 UTC

Git commit 1d2424a56a13dc55aeab699a38234a7cafa091d8 by David Edmundson.
Committed on 05/04/2022 at 15:33.
Pushed by davidedmundson into branch 'master'.

Guard subsurface parent access.

Whilst a subsurface must have a parent at the time of creation, the
lifespan is not guaranteed afterwards.

It's a weird thing for a client to do, but we need to not crash
afterwards.

If the parent surface is destroyed we should consider the surface
unmapped.

M  +7    -1    src/server/surface_interface.cpp

https://invent.kde.org/plasma/kwayland-server/commit/1d2424a56a13dc55aeab699a38234a7cafa091d8

Comment 4 postix 2022-04-07 08:37:32 UTC

Thanks David! Could this maybe be backported to 5.24.5?

(I just had experienced it again during my normal work, i.e. w/o the app mentioned in the OT.)

Comment 5 David Edmundson 2022-04-07 09:38:52 UTC

Git commit 6dcf73adaafeaa40c05e22df5f1c10af88df362b by David Edmundson.
Committed on 07/04/2022 at 09:38.
Pushed by davidedmundson into branch 'Plasma/5.24'.

Guard subsurface parent access.

Whilst a subsurface must have a parent at the time of creation, the
lifespan is not guaranteed afterwards.

It's a weird thing for a client to do, but we need to not crash
afterwards.

If the parent surface is destroyed we should consider the surface
unmapped.


(cherry picked from commit 1d2424a56a13dc55aeab699a38234a7cafa091d8)

M  +7    -1    src/server/surface_interface.cpp

https://invent.kde.org/plasma/kwayland-server/commit/6dcf73adaafeaa40c05e22df5f1c10af88df362b

Comment 6 Nate Graham 2022-04-20 15:20:04 UTC

*** Bug 452797 has been marked as a duplicate of this bug. ***