Bug 458226 - kwin-wayland crashes in KWin::Xwl::MozUrlReceiver::setData() if dragging an attachment from thunderbird(xwayland) around
Summary: kwin-wayland crashes in KWin::Xwl::MozUrlReceiver::setData() if dragging an a...
Status: RESOLVED FIXED
Alias: None
Product: kwin
Classification: Plasma
Component: wayland-generic (show other bugs)
Version: 5.25.4
Platform: Arch Linux Linux
: NOR crash
Target Milestone: ---
Assignee: KWin default assignee
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-08-23 22:16 UTC by Martin
Modified: 2022-08-30 13:03 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In: 5.25.5


Attachments
backtrace of the crash (5.78 KB, text/plain)
2022-08-23 22:16 UTC, Martin
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Martin 2022-08-23 22:16:21 UTC
Created attachment 151533 [details]
backtrace of the crash

STEPS TO REPRODUCE
1.  Run Thunderbird in xwayland mode
2.  Drag (without dropping) an attachment from a received email
3.  Dragging over the desktop crashes nearly immediately. Dragging over Telegram window crashes if moving cursor fast

OBSERVED RESULT
kwin crashes

EXPECTED RESULT
kwin survives the fight

SOFTWARE/OS VERSIONS
Operating System: Arch Linux
KDE Plasma Version: 5.25.4
KDE Frameworks Version: 5.97.0
Qt Version: 5.15.5
Kernel Version: 5.19.3-arch1-1 (64-bit)
Graphics Platform: Wayland
Processors: 12 × AMD Ryzen 5 3600 6-Core Processor
Memory: 31.3 GiB of RAM
Graphics Processor: NVIDIA GeForce GTX 1080 Ti/PCIe/SSE2
Manufacturer: Gigabyte Technology Co., Ltd.
Product Name: AX370-Gaming K5

ADDITIONAL INFORMATION

thunderbird 91.12.0-1

Running Thunderbird natively as a wayland application does not crash
Comment 1 Nate Graham 2022-08-25 13:18:03 UTC
Pasting the bractrace inline for searchability:

Thread 1 "kwin_wayland" received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
44            return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;
(gdb) bt
#0  __pthread_kill_implementation
    (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007fbbd20a1543 in __pthread_kill_internal
    (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007fbbd2051998 in __GI_raise (sig=sig@entry=6)
    at ../sysdeps/posix/raise.c:26
#3  0x00007fbbd203b53d in __GI_abort () at abort.c:79
#4  0x00007fbbd2299833 in __gnu_cxx::__verbose_terminate_handler() () at /usr/src/debug/gcc/libstdc++-v3/libsupc++/vterminate.cc:95
#5  0x00007fbbd22a5cfc in __cxxabiv1::__terminate(void (*)())
    (handler=<optimized out>)
    at /usr/src/debug/gcc/libstdc++-v3/libsupc++/eh_terminate.cc:48
#6  0x00007fbbd22a5d69 in std::terminate() ()
    at /usr/src/debug/gcc/libstdc++-v3/libsupc++/eh_terminate.cc:58
#7  0x00007fbbd22a5fcd in __cxxabiv1::__cxa_throw(void*, std::type_info*, void (*)(void*))
    (obj=<optimized out>, tinfo=0x7fbbd2427e38 <typeinfo for std::bad_alloc>, dest=0x7fbbd22a42a0 <std::bad_alloc::~bad_alloc()>)
    at /usr/src/debug/gcc/libstdc++-v3/libsupc++/eh_throw.cc:98
#8  0x00007fbbd2e9fbbf in qBadAlloc() ()
    at global/qglobal.cpp:3338
#9  0x00007fbbd2ea45ef in QByteArray::reallocData(unsigned int, QFlags<QArrayData::AllocationOption>)
    (this=0x7ffee2a6e308, alloc=2147483664, options=...)
    at text/qbytearray.cpp:1847
#10 0x00007fbbd2f37693 in QByteArray::append(char const*, int)
    (this=this@entry=0x7ffee2a6e308, str=0x56374f71dfb8 "%2Epw@example.com:993/fetch%3EUID%3E.INBOX%3E16710?part=1.2&filename=elekt%C5%99ina%202020.pdf\nelekt?ina 2020.pdf\n218736", len=len@entry=94) at text/qbytearray.cpp:2054
#11 0x000056374db32fb2 in KWin::Xwl::MozUrlReceiver::setData(char const*, int)
    (this=this@entry=0x56374f6aaee0, value=<optimized out>, length=length@entry=278)
    at /usr/src/debug/kwin-5.25.4/src/xwayland/transfer.cpp:523
#12 0x000056374db3723a in KWin::Xwl::DataReceiver::transferFromProperty(xcb_get_property_reply_t*)
    (reply=0x56374f52c090, this=0x56374f6aaee0)
    at /usr/src/debug/kwin-5.25.4/src/xwayland/transfer.cpp:424
#13 KWin::Xwl::TransferXtoWl::startTransfer() (this=0x56374f5a5830) at /usr/src/debug/kwin-5.25.4/src/xwayland/transfer.cpp:368
#14 KWin::Xwl::TransferXtoWl::handleSelectionNotify(xcb_selection_notify_event_t*) (event=<optimized out>, this=0x56374f5a5830) at /usr/src/debug/kwin-5.25.4/src/xwayland/transfer.cpp:340
#15 KWin::Xwl::TransferXtoWl::handleSelectionNotify(xcb_selection_notify_event_t*) (event=<optimized out>, this=0x56374f5a5830) at /usr/src/debug/kwin-5.25.4/src/xwayland/transfer.cpp:309
#16 KWin::Xwl::Selection::handleSelectionNotify(xcb_selection_notify_event_t*) (event=<optimized out>, this=<optimized out>) at /usr/src/debug/kwin-5.25.4/src/xwayland/selection.cpp:256
#17 KWin::Xwl::Selection::filterEvent(xcb_generic_event_t*) (this=<optimized out>, event=<optimized out>) at /usr/src/debug/kwin-5.25.4/src/xwayland/selection.cpp:121
#18 0x000056374db292fc in non-virtual thunk to KWin::Xwl::DataBridge::nativeEventFilter(QByteArray const&, void*, long*) () at /usr/src/debug/kwin-5.25.4/src/xwayland/databridge.h:58
#19 0x00007fbbd30833df in QAbstractEventDispatcher::filterNativeEvent(QByteArray const&, void*, long*) (this=<optimized out>, eventType=..., message=message@entry=0x56374f70c670, result=result@entry=0x7ffee2a6e4d8) at kernel/qabstracteventdispatcher.cpp:495
#20 0x000056374db3c55c in KWin::Xwl::Xwayland::dispatchEvents() (this=0x56374f3a4240) at /usr/include/qt/QtCore/qbytearray.h:463
#21 0x00007fbbd30bd341 in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0x7ffee2a6e610, r=<optimized out>, this=0x56374f3b8b70, this=<optimized out>, r=<optimized out>, a=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#22 doActivate<false>(QObject*, int, void**) (sender=0x56374f4afeb0, signal_index=3, argv=0x7ffee2a6e610) at kernel/qobject.cpp:3886
#23 0x00007fbbd30bf054 in QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) (this=this@entry=0x56374f4afeb0, _t1=..., _t2=<optimized out>, _t3=...) at .moc/moc_qsocketnotifier.cpp:178
#24 0x00007fbbd30bf198 in QSocketNotifier::event(QEvent*) (this=0x56374f4afeb0, e=<optimized out>) at kernel/qsocketnotifier.cpp:302
#25 0x00007fbbd2778b3c in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x56374f4afeb0, e=0x7ffee2a6e730) at kernel/qapplication.cpp:3637
#26 0x00007fbbd308cad8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x56374f4afeb0, event=0x7ffee2a6e730) at kernel/qcoreapplication.cpp:1064
#27 0x00007fbbd30d5fec in QEventDispatcherUNIXPrivate::activateSocketNotifiers() (this=0x56374ef8ab10) at kernel/qeventdispatcher_unix.cpp:304
#28 0x00007fbbd30d70e1 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=...) at kernel/qeventdispatcher_unix.cpp:511
#29 0x000056374dbfe652 in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#30 0x00007fbbd308527c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7ffee2a6e8c0, flags=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#31 0x00007fbbd308fda9 in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#32 0x00007fbbd353a092 in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1867
#33 0x00007fbbd2776f4a in QApplication::exec() () at kernel/qapplication.cpp:2829
#34 0x000056374db23eb5 in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kwin-5.25.4/src/main_wayland.cpp:642
Comment 2 Vlad Zahorodnii 2022-08-29 13:33:51 UTC
I can't reliably reproduce it, but it happened to me once today.
Comment 3 Vlad Zahorodnii 2022-08-29 13:38:35 UTC
The crash happens more often if the cursor crosses between outputs when dragging the attachment from thunderbird.
Comment 4 Bug Janitor Service 2022-08-29 14:34:44 UTC
A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/2875
Comment 5 Vlad Zahorodnii 2022-08-30 09:32:34 UTC
Git commit 498bde9c6e2dd3c823a983eb5500b226d1e2fe18 by Vlad Zahorodnii.
Committed on 30/08/2022 at 09:18.
Pushed by vladz into branch 'master'.

xwayland: Remove text/x-moz-url and _NETSCAPE_URL mime converters

The xwayland data bridge tries to be helpful and convert some mimes.
However, that mime conversion code is buggy, and it appears like
Thunderbird can send text/x-moz-url in format, which our bridge doesn't
handle properly.

However, mime type conversion is completely out of the scope of the
compositor. We also can't keep up with various mime types. Given that
X11 clients already must handle _NETSCAPE_URL and text/x-moz-url, this
change removes our mime type conversion helpers. For the record, neither
wlroots-based compositors nor mutter perform such conversion either.

With this change, kwin will send text/x-moz-url and _NETSCAPE_URL data
as is.

M  +5    -3    src/xwayland/drag_x.cpp
M  +2    -88   src/xwayland/transfer.cpp
M  +1    -27   src/xwayland/transfer.h

https://invent.kde.org/plasma/kwin/commit/498bde9c6e2dd3c823a983eb5500b226d1e2fe18
Comment 6 Vlad Zahorodnii 2022-08-30 10:19:50 UTC
Git commit f3b1e3b5d7996c7ccd13f558355cf4a9a86c66ea by Vlad Zahorodnii.
Committed on 30/08/2022 at 10:19.
Pushed by vladz into branch 'Plasma/5.25'.

xwayland: Remove text/x-moz-url and _NETSCAPE_URL mime converters

The xwayland data bridge tries to be helpful and convert some mimes.
However, that mime conversion code is buggy, and it appears like
Thunderbird can send text/x-moz-url in format, which our bridge doesn't
handle properly.

However, mime type conversion is completely out of the scope of the
compositor. We also can't keep up with various mime types. Given that
X11 clients already must handle _NETSCAPE_URL and text/x-moz-url, this
change removes our mime type conversion helpers. For the record, neither
wlroots-based compositors nor mutter perform such conversion either.

With this change, kwin will send text/x-moz-url and _NETSCAPE_URL data
as is.


(cherry picked from commit 498bde9c6e2dd3c823a983eb5500b226d1e2fe18)

M  +5    -3    src/xwayland/drag_x.cpp
M  +2    -88   src/xwayland/transfer.cpp
M  +1    -27   src/xwayland/transfer.h

https://invent.kde.org/plasma/kwin/commit/f3b1e3b5d7996c7ccd13f558355cf4a9a86c66ea