Bug 466279 - kwin_wayland crashes in KWin::TabBox::SwitcherItem::visibleChanged() when alt-tabbing with 5 or more items and using Large Icons task switcher
Summary: kwin_wayland crashes in KWin::TabBox::SwitcherItem::visibleChanged() when alt...
Status: RESOLVED FIXED
Alias: None
Product: kwin
Classification: Plasma
Component: tabbox (show other bugs)
Version: git master
Platform: Other Linux
: VHI crash
Target Milestone: ---
Assignee: KWin default assignee
URL:
Keywords: regression
: 454056 (view as bug list)
Depends on:
Blocks:
 
Reported: 2023-02-23 00:56 UTC by Nate Graham
Modified: 2023-07-06 08:44 UTC (History)
2 users (show)

See Also:
Latest Commit: https://invent.kde.org/plasma/kwin/commit/08e392f3681dd340379050efb374dcefc3c84c76
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Nate Graham 2023-02-23 00:56:06 UTC 
I use the Large Icons task Switcher. As of today's git master everything, kwin_wayland reproducibly crashes when I press Alt+Tab while there are 5 or more windows or apps open.

If I switch to the default Breeze task switcher, this condition does not trigger a crash. This is 100% reproducible for me. It started happening today, and I alt tab hundreds of times a day, so I strongly suspect the regression was introduced today. Will bisect KWin shortly.

Here's the full backtrace:

#0  QOpenGLContext::surface() const (this=this@entry=0x0) at kernel/qopenglcontext.cpp:1078
#1  0x00007f985fe2b18f in qsg_device_pixel_ratio (ctx=0x0) at scenegraph/qsgdefaultglyphnode_p.cpp:99
#2  QSGTextMaskMaterial::updateCache(QFontEngine::GlyphFormat)
    (this=this@entry=0x24f7e90, glyphFormat=QFontEngine::Format_A32, 
    glyphFormat@entry=QFontEngine::Format_None) at scenegraph/qsgdefaultglyphnode_p.cpp:781
#3  0x00007f985fe2b422 in QSGTextMaskMaterial::init(QFontEngine::GlyphFormat)
    (this=this@entry=0x24f7e90, glyphFormat=glyphFormat@entry=QFontEngine::Format_None)
    at scenegraph/qsgdefaultglyphnode_p.cpp:749
#4  0x00007f985fe2b4b0 in QSGTextMaskMaterial::QSGTextMaskMaterial(QSGRenderContext*, QVector4D const&, QRawFont const&, QFontEngine::GlyphFormat)
    (this=this@entry=0x24f7e90, rc=<optimized out>, color=..., font=..., glyphFormat=glyphFormat@entry=QFontEngine::Format_None) at scenegraph/qsgdefaultglyphnode_p.cpp:718
#5  0x00007f985fe276d6 in QSGDefaultGlyphNode::update() (this=0x25ac280)
    at scenegraph/qsgdefaultglyphnode.cpp:107
#6  0x00007f985fec64d4 in QQuickTextNode::addGlyphs(QPointF const&, QGlyphRun const&, QColor const&, QQuickText::TextStyle, QColor const&, QSGNode*)
    (this=this@entry=0x11a0ee0, position=..., glyphs=..., color=..., style=style@entry=QQuickText::Normal, styleColor=..., parentNode=0x0) at items/qquicktextnode.cpp:117
#7  0x00007f985fecb8a8 in QQuickTextNodeEngine::addToSceneGraph(QQuickTextNode*, QQuickText::TextStyle, QColor const&)
    (this=this@entry=0x7ffe6df8c6c0, parentNode=parentNode@entry=0x11a0ee0, style=style@entry=QQuickText::Normal, styleColor=...) at items/qquicktextnodeengine.cpp:793
#8  0x00007f985fec7538 in QQuickTextNode::addTextLayout(QPointF const&, QTextLayout*, QColor const&, QQuickText::TextStyle, QColor const&, QColor const&, QColor const&, QColor const&, int, int, int, int)
    (this=this@entry=0x11a0ee0, position=..., textLayout=textLayout@entry=0x2a60138, color=..., style=QQuickText::Normal, styleColor=..., anchorColor=..., selectionColor=..., selectedTextColor=..., selectionStart=-1, selectionEnd=-1, lineStart=0, lineCount=<optimized out>) at items/qquicktextnode.cpp:287
#9  0x00007f985fec5f61 in QQuickText::updatePaintNode(QSGNode*, QQuickItem::UpdatePaintNodeData*)
    (this=0x24d2c80, oldNode=<optimized out>, data=<optimized out>) at items/qquicktext.cpp:2500
#10 0x00007f985fea62d8 in QQuickWindowPrivate::updateDirtyNode(QQuickItem*)
    (this=0x31396c0, item=0x24d2c80) at items/qquickwindow.cpp:3888
#11 0x00007f985fea6802 in QQuickWindowPrivate::updateDirtyNodes() (this=this@entry=0x31396c0)
    at items/qquickwindow.cpp:3633
#12 0x00007f985fea83a1 in QQuickWindowPrivate::syncSceneGraph() (this=this@entry=0x31396c0)
    at items/qquickwindow.cpp:524
#13 0x00007f985fe23207 in QSGGuiThreadRenderLoop::renderWindow(QQuickWindow*)
     (this=0x3194af0, window=<optimized out>) at scenegraph/qsgrenderloop.cpp:752
#14 0x00007f985fe250e2 in QSGGuiThreadRenderLoop::exposureChanged(QQuickWindow*)
    (this=0x3194af0, window=<optimized out>) at scenegraph/qsgrenderloop.cpp:853
#15 0x00007f985ef76365 in QWindow::event(QEvent*) (this=0x1f5fde0, ev=<optimized out>)
    at kernel/qwindow.cpp:2455
#16 0x00007f985d7aed62 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
    (this=<optimized out>, receiver=0x1f5fde0, e=0x7ffe6df8f070) at kernel/qapplication.cpp:3640
#17 0x00007f985ea9d4e8 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
    (receiver=0x1f5fde0, event=0x7ffe6df8f070) at kernel/qcoreapplication.cpp:1064
#18 0x00007f985ef6c085 in QGuiApplicationPrivate::processExposeEvent(QWindowSystemInterfacePrivate::ExposeEvent*) (e=0x2c179b0) at kernel/qguiapplication.cpp:3254
#19 0x00007f985ef49f1c in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) (flags=flags@entry=...) at kernel/qwindowsysteminterface.cpp:1169
#20 0x00007f985ef4a2a0 in QWindowSystemInterface::flushWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) (flags=flags@entry=...) at kernel/qwindowsysteminterface.cpp:1138
#21 0x00007f985ef59874 in QPlatformWindow::setVisible(bool) (this=0x29553d0, visible=<optimized out>)
    at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#22 0x00007f985ef75f07 in QWindowPrivate::setVisible(bool) (this=0x31396c0, visible=<optimized out>)
    kernel/qwindow.cpp:408
#23 0x00007f985f90df5f in QQmlPropertyData::writeProperty(QObject*, void*, QFlags<QQmlPropertyData::WriteFlag>) const (flags=..., value=<optimized out>, target=<optimized out>, this=<optimized out>)
    at ../../include/QtQml/5.15.8/QtQml/private/../../../../../src/qml/qml/qqmlpropertydata_p.h:391
#24 GenericBinding<1>::doStore<bool>(bool, QQmlPropertyData const*, QFlags<QQmlPropertyData::WriteFlag>) const (flags=..., pd=<optimized out>, value=<optimized out>, this=<optimized out>)
    at qml/qqmlbinding.cpp:342
#25 GenericBinding<1>::write(QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>)
    (this=0x25bf350, result=..., isUndefined=<optimized out>, flags=...) at qml/qqmlbinding.cpp:305
#26 0x00007f985f90ea06 in QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&)
    (this=0x25bf350, watcher=..., flags=..., scope=<optimized out>) at qml/qqmlbinding.cpp:258
#27 0x00007f985f90c374 in QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>)
    (this=0x25bf350, flags=...) at qml/qqmlbinding.cpp:194
#28 0x00007f985f8e91af in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**)
    (endpoint=<optimized out>, a=0x0) at qml/qqmlnotifier.cpp:104
#29 0x00007f985ead0b70 in doActivate<false>(QObject*, int, void**)
    (sender=0x7f980001be90, signal_index=3, argv=0x0) at kernel/qobject.cpp:3815
#30 0x00007f985eacbe27 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**)
    (sender=<optimized out>, m=m@entry=0x7f986086a940 <KWin::TabBox::SwitcherItem::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x0) at kernel/qobject.cpp:3983
#31 0x00007f9860393000 in KWin::TabBox::SwitcherItem::visibleChanged() (this=<optimized out>)
    at /home/nate/kde/build/kwin/src/kwin_autogen/WF44ZIICEP/moc_switcheritem.cpp:293
#32 0x00007f98606647fa in KWin::TabBox::TabBoxHandlerPrivate::show() (this=0x1140f40)
    at /home/nate/kde/src/kwin/src/tabbox/tabboxhandler.cpp:351
#33 0x00007f98606649d9 in KWin::TabBox::TabBoxHandler::show() (this=0x1203580)
    at /home/nate/kde/src/kwin/src/tabbox/tabboxhandler.cpp:395
#34 0x00007f985ead0e96 in QtPrivate::QSlotObjectBase::call(QObject*, void**)
    (a=0x7ffe6df90e80, r=<optimized out>, this=0x121e470)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#35 doActivate<false>(QObject*, int, void**) (sender=0x11a7798, signal_index=3, argv=0x7ffe6df90e80)
    at kernel/qobject.cpp:3923
#36 0x00007f985eacbe27 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**)
    (sender=<optimized out>, m=m@entry=0x7f985ed5e580 <QTimer::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffe6df90e80) at kernel/qobject.cpp:3983
#37 0x00007f985ead421e in QTimer::timeout(QTimer::QPrivateSignal) (this=<optimized out>, _t1=...)
    at .moc/moc_qtimer.cpp:205
#38 0x00007f985eac7fc5 in QObject::event(QEvent*) (this=0x11a7798, e=0x7ffe6df90fe0)
    at kernel/qobject.cpp:1369
#39 0x00007f985d7aed62 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
    (this=<optimized out>, receiver=0x11a7798, e=0x7ffe6df90fe0) at kernel/qapplication.cpp:3640
#40 0x00007f985ea9d4e8 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
    (receiver=0x11a7798, event=0x7ffe6df90fe0) at kernel/qcoreapplication.cpp:1064
#41 0x00007f985eaed981 in QTimerInfoList::activateTimers() (this=this@entry=0xde4568)
    at kernel/qtimerinfo_unix.cpp:643
#42 0x00007f985eaeb0e0 in QEventDispatcherUNIXPrivate::activateTimers() (this=this@entry=0xde44e0)
    at kernel/qeventdispatcher_unix.cpp:249
#43 0x00007f985eaebf30 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
    (this=<optimized out>, flags=...) at kernel/qeventdispatcher_unix.cpp:516
#44 0x0000000000535351 in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#45 0x00007f985ea9bf3a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
    (this=this@entry=0x7ffe6df91160, flags=..., flags@entry=...)
    at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#46 0x00007f985eaa4002 in QCoreApplication::exec() ()
    at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#47 0x00007f985ef5fad0 in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1863
#48 0x00007f985d7aecd9 in QApplication::exec() () at kernel/qapplication.cpp:2832
#49 0x000000000044719e in main(int, char**) (argc=<optimized out>, argv=<optimized out>)
    at /home/nate/kde/src/kwin/src/main_wayland.cpp:616
Comment 1 Nate Graham 2023-02-23 03:21:34 UTC 
Git bisect says it was 4b1ef33c1e3887b58b5d787d2df71c017c2318a3.

I've noticed that 5 items is exactly the number of items that will require the Large Icons task switcher to change the size of its background dialog; up to 4 items fit in its default size but 5 makes it need to expand. Something about the above commit causes kwin_wayland to crash when it tried to expand its dialog.
Comment 2 Bug Janitor Service 2023-02-23 07:40:12 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/3669
Comment 3 Vlad Zahorodnii 2023-02-23 13:17:08 UTC 
Git commit 08e392f3681dd340379050efb374dcefc3c84c76 by Vlad Zahorodnii.
Committed on 23/02/2023 at 12:48.
Pushed by vladz into branch 'master'.

Revert "wayland: Update shadow immediately"

This reverts commit 4b1ef33c1e3887b58b5d787d2df71c017c2318a3.

It introduced a crash. The large icons task switcher can create and
destroy the shadow in the middle of painting. When a shadow is
destroyed, kwin can make opengl context current. It will reset current
QOpenGLContext, and QtQuick can crash.

M  +4    -1    src/internalwindow.cpp

https://invent.kde.org/plasma/kwin/commit/08e392f3681dd340379050efb374dcefc3c84c76
Comment 4 David Edmundson 2023-07-06 08:44:15 UTC 
*** Bug 454056 has been marked as a duplicate of this bug. ***