Bug 470925 - [Wayland] Apps crash on drag and drop
Summary: [Wayland] Apps crash on drag and drop
Status: RESOLVED UPSTREAM
Alias: None
Product: dolphin
Classification: Applications
Component: general (show other bugs)
Version: 23.04.1
Platform: Arch Linux Linux
: VHI crash
Target Milestone: ---
Assignee: Dolphin Bug Assignee
URL:
Keywords: drkonqi, wayland
: 396520 456361 457116 458625 460065 462645 466939 467467 469894 470767 470822 472298 472313 472701 473170 473201 476773 480400 482991 484284 (view as bug list)
Depends on:
Blocks:
 
Reported: 2023-06-12 04:54 UTC by Mel
Modified: 2024-03-22 22:24 UTC (History)
28 users (show)

See Also:
Latest Commit: https://invent.kde.org/qt/qt/qtwayland/-/commit/22daca49b807fefba58113a06b86df4274e49f62
Version Fixed In: Qt 6.6 or latest release of the KDE Qt patch collection

Attachments
New crash information added by DrKonqi (8.29 KB, text/plain)
2023-06-16 21:47 UTC, SigHunter 		Details
Quick and dirty fix for crash (408 bytes, patch)
2023-06-25 17:19 UTC, Sebastian Parborg 		Details
Updated patch (884 bytes, patch)
2023-06-27 10:26 UTC, Sebastian Parborg 		Details
New crash information added by DrKonqi (6.97 KB, text/plain)
2023-10-08 17:39 UTC, Christoph Tapler 		Details
Show Obsolete (1) View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Mel 2023-06-12 04:54:02 UTC 
Application: dolphin (23.04.1)

Qt Version: 5.15.9
Frameworks Version: 5.106.0
Operating System: Linux 6.3.6-arch1-1 x86_64
Windowing System: Wayland
Distribution: EndeavourOS
DrKonqi: 5.27.5 [KCrashBackend]

-- Information about the crash:
While interacting with a custom application that requires you to drag and drop files onto it, I found that dolphin crashed every time I selected the file after a succesful drag and drop.

The crash can be reproduced every time.

-- Backtrace:
Application: Dolphin (dolphin), signal: Segmentation fault
Content of s_kcrashErrorMessage: std::unique_ptr<char []> = {get() = <optimized out>}
[KCrash Handler]
#6  0x00007f4666b7d74a in QMap<Qt::DropAction, QPixmap>::constFind (akey=<optimized out>, this=<optimized out>) at ../../include/QtCore/../../src/corelib/tools/qmap.h:852
#7  QDrag::dragCursor (this=0x0, action=Qt::CopyAction) at kernel/qdrag.cpp:349
#8  0x00007f4666b81fee in QBasicDrag::updateCursor (this=this@entry=0x562a74f49fa0, action=Qt::CopyAction) at kernel/qsimpledrag.cpp:307
#9  0x00007f4664357a0c in QtWaylandClient::QWaylandDrag::setResponse (this=this@entry=0x562a74f49fa0, response=...) at /usr/src/debug/qt5-wayland/qtwayland/src/client/qwaylanddnd.cpp:123
#10 0x00007f466435ca2e in operator() (action=Qt::CopyAction, accepted=<optimized out>, __closure=<optimized out>) at /usr/src/debug/qt5-wayland/qtwayland/src/client/qwaylanddatadevice.cpp:140
#11 QtPrivate::FunctorCall<QtPrivate::IndexesList<0, 1>, QtPrivate::List<bool, Qt::DropAction>, void, QtWaylandClient::QWaylandDataDevice::startDrag(QMimeData*, Qt::DropActions, QtWaylandClient::QWaylandWindow*)::<lambda(bool, Qt::DropAction)> >::call (arg=<optimized out>, f=...) at /usr/include/qt/QtCore/qobjectdefs_impl.h:146
#12 QtPrivate::Functor<QtWaylandClient::QWaylandDataDevice::startDrag(QMimeData*, Qt::DropActions, QtWaylandClient::QWaylandWindow*)::<lambda(bool, Qt::DropAction)>, 2>::call<QtPrivate::List<bool, Qt::DropAction>, void> (arg=<optimized out>, f=...) at /usr/include/qt/QtCore/qobjectdefs_impl.h:256
#13 QtPrivate::QFunctorSlotObject<QtWaylandClient::QWaylandDataDevice::startDrag(QMimeData*, Qt::DropActions, QtWaylandClient::QWaylandWindow*)::<lambda(bool, Qt::DropAction)>, 2, QtPrivate::List<bool, Qt::DropAction>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=<optimized out>, this_=<optimized out>, r=<optimized out>, a=<optimized out>, ret=<optimized out>) at /usr/include/qt/QtCore/qobjectdefs_impl.h:443
#14 0x00007f46666cffe7 in QtPrivate::QSlotObjectBase::call (a=<optimized out>, r=<optimized out>, this=<optimized out>, this=<optimized out>, r=<optimized out>, a=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#15 doActivate<false> (sender=0x562a75e65fd0, signal_index=5, argv=0x7ffdf85e9230) at kernel/qobject.cpp:3923
#16 0x00007f4664360cce in QtWaylandClient::QWaylandDataSource::dndResponseUpdated (this=<optimized out>, _t1=<optimized out>, _t2=<optimized out>) at .moc/moc_qwaylanddatasource_p.cpp:184
#17 0x00007f466435f886 in QtWayland::wl_data_source::handle_target (data=0x562a75e65fe0, object=<optimized out>, mime_type=0x7f464c0048dc "text/uri-list") at /usr/src/debug/qt5-wayland/build/src/client/qwayland-wayland.cpp:697
#18 0x00007f46617b34f6 in ffi_call_unix64 () at ../src/x86/unix64.S:104
#19 0x00007f46617aff5e in ffi_call_int (cif=cif@entry=0x7ffdf85e9450, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>, closure=closure@entry=0x0) at ../src/x86/ffi64.c:673
#20 0x00007f46617b2b73 in ffi_call (cif=cif@entry=0x7ffdf85e9450, fn=<optimized out>, rvalue=rvalue@entry=0x0, avalue=avalue@entry=0x7ffdf85e9520) at ../src/x86/ffi64.c:710
#21 0x00007f4664834645 in wl_closure_invoke (closure=closure@entry=0x7f464c004800, target=<optimized out>, target@entry=0x562a75f064b0, opcode=opcode@entry=0, data=<optimized out>, flags=1) at ../wayland-1.22.0/src/connection.c:1025
#22 0x00007f4664834e73 in dispatch_event (display=display@entry=0x562a74f4c5d0, queue=0x562a74f4c6c0) at ../wayland-1.22.0/src/wayland-client.c:1631
#23 0x00007f466483513c in dispatch_queue (queue=0x562a74f4c6c0, display=0x562a74f4c5d0) at ../wayland-1.22.0/src/wayland-client.c:1777
#24 wl_display_dispatch_queue_pending (display=0x562a74f4c5d0, queue=0x562a74f4c6c0) at ../wayland-1.22.0/src/wayland-client.c:2019
#25 0x00007f4664338c06 in QtWaylandClient::QWaylandDisplay::flushRequests (this=<optimized out>) at /usr/src/debug/qt5-wayland/qtwayland/src/client/qwaylanddisplay.cpp:255
#26 0x00007f46666c2834 in QObject::event (this=0x562a74f4c470, e=0x7f46540013d0) at kernel/qobject.cpp:1347
#27 0x00007f466737893f in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x562a74f4c470, e=0x7f46540013d0) at kernel/qapplication.cpp:3640
#28 0x00007f466669ab18 in QCoreApplication::notifyInternal2 (receiver=0x562a74f4c470, event=0x7f46540013d0) at kernel/qcoreapplication.cpp:1064
#29 0x00007f466669fa7b in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x562a74f3b300) at kernel/qcoreapplication.cpp:1821
#30 0x00007f46666e6088 in postEventSourceDispatch (s=0x562a74f64080) at kernel/qeventdispatcher_glib.cpp:277
#31 0x00007f4664510981 in g_main_dispatch (context=0x7f465c000ee0) at ../glib/glib/gmain.c:3460
#32 g_main_context_dispatch (context=0x7f465c000ee0) at ../glib/glib/gmain.c:4200
#33 0x00007f466456db39 in g_main_context_iterate.isra.0 (context=context@entry=0x7f465c000ee0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/glib/gmain.c:4276
#34 0x00007f466450e032 in g_main_context_iteration (context=0x7f465c000ee0, may_block=1) at ../glib/glib/gmain.c:4343
#35 0x00007f46666e9f0c in QEventDispatcherGlib::processEvents (this=0x562a74f65630, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#36 0x00007f4666699824 in QEventLoop::exec (this=this@entry=0x7ffdf85e9b00, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#37 0x00007f466669acc3 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#38 0x0000562a7415fda8 in ?? ()
#39 0x00007f4665e39850 in __libc_start_call_main (main=main@entry=0x562a7415d520, argc=argc@entry=1, argv=argv@entry=0x7ffdf85e9df8) at ../sysdeps/nptl/libc_start_call_main.h:58
#40 0x00007f4665e3990a in __libc_start_main_impl (main=0x562a7415d520, argc=1, argv=0x7ffdf85e9df8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffdf85e9de8) at ../csu/libc-start.c:360
#41 0x0000562a74160565 in ?? ()
[Inferior 1 (process 14395) detached]

Reported using DrKonqi
Comment 1 SigHunter 2023-06-16 21:47:18 UTC 
Created attachment 159723 [details]
New crash information added by DrKonqi

dolphin (23.04.2) using Qt 5.15.10

recently, whenever I use dolphin for drag & drop, e. g. jpgs on firefox or flac files dropped on strawberry player, dolphin crashes with a segmentation fault. it happens every time. Dolphin 23.04.2
Not sure if bug 470925 is the same issue, but seems so

-- Backtrace (Reduced):
#4  QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::operator-> (this=0x8) at /var/tmp/portage/dev-qt/qtgui-5.15.10/work/qtbase-everywhere-src-5.15.10/include/QtCore/../../src/corelib/tools/qscopedpointer.h:116
[...]
#7  QDrag::dragCursor (this=0x0, action=action@entry=Qt::MoveAction) at /var/tmp/portage/dev-qt/qtgui-5.15.10/work/qtbase-everywhere-src-5.15.10/src/gui/kernel/qdrag.cpp:348
#8  0x00007fe4ecf3cabb in QBasicDrag::updateCursor (this=this@entry=0x55b0025a7740, action=Qt::MoveAction) at /var/tmp/portage/dev-qt/qtgui-5.15.10/work/qtbase-everywhere-src-5.15.10/src/gui/kernel/qsimpledrag.cpp:307
#9  0x00007fe4ea746bd3 in QtWaylandClient::QWaylandDrag::setResponse (this=this@entry=0x55b0025a7740, response=...) at /var/tmp/portage/dev-qt/qtwayland-5.15.10/work/qtwayland-everywhere-src-5.15.10/src/client/qwaylanddnd.cpp:121
#10 0x00007fe4ea743f09 in operator() (__closure=<optimized out>, accepted=<optimized out>, action=Qt::MoveAction) at /var/tmp/portage/dev-qt/qtwayland-5.15.10/work/qtwayland-everywhere-src-5.15.10/src/client/qwaylanddatadevice.cpp:140
Comment 2 Sebastian Parborg 2023-06-23 14:07:05 UTC 
I would just like to report that I have the same issue.

Seems like this can also crash Plasma if you drag and drop things on the desktop.
So I don't think this is directly Dolphin related.
Comment 3 Sebastian Parborg 2023-06-25 17:19:24 UTC 
Created attachment 159896 [details]
Quick and dirty fix for crash

I created a quick and dirty workaround for the crash.
The issue is that during the DnD action m_drag becomes a null pointer.
I did a quick null pointer check and it seems to work. But the proper fix would probably be that the "update cursor shape" function doesn't get called when m_drag has been invalidated.
Comment 4 Sebastian Parborg 2023-06-25 17:22:18 UTC 
Note that the bug doesn't seem to be dolphin based as the issue is in qtgui. (And that is what my patch is for, not Dolphin).
Comment 5 SigHunter 2023-06-25 18:47:49 UTC 
(In reply to Sebastian Parborg from comment #3)
> Created attachment 159896 [details]
> Quick and dirty fix for crash
> 
> I created a quick and dirty workaround for the crash.
> The issue is that during the DnD action m_drag becomes a null pointer.
> I did a quick null pointer check and it seems to work. But the proper fix
> would probably be that the "update cursor shape" function doesn't get called
> when m_drag has been invalidated.

thanks, this works for me, rebuilt qtgui-5.15.10  with the patch and it does not crash anymore, not when dropping anything on desktop and not on any app
Comment 6 Sebastian Parborg 2023-06-27 10:26:21 UTC 
Created attachment 159922 [details]
Updated patch

After using the previous patch for a while it managed to crash in a new place.
Added an other null pointer check and it seems to work fine, but I'm not 100% sure are reproducing the new crash wasn't consistent.
Comment 7 Andreas Sturmlechner 2023-08-08 15:26:48 UTC 
A fix landed in QtWayland. Please re-open if you still get crashes after installing a version containing that fix.

For Qt6: https://invent.kde.org/qt/qt/qtwayland/-/commit/22daca49b807fefba58113a06b86df4274e49f62
For Qt5: https://invent.kde.org/qt/qt/qtwayland/-/commit/d984aa55a90aece353457bdb4e8d4b68052a79d7
Comment 8 Andreas Sturmlechner 2023-08-08 20:38:38 UTC 
*** Bug 458625 has been marked as a duplicate of this bug. ***
Comment 9 Andreas Sturmlechner 2023-08-08 20:40:15 UTC 
*** Bug 457116 has been marked as a duplicate of this bug. ***
Comment 10 Andreas Sturmlechner 2023-08-08 20:48:06 UTC 
*** Bug 472701 has been marked as a duplicate of this bug. ***
Comment 11 Fushan Wen 2023-08-09 00:59:29 UTC 
*** Bug 467467 has been marked as a duplicate of this bug. ***
Comment 12 Nate Graham 2023-08-09 18:01:57 UTC 
*** Bug 462645 has been marked as a duplicate of this bug. ***
Comment 13 Andreas Sturmlechner 2023-08-09 18:04:29 UTC 
*** Bug 472313 has been marked as a duplicate of this bug. ***
Comment 14 Nate Graham 2023-08-09 19:57:00 UTC 
*** Bug 473201 has been marked as a duplicate of this bug. ***
Comment 15 Nate Graham 2023-08-13 15:11:42 UTC 
*** Bug 473170 has been marked as a duplicate of this bug. ***
Comment 16 Nate Graham 2023-08-13 15:11:51 UTC 
*** Bug 472298 has been marked as a duplicate of this bug. ***
Comment 17 Christoph Tapler 2023-10-08 17:39:45 UTC 
Created attachment 162167 [details]
New crash information added by DrKonqi

dolphin (23.08.1) using Qt 5.15.10

Dolphin crashes when dragging and dropping a file from Dolphin to Thunderbird.

-- Backtrace (Reduced):
#4  0x00007f033ebab0f1 in QDrag::dragCursor(Qt::DropAction) const () from /lib64/libQt5Gui.so.5
#5  0x00007f033ebadb02 in QBasicDrag::updateCursor(Qt::DropAction) () from /lib64/libQt5Gui.so.5
#6  0x00007f033c0e805a in QtPrivate::QFunctorSlotObject<QtWaylandClient::QWaylandDataDevice::startDrag(QMimeData*, QFlags<Qt::DropAction>, QtWaylandClient::QWaylandWindow*)::{lambda(bool, Qt::DropAction)#1}, 2, QtPrivate::List<bool, Qt::DropAction>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) () from /lib64/libQt5WaylandClient.so.5
#7  0x00007f033e6e8481 in void doActivate<false>(QObject*, int, void**) () from /lib64/libQt5Core.so.5
#8  0x00007f033c0ec4c9 in QtWaylandClient::QWaylandDataSource::dndResponseUpdated(bool, Qt::DropAction) () from /lib64/libQt5WaylandClient.so.5
Comment 18 Nicolas Fella 2024-01-27 21:42:36 UTC 
*** Bug 480400 has been marked as a duplicate of this bug. ***
Comment 19 Nicolas Fella 2024-01-27 21:42:50 UTC 
*** Bug 456361 has been marked as a duplicate of this bug. ***
Comment 20 Nicolas Fella 2024-01-27 21:43:36 UTC 
*** Bug 460065 has been marked as a duplicate of this bug. ***
Comment 21 Nicolas Fella 2024-01-27 21:43:52 UTC 
*** Bug 470767 has been marked as a duplicate of this bug. ***
Comment 22 Nicolas Fella 2024-01-27 21:44:09 UTC 
*** Bug 476773 has been marked as a duplicate of this bug. ***
Comment 23 Nicolas Fella 2024-01-27 21:45:21 UTC 
*** Bug 470822 has been marked as a duplicate of this bug. ***
Comment 24 Nicolas Fella 2024-01-27 21:45:37 UTC 
*** Bug 466939 has been marked as a duplicate of this bug. ***
Comment 25 Nicolas Fella 2024-01-27 21:46:00 UTC 
*** Bug 469894 has been marked as a duplicate of this bug. ***
Comment 26 Nicolas Fella 2024-01-27 21:47:06 UTC 
*** Bug 396520 has been marked as a duplicate of this bug. ***
Comment 27 Nicolas Fella 2024-03-09 15:40:52 UTC 
*** Bug 482991 has been marked as a duplicate of this bug. ***
Comment 28 Nicolas Fella 2024-03-22 22:24:36 UTC 
*** Bug 484284 has been marked as a duplicate of this bug. ***