471285 – kwin_wayland sometimes crashing when clicking on its window decoration button tooltips

Bug 471285 - kwin_wayland sometimes crashing when clicking on its window decoration button tooltips

Summary: kwin_wayland sometimes crashing when clicking on its window decoration button...

Status:	RESOLVED FIXED

Alias:	None

Product:	kwin
Classification:	Plasma
Component:	wayland-generic (show other bugs)
Version:	master
Platform:	Other Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	KWin default assignee

URL:
Keywords:	qt6

Depends on:
Blocks:

Reported:	2023-06-21 09:43 UTC by Nate Graham
Modified:	2023-06-23 15:18 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:	https://invent.kde.org/plasma/kwin/-/commit/21d193506851e0727860927ab289869732b06102
Version Fixed In:	5.27.7

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Nate Graham 2023-06-21 09:43:03 UTC

STEPS TO REPRODUCE
1. Hover the cursor over a window decoration button so that its tooltip appears
2. Quickly move the cursor over to it and click on the tooltip (generally this isn't something you do on purpose, but it can happen by accident)


OBSERVED RESULT
Some of the time, kwin_wayland crashes.


EXPECTED RESULT
No crash.


BACKTRACE
#0  0x00007febc445af1d in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::get() const (this=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.5.1-1.fc38.x86_64/src/corelib/tools/qscopedpointer.h:111
#1  qGetPtrHelper<QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> > const>(QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> > const&)
    (ptr=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.5.1-1.fc38.x86_64/src/corelib/global/qtclasshelpermacros.h:79
#2  QWindow::d_func() const (this=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.5.1-1.fc38.x86_64/src/gui/kernel/qwindow.h:65
#3  QWindow::geometry() const (this=this@entry=0x0)
    at /usr/src/debug/qt6-qtbase-6.5.1-1.fc38.x86_64/src/gui/kernel/qwindow.cpp:1796
#4  0x00007febc7499c6b in QWindow::position() const (this=0x0)
    at /usr/include/qt6/QtGui/qwindow.h:211
#5  KWin::InternalWindowEventFilter::pointerEvent(KWin::MouseEvent*, unsigned int)
    (this=<optimized out>, event=0x7ffcd8c2a950, nativeButton=<optimized out>)
    at /home/nate/kde/src/kwin/src/input.cpp:1199
#6  0x00007febc74e800d in std::__invoke_impl<bool, bool (KWin::InputEventFilter::*&)(KWin::MouseEvent*, unsigned int), KWin::InputEventFilter* const&, KWin::MouseEvent*&, unsigned int&>(std::__invoke_memfun_deref, bool (KWin::InputEventFilter::*&)(KWin::MouseEvent*, unsigned int), KWin::InputEventFilter* const&, KWin::MouseEvent*&, unsigned int&)
    (__f=<optimized out>, __t=@0x223c1f8: 0x2280550)
    at /usr/include/c++/13/bits/invoke.h:71
#7  std::__invoke<bool (KWin::InputEventFilter::*&)(KWin::MouseEvent*, unsigned int), KWin::InputEventFilter* const&, KWin::MouseEvent*&, unsigned int&>(bool (KWin::InputEventFilter::*&)(KWin::MouseEvent*, unsigned int), KWin::InputEventFilter* const&, KWin::MouseEvent*&, unsigned int&) (__fn=<optimized out>) at /usr/include/c++/13/bits/invoke.h:96
#8  std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)>::__call<bool, KWin::InputEventFilter* const&, 0ul, 1ul, 2ul>(std::tuple<KWin::InputEventFilter* const&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) (__args=<optimized out>, this=<optimized out>) at /usr/include/c++/13/functional:506
#9  std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)>::operator()<KWin::InputEventFilter* const&, bool>(KWin::InputEventFilter* const&) (this=<optimized out>)
    at /usr/include/c++/13/functional:591
#10 __gnu_cxx::__ops::_Iter_pred<std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)> >::operator()<QList<KWin::InputEventFilter*>::const_iterator>(QList<KWin::InputEventFilter*>::const_iterator)
    (__it=..., this=<optimized out>) at /usr/include/c++/13/bits/predefined_ops.h:318
#11 std::__find_if<QList<KWin::InputEventFilter*>::const_iterator, __gnu_cxx::__ops::_Iter_pred<std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, u--Type <RET> for more, q to quit, c to continue without paging--c
tor, QList<KWin::InputEventFilter*>::const_iterator, __gnu_cxx::__ops::_Iter_pred<std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)> >, std::random_access_iterator_tag) (__pred=..., __last=..., __first=...) at /usr/include/c++/13/bits/stl_algobase.h:2076
#12 std::__find_if<QList<KWin::InputEventFilter*>::const_iterator, __gnu_cxx::__ops::_Iter_pred<std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)> > >(QList<KWin::InputEventFilter*>::const_iterator, QList<KWin::InputEventFilter*>::const_iterator, __gnu_cxx::__ops::_Iter_pred<std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)> >) (__pred=..., __last=..., __first=...)
    at /usr/include/c++/13/bits/stl_algobase.h:2117
#13 std::find_if<QList<KWin::InputEventFilter*>::const_iterator, std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)> >(QList<KWin::InputEventFilter*>::const_iterator, QList<KWin::InputEventFilter*>::const_iterator, std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)>) (__pred=..., __last=..., __first=...) at /usr/include/c++/13/bits/stl_algo.h:3923
#14 std::none_of<QList<KWin::InputEventFilter*>::const_iterator, std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)> >(QList<KWin::InputEventFilter*>::const_iterator, QList<KWin::InputEventFilter*>::const_iterator, std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)>) (__pred=..., __last=..., __first=...) at /usr/include/c++/13/bits/stl_algo.h:477
#15 std::any_of<QList<KWin::InputEventFilter*>::const_iterator, std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)> >(QList<KWin::InputEventFilter*>::const_iterator, QList<KWin::InputEventFilter*>::const_iterator, std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)>) (__pred=..., __last=..., __first=...) at /usr/include/c++/13/bits/stl_algo.h:496
#16 KWin::InputRedirection::processFilters<std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)> >(std::_Bind<bool (KWin::InputEventFilter::*(std::_Placeholder<1>, KWin::MouseEvent*, unsigned int))(KWin::MouseEvent*, unsigned int)>) (function=..., this=<optimized out>)
    at /home/nate/kde/src/kwin/src/input.h:191
#17 KWin::PointerInputRedirection::processButton(unsigned int, KWin::InputRedirection::PointerButtonState, std::chrono::duration<long, std::ratio<1l, 1000000l> >, KWin::InputDevice*) (this=0x1b196b0, button=272, state=KWin::InputRedirection::PointerButtonReleased, time=Python Exception <class 'gdb.error'>: value has been optimized out
, device=<optimized out>) at /home/nate/kde/src/kwin/src/pointer_input.cpp:280
#18 0x00007febc3bddb35 in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0x7ffcd8c2ab20, r=0x1b196b0, this=0x1d49e00)
    at /usr/src/debug/qt6-qtbase-6.5.1-1.fc38.x86_64/src/corelib/kernel/qobjectdefs_impl.h:363
#19 doActivate<false>(QObject*, int, void**) (sender=0x1f39330, signal_index=4, argv=0x7ffcd8c2ab20)
    at /usr/src/debug/qt6-qtbase-6.5.1-1.fc38.x86_64/src/corelib/kernel/qobject.cpp:3992
#20 0x00007febc3bd4757 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**)
    (sender=sender@entry=0x1f39330, m=m@entry=0x7febc794df80 <KWin::InputDevice::staticMetaObject>, local_signal_index=local_signal_index@entry=1, argv=argv@entry=0x7ffcd8c2ab20)
    at /usr/src/debug/qt6-qtbase-6.5.1-1.fc38.x86_64/src/corelib/kernel/qobject.cpp:4052
#21 0x00007febc73be5af in KWin::InputDevice::pointerButtonChanged(unsigned int, KWin::InputRedirection::PointerButtonState, std::chrono::duration<long, std::ratio<1l, 1000000l> >, KWin::InputDevice*) (this=this@entry=0x1f39330, _t1=<optimized out>, _t2=<optimized out>, 
    _t2@entry=KWin::InputRedirection::PointerButtonReleased, _t3=_t3@entry=std::chrono::duration = { 161532404us }, _t4=<optimized out>, _t4@entry=0x1f39330)
    at /home/nate/kde/build6/kwin/src/kwin_autogen/TAC5DWH4SE/moc_inputdevice.cpp:1035
#22 0x00007febc76583dc in KWin::LibInput::Connection::processEvents() (this=<optimized out>) at /home/nate/kde/src/kwin/src/backends/libinput/connection.cpp:354
#23 0x00007febc3bcf797 in QObject::event(QEvent*) (this=0x1a72990, e=0x7feb7c0060e0) at /usr/src/debug/qt6-qtbase-6.5.1-1.fc38.x86_64/src/corelib/kernel/qobject.cpp:1391
#24 0x00007febc4fc0b08 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x1a72990, e=0x7feb7c0060e0)
    at /usr/src/debug/qt6-qtbase-6.5.1-1.fc38.x86_64/src/widgets/kernel/qapplication.cpp:3287
#25 0x00007febc3b7c308 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x1a72990, event=0x7feb7c0060e0)
    at /usr/src/debug/qt6-qtbase-6.5.1-1.fc38.x86_64/src/corelib/kernel/qcoreapplication.cpp:1115
#26 0x00007febc3b7c50d in QCoreApplication::sendEvent(QObject*, QEvent*) (receiver=<optimized out>, event=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.5.1-1.fc38.x86_64/src/corelib/kernel/qcoreapplication.cpp:1533
#27 0x00007febc3b7fd75 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*)
    (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=data@entry=0x1a0b250)
    at /usr/src/debug/qt6-qtbase-6.5.1-1.fc38.x86_64/src/corelib/kernel/qcoreapplication.cpp:1895
#28 0x00007febc3cfcca6 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x1a10940, flags=...)
    at /usr/src/debug/qt6-qtbase-6.5.1-1.fc38.x86_64/src/corelib/kernel/qeventdispatcher_unix.cpp:432
#29 0x00007febc49434c2 in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=...)
    at /usr/src/debug/qt6-qtbase-6.5.1-1.fc38.x86_64/src/gui/platform/unix/qunixeventdispatcher.cpp:27
#30 0x00007febc3b88e93 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffcd8c2b000, flags=..., flags@entry=...)
    at /usr/src/debug/qt6-qtbase-6.5.1-1.fc38.x86_64/src/corelib/global/qflags.h:34
#31 0x00007febc3b84b3d in QCoreApplication::exec() () at /usr/src/debug/qt6-qtbase-6.5.1-1.fc38.x86_64/src/corelib/global/qflags.h:74
#32 0x00007febc43f85cd in QGuiApplication::exec() () at /usr/src/debug/qt6-qtbase-6.5.1-1.fc38.x86_64/src/gui/kernel/qguiapplication.cpp:1894
#33 0x00007febc4fc0a79 in QApplication::exec() () at /usr/src/debug/qt6-qtbase-6.5.1-1.fc38.x86_64/src/widgets/kernel/qapplication.cpp:2566
#34 0x0000000000436358 in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at /home/nate/kde/src/kwin/src/main_wayland.cpp:613


SOFTWARE/OS VERSIONS
Operating System: Fedora Linux 38
KDE Plasma Version: 5.27.80
KDE Frameworks Version: 5.240.0
Qt Version: 6.5.1
Kernel Version: 6.3.6-200.fc38.x86_64 (64-bit)
Graphics Platform: offscreen
Processors: 8 × Intel® Core™ i7-10510U CPU @ 1.80GHz
Memory: 15.2 GiB of RAM
Graphics Processor: Mesa Intel® UHD Graphics

Comment 1 Nate Graham 2023-06-21 09:43:59 UTC

And FWIW I've periodically seen this crash on Plasma 5 too; removing the qt6 keyword. Just figured out the reproducer, hence the bug report.

Comment 2 Bug Janitor Service 2023-06-21 10:40:07 UTC

A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/4202

Comment 3 Zamundaaa 2023-06-21 12:15:38 UTC

Git commit 4d9a0d2306a644f8670037ffe113dc9c430fc7b4 by Xaver Hugl.
Committed on 21/06/2023 at 11:48.
Pushed by zamundaaa into branch 'master'.

input: don't crash if the internal handle is nullptr

Pointer focus can stay on a closed tooltip while focus updates are blocked,
so this needs to be checked for

M  +4    -0    src/input.cpp

https://invent.kde.org/plasma/kwin/-/commit/4d9a0d2306a644f8670037ffe113dc9c430fc7b4

Comment 4 Zamundaaa 2023-06-21 14:30:48 UTC

Git commit 21d193506851e0727860927ab289869732b06102 by Xaver Hugl.
Committed on 21/06/2023 at 14:10.
Pushed by zamundaaa into branch 'Plasma/5.27'.

input: don't crash if the internal handle is nullptr

Pointer focus can stay on a closed tooltip while focus updates are blocked,
so this needs to be checked for


(cherry picked from commit c25aaa2c9fbf8ec10f1ba16fecd4b31704fdaf0c)

M  +4    -0    src/input.cpp

https://invent.kde.org/plasma/kwin/-/commit/21d193506851e0727860927ab289869732b06102