Bug 472013 - Unmapping an xdg_toplevel with an existing xdg_popup causes a segfault in KWin::XdgPopupWindow::sendRoleConfigure
Summary: Unmapping an xdg_toplevel with an existing xdg_popup causes a segfault in KWi...
Status: RESOLVED FIXED
Alias: None
Product: kwin
Classification: Plasma
Component: generic-crash (show other bugs)
Version: 5.27.6
Platform: Fedora RPMs Linux
: NOR crash
Target Milestone: ---
Assignee: KWin default assignee
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-06 19:50 UTC by Kirill Primak
Modified: 2024-07-15 11:26 UTC (History)
1 user (show)

See Also:
Latest Commit: https://invent.kde.org/plasma/kwin/-/commit/0258a59123f9e8937b8b569ec8ca72884b53e63e
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Kirill Primak 2023-07-06 19:50:33 UTC 
Thread 1 "kwin" received signal SIGSEGV, Segmentation fault.
0x00007ffff7981db4 in KWin::XdgPopupWindow::sendRoleConfigure (this=0x555556763e80)
    at /usr/src/debug/kwin-5.27.6-1.fc38.x86_64/src/xdgshellwindow.cpp:1960
1960        const QPointF parentPosition = transientFor()->framePosToClientPos(transientFor()->pos());                              
(gdb) bt
#0  0x00007ffff7981db4 in KWin::XdgPopupWindow::sendRoleConfigure() const (this=0x555556763e80)
    at /usr/src/debug/kwin-5.27.6-1.fc38.x86_64/src/xdgshellwindow.cpp:1960
#1  0x00007ffff7974197 in KWin::XdgSurfaceWindow::sendConfigure() (this=0x555556763e80)
    at /usr/src/debug/kwin-5.27.6-1.fc38.x86_64/src/xdgshellwindow.cpp:131
#2  0x00007ffff5ee8461 in QtPrivate::QSlotObjectBase::call(QObject*, void**)
    (a=0x7fffffffd9e0, r=<optimized out>, this=0x55555691c6c0)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#3  doActivate<false>(QObject*, int, void**) (sender=0x55555675b350, signal_index=3, argv=0x7fffffffd9e0)
    at kernel/qobject.cpp:3925
#4  0x00007ffff5ee3387 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**)
    (sender=<optimized out>, m=m@entry=0x7ffff6166560 <QTimer::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fffffffd9e0) at kernel/qobject.cpp:3985
#5  0x00007ffff5eeb9dd in QTimer::timeout(QTimer::QPrivateSignal) (this=<optimized out>, _t1=...) at .moc/moc_qtimer.cpp:205
#6  0x00007ffff5edec8b in QObject::event(QEvent*) (this=0x55555675b350, e=0x7fffffffdb50) at kernel/qobject.cpp:1369
#7  0x00007ffff53aeb75 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
    (this=<optimized out>, receiver=0x55555675b350, e=0x7fffffffdb50) at kernel/qapplication.cpp:3640
#8  0x00007ffff5eb4188 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x55555675b350, event=0x7fffffffdb50)
    at kernel/qcoreapplication.cpp:1064
#9  0x00007ffff5eb43a2 in QCoreApplication::sendEvent(QObject*, QEvent*) (receiver=<optimized out>, event=<optimized out>)
    at kernel/qcoreapplication.cpp:1462
#10 0x00007ffff5f05a7b in QTimerInfoList::activateTimers() (this=this@entry=0x5555557302d8) at kernel/qtimerinfo_unix.cpp:643
#11 0x00007ffff5f02e30 in QEventDispatcherUNIXPrivate::activateTimers() (this=this@entry=0x555555730250)
    at kernel/qeventdispatcher_unix.cpp:249
#12 0x00007ffff5f03c80 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
    (this=<optimized out>, flags=...) at kernel/qeventdispatcher_unix.cpp:516
#13 0x00005555556962c2 in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#14 0x00007ffff5eb2b4b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7fffffffdcf0, flags=..., 
    flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#15 0x00007ffff5ebaddb in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#16 0x00007ffff6360edd in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1863
#17 0x00007ffff53aeae9 in QApplication::exec() () at kernel/qapplication.cpp:2832
#18 0x00005555555afe44 in main(int, char**) (argc=<optimized out>, argv=<optimized out>)
    at /usr/src/debug/kwin-5.27.6-1.fc38.x86_64/src/main_wayland.cpp:628
(gdb) call transientFor()
$1 = (const KWin::Window *) 0x0

STEPS TO REPRODUCE
1. Run `build/cases/xdg_toplevel_unmap_before_popup` from randfall [1].

OBSERVED RESULT
KWin crashes due to a segfault.

EXPECTED RESULT
KWin doesn't crash.

ADDITIONAL INFORMATION
KWin was launched as a standalone WM without any DE components.

[1] https://gitlab.freedesktop.org/vyivel/randfall
Comment 1 Bug Janitor Service 2023-09-12 21:18:13 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-pa/-/merge_requests/203
Comment 2 Vlad Zahorodnii 2024-07-15 07:55:21 UTC 
Git commit 09e0345cccb9098ef29ed544ef3dd5d5134bfa07 by Vlad Zahorodnii.
Committed on 15/07/2024 at 07:41.
Pushed by vladz into branch 'master'.

wayland: Dismiss XdgPopupWindow when the parent window is closed

XdgPopupWindow can't exist on its own.

M  +25   -0    autotests/integration/xdgshellwindow_test.cpp
M  +4    -7    src/workspace.cpp
M  +3    -0    src/xdgshellwindow.cpp

https://invent.kde.org/plasma/kwin/-/commit/09e0345cccb9098ef29ed544ef3dd5d5134bfa07
Comment 3 Vlad Zahorodnii 2024-07-15 11:26:06 UTC 
Git commit 0258a59123f9e8937b8b569ec8ca72884b53e63e by Vlad Zahorodnii.
Committed on 15/07/2024 at 08:22.
Pushed by vladz into branch 'Plasma/6.1'.

wayland: Dismiss XdgPopupWindow when the parent window is closed

XdgPopupWindow can't exist on its own.
(cherry picked from commit 09e0345cccb9098ef29ed544ef3dd5d5134bfa07)

M  +25   -0    autotests/integration/xdgshellwindow_test.cpp
M  +4    -7    src/workspace.cpp
M  +3    -0    src/xdgshellwindow.cpp

https://invent.kde.org/plasma/kwin/-/commit/0258a59123f9e8937b8b569ec8ca72884b53e63e