472532 – Switching to gnome-calculator's Advanced view immediately crashes kwin_wayland in KWin::Placement::placeTransient()

Bug 472532 - Switching to gnome-calculator's Advanced view immediately crashes kwin_wayland in KWin::Placement::placeTransient()

Summary: Switching to gnome-calculator's Advanced view immediately crashes kwin_waylan...

Status:	RESOLVED FIXED

Alias:	None

Product:	kwin
Classification:	Plasma
Component:	wayland-generic (show other bugs)
Version:	master
Platform:	Other Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	KWin default assignee

URL:
Keywords:	qt6

Depends on:
Blocks:

Reported:	2023-07-23 14:01 UTC by Nate Graham
Modified:	2023-08-05 09:33 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:	https://invent.kde.org/plasma/kwin/-/commit/559d55f64f97f90e367bab549a385fc91398c817
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Nate Graham 2023-07-23 14:01:00 UTC

STEPS TO REPRODUCE
1. Install gnome-calculator (I have it installed from the Fedora 38 distro repo)
2. Click on the "Basic" text in the headerbar
3. Click on "Advanced"

OBSERVED RESULT
kwin_wayland crashes 100% of the time with the following backtrace:

#0  0x00007fcab26af6e8 in KWin::Placement::placeTransient(KWin::Window*)
    (this=<optimized out>, c=0x2b2e820) at /home/nate/kde/src/kwin/src/placement.cpp:485
#1  0x00007fcab27d9692 in KWin::XdgPopupWindow::relayout() (this=0x2b2e820)
    at /home/nate/kde/src/kwin/src/xdgshellwindow.cpp:1593
#2  0x00007fcaaf1ddcd4 in QtPrivate::QSlotObjectBase::call(QObject*, void**)
    (a=0x7ffec6c49a30, r=0x2b2e820, this=0x2993380)
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/corelib/kernel/qobjectdefs_impl.h:363
#3  doActivate<false>(QObject*, int, void**) (sender=0x2d29810, signal_index=18, argv=0x7ffec6c49a30)
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/corelib/kernel/qobject.cpp:3992
#4  0x00007fcaaf1d4757 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**)
    (sender=sender@entry=0x2d29810, m=m@entry=0x7fcab2b5cd40 <KWin::Window::staticMetaObject>, local_signal_index=local_signal_index@entry=15, argv=argv@entry=0x7ffec6c49a30)
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/corelib/kernel/qobject.cpp:4052
#5  0x00007fcab277ad55 in KWin::Window::frameGeometryChanged(QRectF const&)
    (this=this@entry=0x2d29810, _t1=...)
    at /home/nate/kde/build6/kwin/src/kwin_autogen/include/moc_window.cpp:2042
#6  0x00007fcab277a3fc in KWin::WaylandWindow::updateGeometry(QRectF const&)
    (this=this@entry=0x2d29810, rect=...) at /home/nate/kde/src/kwin/src/waylandwindow.cpp:283
#7  0x00007fcab27e0876 in KWin::XdgSurfaceWindow::handleNextWindowGeometry()
    (this=this@entry=0x2d29810) at /home/nate/kde/src/kwin/src/xdgshellwindow.cpp:221
#8  0x00007fcab27e09ce in KWin::XdgSurfaceWindow::handleCommit() (this=0x2d29810)
    at /home/nate/kde/src/kwin/src/xdgshellwindow.cpp:149
#9  0x00007fcaaf1ddcd4 in QtPrivate::QSlotObjectBase::call(QObject*, void**)
    (a=0x7ffec6c49c58, r=0x2d29810, this=0x193d4a0)
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/corelib/kernel/qobjectdefs_impl.h:363
#10 doActivate<false>(QObject*, int, void**) (sender=0x2ebc110, signal_index=22, argv=0x7ffec6c49c58)
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/corelib/kernel/qobject.cpp:3992
#11 0x00007fcaaf1d4757 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**)
    (sender=<optimized out>, m=m@entry=0x7fcab2b6c9c0, local_signal_index=local_signal_index@entry=19, argv=argv@entry=0x0)
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/corelib/kernel/qobject.cpp:4052
#12 0x00007fcab28ee453 in KWaylandServer::SurfaceInterface::committed() (this=<optimized out>)
    at /home/nate/kde/build6/kwin/src/kwin_autogen/include/moc_surface_interface.cpp:655
#13 0x00007fcab28f1ec1 in KWaylandServer::SurfaceInterfacePrivate::applyState(KWaylandServer::SurfaceState*) (this=0x2b2fd50, next=<optimized out>)
    at /home/nate/kde/src/kwin/src/wayland/surface_interface.cpp:694
#14 0x00007fcaae367be6 in ffi_call_unix64 () at ../src/x86/unix64.S:104
#15 0x00007fcaae3644bf in ffi_call_int
    (cif=cif@entry=0x7ffec6c4a030, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>, closure=closure@entry=0x0) at ../src/x86/ffi64.c:673
#16 0x00007fcaae36718e in ffi_call
    (cif=cif@entry=0x7ffec6c4a030, fn=<optimized out>, rvalue=rvalue@entry=0x0, avalue=avalue@entry=0x7ffec6c4a100) at ../src/x86/ffi64.c:710
#17 0x00007fcab2bb3521 in wl_closure_invoke
    (closure=0x2cc5be0, flags=<optimized out>, target=<optimized out>, opcode=6, data=<optimized out>)
    at ../../src/wayland/src/connection.c:1025
#18 0x00007fcab2baea92 in wl_client_connection_data
    (fd=<optimized out>, mask=<optimized out>, data=0x15099f0)
    at ../../src/wayland/src/wayland-server.c:438
#19 0x00007fcab2bb1652 in wl_event_loop_dispatch (loop=0x1543fe0, timeout=<optimized out>)
    at ../../src/wayland/src/event-loop.c:1104
#20 0x00007fcab2899524 in KWaylandServer::Display::dispatchEvents() (this=<optimized out>)
    at /home/nate/kde/src/kwin/src/wayland/display.cpp:113
#21 0x00007fcaaf1ddcd4 in QtPrivate::QSlotObjectBase::call(QObject*, void**)
    (a=0x7ffec6c4a5b0, r=0x14f22a0, this=0x1a5c810)
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/corelib/kernel/qobjectdefs_impl.h:363
#22 doActivate<false>(QObject*, int, void**) (sender=0x1dca150, signal_index=3, argv=0x7ffec6c4a5b0)
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/corelib/kernel/qobject.cpp:3992
#23 0x00007fcaaf1d4757 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**)
    (sender=sender@entry=0x1dca150, m=m@entry=0x7fcaaf60a0a0, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffec6c4a5b0)
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/corelib/kernel/qobject.cpp:4052
#24 0x00007fcaaf1edbdd in QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) (this=this@entry=0x1dca150, _t1=..., _t2=<optimized out>, _t3=...)
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/redhat-linux-build/src/corelib/Core_autogen/include/moc_qsocketnotifier.cpp:231
#25 0x00007fcaaf1ee3db in QSocketNotifier::event(QEvent*) (this=0x1dca150, e=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/corelib/kernel/qsocketnotifier.cpp:326
#26 0x00007fcab05c0b08 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
    (this=<optimized out>, receiver=0x1dca150, e=0x7ffec6c4a700)
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/widgets/kernel/qapplication.cpp:3287
#27 0x00007fcaaf17c308 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
    (receiver=0x1dca150, event=0x7ffec6c4a700)
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/corelib/kernel/qcoreapplication.cpp:1115
#28 0x00007fcaaf17c50d in QCoreApplication::sendEvent(QObject*, QEvent*)
    (receiver=<optimized out>, event=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/corelib/kernel/qcoreapplication.cpp:1533
#29 0x00007fcaaf2fcc1e in QEventDispatcherUNIXPrivate::activateSocketNotifiers()
    (this=this@entry=0x1504690)
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/corelib/kernel/qeventdispatcher_unix.cpp:268
#30 0x00007fcaaf2fd547 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
    (this=<optimized out>, flags=...)
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/corelib/kernel/qeventdispatcher_unix.cpp:477
#31 0x00007fcaaff434c2 in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=...)
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/gui/platform/unix/qunixeventdispatcher.cpp:27
#32 0x00007fcaaf188e93 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
    (this=this@entry=0x7ffec6c4a8c0, flags=..., flags@entry=...)
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/corelib/global/qflags.h:34
#33 0x00007fcaaf184b3d in QCoreApplication::exec() ()
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/corelib/global/qflags.h:74
#34 0x00007fcaaf9f85cd in QGuiApplication::exec() ()
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/gui/kernel/qguiapplication.cpp:1894
#35 0x00007fcab05c0a79 in QApplication::exec() ()
    at /usr/src/debug/qt6-qtbase-6.5.1-2.fc38.x86_64/src/widgets/kernel/qapplication.cpp:2566
#36 0x0000000000430598 in main(int, char**) (argc=<optimized out>, argv=<optimized out>)
    at /home/nate/kde/src/kwin/src/main_wayland.cpp:613

Comment 1 Bug Janitor Service 2023-08-04 16:34:22 UTC

A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/4299

Comment 2 Kai Uwe Broulik 2023-08-05 09:33:39 UTC

Git commit 559d55f64f97f90e367bab549a385fc91398c817 by Kai Uwe Broulik.
Committed on 04/08/2023 at 18:29.
Pushed by broulik into branch 'master'.

XdgPopupWindow: Disconnect relayout when role gets destroyed

Otherwise we will still react on a frameGeometryChanged signal
and try to relayout the popup when its transient parent was
already set to null leading to a crash.

M  +2    -0    src/xdgshellwindow.cpp

https://invent.kde.org/plasma/kwin/-/commit/559d55f64f97f90e367bab549a385fc91398c817