Bug 477166 - kwin_wayland frequently crashes in KWin::TabBox::ClientModel::data() after waking up laptop by opening lid
Summary: kwin_wayland frequently crashes in KWin::TabBox::ClientModel::data() after wa...
Status: RESOLVED FIXED
Alias: None
Product: kwin
Classification: Plasma
Component: tabbox (show other bugs)
Version: master
Platform: Other Linux
: NOR crash
Target Milestone: ---
Assignee: KWin default assignee
URL:
Keywords: qt6, wayland
Depends on:
Blocks:
 
Reported: 2023-11-17 23:04 UTC by Nate Graham
Modified: 2023-11-24 08:48 UTC (History)
2 users (show)

See Also:
Latest Commit: https://invent.kde.org/plasma/kwin/-/commit/4d0d153a579ed3b0bd74b7f4d95539d9e926a271
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Nate Graham 2023-11-17 23:04:27 UTC 
Plasma 6 Wayland from today's git master. Have been experiencing this for at least a week though.


STEPS TO REPRODUCE
1. Have laptop (not connected to any external screens), close laptop lid
2. Walk over to another room, taking like 30 seconds
3. Open laptop lid


OBSERVED RESULT
kwin_wayland crashes, causing havoc: screen freezes for a while before lock screen appears, non-Qt apps crash, etc.

Backtrace is the same every time:

#0  0x00007f06be239900 in QtPrivate::QMetaTypeInterfaceWrapper<void>::metaType () at /lib64/libQt6Core.so.6
#1  0x00007f06c13b263a in KWin::TabBox::ClientModel::data(QModelIndex const&, int) const (this=<optimized out>, index=<optimized out>, role=<optimized out>)
    at /home/nate/kde/src/kwin/src/tabbox/clientmodel.cpp:72
#2  0x00007f06c1729cf8 in QModelIndex::data(int) const (arole=263, this=0x7ffdfa4e65c0) at /usr/include/qt6/QtCore/qabstractitemmodel.h:493
#3  QQmlDMAbstractItemModelData::value(int) const (this=this@entry=0x34de730, role=263) at /usr/src/debug/qt6-qtdeclarative-6.6.0-1.fc39.x86_64/src/qmlmodels/qqmldmabstractitemmodeldata.cpp:229
#4  0x00007f06c172a326 in QQmlDMAbstractItemModelData::metaCall(QMetaObject::Call, int, void**) (this=0x34de730, call=<optimized out>, id=<optimized out>, arguments=0x7ffdfa4e6750)
    at /usr/src/debug/qt6-qtdeclarative-6.6.0-1.fc39.x86_64/src/qmlmodels/qqmldmabstractitemmodeldata.cpp:30
#5  0x00007f06bfc6300f in QQmlPropertyData::readProperty(QObject*, void*) const (property=0x7ffdfa4e6760, target=<optimized out>, this=0x35302e0)
    at /usr/src/debug/qt6-qtdeclarative-6.6.0-1.fc39.x86_64/redhat-linux-build/include/QtQml/6.6.0/QtQml/private/../../../../../../src/qml/qml/qqmlpropertydata_p.h:311
#6  QV4::loadProperty(QV4::ExecutionEngine*, QV4::Heap::Object*, QObject*, QQmlPropertyData const&) (v4=0x281b270, wrapper=0x7f06774b87a0, object=<optimized out>, property=...)
    at /usr/src/debug/qt6-qtdeclarative-6.6.0-1.fc39.x86_64/src/qml/jsruntime/qv4qobjectwrapper.cpp:179
#7  0x00007f06541115d7 in  ()
#8  0x0000000000000000 in  ()
Comment 1 Nicolas Fella 2023-11-18 19:15:09 UTC 
Looks like https://bugs.kde.org/show_bug.cgi?id=476622
Comment 2 Bug Janitor Service 2023-11-22 13:10:46 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/4692
Comment 3 Vlad Zahorodnii 2023-11-22 13:58:41 UTC 
This seems like a regression after removing QWeakPointer.
Comment 4 Vlad Zahorodnii 2023-11-22 14:00:54 UTC 
SwitcherItem is kept alive even after it's hidden, and TabBox::ClientModel lacks any cleanup code. It relies on horrible model resets.

So when the tabbox is hidden, the workspace stops resetting the client model, which is reasonable, but ClientModel can now contain dangling pointers, and it seems like SwitchItem can use the model while it's hidden. It's bad. :/
Comment 5 Vlad Zahorodnii 2023-11-24 08:48:07 UTC 
Git commit f3e6d3ca196aaef28478c27fd6a3caaed3cdbdff by Vlad Zahorodnii.
Committed on 24/11/2023 at 09:35.
Pushed by vladz into branch 'master'.

Ignore decoration changes of closed windows

Ideally the decoration of a closed window should not change. However,
it seems like it can happen when resuming the session.

When switching to another VT, the touchpad input device is removed, but
the touch input device is still kept on my machine. This results in
the tablet mode changing temporarily and triggering recalculation of new
borders in breeze decoration. It's a no-no thing to do if the window is
closed. We need to guard against this case. But in long term, we need to
reroute all decoration state updates through kwin so it can block state
updates when the window is closed. It's also needed for double buffered
state.

How to improve handling of tablet mode detection when switching between
VTs needs a separate investigation.

M  +23   -7    src/window.cpp
M  +15   -3    src/x11window.cpp

https://invent.kde.org/plasma/kwin/-/commit/f3e6d3ca196aaef28478c27fd6a3caaed3cdbdff
Comment 6 Vlad Zahorodnii 2023-11-24 08:48:15 UTC 
Git commit 4d0d153a579ed3b0bd74b7f4d95539d9e926a271 by Vlad Zahorodnii.
Committed on 24/11/2023 at 09:39.
Pushed by vladz into branch 'master'.

Always reset tabbox ClientModel if a window is added or removed

Otherwise dangling pointers can end up in TabBox::ClientModel. Tabbox is
written with hard model resets in mind. In order to fix it, the client
model has to be rewritten.

M  +3    -3    src/workspace.cpp

https://invent.kde.org/plasma/kwin/-/commit/4d0d153a579ed3b0bd74b7f4d95539d9e926a271