https://bugs.kde.org/show_bug.cgi?id=520129
Bug ID: 520129
Summary: Konsole crashes with SIGSEGV in
QWaylandShmBackingStore::recreateBackBufferIfNeeded →
QImage::sizeInBytes on Wayland during right-click
Classification: Applications
Product: konsole
Version First 25.12.3
Reported In:
Platform: Kubuntu
OS: Linux
Status: REPORTED
Severity: crash
Priority: NOR
Component: general
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Konsole crashes with SIGSEGV during right-click context menu on Wayland.
Environment:
- Konsole: 25.12.3
- KDE Plasma: 6.6.4
- Qt: 6.10.2+dfsg-7
- KF6: 6.24.0
- Kernel: 7.0.0-15-generic
- Session: Wayland (KDE)
Steps to reproduce:
1. Open Konsole on a Wayland session
2. Right-click anywhere in the terminal area to open the context menu
3. Konsole crashes (may be more likely when another window is repainting at
the same time)
Root cause (from stack trace):
QMenu::exec() starts a nested event loop. During that loop,
QWaylandDisplay::flushRequests() dispatches a pending Wayland expose event,
which triggers QWaylandWindow::updateExposure() → paintAndFlush() →
QWaylandShmBackingStore::recreateBackBufferIfNeeded(). At this point the
SHM back buffer is null or invalid, so QImage::sizeInBytes() faults.
This is a nested event loop reentrancy bug in Qt's Wayland SHM backing store.
The same crash path (recreateBackBufferIfNeeded → QImage::sizeInBytes
SIGSEGV)
was reported for Dolphin in bug #502357.
Full stack trace:
#0 __pthread_kill_implementation
#1 __pthread_kill_internal
#2 __GI___pthread_kill
#3 __GI_raise (sig=11)
#4 KCrash::defaultCrashHandler(int) — libKF6Crash.so.6
#5 <signal handler called>
#6 QImage::sizeInBytes() const — libQt6Gui.so.6
#7
QtWaylandClient::QWaylandShmBackingStore::recreateBackBufferIfNeeded(QRegion
const&) — libQt6WaylandClient.so.6
#8 QtWaylandClient::QWaylandShmBackingStore::beginPaint(QRegion const&) —
libQt6WaylandClient.so.6
#9 QBackingStore::beginPaint(QRegion const&) — libQt6Gui.so.6
#10 QWidgetRepaintManager::paintAndFlush() — libQt6Widgets.so.6
#11 QWidgetRepaintManager::sync(QWidget*, QRegion const&) —
libQt6Widgets.so.6
#15 QGuiApplicationPrivate::processExposeEvent — libQt6Gui.so.6
#17 QWindowSystemInterface::handleExposeEvent — libQt6Gui.so.6
#18 QtWaylandClient::QWaylandWindow::sendExposeEvent —
libQt6WaylandClient.so.6
#19 QtWaylandClient::QWaylandWindow::updateExposure() —
libQt6WaylandClient.so.6
#23 wl_display_dispatch_queue_pending — libwayland-client.so.0
#26 QtWaylandClient::QWaylandDisplay::flushRequests() —
libQt6WaylandClient.so.6
#27 QObject::event(QEvent*) — libQt6Core.so.6
#36 QEventLoop::exec — libQt6Core.so.6 [nested loop from QMenu::exec]
#38 QMenu::exec(QPoint const&, QAction*) — libQt6Widgets.so.6
#39 Konsole::SessionController::showDisplayContextMenu(QPoint const&) —
libkonsoleprivate.so.25.12.3
#41 Konsole::TerminalDisplay::configureRequest(QPoint const&) —
libkonsoleprivate.so.25.12.3
#42 Konsole::TerminalDisplay::mousePressEvent(QMouseEvent*) —
libkonsoleprivate.so.25.12.3
Set "See Also" to bug #502357. Now you have a proper reproduction trigger —
right-click — which is far more useful than "intermittent crash
during general use."
--
You are receiving this mail because:
You are watching all bug changes.
