[kwin] [Bug 429086] New: kwin_wayland segmentation faulted in QScopedPointer >::operator->() when using Firefox

[Matt Fagnani]

https://bugs.kde.org/show_bug.cgi?id=429086

            Bug ID: 429086
           Summary: kwin_wayland segmentation faulted in
                    QScopedPointer<KWaylandServer::SurfaceInterfacePrivate
                    ,
                    QScopedPointerDeleter<KWaylandServer::SurfaceInterface
                    Private> >::operator->() when using Firefox
           Product: kwin
           Version: 5.20.3
          Platform: Fedora RPMs
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: wayland-generic
          Assignee: kwin-bugs-n...@kde.org
          Reporter: matthew.fagn...@utoronto.ca
  Target Milestone: ---

Created attachment 133325
  --> https://bugs.kde.org/attachment.cgi?id=133325&action=edit
Full trace of all threads of kwin_wayland segmentation fault

SUMMARY

I was using Plasma 5.20.3 on Wayland in Fedora 33. I started Firefox Nightly
74.0a1 (2020-11-13) on Wayland. I clicked on Bookmarks in the menu bar and
moved the cursor down over the bookmarks folders. The contents of one of the
bookmarks folders didn't appear, but the contents of a folder within that
folder appeared. Plasma froze for a few seconds. kwin_wayland segmentation
faulted in QScopedPointer<KWaylandServer::SurfaceInterfacePrivate,
QScopedPointerDeleter<KWaylandServer::SurfaceInterfacePrivate> >::operator->()
at /usr/include/qt5/QtCore/qscopedpointer.h:116 in
qt5-qtbase-devel-0:5.15.1-7.fc33.x86_64. The pointer this=0x10 in frame 0 was
likely invalid, which might be due to this=0x0 in
KWaylandServer::SurfaceInterface::subSurface in frame 1.

Core was generated by `/usr/bin/kwin_wayland --xwayland
--exit-with-session=/usr/libexec/startplasma-w'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  QScopedPointer<KWaylandServer::SurfaceInterfacePrivate,
QScopedPointerDeleter<KWaylandServer::SurfaceInterfacePrivate> >::operator->
(this=0x10) at /usr/include/qt5/QtCore/qscopedpointer.h:116
116         T *operator->() const noexcept
[Current thread is 1 (Thread 0x7fbde6c82e00 (LWP 1152))]
(gdb) bt
#0  QScopedPointer<KWaylandServer::SurfaceInterfacePrivate,
QScopedPointerDeleter<KWaylandServer::SurfaceInterfacePrivate> >::operator->()
const (this=0x10)
    at /usr/include/qt5/QtCore/qscopedpointer.h:116
#1  KWaylandServer::SurfaceInterface::subSurface() const (this=0x0)
    at
/usr/src/debug/kwayland-server-5.20.3-1.fc33.x86_64/src/server/surface_interface.cpp:792
#2  0x00007fbde83ccfac in
KWaylandServer::SubSurfaceInterface::Private::setMode(KWaylandServer::SubSurfaceInterface::Mode)
    (this=0x56071aaffb10,
m=KWaylandServer::SubSurfaceInterface::Mode::Desynchronized)
    at
/usr/src/debug/kwayland-server-5.20.3-1.fc33.x86_64/src/server/subcompositor_interface.cpp:275
#3  0x00007fbde42dcb10 in ffi_call_unix64 () at ../src/x86/unix64.S:76
#4  0x00007fbde42dc0a3 in ffi_call
    (cif=cif@entry=0x7ffeb1593f70, fn=<optimized out>, rvalue=<optimized out>, 
    rvalue@entry=0x0, avalue=avalue@entry=0x7ffeb1594040) at
../src/x86/ffi64.c:525
#5  0x00007fbde5606fd5 in wl_closure_invoke
    (closure=closure@entry=0x56071ac12b70, target=<optimized out>, 
    target@entry=0x56071ac70020, opcode=opcode@entry=5, data=<optimized out>, 
    data@entry=0x56071abfdc60, flags=<optimized out>) at src/connection.c:1018
#6  0x00007fbde560aecc in wl_client_connection_data
    (fd=<optimized out>, mask=<optimized out>, data=<optimized out>) at
src/wayland-server.c:432
#7  0x00007fbde5609ac2 in wl_event_loop_dispatch (loop=0x5607199cbb90,
timeout=<optimized out>)
    at src/event-loop.c:1027
#8  0x00007fbde8389f13 in KWaylandServer::Display::Private::dispatch()
(this=<optimized out>)
    at
/usr/src/debug/kwayland-server-5.20.3-1.fc33.x86_64/src/server/display.cpp:135
#9  0x00007fbde725e256 in QtPrivate::QSlotObjectBase::call(QObject*, void**)
    (a=0x7ffeb1594650, r=0x5607199d71a0, this=0x56071a390d50)
--Type <RET> for more, q to quit, c to continue without paging--c
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#10 doActivate<false>(QObject*, int, void**) (sender=0x56071a395430,
signal_index=3, argv=0x7ffeb1594650) at kernel/qobject.cpp:3886
#11 0x00007fbde7261476 in QSocketNotifier::activated(QSocketDescriptor,
QSocketNotifier::Type, QSocketNotifier::QPrivateSignal)
(this=this@entry=0x56071a395430, _t1=..., _t2=<optimized out>, _t3=...) at
.moc/moc_qsocketnotifier.cpp:178
#12 0x00007fbde7261be9 in QSocketNotifier::event(QEvent*) (this=0x56071a395430,
e=0x7ffeb1594770) at kernel/qsocketnotifier.cpp:302
#13 0x00007fbde7c2615f in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(this=<optimized out>, receiver=0x56071a395430, e=0x7ffeb1594770) at
kernel/qapplication.cpp:3630
#14 0x00007fbde722fbe8 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(receiver=0x56071a395430, event=0x7ffeb1594770) at
kernel/qcoreapplication.cpp:1063
#15 0x00007fbde7277ece in
QEventDispatcherUNIXPrivate::activateSocketNotifiers() (this=0x56071999ab40) at
kernel/qeventdispatcher_unix.cpp:304
#16 0x00007fbde7278254 in
QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(this=<optimized out>, flags=...) at kernel/qeventdispatcher_unix.cpp:511
#17 0x00007fbdd413c3ad in
QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
() at /usr/lib64/qt5/plugins/platforms/KWinQpaPlugin.so
#18 0x00007fbde722e64b in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7ffeb15948e0,
flags=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#19 0x00007fbde7236010 in QCoreApplication::exec() () at
../../include/QtCore/../../src/corelib/global/qflags.h:121
#20 0x000056071912356e in main(int, char**) (argc=<optimized out>,
argv=0x7ffeb1594b00) at
/usr/src/debug/kwin-5.20.3-1.fc33.x86_64/main_wayland.cpp:702


STEPS TO REPRODUCE
1. Boot a Fedora 33 KDE Plasma spin installation with updates-testing enabled
2. Log in to Plasma 5.20.3 on Wayland
3. Start Firefox Nightly 84.0a1
4. Select Bookmarks
5. Move the cursor over bookmarks folders which contain folders until the crash
happens. I'm not sure if this specifically is what led to the crash.

OBSERVED RESULT
kwin_wayland segmentation faulted in
QScopedPointer<KWaylandServer::SurfaceInterfacePrivate,
QScopedPointerDeleter<KWaylandServer::SurfaceInterfacePrivate> >::operator->()
when using Firefox

EXPECTED RESULT
No crash would happen

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora 33
(available in About System)
KDE Plasma Version: 5.20.3
KDE Frameworks Version: 5.75.0
Qt Version: 5.15.1

ADDITIONAL INFORMATION
I've only seen a crash with this trace once, but other similar kwin_wayland
crashes happened occasionally which I reported at
https://bugs.kde.org/show_bug.cgi?id=416974
https://bugs.kde.org/show_bug.cgi?id=423602 I'm attaching the full trace of all
threads.

-- 
You are receiving this mail because:
You are watching all bug changes.