1745590 - [Wayland] Opening a local file using the GTK file picker causes a crash without crash report (wl_display@1: error 1: invalid arguments for xdg_activation_token_v1@110.set_surface)

Status: RESOLVED FIXED

(Core :: Widget: Gtk, defect, P1)

Description

[tgn-ff]

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0

Steps to reproduce:

1. Start Firefox in native Wayland.
2. Use Ctrl + O and select a local file to open.

Actual results:

Firefox "crashes" at step two. The crash reporter doesn't detect any crash. Nothing is logged in systemd's coredump, and using gdb ends up to an empty backtrace file.

When I enable the xdg portals, Firefox will use the KDE file picker and it doesn't crash.

Expected results:

This is a regression.

https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=3e3b2783753c64619cf7ad53a4dfe9aae9719bbe&tochange=96341891b9d2157310960ce72138c07131bfec79

Comment 1

[Emilio Cobos Álvarez (:emilio)]

I can repro on Gnome: https://crash-stats.mozilla.org/report/index/26155d5f-fcf7-4bf6-b98e-9b0520211211

Comment 2

[Emilio Cobos Álvarez (:emilio)]

(Not sure why the tracking flags were set automatically)

Comment 3

[Martin Stránský [:stransky] (ni? me) (PTO, back on Feb 17)]

Yes, I see that too. it's https://gitlab.gnome.org/GNOME/gtk/-/issues/4510 but I wonder how it's related to xdg-activation here. Will look at it after weekend.

Comment 4

[Martin Stránský [:stransky] (ni? me) (PTO, back on Feb 17)]

Hm, you may see a different crash as it's reported as xdg_activation_token_v1@110.set_surface. I wonder if we use wl_surface from the filedialog or so.

Comment 6

[Jan Alexander Steffens [:heftig]]

Duplicate at bug 1745623. I stumbled upon this as it also crashes when closing a detached devtools window via the mouse.

Comment 7

[Martin Stránský [:stransky] (ni? me) (PTO, back on Feb 17)]

This is very interesting bug. It happens because we use already deleted wl_surface in xdg_activation_token_v1@110.set_surface. When a file dialog is opened we get wl_keyboard_enter for it (which is expected) but when it's closed, Firefox calls focus in for main Firefox window.

But we send the focus in request in timeframe between wl_surface destroy and wl_keyboard_leave(nullptr) so we think we still have a valid surface.

Robert, I wonder if that's a compositor bug? Shall we get wl_keyboard_leave(nullptr) first and then the wl_surface may be destroyed by compositor?

Comment 8

[Martin Stránský [:stransky] (ni? me) (PTO, back on Feb 17)]

Hm, I see the same behavior in KWin.

Comment 9

[Martin Stránský [:stransky] (ni? me) (PTO, back on Feb 17)]

Attachment: Bug 1745590 [Wayland] Don't use external GtkWidget as focus source, r?emilio

We get wl_keyboard_enter event for all wl_surfaces which includes file dialogs owned by Gtk.
We can't use such wl_surface as focus source as it's not owned/managed by Firefox.

When we request focus on Wayland, check that we should have the focus (by gFocusWindow)
and also check if we really have it (by comparing wl_surface owned by gFocusWindow and
wl_surface obtained from wl_keyboard_enter).

Comment 10

[Pulsebot]

Pushed by stransky@redhat.com:
https://hg.mozilla.org/integration/autoland/rev/56ddd953cd1c
[Wayland] Don't use external GtkWidget as focus source, r=emilio

Comment 11

[Natalia Csoregi [:nataliaCs]]

https://hg.mozilla.org/mozilla-central/rev/56ddd953cd1c