Bug 435258

Summary: Sometimes kwin_wayland crashes in QtWaylandServer::org_kde_kwin_blur_manager::bind_func() when I change global theme
Product: [Plasma] kwin Reporter: Patrick Silva <bugseforuns>
Component: wayland-genericAssignee: KWin default assignee <kwin-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: nate, postix, seqularise, vlad.zahorodnii
Priority: NOR    
Version: git master   
Target Milestone: ---   
Platform: Neon   
OS: Linux   
Latest Commit: https://invent.kde.org/plasma/kwin/commit/9b2b450fdd223b9ca859d66583e19f6d5b73ceca Version Fixed In: 5.22
Sentry Crash Report:

Description Patrick Silva 2021-04-02 11:41:44 UTC 
STEPS TO REPRODUCE
1. open Global Theme KCM on Wayland
2. change global theme repeatedly
3. 

OBSERVED RESULT
at some pont kwin_wayland will crash and all running apps will crash together.

EXPECTED RESULT
no crash

SOFTWARE/OS VERSIONS
Operating System: KDE neon Unstable Edition
KDE Plasma Version: 5.21.80
KDE Frameworks Version: 5.81.0
Qt Version: 5.15.2
Graphics Platform: Wayland


Thread 11 (Thread 0x7f63c4e84700 (LWP 7024)):
#0  futex_abstimed_wait_cancelable (private=<optimized out>, abstime=0x7f63c4e83c50, clockid=<optimized out>, expected=0, futex_word=0x559ed0ac6324) at ../sysdeps/nptl/futex-internal.h:320
#1  __pthread_cond_wait_common (abstime=0x7f63c4e83c50, clockid=<optimized out>, mutex=0x559ed0ac62d0, cond=0x559ed0ac62f8) at pthread_cond_wait.c:520
#2  __pthread_cond_timedwait (cond=cond@entry=0x559ed0ac62f8, mutex=mutex@entry=0x559ed0ac62d0, abstime=abstime@entry=0x7f63c4e83c50) at pthread_cond_wait.c:656
#3  0x00007f63ede15ce8 in QWaitConditionPrivate::wait_relative(QDeadlineTimer) (this=0x559ed0ac62d0, deadline=...) at thread/qwaitcondition_unix.cpp:136
#4  QWaitConditionPrivate::wait(QDeadlineTimer) (deadline=..., this=0x559ed0ac62d0) at thread/qwaitcondition_unix.cpp:144
#5  QWaitCondition::wait(QMutex*, QDeadlineTimer) (this=this@entry=0x559ed0ac61c0, mutex=mutex@entry=0x559ed145aca8, deadline=...) at thread/qwaitcondition_unix.cpp:225
#6  0x00007f63ede131f1 in QThreadPoolThread::run() (this=0x559ed0ac61b0) at ../../include/QtCore/../../src/corelib/thread/qmutex.h:270
#7  0x00007f63ede0fbec in QThreadPrivate::start(void*) (arg=0x559ed0ac61b0) at thread/qthread_unix.cpp:329
#8  0x00007f63ec8e1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#9  0x00007f63ec564293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 10 (Thread 0x7f63d61ba700 (LWP 897)):
#0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x559ed0bf2db8) at ../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x559ed0bf2d68, cond=0x559ed0bf2d90) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x559ed0bf2d90, mutex=0x559ed0bf2d68) at pthread_cond_wait.c:638
#3  0x00007f63d7717e6b in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#4  0x00007f63d7717a6b in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#5  0x00007f63ec8e1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#6  0x00007f63ec564293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 9 (Thread 0x7f63d59b9700 (LWP 898)):
#0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x559ed0bf2db8) at ../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x559ed0bf2d68, cond=0x559ed0bf2d90) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x559ed0bf2d90, mutex=0x559ed0bf2d68) at pthread_cond_wait.c:638
#3  0x00007f63d7717e6b in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#4  0x00007f63d7717a6b in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#5  0x00007f63ec8e1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#6  0x00007f63ec564293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 8 (Thread 0x7f63c60c5700 (LWP 901)):
#0  0x00007f63ec557aff in __GI___poll (fds=0x7f63b4004e60, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f63eb8a236e in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x7f63b4004e60, timeout=<optimized out>, context=0x7f63b4000c20) at ../../../glib/gmain.c:4346
#2  g_main_context_iterate (context=context@entry=0x7f63b4000c20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4042
#3  0x00007f63eb8a24a3 in g_main_context_iteration (context=0x7f63b4000c20, may_block=may_block@entry=1) at ../../../glib/gmain.c:4108
#4  0x00007f63ee04ffe2 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7f63b4000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007f63edff41eb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7f63c60c4cc0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:141
#6  0x00007f63ede0ea52 in QThread::exec() (this=this@entry=0x559ed1531210) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#7  0x00007f63eae6bfa9 in QQmlThreadPrivate::run() (this=0x559ed1531210) at qml/ftw/qqmlthread.cpp:155
#8  0x00007f63ede0fbec in QThreadPrivate::start(void*) (arg=0x559ed1531210) at thread/qthread_unix.cpp:329
#9  0x00007f63ec8e1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#10 0x00007f63ec564293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 7 (Thread 0x7f63d71bc700 (LWP 895)):
#0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x559ed0bf2dbc) at ../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x559ed0bf2d68, cond=0x559ed0bf2d90) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x559ed0bf2d90, mutex=0x559ed0bf2d68) at pthread_cond_wait.c:638
#3  0x00007f63d7717e6b in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#4  0x00007f63d7717a6b in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#5  0x00007f63ec8e1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#6  0x00007f63ec564293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 6 (Thread 0x7f63c690c700 (LWP 7023)):
#0  futex_abstimed_wait_cancelable (private=<optimized out>, abstime=0x7f63c690bc50, clockid=<optimized out>, expected=0, futex_word=0x559ed145af44) at ../sysdeps/nptl/futex-internal.h:320
#1  __pthread_cond_wait_common (abstime=0x7f63c690bc50, clockid=<optimized out>, mutex=0x559ed145aef0, cond=0x559ed145af18) at pthread_cond_wait.c:520
#2  __pthread_cond_timedwait (cond=cond@entry=0x559ed145af18, mutex=mutex@entry=0x559ed145aef0, abstime=abstime@entry=0x7f63c690bc50) at pthread_cond_wait.c:656
#3  0x00007f63ede15ce8 in QWaitConditionPrivate::wait_relative(QDeadlineTimer) (this=0x559ed145aef0, deadline=...) at thread/qwaitcondition_unix.cpp:136
#4  QWaitConditionPrivate::wait(QDeadlineTimer) (deadline=..., this=0x559ed145aef0) at thread/qwaitcondition_unix.cpp:144
#5  QWaitCondition::wait(QMutex*, QDeadlineTimer) (this=this@entry=0x559ed145a800, mutex=mutex@entry=0x559ed145aca8, deadline=...) at thread/qwaitcondition_unix.cpp:225
#6  0x00007f63ede131f1 in QThreadPoolThread::run() (this=0x559ed145a7f0) at ../../include/QtCore/../../src/corelib/thread/qmutex.h:270
#7  0x00007f63ede0fbec in QThreadPrivate::start(void*) (arg=0x559ed145a7f0) at thread/qthread_unix.cpp:329
#8  0x00007f63ec8e1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#9  0x00007f63ec564293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 5 (Thread 0x7f63d69bb700 (LWP 896)):
#0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x559ed0bf2db8) at ../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x559ed0bf2d68, cond=0x559ed0bf2d90) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x559ed0bf2d90, mutex=0x559ed0bf2d68) at pthread_cond_wait.c:638
#3  0x00007f63d7717e6b in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#4  0x00007f63d7717a6b in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#5  0x00007f63ec8e1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#6  0x00007f63ec564293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 0x7f63e61aa700 (LWP 893)):
#0  0x00007f63ec557aff in __GI___poll (fds=0x7f63d8005240, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f63eb8a236e in g_main_context_poll (priority=<optimized out>, n_fds=2, fds=0x7f63d8005240, timeout=<optimized out>, context=0x7f63d8000c20) at ../../../glib/gmain.c:4346
#2  g_main_context_iterate (context=context@entry=0x7f63d8000c20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4042
#3  0x00007f63eb8a24a3 in g_main_context_iteration (context=0x7f63d8000c20, may_block=may_block@entry=1) at ../../../glib/gmain.c:4108
#4  0x00007f63ee04ffe2 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7f63d8000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007f63edff41eb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7f63e61a9ce0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:141
#6  0x00007f63ede0ea52 in QThread::exec() (this=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#7  0x00007f63ede0fbec in QThreadPrivate::start(void*) (arg=0x559ed096a530) at thread/qthread_unix.cpp:329
#8  0x00007f63ec8e1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#9  0x00007f63ec564293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7f63e6acb700 (LWP 892)):
#0  0x00007f63ec557aff in __GI___poll (fds=0x7f63e0018eb0, nfds=4, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f63eb8a236e in g_main_context_poll (priority=<optimized out>, n_fds=4, fds=0x7f63e0018eb0, timeout=<optimized out>, context=0x7f63e0001ce0) at ../../../glib/gmain.c:4346
#2  g_main_context_iterate (context=context@entry=0x7f63e0001ce0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4042
#3  0x00007f63eb8a24a3 in g_main_context_iteration (context=0x7f63e0001ce0, may_block=may_block@entry=1) at ../../../glib/gmain.c:4108
#4  0x00007f63ee04ffe2 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7f63e0000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007f63edff41eb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7f63e6acacb0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:141
#6  0x00007f63ede0ea52 in QThread::exec() (this=this@entry=0x7f63ee9fbd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#7  0x00007f63ee977f4b in QDBusConnectionManager::run() (this=0x7f63ee9fbd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:179
#8  0x00007f63ede0fbec in QThreadPrivate::start(void*) (arg=0x7f63ee9fbd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:329
#9  0x00007f63ec8e1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#10 0x00007f63ec564293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7f63e59a9700 (LWP 894)):
#0  0x00007f63ec557aff in __GI___poll (fds=0x7f63dc004630, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f63eb8a236e in g_main_context_poll (priority=<optimized out>, n_fds=2, fds=0x7f63dc004630, timeout=<optimized out>, context=0x7f63dc000c20) at ../../../glib/gmain.c:4346
#2  g_main_context_iterate (context=context@entry=0x7f63dc000c20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4042
#3  0x00007f63eb8a24a3 in g_main_context_iteration (context=0x7f63dc000c20, may_block=may_block@entry=1) at ../../../glib/gmain.c:4108
#4  0x00007f63ee04ffe2 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7f63dc000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007f63edff41eb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7f63e59a8ce0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:141
#6  0x00007f63ede0ea52 in QThread::exec() (this=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#7  0x00007f63ede0fbec in QThreadPrivate::start(void*) (arg=0x559ed09756c0) at thread/qthread_unix.cpp:329
#8  0x00007f63ec8e1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#9  0x00007f63ec564293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7f63e74e8d80 (LWP 891)):
#0  QtWaylandServer::org_kde_kwin_blur_manager::bind_func(wl_client*, void*, unsigned int, unsigned int) (client=0x559ed1bb4f30, data=0x0, version=1, id=179) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qglobal.h:663
#1  0x00007f63e7cd3ff5 in ffi_call_unix64 () at ../src/x86/unix64.S:101
#2  0x00007f63e7cd340a in ffi_call_int (cif=<optimized out>, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>, closure=<optimized out>) at ../src/x86/ffi64.c:669
#3  0x00007f63ea4fd628 in wl_closure_invoke (closure=closure@entry=0x559ed12de6d0, flags=flags@entry=2, target=<optimized out>, target@entry=0x559ed1a20e80, opcode=opcode@entry=0, data=<optimized out>, data@entry=0x559ed1bb4f30) at ../src/connection.c:1018
#4  0x00007f63ea4f99e2 in wl_client_connection_data (fd=<optimized out>, mask=<optimized out>, data=0x559ed1bb4f30) at ../src/wayland-server.c:432
#5  0x00007f63ea4fb65a in wl_event_loop_dispatch (loop=0x559ed09203c0, timeout=timeout@entry=0) at ../src/event-loop.c:1027
#6  0x00007f63ecaee34c in KWaylandServer::Display::dispatchEvents() (this=<optimized out>) at ./src/server/display.cpp:107
#7  0x00007f63ee02c6fe in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0x7ffddade4af0, r=0x559ed094aef0, this=0x559ed15d2c10) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#8  doActivate<false>(QObject*, int, void**) (sender=0x559ed093eca0, signal_index=3, argv=0x7ffddade4af0) at kernel/qobject.cpp:3886
#9  0x00007f63ee025ac7 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (sender=sender@entry=0x559ed093eca0, m=m@entry=0x7f63ee28fb40 <QSocketNotifier::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffddade4af0) at kernel/qobject.cpp:3946
#10 0x00007f63ee030773 in QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) (this=this@entry=0x559ed093eca0, _t1=..., _t2=<optimized out>, _t3=...) at .moc/moc_qsocketnotifier.cpp:178
#11 0x00007f63ee030f13 in QSocketNotifier::event(QEvent*) (this=0x559ed093eca0, e=0x7ffddade4dc0) at kernel/qsocketnotifier.cpp:302
#12 0x00007f63ecf3fdc3 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=this@entry=0x559ed090cd90, receiver=receiver@entry=0x559ed093eca0, e=e@entry=0x7ffddade4dc0) at kernel/qapplication.cpp:3632
#13 0x00007f63ecf48bb8 in QApplication::notify(QObject*, QEvent*) (this=0x7ffddade51d0, receiver=0x559ed093eca0, e=0x7ffddade4dc0) at kernel/qapplication.cpp:3156
#14 0x00007f63edff56da in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x559ed093eca0, event=0x7ffddade4dc0) at ../../include/QtCore/5.15.2/QtCore/private/../../../../../src/corelib/thread/qthread_p.h:325
#15 0x00007f63ee04d20b in QEventDispatcherUNIXPrivate::activateSocketNotifiers() (this=0x559ed0920e70) at kernel/qeventdispatcher_unix.cpp:304
#16 0x00007f63ee04d66b in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=...) at kernel/qeventdispatcher_unix.cpp:511
#17 0x0000559ecf39d8e1 in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#18 0x00007f63edff41eb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffddade4f50, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:141
#19 0x00007f63edffc394 in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#20 0x0000559ecf32a281 in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at ./src/main_wayland.cpp:802
Comment 1 Bug Janitor Service 2021-05-02 17:28:42 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/931
Comment 2 Vlad Zahorodnii 2021-05-12 11:31:13 UTC 
Git commit 66f0798ddb841ac8e27b50e16a3f5ef218e90ed6 by Vlad Zahorodnii.
Committed on 12/05/2021 at 07:59.
Pushed by vladz into branch 'master'.

Fix delayed global removal

Unfortunately, we cannot just simply unset the wl_global's user data.
The compositor still needs to process client requests after the global
has been removed, for example bind requests or the requests that create
new resources.

M  +10   -2    src/server/blur_interface.cpp
M  +2    -0    src/server/blur_interface.h
M  +16   -4    src/server/contrast_interface.cpp
M  +2    -0    src/server/contrast_interface.h
M  +19   -1    src/server/output_interface.cpp
M  +3    -1    src/server/output_interface.h
M  +23   -13   src/server/outputdevice_interface.cpp
M  +2    -0    src/server/outputdevice_interface.h
M  +10   -3    src/server/slide_interface.cpp
M  +2    -0    src/server/slide_interface.h
M  +1    -1    src/server/surface_interface.cpp
M  +14   -0    src/server/utils.h
M  +33   -23   src/tools/qtwaylandscanner.cpp

https://invent.kde.org/plasma/kwayland-server/commit/66f0798ddb841ac8e27b50e16a3f5ef218e90ed6
Comment 3 Vlad Zahorodnii 2021-05-12 11:34:29 UTC 
Git commit 9b2b450fdd223b9ca859d66583e19f6d5b73ceca by Vlad Zahorodnii.
Committed on 12/05/2021 at 11:31.
Pushed by vladz into branch 'master'.

wayland: Use new api to remove globals safely

M  +2    -4    src/effects/backgroundcontrast/contrast.cpp
M  +3    -5    src/effects/backgroundcontrast/contrast.h
M  +2    -4    src/effects/blur/blur.cpp
M  +3    -5    src/effects/blur/blur.h
M  +1    -2    src/effects/slidingpopups/slidingpopups.cpp
M  +4    -0    src/effects/slidingpopups/slidingpopups.h
M  +4    -4    src/waylandoutput.cpp
M  +2    -1    src/waylandoutput.h
M  +1    -1    src/waylandoutputdevice.cpp
M  +2    -1    src/waylandoutputdevice.h

https://invent.kde.org/plasma/kwin/commit/9b2b450fdd223b9ca859d66583e19f6d5b73ceca