Bug 441547

Summary: Crash in KWin::clamp_row() when switching activities
Product: [Plasma] kwin Reporter: Luca Beltrame <lbeltrame>
Component: activitiesAssignee: Andrey <butirsky>
Status: RESOLVED FIXED    
Severity: crash CC: butirsky, hamelg, madLyfe, nate, sjurberengal+kde, yewobe6571
Priority: NOR    
Version: git master   
Target Milestone: ---   
Platform: Other   
OS: Linux   
See Also: https://bugs.kde.org/show_bug.cgi?id=443323
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Backtrace

Description Luca Beltrame 2021-08-25 21:05:35 UTC
Created attachment 141050 [details]
Backtrace

SUMMARY

When hitting meta-tab to switch between activities, kwin_wayland crashes immediately with the attached backtrace.

Switching activities via DBus does not trigger any crash.


STEPS TO REPRODUCE
1. Run Plasma under Wayland with at least two activities already defined
2. Hit Meta-Tab

OBSERVED RESULT

kwin_wayland crashes (backtrace attached).

EXPECTED RESULT

The activity switcher should appear.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: master 
(available in About System)
KDE Plasma Version:  master
KDE Frameworks Version:  master
Qt Version: 5.15.2 + KDE patches

ADDITIONAL INFORMATION

Given the fact that it crashes in the OpenGL context, I'll add that this occurs with the Intel driver (I'm unable to test with other drivers).
Comment 1 Vlad Zahorodnii 2021-08-26 08:25:51 UTC
seems like negative width is passed to clamp_row()

#0  0x00007fe20e679378 in __memmove_avx_unaligned_erms () at /lib64/libc.so.6
#1  0x00007fe208473282 in std::__copy_move<false, true, std::random_access_iterator_tag>::__copy_m<unsigned int>(unsigned int const*, unsigned int const*, unsigned int*) (__result=0x55dd26b1a648, __last=0x55dd26b1a664, __first=0x55dd26b1a668) at /usr/include/c++/11/bits/stl_algobase.h:431
#2  std::__copy_move_a2<false, unsigned int const*, unsigned int*>(unsigned int const*, unsigned int const*, unsigned int*)
    (__result=0x55dd26b1a648, __last=0x55dd26b1a664, __first=0x55dd26b1a668) at /usr/include/c++/11/bits/stl_algobase.h:495
#3  std::__copy_move_a1<false, unsigned int const*, unsigned int*>(unsigned int const*, unsigned int const*, unsigned int*)
    (__result=0x55dd26b1a648, __last=0x55dd26b1a664, __first=0x55dd26b1a668) at /usr/include/c++/11/bits/stl_algobase.h:522
#4  std::__copy_move_a<false, unsigned int const*, unsigned int*>(unsigned int const*, unsigned int const*, unsigned int*)
    (__result=0x55dd26b1a648, __last=0x55dd26b1a664, __first=0x55dd26b1a668) at /usr/include/c++/11/bits/stl_algobase.h:529
#5  std::copy<unsigned int const*, unsigned int*>(unsigned int const*, unsigned int const*, unsigned int*)
    (__result=0x55dd26b1a648, __last=0x55dd26b1a664, __first=0x55dd26b1a668) at /usr/include/c++/11/bits/stl_algobase.h:620
#6  KWin::clamp_row(int, int, int, uint32_t const*, uint32_t*)
    (left=left@entry=2, width=width@entry=-1, right=right@entry=3, src=src@entry=0x55dd26b1a668, dest=0x55dd26b1a640)
    at /usr/src/debug/kwin5-5.22.80git.20210824T123644~fbff8636b-ku.103.1.x86_64/src/plugins/scenes/opengl/scene_opengl.cpp:1840
Comment 2 Luca Beltrame 2021-08-26 11:51:11 UTC
It's not always reproducible. Sometimes a plain meta-tab would work, other times it would just crash.
Comment 3 Andrey 2021-09-22 15:57:55 UTC
For some reason, "Walk through activities" shortcuts do not trigger for me, even if I set a custom ones.
But the other activities shortcuts seem work. No crash then happens.

Can you reproduce with some other shortcuts?
Comment 4 Andrey 2021-09-22 16:19:22 UTC
The shortcut started working after restart, it seem to works unreliable but still see no crashes..
Comment 5 Andrey 2021-09-22 22:52:36 UTC
Could you update your master and re-test?
It definitely has problems here but still doesn't crash (I'm on Intel too).
Maybe we should open another bug about that.
Comment 6 Luca Beltrame 2021-09-23 06:23:40 UTC
Tested yesterday (behind master ~1 day, give or take) on the same system. Still got the crash. I didn't have time to look into the backtrace, though.
Comment 7 Andrey 2021-09-23 10:38:21 UTC
When it doesn't crash, does it work reliably for you?
Most of the time when I switching I do not see Activity pane on the left, second activity pops up for a moment and then just returns back to the first activity, so I can't even switch the activity with Meta+Tab.
If I set a shortcut for switching to the next activity, that shortcut works, though.

Is your behavior near similar?
Comment 8 Andrey 2021-09-27 11:14:31 UTC
Could you also provide a log?

I see "plasmashell[2238]: requesting unexisting screen -1" lines when it glitches, but still do not get a crashes and negative width passed to clamp_row() as in your trace.
Comment 9 Bug Janitor Service 2021-10-12 04:35:46 UTC
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 10 Vlad Zahorodnii 2021-10-25 15:43:44 UTC
*** Bug 444123 has been marked as a duplicate of this bug. ***
Comment 11 Vlad Zahorodnii 2021-10-25 15:44:26 UTC
(In reply to Andrey from comment #8)
> Could you also provide a log?
> 
> I see "plasmashell[2238]: requesting unexisting screen -1" lines when it
> glitches, but still do not get a crashes and negative width passed to
> clamp_row() as in your trace.

-1 screen id is unrelated, screen id are not communicated to kwin. the crash is inside kwin
Comment 12 Vlad Zahorodnii 2021-10-27 08:01:23 UTC
*** Bug 444200 has been marked as a duplicate of this bug. ***
Comment 13 hamelg 2021-11-24 22:22:38 UTC
I have this bug with kwin_x11. It crashes sometimes when hitting meta-tab to switch between activities.

I see theses logs just before it crashes :
plasmashell[1830]: requesting unexisting screen -1
plasmashell[1830]: requesting unexisting screen -1

(gdb) bt
#0  0x00007f8582543d22 in raise () at /usr/lib/libc.so.6
#1  0x00007f8583e7e064 in KCrash::defaultCrashHandler(int) () at /usr/lib/libKF5Crash.so.5
#2  0x00007f8582543da0 in <signal handler called> () at /usr/lib/libc.so.6
#3  0x00007f85824462f1 in  () at /usr/lib/libkwin4_effect_builtins.so.1
#4  0x00007f8582446adb in  () at /usr/lib/libkwin4_effect_builtins.so.1
#5  0x00007f8583fe2524 in KWin::EffectsHandlerImpl::paintWindow(KWin::EffectWindow*, int, QRegion const&, KWin::WindowPaintData&) ()
    at /usr/lib/libkwin.so.5
#6  0x00007f8584068809 in KWin::Scene::paintWindow(KWin::Scene::Window*, int, QRegion const&) () at /usr/lib/libkwin.so.5
#7  0x00007f8584066e67 in KWin::Scene::paintSimpleScreen(int, QRegion const&) () at /usr/lib/libkwin.so.5
#8  0x00007f8583fe2324 in KWin::EffectsHandlerImpl::paintScreen(int, QRegion const&, KWin::ScreenPaintData&) () at /usr/lib/libkwin.so.5
#9  0x00007f8583fe2324 in KWin::EffectsHandlerImpl::paintScreen(int, QRegion const&, KWin::ScreenPaintData&) () at /usr/lib/libkwin.so.5
#10 0x00007f8583fe2324 in KWin::EffectsHandlerImpl::paintScreen(int, QRegion const&, KWin::ScreenPaintData&) () at /usr/lib/libkwin.so.5
#11 0x00007f858406817e in KWin::Scene::paintScreen(QRegion const&, QRegion const&, QRegion*, QRegion*, KWin::RenderLoop*, QMatrix4x4 const&) () at /usr/lib/libkwin.so.5
#12 0x00007f85707041d2 in KWin::SceneOpenGL::paint(KWin::AbstractOutput*, QRegion const&, QList<KWin::Toplevel*> const&, KWin::RenderLoop*) () at /usr/lib/qt/plugins/org.kde.kwin.scenes/KWinSceneOpenGL.so
#13 0x00007f8583fac01c in KWin::Compositor::composite(KWin::RenderLoop*) () at /usr/lib/libkwin.so.5
#14 0x00007f8583fac47d in KWin::X11Compositor::composite(KWin::RenderLoop*) () at /usr/lib/libkwin.so.5
#15 0x00007f858342e7ab in  () at /usr/lib/libQt5Core.so.5
#16 0x00007f8583f5f333 in KWin::RenderLoop::frameRequested(KWin::RenderLoop*) () at /usr/lib/libkwin.so.5
#17 0x00007f85840563d4 in KWin::RenderLoopPrivate::dispatch() () at /usr/lib/libkwin.so.5
#18 0x00007f858342e7ab in  () at /usr/lib/libQt5Core.so.5
#19 0x00007f858343277b in QTimer::timeout(QTimer::QPrivateSignal) () at /usr/lib/libQt5Core.so.5
#20 0x00007f858342446f in QObject::event(QEvent*) () at /usr/lib/libQt5Core.so.5
#21 0x00007f8582a4cd62 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/libQt5Widgets.so.5
#22 0x00007f85833f73fa in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/libQt5Core.so.5
#23 0x00007f858344f39d in QTimerInfoList::activateTimers() () at /usr/lib/libQt5Core.so.5
#24 0x00007f858344d879 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#25 0x00007f857c15139f in  () at /usr/lib/libQt5XcbQpa.so.5
#26 0x00007f85833f5d6c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#27 0x00007f85833fe2d4 in QCoreApplication::exec() () at /usr/lib/libQt5Core.so.5
#28 0x000055f73cf7a441 in  ()
#29 0x00007f858252eb25 in __libc_start_main () at /usr/lib/libc.so.6
#30 0x000055f73cf7a97e in  ()
Comment 14 hamelg 2021-11-24 22:35:16 UTC
ADDITIONAL INFORMATION
I use the nvidia driver 495.44
I see these logs "plasmashell[1830]: requesting unexisting screen -1" everytime I switch between activities. It's not related with the kwin crash.

I can provide a complete backtrace if needed.
Comment 15 hamelg 2021-11-29 17:47:08 UTC
An additional more complete backtrace.

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `/usr/bin/kwin_x11'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fec2cb5fd22 in raise () from /usr/lib/libc.so.6
[Current thread is 1 (Thread 0x7fec26b2d540 (LWP 23511))]
(gdb) bt
#0  0x00007fec2cb5fd22 in raise () at /usr/lib/libc.so.6
#1  0x00007fec2e49a064 in KCrash::defaultCrashHandler(int) () at /usr/lib/libKF5Crash.so.5
#2  0x00007fec2cb5fda0 in <signal handler called> () at /usr/lib/libc.so.6
#3  0x00007fec2ca51eb1 in KWin::belongToSameGroup (w2=0x56463e93afe0, w1=0x56463eda96d0)
    at /usr/src/debug/kwin-5.23.3/src/effects/diminactive/diminactive.cpp:33
#4  KWin::DimInactiveEffect::canDimWindow(KWin::EffectWindow const*) const (this=0x56463e952ec0, w=0x56463e93afe0)
    at /usr/src/debug/kwin-5.23.3/src/effects/diminactive/diminactive.cpp:179
#5  0x00007fec2ca526d3 in KWin::DimInactiveEffect::paintWindow(KWin::EffectWindow*, int, QRegion, KWin::WindowPaintData&)
    (this=this@entry=0x56463e952ec0, w=<optimized out>, w@entry=0x56463e93afe0, mask=mask@entry=1, region=..., data=...)
    at /usr/src/debug/kwin-5.23.3/src/effects/diminactive/diminactive.cpp:124
#6  0x00007fec2e611159 in KWin::EffectsHandlerImpl::paintWindow(KWin::EffectWindow*, int, QRegion const&, KWin::WindowPaintData&)
    (this=0x56463e52bad0, w=0x56463e93afe0, mask=1, region=<optimized out>, data=...) at /usr/src/debug/kwin-5.23.3/src/effects.cpp:432
#7  0x00007fec2e6a18ed in KWin::Scene::paintWindow(KWin::Scene::Window*, int, QRegion const&)
    (this=<optimized out>, w=0x56463e7be270, mask=1, _region=<optimized out>) at /usr/src/debug/kwin-5.23.3/src/scene.cpp:517
#8  0x00007fec2e69f377 in KWin::Scene::paintSimpleScreen(int, QRegion const&) (this=<optimized out>, orig_mask=0, region=...)
    at /usr/src/debug/kwin-5.23.3/src/scene.cpp:441
#9  0x00007fec2e610ee9 in KWin::EffectsHandlerImpl::paintScreen(int, QRegion const&, KWin::ScreenPaintData&)
    (this=0x56463e52bad0, mask=<optimized out>, region=<optimized out>, data=<optimized out>)
    at /usr/src/debug/kwin-5.23.3/src/effects.cpp:389
#10 0x00007fec2e610ee9 in KWin::EffectsHandlerImpl::paintScreen(int, QRegion const&, KWin::ScreenPaintData&)
    (this=0x56463e52bad0, mask=<optimized out>, region=<optimized out>, data=<optimized out>)
    at /usr/src/debug/kwin-5.23.3/src/effects.cpp:389
#11 0x00007fec2e610ee9 in KWin::EffectsHandlerImpl::paintScreen(int, QRegion const&, KWin::ScreenPaintData&)
    (this=0x56463e52bad0, mask=<optimized out>, region=<optimized out>, data=<optimized out>)
    at /usr/src/debug/kwin-5.23.3/src/effects.cpp:389
#12 0x00007fec2e6a11d4 in KWin::Scene::paintScreen(QRegion const&, QRegion const&, QRegion*, QRegion*, KWin::RenderLoop*, QMatrix4x4 const&)
    (this=this@entry=0x56463e84a5d0, damage=..., repaint=..., updateRegion=updateRegion@entry=0x7ffd740fa490, validRegion=validRegion@entry=0x7ffd740fa498, renderLoop=renderLoop@entry=0x56463e5c2150, projection=...) at /usr/src/debug/kwin-5.23.3/src/scene.cpp:217
#13 0x00007fec1c1a17ca in KWin::SceneOpenGL::paint(KWin::AbstractOutput*, QRegion const&, QList<KWin::Toplevel*> const&, KWin::RenderLoop*) (this=0x56463e84a5d0, output=0x0, damage=..., toplevels=<optimized out>, renderLoop=0x56463e5c2150)
    at /usr/src/debug/kwin-5.23.3/src/plugins/scenes/opengl/scene_opengl.cpp:440
#14 0x00007fec2e5d5527 in KWin::Compositor::composite(KWin::RenderLoop*) (this=0x56463e6574a0, renderLoop=0x56463e5c2150)
    at /usr/src/debug/kwin-5.23.3/src/composite.cpp:623
#15 0x00007fec2e5d596d in KWin::X11Compositor::composite(KWin::RenderLoop*) (this=0x56463e6574a0, renderLoop=0x56463e5c2150)
    at /usr/src/debug/kwin-5.23.3/src/composite.cpp:831
#16 0x00007fec2da4a7cb in  () at /usr/lib/libQt5Core.so.5
#17 0x00007fec2e585717 in KWin::RenderLoop::frameRequested(KWin::RenderLoop*) (this=<optimized out>, _t1=<optimized out>)
    at /usr/src/debug/build/src/kwin_autogen/EWIEGA46WW/moc_renderloop.cpp:206
#18 0x00007fec2e68e468 in KWin::RenderLoopPrivate::dispatch() (this=0x56463e4e6f20) at /usr/src/debug/kwin-5.23.3/src/renderloop.cpp:148
#19 0x00007fec2da4a7cb in  () at /usr/lib/libQt5Core.so.5
#20 0x00007fec2da4e79b in QTimer::timeout(QTimer::QPrivateSignal) () at /usr/lib/libQt5Core.so.5
#21 0x00007fec2da4048f in QObject::event(QEvent*) () at /usr/lib/libQt5Core.so.5
#22 0x00007fec2d068d62 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/libQt5Widgets.so.5
#23 0x00007fec2da1341a in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/libQt5Core.so.5
#24 0x00007fec2da6b3bd in QTimerInfoList::activateTimers() () at /usr/lib/libQt5Core.so.5
#25 0x00007fec2da69899 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#26 0x00007fec2668739f in  () at /usr/lib/libQt5XcbQpa.so.5
#27 0x00007fec2da11d8c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#28 0x00007fec2da1a2f4 in QCoreApplication::exec() () at /usr/lib/libQt5Core.so.5
#29 0x000056463dca5541 in main(int, char**) (argc=<optimized out>, argv=0x7ffd740fae38)
    at /usr/src/debug/kwin-5.23.3/src/main_x11.cpp:483
Comment 16 hamelg 2021-11-29 17:54:22 UTC
My issue is related to this bug : https://bugs.kde.org/show_bug.cgi?id=442222
Sorry
Comment 17 Vlad Zahorodnii 2022-01-11 09:11:48 UTC
*** Bug 447590 has been marked as a duplicate of this bug. ***
Comment 18 Vlad Zahorodnii 2023-08-24 15:22:19 UTC
Is this issue still reproducible in 5.27? There were some patches in the past that touched relevant code paths
Comment 19 hamelg 2023-08-25 10:17:46 UTC
Here I haven't seen this crashdump happen for a long time. I think that's fixed.
Comment 20 Nate Graham 2023-08-25 18:38:43 UTC
Hooray!