Bug 466313

Summary: Reproducible crash of kwin 5.27.1 in KWin::Scene::delegates() when switching window decorations (does not occur in 5.27.0)
Product: [Plasma] kwin Reporter: punk.salt6165
Component: coreAssignee: KWin default assignee <kwin-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: avemilia, nate, punk.salt6165
Priority: VHI Keywords: regression
Version: 5.27.1   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: https://invent.kde.org/plasma/kwin/commit/0d0474117ddf8024e7c5a2239154aadedf739597 Version Fixed In: 5.27.2
Attachments: Includes all debug symbols, generated by DrKonqi

Description punk.salt6165 2023-02-23 18:00:19 UTC 
Created attachment 156655 [details]
Includes all debug symbols, generated by DrKonqi

SUMMARY
***
NOTE: If you are reporting a crash, please try to attach a backtrace with debug symbols.
See https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports
***


STEPS TO REPRODUCE
1. Go into Settings -> Appearence
2. Click on Window Decorations
3. Select any window decoration
4. Click Apply
5. Crash happens (but new window decoration has been applied after kwin has crashed and restarted).

OBSERVED RESULT

Crashing (entire KDE restarts itself). It did not crash on a clean KDE installation at first. It started crashing now after I installed many new window decorations from within KDE (by clicking Get New Window Decorations button and installing them).

EXPECTED RESULT

Should not crash and apply window decoration.

SOFTWARE/OS VERSIONS
Operating System: Arch Linux 
KDE Plasma Version: 5.27.1
KDE Frameworks Version: 5.103.0
Qt Version: 5.15.8
Kernel Version: 6.1.12-arch1-1 (64-bit)
Graphics Platform: Wayland
Processors: 6 × Intel® Core™ i5-8600K CPU @ 3.60GHz
Memory: 47.0 GiB of RAM
Graphics Processor: AMD Radeon RX 6800 XT

ADDITIONAL INFORMATION

This issue suddenly started happening. You wont be able to produce it on a clean KDE installation of course, so its complicated to find. But I can produce it reliably - it crashes every time i Apply a window decoration and sometimes even when i close the settings window. 

I will try to clean out themes and revert any changes i did to try and see what is causing this crash.
Comment 1 punk.salt6165 2023-02-24 08:34:35 UTC 
I have done more research that i think can really help solve this bug.

IMPORTANT: The TLDR version is: the bug is NOT in kwin 5.27.0 AND it occurs in a clean KDE installation with default settings. This will make it a lot easier to fix.


More details below how I came to this conclusion:

I suspected this bug wasnt in earlier versions of kwin since it started just after the upgrade to 5.27.1. So i wanted to verify my theory.

First I removed all installed global system themes, window decorations, plasma styles, colors - literally everything i had installed. The only remaining stuff was KDE default stuff.

Then I removed my entire KDE installation and deleted all KDE config files using this script:

------------------------
#!/usr/bin/fish

set fileList Trolltech.conf akregatorrc baloofilerc bluedevilglobalrc kactivitymanagerd-statsrc
set -a fileList kactivitymanagerdrc kactivitymanagerd-pluginsrc kateschemarc kcmfonts kcminputrc kconf_updaterc kded5rc
set -a fileList kdeglobals kfontinstuirc kglobalshortcutsrc khotkeysrc kmixctrlrc kmixrc
set -a fileList kscreenlockerrc ksmserverrc ksplashrc ktimezonedrc kwinrc kwinrulesrc plasma-localerc
set -a fileList plasma-nm plasma-org.kde.plasma.desktop-appletsrc plasmarc plasmashellrc
set -a fileList powermanagementprofilesrc startupconfig startupconfigfiles startupconfigkeys
set -a fileList krunnerrc touchpadxlibinputrc systemsettingsrc kxkbrc PlasmaUserFeedback
set -a fileList kde.org/* kiorc klipperrc knfsshare kuriikwsfilterrc kwalletmanager5rc kwalletrc
set -a fileList plasma.emojierrc plasmanotifyrc PlasmaUserFeedback powerdevilrc kgammarc
set -a fileList kded_device_automounterrc device_automounter_kcmrc klaunchrc
set -a fileList trashrc kactivitymanagerd-switcher gtkrc-2.0 gtkrc baloofileinformationrc
set -a fileList breezerc

rm $fileList
------------------------

The bug still occured when switching between the default window decorations.

So finally i downgraded kwin to 5.27.0 - and the crashes stopped! I cannot make it crash on kwin 5.27.0 anymore. Switching back to 5.27.1 makes the crashes start again, with no other changes being made.

This means the bug was introduced in the last weeks update to 5.27.1. This should make it easier to find. Its somewhere in the kwin changes 5.27.0 => 5.27.1.
Comment 2 Nate Graham 2023-02-24 21:43:24 UTC 
Can reproduce when switching from one Aurorae theme to another one. Pasting my backtrace inline:

#0  std::__atomic_base<int>::load(std::memory_order) const (__m=std::memory_order::relaxed, this=0x0)
    at /usr/include/c++/12/bits/atomic_base.h:486
#1  QAtomicOps<int>::loadRelaxed<int>(std::atomic<int> const&)
    (_q_value=<error reading variable: Cannot access memory at address 0x0>)
    at /usr/include/qt5/QtCore/qatomic_cxx11.h:239
#2  QBasicAtomicInteger<int>::loadRelaxed() const (this=0x0)
    at /usr/include/qt5/QtCore/qbasicatomic.h:107
#3  QtPrivate::RefCount::ref() (this=0x0) at /usr/include/qt5/QtCore/qrefcount.h:55
#4  QList<KWin::SceneDelegate*>::QList(QList<KWin::SceneDelegate*> const&)
    (this=0x7ffe86075d80, l=...) at /usr/include/qt5/QtCore/qlist.h:856
#5  0x00007f6876e95d4d in KWin::Scene::delegates() const (this=<optimized out>)
    at /home/nate/kde/src/kwin/src/scene/scene.cpp:124
#6  0x00007f6876e8d5d3 in KWin::Item::scheduleRepaintInternal(QRegion const&)
     (this=this@entry=0x3a18000, region=...) at /home/nate/kde/src/kwin/src/scene/item.cpp:301
#7  0x00007f6876e8e83d in KWin::Item::updateEffectiveVisibility() (this=this@entry=0x3a18000)
    at /home/nate/kde/src/kwin/src/scene/item.cpp:401
#8  0x00007f6876e8e9e1 in KWin::Item::setParentItem(KWin::Item*)
    (this=this@entry=0x3a18000, item=item@entry=0x0) at /home/nate/kde/src/kwin/src/scene/item.cpp:86
#9  0x00007f6876e8ec12 in KWin::Item::~Item() (this=this@entry=0x3a18000, __in_chrg=<optimized out>)
    at /home/nate/kde/src/kwin/src/scene/item.cpp:25
#10 0x00007f6876dba3aa in KWin::SurfaceItem::~SurfaceItem()
    (this=0x3a18000, __in_chrg=<optimized out>)
    at /home/nate/kde/build/kwin/src/kwin_autogen/QSLIUTEOWB/../../../../../src/kwin/src/scene/surfaceitem.h:21
#11 KWin::SurfaceItemInternal::~SurfaceItemInternal() (this=0x3a18000, __in_chrg=<optimized out>)
    at /home/nate/kde/build/kwin/src/kwin_autogen/QSLIUTEOWB/../../../../../src/kwin/src/scene/surfaceitem_internal.h:22
#12 KWin::SurfaceItemInternal::~SurfaceItemInternal() (this=0x3a18000, __in_chrg=<optimized out>)
    at /home/nate/kde/build/kwin/src/kwin_autogen/QSLIUTEOWB/../../../../../src/kwin/src/scene/surfaceitem_internal.h:22
#13 0x00007f6876e9d678 in std::default_delete<KWin::SurfaceItem>::operator()(KWin::SurfaceItem*) const
    (__ptr=<optimized out>, this=<optimized out>) at /usr/include/c++/12/bits/unique_ptr.h:89
#14 std::unique_ptr<KWin::SurfaceItem, std::default_delete<KWin::SurfaceItem> >::~unique_ptr()
    (this=0x3a39cb8, __in_chrg=<optimized out>) at /usr/include/c++/12/bits/unique_ptr.h:396
#15 KWin::WindowItem::~WindowItem() (this=this@entry=0x3a39bc0, __in_chrg=<optimized out>)
    at /home/nate/kde/src/kwin/src/scene/windowitem.cpp:57
#16 0x00007f6876db9dd7 in KWin::WindowItemInternal::~WindowItemInternal()
    (this=0x3a39bc0, __in_chrg=<optimized out>)
    at /home/nate/kde/build/kwin/src/kwin_autogen/QSLIUTEOWB/../../../../../src/kwin/src/scene/windowitem.h:116
#17 KWin::WindowItemInternal::~WindowItemInternal() (this=0x3a39bc0, __in_chrg=<optimized out>)
    at /home/nate/kde/build/kwin/src/kwin_autogen/QSLIUTEOWB/../../../../../src/kwin/src/scene/windowitem.h:116
#18 0x00007f6876f21ec6 in std::default_delete<KWin::WindowItem>::operator()(KWin::WindowItem*) const
    (__ptr=<optimized out>, this=<optimized out>) at /usr/include/c++/12/bits/unique_ptr.h:89
#19 std::unique_ptr<KWin::WindowItem, std::default_delete<KWin::WindowItem> >::~unique_ptr()
    (this=0x3a375c0, __in_chrg=<optimized out>) at /usr/include/c++/12/bits/unique_ptr.h:396
#20 KWin::Window::~Window() (this=0x3a37490, __in_chrg=<optimized out>)
    at /home/nate/kde/src/kwin/src/window.cpp:131
#21 0x00007f6876e0a819 in KWin::Deleted::~Deleted() (this=0x3a37490, __in_chrg=<optimized out>)
    at /home/nate/kde/src/kwin/src/deleted.cpp:50
#22 0x00007f68752c7f71 in QObject::event(QEvent*) (this=0x3a37490, e=0x1adbe80)
    at kernel/qobject.cpp:1334
#23 0x00007f6873faed62 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
    (this=<optimized out>, receiver=0x3a37490, e=0x1adbe80) at kernel/qapplication.cpp:3640
#24 0x00007f687529d4e8 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
    (receiver=0x3a37490, event=0x1adbe80) at kernel/qcoreapplication.cpp:1064
#25 0x00007f68752a0854 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*)
     (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=data@entry=0x19f57d0)
    at kernel/qcoreapplication.cpp:1821
#26 0x00007f68752ebb45 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
    (this=0x1a25850, flags=...) at kernel/qeventdispatcher_unix.cpp:468
#27 0x0000000000535321 in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#28 0x00007f687529bf3a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
    (this=this@entry=0x7ffe86076200, flags=..., flags@entry=...)
    at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#29 0x00007f68752a4002 in QCoreApplication::exec() ()
    at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#30 0x00007f687575fad0 in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1863
#31 0x00007f6873faecd9 in QApplication::exec() () at kernel/qapplication.cpp:2832
#32 0x000000000044717e in main(int, char**) (argc=<optimized out>, argv=<optimized out>)
    at /home/nate/kde/src/kwin/src/main_wayland.cpp:616
Comment 3 Nate Graham 2023-02-24 22:11:35 UTC 
Can reproduce on Wayland with my setup, but cannot reproduce on X11.
Comment 4 Bug Janitor Service 2023-02-26 15:59:54 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/3703
Comment 5 Vlad Zahorodnii 2023-02-27 12:21:54 UTC 
Git commit 8fc634684c037dc0d88156d2dd076412989e6bc7 by Vlad Zahorodnii.
Committed on 27/02/2023 at 12:07.
Pushed by vladz into branch 'master'.

wayland: Setup compositing for internal window when it's mapped

Aurorae decoration plugin creates an unmapped internal window, it's not
rendered and so it's not added to the Workspace.

Internal window setups compositing in its constructor too. It means that
the WindowItem will have a link to the scene, but since the Compositor
has no any idea about the internal window yet, that scene can become a
dangling pointer, and kwin can crash when the window item is destroyed.

M  +1    -3    src/internalwindow.cpp

https://invent.kde.org/plasma/kwin/commit/8fc634684c037dc0d88156d2dd076412989e6bc7
Comment 6 Vlad Zahorodnii 2023-02-27 13:18:15 UTC 
Git commit 0d0474117ddf8024e7c5a2239154aadedf739597 by Vlad Zahorodnii.
Committed on 27/02/2023 at 12:22.
Pushed by vladz into branch 'Plasma/5.27'.

wayland: Setup compositing for internal window when it's mapped

Aurorae decoration plugin creates an unmapped internal window, it's not
rendered and so it's not added to the Workspace.

Internal window setups compositing in its constructor too. It means that
the WindowItem will have a link to the scene, but since the Compositor
has no any idea about the internal window yet, that scene can become a
dangling pointer, and kwin can crash when the window item is destroyed.
(cherry picked from commit 8fc634684c037dc0d88156d2dd076412989e6bc7)

M  +1    -3    src/internalwindow.cpp

https://invent.kde.org/plasma/kwin/commit/0d0474117ddf8024e7c5a2239154aadedf739597
Comment 7 Nate Graham 2023-02-28 20:38:30 UTC 
*** Bug 466418 has been marked as a duplicate of this bug. ***