Bug 478864

Summary: Nested kwin_wayland 5.90.0 crashed in QArrayDataPointer<std::shared_ptr<KWin::EglSwapchainSlot> >::constEnd in VMs using the llvmpipe driver
Product: [Plasma] kwin Reporter: Matt Fagnani <matt.fagnani>
Component: wayland-genericAssignee: KWin default assignee <kwin-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: ale.aparicio2000, nate
Priority: NOR Keywords: qt6
Version First Reported In: 5.90.0   
Target Milestone: ---   
Platform: Fedora RPMs   
OS: Linux   
Latest Commit: https://invent.kde.org/plasma/kwin/-/commit/cb3dadf283fd7952a649b6d079ba244b74fd2bec Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: New crash information added by DrKonqi

Description Matt Fagnani 2023-12-22 04:36:07 UTC 
SUMMARY

I booted the Fedora Rawhide/40 KDE Plasma live image Fedora-KDE-Live-x86_64-Rawhide-20231220.n.0.iso in a QEMU/KVM VM using GNOME Boxes with 3D acceleration disabled using the llvmpipe driver from mesa 23.3.1. Plasma 5.90.0 on Wayland started. I started Konsole. I tried to run a nested kwin_wayland session using the instructions at https://community.kde.org/KWin/Wayland
export $(dbus-launch)
kwin_wayland --xwayland 

The nested kwin_wayland window didn't appear. The following output was in Konsole which showed a Permission denied error and a segmentation fault of kwin_wayland.

kwin_wayland --xwayland
No backend specified, automatically choosing Wayland because WAYLAND_DISPLAY is set
unable to lock lockfile /run/user/1000/wayland-0.lock, maybe another compositor is running
kwin_core: Parse error in tiles configuration for monitor "7fb8c463-c102-5440-8fb7-5253b26b5d9c" : "illegal value" Creating default setup
OpenGL vendor string:                   Mesa
OpenGL renderer string:                 llvmpipe (LLVM 17.0.6, 256 bits)
OpenGL version string:                  4.5 (Core Profile) Mesa 23.3.1
OpenGL shading language version string: 4.50
Driver:                                 LLVMpipe
GPU class:                              Unknown
OpenGL version:                         4.5
GLSL version:                           4.50
Mesa version:                           23.3.1
Requires strict binding:                no
Virtual Machine:                        no
Timer query support:                    yes
KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Permission denied
Segmentation fault (core dumped)

The nested kwin_wayland crashed in QArrayDataPointer<std::shared_ptr<KWin::EglSwapchainSlot> >::constEnd. The crash might've been due to a null pointer dereference since this=0x0 in KWin::EglSwapchain::acquire in frame 2.

Core was generated by `kwin_wayland --xwayland'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fe3776caece in QArrayDataPointer<std::shared_ptr<KWin::EglSwapchainSlot> >::constEnd (this=<optimized out>)
    at /usr/include/qt6/QtCore/qarraydatapointer.h:121

warning: 121    /usr/include/qt6/QtCore/qarraydatapointer.h: No such file or directory
[Current thread is 1 (Thread 0x7fe3763ff000 (LWP 3019))]
 (gdb) bt
#0  0x00007fe3776caece in QArrayDataPointer<std::shared_ptr<KWin::EglSwapchainSlot> >::constEnd (this=<optimized out>)
    at /usr/include/qt6/QtCore/qarraydatapointer.h:121
#1  QList<std::shared_ptr<KWin::EglSwapchainSlot> >::end (this=<optimized out>) at /usr/include/qt6/QtCore/qlist.h:612
#2  KWin::EglSwapchain::acquire (this=0x0) at /usr/src/debug/kwin-5.90.0-3.fc40.x86_64/src/platformsupport/scenes/opengl/eglswapchain.cpp:103
#3  0x00007fe3776a7b13 in KWin::Wayland::WaylandEglCursorLayer::beginFrame (this=0x5557d102aa60) at /usr/include/c++/13/bits/shared_ptr_base.h:1665
#4  0x00007fe37740822a in operator() (__closure=<synthetic pointer>) at /usr/src/debug/kwin-5.90.0-3.fc40.x86_64/src/compositor_wayland.cpp:301
#5  operator() (__closure=__closure@entry=0x7fff40893770) at /usr/src/debug/kwin-5.90.0-3.fc40.x86_64/src/compositor_wayland.cpp:321
#6  0x00007fe37740895e in KWin::WaylandCompositor::addOutput (this=this@entry=0x5557d0f77fe0, output=0x5557d0dedd00)
    at /usr/src/debug/kwin-5.90.0-3.fc40.x86_64/src/compositor_wayland.cpp:355
#7  0x00007fe377408dff in KWin::WaylandCompositor::start (this=0x5557d0f77fe0) at /usr/src/debug/kwin-5.90.0-3.fc40.x86_64/src/compositor_wayland.cpp:188
#8  0x00007fe3747f3827 in QObject::event (this=0x5557d0f77fe0, e=0x5557d0f78340) at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qobject.cpp:1437
#9  0x00007fe375bc3168 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib64/libQt6Widgets.so.6
#10 0x00007fe3747a0e08 in QCoreApplication::notifyInternal2 (receiver=0x5557d0f77fe0, event=0x5557d0f78340)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1121
#11 0x00007fe3747a100d in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1539
#12 0x00007fe3747a4d05 in QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=data@entry=0x5557d0d95dc0)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1901
#13 0x00007fe37494b786 in QEventDispatcherUNIX::processEvents (this=0x5557d0da4910, flags=...)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qeventdispatcher_unix.cpp:432
#14 0x00007fe375540e42 in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQt6Gui.so.6
#15 0x00007fe3747adbcb in QEventLoop::exec (this=this@entry=0x7fff40893c60, flags=..., flags@entry=...)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/global/qflags.h:34
#16 0x00007fe3747a99cd in QCoreApplication::exec () at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/global/qflags.h:74
#17 0x00005557cf142dd4 in main ()

This problem happened 2/2 times I tried to run a nested kwin_wayland session in a VM using the llvmpipe driver. Nested kwin_wayland started normally in VMs with the same image using 3D acceleration enabled using the virgl mesa driver. The problem might be specific to the use of llvmpipe in a VM.

STEPS TO REPRODUCE
1. Boot a Fedora 39 KDE Plasma installation updated to 2023-12-21 with updates-testing enabled
2. Log in to Plasma 5.27.10 on Wayland
3. Start Konsole
4. Install GNOME Boxes if it isn't already with sudo dnf install gnome-boxes
5. Download Fedora-KDE-Live-x86_64-Rawhide-20231220.n.0.iso from https://koji.fedoraproject.org/koji/buildinfo?buildID=2335875
6. Start GNOME Boxes
7. Boot Fedora-KDE-Live-x86_64-Rawhide-20231220.n.0.iso in a GNOME Boxes QEMU/KVM VM with 3 GiB RAM, UEFI enabled, and 3D acceleration disabled
8. To work around https://bugs.kde.org/show_bug.cgi?id=477643, switch to VT2 in GNOME boxes via the keyboard menu Ctrl+Alt+F2 and back to VT1 with Ctrl+Alt+F1 after the Plasma 5.90.0 splash screen is shown for several seconds
9. Start Konsole
10. In Konsole, run 
export $(dbus-launch)
kwin_wayland --xwayland 

OBSERVED RESULT
Nested kwin_wayland 5.90.0 crashed in QArrayDataPointer<std::shared_ptr<KWin::EglSwapchainSlot> >::constEnd in VMs using the llvmpipe driver

EXPECTED RESULT
Nested kwin_wayland shouldn't have crashed

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora Rawhide/40
(available in About System)
KDE Plasma Version: 5.90.0
KDE Frameworks Version: 5.246.0
Qt Version: 6.6.1

ADDITIONAL INFORMATION
This problem is like that at https://bugs.kde.org/show_bug.cgi?id=466281 but had a different trace.
Comment 1 Ale 2023-12-27 17:59:25 UTC 
Created attachment 164486 [details]
New crash information added by DrKonqi

kwin_x11 (5.27.10) using Qt 5.15.11

Duplicate of this bug, I reported both bugs

-- Backtrace (Reduced):
#7  0x00007fd6eeebb51f in qt_message_fatal (message=<synthetic pointer>..., context=...) at global/qlogging.cpp:1919
#8  QMessageLogger::fatal (this=this@entry=0x7fd6d35ba6b0, msg=msg@entry=0x7fd6f0cf7dc8 "Freeze in OpenGL initialization detected") at global/qlogging.cpp:898
#9  0x00007fd6f09c452d in operator() (__closure=<optimized out>) at /usr/src/debug/kwin-5.27.10/src/composite.cpp:1138
#12 QtPrivate::QFunctorSlotObject<KWin::X11Compositor::createOpenGLSafePoint(KWin::Compositor::OpenGLSafePoint)::<lambda()>, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=<optimized out>, this_=<optimized out>, r=<optimized out>, a=<optimized out>, ret=<optimized out>) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:443
#13 0x00007fd6ef125442 in QtPrivate::QSlotObjectBase::call (a=0x7fd6d35ba7f0, r=0x55c5009bfc90, this=0x55c500afa400) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
Comment 2 Bug Janitor Service 2024-02-22 15:13:43 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/5276
Comment 3 Vlad Zahorodnii 2024-02-22 15:24:30 UTC 
Git commit bb354de90e4b5ddcab6efd21144b4c9acb71b006 by Vlad Zahorodnii.
Committed on 22/02/2024 at 15:12.
Pushed by vladz into branch 'master'.

backends/wayland: Guard against failing to create EGLSwapchain

M  +7    -0    src/backends/wayland/wayland_egl_backend.cpp

https://invent.kde.org/plasma/kwin/-/commit/bb354de90e4b5ddcab6efd21144b4c9acb71b006
Comment 4 Vlad Zahorodnii 2024-02-22 15:35:10 UTC 
Git commit cb3dadf283fd7952a649b6d079ba244b74fd2bec by Vlad Zahorodnii.
Committed on 22/02/2024 at 15:25.
Pushed by vladz into branch 'Plasma/6.0'.

backends/wayland: Guard against failing to create EGLSwapchain


(cherry picked from commit bb354de90e4b5ddcab6efd21144b4c9acb71b006)

M  +7    -0    src/backends/wayland/wayland_egl_backend.cpp

https://invent.kde.org/plasma/kwin/-/commit/cb3dadf283fd7952a649b6d079ba244b74fd2bec