Bug 488713

Summary: kwin_wayland crashes in QCoreApplication::notifyInternal2(QObject*, QEvent*) - multiple times per week
Product: [Plasma] kwin Reporter: Martin <mars+kde>
Component: generic-crashAssignee: KWin default assignee <kwin-bugs-null>
Status: REPORTED ---    
Severity: crash CC: arcadiy, dashonwwIII, el, madLyfe, margotta.fabrizio, n, nate, ptkato.irl, twelho
Priority: NOR    
Version: 6.1.90   
Target Milestone: ---   
Platform: Fedora RPMs   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report: https://crash-reports.kde.org/organizations/kde/issues/37760/events/d441fdec22bc444d9b0ca8a37ff6529e/
Attachments: Full crash dump info
Support info - HP
Support info - Lenovo
Stack trace
Core dump printout

Description Martin 2024-06-19 07:29:38 UTC 
***
If you're not sure this is actually a bug, instead post about it at https://discuss.kde.org

If you're reporting a crash, attach a backtrace with debug symbols; see https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports
***

SUMMARY

Almost every day kwin_wayland crashes for me. I do not know what reproduces it, it happened while I was using the computer, while it was idle, at day, overnight, etc..

I have seen it on two different computers:

A HP desktop with a single HDMI monitor and a DisplayPort drawing tablet and old Radeon RX 550 GPU
Lenovo X1 gen 6 with Intel GPU

TIME                            PID   UID   GID SIG     COREFILE EXE                        SIZE
Thu 2024-06-13 09:27:41 CEST   2071 12135 12135 SIGSEGV present  /usr/bin/kwin_wayland     21.4M
Fri 2024-06-14 09:28:59 CEST 169041 12135 12135 SIGSEGV present  /usr/bin/kwin_wayland     29.2M
Wed 2024-06-19 08:37:15 CEST 363790 12135 12135 SIGSEGV present  /usr/bin/kwin_wayland     32.2M

and

TIME                            PID  UID  GID SIG     COREFILE EXE                                                                                         SIZE
Thu 2024-06-06 08:27:15 CEST   1915 1000 1000 SIGSEGV present  /usr/bin/kwin_wayland                                                                      21.2M
Sat 2024-06-08 13:16:30 CEST   1836 1000 1000 SIGSEGV present  /usr/bin/kwin_wayland                                                                      16.6M
Mon 2024-06-10 19:33:39 CEST  53871 1000 1000 SIGSEGV present  /usr/bin/kwin_wayland                                                                      18.4M
Tue 2024-06-11 19:53:09 CEST   1878 1000 1000 SIGSEGV present  /usr/bin/kwin_wayland                                                                      22.8M                                                               98.6M
Thu 2024-06-13 07:19:16 CEST   1954 1000 1000 SIGSEGV present  /usr/bin/kwin_wayland                                                                      22.0M
Fri 2024-06-14 16:57:38 CEST 115161 1000 1000 SIGSEGV present  /usr/bin/kwin_wayland                                                                      19.2M
Sun 2024-06-16 09:34:01 CEST   1949 1000 1000 SIGSEGV present  /usr/bin/kwin_wayland                                                                      26.7M
Tue 2024-06-18 09:40:43 CEST   1889 1000 1000 SIGSEGV present  /usr/bin/kwin_wayland                                                                      21.5M


The crash always kills all my wayland apps except Konsole. Krita and Firefox crash in 100% cases where this happens.

The traceback is always the same:

                Stack trace of thread 1889:
                #0  0x00007fea9b395a11 _ZN16QCoreApplication15notifyInternal2EP7QObjectP6QEvent (libQt6Core.so.6 + 0x195a11)
                #1  0x00007fea9b54e097 _ZN14QTimerInfoList14activateTimersEv (libQt6Core.so.6 + 0x34e097)
                #2  0x00007fea9b5525cb _ZN20QEventDispatcherUNIX13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE (libQt6Core.so.6 + 0x3525cb)
                #3  0x00007fea9c154e12 _ZN23QUnixEventDispatcherQPA13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE (libQt6Gui.so.6 + 0x754e12)
                #4  0x00007fea9b3a2713 _ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE (libQt6Core.so.6 + 0x1a2713)
                #5  0x00007fea9b39e69c _ZN16QCoreApplication4execEv (libQt6Core.so.6 + 0x19e69c)
                #6  0x0000559e4192bd09 main (kwin_wayland + 0x44d09)
                #7  0x00007fea9ac3d088 __libc_start_call_main (libc.so.6 + 0x2a088)
                #8  0x00007fea9ac3d14b __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x2a14b)
                #9  0x0000559e41931c95 _start (kwin_wayland + 0x4ac95)

I will attach the full coredump info file too.

STEPS TO REPRODUCE
1. Unknown, but happens too often
2. 
3. 

OBSERVED RESULT

kwin_wayland crashes and takes the whole desktop with it.

EXPECTED RESULT

No crashes.

SOFTWARE/OS VERSIONS

Operating System: Fedora Linux 40
KDE Plasma Version: 6.0.5
KDE Frameworks Version: 6.3.0
Qt Version: 6.7.1
Kernel Version: 6.8.11-300.fc40.x86_64 (64-bit)
Graphics Platform: Wayland
Processors: 8 × 11th Gen Intel® Core™ i7-1185G7 @ 3.00GHz
Memory: 31.0 GiB of RAM
Graphics Processor: Mesa Intel® Xe Graphics
Manufacturer: LENOVO
Product Name: 20XXS3HC2F
System Version: ThinkPad X1 Carbon Gen 9 

ADDITIONAL INFORMATION
Comment 1 Martin 2024-06-19 07:31:39 UTC 
Created attachment 170625 [details]
Full crash dump info
Comment 2 Martin 2024-06-19 07:38:32 UTC 
Created attachment 170626 [details]
Support info - HP
Comment 3 Martin 2024-06-19 07:38:52 UTC 
Created attachment 170627 [details]
Support info - Lenovo
Comment 4 Martin 2024-06-22 16:22:53 UTC 
I have some additional info.

It reproduced on 6.1.0 (Fedora Kinoite).

Operating System: Fedora Linux 40
KDE Plasma Version: 6.1.0
KDE Frameworks Version: 6.3.0
Qt Version: 6.7.1
Kernel Version: 6.9.4-200.fc40.x86_64 (64-bit)
Graphics Platform: Wayland
Processors: 12 × AMD Ryzen 5 PRO 4650G with Radeon Graphics
Memory: 125.1 GiB of RAM
Graphics Processor: AMD Radeon RX 550 / 550 Series
Manufacturer: HP
Product Name: HP EliteDesk 805 G6 Small Form Factor PC

What is interesting is that the desktop crashed when nobody was at the keyboard and there is nothing in the debug log at all.

This is the output of my `journalctl --user --unit plasma-kwin_wayland.service -b -1 -r`

jun 22 09:35:37 hpelite systemd-coredump[164642]: [🡕] Process 1879 (kwin_wayland) of user 1000 dumped core. (before I woke up today..)
Jun 21 22:46:23 hpelite kscreenlocker_greet[130205]: kf.svg: findInCache with a lastModified timestamp of 0 is deprecated
.... repeats a lot ....
Jun 21 22:46:23 hpelite kscreenlocker_greet[130205]: kf.svg: findInCache with a lastModified timestamp of 0 is deprecated
Jun 21 22:46:23 hpelite kscreenlocker_greet[130205]: virtual QStringList Solid::Backends::UPower::UPowerManager::allDevices()  error:  "org.freedesktop.DBus.Error.NameHasNoOwner"
Jun 21 22:41:05 hpelite kwin_wayland[1879]: kwin_libinput: Libinput: event5  - debounce state: DEBOUNCE_STATE_IS_UP_WAITING → DEBOUNCE_EVENT_TIMEOUT → DEBOUNCE_STATE_IS_UP (this is my lock screen time)
Comment 5 Martin 2024-06-27 15:37:46 UTC 
I tried to do a bit of digging via gdb and this looks like a nicer trace:

[Current thread is 1 (Thread 0x7fdbee14bb00 (LWP 1798))]
(gdb) bt
#0  0x00007fdbf4795a11 in std::__atomic_base<QThreadData*>::load (this=0x58, __m=std::memory_order_acquire) at /usr/include/c++/14/bits/atomic_base.h:831
#1  std::atomic<QThreadData*>::load (this=0x58, __m=std::memory_order_acquire) at /usr/include/c++/14/atomic:582
#2  QAtomicOps<QThreadData*>::loadAcquire<QThreadData*> (_q_value=...) at /usr/src/debug/qt6-qtbase-6.7.1-2.fc40.x86_64/src/corelib/thread/qatomic_cxx11.h:214
#3  QBasicAtomicPointer<QThreadData>::loadAcquire (this=0x58) at /usr/src/debug/qt6-qtbase-6.7.1-2.fc40.x86_64/src/corelib/thread/qbasicatomic.h:177
#4  QCoreApplication::notifyInternal2 (receiver=0x563bceb5c840, event=0x7ffd8564c4c0) at /usr/src/debug/qt6-qtbase-6.7.1-2.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1125
#5  0x00007fdbf4795d7d in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.7.1-2.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1575
#6  0x00007fdbf494e097 in QTimerInfoList::activateTimers (this=this@entry=0x563bcb7ed978) at /usr/src/debug/qt6-qtbase-6.7.1-2.fc40.x86_64/src/corelib/kernel/qtimerinfo_unix.cpp:434
#7  0x00007fdbf49503c0 in QEventDispatcherUNIXPrivate::activateTimers (this=this@entry=0x563bcb7ed8a0)
    at /usr/src/debug/qt6-qtbase-6.7.1-2.fc40.x86_64/src/corelib/kernel/qeventdispatcher_unix.cpp:196
#8  0x00007fdbf49525cb in QEventDispatcherUNIX::processEvents (this=<optimized out>, flags=...) at /usr/src/debug/qt6-qtbase-6.7.1-2.fc40.x86_64/src/corelib/kernel/qeventdispatcher_unix.cpp:472
#9  0x00007fdbf5554e12 in QUnixEventDispatcherQPA::processEvents (this=<optimized out>, flags=...)
    at /usr/src/debug/qt6-qtbase-6.7.1-2.fc40.x86_64/src/gui/platform/unix/qunixeventdispatcher.cpp:27
#10 0x00007fdbf47a2713 in QEventLoop::exec (this=this@entry=0x7ffd8564c690, flags=..., flags@entry=...) at /usr/src/debug/qt6-qtbase-6.7.1-2.fc40.x86_64/src/corelib/global/qflags.h:34
#11 0x00007fdbf479e69c in QCoreApplication::exec () at /usr/src/debug/qt6-qtbase-6.7.1-2.fc40.x86_64/src/corelib/global/qflags.h:74
#12 0x00007fdbf4fd53dd in QGuiApplication::exec () at /usr/src/debug/qt6-qtbase-6.7.1-2.fc40.x86_64/src/gui/kernel/qguiapplication.cpp:1926
#13 0x00007fdbf5b8b0d9 in QApplication::exec () at /usr/src/debug/qt6-qtbase-6.7.1-2.fc40.x86_64/src/widgets/kernel/qapplication.cpp:2555
#14 0x0000563bc436c215 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kwin-6.1.0-3.fc40.x86_64/src/main_wayland.cpp:641
Comment 6 Martin 2024-06-27 15:50:59 UTC 
And looking at the Qt part of the trace, it looks like the error is here:

#4  QCoreApplication::notifyInternal2 (receiver=0x563bceb5c840, event=0x7ffd8564c4c0) at /usr/src/debug/qt6-qtbase-6.7.1-2.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1125

1120        // Qt enforces the rule that events can only be sent to objects in
1121        // the current thread, so receiver->d_func()->threadData is
1122        // equivalent to QThreadData::current(), just without the function
1123        // call overhead.
1124        QObjectPrivate *d = receiver->d_func();
1125        QThreadData *threadData = d->threadData.loadAcquire();


(gdb) p receiver
$3 = (QObject *) 0x563bceb5c840
(gdb) p d
$4 = (QObjectPrivate *) 0x0

QObjectPrivate is NULL!
Comment 7 Martin 2024-06-27 16:06:01 UTC 
It is a (once per day?) timer event

(gdb) p *currentTimerInfo
$17 = {timeout = {__d = {__r = 227723000000000}}, interval = {__r = 86400000}, id = 24, timerType = Qt::VeryCoarseTimer, obj = 0x563bceb5c840, activateRef = 0x7ffd8564c4b8}

Trying to reach

(gdb) p *currentTimerInfo->obj
$23 = {_vptr.QObject = 0x0, static staticMetaObject = {d = {superdata = {direct = 0x0}, stringdata = 0x7fdbf4ad2be0 <(anonymous namespace)::qt_meta_stringdata_CLASSQObjectENDCLASS>, 
      data = 0x7fdbf4ad2ac0 <qt_meta_data_CLASSQObjectENDCLASS>, static_metacall = 0x7fdbf47f7bc0 <QObject::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, 
      relatedMetaObjects = 0x0, 
      metaTypes = 0x7fdbf4c81a60 <qt_incomplete_metaTypeArray<(anonymous namespace)::qt_meta_stringdata_CLASSQObjectENDCLASS_t, QtPrivate::TypeAndForceComplete<QString, std::integral_constant<bool, true> >, QtPrivate::TypeAndForceComplete<QObject, std::integral_constant<bool, true> >, QtPrivate::TypeAndForceComplete<void, std::integral_constant<bool, false> >, QtPrivate::TypeAndForceComplete<QObject*, std::integral_constant<bool, false> >, QtPrivate::TypeAndForceComplete<void, std::integral_constant<bool, false> >, QtPrivate::TypeAndForceComplete<void, std::integral_constant<bool, false> >, QtPrivate::TypeAndForceComplete<QString const&, std::integral_constant<bool, false> >, QtPrivate::TypeAndForceComplete<void, std::integral_constant<bool, false> >, QtPrivate::TypeAndForceComplete<QObject*, std::integral_constant<bool, false> > >>, extradata = 0x0}}, d_ptr = {d = 0x0}}

With d_ptr set to NULL.

This is probably as far as I can get without additional guidance.
Comment 8 Martin 2024-06-27 16:07:27 UTC 
This is also still happening on Plasma 6.1.1

Operating System: Fedora Linux 40
KDE Plasma Version: 6.1.1
KDE Frameworks Version: 6.3.0
Qt Version: 6.7.1
Kernel Version: 6.9.5-200.fc40.x86_64 (64-bit)
Graphics Platform: Wayland
Processors: 12 × AMD Ryzen 5 PRO 4650G with Radeon Graphics
Memory: 125.1 GiB of RAM
Graphics Processor: AMD Radeon RX 550 / 550 Series
Manufacturer: HP
Product Name: HP EliteDesk 805 G6 Small Form Factor PC
Comment 9 Blair Noctis 2024-06-29 09:38:25 UTC 
Also happens here. Since it's a timer event not triggered by the user, I can't give much info.

Operating System: Fedora Linux 40
KDE Plasma Version: 6.1.1
KDE Frameworks Version: 6.3.0
Qt Version: 6.7.1
Kernel Version: 6.9.5-200.fc40.x86_64 (64-bit)
Graphics Platform: Wayland
Processors: 12 × Intel® Core™ i7-9750H CPU @ 2.60GHz
Memory: 62.5 GiB of RAM
Graphics Processor: Mesa Intel® UHD Graphics 630
Manufacturer: Intel(R) Client Systems
Product Name: NUC9i7QNX
System Version: K49244-405
Comment 10 famar 2024-07-03 05:35:18 UTC 
I have the same issue. In my case it is triggered when I unplug my USB-C Docking Station.

Operating System: Arch Linux 
KDE Plasma Version: 6.1.1
KDE Frameworks Version: 6.3.0
Qt Version: 6.7.2
Kernel Version: 6.9.7-arch1-1 (64-bit)
Graphics Platform: Wayland
Processors: 8 × Intel® Core™ i7-7700HQ CPU @ 2.80GHz
Memory: 31,2 GiB of RAM
Graphics Processor: Mesa Intel® HD Graphics 630
Manufacturer: Dell Inc.
Product Name: XPS 15 9560
Comment 11 famar 2024-07-03 05:46:33 UTC 
Created attachment 171319 [details]
Stack trace
Comment 12 David Edmundson 2024-07-03 06:07:43 UTC 
*** Bug 489410 has been marked as a duplicate of this bug. ***
Comment 13 David Edmundson 2024-07-12 12:30:40 UTC 
*** Bug 488756 has been marked as a duplicate of this bug. ***
Comment 14 Blair Noctis 2024-07-24 13:06:10 UTC 
FWIW: updated to 6.1.3 a few days ago, haven't crashed so far. Might be a problem in Qt that got fixed in-between, anyway, glad to see it solved.
Comment 15 Dashon 2024-07-24 14:02:41 UTC 
(In reply to Blair Noctis from comment #14)
> FWIW: updated to 6.1.3 a few days ago, haven't crashed so far. Might be a
> problem in Qt that got fixed in-between, anyway, glad to see it solved.

There haven't been any Qt updates though. Anyways, still happening for me on Arch Plasma 6.1.3.
Comment 16 Blair Noctis 2024-07-24 17:02:12 UTC 
(In reply to Dashon from comment #15)
> (In reply to Blair Noctis from comment #14)
> > FWIW: updated to 6.1.3 a few days ago, haven't crashed so far. Might be a
> > problem in Qt that got fixed in-between, anyway, glad to see it solved.
> 
> There haven't been any Qt updates though. Anyways, still happening for me on
> Arch Plasma 6.1.3.

.. And I cheered too early. 5 hours after this update it crashed again. Ugh. Sorry for the noise.
Comment 17 Arcadiy Ivanov 2024-08-26 02:39:38 UTC 
Same here, except crashes are random and infrequent but annoying. No particular usage seems to be the cause.
Have been submitting crash reports as well.
Comment 18 Arcadiy Ivanov 2024-08-26 02:40:29 UTC 
```
(gdb) bt
#0  0x00007f6e64d96cc1 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /lib64/libQt6Core.so.6
#1  0x00007f6e64f52a47 in QTimerInfoList::activateTimers() () at /lib64/libQt6Core.so.6
#2  0x00007f6e64f5701b in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /lib64/libQt6Core.so.6
#3  0x00007f6e65b63392 in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /lib64/libQt6Gui.so.6
#4  0x00007f6e64da3b03 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /lib64/libQt6Core.so.6
#5  0x00007f6e64d9f9bc in QCoreApplication::exec() () at /lib64/libQt6Core.so.6
#6  0x000055a3a99cd3a1 in main ()
```
Comment 19 Arcadiy Ivanov 2024-08-26 02:45:29 UTC 
Created attachment 172957 [details]
Core dump printout
Comment 20 Arcadiy Ivanov 2024-08-26 04:48:11 UTC 
How do I attach a core dump? 4MB is too small of a limit for that.
Comment 21 Zamundaaa 2024-09-05 13:24:20 UTC 
*** Bug 492044 has been marked as a duplicate of this bug. ***
Comment 22 Dennis Marttinen 2024-09-15 20:40:28 UTC 
Also encountering this consistently at least once per week. Most often when mousing around, but have also observed kwin_wayland just crashing out of nowhere when AFK on the lockscreen. Happens with both laptop monitor and external screens. Sometimes (but not always) the crash is accompanied by dmesg entries that look as follows:

[82181.619886] i915 0000:00:02.0: [drm] *ERROR* Atomic update failure on pipe A (start=156648 end=156649) time 250 us, min 1192, max 1199, scanline start 1189, end 1208

This seems to happen regardless of the VT-d setting in BIOS. I have attempted to collect a backtrace multiple times, but so far /tmp has always been too small (the crash fills it with over 30 GiB of data!) or the corefile instantly becomes "inaccessible" according to coredumpctl.

If it helps with the diagnosis, the system is hibernated between sessions, leading (ideally) to long uptimes...

Operating System: Fedora Linux 40 (Kinoite)
KDE Plasma Version: 6.1.4
KDE Frameworks Version: 6.5.0
Qt Version: 6.7.2
Kernel Version: 6.10.9-cb1.0.fc40.x86_64 (64-bit)
Graphics Platform: Wayland
Processors: 8 × Intel® Core™ i5-8365U CPU @ 1.60GHz
Memory: 31,1 GiB of RAM
Graphics Processor: Mesa Intel® UHD Graphics 620
Manufacturer: LENOVO
System Version: ThinkPad T490
Comment 23 Dashon 2024-09-19 09:15:56 UTC 
I've been beta testing plasma 6.2 and the issue is till present, so bumping the affected version number.