Bug 500161

Summary: KWin Debug Console crashes KWin in KWin::SurfacePixmap::setBuffer() with certain scaling percentages
Product: [Plasma] kwin Reporter: madness742
Component: generalAssignee: KWin default assignee <kwin-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: bugs.kde.org, nate
Priority: NOR Keywords: drkonqi
Version First Reported In: 6.3.0   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: https://invent.kde.org/plasma/kwin/-/commit/839a29a2f8719e4c4b55b43142c666b34a7a0f3a Version Fixed/Implemented In: 6.3.2
Sentry Crash Report: https://crash-reports.kde.org/organizations/kde/issues/133897/events/454e4bd5f8794f3a80939ca4cb04889b/
Attachments: New crash information added by DrKonqi

Description madness742 2025-02-16 04:30:25 UTC 
Application: kwin_wayland (6.3.0)

ApplicationNotResponding [ANR]: false
Qt Version: 6.8.2
Frameworks Version: 6.10.0
Operating System: Linux 6.13.2-arch1-1 x86_64
Windowing System: Wayland
Distribution: Arch Linux
DrKonqi: 6.3.0 [CoredumpBackend]

-- Information about the crash:
When opening "Kwin Debug Console", through krunner or the start menu, it will crash my entire desktop. This happens with certain per monitor scaling combinations. It also matters on which screen I start KWin Debug Console from. It crashes the desktop when started on my primary monitor, but not when started on my secondary monitor.

I am also unable to move the KWin Debug Console between the two monitors once I start adjusting the scaling percentages.

In the following scenario I can reliably reproduce a crash:
Monitor 1: 2560x1440 (125% scaling, primary)
Monitor 2: 3840x2160 (175% scaling, 90 degrees clockwise, left of monitor 1)

However, when I set the scaling of monitor 2 to 185%, it doesn't crash anymore.

Tested and reproducable with a fresh install of Arch Linux, and also on freshly updated Fedora 41 install.

GPU: AMD Radeon RX 7900 XTX 
Mesa: 24.3.4-1

The crash can be reproduced every time.

-- Backtrace (Reduced):
#6  0x0000724d7f0e0f01 in KWin::SurfacePixmap::setBuffer (this=0x5912309ec1a0, buffer=0x5912309e89d0) at /usr/src/debug/kwin/kwin-6.3.0/src/scene/surfaceitem.cpp:319
#7  KWin::SurfacePixmap::setBuffer (this=this@entry=0x5912309ec1a0, buffer=0x5912309e89d0) at /usr/src/debug/kwin/kwin-6.3.0/src/scene/surfaceitem.cpp:312
#8  0x0000724d7f0e1590 in KWin::SurfacePixmapInternal::update (this=0x5912309ec1a0) at /usr/src/debug/kwin/kwin-6.3.0/src/scene/surfaceitem_internal.cpp:63
#9  0x0000724d7f0df033 in KWin::SurfaceItem::updatePixmap (this=this@entry=0x59123163e870) at /usr/src/debug/kwin/kwin-6.3.0/src/scene/surfaceitem.cpp:190
#10 0x0000724d7f0df117 in KWin::SurfaceItem::preprocess (this=0x59123163e870) at /usr/src/debug/kwin/kwin-6.3.0/src/scene/surfaceitem.cpp:218


Reported using DrKonqi
Comment 1 madness742 2025-02-16 04:30:26 UTC 
Created attachment 178420 [details]
New crash information added by DrKonqi

DrKonqi auto-attaching complete backtrace.
Comment 2 Vlad Zahorodnii 2025-02-17 11:08:05 UTC 
Does kwin crash if you have one output?

I tried setting that scale factor, but kwin doesn't crash for me
Comment 3 Vlad Zahorodnii 2025-02-17 11:08:53 UTC 
also, what's your output layout? 

   qdbus org.kde.KWin /KWin supportInformation
Comment 4 Vlad Zahorodnii 2025-02-17 11:13:35 UTC 
(In reply to Vlad Zahorodnii from comment #2)
> Does kwin crash if you have one output?
> 
> I tried setting that scale factor, but kwin doesn't crash for me

Ah, nvm.
Comment 5 Bug Janitor Service 2025-02-17 16:28:39 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/7172
Comment 6 Vlad Zahorodnii 2025-02-18 00:12:30 UTC 
Git commit 324852e91b3692a1f528d81f67ca35d063c84960 by Vlad Zahorodnii.
Committed on 18/02/2025 at 00:00.
Pushed by vladz into branch 'master'.

Fix GraphicsBuffer tracking in InternalWindow

If markAsMapped() is called, the window may be resized, for example due
to window placement. If that happens, the QWindow may repaint itself
immediately and potentially drop the swapchain; it all will occur
recursively in markAsMapped(). If there is a nested present(), i.e.
present() -> markAsMapped() -> present(), the graphics buffer reference
in the outer present() can be invalid

   markAsMapped();

   m_graphicsBufferREf = frame.buffer; // frame.buffer can be deleted now

In order to prevent accessing destroyed graphics buffers, this change
makes the mark as mapped step last. As a long term measure, we need to
reconsider how geometry updates flow.
SENTRY: KWIN-8FZ

M  +3    -1    src/internalwindow.cpp

https://invent.kde.org/plasma/kwin/-/commit/324852e91b3692a1f528d81f67ca35d063c84960
Comment 7 Vlad Zahorodnii 2025-02-18 01:32:48 UTC 
Git commit 839a29a2f8719e4c4b55b43142c666b34a7a0f3a by Vlad Zahorodnii.
Committed on 18/02/2025 at 01:04.
Pushed by vladz into branch 'Plasma/6.3'.

Fix GraphicsBuffer tracking in InternalWindow

If markAsMapped() is called, the window may be resized, for example due
to window placement. If that happens, the QWindow may repaint itself
immediately and potentially drop the swapchain; it all will occur
recursively in markAsMapped(). If there is a nested present(), i.e.
present() -> markAsMapped() -> present(), the graphics buffer reference
in the outer present() can be invalid

   markAsMapped();

   m_graphicsBufferREf = frame.buffer; // frame.buffer can be deleted now

In order to prevent accessing destroyed graphics buffers, this change
makes the mark as mapped step last. As a long term measure, we need to
reconsider how geometry updates flow.
SENTRY: KWIN-8FZ
(cherry picked from commit 324852e91b3692a1f528d81f67ca35d063c84960)

M  +6    -2    src/internalwindow.cpp

https://invent.kde.org/plasma/kwin/-/commit/839a29a2f8719e4c4b55b43142c666b34a7a0f3a
Comment 8 Nate Graham 2025-03-07 20:05:44 UTC 
*** Bug 501193 has been marked as a duplicate of this bug. ***