Bug 500310

Summary: Crash on startup in kwin's KWin::Window::checkWorkspacePosition on 6.3.x branch
Product: [Plasma] kwin Reporter: Sam James <sam>
Component: coreAssignee: KWin default assignee <kwin-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: kacper.slominski72, nate
Priority: NOR    
Version First Reported In: git-stable-Plasma/6.3   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
See Also: https://bugs.kde.org/show_bug.cgi?id=500319
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118923
Latest Commit: Version Fixed In: 6.3.2
Sentry Crash Report:

Description Sam James 2025-02-18 11:48:37 UTC
SUMMARY

kwin crashes on startup when built from the 6.3.x branch. A build from 2 days ago was fine.

SOFTWARE/OS VERSIONS

Operating System: Gentoo 2.17
KDE Plasma Version: 6.3.1
KDE Frameworks Version: 6.11.0
Qt Version: 6.8.2
Kernel Version: 6.13.3-gentoo-dist-hardened (64-bit)
Graphics Platform: Wayland
Processors: 16 × AMD Ryzen 9 PRO 7940HS w/ Radeon 780M Graphics
Memory: 61.4 GiB of RAM
Graphics Processor 1: AMD Radeon 780M
Graphics Processor 2: AMD Radeon RX 6550M

ADDITIONAL INFORMATION

```
#0  __pthread_kill_implementation (threadid=139689629145600, signo=11, no_tid=0) at pthread_kill.c:44
#1  __pthread_kill_internal (threadid=139689629145600, signo=11) at pthread_kill.c:89
#2  __GI___pthread_kill (threadid=139689629145600, signo=signo@entry=11) at pthread_kill.c:100
#3  0x00007f0c0b61fd16 in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26
#4  0x00007f0c0f7e83b0 in KCrash::defaultCrashHandler (sig=11) at /usr/src/debug/kde-frameworks/kcrash-6.11.0/kcrash-6.11.0/src/kcrash.cpp:605
#5  0x00007f0c0b61fe40 in <signal handler called> () at /usr/lib64/libc.so.6
#6  0x0000000000000000 in ??? ()
#7  0x00007f0c0f18e71b in KWin::Window::checkWorkspacePosition (this=<optimized out>, oldGeometry=..., oldDesktop=0x55a3ae80c9b0, oldDesktop@entry=0x0) at /usr/src/debug/kde-plasma/kwin-6.3.49.9999/kwin-6.3.49.9999/src/window.cpp:4021
#8  0x00007f0c0f1c0aa5 in KWin::Workspace::rearrange (this=this@entry=0x55a3ada88420) at /usr/src/debug/kde-plasma/kwin-6.3.49.9999/kwin-6.3.49.9999/src/workspace.cpp:2451
#9  0x00007f0c0f19e939 in KWin::Workspace::addWaylandWindow (this=0x55a3ada88420, window=0x55a3af0dc4e0) at /usr/src/debug/kde-plasma/kwin-6.3.49.9999/kwin-6.3.49.9999/src/workspace.cpp:843
#10 0x00007f0c0c11e24a in QtPrivate::QSlotObjectBase::call (this=0x55a3aea51210, r=<optimized out>, a=0x7ffe7c38ec70) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/corelib/kernel/qobjectdefs_impl.h:486
#11 doActivate<false> (sender=0x55a3ad7c6850, signal_index=3, argv=argv@entry=0x7ffe7c38ec70) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/corelib/kernel/qobject.cpp:4115
#12 0x00007f0c0c0c84c9 in QMetaObject::activate (sender=<optimized out>, m=<optimized out>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffe7c38ec70) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/corelib/kernel/qobject.cpp:4175
#13 0x00007f0c0f16ed93 in KWin::WaylandServer::windowAdded (this=<optimized out>, _t1=<optimized out>) at /usr/src/debug/kde-plasma/kwin-6.3.49.9999/kwin-6.3.49.9999_build/src/kwin_autogen/include/moc_wayland_server.cpp:199
#14 operator() (__closure=<optimized out>) at /usr/src/debug/kde-plasma/kwin-6.3.49.9999/kwin-6.3.49.9999/src/wayland_server.cpp:237
#15 operator() (__closure=<optimized out>) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:141
#16 QtPrivate::FunctorCallBase::call_internal<void, QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, KWin::WaylandServer::registerWindow(KWin::Window*)::<lambda()> >::call(KWin::WaylandServer::registerWindow(KWin::Window*)::<lambda()>&, void**)::<lambda()> > (args=<optimized out>, fn=<optimized out>) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:65
#17 QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, KWin::WaylandServer::registerWindow(KWin::Window*)::<lambda()> >::call (f=<optimized out>, arg=<optimized out>) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:140
#18 QtPrivate::FunctorCallable<KWin::WaylandServer::registerWindow(KWin::Window*)::<lambda()> >::call<QtPrivate::List<>, void> (f=<optimized out>, arg=<optimized out>) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:362
#19 QtPrivate::QCallableObject<KWin::WaylandServer::registerWindow(KWin::Window*)::<lambda()>, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=<optimized out>, this_=<optimized out>, r=<optimized out>, a=<optimized out>, ret=<optimized out>) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:572
#20 0x00007f0c0c11e24a in QtPrivate::QSlotObjectBase::call (this=0x55a3af097ed0, r=<optimized out>, a=0x7ffe7c38ed58) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/corelib/kernel/qobjectdefs_impl.h:486
#21 doActivate<false> (sender=0x55a3af0dc4e0, signal_index=61, argv=0x7ffe7c38ed58) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/corelib/kernel/qobject.cpp:4115
#22 0x00007f0c0c11e24a in QtPrivate::QSlotObjectBase::call (this=0x55a3af0978e0, r=<optimized out>, a=0x7ffe7c38ee68) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/corelib/kernel/qobjectdefs_impl.h:486
#23 doActivate<false> (sender=0x55a3af0b8fd0, signal_index=26, argv=0x7ffe7c38ee68, argv@entry=0x0) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/corelib/kernel/qobject.cpp:4115
#24 0x00007f0c0c0c84c9 in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7f0c0f6bc740 <KWin::SurfaceInterface::staticMetaObject>, local_signal_index=local_signal_index@entry=23, argv=argv@entry=0x0) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/corelib/kernel/qobject.cpp:4175
#25 0x00007f0c0f37838b in KWin::SurfaceInterface::committed (this=<optimized out>) at /usr/src/debug/kde-plasma/kwin-6.3.49.9999/kwin-6.3.49.9999_build/src/kwin_autogen/include/moc_surface.cpp:650
#26 KWin::SurfaceInterfacePrivate::applyState (this=0x55a3af0d5cd0, next=<optimized out>) at /usr/src/debug/kde-plasma/kwin-6.3.49.9999/kwin-6.3.49.9999/src/wayland/surface.cpp:737
#27 0x00007f0c0f3afdb2 in KWin::Transaction::apply (this=0x7f0bbc003d70) at /usr/src/debug/kde-plasma/kwin-6.3.49.9999/kwin-6.3.49.9999/src/wayland/transaction.cpp:229
#28 0x00007f0c0f3baff7 in KWin::Transaction::tryApply (this=<optimized out>) at /usr/src/debug/kde-plasma/kwin-6.3.49.9999/kwin-6.3.49.9999/src/wayland/transaction.cpp:262
#29 KWin::Transaction::unlock (this=<optimized out>) at /usr/src/debug/kde-plasma/kwin-6.3.49.9999/kwin-6.3.49.9999/src/wayland/transaction.cpp:113
#30 operator() (__closure=0x55a3af0ebaf0) at /usr/src/debug/kde-plasma/kwin-6.3.49.9999/kwin-6.3.49.9999/src/wayland/transaction.cpp:51
#31 operator() (__closure=<optimized out>) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:141
#32 QtPrivate::FunctorCallBase::call_internal<void, QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, KWin::TransactionDmaBufLocker::TransactionDmaBufLocker(const KWin::DmaBufAttributes*)::<lambda()> >::call(KWin::TransactionDmaBufLocker::TransactionDmaBufLocker(const KWin::DmaBufAttributes*)::<lambda()>&, void**)::<lambda()> > (args=<optimized out>, fn=<optimized out>) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:65
#33 QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, KWin::TransactionDmaBufLocker::TransactionDmaBufLocker(const KWin::DmaBufAttributes*)::<lambda()> >::call (f=..., arg=<optimized out>) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:140
#34 QtPrivate::FunctorCallable<KWin::TransactionDmaBufLocker::TransactionDmaBufLocker(const KWin::DmaBufAttributes*)::<lambda()> >::call<QtPrivate::List<>, void> (f=..., arg=<optimized out>) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:362
#35 QtPrivate::QCallableObject<KWin::TransactionDmaBufLocker::TransactionDmaBufLocker(const KWin::DmaBufAttributes*)::<lambda()>, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=<optimized out>, this_=0x55a3af0ebae0, r=<optimized out>, a=<optimized out>, ret=<optimized out>) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:572
#36 0x00007f0c0c11e24a in QtPrivate::QSlotObjectBase::call (this=0x55a3af0ebae0, r=<optimized out>, a=0x7ffe7c38f3d0) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/corelib/kernel/qobjectdefs_impl.h:486
#37 doActivate<false> (sender=0x55a3af0e7e50, signal_index=3, argv=argv@entry=0x7ffe7c38f3d0) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/corelib/kernel/qobject.cpp:4115
#38 0x00007f0c0c0c84c9 in QMetaObject::activate (sender=sender@entry=0x55a3af0e7e50, m=m@entry=0x7f0c0c4968e0 <QSocketNotifier::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffe7c38f3d0) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/corelib/kernel/qobject.cpp:4175
#39 0x00007f0c0c1e8ff3 in QSocketNotifier::activated (this=0x55a3af0e7e50, _t1=..., _t2=<optimized out>, _t3=...) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2_build/src/corelib/Core_autogen/include/moc_qsocketnotifier.cpp:198
#40 QSocketNotifier::event (this=0x55a3af0e7e50, e=<optimized out>) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/corelib/kernel/qsocketnotifier.cpp:327
#41 0x00007f0c0d7aeb31 in QApplicationPrivate::notify_helper (this=0x55a3ad718ad0, receiver=0x55a3af0e7e50, e=0x7ffe7c38f4c0) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/widgets/kernel/qapplication.cpp:3296
#42 0x00007f0c0c144680 in QCoreApplication::notifyInternal2 (receiver=0x55a3af0e7e50, event=0x7ffe7c38f4c0) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/corelib/kernel/qcoreapplication.cpp:1172
#43 0x00007f0c0c005e76 in QEventDispatcherUNIXPrivate::activateSocketNotifiers (this=0x55a3ad756890) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/corelib/kernel/qeventdispatcher_unix.cpp:254
#44 0x00007f0c0c006749 in QEventDispatcherUNIX::processEvents (this=<optimized out>, flags=...) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/corelib/kernel/qeventdispatcher_unix.cpp:470
#45 0x00007f0c0cd67801 in QUnixEventDispatcherQPA::processEvents (this=<optimized out>, flags=...) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/gui/platform/unix/qunixeventdispatcher.cpp:27
#46 0x00007f0c0c177a36 in QEventLoop::processEvents (this=0x7ffe7c38f680, flags=...) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/corelib/kernel/qeventloop.cpp:103
#47 QEventLoop::exec (this=0x7ffe7c38f680, flags=...) at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/corelib/kernel/qeventloop.cpp:185
#48 0x00007f0c0c177e3d in QCoreApplication::exec () at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/corelib/kernel/qcoreapplication.cpp:1515
#49 0x00007f0c0c6d3a80 in QGuiApplication::exec () at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/gui/kernel/qguiapplication.cpp:1975
#50 0x00007f0c0d6d4a99 in QApplication::exec () at /usr/src/debug/dev-qt/qtbase-6.8.2-r1/qtbase-everywhere-src-6.8.2/src/widgets/kernel/qapplication.cpp:2564
#51 0x000055a3770711e8 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kde-plasma/kwin-6.3.49.9999/kwin-6.3.49.9999/src/main_wayland.cpp:622
```
Comment 1 Sam James 2025-02-18 11:57:04 UTC
I managed to hit it several times, then once I tried to run it under gdb and thereafter, it works. Gah. I'll close for now.
Comment 2 Sam James 2025-02-18 13:48:07 UTC
A friend has hit this too, so reopening.
Comment 3 Sam James 2025-02-18 15:31:12 UTC
We think it's a GCC bug (thanks to qookie for nailing it): https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118923
Comment 4 Vlad Zahorodnii 2025-02-18 15:48:46 UTC
(In reply to Sam James from comment #3)
> We think it's a GCC bug (thanks to qookie for nailing it):
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118923

if we rewrite code as follows

  const auto ret = workspace()->*moveAreaFunc();
  for (const QRect &r : ret) {
      ...
  }

would it help? we may want to do it anyway because of copy-on-write semantics of Qt container types
Comment 5 Kacper Słomiński 2025-02-18 16:17:49 UTC
(In reply to Vlad Zahorodnii from comment #4)
> would it help? we may want to do it anyway because of copy-on-write
> semantics of Qt container types

I've checked on godbolt and that change does fix the bug on a reduced test case. I've applied a patch that changes the 4 for loops that use moveAreaFunc to see if it resolves the bug in kwin (the later for loops that call `workspace()->restrictedMoveArea()` directly should be fine as-is).
Comment 6 Vlad Zahorodnii 2025-02-18 16:38:40 UTC
Can you make MR please? https://invent.kde.org/plasma/kwin

workspace()->restrictedMoveArea() can be changed too to fix container detachment
Comment 7 Vlad Zahorodnii 2025-02-18 16:38:52 UTC
a MR*
Comment 8 Kacper Słomiński 2025-02-18 17:22:20 UTC
I've tested the changes on kwin and they do fix the crash.

MR is here: https://invent.kde.org/plasma/kwin/-/merge_requests/7191
Comment 9 Vlad Zahorodnii 2025-02-18 19:30:16 UTC
Git commit 2fe864ef88164627a3e66e09a972abfbc8e92471 by Vlad Zahorodnii, on behalf of Kacper Słomiński.
Committed on 18/02/2025 at 19:15.
Pushed by vladz into branch 'master'.

Factor out {previousRestricted,restricted}MoveArea calls out of loops

This works around a GCC 15 bug that causes KWin to crash.

M  +16   -8    src/window.cpp

https://invent.kde.org/plasma/kwin/-/commit/2fe864ef88164627a3e66e09a972abfbc8e92471
Comment 10 Vlad Zahorodnii 2025-02-18 19:48:23 UTC
Git commit 19ef51db0e1d9cb58b777f2da6f815b871565929 by Vlad Zahorodnii.
Committed on 18/02/2025 at 19:35.
Pushed by vladz into branch 'Plasma/6.3'.

Factor out {previousRestricted,restricted}MoveArea calls out of loops

This works around a GCC 15 bug that causes KWin to crash.


(cherry picked from commit 2fe864ef88164627a3e66e09a972abfbc8e92471)

Co-authored-by: Kacper Słomiński <kacper.slominski72@gmail.com>

M  +16   -8    src/window.cpp

https://invent.kde.org/plasma/kwin/-/commit/19ef51db0e1d9cb58b777f2da6f815b871565929