Bug 407199 - kwin_wayland crashes on startup in KWin::DrmOutput::updateCursor
Summary: kwin_wayland crashes on startup in KWin::DrmOutput::updateCursor
Status: RESOLVED FIXED
Alias: None
Product: kwin
Classification: Plasma
Component: platform-drm (other bugs)
Version First Reported In: git master
Platform: Neon Linux
: NOR crash
Target Milestone: ---
Assignee: KWin default assignee
URL:
Keywords:
: 407335 (view as bug list)
Depends on:
Blocks:
 
Reported: 2019-05-03 21:53 UTC by Patrick Silva
Modified: 2019-05-08 17:15 UTC (History)
4 users (show)

See Also:
Latest Commit: https://commits.kde.org/kwin/7804eb41d9548c36254097f235324a3c57c6514f
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Patrick Silva 2019-05-03 21:53:06 UTC 
SUMMARY
I only see a black screen without cursor when I try to start Wayland session on neon dev unstable.

Operating System: KDE neon Unstable Edition
KDE Plasma Version: 5.15.80
KDE Frameworks Version: 5.58.0
Qt Version: 5.12.0


Thread 7 (Thread 0x7fae59e84700 (LWP 1105)):
#0  0x00007fae85ec9bf9 in __GI___poll (fds=0x7fae50003ce0, nfds=1, timeout=-1)
    at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fae7d0005c9 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fae7d0006dc in g_main_context_iteration () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fae86a3413f in QEventDispatcherGlib::processEvents (this=0x7fae50000b20, flags=...)
    at kernel/qeventdispatcher_glib.cpp:422
#4  0x00007fae869d564a in QEventLoop::exec (this=this@entry=0x7fae59e83d00, flags=..., 
    flags@entry=...) at kernel/qeventloop.cpp:225
#5  0x00007fae867fd41a in QThread::exec (this=this@entry=0x5564886269e0) at thread/qthread.cpp:531
#6  0x00007fae813b52e5 in QQmlThreadPrivate::run (this=0x5564886269e0) at qml/ftw/qqmlthread.cpp:148
#7  0x00007fae867febc2 in QThreadPrivate::start (arg=0x5564886269e0) at thread/qthread_unix.cpp:361
#8  0x00007fae87e656db in start_thread (arg=0x7fae59e84700) at pthread_create.c:463
#9  0x00007fae85ed688f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 6 (Thread 0x7fae5aad7700 (LWP 1093)):
#0  0x00007fae87e6bed9 in futex_reltimed_wait_cancelable (private=<optimized out>, 
    reltime=0x7fae5aad6b80, expected=0, futex_word=0x556488298aa0)
    at ../sysdeps/unix/sysv/linux/futex-internal.h:142
#1  __pthread_cond_wait_common (abstime=0x7fae5aad6c40, mutex=0x556488298a50, cond=0x556488298a78)
    at pthread_cond_wait.c:533
#2  __pthread_cond_timedwait (cond=cond@entry=0x556488298a78, mutex=mutex@entry=0x556488298a50, 
    abstime=abstime@entry=0x7fae5aad6c40) at pthread_cond_wait.c:667
#3  0x00007fae86805ac6 in QWaitConditionPrivate::wait_relative (this=0x556488298a50, deadline=...)
    at thread/qwaitcondition_unix.cpp:136
#4  QWaitConditionPrivate::wait (deadline=..., this=0x556488298a50)
    at thread/qwaitcondition_unix.cpp:144
#5  QWaitCondition::wait (this=<optimized out>, mutex=0x556488295050, deadline=...)
    at thread/qwaitcondition_unix.cpp:225
#6  0x00007fae86805e25 in QWaitCondition::wait (this=this@entry=0x5564885ac300, 
    mutex=mutex@entry=0x556488295050, time=<optimized out>) at thread/qwaitcondition_unix.cpp:209
#7  0x00007fae868035dd in QThreadPoolThread::run (this=0x5564885ac2f0) at thread/qthreadpool.cpp:144
#8  0x00007fae867febc2 in QThreadPrivate::start (arg=0x5564885ac2f0) at thread/qthread_unix.cpp:361
#9  0x00007fae87e656db in start_thread (arg=0x7fae5aad7700) at pthread_create.c:463
#10 0x00007fae85ed688f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 5 (Thread 0x7fae6e674700 (LWP 1088)):
#0  0x00007fae85ec9bf9 in __GI___poll (fds=0x7fae680177d0, nfds=4, timeout=-1)
    at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fae7d0005c9 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fae7d0006dc in g_main_context_iteration () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fae86a3413f in QEventDispatcherGlib::processEvents (this=0x7fae68000b20, flags=...)
    at kernel/qeventdispatcher_glib.cpp:422
#4  0x00007fae869d564a in QEventLoop::exec (this=this@entry=0x7fae6e673cf0, flags=..., 
    flags@entry=...) at kernel/qeventloop.cpp:225
#5  0x00007fae867fd41a in QThread::exec (
    this=this@entry=0x7fae87e5cd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>)
    at thread/qthread.cpp:531
#6  0x00007fae87be5015 in QDBusConnectionManager::run (
    this=0x7fae87e5cd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>)
    at qdbusconnection.cpp:178
#7  0x00007fae867febc2 in QThreadPrivate::start (
    arg=0x7fae87e5cd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>)
    at thread/qthread_unix.cpp:361
#8  0x00007fae87e656db in start_thread (arg=0x7fae6e674700) at pthread_create.c:463
#9  0x00007fae85ed688f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 0x7fae6d815700 (LWP 1089)):
#0  0x00007fae85ec9bf9 in __GI___poll (fds=0x7fae60003ce0, nfds=2, timeout=-1)
    at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fae7d0005c9 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fae7d0006dc in g_main_context_iteration () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fae86a3413f in QEventDispatcherGlib::processEvents (this=0x7fae60000b20, flags=...)
    at kernel/qeventdispatcher_glib.cpp:422
#4  0x00007fae869d564a in QEventLoop::exec (this=this@entry=0x7fae6d814d20, flags=..., 
    flags@entry=...) at kernel/qeventloop.cpp:225
#5  0x00007fae867fd41a in QThread::exec (this=<optimized out>) at thread/qthread.cpp:531
#6  0x00007fae867febc2 in QThreadPrivate::start (arg=0x5564881ab680) at thread/qthread_unix.cpp:361
#7  0x00007fae87e656db in start_thread (arg=0x7fae6d815700) at pthread_create.c:463
#8  0x00007fae85ed688f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7fae6d014700 (LWP 1090)):
#0  0x00007fae85ec9bf9 in __GI___poll (fds=0x7fae640046c0, nfds=2, timeout=-1)
    at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fae7d0005c9 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fae7d0006dc in g_main_context_iteration () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fae86a3413f in QEventDispatcherGlib::processEvents (this=0x7fae64000b20, flags=...)
    at kernel/qeventdispatcher_glib.cpp:422
#4  0x00007fae869d564a in QEventLoop::exec (this=this@entry=0x7fae6d013d20, flags=..., 
    flags@entry=...) at kernel/qeventloop.cpp:225
#5  0x00007fae867fd41a in QThread::exec (this=<optimized out>) at thread/qthread.cpp:531
#6  0x00007fae867febc2 in QThreadPrivate::start (arg=0x5564881aa660) at thread/qthread_unix.cpp:361
#7  0x00007fae87e656db in start_thread (arg=0x7fae6d014700) at pthread_create.c:463
#8  0x00007fae85ed688f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7fae5c689700 (LWP 1091)):
#0  0x00007fae87e6b9f3 in futex_wait_cancelable (private=<optimized out>, expected=0, 
    futex_word=0x55648820ffb8) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  __pthread_cond_wait_common (abstime=0x0, mutex=0x55648820ff68, cond=0x55648820ff90)
    at pthread_cond_wait.c:502
#2  __pthread_cond_wait (cond=0x55648820ff90, mutex=0x55648820ff68) at pthread_cond_wait.c:655
#3  0x00007fae5da28dcb in ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#4  0x00007fae5da28af7 in ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#5  0x00007fae87e656db in start_thread (arg=0x7fae5c689700) at pthread_create.c:463
#6  0x00007fae85ed688f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7fae89a07880 (LWP 1087)):
#0  0x00007fae801d14d4 in QMatrix4x4::toTransform() const ()
   from /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5
#1  0x00007fae6dc566b6 in KWin::DrmOutput::updateCursor() ()
   from /usr/lib/x86_64-linux-gnu/qt5/plugins/org.kde.kwin.waylandbackends/KWinWaylandDrmBackend.so
#2  0x00007fae6dc4aab5 in KWin::DrmBackend::updateCursor() ()
   from /usr/lib/x86_64-linux-gnu/qt5/plugins/org.kde.kwin.waylandbackends/KWinWaylandDrmBackend.so
#3  0x00007fae86a06f3f in QtPrivate::QSlotObjectBase::call (a=0x7ffe4ca73fe0, r=0x5564881a63e0, 
    this=0x556488289020) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:394
#4  QMetaObject::activate (sender=0x5564881a63e0, signalOffset=<optimized out>, 
    local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3759
#5  0x00007fae86a06f3f in QtPrivate::QSlotObjectBase::call (a=0x7ffe4ca740e0, r=0x5564881a63e0, 
    this=0x5564881eee80) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:394
#6  QMetaObject::activate (sender=0x5564886378d0, signalOffset=<optimized out>, 
    local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3759
#7  0x00007fae8941d6e4 in KWin::PointerInputRedirection::init() ()
   from /usr/lib/x86_64-linux-gnu/libkwin.so.5
#8  0x00007fae8940121f in KWin::InputRedirection::setupWorkspace() ()
   from /usr/lib/x86_64-linux-gnu/libkwin.so.5
#9  0x00007fae86a06f3f in QtPrivate::QSlotObjectBase::call (a=0x7ffe4ca743e0, r=0x5564881b5b70, 
    this=0x5564881b8ab0) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:394
#10 QMetaObject::activate (sender=0x7ffe4ca74da0, signalOffset=<optimized out>, 
    local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3759
#11 0x0000556486950ba8 in KWin::ApplicationWayland::finalizeStartup (this=0x7ffe4ca74da0)
    at ./main_wayland.cpp:193
#12 0x00007fae86a06f3f in QtPrivate::QSlotObjectBase::call (a=0x7ffe4ca74520, r=0x7ffe4ca74da0, 
    this=0x5564885a2f70) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:394
#13 QMetaObject::activate (sender=sender@entry=0x5564885a2ea0, signalOffset=<optimized out>, 
    local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x0) at kernel/qobject.cpp:3759
#14 0x00007fae86a074f7 in QMetaObject::activate (sender=sender@entry=0x5564885a2ea0, 
    m=m@entry=0x556486b73d80 <KWin::Xwl::Xwayland::staticMetaObject>, 
    local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x0) at kernel/qobject.cpp:3631
#15 0x0000556486966b10 in KWin::Xwl::Xwayland::initialized (this=this@entry=0x5564885a2ea0)
    at ./obj-x86_64-linux-gnu/kwin_wayland_autogen/DC6ZQWILS5/moc_xwayland.cpp:142
#16 0x0000556486954209 in KWin::Xwl::Xwayland::continueStartupWithX (this=0x5564885a2ea0)
    at ./xwl/xwayland.cpp:265
#17 0x00007fae86a07992 in QObject::event (this=0x5564885a2ea0, e=<optimized out>)
    at kernel/qobject.cpp:1249
#18 0x00007fae86fe78ac in QApplicationPrivate::notify_helper(QObject*, QEvent*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#19 0x00007fae86feee40 in QApplication::notify(QObject*, QEvent*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#20 0x00007fae869d7328 in QCoreApplication::notifyInternal2 (receiver=0x5564885a2ea0, 
    event=0x5564885aaeb0) at kernel/qcoreapplication.cpp:1061
#21 0x00007fae869d74fe in QCoreApplication::sendEvent (receiver=<optimized out>, 
    event=event@entry=0x5564885aaeb0) at kernel/qcoreapplication.cpp:1451
#22 0x00007fae869d9e87 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, 
    data=0x556488145c00) at kernel/qcoreapplication.cpp:1800
#23 0x00007fae86a31364 in QEventDispatcherUNIX::processEvents (this=0x5564881790f0, flags=...)
    at kernel/qeventdispatcher_unix.cpp:466
#24 0x00007fae71e3af8d in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/qt5/plugins/platforms/KWinQpaPlugin.so
#25 0x00007fae869d564a in QEventLoop::exec (this=this@entry=0x7ffe4ca74b40, flags=..., 
    flags@entry=...) at kernel/qeventloop.cpp:225
#26 0x00007fae869de800 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1364
#27 0x000055648694edf0 in main (argc=<optimized out>, argv=<optimized out>) at ./main_wayland.cpp:664
Comment 1 Vlad Zahorodnii 2019-05-06 08:27:37 UTC 
Hmm, either backend is not initialized by that time or we're hitting some c++ corner case issue.
Comment 2 Greg Varsanyi 2019-05-07 18:06:50 UTC 
Same symptoms, same versions, on kernel 5.1. Core dump looks similar too:

Thread 7 (Thread 0x7f72823a7700 (LWP 11724)):
#0  0x00007f729b430bf9 in __GI___poll (fds=0x7f72780046c0, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
        resultvar = 18446744073709551100
        sc_cancel_oldtype = 0
#1  0x00007f72925685c9 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f72925686dc in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f729bf9b13f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007f729bf3c64a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007f729bd6441a in QThread::exec() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007f729bd65bc2 in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#7  0x00007f729d3cf6db in start_thread (arg=0x7f72823a7700) at pthread_create.c:463
        pd = 0x7f72823a7700
        now = <optimized out>
        unwind_buf = 
              {cancel_jmp_buf = {{jmp_buf = {140129787868928, 440595788140762970, 140129787866752, 0, 94798741986608, 140721842154032, -506571411667953830, -506525279646263462}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
#8  0x00007f729b43d88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 6 (Thread 0x7f726bfff700 (LWP 11747)):
#0  0x00007f729b430bf9 in __GI___poll (fds=0x7f7260002930, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
        resultvar = 18446744073709551100
        sc_cancel_oldtype = 0
#1  0x00007f72925685c9 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f72925686dc in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f729bf9b13f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007f729bf3c64a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007f729bd6441a in QThread::exec() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007f729691c2e5 in  () at /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#7  0x00007f729bd65bc2 in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x00007f729d3cf6db in start_thread (arg=0x7f726bfff700) at pthread_create.c:463
        pd = 0x7f726bfff700
        now = <optimized out>
        unwind_buf = 
              {cancel_jmp_buf = {{jmp_buf = {140129414936320, 440595788140762970, 140129414934144, 0, 140129549196400, 140721842151680, -506205845526554790, -506525279646263462}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
#9  0x00007f729b43d88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 5 (Thread 0x7f72719ca700 (LWP 11725)):
#0  0x00007f729d3d59f3 in futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x56380d6b7048) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
        __ret = -512
        oldtype = 0
        err = <optimized out>
        spin = 0
        buffer = {__routine = 0x7f729d3d5690 <__condvar_cleanup_waiting>, __arg = 0x7f72719c9cc0, __canceltype = 46, __prev = 0x0}
        cbuffer = {wseq = 0, cond = 0x56380d6b7020, mutex = 0x56380d6b6ff8, private = 0}
        err = <optimized out>
        g = 0
        flags = <optimized out>
        signals = <optimized out>
        result = 0
        seq = 0
#1  0x00007f729d3d59f3 in __pthread_cond_wait_common (abstime=0x0, mutex=0x56380d6b6ff8, cond=0x56380d6b7020) at pthread_cond_wait.c:502
        spin = 0
        buffer = {__routine = 0x7f729d3d5690 <__condvar_cleanup_waiting>, __arg = 0x7f72719c9cc0, __canceltype = 46, __prev = 0x0}
        cbuffer = {wseq = 0, cond = 0x56380d6b7020, mutex = 0x56380d6b6ff8, private = 0}
        err = <optimized out>
        g = 0
        flags = <optimized out>
        signals = <optimized out>
---Type <return> to continue, or q <return> to quit---
        result = 0
        seq = 0
#2  0x00007f729d3d59f3 in __pthread_cond_wait (cond=0x56380d6b7020, mutex=0x56380d6b6ff8) at pthread_cond_wait.c:655
#3  0x00007f7272eaadcb in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#4  0x00007f7272eaaaf7 in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#5  0x00007f729d3cf6db in start_thread (arg=0x7f72719ca700) at pthread_create.c:463
        pd = 0x7f72719ca700
        now = <optimized out>
        unwind_buf = 
              {cancel_jmp_buf = {{jmp_buf = {140129509091072, 440595788140762970, 140129509088896, 0, 94798741939920, 140721842148656, -506183603501541542, -506525279646263462}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
#6  0x00007f729b43d88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 0x7f7282ba8700 (LWP 11723)):
#0  0x00007f729b430bf9 in __GI___poll (fds=0x7f7274003ce0, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
        resultvar = 18446744073709551100
        sc_cancel_oldtype = 0
#1  0x00007f72925685c9 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f72925686dc in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f729bf9b13f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007f729bf3c64a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007f729bd6441a in QThread::exec() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007f729bd65bc2 in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#7  0x00007f729d3cf6db in start_thread (arg=0x7f7282ba8700) at pthread_create.c:463
        pd = 0x7f7282ba8700
        now = <optimized out>
        unwind_buf = 
              {cancel_jmp_buf = {{jmp_buf = {140129796261632, 440595788140762970, 140129796259456, 0, 94798741978704, 140721842154208, -506572511716452518, -506525279646263462}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
#8  0x00007f729b43d88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7f72711c9700 (LWP 11727)):
#0  0x00007f729d3d5ed9 in futex_reltimed_wait_cancelable (private=<optimized out>, reltime=0x7f72711c8b80, expected=0, futex_word=0x56380d8518c0) at ../sysdeps/unix/sysv/linux/futex-internal.h:142
        __ret = -516
        oldtype = 0
        err = <optimized out>
        rt = {tv_sec = 29, tv_nsec = 999999751}
        spin = 0
        buffer = {__routine = 0x7f729d3d5690 <__condvar_cleanup_waiting>, __arg = 0x7f72711c8bb0, __canceltype = 1897696256, __prev = 0x0}
        cbuffer = {wseq = 4, cond = 0x56380d851898, mutex = 0x56380d851870, private = 0}
        err = <optimized out>
        g = 0
        flags = <optimized out>
        maxspin = 0
        signals = <optimized out>
        result = 0
        seq = 2
#1  0x00007f729d3d5ed9 in __pthread_cond_wait_common (abstime=0x7f72711c8c40, mutex=0x56380d851870, cond=0x56380d851898) at pthread_cond_wait.c:533
        rt = {tv_sec = 29, tv_nsec = 999999751}
        spin = 0
        buffer = {__routine = 0x7f729d3d5690 <__condvar_cleanup_waiting>, __arg = 0x7f72711c8bb0, __canceltype = 1897696256, __prev = 0x0}
        cbuffer = {wseq = 4, cond = 0x56380d851898, mutex = 0x56380d851870, private = 0}
        err = <optimized out>
        g = 0
        flags = <optimized out>
        maxspin = 0
        signals = <optimized out>
        result = 0
        seq = 2
#2  0x00007f729d3d5ed9 in __pthread_cond_timedwait (cond=0x56380d851898, mutex=0x56380d851870, abstime=0x7f72711c8c40) at pthread_cond_wait.c:667
---Type <return> to continue, or q <return> to quit---
#3  0x00007f729bd6cac6 in QWaitCondition::wait(QMutex*, QDeadlineTimer) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007f729bd6ce25 in QWaitCondition::wait(QMutex*, unsigned long) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007f729bd6a5dd in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007f729bd65bc2 in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#7  0x00007f729d3cf6db in start_thread (arg=0x7f72711c9700) at pthread_create.c:463
        pd = 0x7f72711c9700
        now = <optimized out>
        unwind_buf = 
              {cancel_jmp_buf = {{jmp_buf = {140129500698368, 440595788140762970, 140129500696192, 0, 94798743301600, 140721842152032, -506182503453042854, -506525279646263462}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
#8  0x00007f729b43d88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7f7283a07700 (LWP 11722)):
#0  0x00007f729b430bf9 in __GI___poll (fds=0x7f727c016d50, nfds=4, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
        resultvar = 18446744073709551100
        sc_cancel_oldtype = 0
#1  0x00007f72925685c9 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f72925686dc in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f729bf9b13f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007f729bf3c64a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007f729bd6441a in QThread::exec() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007f729d14f015 in  () at /usr/lib/x86_64-linux-gnu/libQt5DBus.so.5
#7  0x00007f729bd65bc2 in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x00007f729d3cf6db in start_thread (arg=0x7f7283a07700) at pthread_create.c:463
        pd = 0x7f7283a07700
        now = <optimized out>
        unwind_buf = 
              {cancel_jmp_buf = {{jmp_buf = {140129811330816, 440595788140762970, 140129811328640, 0, 140130240982400, 140721842153664, -506574933541136550, -506525279646263462}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
#9  0x00007f729b43d88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7f729ef55880 (LWP 11721)):
#0  0x00007f72957384d4 in QMatrix4x4::toTransform() const () at /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5
#1  0x00007f7282fe96b6 in KWin::DrmOutput::updateCursor() (this=<optimized out>) at ./plugins/platforms/drm/drm_output.cpp:174
        cursorImage = <incomplete type>
        p = {static staticMetaObject = {d = {superdata = 0x0, stringdata = 0x7f729580afc0, data = 0x7f729580aee0, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}, d_ptr = {d = 0x56380d94fe70}}
#2  0x00007f7282fddab5 in KWin::DrmBackend::updateCursor() (this=0x56380d570de0) at ./plugins/platforms/drm/drm_backend.cpp:712
        it = 0x56380d6ac568
        cursorImage = @0x7ffc5b69df40: <incomplete type>
        this = 0x56380d570de0
#3  0x00007f729bf6df3f in QMetaObject::activate(QObject*, int, int, void**) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007f729bf6df3f in QMetaObject::activate(QObject*, int, int, void**) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007f729e9875d4 in KWin::PointerInputRedirection::init() () at /usr/lib/x86_64-linux-gnu/libkwin.so.5
#6  0x00007f729e96b10f in KWin::InputRedirection::setupWorkspace() () at /usr/lib/x86_64-linux-gnu/libkwin.so.5
#7  0x00007f729bf6df3f in QMetaObject::activate(QObject*, int, int, void**) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x000056380c368ba8 in  ()
#9  0x000056380c37eb00 in  ()
#10 0x0000000000000000 in  ()
Comment 3 Vlad Zahorodnii 2019-05-08 15:34:48 UTC 
*** Bug 407335 has been marked as a duplicate of this bug. ***
Comment 4 Fabian Vogt 2019-05-08 16:54:26 UTC 
> I cannot reproduce. What GPUs are present in openQA?

The VM is configured with virtio.

According to openQA, the failures started between 4725ece60 and 559c2e68d and 559c2e68d34309eaeed0f8d25204789522058a12 even touches the crashing codepath. So it's likely that commit introducing the crash.
Comment 5 Fabian Vogt 2019-05-08 17:10:41 UTC 
(In reply to Fabian Vogt from comment #4)
> > I cannot reproduce. What GPUs are present in openQA?
> 
> The VM is configured with virtio.
> 
> According to openQA, the failures started between 4725ece60 and 559c2e68d
> and 559c2e68d34309eaeed0f8d25204789522058a12 even touches the crashing
> codepath. So it's likely that commit introducing the crash.

Indeed, it's obviously broken. Fix submitted as https://phabricator.kde.org/D21085.
Comment 6 Fabian Vogt 2019-05-08 17:15:17 UTC 
Git commit 7804eb41d9548c36254097f235324a3c57c6514f by Fabian Vogt.
Committed on 08/05/2019 at 17:15.
Pushed by fvogt into branch 'master'.

Fix crash due to dangling reference

Summary:
Returning a reference to a value on the stack is broken.
This caused kwin_wayland to crash in openQA with a nullptr deref.

Test Plan: Only build tested.

Reviewers: #kwin, zzag

Reviewed By: #kwin, zzag

Subscribers: kwin

Tags: #kwin

Differential Revision: https://phabricator.kde.org/D21085

M  +2    -2    plugins/platforms/drm/drm_output.cpp
M  +1    -1    plugins/platforms/drm/drm_output.h

https://commits.kde.org/kwin/7804eb41d9548c36254097f235324a3c57c6514f