416566 – kded5 segmentation faults in KWayland::Client::OutputManagement::createConfiguration when logging into Plasma 5.17.90 on Wayland

Bug 416566 - kded5 segmentation faults in KWayland::Client::OutputManagement::createConfiguration when logging into Plasma 5.17.90 on Wayland

Summary: kded5 segmentation faults in KWayland::Client::OutputManagement::createConfig...

Status:	RESOLVED FIXED

Alias:	None

Product:	KScreen
Classification:	Plasma
Component:	kded (show other bugs)
Version:	5.18.0
Platform:	Fedora RPMs Linux

Importance:	HI crash
Target Milestone:	---
Assignee:	kscreen-bugs-null@kde.org

URL:
Keywords:	regression

Duplicates (1):	416961 (view as bug list)
Depends on:
Blocks:

Reported:	2020-01-22 08:05 UTC by Matt Fagnani
Modified:	2020-02-24 13:58 UTC (History)
CC List:	4 users (show)

See Also:
Latest Commit:	https://commits.kde.org/libkscreen/691c85879cafad942edf6245196da9f04bc4cb6f
Version Fixed In:	5.18.2

Attachments
kded5 segmentation fault trace when logging into Plasma 5.18.0 on Wayland (7.24 KB, text/plain) 2020-02-13 21:50 UTC, Matt Fagnani	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Matt Fagnani 2020-01-22 08:05:38 UTC

SUMMARY

I logged into Plasma 5.17.90 on Wayland in Fedora Rawhide with KF5 5.66.0, Qt 5.13.2. Dr. Konqi immediately showed a segmentation fault in kded5 in KWayland::Client::OutputManagement::createConfiguration(QObject*) (this=0x0, parent=<optimized out>) at /usr/src/debug/kf5-kwayland-5.66.0-1.fc32.x86_64/x86_64-redhat-linux-gnu/src/client/wayland-output-management-client-protocol.h:226. this=0x0 might indicate a problem with a null pointer.

Application: kded5 (kded5), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
29	  return SYSCALL_CANCEL (poll, fds, nfds, timeout);
[Current thread is 1 (Thread 0x7f1fa8b4d800 (LWP 1350))]

Thread 5 (Thread 0x7f1f8e23f700 (LWP 1381)):
#0  0x00007f1fa7c269af in __GI___poll (fds=0x55d0cbdf2490, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f1fa6df9e1e in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x55d0cbdf2490, timeout=<optimized out>, context=0x55d0cbe13540) at ../glib/gmain.c:4309
#2  g_main_context_iterate (context=context@entry=0x55d0cbe13540, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4005
#3  0x00007f1fa6df9f53 in g_main_context_iteration (context=0x55d0cbe13540, may_block=1) at ../glib/gmain.c:4071
#4  0x00007f1f8e252abd in dconf_gdbus_worker_thread () at /usr/lib64/gio/modules/libdconfsettings.so
#5  0x00007f1fa6e23682 in g_thread_proxy (data=0x55d0cbdcfd40) at ../glib/gthread.c:805
#6  0x00007f1fa7781482 in start_thread (arg=<optimized out>) at pthread_create.c:477
#7  0x00007f1fa7c31583 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 0x7f1f8ffff700 (LWP 1372)):
#0  __GI___libc_read (nbytes=16, buf=0x7f1f8fffecc0, fd=15) at ../sysdeps/unix/sysv/linux/read.c:26
#1  __GI___libc_read (fd=15, buf=buf@entry=0x7f1f8fffecc0, nbytes=nbytes@entry=16) at ../sysdeps/unix/sysv/linux/read.c:24
#2  0x00007f1fa6e422cf in read (__nbytes=16, __buf=0x7f1f8fffecc0, __fd=<optimized out>) at /usr/include/bits/unistd.h:44
#3  g_wakeup_acknowledge (wakeup=0x55d0cbddac60) at ../glib/gwakeup.c:210
#4  0x00007f1fa6df9967 in g_main_context_check (context=context@entry=0x55d0cbde00e0, max_priority=2147483647, fds=fds@entry=0x55d0cbde1f80, n_fds=n_fds@entry=1) at ../glib/gmain.c:3788
#5  0x00007f1fa6df9dc2 in g_main_context_iterate (context=0x55d0cbde00e0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4007
#6  0x00007f1fa6dfa1a3 in g_main_loop_run (loop=0x55d0cbde01d0) at ../glib/gmain.c:4204
#7  0x00007f1f94f75b7a in gdbus_shared_thread_func (user_data=0x55d0cbde00b0) at ../gio/gdbusprivate.c:279
#8  0x00007f1fa6e23682 in g_thread_proxy (data=0x55d0cbdcf4a0) at ../glib/gthread.c:805
#9  0x00007f1fa7781482 in start_thread (arg=<optimized out>) at pthread_create.c:477
#10 0x00007f1fa7c31583 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7f1f949bf700 (LWP 1371)):
#0  0x00007f1fa7c269af in __GI___poll (fds=0x55d0cbdcd9e0, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f1fa6df9e1e in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x55d0cbdcd9e0, timeout=<optimized out>, context=0x55d0cbdcf2b0) at ../glib/gmain.c:4309
#2  g_main_context_iterate (context=context@entry=0x55d0cbdcf2b0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4005
#3  0x00007f1fa6df9f53 in g_main_context_iteration (context=0x55d0cbdcf2b0, may_block=may_block@entry=1) at ../glib/gmain.c:4071
#4  0x00007f1fa6df9fa1 in glib_worker_main (data=<optimized out>) at ../glib/gmain.c:5959
#5  0x00007f1fa6e23682 in g_thread_proxy (data=0x55d0cbdcf400) at ../glib/gthread.c:805
#6  0x00007f1fa7781482 in start_thread (arg=<optimized out>) at pthread_create.c:477
#7  0x00007f1fa7c31583 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7f1f95a87700 (LWP 1364)):
#0  0x00007f1fa7c269af in __GI___poll (fds=0x7f1f900029e0, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f1fa6df9e1e in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x7f1f900029e0, timeout=<optimized out>, context=0x7f1f90000c30) at ../glib/gmain.c:4309
#2  g_main_context_iterate (context=context@entry=0x7f1f90000c30, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4005
#3  0x00007f1fa6df9f53 in g_main_context_iteration (context=0x7f1f90000c30, may_block=may_block@entry=1) at ../glib/gmain.c:4071
#4  0x00007f1fa81c58b3 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7f1f90000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:425
#5  0x00007f1fa816f24b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7f1f95a86d70, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:140
#6  0x00007f1fa7fbfc75 in QThread::exec() (this=this@entry=0x7f1fa8583060 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at ../../include/QtCore/../../src/corelib/global/qflags.h:120
#7  0x00007f1fa84fff6a in QDBusConnectionManager::run() (this=0x7f1fa8583060 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:178
#8  0x00007f1fa7fc0dc6 in QThreadPrivate::start(void*) (arg=0x7f1fa8583060 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:360
#9  0x00007f1fa7781482 in start_thread (arg=<optimized out>) at pthread_create.c:477
#10 0x00007f1fa7c31583 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7f1fa8b4d800 (LWP 1350)):
[KCrash Handler]
#6  KWayland::Client::OutputManagement::createConfiguration(QObject*) (this=0x0, parent=<optimized out>) at /usr/src/debug/kf5-kwayland-5.66.0-1.fc32.x86_64/x86_64-redhat-linux-gnu/src/client/wayland-output-management-client-protocol.h:226
#7  0x00007f1f8d4a5833 in KScreen::WaylandConfig::applyConfig(QSharedPointer<KScreen::Config> const&) (this=0x55d0cbd217e0, newConfig=...) at /usr/src/debug/libkscreen-qt5-5.17.90-2.fc32.x86_64/backends/kwayland/waylandconfig.cpp:330
#8  0x00007f1f8d914a83 in KScreen::SetConfigOperation::start() (this=0x55d0cbede330) at /usr/src/debug/libkscreen-qt5-5.17.90-2.fc32.x86_64/src/setconfigoperation.cpp:129
#9  0x00007f1fa819b80a in QObject::event(QEvent*) (this=0x55d0cbede330, e=<optimized out>) at kernel/qobject.cpp:1260
#10 0x00007f1fa8d97ab6 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=this@entry=0x55d0cbc50390, receiver=receiver@entry=0x55d0cbede330, e=e@entry=0x55d0cbec9ed0) at kernel/qapplication.cpp:3703
#11 0x00007f1fa8da1150 in QApplication::notify(QObject*, QEvent*) (this=0x7ffdfeb87f20, receiver=0x55d0cbede330, e=0x55d0cbec9ed0) at kernel/qapplication.cpp:3449
#12 0x00007f1fa8170458 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x55d0cbede330, event=0x55d0cbec9ed0) at kernel/qcoreapplication.cpp:1095
#13 0x00007f1fa817349b in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (receiver=0x0, event_type=0, data=0x55d0cbc50510) at kernel/qcoreapplication.cpp:1840
#14 0x00007f1fa81c5b07 in postEventSourceDispatch(GSource*, GSourceFunc, gpointer) (s=s@entry=0x55d0cbc88460) at kernel/qeventdispatcher_glib.cpp:277
#15 0x00007f1fa6df9b20 in g_main_dispatch (context=0x55d0cbc53b90) at ../glib/gmain.c:3272
#16 g_main_context_dispatch (context=context@entry=0x55d0cbc53b90) at ../glib/gmain.c:3937
#17 0x00007f1fa6df9eb0 in g_main_context_iterate (context=context@entry=0x55d0cbc53b90, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4010
#18 0x00007f1fa6df9f53 in g_main_context_iteration (context=0x55d0cbc53b90, may_block=may_block@entry=1) at ../glib/gmain.c:4071
#19 0x00007f1fa81c5895 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x55d0cbc7adb0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#20 0x00007f1fa816f24b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffdfeb87e60, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:140
#21 0x00007f1fa8177126 in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:120
#22 0x000055d0cb748bf2 in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kf5-kded-5.66.0-1.fc32.x86_64/src/kded.cpp:804
[Inferior 1 (process 1350) detached]

STEPS TO REPRODUCE
1. Boot Fedora Rawhide KDE Plasma spin fully updated with kwin-wayland, plasma-workspaces-wayland and their dependencies installed
2. Log in to Plasma on Wayland
3. Update to Plasma 5.17.90 from koji or the repository when available
4. Reboot/log out
5. Log in to Plasma 5.17.90 on Wayland

OBSERVED RESULT
kded5 segmentation faults in KWayland::Client::OutputManagement::createConfiguration when logging into Plasma 5.17.90 on Wayland

EXPECTED RESULT
No crashes would happen.


SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora Rawhide/32
(available in About System)
KDE Plasma Version: 5.17.90
KDE Frameworks Version: 5.66.0
Qt Version: 5.13.2

ADDITIONAL INFORMATION

I've seen this kded5 segmentation fault 2/3 logins to Plasma 5.17.90. I haven't seen this crash with 5.17.5 or earlier. The following notification was shown 3/3 times I've logged into Plasma 5.17.90. I don't know if the notification was related to the kded5 crashes.

Error loading QML file: file:///usr/share/plasma/plasmoids/org.kde.plasma.notifications/contents/ui/main.qml:108:37: Type CompactRepresentation unavailable
file:///usr/share/plasma/plasmoids/org.kde.plasma.notifications/contents/ui/CompactRepresentation.qml:27:1: module "org.kde.quickcharts" is not installed

Comment 1 Roman Gilg 2020-02-13 16:50:00 UTC

After release still happening?

Comment 2 Matt Fagnani 2020-02-13 21:50:44 UTC

Created attachment 125991 [details]
kded5 segmentation fault trace when logging into Plasma 5.18.0 on Wayland

Roman, I've seen the kded5 crash one of two times when logging into Plasma 5.18.0 on Wayland. KWayland::Client::WaylandPointer<org_kde_kwin_outputmanagement, org_kde_kwin_outputmanagement_destroy>::operator org_kde_kwin_outputmanagement* (this=<optimized out>) at /usr/src/debug/kf5-kwayland-5.67.0-1.fc32.x86_64/x86_64-redhat-linux-gnu/src/client/wayland-output-management-client-protocol.h:226 has been at the top of the crashing thread 1 since I updated to KF 5.67.0. I'll attach the trace of the crash which happened in a Fedora 32 KDE Plasma spin installation with Plasma 5.18.0, KF 5.67.0, and Qt 5.13.2. I saw this kded5 crash at least 32 times with Plasma 5.17.90 on Wayland which was about 30% of the times I logged in. kded5 has restarted normally after it has crashed when I've checked.

Comment 3 Roman Gilg 2020-02-13 22:00:06 UTC

*** Bug 416961 has been marked as a duplicate of this bug. ***

Comment 4 Roman Gilg 2020-02-13 22:17:36 UTC

Do you have a device with orientation sensor and the iio-sensor-proxy package installed?

Comment 5 Matt Fagnani 2020-02-13 23:58:55 UTC

(In reply to Roman Gilg from comment #4)
> Do you have a device with orientation sensor and the iio-sensor-proxy
> package installed?

No the hp laptop I've seen these crashes on doesn't have an orientation sensor. The iio-sensor-proxy package isn't installed. Thanks for looking into this.

Comment 6 Daniel Vrátil 2020-02-24 13:58:47 UTC

Git commit 691c85879cafad942edf6245196da9f04bc4cb6f by Daniel Vrátil.
Committed on 24/02/2020 at 13:57.
Pushed by dvratil into branch 'Plasma/5.18'.

fix(kwayland): wait longer for connection timeout and retry

Summary:
During login creating the connection to Wayland server may take longer
than 1 second (KWin busy, high CPU and IO load, ...) causing
WaylandConfig to time out and leave the backend in an inconsistent
state.

This patch increases the timeout to 3 seconds and sets the overall
backend status to invalid if connecting to Wayland server times out.
This will abort the pending KScreen operation and prevent it from
interacting with the broken backend. The next KScreen operation
will try to set up the backend again, hopefully successfully this time.
FIXED-IN: 5.18.2

Reviewers: #plasma, romangg

Reviewed By: #plasma, romangg

Subscribers: romangg, plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D27618

M  +1    -2    backends/kwayland/waylandbackend.cpp
M  +0    -1    backends/kwayland/waylandbackend.h
M  +11   -3    backends/kwayland/waylandconfig.cpp
M  +2    -0    backends/kwayland/waylandconfig.h

https://commits.kde.org/libkscreen/691c85879cafad942edf6245196da9f04bc4cb6f