420077 – logout from Wayland session makes kwin to crash

Bug 420077 - logout from Wayland session makes kwin to crash

Summary: logout from Wayland session makes kwin to crash

Status:	RESOLVED FIXED

Alias:	None

Product:	kwin
Classification:	Plasma
Component:	platform-wayland-nested (show other bugs)
Version:	git master
Platform:	Compiled Sources Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	KWin default assignee

URL:	https://invent.kde.org/plasma/kwin/-/...
Keywords:

Depends on:
Blocks:	412101
	Show dependency tree / graph

Reported:	2020-04-14 12:29 UTC by Patrick Silva
Modified:	2020-08-06 14:24 UTC (History)
CC List:	5 users (show)

See Also:
Latest Commit:	https://invent.kde.org/plasma/kwin/commit/307a9bc5590f6f82b279a611b1f406bbd423687e
Version Fixed In:	5.20.0
Sentry Crash Report:

Attachments
SIGSEGV (1.94 KB, text/plain) 2020-07-27 20:17 UTC, Andrey	Details
SIGSEGV with backtrace (86.97 KB, text/plain) 2020-07-29 16:06 UTC, Andrey	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Patrick Silva 2020-04-14 12:29:50 UTC

STEPS TO REPRODUCE
1. start Wayland session
2. do logout
3. 

OBSERVED RESULT
kwin_wayland crashes and computer gets stuck in a black screen

EXPECTED RESULT
no crash

SOFTWARE/OS VERSIONS
Operating System: KDE neon Unstable Edition
KDE Plasma Version: 5.18.80
KDE Frameworks Version: 5.70.0
Qt Version: 5.14.1

(gdb) thread apply all bt

Thread 11 (Thread 1120.1268):
#0  0x00007f22d87719f3 in futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x7f22d6339fb8 <QTWTF::pageheap_memory+57592>)
    at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  __pthread_cond_wait_common (abstime=0x0, mutex=0x7f22d6339f68 <QTWTF::pageheap_memory+57512>, cond=0x7f22d6339f90 <QTWTF::pageheap_memory+57552>)
    at pthread_cond_wait.c:502
#2  __pthread_cond_wait (cond=cond@entry=0x7f22d6339f90 <QTWTF::pageheap_memory+57552>, mutex=mutex@entry=0x7f22d6339f68 <QTWTF::pageheap_memory+57512>)
    at pthread_cond_wait.c:655
#3  0x00007f22d6044944 in QTWTF::TCMalloc_PageHeap::scavengerThread (this=0x7f22d632bec0 <QTWTF::pageheap_memory>)
    at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:2359
#4  0x00007f22d6044989 in QTWTF::TCMalloc_PageHeap::runScavengerThread (context=<optimized out>) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:1464
#5  0x00007f22d876b6db in start_thread (arg=0x7f228affd700) at pthread_create.c:463
#6  0x00007f22d677b88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 5 (Thread 1120.1233):
#0  0x00007f22d87719f3 in futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x558117745528) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  __pthread_cond_wait_common (abstime=0x0, mutex=0x5581177454d8, cond=0x558117745500) at pthread_cond_wait.c:502
#2  __pthread_cond_wait (cond=cond@entry=0x558117745500, mutex=mutex@entry=0x5581177454d8) at pthread_cond_wait.c:655
#3  0x00007f22af63decb in cnd_wait (mtx=0x5581177454d8, cond=0x558117745500) at ../include/c11/threads_posix.h:155
#4  util_queue_thread_func (input=input@entry=0x55811777ec60) at ../src/util/u_queue.c:258
#5  0x00007f22af63dac7 in impl_thrd_routine (p=<optimized out>) at ../include/c11/threads_posix.h:87
#6  0x00007f22d876b6db in start_thread (arg=0x7f22ae1c3700) at pthread_create.c:463
#7  0x00007f22d677b88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 1120.1157):
#0  0x00007f22d676ebf9 in __GI___poll (fds=0x7f22b40029e0, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f22cdb505c9 in ?? () from target:/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f22cdb506dc in g_main_context_iteration () from target:/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f22d72fd0bc in QEventDispatcherGlib::processEvents (this=0x7f22b4000b20, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#4  0x00007f22d729c63a in QEventLoop::exec (this=this@entry=0x7f22be778da0, flags=..., flags@entry=...) at kernel/qeventloop.cpp:225
#5  0x00007f22d70ad317 in QThread::exec (this=<optimized out>) at thread/qthread.cpp:536
#6  0x00007f22d70ae7ec in QThreadPrivate::start (arg=0x5581176744e0) at thread/qthread_unix.cpp:342
#7  0x00007f22d876b6db in start_thread (arg=0x7f22be779700) at pthread_create.c:463
#8  0x00007f22d677b88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 1120.1156):
#0  0x00007f22d676ebf9 in __GI___poll (fds=0x7f22b0002de0, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f22cdb505c9 in ?? () from target:/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f22cdb506dc in g_main_context_iteration () from target:/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f22d72fd0bc in QEventDispatcherGlib::processEvents (this=0x7f22b0000b20, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#4  0x00007f22d729c63a in QEventLoop::exec (this=this@entry=0x7f22bef79da0, flags=..., flags@entry=...) at kernel/qeventloop.cpp:225
#5  0x00007f22d70ad317 in QThread::exec (this=<optimized out>) at thread/qthread.cpp:536
#6  0x00007f22d70ae7ec in QThreadPrivate::start (arg=0x558117674e40) at thread/qthread_unix.cpp:342
---Type <return> to continue, or q <return> to quit---
#7  0x00007f22d876b6db in start_thread (arg=0x7f22bef7a700) at pthread_create.c:463
#8  0x00007f22d677b88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 1120.1140):
#0  0x00007f22d676ebf9 in __GI___poll (fds=0x7f22b8017a70, nfds=5, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f22cdb505c9 in ?? () from target:/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f22cdb506dc in g_main_context_iteration () from target:/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f22d72fd0bc in QEventDispatcherGlib::processEvents (this=0x7f22b8000b20, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#4  0x00007f22d729c63a in QEventLoop::exec (this=this@entry=0x7f22bfde1d70, flags=..., flags@entry=...) at kernel/qeventloop.cpp:225
#5  0x00007f22d70ad317 in QThread::exec (this=this@entry=0x7f22d8762da0 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread.cpp:536
#6  0x00007f22d84ea555 in QDBusConnectionManager::run (this=0x7f22d8762da0 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:179
#7  0x00007f22d70ae7ec in QThreadPrivate::start (arg=0x7f22d8762da0 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:342
#8  0x00007f22d876b6db in start_thread (arg=0x7f22bfde2700) at pthread_create.c:463
#9  0x00007f22d677b88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 1120.1120):
#0  __memmove_sse2_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:249
#1  0x00007f22d0a24aa1 in memcpy (__len=262144, __src=0x0, __dest=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
#2  QImage::copy (this=this@entry=0x558117775e20, r=...) at image/qimage.cpp:1172
#3  0x00007f22d0a24cdf in QImage::detach (this=this@entry=0x558117775e20) at image/qimage.cpp:1091
#4  0x00007f22d0a25ae0 in QImage::fill (this=0x558117775e20, color=...) at image/qimage.cpp:1806
#5  0x00007f22d0a25f5f in QImage::fill (this=this@entry=0x558117775e20, color=color@entry=Qt::transparent) at image/qimage.cpp:1780
#6  0x00007f22bf3bdffd in KWin::DrmOutput::updateCursor (this=0x5581176fb780) at ./plugins/platforms/drm/drm_output.cpp:175
#7  0x00007f22bf3b0e55 in KWin::DrmBackend::updateCursor (this=0x558117669b60) at ./plugins/platforms/drm/drm_backend.cpp:701
#8  0x00007f22d72d8fe7 in QtPrivate::QSlotObjectBase::call (a=0x7ffe0444acf0, r=0x558117669b60, this=<optimized out>)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:394
#9  doActivate<false> (sender=0x55811766f960, signal_index=3, argv=0x7ffe0444acf0) at kernel/qobject.cpp:3870
#10 0x00007f22d72d38a2 in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7f22da18be40 <KWin::Cursors::staticMetaObject>, 
    local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffe0444acf0) at kernel/qobject.cpp:3930
#11 0x00007f22d9eb960f in KWin::Cursors::currentCursorChanged (this=<optimized out>, _t1=<optimized out>)
    at ./obj-x86_64-linux-gnu/kwin_autogen/EWIEGA46WW/moc_cursor.cpp:385
#12 0x00007f22d72d8fe7 in QtPrivate::QSlotObjectBase::call (a=0x7ffe0444adb0, r=0x55811766f960, this=<optimized out>)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:394
#13 doActivate<false> (sender=0x5581176cf560, signal_index=5, argv=0x7ffe0444adb0) at kernel/qobject.cpp:3870
#14 0x00007f22d72d38a2 in QMetaObject::activate (sender=sender@entry=0x5581176cf560, m=m@entry=0x7f22da18be80 <KWin::Cursor::staticMetaObject>, 
    local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x0) at kernel/qobject.cpp:3930
#15 0x00007f22d9eb5f43 in KWin::Cursor::cursorChanged (this=this@entry=0x5581176cf560) at ./obj-x86_64-linux-gnu/kwin_autogen/EWIEGA46WW/moc_cursor.cpp:217
#16 0x00007f22d9d2172b in KWin::Cursor::updateCursor (this=this@entry=0x5581176cf560, image=..., hotspot=...) at ./cursor.cpp:187
#17 0x00007f22d9dc78eb in KWin::PointerInputRedirection::<lambda()>::operator() (__closure=<optimized out>) at ./pointer_input.cpp:135
#18 QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, KWin::PointerInputRedirection::init()::<lambda()> >::call (arg=<optimized out>, f=...)
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:146
#19 QtPrivate::Functor<KWin::PointerInputRedirection::init()::<lambda()>, 0>::call<QtPrivate::List<>, void> (arg=<optimized out>, f=...)
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:256
---Type <return> to continue, or q <return> to quit---
#20 QtPrivate::QFunctorSlotObject<KWin::PointerInputRedirection::init()::<lambda()>, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=<optimized out>, this_=<optimized out>, r=<optimized out>, a=<optimized out>, ret=<optimized out>)
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:439
#21 0x00007f22d72d8fe7 in QtPrivate::QSlotObjectBase::call (a=0x7ffe0444aef0, r=0x5581176cf560, this=<optimized out>)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:394
#22 doActivate<false> (sender=0x558117c93940, signal_index=3, argv=0x7ffe0444aef0) at kernel/qobject.cpp:3870
#23 0x00007f22d9dc3f15 in KWin::CursorImage::update (this=0x558117c93940) at ./pointer_input.cpp:1041
#24 0x00007f22d72d8fe7 in QtPrivate::QSlotObjectBase::call (a=0x7ffe0444b090, r=0x558117c93940, this=<optimized out>)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:394
#25 doActivate<false> (sender=0x5581176619d0, signal_index=14, argv=0x7ffe0444b090) at kernel/qobject.cpp:3870
#26 0x00007f22d8a50ae2 in KWayland::Server::SeatInterface::focusedPointerChanged(KWayland::Server::PointerInterface*) ()
   from target:/usr/lib/x86_64-linux-gnu/libKF5WaylandServer.so.5
#27 0x00007f22d72d8fe7 in QtPrivate::QSlotObjectBase::call (a=0x7ffe0444b1b0, r=0x5581176619d0, this=<optimized out>)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:394
#28 doActivate<false> (sender=0x5581180eaeb0, signal_index=0, argv=0x7ffe0444b1b0) at kernel/qobject.cpp:3870
#29 0x00007f22d72d38a2 in QMetaObject::activate (sender=sender@entry=0x5581180eaeb0, m=m@entry=0x7f22d7762c60 <QObject::staticMetaObject>, 
    local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffe0444b1b0) at kernel/qobject.cpp:3930
#30 0x00007f22d72d394f in QObject::destroyed (this=this@entry=0x5581180eaeb0, _t1=<optimized out>, _t1@entry=0x5581180eaeb0) at .moc/moc_qobject.cpp:219
#31 0x00007f22d72d6df4 in QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>) at kernel/qobject.cpp:1017
#32 0x00007f22d8a11d49 in KWayland::Server::PointerInterface::~PointerInterface() () from target:/usr/lib/x86_64-linux-gnu/libKF5WaylandServer.so.5
#33 0x00007f22d72d0eb5 in QObject::event (this=0x5581180eaeb0, e=0x5581180b9f30) at kernel/qobject.cpp:1326
#34 0x00007f22d78d18bc in QApplicationPrivate::notify_helper (this=this@entry=0x55811761def0, receiver=receiver@entry=0x5581180eaeb0, e=e@entry=0x5581180b9f30)
    at kernel/qapplication.cpp:3684
#35 0x00007f22d78d8ac0 in QApplication::notify (this=0x7ffe0444b990, receiver=0x5581180eaeb0, e=0x5581180b9f30) at kernel/qapplication.cpp:3430
#36 0x00007f22d729ddb8 in QCoreApplication::notifyInternal2 (receiver=0x5581180eaeb0, event=0x5581180b9f30) at kernel/qcoreapplication.cpp:1092
#37 0x00007f22d729df8e in QCoreApplication::sendEvent (receiver=receiver@entry=0x5581180eaeb0, event=event@entry=0x5581180b9f30) at kernel/qcoreapplication.cpp:1487
#38 0x00007f22d72a0a31 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5581175f5680) at kernel/qcoreapplication.cpp:1832
#39 0x00007f22d72fa3e4 in QEventDispatcherUNIX::processEvents (this=0x55811762b9b0, flags=...) at kernel/qeventdispatcher_unix.cpp:466
#40 0x00007f22c3016c2d in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from target:/usr/lib/x86_64-linux-gnu/qt5/plugins/platforms/KWinQpaPlugin.so
#41 0x0000558117342892 in KWin::Xwl::Xwayland::~Xwayland (this=0x558117a86550, __in_chrg=<optimized out>) at ./xwl/xwayland.cpp:103
#42 0x0000558117342979 in KWin::Xwl::Xwayland::~Xwayland (this=0x558117a86550, __in_chrg=<optimized out>) at ./xwl/xwayland.cpp:108
#43 0x000055811732fa47 in KWin::ApplicationWayland::~ApplicationWayland (this=0x7ffe0444b990, __in_chrg=<optimized out>) at ./main_wayland.cpp:142
#44 0x000055811732d808 in main (argc=<optimized out>, argv=<optimized out>) at ./main_wayland.cpp:406

Comment 1 Méven Car 2020-04-17 16:31:02 UTC

Git commit e8a1f8ecccb548af2f80b2619669da9dc135f175 by Méven Car.
Committed on 17/04/2020 at 16:25.
Pushed by meven into branch 'Plasma/5.18'.

Avoid crash in KWin::DrmOutput::updateCursor

Summary:

Sample stack traces :

>From bug:

  #2  QImage::copy (this=this@entry=0x558117775e20, r=...) at image/qimage.cpp:1172
  #3  0x00007f22d0a24cdf in QImage::detach (this=this@entry=0x558117775e20) at image/qimage.cpp:1091
  #4  0x00007f22d0a25ae0 in QImage::fill (this=0x558117775e20, color=...) at image/qimage.cpp:1806
  #5  0x00007f22d0a25f5f in QImage::fill (this=this@entry=0x558117775e20, color=color@entry=Qt::transparent) at image/qimage.cpp:1780
  #6  0x00007f22bf3bdffd in KWin::DrmOutput::updateCursor (this=0x5581176fb780) at ./plugins/platforms/drm/drm_output.cpp:175
  #7  0x00007f22bf3b0e55 in KWin::DrmBackend::updateCursor (this=0x558117669b60) at ./plugins/platforms/drm/drm_backend.cpp:701

Locally reproduced:

  #0  0x00007f360611e159 in KWayland::Server::OutputDeviceInterface::transform() const (this=<optimized out>)
      at /home/meven/kde/src/kwayland/src/server/outputdevice_interface.cpp:590
  #1  0x00007f3607438059 in KWin::AbstractWaylandOutput::transform() const (this=this@entry=0x5645bed10f90) at /home/meven/kde/src/kwin/abstract_wayland_output.cpp:317
  #2  0x00007f35ecd8acd3 in KWin::DrmOutput::matrixDisplay(QSize const&) const (this=0x5645bed10f90, s=...)
      at /home/meven/kde/src/kwin/plugins/platforms/drm/drm_output.cpp:155
  #3  0x00007f35ecd8efa9 in KWin::DrmOutput::updateCursor() (this=<optimized out>) at /home/meven/kde/src/kwin/plugins/platforms/drm/drm_output.cpp:179
  #4  0x00007f35ecd81db5 in KWin::DrmBackend::updateCursor() (this=0x5645bec743a0) at /home/meven/kde/src/kwin/plugins/platforms/drm/drm_backend.cpp:701
  #5  0x00007f36049e7fe7 in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
  #6  0x00007f36075ee43f in KWin::Cursors::currentCursorChanged(KWin::Cursor*) (this=<optimized out>, _t1=<optimized out>)
      at /home/meven/kde/build/kwin/kwin_autogen/EWIEGA46WW/moc_cursor.cpp:385

Test Plan: Could not reproduce

Reviewers: #kwin, zzag, davidedmundson

Reviewed By: #kwin, davidedmundson

Subscribers: ngraham, apol, kwin

Tags: #kwin

Differential Revision: https://phabricator.kde.org/D28889

M  +8    -0    plugins/platforms/drm/drm_output.cpp

https://commits.kde.org/kwin/e8a1f8ecccb548af2f80b2619669da9dc135f175

Comment 2 Patrick Silva 2020-05-07 16:57:35 UTC

was this fix applied to neon unstable?
This crash is still happening.

Thread 11 (Thread 1195.1305):
#0  0x00007fb339c939f3 in futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x7fb337855fb8 <QTWTF::pageheap_memory+57592>)
    at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  __pthread_cond_wait_common (abstime=0x0, mutex=0x7fb337855f68 <QTWTF::pageheap_memory+57512>, cond=0x7fb337855f90 <QTWTF::pageheap_memory+57552>)
    at pthread_cond_wait.c:502
#2  __pthread_cond_wait (cond=cond@entry=0x7fb337855f90 <QTWTF::pageheap_memory+57552>, mutex=mutex@entry=0x7fb337855f68 <QTWTF::pageheap_memory+57512>)
    at pthread_cond_wait.c:655
#3  0x00007fb337560934 in QTWTF::TCMalloc_PageHeap::scavengerThread (this=0x7fb337847ec0 <QTWTF::pageheap_memory>)
    at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:2359
#4  0x00007fb337560979 in QTWTF::TCMalloc_PageHeap::runScavengerThread (context=<optimized out>) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:1464
#5  0x00007fb339c8d6db in start_thread (arg=0x7fb2e3fff700) at pthread_create.c:463
#6  0x00007fb337c9b88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 5 (Thread 1195.1262):
#0  0x00007fb339c939f3 in futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x55786a0c0b28) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  __pthread_cond_wait_common (abstime=0x0, mutex=0x55786a0c0ad8, cond=0x55786a0c0b00) at pthread_cond_wait.c:502
#2  __pthread_cond_wait (cond=cond@entry=0x55786a0c0b00, mutex=mutex@entry=0x55786a0c0ad8) at pthread_cond_wait.c:655
#3  0x00007fb31897aecb in cnd_wait (mtx=0x55786a0c0ad8, cond=0x55786a0c0b00) at ../include/c11/threads_posix.h:155
#4  util_queue_thread_func (input=input@entry=0x55786a0f0df0) at ../src/util/u_queue.c:258
#5  0x00007fb31897aac7 in impl_thrd_routine (p=<optimized out>) at ../include/c11/threads_posix.h:87
#6  0x00007fb339c8d6db in start_thread (arg=0x7fb3133ac700) at pthread_create.c:463
#7  0x00007fb337c9b88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 1195.1261):
#0  0x00007fb337c8ebf9 in __GI___poll (fds=0x7fb30c0029e0, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fb32ede55c9 in ?? () from target:/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fb32ede56dc in g_main_context_iteration () from target:/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fb33881d7ac in QEventDispatcherGlib::processEvents (this=0x7fb30c000b20, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#4  0x00007fb3387bcd2a in QEventLoop::exec (this=this@entry=0x7fb31b7fdda0, flags=..., flags@entry=...) at kernel/qeventloop.cpp:225
#5  0x00007fb3385cd757 in QThread::exec (this=<optimized out>) at thread/qthread.cpp:536
#6  0x00007fb3385cec2c in QThreadPrivate::start (arg=0x55786a005460) at thread/qthread_unix.cpp:342
#7  0x00007fb339c8d6db in start_thread (arg=0x7fb31b7fe700) at pthread_create.c:463
#8  0x00007fb337c9b88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 1195.1260):
#0  0x00007fb337c8ebf9 in __GI___poll (fds=0x7fb314002de0, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fb32ede55c9 in ?? () from target:/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fb32ede56dc in g_main_context_iteration () from target:/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fb33881d7ac in QEventDispatcherGlib::processEvents (this=0x7fb314000b20, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#4  0x00007fb3387bcd2a in QEventLoop::exec (this=this@entry=0x7fb31bffeda0, flags=..., flags@entry=...) at kernel/qeventloop.cpp:225
#5  0x00007fb3385cd757 in QThread::exec (this=<optimized out>) at thread/qthread.cpp:536
---Type <return> to continue, or q <return> to quit---
#6  0x00007fb3385cec2c in QThreadPrivate::start (arg=0x55786a005dc0) at thread/qthread_unix.cpp:342
#7  0x00007fb339c8d6db in start_thread (arg=0x7fb31bfff700) at pthread_create.c:463
#8  0x00007fb337c9b88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 1195.1258):
#0  0x00007fb337c8ebf9 in __GI___poll (fds=0x7fb31c017ad0, nfds=5, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fb32ede55c9 in ?? () from target:/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fb32ede56dc in g_main_context_iteration () from target:/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fb33881d7ac in QEventDispatcherGlib::processEvents (this=0x7fb31c000b20, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#4  0x00007fb3387bcd2a in QEventLoop::exec (this=this@entry=0x7fb320fd7d70, flags=..., flags@entry=...) at kernel/qeventloop.cpp:225
#5  0x00007fb3385cd757 in QThread::exec (this=this@entry=0x7fb339c84da0 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread.cpp:536
#6  0x00007fb339a0c555 in QDBusConnectionManager::run (this=0x7fb339c84da0 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:179
#7  0x00007fb3385cec2c in QThreadPrivate::start (arg=0x7fb339c84da0 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:342
#8  0x00007fb339c8d6db in start_thread (arg=0x7fb320fd8700) at pthread_create.c:463
#9  0x00007fb337c9b88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 1195.1195):
#0  0x00007fb3205b5081 in KWin::DrmOutput::updateCursor (this=0x55786a072630) at ./plugins/platforms/drm/drm_output.cpp:179
#1  0x00007fb3205a7eb5 in KWin::DrmBackend::updateCursor (this=0x557869fe6450) at ./plugins/platforms/drm/drm_backend.cpp:701
#2  0x00007fb3387f96d7 in QtPrivate::QSlotObjectBase::call (a=0x7ffe58124fe0, r=0x557869fe6450, this=<optimized out>)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#3  doActivate<false> (sender=0x557869fea8d0, signal_index=3, argv=0x7ffe58124fe0) at kernel/qobject.cpp:3870
#4  0x00007fb3387f3f92 in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7fb33b6b2e00 <KWin::Cursors::staticMetaObject>, 
    local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffe58124fe0) at kernel/qobject.cpp:3930
#5  0x00007fb33b3df48f in KWin::Cursors::currentCursorChanged (this=<optimized out>, _t1=<optimized out>)
    at ./obj-x86_64-linux-gnu/kwin_autogen/EWIEGA46WW/moc_cursor.cpp:385
#6  0x00007fb3387f96d7 in QtPrivate::QSlotObjectBase::call (a=0x7ffe581250a0, r=0x557869fea8d0, this=<optimized out>)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#7  doActivate<false> (sender=0x55786a045610, signal_index=5, argv=0x7ffe581250a0) at kernel/qobject.cpp:3870
#8  0x00007fb3387f3f92 in QMetaObject::activate (sender=sender@entry=0x55786a045610, m=m@entry=0x7fb33b6b2e40 <KWin::Cursor::staticMetaObject>, 
    local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x0) at kernel/qobject.cpp:3930
#9  0x00007fb33b3dbb83 in KWin::Cursor::cursorChanged (this=this@entry=0x55786a045610) at ./obj-x86_64-linux-gnu/kwin_autogen/EWIEGA46WW/moc_cursor.cpp:217
#10 0x00007fb33b24539b in KWin::Cursor::updateCursor (this=this@entry=0x55786a045610, image=..., hotspot=...) at ./cursor.cpp:187
#11 0x00007fb33b2eb67b in KWin::PointerInputRedirection::<lambda()>::operator() (__closure=<optimized out>) at ./pointer_input.cpp:135
#12 QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, KWin::PointerInputRedirection::init()::<lambda()> >::call (arg=<optimized out>, f=...)
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:146
#13 QtPrivate::Functor<KWin::PointerInputRedirection::init()::<lambda()>, 0>::call<QtPrivate::List<>, void> (arg=<optimized out>, f=...)
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:256
#14 QtPrivate::QFunctorSlotObject<KWin::PointerInputRedirection::init()::<lambda()>, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=<optimized out>, this_=<optimized out>, r=<optimized out>, a=<optimized out>, ret=<optimized out>)
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:443
#15 0x00007fb3387f96d7 in QtPrivate::QSlotObjectBase::call (a=0x7ffe581251e0, r=0x55786a045610, this=<optimized out>)
---Type <return> to continue, or q <return> to quit---
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#16 doActivate<false> (sender=0x55786a555990, signal_index=3, argv=0x7ffe581251e0) at kernel/qobject.cpp:3870
#17 0x00007fb33b2e7ca5 in KWin::CursorImage::update (this=0x55786a555990) at ./pointer_input.cpp:1041
#18 0x00007fb3387f96d7 in QtPrivate::QSlotObjectBase::call (a=0x7ffe58125380, r=0x55786a555990, this=<optimized out>)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#19 doActivate<false> (sender=0x557869ff9dc0, signal_index=14, argv=0x7ffe58125380) at kernel/qobject.cpp:3870
#20 0x00007fb339f73192 in KWaylandServer::SeatInterface::focusedPointerChanged(KWaylandServer::PointerInterface*) ()
   from target:/usr/lib/x86_64-linux-gnu/libKWaylandServer.so.5
#21 0x00007fb3387f96d7 in QtPrivate::QSlotObjectBase::call (a=0x7ffe581254a0, r=0x557869ff9dc0, this=<optimized out>)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#22 doActivate<false> (sender=0x7fb31c01c520, signal_index=0, argv=0x7ffe581254a0) at kernel/qobject.cpp:3870
#23 0x00007fb3387f3f92 in QMetaObject::activate (sender=sender@entry=0x7fb31c01c520, m=m@entry=0x7fb338c83c40 <QObject::staticMetaObject>, 
    local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffe581254a0) at kernel/qobject.cpp:3930
#24 0x00007fb3387f403f in QObject::destroyed (this=this@entry=0x7fb31c01c520, _t1=<optimized out>, _t1@entry=0x7fb31c01c520) at .moc/moc_qobject.cpp:219
#25 0x00007fb3387f74e4 in QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>) at kernel/qobject.cpp:1017
#26 0x00007fb339f343a9 in KWaylandServer::PointerInterface::~PointerInterface() () from target:/usr/lib/x86_64-linux-gnu/libKWaylandServer.so.5
#27 0x00007fb3387f15a5 in QObject::event (this=0x7fb31c01c520, e=0x55786a63a220) at kernel/qobject.cpp:1326
#28 0x00007fb338df29ac in QApplicationPrivate::notify_helper (this=this@entry=0x557869f9e880, receiver=receiver@entry=0x7fb31c01c520, e=e@entry=0x55786a63a220)
    at kernel/qapplication.cpp:3685
#29 0x00007fb338df9bb0 in QApplication::notify (this=0x7ffe58125c80, receiver=0x7fb31c01c520, e=0x55786a63a220) at kernel/qapplication.cpp:3431
#30 0x00007fb3387be4a8 in QCoreApplication::notifyInternal2 (receiver=0x7fb31c01c520, event=0x55786a63a220) at kernel/qcoreapplication.cpp:1075
#31 0x00007fb3387be67e in QCoreApplication::sendEvent (receiver=receiver@entry=0x7fb31c01c520, event=event@entry=0x55786a63a220) at kernel/qcoreapplication.cpp:1470
#32 0x00007fb3387c1121 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x557869f75680) at kernel/qcoreapplication.cpp:1815
#33 0x00007fb33881aad4 in QEventDispatcherUNIX::processEvents (this=0x557869fc08c0, flags=...) at kernel/qeventdispatcher_unix.cpp:466
#34 0x00007fb32420dc4d in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from target:/usr/lib/x86_64-linux-gnu/qt5/plugins/platforms/KWinQpaPlugin.so
#35 0x00005578686d0f42 in KWin::Xwl::Xwayland::~Xwayland (this=0x55786a3fc490, __in_chrg=<optimized out>) at ./xwl/xwayland.cpp:103
#36 0x00005578686d1029 in KWin::Xwl::Xwayland::~Xwayland (this=0x55786a3fc490, __in_chrg=<optimized out>) at ./xwl/xwayland.cpp:108
#37 0x00005578686bdb77 in KWin::ApplicationWayland::~ApplicationWayland (this=0x7ffe58125c80, __in_chrg=<optimized out>) at ./main_wayland.cpp:143
#38 0x00005578686bb938 in main (argc=<optimized out>, argv=<optimized out>) at ./main_wayland.cpp:431

Comment 3 Nate Graham 2020-05-07 17:40:07 UTC

Works for me on openSUSE Tumbleweed, FWIW.

Comment 4 Andrey 2020-07-27 20:17:18 UTC

Created attachment 130441 [details]
SIGSEGV

I suppose we shall reopen it since the crash is still there?
GDB log attached.

Comment 5 Andrey 2020-07-27 20:21:49 UTC

Comment on attachment 130441 [details]
SIGSEGV

>Thread 1 "kwin_wayland" received signal SIGSEGV, Segmentation fault.
>0x00007f6e590ad6a4 in KWin::DrmOutput::updateCursor (this=0x560368bdcf30) at /home/bam/kde/src/kwin/plugins/platforms/drm/drm_output.cpp:179
>179	    QImage *c = m_cursor[m_cursorIndex]->image();

Comment 6 Bug Janitor Service 2020-07-28 22:27:47 UTC

A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/155

Comment 7 Aleix Pol 2020-07-29 11:03:34 UTC

Andrey your gdb traces are useless if you don't type "where" to see where it crashed.

Comment 8 Andrey 2020-07-29 16:06:48 UTC

Created attachment 130492 [details]
SIGSEGV with backtrace

Here is the crash with backtrace, taken with the following command:
gdb -q -p `pidof kwin-wayland`
   -batch -ex 'set logging on'
       -ex 'set print thread-events off'
       -ex 'handle SIGALRM nostop pass'
       -ex 'handle SIGCHLD nostop pass'
       -ex 'contin'
       -ex 'thread apply all backtrace'

Comment 9 David Edmundson 2020-08-06 12:25:07 UTC

davidedmundson wrote:
> @bug_id = 420077
> @bug_status = RESOLVED
> @resolution = FIXED
> @cf_commitlink = https://invent.kde.org/plasma/kwin/commit/307a9bc5590f6f82b279a611b1f406bbd423687e
>
> Git commit 307a9bc5590f6f82b279a611b1f406bbd423687e by David Edmundson, on behalf of Andrey Butirsky.
> Committed on 06/08/2020 at 12:21.
> Pushed by davidedmundson into branch 'master'.
>
> Avoid crash in KWin on Session leave
>
> - hunk of original commit e8a1f8ecc seems was lost during a94be708e merge,
> so restoring it again
> - add missing check
>
> Original Differential Revision: https://phabricator.kde.org/D28889
>
> M  +7    -0    plugins/platforms/drm/drm_output.cpp
>
> https://invent.kde.org/plasma/kwin/commit/307a9bc5590f6f82b279a611b1f406bbd423687e