422711 – kwin_wayland segmentation fault in KWin::LibInput::Connection::applyScreenToDevice when logging in

Bug 422711 - kwin_wayland segmentation fault in KWin::LibInput::Connection::applyScreenToDevice when logging in

Summary: kwin_wayland segmentation fault in KWin::LibInput::Connection::applyScreenToD...

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	kwin
Classification:	Plasma
Component:	wayland-generic (show other bugs)
Version:	5.18.5
Platform:	Fedora RPMs Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	KWin default assignee

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-06-10 04:29 UTC by Matt Fagnani
Modified:	2022-02-04 17:08 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Matt Fagnani 2020-06-10 04:29:38 UTC

SUMMARY

I booted the Fedora Rawhide KDE Plasma live spin Fedora-KDE-Live-x86_64-Rawhide-20200603.n.0.iso which has Plasma 5.18.5, KF 5.70.0/1, Qt 5.14.2. I created a new user in System Settings with a password. I installed kwin-wayland, plasma-workspace-wayland, and their dependencies. I logged out of Plasma on X. I selected the user I created in sddm. I entered an incorrect password and tried to login 3 times. The login was denied. I switched the user to the liveuser and tried to log in to Plasma on Wayland. The screen was briefly black then it went back to sddm. The next login to Plasma on Wayland worked properly. coredumpctl showed that kwin_wayland had a segmentation fault in KWin::LibInput::Connection::applyScreenToDevice at /usr/src/debug/kwin-5.18.5-1.fc33.x86_64/libinput/../screens.h:220 which occurred on the first login to Plasma on Wayland which didn't complete properly. The full trace of all threads from coredumpctl was the following.


Program terminated with signal SIGSEGV, Segmentation fault.

#0  KWin::LibInput::Connection::applyScreenToDevice (this=this@entry=0x5635f74f4300, device=device@entry=0x5635f7605b60) at /usr/src/debug/kwin-5.18.5-1.fc33.x86_64/libinput/../screens.h:220
220         return m_count;
[Current thread is 1 (Thread 0x7fc60d857e00 (LWP 10125))]

(gdb) thread apply all bt full

Thread 4 (Thread 0x7fc5f37fe680 (LWP 10128)):
#0  0x00007fc60c941abf in poll () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007fc60a43dace in g_main_context_iterate.constprop () from /lib64/libglib-2.0.so.0
No symbol table info available.
#2  0x00007fc60a43dc03 in g_main_context_iteration () from /lib64/libglib-2.0.so.0
No symbol table info available.
#3  0x00007fc60cee1b73 in QEventDispatcherGlib::processEvents (this=0x7fc5e4000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
        d = 0x7fc5e4000b80
        canWait = true
        savedFlags = {i = 0}
        result = <optimized out>
#4  0x00007fc60ce9491b in QEventLoop::exec (this=this@entry=0x7fc5f37fdc00, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:136
        d = 0x7fc5e4003090
        locker = {val = 94789782694168}
        ref = <optimized out>
        app = <optimized out>
#5  0x00007fc60cd00427 in QThread::exec (this=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qflags.h:118
        d = 0x5635f75368c0
        locker = {val = 94789782694168}
        eventLoop = {<QObject> = {_vptr.QObject = 0x7fc60d14d948 <vtable for QEventLoop+16>, static sta--Type <RET> for more, q to quit, c to continue without paging--c
ticMetaObject = {d = {superdata = {direct = 0x0}, stringdata = 0x7fc60d0342e0 <qt_meta_stringdata_QObject>, data = 0x7fc60d0341c0 <qt_meta_data_QObject>, static_metacall = 0x7fc60cec3350 <QObject::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}, d_ptr = {d = 0x7fc5e4003090}, static staticQtMetaObject = {d = {superdata = {direct = 0x0}, stringdata = 0x7fc60d037260 <qt_meta_stringdata_Qt>, data = 0x7fc60d034400 <qt_meta_data_Qt>, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}}, static staticMetaObject = {d = {superdata = {direct = 0x7fc60d1452c0 <QObject::staticMetaObject>}, stringdata = 0x7fc60d02e4e0 <qt_meta_stringdata_QEventLoop>, data = 0x7fc60d02e480 <qt_meta_data_QEventLoop>, static_metacall = 0x7fc60ce94630 <QEventLoop::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}}
        returnCode = <optimized out>
#6  0x00007fc60cd01690 in QThreadPrivate::start(void*) () at thread/qthread_unix.cpp:342
        currentThreadData = 0x5635f75370b0
        current_thread_data_once = 2
        current_thread_data_key = 3
        (anonymous namespace)::destroy_current_thread_data_key_dtor_instance_ = {<No data fields>}
#7  0x00007fc60d994479 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#8  0x00007fc60c94cb53 in clone () from /lib64/libc.so.6
No symbol table info available.

Thread 3 (Thread 0x7fc5f3fff680 (LWP 10127)):
#0  0x00007fc60c941abf in poll () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007fc60a43dace in g_main_context_iterate.constprop () from /lib64/libglib-2.0.so.0
No symbol table info available.
#2  0x00007fc60a43dc03 in g_main_context_iteration () from /lib64/libglib-2.0.so.0
No symbol table info available.
#3  0x00007fc60cee1b73 in QEventDispatcherGlib::processEvents (this=0x7fc5ec000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
        d = 0x7fc5ec000b80
        canWait = true
        savedFlags = {i = 0}
        result = <optimized out>
#4  0x00007fc60ce9491b in QEventLoop::exec (this=this@entry=0x7fc5f3ffec00, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:136
        d = 0x7fc5ec003890
        locker = {val = 94789782693784}
        ref = <optimized out>
        app = <optimized out>
#5  0x00007fc60cd00427 in QThread::exec (this=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qflags.h:118
        d = 0x5635f7536740
        locker = {val = 94789782693784}
        eventLoop = {<QObject> = {_vptr.QObject = 0x7fc60d14d948 <vtable for QEventLoop+16>, static staticMetaObject = {d = {superdata = {direct = 0x0}, stringdata = 0x7fc60d0342e0 <qt_meta_stringdata_QObject>, data = 0x7fc60d0341c0 <qt_meta_data_QObject>, static_metacall = 0x7fc60cec3350 <QObject::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}, d_ptr = {d = 0x7fc5ec003890}, static staticQtMetaObject = {d = {superdata = {direct = 0x0}, stringdata = 0x7fc60d037260 <qt_meta_stringdata_Qt>, data = 0x7fc60d034400 <qt_meta_data_Qt>, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}}, static staticMetaObject = {d = {superdata = {direct = 0x7fc60d1452c0 <QObject::staticMetaObject>}, stringdata = 0x7fc60d02e4e0 <qt_meta_stringdata_QEventLoop>, data = 0x7fc60d02e480 <qt_meta_data_QEventLoop>, static_metacall = 0x7fc60ce94630 <QEventLoop::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}}
        returnCode = <optimized out>
#6  0x00007fc60cd01690 in QThreadPrivate::start(void*) () at thread/qthread_unix.cpp:342
        currentThreadData = 0x5635f753b2e0
        current_thread_data_once = 2
        current_thread_data_key = 3
        (anonymous namespace)::destroy_current_thread_data_key_dtor_instance_ = {<No data fields>}
#7  0x00007fc60d994479 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#8  0x00007fc60c94cb53 in clone () from /lib64/libc.so.6
No symbol table info available.

Thread 2 (Thread 0x7fc5f8bba680 (LWP 10126)):
#0  0x00007fc60c941abf in poll () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007fc60a43dace in g_main_context_iterate.constprop () from /lib64/libglib-2.0.so.0
No symbol table info available.
#2  0x00007fc60a43dc03 in g_main_context_iteration () from /lib64/libglib-2.0.so.0
No symbol table info available.
#3  0x00007fc60cee1b73 in QEventDispatcherGlib::processEvents (this=0x7fc5f4000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
        d = 0x7fc5f4000b80
        canWait = true
        savedFlags = {i = 0}
        result = <optimized out>
#4  0x00007fc60ce9491b in QEventLoop::exec (this=this@entry=0x7fc5f8bb9bb0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:136
        d = 0x7fc5f4005350
        locker = {val = 94789782552712}
        ref = <optimized out>
        app = <optimized out>
#5  0x00007fc60cd00427 in QThread::exec (this=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qflags.h:118
        d = 0x5635f7514030
        locker = {val = 94789782552712}
        eventLoop = {<QObject> = {_vptr.QObject = 0x7fc60d14d948 <vtable for QEventLoop+16>, static staticMetaObject = {d = {superdata = {direct = 0x0}, stringdata = 0x7fc60d0342e0 <qt_meta_stringdata_QObject>, data = 0x7fc60d0341c0 <qt_meta_data_QObject>, static_metacall = 0x7fc60cec3350 <QObject::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}, d_ptr = {d = 0x7fc5f4005350}, static staticQtMetaObject = {d = {superdata = {direct = 0x0}, stringdata = 0x7fc60d037260 <qt_meta_stringdata_Qt>, data = 0x7fc60d034400 <qt_meta_data_Qt>, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}}, static staticMetaObject = {d = {superdata = {direct = 0x7fc60d1452c0 <QObject::staticMetaObject>}, stringdata = 0x7fc60d02e4e0 <qt_meta_stringdata_QEventLoop>, data = 0x7fc60d02e480 <qt_meta_data_QEventLoop>, static_metacall = 0x7fc60ce94630 <QEventLoop::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}}
        returnCode = <optimized out>
#6  0x00007fc60d91451b in QDBusConnectionManager::run (this=0x7fc60d983060 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:179
        locker = <optimized out>
#7  0x00007fc60cd01690 in QThreadPrivate::start(void*) () at thread/qthread_unix.cpp:342
        currentThreadData = 0x5635f7514130
        current_thread_data_once = 2
        current_thread_data_key = 3
        (anonymous namespace)::destroy_current_thread_data_key_dtor_instance_ = {<No data fields>}
#8  0x00007fc60d994479 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#9  0x00007fc60c94cb53 in clone () from /lib64/libc.so.6
No symbol table info available.

Thread 1 (Thread 0x7fc60d857e00 (LWP 10125)):
#0  KWin::LibInput::Connection::applyScreenToDevice (this=this@entry=0x5635f74f4300, device=device@entry=0x5635f7605b60) at /usr/src/debug/kwin-5.18.5-1.fc33.x86_64/libinput/../screens.h:220
        locker = <optimized out>
        id = -1
#1  0x00007fc60de4fce5 in KWin::LibInput::Connection::processEvents (this=0x5635f74f4300) at /usr/src/debug/kwin-5.18.5-1.fc33.x86_64/libinput/connection.cpp:288
        device = 0x5635f7605b60
        event = {d = 0x7fc5e4004ad0}
        locker = {val = 94789782422345}
#2  0x00007fc60cebdb5e in QObject::event (this=0x5635f753bec0, e=0x7fc5e4004be0) at kernel/qobject.cpp:1339
        mce = 0x7fc5e4004be0
        sender = {previous = 0x0, receiver = 0x5635f753bec0, sender = 0x5635f74f4300, signal = 37}
#3  0x00007fc60d2cd063 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib64/libQt5Widgets.so.5
No symbol table info available.
#4  0x00007fc60ce95fc0 in QCoreApplication::notifyInternal2 (receiver=0x5635f753bec0, event=0x7fc5e4004be0) at ../../include/QtCore/../../src/corelib/kernel/qobject.h:153
        selfRequired = true
        result = false
        cbdata = {0x5635f753bec0, 0x7fc5e4004be0, 0x7ffc0054ff6f}
        d = <optimized out>
        threadData = 0x5635f74bad20
        scopeLevelCounter = {threadData = 0x5635f74bad20}
#5  0x00007fc60ce98c47 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5635f74bad20) at kernel/qcoreapplication.cpp:1815
        e = 0x7fc5e4004be0
        pe = <optimized out>
        r = 0x5635f753bec0
        relocker = {m_func = {__locker = @0x7ffc0054ffe0}, m_invoke = true}
        event_deleter = {d = 0x7fc5e4004be0}
        locker = {_M_device = 0x5635f74bad50, _M_owns = false}
        startOffset = 0
        i = @0x5635f74bad44: 2
        cleanup = {receiver = 0x0, event_type = 0, data = 0x5635f74bad20, exceptionCaught = true}
#6  0x00007fc60cedef77 in QEventDispatcherUNIX::processEvents (this=0x5635f74f2920, flags=...) at kernel/qeventdispatcher_unix.cpp:466
        d = 0x5635f74f3b60
        include_timers = <optimized out>
        include_notifiers = <optimized out>
        wait_for_events = <optimized out>
        canWait = <optimized out>
        tm = <optimized out>
        wait_tm = {tv_sec = 140488564931968, tv_nsec = 140488564932751}
        nevents = <optimized out>
#7  0x00007fc5f97f4e01 in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt5/plugins/platforms/KWinQpaPlugin.so
No symbol table info available.
#8  0x00007fc60ce9491b in QEventLoop::exec (this=this@entry=0x7ffc00550180, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:136
        d = 0x5635f7571200
        locker = {val = 94789782283416}
        ref = <optimized out>
        app = <optimized out>
#9  0x00007fc60ce9c5a6 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:118
        threadData = 0x5635f74bad20
        eventLoop = {<QObject> = {_vptr.QObject = 0x7fc60d14d948 <vtable for QEventLoop+16>, static staticMetaObject = {d = {superdata = {direct = 0x0}, stringdata = 0x7fc60d0342e0 <qt_meta_stringdata_QObject>, data = 0x7fc60d0341c0 <qt_meta_data_QObject>, static_metacall = 0x7fc60cec3350 <QObject::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}, d_ptr = {d = 0x5635f7571200}, static staticQtMetaObject = {d = {superdata = {direct = 0x0}, stringdata = 0x7fc60d037260 <qt_meta_stringdata_Qt>, data = 0x7fc60d034400 <qt_meta_data_Qt>, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}}, static staticMetaObject = {d = {superdata = {direct = 0x7fc60d1452c0 <QObject::staticMetaObject>}, stringdata = 0x7fc60d02e4e0 <qt_meta_stringdata_QEventLoop>, data = 0x7fc60d02e480 <qt_meta_data_QEventLoop>, static_metacall = 0x7fc60ce94630 <QEventLoop::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}}
        returnCode = <optimized out>
#10 0x00005635f7053fdb in main ()
No symbol table info available.


STEPS TO REPRODUCE
1. boot the Fedora Rawhide KDE Plasma live spin Fedora-KDE-Live-x86_64-Rawhide-20200603.n.0.iso 
2. create a new user in System Settings with a password.
3. In System Settings, disable Automatically log in as user in Login Screen (sddm) > Advanced
4. sudo dnf install kwin-wayland plasma-workspace-wayland 
5. log out of Plasma on X. 
6. selected the user created in 2. in sddm. 
7. enter an incorrect password. 
8. log in to Plasma on X
9. switch the user to the liveuser in sddm
10. log in to Plasma on Wayland. 

OBSERVED RESULT
kwin_wayland segmentation fault in KWin::LibInput::Connection::applyScreenToDevice when logging in

EXPECTED RESULT
Plasma would log in normally.

SOFTWARE/OS VERSIONS 
Linux/KDE Plasma: Fedora Rawhide
(available in About System)
KDE Plasma Version: 5.18.5
KDE Frameworks Version: 5.70.0/1
Qt Version: 5.70.0/1

ADDITIONAL INFORMATION
I've seen this crash teice when logging to Plasma on Wayland after trying to login with an incorrect password for the second user. I'm unsure which of the steps related to the new user are necessary for the crash to occur. The crash hasn't happened without the creation of the second user.

Comment 1 David Redondo 2022-01-19 15:27:45 UTC

Can you still reproduce

Comment 2 Bug Janitor Service 2022-02-03 04:38:00 UTC

Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!

Comment 3 Matt Fagnani 2022-02-04 06:13:57 UTC

(In reply to David Redondo from comment #1)
> Can you still reproduce

I tried to reproduce this problem in a Fedora 35 KDE Plasma installation with Plasma 5.23.5, KF 5.90.0, Qt 5.15.2 by trying to log in to Plasma on X with an incorrect password as one user from sddm, followed by logging in to Plasma on Wayland with the correct password as another user. The screen went black, and the Plasma splash screen didn't appear. Plasma didn't start normally. sddm reappeared. coredumpctl and journalctl didn't have kwin_wayland crashes, though I'm unsure why Plasma didn't start. The failed Plasma startup happened 2/2 times I tried the above steps. I'm unsure if this is the same problem as I first reported. Thanks.

Comment 4 Vlad Zahorodnii 2022-02-04 07:21:25 UTC

That sounds like a different problem. Can you file a bug report? There were some session related fixes in 5.24, so that issue might be already fixed.

Comment 5 Matt Fagnani 2022-02-04 17:08:48 UTC

(In reply to Vlad Zahorodnii from comment #4)
> That sounds like a different problem. Can you file a bug report? There were
> some session related fixes in 5.24, so that issue might be already fixed.

I reported what I described in comment 3 at https://bugs.kde.org/show_bug.cgi?id=449609 
Thanks.