SUMMARY kwin_wayland segmentation faulted in KWin::LibInput::Context::closeRestricted when logging out of Plasma 5.22.5 on Wayland in a Fedora 35 KDE Plasma installation. The screen went black and then Plasma restarted. Core was generated by `kwin_wayland --wayland_fd 4 --xwayland /usr/libexec/startplasma-waylandsession'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007fe383646a95 in KWin::LibInput::Context::closeRestricted (this=0x558b8b8fb7a0, fd=33) at /usr/src/debug/kwin-5.22.5-1.fc35.x86_64/src/libinput/context.cpp:146 Downloading source file /usr/src/debug/kwin-5.22.5-1.fc35.x86_64/src/libinput/context.cpp... 146 kwinApp()->platform()->session()->closeRestricted(fd); [Current thread is 1 (Thread 0x7fe36d78d640 (LWP 2255))] (gdb) bt #0 0x00007fe383646a95 in KWin::LibInput::Context::closeRestricted(int) (this=0x558b8b8fb7a0, fd=33) at /usr/src/debug/kwin-5.22.5-1.fc35.x86_64/src/libinput/context.cpp:146 #1 KWin::LibInput::Context::closeRestrictedCallBack(int, void*) (fd=33, user_data=0x558b8b8fb7a0) at /usr/src/debug/kwin-5.22.5-1.fc35.x86_64/src/libinput/context.cpp:97 #2 0x00007fe380e19101 in close_restricted (libinput=<optimized out>, libinput=0x558b8b8fb7c0, fd=<optimized out>) at ../src/libinput.c:2054 #3 evdev_device_suspend (device=device@entry=0x558b8b9b8bf0) at ../src/evdev.c:2871 #4 0x00007fe380e22e76 in evdev_device_remove (device=0x558b8b9b8bf0) at ../src/evdev.c:2961 #5 0x00007fe380e129e4 in evdev_device_dispatch (data=0x558b8b9b8bf0) at ../src/evdev.c:1144 #6 0x00007fe380e0e667 in libinput_dispatch (libinput=0x558b8b8fb7c0) at ../src/libinput.c:2209 #7 0x00007fe383646e7d in KWin::LibInput::Context::dispatch() (this=<optimized out>, this=<optimized out>) at /usr/src/debug/kwin-5.22.5-1.fc35.x86_64/src/libinput/context.cpp:80 #8 KWin::LibInput::Connection::handleEvent() (this=0x558b8b966300) at /usr/src/debug/kwin-5.22.5-1.fc35.x86_64/src/libinput/connection.cpp:231 #9 0x00007fe381c573a9 in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0x7fe36d78c850, r=<optimized out>, this=0x7fe3640047b0) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398 #10 doActivate<false>(QObject*, int, void**) (sender=0x7fe3640046d0, signal_index=3, argv=0x7fe36d78c850) at kernel/qobject.cpp:3886 #11 0x00007fe381c52327 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (sender=sender@entry=0x7fe3640046d0, m=m@entry=0x7fe381efc460 <QSocketNotifier::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fe36d78c850) at kernel/qobject.cpp:3946 #12 0x00007fe381c59b4a in QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) (this=this@entry=0x7fe3640046d0, _t1=..., _t2=<optimized out>, _t3=...) at .moc/moc_qsocketnotifier.cpp:178 #13 0x00007fe381c5a363 in QSocketNotifier::event(QEvent*) (this=0x7fe3640046d0, e=0x7fe36d78c950) at kernel/qsocketnotifier.cpp:302 #14 0x00007fe3828b3443 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x7fe3640046d0, e=0x7fe36d78c950) at kernel/qapplication.cpp:3632 #15 0x00007fe381c23798 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x7fe3640046d0, event=0x7fe36d78c950) at kernel/qcoreapplication.cpp:1064 #16 0x00007fe381c755ff in socketNotifierSourceDispatch(GSource*, GSourceFunc, gpointer) (source=0x7fe364004470) at kernel/qeventdispatcher_glib.cpp:107 #17 0x00007fe37f2d233f in g_main_dispatch (context=0x7fe364000c20) at ../glib/gmain.c:3381 #18 g_main_context_dispatch (context=0x7fe364000c20) at ../glib/gmain.c:4099 #19 0x00007fe37f327288 in g_main_context_iterate.constprop.0 (context=context@entry=0x7fe364000c20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4175 #20 0x00007fe37f2cf9e3 in g_main_context_iteration (context=0x7fe364000c20, may_block=1) at ../glib/gmain.c:4240 #21 0x00007fe381c74b78 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7fe364000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423 #22 0x00007fe381c221a2 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7fe36d78cbd0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69 #23 0x00007fe381a652aa in QThread::exec() (this=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qflags.h:121 #24 0x00007fe381a664a6 in QThreadPrivate::start(void*) (arg=0x558b8b9bc0d0) at thread/qthread_unix.cpp:329 #25 0x00007fe3813caaaf in start_thread (arg=<optimized out>) at pthread_create.c:434 #26 0x00007fe38144f300 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81 The crashes started after an update with updates-testing enabled which included libinput-1.18.901-1.fc35 on 2021-9-3. I downgraded to libinput-1.18.1-1.fc35 and rebooted. The crashes didn't happen when logging out of Plasma with libinput-1.18.1-1.fc35. A change between libinput-1.18.1-1.fc35 and libinput-1.18.901-1.fc35 might be involved in these crashes. The crash happened 4/4 times when logging out of Plasma with libinput-1.18.901-1.fc35 using a mouse, but it didn't happen when I logged out using a touchpad. STEPS TO REPRODUCE 1. Boot a Fedora 35 KDE Plasma installation 2. Log in to Plasma on Wayland 3. Start konsole 4. sudo dnf offline-upgrade download 5. sudo dnf offline-upgrade reboot 6. Log in to Plasma on Wayland 7. Log out of Plasma by selecting the Application Launcher menu > Leave > Log out > OK using a mouse OBSERVED RESULT kwin_wayland segmentation faulted in KWin::LibInput::Context::closeRestricted when logging out of Plasma with libinput-1.18.901-1.fc35 EXPECTED RESULT Plasma would log out normally. SOFTWARE/OS VERSIONS Linux/KDE Plasma: Fedora 35 (available in About System) KDE Plasma Version: 5.22.5 KDE Frameworks Version: 5.85.0 Qt Version: 5.15.2 ADDITIONAL INFORMATION I reported this problem at https://bugzilla.redhat.com/show_bug.cgi?id=2001135
Still happens with git master, too. The reason is that teardown of input depends on the platform, which is deleted before input. Not sure how to best solve it yet, parenting the InputIntegration object to the platform instead of the application causes a different segfault, AFACT due to some annoying details about how C++ destructors work.
(In reply to Zamundaaa from comment #1) > Still happens with git master, too. The reason is that teardown of input > depends on the platform, which is deleted before input. > > Not sure how to best solve it yet, parenting the InputIntegration object to > the platform instead of the application causes a different segfault, AFACT > due to some annoying details about how C++ destructors work. I've seen this kwin_wayland crash happen about 10/15 times when logging out of Plasma using a mouse and 3/6 using a touchpad. The crash also happened with libinput-1.19.0-1.fc35. The problem might involve a race condition where the file descriptor fd had been closed or memory associated with the platform had been freed sometimes before being used by KWin::LibInput::Context::closeRestricted while Plasma was logging out. Thanks.
(In reply to Zamundaaa from comment #1) > Still happens with git master, too. The reason is that teardown of input > depends on the platform, which is deleted before input. > > Not sure how to best solve it yet, parenting the InputIntegration object to > the platform instead of the application causes a different segfault, AFACT > due to some annoying details about how C++ destructors work. to make things even more worse, libinput does some threading stuff... i'd tried to fix this crash, but due to the lack of any design (singleton is absolutely inappropriate here), it's really hard to do. :(
*** Bug 442911 has been marked as a duplicate of this bug. ***
A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/1464
Can somebody please test whether !1464 fixes the issue? I'm unable to reproduce it.
I recompiled kwin with this patch but can only test tomorrow. I will get back to you guys tomorrow.
Tried a few logouts, seems to work
seems to work for me as well, I couldn't reproduce the crash anymore
Git commit 7900068cab6e34e0517439c17438ad544ceb602f by Vlad Zahorodnii. Committed on 28/09/2021 at 14:37. Pushed by vladz into branch 'master'. wayland: Destroy InputRedirection explicitly M +5 -0 src/main.cpp M +1 -0 src/main.h M +1 -0 src/main_wayland.cpp https://invent.kde.org/plasma/kwin/commit/7900068cab6e34e0517439c17438ad544ceb602f
Git commit d7d1c6600ab9c95fb852a66d2a8fb745caa5d716 by Vlad Zahorodnii. Committed on 28/09/2021 at 14:37. Pushed by vladz into branch 'master'. wayland: Move ownership of the libinput thread to InputRedirection When libinput tears down, it may access the Session object. This change re-jitters the shut down logic so the Session object is guaranteed to be valid when libinput stuff gets destroyed. M +16 -0 src/input.cpp M +1 -0 src/input.h M +1 -18 src/libinput/connection.cpp M +0 -3 src/libinput/connection.h https://invent.kde.org/plasma/kwin/commit/d7d1c6600ab9c95fb852a66d2a8fb745caa5d716
The fix has been pushed to git master only. It will be back ported to 5.23 after more testing (the main reason: the fix changes some threading code).
A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/1469
Git commit 6513c66ca6edb7d7bffcaec173eb1c12d2242aac by Vlad Zahorodnii. Committed on 28/09/2021 at 17:29. Pushed by vladz into branch 'master'. wayland: Move ConnectionAdaptor to the same thread as Connection Connection deletes the ConnectionAdaptor, but they are in different threads, which is weird. M +4 -6 src/libinput/connection.cpp https://invent.kde.org/plasma/kwin/commit/6513c66ca6edb7d7bffcaec173eb1c12d2242aac
With all those commits, I'm still getting a Libinput-related crash on logout, but it's a different one. See Bug 443088.
Git commit 7dc1f92c5a26d46df685a5d08b848a5457770b5a by Vlad Zahorodnii. Committed on 01/10/2021 at 08:25. Pushed by vladz into branch 'Plasma/5.23'. wayland: Destroy InputRedirection explicitly (cherry picked from commit 7900068cab6e34e0517439c17438ad544ceb602f) M +5 -0 src/main.cpp M +1 -0 src/main.h M +1 -0 src/main_wayland.cpp https://invent.kde.org/plasma/kwin/commit/7dc1f92c5a26d46df685a5d08b848a5457770b5a
Git commit d18f89b52f499a30527011020a74733c004f0814 by Vlad Zahorodnii. Committed on 01/10/2021 at 08:25. Pushed by vladz into branch 'Plasma/5.23'. wayland: Move ownership of the libinput thread to InputRedirection When libinput tears down, it may access the Session object. This change re-jitters the shut down logic so the Session object is guaranteed to be valid when libinput stuff gets destroyed. (cherry picked from commit d7d1c6600ab9c95fb852a66d2a8fb745caa5d716) M +16 -0 src/input.cpp M +1 -0 src/input.h M +1 -18 src/libinput/connection.cpp M +0 -3 src/libinput/connection.h https://invent.kde.org/plasma/kwin/commit/d18f89b52f499a30527011020a74733c004f0814
Git commit 14090a249d65ac83df4058ebb06cb6d185be65ca by Vlad Zahorodnii. Committed on 01/10/2021 at 08:25. Pushed by vladz into branch 'Plasma/5.23'. wayland: Move ConnectionAdaptor to the same thread as Connection Connection deletes the ConnectionAdaptor, but they are in different threads, which is weird. (cherry picked from commit 6513c66ca6edb7d7bffcaec173eb1c12d2242aac) M +4 -6 src/libinput/connection.cpp https://invent.kde.org/plasma/kwin/commit/14090a249d65ac83df4058ebb06cb6d185be65ca