447079 – kwin_wayland crashes in KWin::EglGbmBackend::scanout() when clicking on an image in NeoChat

Bug 447079 - kwin_wayland crashes in KWin::EglGbmBackend::scanout() when clicking on an image in NeoChat

Summary: kwin_wayland crashes in KWin::EglGbmBackend::scanout() when clicking on an im...

Status:	RESOLVED FIXED

Alias:	None

Product:	kwin
Classification:	Plasma
Component:	wayland-generic (show other bugs)
Version:	git master
Platform:	Other Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	KWin default assignee

URL:
Keywords:	regression

Depends on:
Blocks:

Reported:	2021-12-16 15:15 UTC by Nate Graham
Modified:	2021-12-16 16:04 UTC (History)
CC List:	0 users

See Also:
Latest Commit:	https://invent.kde.org/plasma/kwin/commit/dde7a2efac1f5ad9f1d9b913d8e355ce53a7ed37
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Nate Graham 2021-12-16 15:15:42 UTC

Clicking on an image in NeoChat opens it in a full-screen overlay. As of a few days ago on git master, doing this crashes kwin_wayland for me. It is 100% reproducible. Here is the backtrace:


#0  0x00007fda477c601e in QScopedPointer<KWaylandServer::LinuxDmaBufV1FeedbackPrivate, QScopedPointerDeleter<KWaylandServer::LinuxDmaBufV1FeedbackPrivate> >::operator->() const (this=0x10)
    at /usr/include/qt5/QtCore/qscopedpointer.h:118
#1  KWaylandServer::LinuxDmaBufV1Feedback::setTranches(QVector<KWaylandServer::LinuxDmaBufV1Feedback::Tranche> const&) (this=0x0, tranches=...)
    at /home/nate/kde/src/kwayland-server/src/server/linuxdmabufv1clientbuffer.cpp:444
#2  0x00007fda32aa85dd in KWin::EglGbmBackend::scanout(KWin::AbstractOutput*, KWin::SurfaceItem*)
    (this=0x1157e60, drmOutput=<optimized out>, surfaceItem=0x2a5d050)
    at /home/nate/kde/src/kwin/src/backends/drm/egl_gbm_backend.cpp:627
#3  0x00007fda47d1fb6a in QRegion::operator!=(QRegion const&) const (r=..., this=0x7ffcc3ad7038)
    at /usr/include/qt5/QtGui/qregion.h:156
#4  KWin::SceneOpenGL::paint(KWin::AbstractOutput*, QRegion const&, QList<KWin::Toplevel*> const&, KWin::RenderLoop*)
    (this=0x117c650, output=0x11bc420, damage=<optimized out>, toplevels=<optimized out>, renderLoop=<optimized out>) at /home/nate/kde/src/kwin/src/scenes/opengl/scene_opengl.cpp:327
#5  0x00007fda47ba0e89 in KWin::Compositor::composite(KWin::RenderLoop*)
    (this=0x11346b0, renderLoop=0x12233b0) at /home/nate/kde/src/kwin/src/composite.cpp:631
#6  0x00007fda4540c3e9 in QtPrivate::QSlotObjectBase::call(QObject*, void**)
    (a=0x7ffcc3ad7250, r=<optimized out>, this=0x130de80)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#7  doActivate<false>(QObject*, int, void**)
    (sender=0x12233b0, signal_index=5, argv=0x7ffcc3ad7250) at kernel/qobject.cpp:3886
#8  0x00007fda45407367 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**)
    (sender=<optimized out>, m=m@entry=0x7fda47e1dde0 <KWin::RenderLoop::staticMetaObject>, local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x7ffcc3ad7250) at kernel/qobject.cpp:3946
#9  0x00007fda47b5af32 in KWin::RenderLoop::frameRequested(KWin::RenderLoop*)
    (this=<optimized out>, _t1=<optimized out>)
    at /home/nate/kde/build/kwin/src/kwin_autogen/EWIEGA46WW/moc_renderloop.cpp:206
#10 0x00007fda47c36df3 in QScopedPointer<KWin::RenderLoopPrivate, QScopedPointerDeleter<KWin::RenderLoopPrivate> >::operator->() const (this=0x10) at /usr/include/qt5/QtCore/qscopedpointer.h:116
#11 KWin::RenderLoop::inhibit() (this=0x0) at /home/nate/kde/src/kwin/src/renderloop.cpp:176
#12 0x00007ffcc3ad7370 in  ()
#13 0x00007fda4540c3e9 in QtPrivate::QSlotObjectBase::call(QObject*, void**)
    (a=0x1225180, r=<optimized out>, this=0x12232d0)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#14 doActivate<false>(QObject*, int, void**) (sender=0x1225198, signal_index=3, argv=0x1225180)
    at kernel/qobject.cpp:3886
#15 0x00007fda45407367 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**)
    (sender=<optimized out>, m=m@entry=0x7fda456b15a0 <QTimer::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffcc3ad7370) at kernel/qobject.cpp:3946
#16 0x00007fda4540f68e in QTimer::timeout(QTimer::QPrivateSignal) (this=<optimized out>, _t1=...)
    at .moc/moc_qtimer.cpp:205
#17 0x00007fda45402edf in QObject::event(QEvent*) (this=0x1225198, e=0x7ffcc3ad74d0)
    at kernel/qobject.cpp:1336
#18 0x00007fda45fd8443 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
    (this=<optimized out>, receiver=0x1225198, e=0x7ffcc3ad74d0) at kernel/qapplication.cpp:3632
#19 0x00007fda453d87d8 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
    (receiver=0x1225198, event=0x7ffcc3ad74d0) at kernel/qcoreapplication.cpp:1064
#20 0x00007fda45428ea3 in QTimerInfoList::activateTimers() (this=this@entry=0xebd528)
    at kernel/qtimerinfo_unix.cpp:643
--Type <RET> for more, q to quit, c to continue without paging--
#21 0x00007fda45426660 in QEventDispatcherUNIXPrivate::activateTimers() (this=this@entry=0xebd4a0) at kernel/qeventdispatcher_unix.cpp:249
#22 0x00007fda45427470 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=...) at kernel/qeventdispatcher_unix.cpp:516
#23 0x0000000000542201 in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#24 0x00007fda453d71e2 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffcc3ad7650, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#25 0x00007fda453df724 in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#26 0x00007fda45820c40 in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1860
#27 0x00007fda45fd83b9 in QApplication::exec() () at kernel/qapplication.cpp:2824
#28 0x00000000004472f4 in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at /home/nate/kde/src/kwin/src/main_wayland.cpp:737

Comment 1 Bug Janitor Service 2021-12-16 15:49:16 UTC

A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/1807

Comment 2 Zamundaaa 2021-12-16 16:04:55 UTC

Git commit dde7a2efac1f5ad9f1d9b913d8e355ce53a7ed37 by Xaver Hugl.
Committed on 16/12/2021 at 15:44.
Pushed by ngraham into branch 'master'.

backends/drm: fix crash with direct scanout

M  +3    -1    src/backends/drm/egl_gbm_backend.cpp

https://invent.kde.org/plasma/kwin/commit/dde7a2efac1f5ad9f1d9b913d8e355ce53a7ed37