Bug 448474 - KWin crashed in KWin::DrmOutput::DrmOutput when plugging in an external HDMI screen
Summary: KWin crashed in KWin::DrmOutput::DrmOutput when plugging in an external HDMI ...
Status: RESOLVED FIXED
Alias: None
Product: kwin
Classification: Plasma
Component: wayland-generic (show other bugs)
Version: git master
Platform: Other Linux
: NOR crash
Target Milestone: ---
Assignee: KWin default assignee
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-01-14 16:17 UTC by Nate Graham
Modified: 2022-01-18 21:37 UTC (History)
1 user (show)

See Also:
Latest Commit: https://invent.kde.org/plasma/kwin/commit/24dc3abe918cde9007e19c4351e5778480f5bb75
Version Fixed In: 5.24
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Nate Graham 2022-01-14 16:17:34 UTC 
I plugged in an external 27" 1080p screen into my laptop's HDMI port and kwin_wayland immediately crashed:

#0  QVector<KWin::DrmConnectorMode*>::realloc(int, QFlags<QArrayData::AllocationOption>)
    (options=..., aalloc=<optimized out>, this=0x7ffeeaeb2798)
    at /usr/include/c++/11/bits/atomic_base.h:385
#1  QVector<KWin::DrmConnectorMode*>::detach() (this=0x7ffeeaeb2798)
    at /usr/include/qt5/QtCore/qvector.h:405
#2  QVector<KWin::DrmConnectorMode*>::detach() (this=0x7ffeeaeb2798)
    at /usr/include/qt5/QtCore/qvector.h:397
#3  QVector<KWin::DrmConnectorMode*>::data() (this=0x7ffeeaeb2798)
    at /usr/include/qt5/QtCore/qvector.h:134
#4  QVector<KWin::DrmConnectorMode*>::operator[](int) (i=-652783056, this=0x7ffeeaeb2798)
    at /usr/include/qt5/QtCore/qvector.h:458
#5  KWin::DrmOutput::getModes() const (this=<optimized out>)
    at /home/nate/kde/src/kwin/src/backends/drm/drm_output.cpp:190
#6  0x00007fcbc6768fa3 in KWin::DrmOutput::DrmOutput(KWin::DrmPipeline*) (this=
    0x71, pipeline=<optimized out>) at /home/nate/kde/src/kwin/src/backends/drm/drm_output.cpp:58
#7  0x00007fcbc67751cf in QTypedArrayData<unsigned long>::deallocate(QArrayData*)
    (data=<optimized out>) at /usr/include/qt5/QtCore/qarraydata.h:239
#8  QVector<unsigned long>::freeData(QTypedArrayData<unsigned long>*)
    (x=<optimized out>, this=<optimized out>) at /usr/include/qt5/QtCore/qvector.h:579
#9  QVector<unsigned long>::~QVector() (this=<optimized out>, __in_chrg=<optimized out>)
    at /usr/include/qt5/QtCore/qvector.h:73
#10 QVector<unsigned long>::~QVector() (this=0x20, __in_chrg=<optimized out>)
    at /usr/include/qt5/QtCore/qvector.h:73
#11 QMapNodeBase::callDestructorIfNecessary<QVector<unsigned long> >(QVector<unsigned long>&)
    (t=...) at /usr/include/qt5/QtCore/qmap.h:100
#12 QMapNode<unsigned int, QVector<unsigned long> >::destroySubTree() (this=0x0)
    at /usr/include/qt5/QtCore/qmap.h:125
#13 QMapNode<unsigned int, QVector<unsigned long> >::doDestroySubTree(std::integral_constant<bool, true>) (this=<optimized out>) at /usr/include/qt5/QtCore/qmap.h:139
#14 QMapNode<unsigned int, QVector<unsigned long> >::destroySubTree() (this=<optimized out>)
    at /usr/include/qt5/QtCore/qmap.h:126
#15 QMapNode<unsigned int, QVector<unsigned long> >::doDestroySubTree(std::integral_constant<bool, true>) (this=<optimized out>) at /usr/include/qt5/QtCore/qmap.h:137
#16 QMapNode<unsigned int, QVector<unsigned long> >::destroySubTree() (this=<optimized out>)
    at /usr/include/qt5/QtCore/qmap.h:126
#17 QMapData<unsigned int, QVector<unsigned long> >::destroy() (this=0x12d8e60)
    at /usr/include/qt5/QtCore/qmap.h:249
#18 QMap<unsigned int, QVector<unsigned long> >::~QMap() (this=0x7, __in_chrg=<optimized out>)
    at /usr/include/qt5/QtCore/qmap.h:338
#19 KWin::DrmGpu::isFormatSupported(unsigned int) const (this=<optimized out>, drmFormat=20455624)
    at /home/nate/kde/src/kwin/src/backends/drm/drm_gpu.cpp:602
Comment 1 Zamundaaa 2022-01-14 16:46:59 UTC 
Thanks for reminding me that that method can be completely removed now :)

Anyways, that looks like there's some deeper issue, with invalid memory accesses - that backtrace doesn't make any sense otherwise. The other half of the backtrace would be interesting.
Comment 2 Nate Graham 2022-01-14 16:51:26 UTC 
That was the whole thing. Is there anything else I can get?
Comment 3 Zamundaaa 2022-01-14 17:43:28 UTC 
You can maybe check the journalctl for any possible logging that happened before the crash... but if you can't reproduce it, that's all you can do. If you can reproduce it then you could attach gdb over ssh before it crashes and get a proper backtrace that way
Comment 4 Zamundaaa 2022-01-18 11:31:18 UTC 
I think https://invent.kde.org/plasma/kwin/-/merge_requests/1905 may also fix this / the same bug caused this. Invalid memory accesses can do all sorts of weird stuff.
Comment 5 Nate Graham 2022-01-18 20:57:07 UTC 
OK, let me give it a try!
Comment 6 Nate Graham 2022-01-18 21:16:14 UTC 
Yep, that fixes it!
Comment 7 Nate Graham 2022-01-18 21:36:36 UTC 
Git commit e0a8fa778e3dce508695155c7d5a9a1e0bddd9f8 by Nate Graham, on behalf of Xaver Hugl.
Committed on 18/01/2022 at 21:36.
Pushed by ngraham into branch 'master'.

backends/drm: fix output changes with the placeholder output

As the placeholder output gets added or removed in response to other outputs
getting enabled or disabled, the output list may change while iterating over
them and applying changes.
Related: bug 448454, bug 448697
FIXED-IN: 5.24

M  +7    -3    src/backends/drm/drm_backend.cpp

https://invent.kde.org/plasma/kwin/commit/e0a8fa778e3dce508695155c7d5a9a1e0bddd9f8
Comment 8 Nate Graham 2022-01-18 21:37:57 UTC 
Git commit 24dc3abe918cde9007e19c4351e5778480f5bb75 by Nate Graham, on behalf of Xaver Hugl.
Committed on 18/01/2022 at 21:37.
Pushed by ngraham into branch 'Plasma/5.24'.

backends/drm: fix output changes with the placeholder output

As the placeholder output gets added or removed in response to other outputs
getting enabled or disabled, the output list may change while iterating over
them and applying changes.
Related: bug 448454, bug 448697
FIXED-IN: 5.24


(cherry picked from commit e0a8fa778e3dce508695155c7d5a9a1e0bddd9f8)

M  +7    -3    src/backends/drm/drm_backend.cpp

https://invent.kde.org/plasma/kwin/commit/24dc3abe918cde9007e19c4351e5778480f5bb75