453042 – kwin_wayland segfaults in KWaylandServer::OutputDeviceModeV2Interface::size() when external usb-c monitors reconnect from power saving state

Bug 453042 - kwin_wayland segfaults in KWaylandServer::OutputDeviceModeV2Interface::size() when external usb-c monitors reconnect from power saving state

Summary: kwin_wayland segfaults in KWaylandServer::OutputDeviceModeV2Interface::size()...

Status:	RESOLVED FIXED

Alias:	None

Product:	kwin
Classification:	Plasma
Component:	wayland-generic (show other bugs)
Version:	5.24.4
Platform:	Other Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	KWin default assignee

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-04-26 10:37 UTC by Andrew Rembrandt
Modified:	2022-04-29 18:40 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:	https://invent.kde.org/plasma/kwayland-server/commit/90e2d2ba41618a53dfaacee7c0d2545cc02a9c40
Version Fixed In:	5.24.5

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Rembrandt 2022-04-26 10:37:18 UTC

SUMMARY
Two external monitors connected via usb-c to laptop (all 3 displays enabled), external monitors entered a power saving state / perhaps the lock screen (can't quite remember if the lock screen was shown), and woke the device with input followed by a kwin_wayland crash a few seconds later.

Backtrace with debug symbols loaded:
#0  KWaylandServer::OutputDeviceModeV2Interface::size() const (this=this@entry=0x0) at /usr/include/qt/QtCore/qscopedpointer.h:116
#1  0x00007f69b669fb05 in KWaylandServer::OutputConfigurationV2InterfacePrivate::kde_output_configuration_v2_mode(QtWaylandServer::kde_output_configuration_v2::Resource*, wl_resource*, wl_resource*) (this=0x5564409632f0, resource=<optimized out>, outputdevice=<optimized out>, modeResource=<optimized out>)
    at /usr/src/debug/kwayland-server-5.24.4/src/server/outputconfiguration_v2_interface.cpp:68
#2  0x00007f69b26c7536 in ffi_call_unix64 () at ../src/x86/unix64.S:105
#3  0x00007f69b26c4037 in ffi_call_int (cif=<optimized out>, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>, closure=<optimized out>) at ../src/x86/ffi64.c:672
#4  0x00007f69b38fdaf2 in wl_closure_invoke (closure=closure@entry=0x5564422823a0, target=<optimized out>, target@entry=0x5564426ad8d0, opcode=opcode@entry=1, data=<optimized out>, data@entry=0x556441c17b70, flags=<optimized out>) at ../wayland-1.20.0/src/connection.c:1025
#5  0x00007f69b3901e14 in wl_client_connection_data (fd=<optimized out>, mask=<optimized out>, data=0x556441c17b70) at ../wayland-1.20.0/src/wayland-server.c:437
#6  0x00007f69b390084a in wl_event_loop_dispatch (loop=0x556440587850, timeout=<optimized out>) at ../wayland-1.20.0/src/event-loop.c:1027
#7  0x00007f69b6689b7b in KWaylandServer::Display::dispatchEvents() (this=<optimized out>) at /usr/src/debug/kwayland-server-5.24.4/src/server/display.cpp:114
#8  0x00007f69b497a463 in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0x7ffcacbee420, r=<optimized out>, this=0x5564405a1f30, this=<optimized out>, r=<optimized out>, a=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#9  doActivate<false>(QObject*, int, void**) (sender=0x5564409e65d0, signal_index=3, argv=0x7ffcacbee420) at kernel/qobject.cpp:3886
#10 0x00007f69b497c4e4 in QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) (this=this@entry=0x5564409e65d0, _t1=..., _t2=<optimized out>, _t3=...) at .moc/moc_qsocketnotifier.cpp:178
#11 0x00007f69b497cfaf in QSocketNotifier::event(QEvent*) (this=0x5564409e65d0, e=<optimized out>) at kernel/qsocketnotifier.cpp:302
#12 0x00007f69b54082c6 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x5564409e65d0, e=0x7ffcacbee560) at kernel/qapplication.cpp:3637
#13 0x00007f69b49495aa in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x5564409e65d0, event=0x7ffcacbee560) at kernel/qcoreapplication.cpp:1064
#14 0x00007f69b4994214 in QEventDispatcherUNIXPrivate::activateSocketNotifiers() (this=0x55644051b0c0) at kernel/qeventdispatcher_unix.cpp:304
#15 0x00007f69b4995185 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=...) at kernel/qeventdispatcher_unix.cpp:511
#16 0x000055643f87b7e2 in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#17 0x00007f69b494188b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7ffcacbee6f0, flags=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#18 0x00007f69b494cfd7 in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#19 0x00007f69b4d1a1d2 in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1867
#20 0x00007f69b540664a in QApplication::exec() () at kernel/qapplication.cpp:2829
#21 0x000055643f78a32a in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kwin-5.24.4/src/main_wayland.cpp:727

Relevant dmesg output:
[31822.501372] usb 1-5: USB disconnect, device number 7
[31822.501377] usb 1-5.1: USB disconnect, device number 10
[31822.504070] usb 1-5.4: USB disconnect, device number 11
[31822.504189] ti_usb_3410_5052_1 ttyUSB1: TI USB 3410 1 port adapter converter now disconnected from ttyUSB1
[31822.504208] ti_usb_3410_5052 1-5.4:2.0: device disconnected
[31822.514601] audit: type=1131 audit(1650963725.077:1190): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=hid-recorder comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[31822.613446] usb 1-2: USB disconnect, device number 6
[31822.613450] usb 1-2.4: USB disconnect, device number 8
[31822.613596] ti_usb_3410_5052_1 ttyUSB0: TI USB 3410 1 port adapter converter now disconnected from ttyUSB0
[31822.613610] ti_usb_3410_5052 1-2.4:2.0: device disconnected
[31822.870412] usb 1-2: new high-speed USB device number 13 using xhci_hcd
[31822.998094] usb 1-2: New USB device found, idVendor=0451, idProduct=8142, bcdDevice= 1.00
[31822.998097] usb 1-2: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[31822.998098] usb 1-2: SerialNumber: B30208498DF3
[31822.998709] hub 1-2:1.0: USB hub found
[31822.998725] hub 1-2:1.0: 4 ports detected
[31823.222632] usb 1-5: new high-speed USB device number 14 using xhci_hcd
[31823.348678] usb 1-5: New USB device found, idVendor=0451, idProduct=8142, bcdDevice= 1.00
[31823.348681] usb 1-5: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[31823.348682] usb 1-5: SerialNumber: EF09084901C3
[31823.349357] hub 1-5:1.0: USB hub found
[31823.349373] hub 1-5:1.0: 4 ports detected
[31823.412624] usb 1-2.4: new full-speed USB device number 15 using xhci_hcd
[31823.535757] usb 1-2.4: New USB device found, idVendor=0451, idProduct=3410, bcdDevice= 1.01
[31823.535772] usb 1-2.4: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[31823.535773] usb 1-2.4: Product: TUSB3410 EECode Ser 
[31823.535774] usb 1-2.4: Manufacturer: Texas Instruments
[31823.535775] usb 1-2.4: SerialNumber: 00105330
[31823.540410] ti_usb_3410_5052 1-2.4:1.0: TI USB 3410 1 port adapter converter detected
[31823.549096] ti_usb_3410_5052 1-2.4:2.0: TI USB 3410 1 port adapter converter detected
[31823.549195] usb 1-2.4: TI USB 3410 1 port adapter converter now attached to ttyUSB0
[31823.623670] usb 1-5.1: new full-speed USB device number 16 using xhci_hcd
[31823.751205] usb 1-5.1: New USB device found, idVendor=0451, idProduct=3421, bcdDevice= 1.00
[31823.751208] usb 1-5.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[31823.751209] usb 1-5.1: Product: Texas Instruments USB Billboard Device
[31823.751210] usb 1-5.1: Manufacturer: Texas Instruments Inc.
[31823.751210] usb 1-5.1: SerialNumber: 28FF5CF903080F42
[31823.786394] hid-generic 0003:0451:3421.001A: hiddev96,hidraw0: USB HID v1.11 Device [Texas Instruments Inc. Texas Instruments USB Billboard Device] on usb-0000:00:14.0-5.1/input1
[31823.850859] usb 1-5.4: new full-speed USB device number 17 using xhci_hcd
[31823.975050] usb 1-5.4: New USB device found, idVendor=0451, idProduct=3410, bcdDevice= 1.01
[31823.975054] usb 1-5.4: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[31823.975055] usb 1-5.4: Product: TUSB3410 EECode Ser 
[31823.975056] usb 1-5.4: Manufacturer: Texas Instruments
[31823.975056] usb 1-5.4: SerialNumber: 00000003
[31823.979809] ti_usb_3410_5052 1-5.4:1.0: TI USB 3410 1 port adapter converter detected
[31823.990185] ti_usb_3410_5052 1-5.4:2.0: TI USB 3410 1 port adapter converter detected
[31823.990281] usb 1-5.4: TI USB 3410 1 port adapter converter now attached to ttyUSB1
libKWaylandServer.so.5.24.4[7f69b666c000+a8000]
[31827.426350] Code: 50 58 44 89 60 60 89 68 64 48 89 43 10 48 83 c4 08 5b 5d 41 5c 41 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa <48> 8b 47 10 48 8b 40 58 c3 90 66 90 f3 0f 1e fa 48 8b 47 10 48 8b
[31827.426396] audit: type=1701 audit(1650963729.988:1192): auid=1000 uid=1000 gid=1000 ses=1 pid=1705 comm="kwin_wayland" exe="/usr/bin/kwin_wayland" sig=11 res=1
[31827.455780] audit: type=1334 audit(1650963730.018:1193): prog-id=150 op=LOAD
[31827.455870] audit: type=1334 audit(1650963730.018:1194): prog-id=151 op=LOAD
[31827.455903] audit: type=1334 audit(1650963730.018:1195): prog-id=152 op=LOAD
[31827.456961] audit: type=1130 audit(1650963730.019:1196): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@0-207761-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[31828.639128] audit: type=1131 audit(1650963731.201:1197): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@0-207761-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

STEPS TO REPRODUCE
Definitely not 100% reproducible
1. Connect 2 external usb-c monitors (to separate usb-c ports on the laptop)
2. Wait for monitors to enter power saving states
3. Mouse the mouse / press a key
4. Crash occurs within a few seconds

OBSERVED RESULT
kwin_wayland crashed & restarted

EXPECTED RESULT
Not crashing / handling monitor devices being refreshed in the kernel?

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Arch Linux
KDE Plasma Version: 5.24.4
KDE Frameworks Version: 5.93.0
Qt Version: 5.15.3
Kernel Version: 5.17.4-zen1 (64bit)

ADDITIONAL INFORMATION
Laptop: Thinkpad P15s Gen 1

Comment 1 Andrew Rembrandt 2022-04-26 10:38:54 UTC

Happy to provide full backtrace, coredump file etc

Comment 2 Andrew Rembrandt 2022-04-29 10:54:46 UTC

Also, just had this exact same crash when connecting a new external monitor (via usb-c) that didn't appear to be in a power saving state (I had just turned it on).

Comment 3 Zamundaaa 2022-04-29 18:28:34 UTC

Git commit aa432e59473762862c8d17d92888de1bc221ab94 by Xaver Hugl.
Committed on 29/04/2022 at 17:38.
Pushed by zamundaaa into branch 'master'.

outputconfigurationinterface: don't crash if mode is invalid

When the client makes the request, the compositor may have already
destroyed the mode object.
FIXED-IN: 5.24.5

M  +3    -0    src/wayland/outputconfiguration_v2_interface.cpp

https://invent.kde.org/plasma/kwin/commit/aa432e59473762862c8d17d92888de1bc221ab94

Comment 4 Zamundaaa 2022-04-29 18:40:16 UTC

Git commit 90e2d2ba41618a53dfaacee7c0d2545cc02a9c40 by Xaver Hugl.
Committed on 29/04/2022 at 18:39.
Pushed by zamundaaa into branch 'Plasma/5.24'.

outputconfigurationinterface: don't crash if mode is invalid

When the client issues the request, the compositor may have already destroyed
the mode object.
FIXED-IN: 5.24.5

M  +3    -0    src/server/outputconfiguration_v2_interface.cpp

https://invent.kde.org/plasma/kwayland-server/commit/90e2d2ba41618a53dfaacee7c0d2545cc02a9c40