477325 – KWin Crash in KWin::OutputInterface::handle() after closing and opening laptop lid

Bug 477325 - KWin Crash in KWin::OutputInterface::handle() after closing and opening laptop lid

Summary: KWin Crash in KWin::OutputInterface::handle() after closing and opening lapto...

Status:	RESOLVED FIXED

Alias:	None

Product:	kwin
Classification:	Plasma
Component:	general (show other bugs)
Version:	master
Platform:	Other Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	KWin default assignee

URL:
Keywords:	qt6

Depends on:
Blocks:

Reported:	2023-11-21 12:18 UTC by Bharadwaj Raju
Modified:	2023-11-27 06:41 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Bharadwaj Raju 2023-11-21 12:18:39 UTC

BACKTRACE
#0  0x00007fd52e41bd7c in QWeakPointer<QObject>::internalData() const (this=0xc9) at /usr/include/qt6/QtCore/qsharedpointer_impl.h:704
#1  0x00007fd52e6a1cdc in QPointer<KWin::Output>::data() const (this=0xc9) at /usr/include/qt6/QtCore/qpointer.h:64
#2  0x00007fd52e6a14f4 in QPointer<KWin::Output>::operator KWin::Output*() const (this=0xc9) at /usr/include/qt6/QtCore/qpointer.h:72
#3  0x00007fd52ea4b3b4 in KWin::OutputInterface::handle() const (this=0x37249f0) at /home/bharadwaj/kde/src/kwin/src/wayland/output.cpp:265
#4  0x00007fd52eac8d12 in KWin::SurfaceInterface::takePresentationFeedback(KWin::Output*) (this=0x40b8b10, output=0x263db00)
    at /home/bharadwaj/kde/src/kwin/src/wayland/surface.cpp:474
#5  0x00007fd52e6da384 in operator()(KWin::SurfaceInterface*) const (__closure=0x29b4ed0, surface=0x40b8b10)
    at /home/bharadwaj/kde/src/kwin/src/scene/workspacescene.cpp:206
#6  0x00007fd52e6dcd60 in std::__invoke_impl<void, KWin::WorkspaceScene::frame(KWin::SceneDelegate*, KWin::OutputFrame*)::<lambda(KWin::SurfaceInterface*)>&, KWin::SurfaceInterface*>(std::__invoke_other, struct {...} &) (__f=...) at /usr/include/c++/13/bits/invoke.h:61
#7  0x00007fd52e6dc8db in std::__invoke_r<void, KWin::WorkspaceScene::frame(KWin::SceneDelegate*, KWin::OutputFrame*)::<lambda(KWin::SurfaceInterface*)>&, KWin::SurfaceInterface*>(struct {...} &) (__fn=...) at /usr/include/c++/13/bits/invoke.h:111
#8  0x00007fd52e6dc5c3 in std::_Function_handler<void(KWin::SurfaceInterface*), KWin::WorkspaceScene::frame(KWin::SceneDelegate*, KWin::OutputFrame*)::<lambda(KWin::SurfaceInterface*)> >::_M_invoke(const std::_Any_data &, KWin::SurfaceInterface *&&) (__functor=..., __args#0=@0x7ffd763b51f0: 0x40b8b10)
    at /usr/include/c++/13/bits/std_function.h:290
#9  0x00007fd52ead2f93 in std::function<void (KWin::SurfaceInterface*)>::operator()(KWin::SurfaceInterface*) const (this=0x7ffd763b5330, __args#0=0x40b8b10)
    at /usr/include/c++/13/bits/std_function.h:591
#10 0x00007fd52eacd707 in KWin::SurfaceInterface::traverseTree(std::function<void (KWin::SurfaceInterface*)>) (this=0x40b8b10, callback=...)
    at /home/bharadwaj/kde/src/kwin/src/wayland/surface.cpp:1244
#11 0x00007fd52e6da613 in KWin::WorkspaceScene::frame(KWin::SceneDelegate*, KWin::OutputFrame*) (this=0x257f930, delegate=0x42b4110, frame=0x3db89c0)
    at /home/bharadwaj/kde/src/kwin/src/scene/workspacescene.cpp:204
#12 0x00007fd52e6c0e6b in KWin::SceneDelegate::frame(KWin::OutputFrame*) (this=0x42b4110, frame=0x3db89c0) at /home/bharadwaj/kde/src/kwin/src/scene/scene.cpp:49
#13 0x00007fd52e3cd064 in KWin::Compositor::framePass(KWin::RenderLayer*, KWin::OutputFrame*) (this=0x251d0a0, layer=0x263e380, frame=0x3db89c0)
    at /home/bharadwaj/kde/src/kwin/src/compositor.cpp:215
#14 0x00007fd52e3ccf19 in KWin::Compositor::composite(KWin::RenderLoop*) (this=0x251d0a0, renderLoop=0x25ea010) at /home/bharadwaj/kde/src/kwin/src/compositor.cpp:197
#15 0x00007fd52e3cc7fe in KWin::Compositor::handleFrameRequested(KWin::RenderLoop*) (this=0x251d0a0, renderLoop=0x25ea010)
    at /home/bharadwaj/kde/src/kwin/src/compositor.cpp:129
#16 0x00007fd52e3d4351 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<KWin::RenderLoop*>, void, void (KWin::Compositor::*)(KWin::RenderLoop*)>::call(void (KWin::Compositor::*)(KWin::RenderLoop*), KWin::Compositor*, void**)
    (f=(void (KWin::Compositor::*)(KWin::Compositor * const, KWin::RenderLoop *)) 0x7fd52e3cc7ce <KWin::Compositor::handleFrameRequested(KWin::RenderLoop*)>, o=0x251d0a0, arg=0x7ffd763b5970) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:145
#17 0x00007fd52e3d37b6 in QtPrivate::FunctionPointer<void (KWin::Compositor::*)(KWin::RenderLoop*)>::call<QtPrivate::List<KWin::RenderLoop*>, void>(void (KWin::Compositor::*)(KWin::RenderLoop*), KWin::Compositor*, void**)
    (f=(void (KWin::Compositor::*)(KWin::Compositor * const, KWin::RenderLoop *)) 0x7fd52e3cc7ce <KWin::Compositor::handleFrameRequested(KWin::RenderLoop*)>, o=0x251d0a0, arg=0x7ffd763b5970) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:182
--Type <RET> for more, q to quit, c to continue without paging--
#18 0x00007fd52e3d244f in QtPrivate::QCallableObject<void (KWin::Compositor::*)(KWin::RenderLoop*), QtPrivate::List<KWin::RenderLoop*>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (which=1, this_=0x3659bf0, r=0x251d0a0, a=0x7ffd763b5970, ret=0x0) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:520
#19 0x00007fd52aa02051 in void doActivate<false>(QObject*, int, void**) () at /lib64/libQt6Core.so.6
#20 0x00007fd52e41efa3 in KWin::RenderLoop::frameRequested(KWin::RenderLoop*) (this=0x25ea010, _t1=0x25ea010)
    at /home/bharadwaj/kde/build/kwin/src/kwin_autogen/include/moc_renderloop.cpp:279
#21 0x00007fd52e41e56b in KWin::RenderLoopPrivate::dispatch() (this=0x275a1d0) at /home/bharadwaj/kde/src/kwin/src/core/renderloop.cpp:135
#22 0x00007fd52e41df0b in operator()() const (__closure=0x2613a10) at /home/bharadwaj/kde/src/kwin/src/core/renderloop.cpp:34
#23 0x00007fd52e41f284 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, KWin::RenderLoopPrivate::RenderLoopPrivate(KWin::RenderLoop*)::<lambda()> >::call(struct {...} &, void **) (f=..., arg=0x7ffd763b5b70) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:137
#24 0x00007fd52e41f265 in QtPrivate::Functor<KWin::RenderLoopPrivate::RenderLoopPrivate(KWin::RenderLoop*)::<lambda()>, 0>::call<QtPrivate::List<>, void>(struct {...} &, void *, void **) (f=..., arg=0x7ffd763b5b70) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:339
#25 0x00007fd52e41f21c in QtPrivate::QCallableObject<KWin::RenderLoopPrivate::RenderLoopPrivate(KWin::RenderLoop*)::<lambda()>, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=1, this_=0x2613a00, r=0x25ea010, a=0x7ffd763b5b70, ret=0x0)
    at /usr/include/qt6/QtCore/qobjectdefs_impl.h:522
#26 0x00007fd52aa02051 in void doActivate<false>(QObject*, int, void**) () at /lib64/libQt6Core.so.6
#27 0x00007fd52aa111cd in QTimer::timeout(QTimer::QPrivateSignal) () at /lib64/libQt6Core.so.6
#28 0x00007fd52a9f35cf in QObject::event(QEvent*) () at /lib64/libQt6Core.so.6
#29 0x00007fd52bdc2b38 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /lib64/libQt6Widgets.so.6
#30 0x00007fd52a9a0be8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /lib64/libQt6Core.so.6
#31 0x00007fd52ab22b4b in QTimerInfoList::activateTimers() () at /lib64/libQt6Core.so.6
#32 0x00007fd52ab1facd in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /lib64/libQt6Core.so.6
#33 0x00007fd52b73fa82 in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /lib64/libQt6Gui.so.6
#34 0x00007fd52a9ad9fb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /lib64/libQt6Core.so.6
#35 0x00007fd52a9a97fd in QCoreApplication::exec() () at /lib64/libQt6Core.so.6
#36 0x00000000004a0374 in main(int, char**) (argc=14, argv=0x7ffd763b7b18) at /home/bharadwaj/kde/src/kwin/src/main_wayland.cpp:606


STEPS TO REPRODUCE
1. Close, wait, then open laptop lid

SOFTWARE/OS VERSIONS
Operating System: Fedora Linux 39
KDE Plasma Version: 5.81.0
KDE Frameworks Version: 5.245.0
Qt Version: 6.6.0
Kernel Version: 6.5.11-300.fc39.x86_64 (64-bit)
Graphics Platform: Wayland
Processors: 12 × AMD Ryzen 5 5625U with Radeon Graphics
Memory: 7.1 GiB of RAM
Graphics Processor: AMD Radeon Graphics

ADDITIONAL INFORMATION
In KWin::SurfaceInterface::takePresentationFeedback, neither output nor d->primaryOutput are nullptrs, yet memory accesses on them are invalid. Possibly we're deleting them somewhere but not setting them to nullptr?

Comment 1 Bharadwaj Raju 2023-11-21 13:33:23 UTC

> In KWin::SurfaceInterface::takePresentationFeedback, neither output nor d->primaryOutput are nullptrs, yet memory accesses on them are invalid. Possibly we're deleting them somewhere but not setting them to nullptr?

Trying to call d->primaryOutput->isRemoved() also segfaults

Comment 2 Vlad Zahorodnii 2023-11-22 09:35:34 UTC

What if primaryOutput is wrapped in a QPointer, i.e.

OutputInterface *primaryOutput = nullptr; -> QPointer<OutputInterface> primaryOutput;

Comment 3 Bug Janitor Service 2023-11-22 09:41:15 UTC

A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/4689

Comment 4 Vlad Zahorodnii 2023-11-22 14:53:30 UTC

Git commit a01a11fc35e32a3719edc91e98e11b6e60d6509f by Vlad Zahorodnii.
Committed on 22/11/2023 at 15:42.
Pushed by vladz into branch 'master'.

wayland: Reset SurfaceInterface::primaryOutput when the output is removed

M  +1    -1    src/wayland/surface_p.h

https://invent.kde.org/plasma/kwin/-/commit/a01a11fc35e32a3719edc91e98e11b6e60d6509f

Comment 5 Nate Graham 2023-11-27 02:13:37 UTC

Did that fix it for you, Bharadwaj?

Comment 6 Bharadwaj Raju 2023-11-27 06:41:22 UTC

Yeah, I haven't had a crash since.