Bug 479558 - krfb-virtualmonitor causes kwin_wayland to crash
Summary: krfb-virtualmonitor causes kwin_wayland to crash
Status: RESOLVED FIXED
Alias: None
Product: kwin
Classification: Plasma
Component: wayland-generic (show other bugs)
Version: git master
Platform: Compiled Sources Linux
: NOR crash
Target Milestone: ---
Assignee: KWin default assignee
URL:
Keywords: qt6
Depends on:
Blocks:
 
Reported: 2024-01-09 00:47 UTC by hexchain
Modified: 2024-04-14 04:04 UTC (History)
3 users (show)

See Also:
Latest Commit: https://invent.kde.org/plasma/kwin/-/commit/05de026fd2019f7e2ad380c169c7097d26b71e1c
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description hexchain 2024-01-09 00:47:40 UTC 
SUMMARY
Launching krfb-virtualmonitor causes kwin_wayland to crash. This is similar to 475296 but the backtrace looks very different, hence opening another bug.

STEPS TO REPRODUCE
Launch krfb-virtualmonitor, e.g.: krfb-virtualmonitor --name test --scale 1 --port 9876 --password 12345678 --resolution 1920x1080

OBSERVED RESULT
krfb-virtualmonitor crashes first and takes kwin_wayland along with it.

Backtrace for KWin:

#0  KWin::ClientConnection::client() const (this=0x563b91c21d00) at /home/hexchain/kde/src/kwin/src/wayland/clientconnection.cpp:119
#1  0x00007f96a8722087 in KWin::Display::getConnection(wl_client*)::$_0::operator()(KWin::ClientConnection*) const (c=0x563b91c21d00, this=<optimized out>) at /home/hexchain/kde/src/kwin/src/wayland/display.cpp:203
#2  __gnu_cxx::__ops::_Iter_pred<KWin::Display::getConnection(wl_client*)::$_0>::operator()<QList<KWin::ClientConnection*>::const_iterator>(QList<KWin::ClientConnection*>::const_iterator) (__it=..., this=<optimized out>) at /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/predefined_ops.h:318
#3  std::__find_if<QList<KWin::ClientConnection*>::const_iterator, __gnu_cxx::__ops::_Iter_pred<KWin::Display::getConnection(wl_client*)::$_0> >(QList<KWin::ClientConnection*>::const_iterator, QList<KWin::ClientConnection*>::const_iterator, __gnu_cxx::__ops::_Iter_pred<KWin::Display::getConnection(wl_client*)::$_0>, std::random_access_iterator_tag)
    (__first=..., __last=..., __pred=...) at /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_algobase.h:2102
#4  std::__find_if<QList<KWin::ClientConnection*>::const_iterator, __gnu_cxx::__ops::_Iter_pred<KWin::Display::getConnection(wl_client*)::$_0> >(QList<KWin::ClientConnection*>::const_iterator, QList<KWin::ClientConnection*>::const_iterator, __gnu_cxx::__ops::_Iter_pred<KWin::Display::getConnection(wl_client*)::$_0>) (__first=..., __last=..., __pred=...)
    at /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_algobase.h:2117
#5  std::find_if<QList<KWin::ClientConnection*>::const_iterator, KWin::Display::getConnection(wl_client*)::$_0>(QList<KWin::ClientConnection*>::const_iterator, QList<KWin::ClientConnection*>::const_iterator, KWin::Display::getConnection(wl_client*)::$_0) (__first=..., __last=..., __pred=...)
    at /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_algo.h:3923
#6  KWin::Display::getConnection(wl_client*) (this=0x563b90632510, client=0x563b917ac260) at /home/hexchain/kde/src/kwin/src/wayland/display.cpp:202
#7  0x00007f96a872aafd in KWin::FilteredDisplayPrivate::globalFilterCallback(wl_client const*, wl_global const*, void*) (client=0x563b917ac260, global=0x563b9063d4d0, data=0x563b90632610) at /home/hexchain/kde/src/kwin/src/wayland/filtered_display.cpp:24
#8  0x00007f96a756486c in wl_global_is_visible (global=0x563b9063d4d0, client=0x563b917ac260) at ../../src/wayland/src/wayland-server.c:952
#9  display_get_registry (client=0x563b917ac260, resource=<optimized out>, id=<optimized out>) at ../../src/wayland/src/wayland-server.c:1046
#10 0x00007f96a3f534f6 in ffi_call_unix64 () at ../src/x86/unix64.S:104
#11 0x00007f96a3f4ff5e in ffi_call_int (cif=cif@entry=0x7ffd40a7c860, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>, closure=closure@entry=0x0) at ../src/x86/ffi64.c:673
#12 0x00007f96a3f52b73 in ffi_call (cif=cif@entry=0x7ffd40a7c860, fn=<optimized out>, rvalue=rvalue@entry=0x0, avalue=avalue@entry=0x7ffd40a7c930) at ../src/x86/ffi64.c:710
#13 0x00007f96a7568923 in wl_closure_invoke (closure=0x563b91d24dd0, flags=<optimized out>, target=<optimized out>, opcode=1, data=<optimized out>) at ../../src/wayland/src/connection.c:1031
#14 0x00007f96a75636bc in wl_client_connection_data (fd=<optimized out>, mask=<optimized out>, data=0x563b917ac260) at ../../src/wayland/src/wayland-server.c:438
#15 0x00007f96a7566732 in wl_event_loop_dispatch (loop=0x563b9066dda0, timeout=<optimized out>) at ../../src/wayland/src/event-loop.c:1104
#16 0x00007f96a8721b19 in KWin::Display::dispatchEvents() (this=<optimized out>) at /home/hexchain/kde/src/kwin/src/wayland/display.cpp:117
#17 0x00007f96a57beaa9 in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0x7ffd40a7cf00, r=0x563b90632510, this=0x563b90c85280, this=<optimized out>, r=<optimized out>, a=<optimized out>) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta1/src/corelib/kernel/qobjectdefs_impl.h:469
#18 doActivate<false>(QObject*, int, void**) (sender=0x563b90ad18c0, signal_index=3, argv=0x7ffd40a7cf00) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta1/src/corelib/kernel/qobject.cpp:4044
#19 0x00007f96a57c7a2a in QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) (_t3=..., _t2=<optimized out>, _t1=..., this=0x563b90ad18c0) at /usr/src/debug/qt6-base/build/src/corelib/Core_autogen/include/moc_qsocketnotifier.cpp:193
#20 QSocketNotifier::event(QEvent*) (this=0x563b90ad18c0, e=0x7ffd40a7d010) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta1/src/corelib/kernel/qsocketnotifier.cpp:327
#21 0x00007f96a697bf4b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x563b90ad18c0, e=0x7ffd40a7d010) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta1/src/widgets/kernel/qapplication.cpp:3290
#22 0x00007f96a5765488 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x563b90ad18c0, event=0x7ffd40a7d010) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta1/src/corelib/kernel/qcoreapplication.cpp:1134
#23 0x00007f96a58d3439 in QCoreApplication::sendEvent(QObject*, QEvent*) (event=0x7ffd40a7d010, receiver=<optimized out>) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta1/src/corelib/kernel/qcoreapplication.cpp:1575
#24 QEventDispatcherUNIXPrivate::activateSocketNotifiers() (this=0x563b90583050) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta1/src/corelib/kernel/qeventdispatcher_unix.cpp:251
#25 0x00007f96a58d938b in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=..., flags@entry=...) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta1/src/corelib/kernel/qeventdispatcher_unix.cpp:467
#26 0x00007f96a63f2ce2 in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=...) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta1/src/gui/platform/unix/qunixeventdispatcher.cpp:27
#27 0x00007f96a576d67e in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (flags=..., this=0x7ffd40a7d1e0) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta1/src/corelib/kernel/qeventloop.cpp:100
#28 QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7ffd40a7d1e0, flags=...) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta1/src/corelib/kernel/qeventloop.cpp:182
#29 0x00007f96a57690b8 in QCoreApplication::exec() () at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta1/src/corelib/global/qflags.h:74
#30 0x0000563b8f9016e5 in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at /home/hexchain/kde/src/kwin/src/main_wayland.cpp:609

EXPECTED RESULT
kwin_wayland should not crash (IMHO even when the client is misbehaving).

SOFTWARE/OS VERSIONS
Operating System: Arch Linux 
KDE Plasma Version: 5.91.90
KDE Frameworks Version: 5.248.0
Qt Version: 6.7.0
KWin e2878e912affcc8f36b07f113e015ae6e3cd942c
PipeWire 1.0.0
Comment 1 Bug Janitor Service 2024-01-15 14:04:00 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/4929
Comment 2 Vlad Zahorodnii 2024-01-15 14:06:45 UTC 
> This is similar to 475296 but the backtrace looks very different, hence opening another bug.

I don't see how kwin can possibly crash in that wayland specific code. I think what happens is that dereferencing a null pointer messes things up in Display or ClientConnection (I saw such similar bugs a few times already). The associated MR should fix the bug. If you're still able to reproduce the crash, reopen the bug report.
Comment 3 Vlad Zahorodnii 2024-01-15 15:25:10 UTC 
Git commit 3b67edf20d7f039371f5ee00bae90c8b66106da3 by Vlad Zahorodnii.
Committed on 15/01/2024 at 16:07.
Pushed by vladz into branch 'master'.

backends/drm: Fix a crash in VirtualEglGbmLayer::texture()

If nothing has been rendered yet, m_currentSlot will be null.
Related: bug 475296

M  +2    -1    src/backends/drm/drm_virtual_egl_layer.cpp

https://invent.kde.org/plasma/kwin/-/commit/3b67edf20d7f039371f5ee00bae90c8b66106da3
Comment 4 Vlad Zahorodnii 2024-01-15 18:09:06 UTC 
Git commit 05de026fd2019f7e2ad380c169c7097d26b71e1c by Vlad Zahorodnii.
Committed on 15/01/2024 at 18:57.
Pushed by vladz into branch 'Plasma/6.0'.

backends/drm: Fix a crash in VirtualEglGbmLayer::texture()

If nothing has been rendered yet, m_currentSlot will be null.
Related: bug 475296
(cherry picked from commit 3b67edf20d7f039371f5ee00bae90c8b66106da3)

M  +2    -1    src/backends/drm/drm_virtual_egl_layer.cpp

https://invent.kde.org/plasma/kwin/-/commit/05de026fd2019f7e2ad380c169c7097d26b71e1c
Comment 5 hexchain 2024-01-16 14:39:42 UTC 
I guess that commit should be a fix for the other bug 475296, not this one?

I can still reproduce this bug (with the same backtrace) in KWin ed339de953.
Comment 6 Vlad Zahorodnii 2024-01-22 12:24:05 UTC 
I see.. This bug report is inactionable then, I don't understand how kwin crash in ClientConnection and I am unable to reproduce the crash.
Comment 7 hexchain 2024-01-22 12:32:24 UTC 
Does krfb-virtualmonitor crash for you?
Comment 8 Vlad Zahorodnii 2024-01-23 11:22:54 UTC 
(In reply to hexchain from comment #7)
> Does krfb-virtualmonitor crash for you?

No
Comment 9 Antti Savolainen 2024-03-27 02:54:02 UTC 
I can still crash kwin-wayland by running 
krfb-virtualmonitor --resolution 1920x1080 --name Virtual --password asd --port 5900
then interupting it with Ctrl+C and running the command again.

#0  0x0000713872841658 in KWin::ClientConnection::client (this=0x5eec17821040) at /usr/include/c++/13.2.1/bits/unique_ptr.h:199
#1  0x000071387284e5ed in operator() (c=<optimized out>, __closure=<synthetic pointer>) at /usr/src/debug/kwin/kwin-6.0.2/src/wayland/display.cpp:204
#2  __gnu_cxx::__ops::_Iter_pred<KWin::Display::getConnection(wl_client*)::<lambda(KWin::ClientConnection*)> >::operator()<QList<KWin::ClientConnection*>::const_iterator> (__it=..., this=<synthetic pointer>) at /usr/include/c++/13.2.1/bits/predefined_ops.h:318
#3  std::__find_if<QList<KWin::ClientConnection*>::const_iterator, __gnu_cxx::__ops::_Iter_pred<KWin::Display::getConnection(wl_client*)::<lambda(KWin::ClientConnection*)> > > (__pred=..., __last=..., __first=...) at /usr/include/c++/13.2.1/bits/stl_algobase.h:2102
#4  std::__find_if<QList<KWin::ClientConnection*>::const_iterator, __gnu_cxx::__ops::_Iter_pred<KWin::Display::getConnection(wl_client*)::<lambda(KWin::ClientConnection*)> > > (__pred=..., __last=..., __first=...) at /usr/include/c++/13.2.1/bits/stl_algobase.h:2117
#5  std::find_if<QList<KWin::ClientConnection*>::const_iterator, KWin::Display::getConnection(wl_client*)::<lambda(KWin::ClientConnection*)> > (__pred=..., __last=..., __first=...) at /usr/include/c++/13.2.1/bits/stl_algo.h:3923
#6  KWin::Display::getConnection (this=0x5eec162bc290, client=0x5eec168d75a0) at /usr/src/debug/kwin/kwin-6.0.2/src/wayland/display.cpp:203
#7  0x000071387285509e in KWin::FilteredDisplayPrivate::globalFilterCallback (client=<optimized out>, global=0x5eec162bd890, data=0x5eec162bc430) at /usr/src/debug/kwin/kwin-6.0.2/src/wayland/filtered_display.cpp:24
#8  0x0000713871507d5c in wl_global_is_visible (global=0x5eec162bd890, client=0x5eec168d75a0) at ../wayland-1.22.0/src/wayland-server.c:952
#9  display_get_registry (client=0x5eec168d75a0, resource=<optimized out>, id=<optimized out>) at ../wayland-1.22.0/src/wayland-server.c:1046
#10 0x000071386e532596 in ffi_call_unix64 () at ../src/x86/unix64.S:104
#11 0x000071386e52f00e in ffi_call_int (cif=cif@entry=0x7ffc8616c4b0, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>, closure=closure@entry=0x0) at ../src/x86/ffi64.c:673
#12 0x000071386e531bd3 in ffi_call (cif=cif@entry=0x7ffc8616c4b0, fn=<optimized out>, rvalue=rvalue@entry=0x0, avalue=avalue@entry=0x7ffc8616c580) at ../src/x86/ffi64.c:710
#13 0x0000713871502ada in wl_closure_invoke (closure=closure@entry=0x5eec17cddb10, target=<optimized out>, target@entry=0x5eec17920000, opcode=opcode@entry=1, data=<optimized out>, data@entry=0x5eec168d75a0, flags=2) at ../wayland-1.22.0/src/connection.c:1025
#14 0x0000713871507180 in wl_client_connection_data (fd=<optimized out>, mask=<optimized out>, data=<optimized out>) at ../wayland-1.22.0/src/wayland-server.c:438
#15 0x0000713871505ae2 in wl_event_loop_dispatch (loop=0x5eec162bc540, timeout=<optimized out>) at ../wayland-1.22.0/src/event-loop.c:1027
#16 0x0000713872848627 in KWin::Display::dispatchEvents (this=<optimized out>) at /usr/src/debug/kwin/kwin-6.0.2/src/wayland/display.cpp:118
#17 0x000071386fd90ca9 in QtPrivate::QSlotObjectBase::call (a=0x7ffc8616cbc0, r=0x5eec162bc290, this=0x5eec16b02800, this=<optimized out>, r=<optimized out>, a=<optimized out>) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/corelib/kernel/qobjectdefs_impl.h:433
#18 doActivate<false> (sender=0x5eec166b5e90, signal_index=3, argv=0x7ffc8616cbc0) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/corelib/kernel/qobject.cpp:4039
#19 0x000071386fd98530 in QSocketNotifier::activated (_t3=..., _t2=<optimized out>, _t1=..., this=0x5eec166b5e90) at /usr/src/debug/qt6-base/build/src/corelib/Core_autogen/include/moc_qsocketnotifier.cpp:231
#20 QSocketNotifier::event (this=0x5eec166b5e90, e=<optimized out>) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/corelib/kernel/qsocketnotifier.cpp:326
#21 0x0000713870ef438b in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x5eec166b5e90, e=0x7ffc8616ccc0) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/widgets/kernel/qapplication.cpp:3296
#22 0x000071386fd39818 in QCoreApplication::notifyInternal2 (receiver=0x5eec166b5e90, event=0x7ffc8616ccc0) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/corelib/kernel/qcoreapplication.cpp:1121
#23 0x000071386fe9e749 in QCoreApplication::sendEvent (event=0x7ffc8616ccc0, receiver=<optimized out>) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/corelib/kernel/qcoreapplication.cpp:1539
#24 QEventDispatcherUNIXPrivate::activateSocketNotifiers (this=this@entry=0x5eec161ee690) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/corelib/kernel/qeventdispatcher_unix.cpp:267
#25 0x000071386fe9fbac in QEventDispatcherUNIX::processEvents (this=<optimized out>, flags=..., flags@entry=...) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/corelib/kernel/qeventdispatcher_unix.cpp:476
#26 0x00007138707b26e2 in QUnixEventDispatcherQPA::processEvents (this=<optimized out>, flags=...) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/gui/platform/unix/qunixeventdispatcher.cpp:27
#27 0x000071386fd43d6e in QEventLoop::processEvents (flags=..., this=0x7ffc8616cea0) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/corelib/kernel/qeventloop.cpp:100
#28 QEventLoop::exec (this=0x7ffc8616cea0, flags=...) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/corelib/kernel/qeventloop.cpp:182
#29 0x000071386fd3c2b8 in QCoreApplication::exec () at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/corelib/global/qflags.h:74
#30 0x0000713870ef0f0a in QApplication::exec () at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/widgets/kernel/qapplication.cpp:2574
#31 0x00005eec153a4dee in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kwin/kwin-6.0.2/src/main_wayland.cpp:609
Comment 10 Antti Savolainen 2024-03-27 02:55:36 UTC 
The crash within krfb-virtualmonitor has however been fixed in the last month or so.
Comment 11 Vlad Zahorodnii 2024-03-27 12:25:26 UTC 
Please check if the crash is reproducible in 6.0.3?
Comment 12 Antti Savolainen 2024-03-27 13:20:23 UTC 
I'll test it once it hits Arch repos. Currently compiling workspace hits a dead end at frameworkintegration
Comment 13 Antti Savolainen 2024-03-30 13:27:26 UTC 
Alright. Works like a charm. I can reinitialize krfb-virtualmonitor as many times as I want without a crash.
Comment 14 Bug Janitor Service 2024-04-14 03:47:53 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!