480971 – kwin_wayland random crash in math in KWin::SurfaceItem::refreshRateEstimation

Bug 480971 - kwin_wayland random crash in math in KWin::SurfaceItem::refreshRateEstimation

Summary: kwin_wayland random crash in math in KWin::SurfaceItem::refreshRateEstimation

Status:	RESOLVED FIXED

Alias:	None

Product:	kwin
Classification:	Plasma
Component:	wayland-generic (other bugs)
Version First Reported In:	5.93.0
Platform:	Arch Linux Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	KWin default assignee

URL:
Keywords:	qt6

Depends on:
Blocks:

Reported:	2024-02-06 19:30 UTC by Dmitrii Chermnykh
Modified:	2024-02-08 19:11 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:	https://invent.kde.org/plasma/kwin/-/commit/dd54b03aaf58a0b41a10f60c63938213c2822dd3
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
gdb backtrace (6.03 KB, text/plain) 2024-02-06 19:30 UTC, Dmitrii Chermnykh	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Dmitrii Chermnykh 2024-02-06 19:30:43 UTC

Created attachment 165626 [details]
gdb backtrace

SUMMARY

Random crash with the following display configuration:
HDR is Disabled
Adaptive sync: always
Fractional scaling at 150x

STEPS TO REPRODUCE
1. Switch windows or workspaces
2. Random crash

OBSERVED RESULT
See the attached backtrace file

SOFTWARE/OS VERSIONS
Operating System: Arch Linux 
KDE Plasma Version: 5.93.0
KDE Frameworks Version: 5.249.0
Qt Version: 6.7.0
Kernel Version: 6.7.4-zen1-1-zen (64-bit)
Graphics Platform: Wayland
Processors: 16 × AMD Ryzen 7 5800H with Radeon Graphics
Memory: 23.1 GiB of RAM
Graphics Processor: NVIDIA GeForce RTX 3050 Ti Laptop GPU/PCIe/SSE2

Comment 1 Dmitrii Chermnykh 2024-02-06 19:33:52 UTC

I think https://invent.kde.org/plasma/kwin/-/blob/v5.93.0/src/scene/surfaceitem.cpp?ref_type=tags#L266 sometimes divides by 0

Comment 2 Dmitrii Chermnykh 2024-02-06 20:06:28 UTC

backtrace for global search:
#0  0x00007c269d91e45b in std::chrono::operator/<long, std::ratio<1l, 1000000000l>, long, std::ratio<1l, 1000000000l> > (__rhs=<optimized out>, __lhs=<optimized out>) at /usr/include/c++/13.2.1/bits/chrono.h:764
#1  KWin::SurfaceItem::refreshRateEstimation (this=0x5f3a10c9ad40) at /usr/src/debug/kwin/kwin-5.93.0/src/scene/surfaceitem.cpp:266
#2  KWin::SurfaceItem::refreshRateEstimation (this=0x5f3a10c9ad40) at /usr/src/debug/kwin/kwin-5.93.0/src/scene/surfaceitem.cpp:262
#3  0x00007c269d7ed25e in KWin::RenderLoop::scheduleRepaint (this=0x5f3a10f61080, item=0x5f3a1011cf10) at /usr/src/debug/kwin/kwin-5.93.0/src/core/renderloop.cpp:207
#4  0x00007c269d90f108 in KWin::Item::scheduleFrame (this=0x5f3a1011cf10) at /usr/src/debug/kwin/kwin-5.93.0/src/scene/item.cpp:336
#5  KWin::Item::scheduleFrame (this=0x5f3a1011cf10) at /usr/src/debug/kwin/kwin-5.93.0/src/scene/item.cpp:327
#6  0x00007c269abbfce9 in QtPrivate::QSlotObjectBase::call (a=0x7ffd937e2908, r=0x5f3a1011cf10, this=0x5f3a10ecd9e0, this=<optimized out>, r=<optimized out>, a=<optimized out>) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta2/src/corelib/kernel/qobjectdefs_impl.h:469
#7  doActivate<false> (sender=0x5f3a11042790, signal_index=24, argv=0x7ffd937e2908) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta2/src/corelib/kernel/qobject.cpp:4059
#8  0x00007c269db06303 in KWin::SurfaceInterfacePrivate::applyState (this=0x5f3a1042db20, next=<optimized out>) at /usr/src/debug/kwin/kwin-5.93.0/src/wayland/surface.cpp:712
#9  0x00007c269db2e2f6 in KWin::Transaction::apply (this=this@entry=0x5f3a1024c940) at /usr/src/debug/kwin/kwin-5.93.0/src/wayland/transaction.cpp:209
#10 0x00007c269db2e472 in KWin::Transaction::tryApply (this=this@entry=0x5f3a1024c940) at /usr/src/debug/kwin/kwin-5.93.0/src/wayland/transaction.cpp:242
#11 0x00007c269db2efbb in KWin::Transaction::commit (this=<optimized out>) at /usr/src/debug/kwin/kwin-5.93.0/src/wayland/transaction.cpp:271
#12 0x00007c269db09891 in KWin::SurfaceInterfacePrivate::surface_commit (this=0x5f3a1042db20, resource=<optimized out>) at /usr/src/debug/kwin/kwin-5.93.0/src/wayland/surface.cpp:372
#13 0x00007c269938a4f6 in ffi_call_unix64 () at ../src/x86/unix64.S:104
#14 0x00007c2699386f5e in ffi_call_int (cif=cif@entry=0x7ffd937e2f40, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>, closure=closure@entry=0x0) at ../src/x86/ffi64.c:673
#15 0x00007c2699389b73 in ffi_call (cif=cif@entry=0x7ffd937e2f40, fn=<optimized out>, rvalue=rvalue@entry=0x0, avalue=avalue@entry=0x7ffd937e3010) at ../src/x86/ffi64.c:710
#16 0x00007c269c585ada in wl_closure_invoke (closure=closure@entry=0x5f3a1024c7c0, target=<optimized out>, target@entry=0x5f3a110426b0, opcode=opcode@entry=6, data=<optimized out>, data@entry=0x5f3a11001550, flags=2) at ../wayland-1.22.0/src/connection.c:1025
#17 0x00007c269c58a180 in wl_client_connection_data (fd=<optimized out>, mask=<optimized out>, data=<optimized out>) at ../wayland-1.22.0/src/wayland-server.c:438
#18 0x00007c269c588ae2 in wl_event_loop_dispatch (loop=0x5f3a0fda6d40, timeout=<optimized out>) at ../wayland-1.22.0/src/event-loop.c:1027
#19 0x00007c269daabb17 in KWin::Display::dispatchEvents (this=<optimized out>) at /usr/src/debug/kwin/kwin-5.93.0/src/wayland/display.cpp:118
#20 0x00007c269abbfce9 in QtPrivate::QSlotObjectBase::call (a=0x7ffd937e3700, r=0x5f3a0fdd5bf0, this=0x5f3a10e5f4d0, this=<optimized out>, r=<optimized out>, a=<optimized out>) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta2/src/corelib/kernel/qobjectdefs_impl.h:469
#21 doActivate<false> (sender=0x5f3a104b9500, signal_index=3, argv=0x7ffd937e3700) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta2/src/corelib/kernel/qobject.cpp:4059
#22 0x00007c269abc8c6a in QSocketNotifier::activated (_t3=..., _t2=<optimized out>, _t1=..., this=0x5f3a104b9500) at /usr/src/debug/qt6-base/build/src/corelib/Core_autogen/include/moc_qsocketnotifier.cpp:193
#23 QSocketNotifier::event (this=0x5f3a104b9500, e=0x7ffd937e3810) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta2/src/corelib/kernel/qsocketnotifier.cpp:327
#24 0x00007c269bf7bf6b in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x5f3a104b9500, e=0x7ffd937e3810) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta2/src/widgets/kernel/qapplication.cpp:3298
#25 0x00007c269ab66178 in QCoreApplication::notifyInternal2 (receiver=0x5f3a104b9500, event=0x7ffd937e3810) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta2/src/corelib/kernel/qcoreapplication.cpp:1134
#26 0x00007c269acd42f9 in QCoreApplication::sendEvent (event=0x7ffd937e3810, receiver=<optimized out>) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta2/src/corelib/kernel/qcoreapplication.cpp:1575
#27 QEventDispatcherUNIXPrivate::activateSocketNotifiers (this=0x5f3a0fd58be0) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta2/src/corelib/kernel/qeventdispatcher_unix.cpp:251
#28 0x00007c269acda29b in QEventDispatcherUNIX::processEvents (this=<optimized out>, flags=..., flags@entry=...) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta2/src/corelib/kernel/qeventdispatcher_unix.cpp:467
#29 0x00007c269b7f62c2 in QUnixEventDispatcherQPA::processEvents (this=<optimized out>, flags=...) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta2/src/gui/platform/unix/qunixeventdispatcher.cpp:27
#30 0x00007c269ab6e39e in QEventLoop::processEvents (flags=..., this=0x7ffd937e39e0) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta2/src/corelib/kernel/qeventloop.cpp:100
#31 QEventLoop::exec (this=0x7ffd937e39e0, flags=...) at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta2/src/corelib/kernel/qeventloop.cpp:182
#32 0x00007c269ab69d88 in QCoreApplication::exec () at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta2/src/corelib/global/qflags.h:74
#33 0x00007c269bf784ba in QApplication::exec () at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.7.0-beta2/src/widgets/kernel/qapplication.cpp:2568
#34 0x00005f3a0e32be8e in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kwin/kwin-5.93.0/src/main_wayland.cpp:609

Comment 3 Bug Janitor Service 2024-02-06 20:47:44 UTC

A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/5130

Comment 4 Dmitrii Chermnykh 2024-02-07 08:57:15 UTC

Could the `average` value at https://invent.kde.org/plasma/kwin/-/blob/v5.93.0/src/scene/surfaceitem.cpp?ref_type=tags#L110 also become 0 for the same reason as in the report?

Comment 5 Dmitrii Chermnykh 2024-02-07 12:32:22 UTC

this (from kwin chat) is probably relevant https://crash-reports.kde.org/organizations/kde/issues/6333/?project=12&query=is%3Aunresolved&referrer=issue-stream&statsPeriod=14d&stream_index=19

Comment 6 Zamundaaa 2024-02-07 14:00:21 UTC

Yeah, it could, I already fixed that

Comment 7 Zamundaaa 2024-02-08 19:00:35 UTC

Git commit 31ebdb73a0022bebfc0637d768bb52bd29c969d5 by Xaver Hugl.
Committed on 08/02/2024 at 18:36.
Pushed by zamundaaa into branch 'master'.

scene/surfaceitem: change refresh rate estimation to frame time estimation

This is both more direct and avoids divisions by durations that can potentially
be zero

M  +1    -1    src/core/renderloop.cpp
M  +5    -7    src/scene/surfaceitem.cpp
M  +2    -2    src/scene/surfaceitem.h

https://invent.kde.org/plasma/kwin/-/commit/31ebdb73a0022bebfc0637d768bb52bd29c969d5

Comment 8 Zamundaaa 2024-02-08 19:11:35 UTC

Git commit dd54b03aaf58a0b41a10f60c63938213c2822dd3 by Xaver Hugl.
Committed on 08/02/2024 at 19:01.
Pushed by zamundaaa into branch 'Plasma/6.0'.

scene/surfaceitem: change refresh rate estimation to frame time estimation

This is both more direct and avoids divisions by durations that can potentially
be zero


(cherry picked from commit 31ebdb73a0022bebfc0637d768bb52bd29c969d5)

M  +1    -1    src/core/renderloop.cpp
M  +5    -7    src/scene/surfaceitem.cpp
M  +2    -2    src/scene/surfaceitem.h

https://invent.kde.org/plasma/kwin/-/commit/dd54b03aaf58a0b41a10f60c63938213c2822dd3