Bug 487217 - Nested kwin_wayland crashed in KWin::EglSwapchainSlot::buffer in VMs using the llvmpipe driver
Summary: Nested kwin_wayland crashed in KWin::EglSwapchainSlot::buffer in VMs using th...
Status: RESOLVED WORKSFORME
Alias: None
Product: kwin
Classification: Plasma
Component: wayland-generic (other bugs)
Version First Reported In: 6.0.4
Platform: Other Linux
: NOR crash
Target Milestone: ---
Assignee: KWin default assignee
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-19 04:35 UTC by Matt Fagnani
Modified: 2024-05-31 22:25 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
kwin_wayland crash trace output from drkonqi (23.01 KB, text/vnd.kde.kcrash-report)
2024-05-19 04:35 UTC, Matt Fagnani 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Fagnani 2024-05-19 04:35:05 UTC 
Created attachment 169605 [details]
kwin_wayland crash trace output from drkonqi

SUMMARY

I booted the Fedora Rawhide/41 KDE Plasma live image Fedora-KDE-Live-x86_64-Rawhide-20240518.n.0.iso in a QEMU/KVM VM using GNOME Boxes with 3D acceleration disabled using the llvmpipe driver from mesa 24.1.0-rc4. Plasma 6.0.4 on Wayland started. I started Konsole. I tried to run a nested kwin_wayland session using the instructions at https://community.kde.org/KWin/Wayland
export $(dbus-launch)
kwin_wayland --xwayland 

The nested kwin_wayland window didn't appear. A Wayland icon appeared in the task manager briefly then disappeared. The following output was in Konsole which showed a Permission denied error and a segmentation fault of kwin_wayland.

export $(dbus-launch)
kwin_wayland --xwayland
No backend specified, automatically choosing Wayland because WAYLAND_DISPLAY is set
unable to lock lockfile /run/user/1000/wayland-0.lock, maybe another compositor is running
Accepting client connections on sockets: QList("wayland-1")
OpenGL vendor string:                   Mesa
OpenGL renderer string:                 llvmpipe (LLVM 18.1.4, 256 bits)
OpenGL version string:                  4.5 (Core Profile) Mesa 24.1.0-rc4
OpenGL shading language version string: 4.50
Driver:                                 LLVMpipe
GPU class:                              Unknown
OpenGL version:                         4.5
GLSL version:                           4.50
Mesa version:                           24.1
Requires strict binding:                no
Virtual Machine:                        no
Timer query support:                    yes
KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Permission denied
KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Permission denied
KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Permission denied
KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Permission denied
qt.qpa.wayland: Creating a fake screen in order for Qt not to crash
Segmentation fault (core dumped)
liveuser@localhost-live:~$ The Wayland connection broke. Did the Wayland compositor die?

The nested kwin_wayland crashed in KWin::EglSwapchainSlot::buffer. The crash might've been due to a null pointer dereference since this=0x0 in KWin::EglSwapchainSlot::buffer.

Core was generated by `kwin_wayland --xwayland'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  KWin::EglSwapchainSlot::buffer (this=0x0) at /usr/src/debug/kwin-6.0.4.1-3.fc41.x86_64/src/opengl/eglswapchain.cpp:39
39	    return m_buffer;
[Current thread is 1 (Thread 0x7f1ca443ab00 (LWP 2894))]

Thread 1 (Thread 0x7f1ca443ab00 (LWP 2894)):
#0  KWin::EglSwapchainSlot::buffer (this=0x0) at /usr/src/debug/kwin-6.0.4.1-3.fc41.x86_64/src/opengl/eglswapchain.cpp:39
#1  0x00007f1ca526dd18 in KWin::Wayland::WaylandEglPrimaryLayer::present (this=0x556c1bcd3a50) at /usr/include/c++/14/bits/shared_ptr_base.h:1666
#2  KWin::Wayland::WaylandEglBackend::present (this=<optimized out>, output=<optimized out>, frame=std::shared_ptr<KWin::OutputFrame> (use count 1, weak count 0) = {...}) at /usr/src/debug/kwin-6.0.4.1-3.fc41.x86_64/src/backends/wayland/wayland_egl_backend.cpp:330
#3  0x00007f1ca4fa8496 in KWin::Compositor::composite (this=0x556c18467990, renderLoop=<optimized out>) at /usr/src/debug/kwin-6.0.4.1-3.fc41.x86_64/src/compositor.cpp:201
#4  0x00007f1ca23fa3c4 in QtPrivate::QSlotObjectBase::call (this=0x556c1bd50870, r=<optimized out>, a=0x7ffcfc84dbf0) at /usr/src/debug/qt6-qtbase-6.7.0-5.fc41.x86_64/src/corelib/kernel/qobjectdefs_impl.h:469
#5  doActivate<false> (sender=0x556c183c01f0, signal_index=5, argv=0x7ffcfc84dbf0) at /usr/src/debug/qt6-qtbase-6.7.0-5.fc41.x86_64/src/corelib/kernel/qobject.cpp:4078
#6  0x00007f1ca23f0977 in QMetaObject::activate (sender=<optimized out>, m=<optimized out>, local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x7ffcfc84dbf0) at /usr/src/debug/qt6-qtbase-6.7.0-5.fc41.x86_64/src/corelib/kernel/qobject.cpp:4138
#7  0x00007f1ca4fc1c34 in KWin::RenderLoop::frameRequested (this=<optimized out>, _t1=<optimized out>) at /usr/src/debug/kwin-6.0.4.1-3.fc41.x86_64/redhat-linux-build/src/kwin_autogen/include/moc_renderloop.cpp:208
#8  0x00007f1ca4fc83ef in KWin::RenderLoopPrivate::dispatch (this=0x556c183d37a0) at /usr/src/debug/kwin-6.0.4.1-3.fc41.x86_64/src/core/renderloop.cpp:128
#9  0x00007f1ca23fa3c4 in QtPrivate::QSlotObjectBase::call (this=0x556c183bdc50, r=<optimized out>, a=0x7ffcfc84dd30) at /usr/src/debug/qt6-qtbase-6.7.0-5.fc41.x86_64/src/corelib/kernel/qobjectdefs_impl.h:469
#10 doActivate<false> (sender=0x556c183d37c0, signal_index=3, argv=0x7ffcfc84dd30) at /usr/src/debug/qt6-qtbase-6.7.0-5.fc41.x86_64/src/corelib/kernel/qobject.cpp:4078
#11 0x00007f1ca23f0977 in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7f1ca28830a0, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffcfc84dd30) at /usr/src/debug/qt6-qtbase-6.7.0-5.fc41.x86_64/src/corelib/kernel/qobject.cpp:4138
#12 0x00007f1ca240941d in QTimer::timeout (this=<optimized out>, _t1=...) at /usr/src/debug/qt6-qtbase-6.7.0-5.fc41.x86_64/redhat-linux-build/src/corelib/Core_autogen/include/moc_qtimer.cpp:224
#13 0x00007f1ca23ebc9f in QObject::event (this=0x556c183d37c0, e=0x7ffcfc84dee0) at /usr/src/debug/qt6-qtbase-6.7.0-5.fc41.x86_64/src/corelib/kernel/qobject.cpp:1476
#14 0x00007f1ca378b368 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib64/libQt6Widgets.so.6
#15 0x00007f1ca2395a98 in QCoreApplication::notifyInternal2 (receiver=0x556c183d37c0, event=0x7ffcfc84dee0) at /usr/src/debug/qt6-qtbase-6.7.0-5.fc41.x86_64/src/corelib/kernel/qcoreapplication.cpp:1134
#16 0x00007f1ca2395cfd in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>) at /usr/src/debug/qt6-qtbase-6.7.0-5.fc41.x86_64/src/corelib/kernel/qcoreapplication.cpp:1575
#17 0x00007f1ca254d6d7 in QTimerInfoList::activateTimers (this=this@entry=0x556c182f4d08) at /usr/src/debug/qt6-qtbase-6.7.0-5.fc41.x86_64/src/corelib/kernel/qtimerinfo_unix.cpp:436
#18 0x00007f1ca254f9f0 in QEventDispatcherUNIXPrivate::activateTimers (this=this@entry=0x556c182f4c30) at /usr/src/debug/qt6-qtbase-6.7.0-5.fc41.x86_64/src/corelib/kernel/qeventdispatcher_unix.cpp:196
#19 0x00007f1ca2551bfb in QEventDispatcherUNIX::processEvents (this=<optimized out>, flags=...) at /usr/src/debug/qt6-qtbase-6.7.0-5.fc41.x86_64/src/corelib/kernel/qeventdispatcher_unix.cpp:472
#20 0x00007f1ca3155052 in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQt6Gui.so.6
#21 0x00007f1ca23a2693 in QEventLoop::exec (this=this@entry=0x7ffcfc84e0b0, flags=..., flags@entry=...) at /usr/src/debug/qt6-qtbase-6.7.0-5.fc41.x86_64/src/corelib/global/qflags.h:34
#22 0x00007f1ca239e61c in QCoreApplication::exec () at /usr/src/debug/qt6-qtbase-6.7.0-5.fc41.x86_64/src/corelib/global/qflags.h:74
#23 0x0000556bf39f0d0f in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kwin-6.0.4.1-3.fc41.x86_64/src/main_wayland.cpp:609

This problem happened 2/2 times I tried to run a nested kwin_wayland session in a VM using the llvmpipe driver. I'm attaching the full trace from drkonqi which said the trace didn't have enough useful information.

STEPS TO REPRODUCE
1. Boot a Fedora 40 KDE Plasma installation updated to 2024-5-19 with updates-testing enabled
2. Log in to Plasma 6.0.4 on Wayland
3. Start Konsole
4. Install GNOME Boxes if it isn't already with sudo dnf install gnome-boxes
5. Download Fedora-KDE-Live-x86_64-Rawhide-20240518.n.0.iso from https://koji.fedoraproject.org/koji/buildinfo?buildID=2453143 
6. Start GNOME Boxes
7. Boot Fedora-KDE-Live-x86_64-Rawhide-20240518.n.0.iso in a GNOME Boxes QEMU/KVM VM with 3 GiB RAM, UEFI enabled, and 3D acceleration disabled
8. Start Konsole
9. In Konsole, run 
export $(dbus-launch)
kwin_wayland --xwayland 


OBSERVED RESULT
Nested kwin_wayland crashed in KWin::EglSwapchainSlot::buffer in VMs using the llvmpipe driver

EXPECTED RESULT
Nested kwin_wayland shouldn't have crashed

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora Rawhide
(available in About System)
KDE Plasma Version: 6.0.4
KDE Frameworks Version: 6.2.0
Qt Version: 6.7.0

ADDITIONAL INFORMATION

I reported a nested kwin_wayland crash with a different trace at https://bugs.kde.org/show_bug.cgi?id=478864 which had a patch marked as fixing the problem.
Comment 1 Vlad Zahorodnii 2024-05-31 11:34:43 UTC 
you're running kwin_wayland without all the fixes. try 6.0.5
Comment 2 Matt Fagnani 2024-05-31 19:47:41 UTC 
(In reply to Vlad Zahorodnii from comment #1)
> you're running kwin_wayland without all the fixes. try 6.0.5

I tried Plasma 6.0.5 and 6.0.90 in VMs using the llvmpipe driver, and nested kwin_wayland didn't crash but its window didn't appear.  Just a task manager Wayland icon labelled KDE Wayland compositor WL-0 was shown which didn't show the window when I tried to click on it or maximize it. Thanks.
Comment 3 Matt Fagnani 2024-05-31 22:25:00 UTC 
Nested kwin_wayland 6.0.5 crashed with a different trace that of 6.0.4 from each other in VMs using llvmpipe https://bugs.kde.org/show_bug.cgi?id=487857 Nested kwin_wayland 6.0.90.1 window didn't appear, but it didn't crash as I described https://bugs.kde.org/show_bug.cgi?id=487860