https://bugs.kde.org/show_bug.cgi?id=467913
Bug ID: 467913
Summary: kwin_wayland crashed in
KWin::GLVertexBufferPrivate::interleaveArrays when the
cursor was moved to the top-left of the splash screen
Classification: Plasma
Product: kwin
Version: 5.27.3
Platform: Fedora RPMs
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: wayland-generic
Assignee: kwin-bugs-n...@kde.org
Reporter: matt.fagn...@bell.net
Target Milestone: ---
Created attachment 157678
--> https://bugs.kde.org/attachment.cgi?id=157678&action=edit
Full trace of all threads of kwin_wayland crash
SUMMARY
I logged in to Plasma 5.27.3 on Wayland in a Fedora 38 KDE Plasma installation.
I moved the mouse cursor to the top-left of the screen when the splash screen
was shown. The screen went black for a couple seconds with just a text cursor
at the top-left. The effect where the splash screen shrinks and a grey blurred
border is shown around it wasn't displayed. Plasma started after a few seconds.
coredumpctl showed that kwin_wayland crashed in
KWin::GLVertexBufferPrivate::interleaveArrays.
Core was generated by `/usr/bin/kwin_wayland --wayland-fd 7 --socket wayland-0
--xwayland-fd 8 --xwayl'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007efe4c52e870 in KWin::GLVertexBufferPrivate::interleaveArrays
(this=0x5651eaf62390,
count=4, texcoords=0x7ffdefec3e30, vertices=0x7ffdefec3e58, dim=<optimized
out>, dst=0x4)
at
/usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/libkwineffects/kwinglutils.cpp:1674
1674 *(dst++) = *(vertices++);
(gdb) bt
#0 0x00007efe4c52e870 in KWin::GLVertexBufferPrivate::interleaveArrays(float*,
int, float const*, float const*, int)
(this=0x5651eaf62390, count=4, texcoords=0x7ffdefec3e30,
vertices=0x7ffdefec3e58, dim=<optimized out>, dst=0x4) at
/usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/libkwineffects/kwinglutils.cpp:1674
#1 KWin::GLVertexBuffer::setData(int, int, float const*, float const*)
(this=0x5651eb028160, vertexCount=<optimized out>, dim=<optimized out>,
vertices=<optimized out>, texcoords=<optimized out>)
at
/usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/libkwineffects/kwinglutils.cpp:1894
#2 0x00007efe4c52987a in KWin::GLTexture::render(QRegion const&, QRect const&,
double, bool)
(this=0x5651eaf59520, region=..., rect=<optimized out>, scale=<optimized
out>, hardwareClipping=<optimized out>) at
/usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/libkwineffects/kwingltexture.cpp:546
#3 0x00007efe4c529aae in KWin::GLTexture::render(QRect const&, double)
(this=this@entry=0x5651eaf59520, rect=..., scale=scale@entry=1)
at
/usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/libkwineffects/kwingltexture.cpp:511
#4 0x00007efe4c040f32 in
KWin::EffectsHandlerImpl::renderOffscreenQuickView(KWin::OffscreenQuickView*)
const (this=0x5651e98374b0, w=0x5651eabce980)
at /usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/effects.cpp:1793
#5 0x00007efe4c0347a9 in KWin::EffectsHandlerImpl::paintScreen(int, QRegion
const&, KWin::ScreenPaintData&) (this=0x5651e98374b0, mask=<optimized out>,
region=<optimized out>, data=<optimized out>)
at /usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/effects.cpp:396
#6 0x00007efe4c0347a9 in KWin::EffectsHandlerImpl::paintScreen(int, QRegion
const&, KWin::ScreenPaintData&) (this=0x5651e98374b0, mask=<optimized out>,
region=<optimized out>, data=<optimized out>)
at /usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/effects.cpp:396
--Type <RET> for more, q to quit, c to continue without paging--c
#7 0x00007efe4c0347a9 in KWin::EffectsHandlerImpl::paintScreen(int, QRegion
const&, KWin::ScreenPaintData&) (this=0x5651e98374b0, mask=<optimized out>,
region=<optimized out>, data=<optimized out>)
at /usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/effects.cpp:396
#8 0x00005651e87b4286 in KWin::ScreenEdgeEffect::paintScreen(int, QRegion
const&, KWin::ScreenPaintData&) (this=0x5651ea7bd8d0, mask=<optimized out>,
region=<optimized out>, data=...)
at
/usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/effects/screenedge/screenedgeeffect.cpp:72
#9 0x00007efe4c0347a9 in KWin::EffectsHandlerImpl::paintScreen(int, QRegion
const&, KWin::ScreenPaintData&) (this=0x5651e98374b0, mask=<optimized out>,
region=<optimized out>, data=<optimized out>)
at /usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/effects.cpp:396
#10 0x00007efe4c0b6c0a in KWin::WorkspaceScene::paint(KWin::RenderTarget*,
QRegion const&)
(this=this@entry=0x5651e9b1f2a0,
renderTarget=renderTarget@entry=0x7ffdefec42a0, region=...)
at
/usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/scene/workspacescene.cpp:357
#11 0x00007efe4c0416f8 in
KWin::EffectsHandlerImpl::renderScreen(KWin::EffectScreen*)
(this=0x5651e98374b0, screen=<optimized out>)
at /usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/effects.cpp:1868
#12 0x00005651e87ad999 in operator() (__closure=0x5651ea81f480)
at
/usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/effects/screentransform/screentransform.cpp:90
#13 QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void,
KWin::ScreenTransformEffect::addScreen(KWin::EffectScreen*)::<lambda()> >::call
(arg=<optimized out>, f=...)
at /usr/include/qt5/QtCore/qobjectdefs_impl.h:146
#14
QtPrivate::Functor<KWin::ScreenTransformEffect::addScreen(KWin::EffectScreen*)::<lambda()>,
0>::call<QtPrivate::List<>, void> (arg=<optimized out>, f=...)
at /usr/include/qt5/QtCore/qobjectdefs_impl.h:256
#15
QtPrivate::QFunctorSlotObject<KWin::ScreenTransformEffect::addScreen(KWin::EffectScreen*)::<lambda()>,
0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *,
void **, bool *)
(which=<optimized out>, this_=0x5651ea81f470, r=<optimized out>,
a=<optimized out>, ret=<optimized out>) at
/usr/include/qt5/QtCore/qobjectdefs_impl.h:443
#16 0x00007efe4a6e84f1 in QtPrivate::QSlotObjectBase::call(QObject*, void**)
(a=0x7ffdefec4480, r=<optimized out>, this=0x5651ea81f470)
at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#17 doActivate<false>(QObject*, int, void**)
(sender=0x5651e9d668b0, signal_index=7, argv=0x7ffdefec4480) at
kernel/qobject.cpp:3923
#18 0x00007efe4a6e84f1 in QtPrivate::QSlotObjectBase::call(QObject*, void**)
(a=0x7ffdefec4550, r=<optimized out>, this=0x5651ea730ea0)
at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#19 doActivate<false>(QObject*, int, void**)
(sender=0x5651e9c901b0, signal_index=8, argv=0x7ffdefec4550) at
kernel/qobject.cpp:3923
#20 0x00007efe4c1bd5f3 in
KWin::DrmOutput::applyQueuedChanges(KWin::OutputConfiguration const&)
(config=..., this=0x5651e9c901b0)
at
/usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/backends/drm/drm_output.cpp:426
#21 KWin::DrmOutput::applyQueuedChanges(KWin::OutputConfiguration const&)
(this=0x5651e9c901b0, config=...)
at
/usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/backends/drm/drm_output.cpp:421
#22 0x00007efe4c1962c0 in
KWin::DrmBackend::applyOutputChanges(KWin::OutputConfiguration const&)
(this=<optimized out>, config=...)
at
/usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/backends/drm/drm_backend.cpp:496
#23 0x00007efe4c13ff5e in
KWin::Workspace::applyOutputConfiguration(KWin::OutputConfiguration const&,
QVector<KWin::Output*> const&) (this=0x5651e9cbfdc0, config=<optimized out>,
outputOrder=...)
at /usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/workspace.cpp:520
#24 0x00007efe4c21870d in
KWaylandServer::OutputConfigurationV2Interface::kde_output_configuration_v2_apply(QtWaylandServer::kde_output_configuration_v2::Resource*)
(this=0x7efe0c0042e0, resource=<optimized out>)
at
/usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/wayland/outputmanagement_v2_interface.cpp:308
#25 0x00007efe4777abe6 in ffi_call_unix64 () at ../src/x86/unix64.S:104
#26 0x00007efe477774bf in ffi_call_int
(cif=cif@entry=0x7ffdefec4990, fn=<optimized out>, rvalue=<optimized out>,
avalue=<optimized out>, closure=closure@entry=0x0) at ../src/x86/ffi64.c:673
#27 0x00007efe4777a18e in ffi_call
(cif=cif@entry=0x7ffdefec4990, fn=<optimized out>, rvalue=rvalue@entry=0x0,
avalue=avalue@entry=0x7ffdefec4a60) at ../src/x86/ffi64.c:710
#28 0x00007efe48dfc863 in wl_closure_invoke
(closure=closure@entry=0x5651eadac080, target=<optimized out>,
target@entry=0x5651eadabda0, opcode=opcode@entry=5, data=<optimized out>,
data@entry=0x5651ea9cc7b0, flags=2) at ../src/connection.c:1025
#29 0x00007efe48e00fa4 in wl_client_connection_data
(fd=<optimized out>, mask=<optimized out>, data=0x5651ea9cc7b0) at
../src/wayland-server.c:437
#30 0x00007efe48dff812 in wl_event_loop_dispatch (loop=0x5651e97bd840,
timeout=<optimized out>)
at ../src/event-loop.c:1027
#31 0x00007efe4c1f8279 in KWaylandServer::Display::dispatchEvents()
(this=<optimized out>)
at /usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/wayland/display.cpp:114
#32 0x00007efe4a6e84f1 in QtPrivate::QSlotObjectBase::call(QObject*, void**)
(a=0x7ffdefec5090, r=<optimized out>, this=0x5651e9ef1270)
at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#33 doActivate<false>(QObject*, int, void**)
(sender=0x5651e9ebd8f0, signal_index=3, argv=0x7ffdefec5090) at
kernel/qobject.cpp:3923
#34 0x00007efe4a6e3377 in QMetaObject::activate(QObject*, QMetaObject const*,
int, void**)
(sender=sender@entry=0x5651e9ebd8f0, m=m@entry=0x7efe4a967420
<QSocketNotifier::staticMetaObject>,
local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffdefec5090)
at kernel/qobject.cpp:3983
#35 0x00007efe4a6eaefd in QSocketNotifier::activated(QSocketDescriptor,
QSocketNotifier::Type, QSocketNotifier::QPrivateSignal)
(this=this@entry=0x5651e9ebd8f0, _t1=..., _t2=<optimized out>, _t3=...)
at .moc/moc_qsocketnotifier.cpp:178
#36 0x00007efe4a6eb76b in QSocketNotifier::event(QEvent*) (this=0x5651e9ebd8f0,
e=<optimized out>)
at kernel/qsocketnotifier.cpp:302
#37 0x00007efe49daeca5 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(this=<optimized out>, receiver=0x5651e9ebd8f0, e=0x7ffdefec51a0) at
kernel/qapplication.cpp:3640
#38 0x00007efe4a6b3bd8 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(receiver=0x5651e9ebd8f0, event=0x7ffdefec51a0) at
kernel/qcoreapplication.cpp:1064
#39 0x00007efe4a6b3df2 in QCoreApplication::sendEvent(QObject*, QEvent*)
(receiver=<optimized out>, event=<optimized out>) at
kernel/qcoreapplication.cpp:1462
#40 0x00007efe4a70385f in
QEventDispatcherUNIXPrivate::activateSocketNotifiers()
(this=this@entry=0x5651e97891b0) at kernel/qeventdispatcher_unix.cpp:304
#41 0x00007efe4a703be0 in
QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(this=<optimized out>, flags=...) at kernel/qeventdispatcher_unix.cpp:511
#42 0x00005651e88501e2 in
QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
()
#43 0x00007efe4a6b25ab in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(this=this@entry=0x7ffdefec5340, flags=..., flags@entry=...)
at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#44 0x00007efe4a6ba82b in QCoreApplication::exec() ()
at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#45 0x00007efe4ab5f61d in QGuiApplication::exec() () at
kernel/qguiapplication.cpp:1863
#46 0x00007efe49daec19 in QApplication::exec() () at
kernel/qapplication.cpp:2832
#47 0x00005651e876ad44 in main(int, char**) (argc=<optimized out>,
argv=<optimized out>)
at /usr/src/debug/kwin-5.27.3-2.fc38.x86_64/src/main_wayland.cpp:628
dst=0x4 was incremented and used as a pointer. vertices pointed to an address
that had a null value and was incremented and used as a pointer.
(gdb) p vertices
$1 = (const float *) 0x7ffdefec3e58
(gdb) p *vertices
$2 = 0
(gdb) x 0x7ffdefec3e58
0x7ffdefec3e58: 0x00000000
(gdb) p dst
$3 = (float *) 0x4
(gdb) p *dst
Cannot access memory at address 0x4
I'm attaching the full trace of all threads. The problem happened 1/5 times
when I moved the cursor to the top-left of the splash screen and might involve
a race condition. The journal showed that other KDE programs failed after the
kwin_wayland crash and Plasma was automatically restarted.
STEPS TO REPRODUCE
1. Boot a Fedora 38 KDE Plasma installation updated to 2023-3-28 with
updates-testing repo enabled
2. Log in to Plasma 5.27.3 on Wayland from sddm on Wayland
3. Move the cursor to the top-left of the screen when the splash screen is
shown
4. If the problem didn't happen, log out of Plasma and repeated 2-3 until it
does
OBSERVED RESULT
kwin_wayland crashed in KWin::GLVertexBufferPrivate::interleaveArrays when the
cursor was moved to the top-left of the splash screen
EXPECTED RESULT
No crash would happen.
SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora 38
(available in About System)
KDE Plasma Version: 5.27.3
KDE Frameworks Version: 5.104.0
Qt Version: 5.15.8
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are watching all bug changes.
