[kwin] [Bug 487857] New: Nested kwin_wayland 6.0.5 crashed in QRegion::QRegion in VMs using the llvmpipe driver

Fri, 31 May 2024 15:02:00 -0700 

https://bugs.kde.org/show_bug.cgi?id=487857

            Bug ID: 487857
           Summary: Nested kwin_wayland 6.0.5 crashed in QRegion::QRegion
                    in VMs using the llvmpipe driver
    Classification: Plasma
           Product: kwin
           Version: 6.0.5
          Platform: Fedora RPMs
                OS: Linux
            Status: REPORTED
          Keywords: qt6
          Severity: normal
          Priority: NOR
         Component: wayland-generic
          Assignee: kwin-bugs-n...@kde.org
          Reporter: matt.fagn...@bell.net
  Target Milestone: ---

SUMMARY

I booted the Fedora Rawhide/41 KDE Plasma live image
Fedora-KDE-Live-x86_64-Rawhide-20240527.n.0.iso in a QEMU/KVM VM using GNOME
Boxes with 3D acceleration disabled using the llvmpipe driver from mesa 24.1.0.
Plasma 6.0.5 on Wayland started. I started Konsole. I tried to run a nested
kwin_wayland session using the instructions at
https://community.kde.org/KWin/Wayland
export $(dbus-launch)
kwin_wayland --xwayland 

The nested kwin_wayland window didn't appear. The following output was in
Konsole which showed KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Permission denied
errors and a segmentation fault in kwin_wayland.

export $(dbus-launch)
kwin_wayland --xwayland 
No backend specified, automatically choosing Wayland because WAYLAND_DISPLAY is
set
unable to lock lockfile /run/user/1000/wayland-0.lock, maybe another compositor
is running
Accepting client connections on sockets: QList("wayland-1")
OpenGL vendor string:                   Mesa
OpenGL renderer string:                 llvmpipe (LLVM 18.1.6, 256 bits)
OpenGL version string:                  4.5 (Core Profile) Mesa 24.1.0
OpenGL shading language version string: 4.50
Driver:                                 LLVMpipe
GPU class:                              Unknown
OpenGL version:                         4.5
GLSL version:                           4.50
Mesa version:                           24.1
Requires strict binding:                no
Virtual Machine:                        no
Timer query support:                    yes
KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Permission denied
KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Permission denied
KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Permission denied
KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Permission denied
KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Permission denied
KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Permission denied
kwin_wayland_backend: Could not find a suitable render format
qt.qpa.wayland: Creating a fake screen in order for Qt not to crash
The Wayland connection broke. Did the Wayland compositor die?
Segmentation fault (core dumped)

Nested kwin_wayland crashed in QRegion::QRegion with a null pointer r resulting
in a null pointer dereference r.d.

Core was generated by `kwin_wayland --xwayland'.
Program terminated with signal SIGSEGV, Segmentation fault.

#0  QRegion::QRegion (this=this@entry=0x7ffcfd4409d0, r=...) at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/gui/painting/qregion.cpp:3837
3837        d = r.d;
[Current thread is 1 (Thread 0x7ff5706f5b00 (LWP 2876))]

(gdb) bt
#0  QRegion::QRegion (this=this@entry=0x7ffcfd4409d0, r=...) at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/gui/painting/qregion.cpp:3837
#1  0x00007ff571c6d3d3 in KWin::DamageJournal::lastDamage (this=<optimized
out>, this=<optimized out>) at /usr/include/qt6/QtCore/qlist.h:183
#2  KWin::Wayland::WaylandEglPrimaryLayer::present (this=0x561566d47760) at
/usr/src/debug/kwin-6.0.5-1.fc41.x86_64/src/backends/wayland/wayland_egl_backend.cpp:124
#3  KWin::Wayland::WaylandEglBackend::present (this=<optimized out>,
output=<optimized out>, 
    frame=std::shared_ptr<KWin::OutputFrame> (use count 1, weak count 0) =
{...})
    at
/usr/src/debug/kwin-6.0.5-1.fc41.x86_64/src/backends/wayland/wayland_egl_backend.cpp:330
#4  0x00007ff5719a8436 in KWin::Compositor::composite (this=0x5615634c9930,
renderLoop=<optimized out>)
    at /usr/src/debug/kwin-6.0.5-1.fc41.x86_64/src/compositor.cpp:201
#5  0x00007ff56ebfa722 in QtPrivate::QSlotObjectBase::call
(this=0x561566dc4c00, r=<optimized out>, a=0x7ffcfd440de0)
    at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/corelib/kernel/qobjectdefs_impl.h:469
#6  doActivate<false> (sender=0x56156342c490, signal_index=5,
argv=0x7ffcfd440de0)
    at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/corelib/kernel/qobject.cpp:4086
#7  0x00007ff56ebf0b17 in QMetaObject::activate (sender=<optimized out>,
m=<optimized out>, local_signal_index=local_signal_index@entry=2, 
    argv=argv@entry=0x7ffcfd440de0) at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/corelib/kernel/qobject.cpp:4146
#8  0x00007ff5719c1ba4 in KWin::RenderLoop::frameRequested (this=<optimized
out>, _t1=<optimized out>)
    at
/usr/src/debug/kwin-6.0.5-1.fc41.x86_64/redhat-linux-build/src/kwin_autogen/include/moc_renderloop.cpp:208
#9  0x00007ff5719c839f in KWin::RenderLoopPrivate::dispatch
(this=0x561563440d70) at
/usr/src/debug/kwin-6.0.5-1.fc41.x86_64/src/core/renderloop.cpp:128
#10 0x00007ff56ebfa722 in QtPrivate::QSlotObjectBase::call
(this=0x56156342c3e0, r=<optimized out>, a=0x7ffcfd440f20)
    at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/corelib/kernel/qobjectdefs_impl.h:469
#11 doActivate<false> (sender=0x561563440d90, signal_index=3,
argv=0x7ffcfd440f20)
    at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/corelib/kernel/qobject.cpp:4086
#12 0x00007ff56ebf0b17 in QMetaObject::activate (sender=<optimized out>,
m=m@entry=0x7ff56f0820a0, local_signal_index=local_signal_index@entry=0, 
    argv=argv@entry=0x7ffcfd440f20) at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/corelib/kernel/qobject.cpp:4146
#13 0x00007ff56ec096fd in QTimer::timeout (this=<optimized out>, _t1=...)
    at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/redhat-linux-build/src/corelib/Core_autogen/include/moc_qtimer.cpp:224
#14 0x00007ff56ebebd4f in QObject::event (this=0x561563440d90,
e=0x7ffcfd4410d0) at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/corelib/kernel/qobject.cpp:1482
#15 0x00007ff56ff8b168 in QApplicationPrivate::notify_helper (this=<optimized
out>, receiver=0x561563440d90, e=0x7ffcfd4410d0)
    at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/widgets/kernel/qapplication.cpp:3287
--Type <RET> for more, q to quit, c to continue without paging--frame 0
#16 0x00007ff56eb95af8 in QCoreApplication::notifyInternal2
(receiver=0x561563440d90, event=0x7ffcfd4410d0)
    at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/corelib/kernel/qcoreapplication.cpp:1134
#17 0x00007ff56eb95d5d in QCoreApplication::sendEvent (receiver=<optimized
out>, event=<optimized out>)
    at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/corelib/kernel/qcoreapplication.cpp:1575
#18 0x00007ff56ed4dfd7 in QTimerInfoList::activateTimers
(this=this@entry=0x561563368548)
    at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/corelib/kernel/qtimerinfo_unix.cpp:434
#19 0x00007ff56ed502f0 in QEventDispatcherUNIXPrivate::activateTimers
(this=this@entry=0x561563368470)
    at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/corelib/kernel/qeventdispatcher_unix.cpp:196
#20 0x00007ff56ed524fb in QEventDispatcherUNIX::processEvents (this=<optimized
out>, flags=...)
    at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/corelib/kernel/qeventdispatcher_unix.cpp:472
#21 0x00007ff56f954e12 in QUnixEventDispatcherQPA::processEvents
(this=<optimized out>, flags=...)
    at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/gui/platform/unix/qunixeventdispatcher.cpp:27
#22 0x00007ff56eba26f3 in QEventLoop::exec (this=this@entry=0x7ffcfd4412a0,
flags=..., flags@entry=...)
    at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/corelib/global/qflags.h:34
#23 0x00007ff56eb9e67c in QCoreApplication::exec () at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/corelib/global/qflags.h:74
#24 0x00007ff56f3d53dd in QGuiApplication::exec () at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/gui/kernel/qguiapplication.cpp:1926
#25 0x00007ff56ff8b0d9 in QApplication::exec () at
/usr/src/debug/qt6-qtbase-6.7.1-2.fc41.x86_64/src/widgets/kernel/qapplication.cpp:2555
#26 0x0000561559130d09 in main (argc=<optimized out>, argv=<optimized out>) at
/usr/src/debug/kwin-6.0.5-1.fc41.x86_64/src/main_wayland.cpp:609

(gdb) p r
$1 = (const QRegion &) <error reading variable: Cannot access memory at address
0x0>
(gdb) p r.d
Cannot access memory at address 0x0

This trace was different from the nested kwin_wayland 6.0.4 crash I reported at
https://bugs.kde.org/show_bug.cgi?id=487217

STEPS TO REPRODUCE
1. Boot a Fedora 40 KDE Plasma installation updated to 2024-5-31 with
updates-testing enabled
2. Log in to Plasma 6.0.5 on Wayland
3. Start Konsole
4. Install GNOME Boxes if it isn't already with sudo dnf install gnome-boxes
5. Download Fedora-KDE-Live-x86_64-Rawhide-20240527.n.0.iso from
https://koji.fedoraproject.org/koji/buildinfo?buildID=2457255
6. Start GNOME Boxes
7. Boot Fedora-KDE-Live-x86_64-Rawhide-20240527.n.0.iso in a GNOME Boxes
QEMU/KVM VM with 3 GiB RAM, UEFI enabled, and 3D acceleration disabled using
the llvmpipe mesa driver
8. Start Konsole
9. In Konsole, run 
export $(dbus-launch)
kwin_wayland --xwayland 

OBSERVED RESULT
Nested kwin_wayland 6.0.5 crashed in QRegion::QRegion in VMs using the llvmpipe
driver

EXPECTED RESULT
No crash should have happened

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora Rawhide
(available in About System)
KDE Plasma Version: 6.0.5
KDE Frameworks Version: 6.2.0
Qt Version: 6.7.1

ADDITIONAL INFORMATION

Nested kwin_wayland didn't crash with Plasma 6.0.90 in VMs using llvmpipe, but
its window didn't appear.  Just a task manager Wayland icon labelled KDE
Wayland compositor WL-0 was shown which didn't show the window when I tried to
click on it or maximize it. I'll report that problem separately.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to