[kwin] [Bug 423602] New: kwin_wayland segmentation fault in std::__atomic_base::operator++ when using vlc

Matt Fagnani Sat, 27 Jun 2020 18:47:39 -0700

https://bugs.kde.org/show_bug.cgi?id=423602


            Bug ID: 423602
           Summary: kwin_wayland segmentation fault in
                    std::__atomic_base<int>::operator++ when using vlc
           Product: kwin
           Version: 5.19.2
          Platform: Fedora RPMs
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: wayland-generic
          Assignee: kwin-bugs-n...@kde.org
          Reporter: matthew.fagn...@utoronto.ca
  Target Milestone: ---

SUMMARY

I was using Plasma 5.19.2 on Wayland in Fedora Rawhide with KF 5.71.0, Qt
5.14.2, Mesa 20.1.2. I started VLC 3.0.11 (from rpmfusion). I played an mp4
file for about 8 minutes. Plasma froze for a few minutes, and then sddm
appeared. The systemd-coredump process for the kwin_wayland crash didn't
complete correctly possibly due to timing out. I found the kwin_wayland core
dump file in /var/lib/systemd/coredump/ kwin_wayland had a segmentation fault
in thread 1 in std::__atomic_base<int>::operator++ at
/usr/include/c++/10/bits/atomic_base.h:325 due to an invalid pointer
this=0x7000700070006

Core was generated by `/usr/bin/kwin_wayland --xwayland --libinput
--exit-with-session=/usr/libexec/st'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  std::__atomic_base<int>::operator++ (this=0x7000700070006)
    at /usr/include/c++/10/bits/atomic_base.h:325

325           operator++() noexcept
[Current thread is 1 (Thread 0x7fdd0dea1e00 (LWP 12932))]

The trace involved kwayland-server-5.19.2-1.fc33. Functions related to the
position of the pointer such as
QPointer<KWaylandServer::SurfaceInterface>::QPointer in #5 were in parts of the
trace.

(gdb) thread apply all bt

Thread 21 (Thread 0x7fdcf9802680 (LWP 12933)):
#0  0x00007fdd0d69231f in __GI___poll (fds=0x7fdcf40184a0, nfds=4, timeout=-1)
at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fdd0b1ce1ce in g_main_context_poll (priority=<optimized out>,
n_fds=4, fds=0x7fdcf40184a0, timeout=<optimized out>, context=0x7fdcf4001ce0)
at ../glib/gmain.c:4346
#2  g_main_context_iterate (context=context@entry=0x7fdcf4001ce0,
block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at
../glib/gmain.c:4042
#3  0x00007fdd0b1ce303 in g_main_context_iteration (context=0x7fdcf4001ce0,
may_block=may_block@entry=1) at ../glib/gmain.c:4108
#4  0x00007fdd0dc29b73 in QEventDispatcherGlib::processEvents
(this=0x7fdcf4000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007fdd0dbdc91b in QEventLoop::exec (this=this@entry=0x7fdcf9801bb0,
flags=..., flags@entry=...) at
../../include/QtCore/../../src/corelib/global/qflags.h:136
#6  0x00007fdd0da48427 in QThread::exec (this=<optimized out>) at
../../include/QtCore/../../src/corelib/global/qflags.h:118
#7  0x00007fdd0e65c51b in QDBusConnectionManager::run (this=0x7fdd0e6cb060
<(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at
qdbusconnection.cpp:179
#8  0x00007fdd0da49690 in QThreadPrivate::start(void*) () at
thread/qthread_unix.cpp:342
#9  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdcf9802680) at
pthread_create.c:462
#10 0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 20 (Thread 0x7fdce1a97680 (LWP 12942)):
#0  futex_wait_cancelable (private=0, expected=0, futex_word=0x55d6e53d8738) at
../sysdeps/nptl/futex-internal.h:183
--Type <RET> for more, q to quit, c to continue without paging--c
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55d6e53d86e8,
cond=0x55d6e53d8710) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x55d6e53d8710, mutex=0x55d6e53d86e8) at
pthread_cond_wait.c:638
#3  0x00007fdcf1c252ab in util_queue_thread_func () from
/usr/lib64/dri/radeonsi_dri.so
#4  0x00007fdcf1c24d7b in impl_thrd_routine () from
/usr/lib64/dri/radeonsi_dri.so
#5  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdce1a97680) at
pthread_create.c:462
#6  0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 19 (Thread 0x7fdc97fff680 (LWP 13004)):
#0  futex_wait_cancelable (private=0, expected=0, futex_word=0x7fdd0d473478) at
../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x7fdd0d473428,
cond=0x7fdd0d473450) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x7fdd0d473450, mutex=0x7fdd0d473428) at
pthread_cond_wait.c:638
#3  0x00007fdd0d37f01c in QTWTF::TCMalloc_PageHeap::scavengerThread() () from
/lib64/libQt5Script.so.5
#4  0x00007fdd0d37f04f in QTWTF::TCMalloc_PageHeap::runScavengerThread(void*)
() from /lib64/libQt5Script.so.5
#5  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdc97fff680) at
pthread_create.c:462
#6  0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 18 (Thread 0x7fdcd1ffb680 (LWP 14500)):
#0  0x00007fdd0d69231f in __GI___poll (fds=0x7fdcb000f2d0, nfds=1, timeout=-1)
at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fdd0b1ce1ce in g_main_context_poll (priority=<optimized out>,
n_fds=1, fds=0x7fdcb000f2d0, timeout=<optimized out>, context=0x7fdcb000a3c0)
at ../glib/gmain.c:4346
#2  g_main_context_iterate (context=context@entry=0x7fdcb000a3c0,
block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at
../glib/gmain.c:4042
#3  0x00007fdd0b1ce303 in g_main_context_iteration (context=0x7fdcb000a3c0,
may_block=may_block@entry=1) at ../glib/gmain.c:4108
#4  0x00007fdd0dc29b73 in QEventDispatcherGlib::processEvents
(this=0x7fdcb000ee60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007fdd0dbdc91b in QEventLoop::exec (this=this@entry=0x7fdcd1ffabe0,
flags=..., flags@entry=...) at
../../include/QtCore/../../src/corelib/global/qflags.h:136
#6  0x00007fdd0da48427 in QThread::exec (this=this@entry=0x55d6e63dd700) at
../../include/QtCore/../../src/corelib/global/qflags.h:118
#7  0x00007fdd0c72b7a9 in QQmlThreadPrivate::run (this=0x55d6e63dd700) at
qml/ftw/qqmlthread.cpp:155
#8  0x00007fdd0da49690 in QThreadPrivate::start(void*) () at
thread/qthread_unix.cpp:342
#9  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdcd1ffb680) at
pthread_create.c:462
#10 0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 17 (Thread 0x7fdce329a680 (LWP 12939)):
#0  futex_wait_cancelable (private=0, expected=0, futex_word=0x55d6e53d8738) at
../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55d6e53d86e8,
cond=0x55d6e53d8710) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x55d6e53d8710, mutex=0x55d6e53d86e8) at
pthread_cond_wait.c:638
#3  0x00007fdcf1c252ab in util_queue_thread_func () from
/usr/lib64/dri/radeonsi_dri.so
#4  0x00007fdcf1c24d7b in impl_thrd_routine () from
/usr/lib64/dri/radeonsi_dri.so
#5  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdce329a680) at
pthread_create.c:462
#6  0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 16 (Thread 0x7fdcd2ffd680 (LWP 12947)):
#0  futex_wait_cancelable (private=0, expected=0, futex_word=0x55d6e53d9bec) at
../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55d6e53d9b98,
cond=0x55d6e53d9bc0) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x55d6e53d9bc0, mutex=0x55d6e53d9b98) at
pthread_cond_wait.c:638
#3  0x00007fdcf1c252ab in util_queue_thread_func () from
/usr/lib64/dri/radeonsi_dri.so
#4  0x00007fdcf1c24d7b in impl_thrd_routine () from
/usr/lib64/dri/radeonsi_dri.so
#5  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdcd2ffd680) at
pthread_create.c:462
#6  0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 15 (Thread 0x7fdcd3fff680 (LWP 12945)):
#0  futex_wait_cancelable (private=0, expected=0, futex_word=0x55d6e53d94e4) at
../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55d6e53d9490,
cond=0x55d6e53d94b8) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x55d6e53d94b8, mutex=0x55d6e53d9490) at
pthread_cond_wait.c:638
#3  0x00007fdcf1c252ab in util_queue_thread_func () from
/usr/lib64/dri/radeonsi_dri.so
#4  0x00007fdcf1c24d7b in impl_thrd_routine () from
/usr/lib64/dri/radeonsi_dri.so
#5  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdcd3fff680) at
pthread_create.c:462
#6  0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 14 (Thread 0x7fdcd37fe680 (LWP 12946)):
#0  futex_wait_cancelable (private=0, expected=0, futex_word=0x55d6e53d9bec) at
../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55d6e53d9b98,
cond=0x55d6e53d9bc0) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x55d6e53d9bc0, mutex=0x55d6e53d9b98) at
pthread_cond_wait.c:638
#3  0x00007fdcf1c252ab in util_queue_thread_func () from
/usr/lib64/dri/radeonsi_dri.so
#4  0x00007fdcf1c24d7b in impl_thrd_routine () from
/usr/lib64/dri/radeonsi_dri.so
#5  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdcd37fe680) at
pthread_create.c:462
#6  0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 13 (Thread 0x7fdcd27fc680 (LWP 12948)):
#0  futex_wait_cancelable (private=0, expected=0, futex_word=0x55d6e548acf0) at
../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55d6e548aca0,
cond=0x55d6e548acc8) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x55d6e548acc8, mutex=0x55d6e548aca0) at
pthread_cond_wait.c:638
#3  0x00007fdcf1c252ab in util_queue_thread_func () from
/usr/lib64/dri/radeonsi_dri.so
#4  0x00007fdcf1c24d7b in impl_thrd_routine () from
/usr/lib64/dri/radeonsi_dri.so
#5  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdcd27fc680) at
pthread_create.c:462
#6  0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 12 (Thread 0x7fdcabfff680 (LWP 13001)):
#0  0x00007fdd0d69231f in __GI___poll (fds=0x7fdca0004630, nfds=1, timeout=-1)
at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fdd0b1ce1ce in g_main_context_poll (priority=<optimized out>,
n_fds=1, fds=0x7fdca0004630, timeout=<optimized out>, context=0x7fdca0000c20)
at ../glib/gmain.c:4346
#2  g_main_context_iterate (context=context@entry=0x7fdca0000c20,
block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at
../glib/gmain.c:4042
#3  0x00007fdd0b1ce303 in g_main_context_iteration (context=0x7fdca0000c20,
may_block=may_block@entry=1) at ../glib/gmain.c:4108
#4  0x00007fdd0dc29b73 in QEventDispatcherGlib::processEvents
(this=0x7fdca0000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007fdd0dbdc91b in QEventLoop::exec (this=this@entry=0x7fdcabffebe0,
flags=..., flags@entry=...) at
../../include/QtCore/../../src/corelib/global/qflags.h:136
#6  0x00007fdd0da48427 in QThread::exec (this=this@entry=0x55d6e5b68d50) at
../../include/QtCore/../../src/corelib/global/qflags.h:118
#7  0x00007fdd0c72b7a9 in QQmlThreadPrivate::run (this=0x55d6e5b68d50) at
qml/ftw/qqmlthread.cpp:155
#8  0x00007fdd0da49690 in QThreadPrivate::start(void*) () at
thread/qthread_unix.cpp:342
#9  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdcabfff680) at
pthread_create.c:462
#10 0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 11 (Thread 0x7fdca8f89680 (LWP 14499)):
#0  futex_wait_cancelable (private=0, expected=0, futex_word=0x55d6e63fd1f0) at
../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55d6e63fd1a0,
cond=0x55d6e63fd1c8) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x55d6e63fd1c8, mutex=0x55d6e63fd1a0) at
pthread_cond_wait.c:638
#3  0x00007fdcf1c252ab in util_queue_thread_func () from
/usr/lib64/dri/radeonsi_dri.so
#4  0x00007fdcf1c24d7b in impl_thrd_routine () from
/usr/lib64/dri/radeonsi_dri.so
#5  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdca8f89680) at
pthread_create.c:462
#6  0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 10 (Thread 0x7fdcf1772680 (LWP 12938)):
#0  futex_wait_cancelable (private=0, expected=0, futex_word=0x55d6e53d5358) at
../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55d6e53d5308,
cond=0x55d6e53d5330) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x55d6e53d5330, mutex=0x55d6e53d5308) at
pthread_cond_wait.c:638
#3  0x00007fdcf1c252ab in util_queue_thread_func () from
/usr/lib64/dri/radeonsi_dri.so
#4  0x00007fdcf1c24d7b in impl_thrd_routine () from
/usr/lib64/dri/radeonsi_dri.so
#5  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdcf1772680) at
pthread_create.c:462
#6  0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 9 (Thread 0x7fdcf3fff680 (LWP 12935)):
#0  0x00007fdd0d69231f in __GI___poll (fds=0x7fdce8004630, nfds=2, timeout=-1)
at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fdd0b1ce1ce in g_main_context_poll (priority=<optimized out>,
n_fds=2, fds=0x7fdce8004630, timeout=<optimized out>, context=0x7fdce8000c20)
at ../glib/gmain.c:4346
#2  g_main_context_iterate (context=context@entry=0x7fdce8000c20,
block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at
../glib/gmain.c:4042
#3  0x00007fdd0b1ce303 in g_main_context_iteration (context=0x7fdce8000c20,
may_block=may_block@entry=1) at ../glib/gmain.c:4108
#4  0x00007fdd0dc29b73 in QEventDispatcherGlib::processEvents
(this=0x7fdce8000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007fdd0dbdc91b in QEventLoop::exec (this=this@entry=0x7fdcf3ffec00,
flags=..., flags@entry=...) at
../../include/QtCore/../../src/corelib/global/qflags.h:136
#6  0x00007fdd0da48427 in QThread::exec (this=<optimized out>) at
../../include/QtCore/../../src/corelib/global/qflags.h:118
#7  0x00007fdd0da49690 in QThreadPrivate::start(void*) () at
thread/qthread_unix.cpp:342
#8  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdcf3fff680) at
pthread_create.c:462
#9  0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 8 (Thread 0x7fdca978a680 (LWP 13002)):
#0  futex_wait_cancelable (private=0, expected=0, futex_word=0x55d6e5bae3a0) at
../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55d6e5bae350,
cond=0x55d6e5bae378) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=cond@entry=0x55d6e5bae378,
mutex=mutex@entry=0x55d6e5bae350) at pthread_cond_wait.c:638
#3  0x00007fdd0da4edab in QWaitConditionPrivate::wait (deadline=...,
deadline=..., this=0x55d6e5bae350) at thread/qwaitcondition_unix.cpp:146
#4  QWaitCondition::wait (this=<optimized out>, mutex=0x55d6e5bae1b8,
deadline=...) at thread/qwaitcondition_unix.cpp:225
#5  0x00007fdcaae77a63 in FileInfoThread::run (this=0x55d6e5bae1a8) at
fileinfothread.cpp:231
#6  0x00007fdd0da49690 in QThreadPrivate::start(void*) () at
thread/qthread_unix.cpp:342
#7  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdca978a680) at
pthread_create.c:462
#8  0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 7 (Thread 0x7fdce0a95680 (LWP 12944)):
#0  futex_wait_cancelable (private=0, expected=0, futex_word=0x55d6e53d94e4) at
../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55d6e53d9490,
cond=0x55d6e53d94b8) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x55d6e53d94b8, mutex=0x55d6e53d9490) at
pthread_cond_wait.c:638
#3  0x00007fdcf1c252ab in util_queue_thread_func () from
/usr/lib64/dri/radeonsi_dri.so
#4  0x00007fdcf1c24d7b in impl_thrd_routine () from
/usr/lib64/dri/radeonsi_dri.so
#5  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdce0a95680) at
pthread_create.c:462
#6  0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 6 (Thread 0x7fdce2298680 (LWP 12941)):
#0  futex_wait_cancelable (private=0, expected=0, futex_word=0x55d6e53d8738) at
../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55d6e53d86e8,
cond=0x55d6e53d8710) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x55d6e53d8710, mutex=0x55d6e53d86e8) at
pthread_cond_wait.c:638
#3  0x00007fdcf1c252ab in util_queue_thread_func () from
/usr/lib64/dri/radeonsi_dri.so
#4  0x00007fdcf1c24d7b in impl_thrd_routine () from
/usr/lib64/dri/radeonsi_dri.so
#5  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdce2298680) at
pthread_create.c:462
#6  0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 5 (Thread 0x7fdcd17fa680 (LWP 12993)):
#0  0x00007fdd0d69231f in __GI___poll (fds=0x7fdca4004e60, nfds=1, timeout=-1)
at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fdd0b1ce1ce in g_main_context_poll (priority=<optimized out>,
n_fds=1, fds=0x7fdca4004e60, timeout=<optimized out>, context=0x7fdca4000c20)
at ../glib/gmain.c:4346
#2  g_main_context_iterate (context=context@entry=0x7fdca4000c20,
block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at
../glib/gmain.c:4042
#3  0x00007fdd0b1ce303 in g_main_context_iteration (context=0x7fdca4000c20,
may_block=may_block@entry=1) at ../glib/gmain.c:4108
#4  0x00007fdd0dc29b73 in QEventDispatcherGlib::processEvents
(this=0x7fdca4000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007fdd0dbdc91b in QEventLoop::exec (this=this@entry=0x7fdcd17f9be0,
flags=..., flags@entry=...) at
../../include/QtCore/../../src/corelib/global/qflags.h:136
#6  0x00007fdd0da48427 in QThread::exec (this=this@entry=0x55d6e5add700) at
../../include/QtCore/../../src/corelib/global/qflags.h:118
#7  0x00007fdd0c72b7a9 in QQmlThreadPrivate::run (this=0x55d6e5add700) at
qml/ftw/qqmlthread.cpp:155
#8  0x00007fdd0da49690 in QThreadPrivate::start(void*) () at
thread/qthread_unix.cpp:342
#9  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdcd17fa680) at
pthread_create.c:462
#10 0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 0x7fdce2a99680 (LWP 12940)):
#0  futex_wait_cancelable (private=0, expected=0, futex_word=0x55d6e53d8738) at
../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55d6e53d86e8,
cond=0x55d6e53d8710) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x55d6e53d8710, mutex=0x55d6e53d86e8) at
pthread_cond_wait.c:638
#3  0x00007fdcf1c252ab in util_queue_thread_func () from
/usr/lib64/dri/radeonsi_dri.so
#4  0x00007fdcf1c24d7b in impl_thrd_routine () from
/usr/lib64/dri/radeonsi_dri.so
#5  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdce2a99680) at
pthread_create.c:462
#6  0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7fdce1296680 (LWP 12943)):
#0  futex_wait_cancelable (private=0, expected=0, futex_word=0x55d6e53d94e4) at
../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55d6e53d9490,
cond=0x55d6e53d94b8) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x55d6e53d94b8, mutex=0x55d6e53d9490) at
pthread_cond_wait.c:638
#3  0x00007fdcf1c252ab in util_queue_thread_func () from
/usr/lib64/dri/radeonsi_dri.so
#4  0x00007fdcf1c24d7b in impl_thrd_routine () from
/usr/lib64/dri/radeonsi_dri.so
#5  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdce1296680) at
pthread_create.c:462
#6  0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7fdcf8f52680 (LWP 12934)):
#0  0x00007fdd0d69231f in __GI___poll (fds=0x7fdcec005240, nfds=2, timeout=-1)
at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fdd0b1ce1ce in g_main_context_poll (priority=<optimized out>,
n_fds=2, fds=0x7fdcec005240, timeout=<optimized out>, context=0x7fdcec000c20)
at ../glib/gmain.c:4346
#2  g_main_context_iterate (context=context@entry=0x7fdcec000c20,
block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at
../glib/gmain.c:4042
#3  0x00007fdd0b1ce303 in g_main_context_iteration (context=0x7fdcec000c20,
may_block=may_block@entry=1) at ../glib/gmain.c:4108
#4  0x00007fdd0dc29b73 in QEventDispatcherGlib::processEvents
(this=0x7fdcec000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007fdd0dbdc91b in QEventLoop::exec (this=this@entry=0x7fdcf8f51c00,
flags=..., flags@entry=...) at
../../include/QtCore/../../src/corelib/global/qflags.h:136
#6  0x00007fdd0da48427 in QThread::exec (this=<optimized out>) at
../../include/QtCore/../../src/corelib/global/qflags.h:118
#7  0x00007fdd0da49690 in QThreadPrivate::start(void*) () at
thread/qthread_unix.cpp:342
#8  0x00007fdd0e6dc3f9 in start_thread (arg=0x7fdcf8f52680) at
pthread_create.c:462
#9  0x00007fdd0d69d3b3 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7fdd0dea1e00 (LWP 12932)):
#0  std::__atomic_base<int>::operator++ (this=0x7000700070006) at
/usr/include/c++/10/bits/atomic_base.h:325
#1  QAtomicOps<int>::ref<int> (_q_value=...) at
../../include/QtCore/../../src/corelib/thread/qatomic_cxx11.h:283
#2  QBasicAtomicInteger<int>::ref (this=0x7000700070006) at
../../include/QtCore/../../src/corelib/thread/qbasicatomic.h:118
#3  QtSharedPointer::ExternalRefCountData::getAndRef
(obj=obj@entry=0x55d6e675bd90) at tools/qsharedpointer.cpp:1397
#4  0x00007fdd0e7ac1eb in
QWeakPointer<QObject>::QWeakPointer<KWaylandServer::SurfaceInterface, true>
(ptr=0x55d6e675bd90, this=0x7fff91e82290) at
/usr/include/qt5/QtCore/qsharedpointer_impl.h:682
#5  QPointer<KWaylandServer::SurfaceInterface>::QPointer (p=0x55d6e675bd90,
this=0x7fff91e82290) at /usr/include/qt5/QtCore/qpointer.h:62
#6  operator() (__closure=<optimized out>, __closure=<optimized out>) at
/usr/src/debug/kwayland-server-5.19.2-1.fc33.x86_64/src/server/pointer_interface.cpp:241
#7  QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void,
KWaylandServer::PointerInterface::PointerInterface(KWaylandServer::SeatInterface*,
wl_resource*)::<lambda()> >::call (arg=<optimized out>, f=...) at
/usr/include/qt5/QtCore/qobjectdefs_impl.h:146
#8 
QtPrivate::Functor<KWaylandServer::PointerInterface::PointerInterface(KWaylandServer::SeatInterface*,
wl_resource*)::<lambda()>, 0>::call<QtPrivate::List<>, void> (arg=<optimized
out>, f=...) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:256
#9 
QtPrivate::QFunctorSlotObject<KWaylandServer::PointerInterface::PointerInterface(KWaylandServer::SeatInterface*,
wl_resource*)::<lambda()>, 0, QtPrivate::List<>, void>::impl(int,
QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=<optimized
out>, this_=<optimized out>, r=<optimized out>, a=<optimized out>,
ret=<optimized out>) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:443
#10 0x00007fdd0dc0cf76 in QtPrivate::QSlotObjectBase::call (a=0x7fff91e82420,
r=0x55d6e5333f20, this=0x55d6e53212a0) at
../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#11 doActivate<false> (sender=0x55d6e524f3b0, signal_index=8,
argv=argv@entry=0x7fff91e82420) at kernel/qobject.cpp:3870
#12 0x00007fdd0dc077f8 in QMetaObject::activate
(sender=sender@entry=0x55d6e524f3b0, m=m@entry=0x7fdd0e82f020
<KWaylandServer::SeatInterface::staticMetaObject>,
local_signal_index=local_signal_index@entry=4, argv=argv@entry=0x7fff91e82420)
at kernel/qobject.cpp:3930
#13 0x00007fdd0e778fa9 in KWaylandServer::SeatInterface::pointerPosChanged
(this=this@entry=0x55d6e524f3b0, _t1=...) at
/usr/src/debug/kwayland-server-5.19.2-1.fc33.x86_64/x86_64-redhat-linux-gnu/src/server/KWaylandServer_autogen/EWIEGA46WW/moc_seat_interface.cpp:451
#14 0x00007fdd0e7b4caa in KWaylandServer::SeatInterface::setPointerPos
(this=this@entry=0x55d6e524f3b0, pos=...) at
/usr/src/debug/kwayland-server-5.19.2-1.fc33.x86_64/src/server/seat_interface.cpp:620
#15 0x00007fdd0ebc4467 in KWin::PointerInputRedirection::focusUpdate
(this=0x55d6e5245eb0, focusOld=<optimized out>, focusNow=0x55d6e63ded30) at
/usr/include/qt5/QtCore/qpoint.h:133
#16 0x00007fdd0eb81873 in KWin::InputDeviceHandler::updateFocus
(this=0x55d6e5245eb0) at /usr/include/c++/10/bits/atomic_base.h:420
#17 0x00007fdd0ebbf99a in KWin::PointerInputRedirection::processMotion
(this=0x55d6e5245eb0, pos=..., delta=..., deltaNonAccelerated=...,
time=9897386, timeUsec=9897386959, device=0x55d6e53204b0) at
/usr/src/debug/kwin-5.19.2-1.fc33.x86_64/pointer_input.cpp:276
#18 0x00007fdd0eb800c8 in
QtPrivate::QFunctorSlotObject<KWin::InputRedirection::setupLibInput()::<lambda(const
QSizeF&, const QSizeF&, uint32_t, quint64, KWin::LibInput::Device*)>, 5,
QtPrivate::List<const QSizeF&, const QSizeF&, unsigned int, long long unsigned
int, KWin::LibInput::Device*>, void>::impl(int, QtPrivate::QSlotObjectBase *,
QObject *, void **, bool *) (which=<optimized out>, this_=<optimized out>,
r=<optimized out>, a=<optimized out>, ret=<optimized out>) at
/usr/include/qt5/QtCore/qpoint.h:372
#19 0x00007fdd0dc0cf76 in QtPrivate::QSlotObjectBase::call (a=0x7fff91e82860,
r=0x55d6e5265750, this=0x55d6e5395560) at
../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#20 doActivate<false> (sender=0x55d6e521ee70, signal_index=6,
argv=argv@entry=0x7fff91e82860) at kernel/qobject.cpp:3870
#21 0x00007fdd0dc077f8 in QMetaObject::activate
(sender=sender@entry=0x55d6e521ee70, m=m@entry=0x7fdd0ed55540
<KWin::LibInput::Connection::staticMetaObject>,
local_signal_index=local_signal_index@entry=3, argv=argv@entry=0x7fff91e82860)
at kernel/qobject.cpp:3930
#22 0x00007fdd0eaee2cd in KWin::LibInput::Connection::pointerMotion
(this=this@entry=0x55d6e521ee70, _t1=..., _t2=..., _t3=<optimized out>,
_t3@entry=9897386, _t4=<optimized out>, _t4@entry=9897386959, _t5=<optimized
out>) at
/usr/src/debug/kwin-5.19.2-1.fc33.x86_64/x86_64-redhat-linux-gnu/kwin_autogen/PCJB6APXE6/moc_connection.cpp:646
#23 0x00007fdd0eb9e1f1 in KWin::LibInput::Connection::processEvents
(this=0x55d6e521ee70) at
/usr/src/debug/kwin-5.19.2-1.fc33.x86_64/libinput/connection.cpp:414
#24 0x00007fdd0dc05b5e in QObject::event (this=0x55d6e5265750,
e=0x7fdce80093b0) at kernel/qobject.cpp:1339
#25 0x00007fdd0e015063 in QApplicationPrivate::notify_helper (this=<optimized
out>, receiver=0x55d6e5265750, e=0x7fdce80093b0) at
kernel/qapplication.cpp:3685
#26 0x00007fdd0dbddfc0 in QCoreApplication::notifyInternal2
(receiver=0x55d6e5265750, event=0x7fdce80093b0) at
../../include/QtCore/../../src/corelib/kernel/qobject.h:153
#27 0x00007fdd0dbe0c47 in QCoreApplicationPrivate::sendPostedEvents
(receiver=0x0, event_type=0, data=0x55d6e51e0d20) at
kernel/qcoreapplication.cpp:1815
#28 0x00007fdd0dc26f77 in QEventDispatcherUNIX::processEvents
(this=0x55d6e521d050, flags=...) at kernel/qeventdispatcher_unix.cpp:466
#29 0x00007fdcfa43ce31 in
QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
() from /usr/lib64/qt5/plugins/platforms/KWinQpaPlugin.so
#30 0x00007fdd0dbdc91b in QEventLoop::exec (this=this@entry=0x7fff91e82c50,
flags=..., flags@entry=...) at
../../include/QtCore/../../src/corelib/global/qflags.h:136
#31 0x00007fdd0dbe45a6 in QCoreApplication::exec () at
../../include/QtCore/../../src/corelib/global/qflags.h:118
#32 0x000055d6e4a6703b in main (argc=<optimized out>, argv=<optimized out>) at
/usr/src/debug/kwin-5.19.2-1.fc33.x86_64/main_wayland.cpp:704

STEPS TO REPRODUCE
1. Boot Fedora Rawhide KDE Plasma spin installation fully updated to 2020-6-27,
with kwin-wayland, plasma-workspace-wayland, and their dependencies installed
2. Log in to Plasma on Wayland from sddm
3. The core dump file was 2.4 GB uncompressed, so
change /etc/systemd/coredump.conf to have 
ProcessSizeMax=3G
ExternalSizeMax=3G 
4. Install rpmfusion-free-rawhide repository
sudo dnf install
https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E
%fedora).noarch.rpm
5. sudo dnf install vlc --enablerepo=rpmfusion-*
6. start vlc
7. play mp4 videos in vlc until the crash happens. I'm not sure if the crashes
are related to what is done in VLC or not.


OBSERVED RESULT
kwin_wayland segmentation fault in std::__atomic_base<int>::operator++ when
using vlc

EXPECTED RESULT
No crash

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora Rawhide/33
(available in About System)
KDE Plasma Version: 5.19.2
KDE Frameworks Version: 5.71.0
Qt Version: 5.14.2


ADDITIONAL INFORMATION

I've seen kwin_wayland segmentation faults with similar traces involving
invalid pointers, kwayland-server, and pointer locations occasionally as I
reported at https://bugs.kde.org/show_bug.cgi?id=416974 These crashes tend to
happen from 10 minutes to days apart when using vlc, firefox, or thunderbird.
The crash showed up in the journal as follows.

Jun 27 20:32:17 kernel: show_signal: 2 callbacks suppressed
Jun 27 20:32:17 kernel: traps: kwin_wayland[12932] general protection fault
ip:7fdd0da887a3 sp:7fff91e82240 error:0 in
libQt5Core.so.5.14.2[7fdd0da12000+282000]
Jun 27 20:32:17 audit[12932]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=9
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12932
comm="kwin_wayland" exe="/usr/bin/kwin_wayland" sig=11 res=1
Jun 27 20:32:17 audit: BPF prog-id=233 op=LOAD
Jun 27 20:32:17 audit: BPF prog-id=234 op=LOAD
Jun 27 20:32:17 audit: BPF prog-id=235 op=LOAD
Jun 27 20:32:17 systemd[1]: Started Process Core Dump (PID 15451/UID 0).
Jun 27 20:32:17 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:init_t:s0
msg='unit=systemd-coredump@61-15451-0 comm="systemd"
exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

-- 
You are receiving this mail because:
You are watching all bug changes.

[kwin] [Bug 423602] New: kwin_wayland segmentation fault in std::__atomic_base::operator++ when using vlc

Reply via email to