[kwin] [Bug 499840] New: kwin_wayland crashed sometimes when logging out of Plasma with a failed assertion in libinput

Tue, 11 Feb 2025 13:31:34 -0800 

https://bugs.kde.org/show_bug.cgi?id=499840

            Bug ID: 499840
           Summary: kwin_wayland crashed sometimes when logging out of
                    Plasma with a failed assertion in libinput
    Classification: Plasma
           Product: kwin
           Version: 6.3.0
          Platform: Fedora RPMs
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: libinput
          Assignee: kwin-bugs-n...@kde.org
          Reporter: matt.fagn...@bell.net
  Target Milestone: ---

Created attachment 178164
  --> https://bugs.kde.org/attachment.cgi?id=178164&action=edit
Full trace of all threads of kwin_wayland crash when logging out of Plasma

SUMMARY

I was using Plasma 6.3.0 on Wayland in a Fedora 41 KDE installation. I logged
out of Plasma. kwin_wayland crashed sometimes when logging out of Plasma with a
failed assertion in libinput "(elm->next != NULL && elm->prev != NULL) ||
!\"list->next|prev is NULL, possibly missing list_init()\"" in frames 9-10 of
the trace.

Core was generated by `/usr/bin/kwin_wayland --wayland-fd 7 --socket wayland-0
--xwayland-fd 8 --xwayl'.
Program terminated with signal SIGABRT, Aborted.
#0  __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6, no_tid=no_tid@entry=0)
    at pthread_kill.c:44
44            return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO
(ret) : 0;
[Current thread is 1 (Thread 0x7fadd5ffb6c0 (LWP 1753))]

(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6, no_tid=no_tid@entry=0)
    at pthread_kill.c:44
#1  0x00007fae03c7b183 in __pthread_kill_internal (threadid=<optimized out>,
signo=6) at pthread_kill.c:78
#2  0x00007fae03c21f9e in __GI_raise (sig=6) at ../sysdeps/posix/raise.c:26
#3  0x00007fae0776c1a2 in KCrash::defaultCrashHandler(int) () at
/lib64/libKF6Crash.so.6
#4  0x00007fae03c22050 in <signal handler called> () at /lib64/libc.so.6
#5  __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6, no_tid=no_tid@entry=0)
    at pthread_kill.c:44
#6  0x00007fae03c7b183 in __pthread_kill_internal (threadid=<optimized out>,
signo=6) at pthread_kill.c:78
#7  0x00007fae03c21f9e in __GI_raise (sig=sig@entry=6) at
../sysdeps/posix/raise.c:26
#8  0x00007fae03c09942 in __GI_abort () at abort.c:79
#9  0x00007fae03c0985e in __assert_fail_base
    (fmt=0x7fae03dbecb0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
assertion=assertion@entry=0x7fae036be580 "(elm->next != NULL && elm->prev !=
NULL) || !\"list->next|prev is NULL, possibly missing list_init()\"",
file=file@entry=0x7fae036bc273 "../src/util-list.c", line=line@entry=71,
function=function@entry=0x7fae036c19d8 <__PRETTY_FUNCTION__.1.lto_priv.12>
"list_remove") at assert.c:96
#10 0x00007fae03c1a0c7 in __assert_fail
    (assertion=assertion@entry=0x7fae036be580 "(elm->next != NULL && elm->prev
!= NULL) || !\"list->next|prev is NULL, possibly missing list_init()\"",
file=file@entry=0x7fae036bc273 "../src/util-list.c", line=line@entry=71,
function=0x7fae036c19d8 <__PRETTY_FUNCTION__.1.lto_priv.12> "list_remove") at
assert.c:105
#11 0x00007fae036a3237 in list_remove (elm=<optimized out>) at
../src/util-list.c:71
#12 0x00007fae03680e3d in list_remove (elm=<optimized out>) at
../src/libinput.c:2104
#13 libinput_seat_destroy (seat=<optimized out>) at ../src/libinput.c:2095
#14 libinput_seat_unref (seat=<optimized out>) at ../src/libinput.c:2107
#15 0x00007fae03697830 in evdev_device_destroy (device=0x55da3ca40de0) at
../src/evdev.c:3120
#16 0x00007fae03680ede in libinput_device_destroy (device=<optimized out>) at
../src/libinput.c:2164
#17 libinput_device_unref (device=<optimized out>) at ../src/libinput.c:2173
--Type <RET> for more, q to quit, c to continue without paging--c
#18 0x00007fae03682a16 in libinput_event_destroy (event=0x7fada80030f0) at
../src/libinput.c:2039
#19 0x00007fae07132a03 in KWin::LibInput::Event::~Event (this=0x7fada8003c40,
this=<optimized out>)
    at
/usr/src/debug/kwin-6.3.0-1.fc41.x86_64/src/backends/libinput/events.cpp:82
#20 KWin::LibInput::PointerEvent::~PointerEvent (this=0x7fada8003c40,
this=<optimized out>)
    at
/usr/src/debug/kwin-6.3.0-1.fc41.x86_64/src/backends/libinput/events.cpp:137
#21 KWin::LibInput::PointerEvent::~PointerEvent (this=0x7fada8003c40,
this=<optimized out>)
    at
/usr/src/debug/kwin-6.3.0-1.fc41.x86_64/src/backends/libinput/events.cpp:137
#22 0x00007fae0712764e in
std::default_delete<KWin::LibInput::Event>::operator()
    (this=<optimized out>, __ptr=<optimized out>) at
/usr/include/c++/14/bits/unique_ptr.h:87
#23 std::unique_ptr<KWin::LibInput::Event,
std::default_delete<KWin::LibInput::Event> >::~unique_ptr
    (this=0x7fada80056a8, this=<optimized out>) at
/usr/include/c++/14/bits/unique_ptr.h:399
#24 std::destroy_at<std::unique_ptr<KWin::LibInput::Event,
std::default_delete<KWin::LibInput::Event> > >
    (__location=0x7fada80056a8) at /usr/include/c++/14/bits/stl_construct.h:88
#25 std::_Destroy<std::unique_ptr<KWin::LibInput::Event,
std::default_delete<KWin::LibInput::Event> > >
    (__pointer=0x7fada80056a8) at /usr/include/c++/14/bits/stl_construct.h:149
#26 std::_Destroy_aux<false>::__destroy<std::unique_ptr<KWin::LibInput::Event,
std::default_delete<KWin::LibInput::Event> >*> (__first=0x7fada80056a8,
__last=<optimized out>) at /usr/include/c++/14/bits/stl_construct.h:163
#27 std::_Destroy<std::unique_ptr<KWin::LibInput::Event,
std::default_delete<KWin::LibInput::Event> >*>
    (__first=<optimized out>, __last=<optimized out>) at
/usr/include/c++/14/bits/stl_construct.h:196
#28 std::_Destroy<std::unique_ptr<KWin::LibInput::Event,
std::default_delete<KWin::LibInput::Event> >*,
std::unique_ptr<KWin::LibInput::Event,
std::default_delete<KWin::LibInput::Event> > > (__first=<optimized out>,
__last=<optimized out>)
    at /usr/include/c++/14/bits/alloc_traits.h:993
#29 std::deque<std::unique_ptr<KWin::LibInput::Event,
std::default_delete<KWin::LibInput::Event> >,
std::allocator<std::unique_ptr<KWin::LibInput::Event,
std::default_delete<KWin::LibInput::Event> > > >::_M_destroy_data_aux
    (this=<optimized out>, __first=Python Exception <class 'gdb.error'>: value
has been optimized out
, __last=Python Exception <class 'gdb.error'>: value has been optimized out
) at /usr/include/c++/14/bits/deque.tcc:878
#30 std::deque<std::unique_ptr<KWin::LibInput::Event,
std::default_delete<KWin::LibInput::Event> >,
std::allocator<std::unique_ptr<KWin::LibInput::Event,
std::default_delete<KWin::LibInput::Event> > > >::_M_destroy_data
    (this=0x55da3ca67390, __first=Python Exception <class 'gdb.error'>: value
has been optimized out
, __last=Python Exception <class 'gdb.error'>: value has been optimized out
) at /usr/include/c++/14/bits/stl_deque.h:2091
#31 std::deque<std::unique_ptr<KWin::LibInput::Event,
std::default_delete<KWin::LibInput::Event> >,
std::allocator<std::unique_ptr<KWin::LibInput::Event,
std::default_delete<KWin::LibInput::Event> > > >::~deque
    (this=0x55da3ca67390, this=<optimized out>) at
/usr/include/c++/14/bits/stl_deque.h:1028
#32 KWin::LibInput::Connection::~Connection (this=0x55da3ca67360,
this=<optimized out>)
    at
/usr/src/debug/kwin-6.3.0-1.fc41.x86_64/src/backends/libinput/connection.cpp:121
#33 0x00007fae071276d5 in KWin::LibInput::Connection::~Connection
(this=0x55da3ca67360, this=<optimized out>)
    at
/usr/src/debug/kwin-6.3.0-1.fc41.x86_64/src/backends/libinput/connection.cpp:121
#34 0x00007fae0434b8ae in QObject::event (this=0x55da3ca67360,
e=0x55da3cb6a660)
    at
/usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/kernel/qobject.cpp:1403
#35 0x00007fae0543d9b8 in QApplicationPrivate::notify_helper
    (this=<optimized out>, receiver=0x55da3ca67360, e=0x55da3cb6a660)
    at
/usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/widgets/kernel/qapplication.cpp:3296
#36 0x00007fae042f3590 in QCoreApplication::notifyInternal2
(receiver=0x55da3ca67360, event=0x55da3cb6a660)
    at
/usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/kernel/qcoreapplication.cpp:1172
#37 0x00007fae042f37ed in QCoreApplication::sendEvent (receiver=<optimized
out>, event=<optimized out>)
    at
/usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/kernel/qcoreapplication.cpp:1612
#38 0x00007fae042f6f51 in QCoreApplicationPrivate::sendPostedEvents
(receiver=0x0, event_type=0, data=0x55da3c9b8fb0)
    at
/usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/kernel/qcoreapplication.cpp:1946
#39 0x00007fae042f71fd in QCoreApplication::sendPostedEvents
(receiver=<optimized out>, event_type=<optimized out>)
    at
/usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/kernel/qcoreapplication.cpp:1800
#40 0x00007fae045efb5f in postEventSourceDispatch (s=0x7fada8000f20)
    at
/usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:246
#41 0x00007fae02b1828c in g_main_dispatch (context=0x7fada8000c60) at
../glib/gmain.c:3357
#42 g_main_context_dispatch_unlocked (context=0x7fada8000c60) at
../glib/gmain.c:4208
#43 0x00007fae02b787b8 in g_main_context_iterate_unlocked.isra.0
    (context=context@entry=0x7fada8000c60, block=block@entry=1,
dispatch=dispatch@entry=1, self=<optimized out>)
    at ../glib/gmain.c:4273
#44 0x00007fae02b19783 in g_main_context_iteration (context=0x7fada8000c60,
may_block=1) at ../glib/gmain.c:4338
#45 0x00007fae045ef2b3 in QEventDispatcherGlib::processEvents
(this=0x7fada8000b70, flags=...)
    at
/usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:399
#46 0x00007fae04300993 in QEventLoop::exec (this=this@entry=0x7fadd5ffa830,
flags=..., flags@entry=...)
    at
/usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/global/qflags.h:34
#47 0x00007fae04419095 in QThread::exec (this=<optimized out>)
    at
/usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/global/qflags.h:74
#48 0x00007fae044b67e9 in operator() (__closure=<optimized out>)
    at
/usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/thread/qthread_unix.cpp:375
#49 (anonymous
namespace)::terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> >
(t=<optimized out>)
    at
/usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/thread/qthread_unix.cpp:311
#50 QThreadPrivate::start (arg=0x55da3c9b68d8)
    at
/usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/thread/qthread_unix.cpp:339
#51 0x00007fae03c79168 in start_thread (arg=<optimized out>) at
pthread_create.c:448
#52 0x00007fae03cfd14c in __GI___clone3 () at
../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

A crash notification from abrt was shown the next time I logged in. drkonqi
crashed when trying to handle the crash. I'm attaching the full trace of all
threads. The crash happened 2 of about 10 times I logged out of Plasma 6.3.0. I
didn't see this problem with Plasma 6.2.90 or earlier. There might be a race
condition involved. Maybe destroying KWin::LibInput::Event objects sometimes
led to one of the variables in the assertion being used after being freed.

STEPS TO REPRODUCE
1. Log in to Plasma 6.3.0 on Wayland in a Fedora 41 KDE installation updated
with the updates-testing repo enabled
2. Log out of Plasma from the Application Launcher menu
3. If the problem didn't happen, repeat 1-2 until it does

OBSERVED RESULT
kwin_wayland crashed sometimes when logging out of Plasma with a failed
assertion in libinput

EXPECTED RESULT
No crashes should've happened.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora 41
KDE Plasma Version: 6.3.0
KDE Frameworks Version: 6.10.0
Qt Version: 6.8.2

ADDITIONAL INFORMATION

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to