Description of problem: kwin_wayland segmentation faulted in KWin::LibInput::Context::closeRestricted when logging out of Plasma 5.22.5 on Wayland in a Fedora 35 KDE Plasma installation. The screen went black and then Plasma restarted. Core was generated by `kwin_wayland --wayland_fd 4 --xwayland /usr/libexec/startplasma-waylandsession'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007fe383646a95 in KWin::LibInput::Context::closeRestricted (this=0x558b8b8fb7a0, fd=33) at /usr/src/debug/kwin-5.22.5-1.fc35.x86_64/src/libinput/context.cpp:146 Downloading source file /usr/src/debug/kwin-5.22.5-1.fc35.x86_64/src/libinput/context.cpp... 146 kwinApp()->platform()->session()->closeRestricted(fd); [Current thread is 1 (Thread 0x7fe36d78d640 (LWP 2255))] (gdb) bt #0 0x00007fe383646a95 in KWin::LibInput::Context::closeRestricted(int) (this=0x558b8b8fb7a0, fd=33) at /usr/src/debug/kwin-5.22.5-1.fc35.x86_64/src/libinput/context.cpp:146 #1 KWin::LibInput::Context::closeRestrictedCallBack(int, void*) (fd=33, user_data=0x558b8b8fb7a0) at /usr/src/debug/kwin-5.22.5-1.fc35.x86_64/src/libinput/context.cpp:97 #2 0x00007fe380e19101 in close_restricted (libinput=<optimized out>, libinput=0x558b8b8fb7c0, fd=<optimized out>) at ../src/libinput.c:2054 #3 evdev_device_suspend (device=device@entry=0x558b8b9b8bf0) at ../src/evdev.c:2871 #4 0x00007fe380e22e76 in evdev_device_remove (device=0x558b8b9b8bf0) at ../src/evdev.c:2961 #5 0x00007fe380e129e4 in evdev_device_dispatch (data=0x558b8b9b8bf0) at ../src/evdev.c:1144 #6 0x00007fe380e0e667 in libinput_dispatch (libinput=0x558b8b8fb7c0) at ../src/libinput.c:2209 #7 0x00007fe383646e7d in KWin::LibInput::Context::dispatch() (this=<optimized out>, this=<optimized out>) at /usr/src/debug/kwin-5.22.5-1.fc35.x86_64/src/libinput/context.cpp:80 #8 KWin::LibInput::Connection::handleEvent() (this=0x558b8b966300) at /usr/src/debug/kwin-5.22.5-1.fc35.x86_64/src/libinput/connection.cpp:231 #9 0x00007fe381c573a9 in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0x7fe36d78c850, r=<optimized out>, this=0x7fe3640047b0) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398 #10 doActivate<false>(QObject*, int, void**) (sender=0x7fe3640046d0, signal_index=3, argv=0x7fe36d78c850) at kernel/qobject.cpp:3886 #11 0x00007fe381c52327 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (sender=sender@entry=0x7fe3640046d0, m=m@entry=0x7fe381efc460 <QSocketNotifier::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fe36d78c850) at kernel/qobject.cpp:3946 #12 0x00007fe381c59b4a in QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) (this=this@entry=0x7fe3640046d0, _t1=..., _t2=<optimized out>, _t3=...) at .moc/moc_qsocketnotifier.cpp:178 #13 0x00007fe381c5a363 in QSocketNotifier::event(QEvent*) (this=0x7fe3640046d0, e=0x7fe36d78c950) at kernel/qsocketnotifier.cpp:302 #14 0x00007fe3828b3443 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x7fe3640046d0, e=0x7fe36d78c950) at kernel/qapplication.cpp:3632 #15 0x00007fe381c23798 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x7fe3640046d0, event=0x7fe36d78c950) at kernel/qcoreapplication.cpp:1064 #16 0x00007fe381c755ff in socketNotifierSourceDispatch(GSource*, GSourceFunc, gpointer) (source=0x7fe364004470) at kernel/qeventdispatcher_glib.cpp:107 #17 0x00007fe37f2d233f in g_main_dispatch (context=0x7fe364000c20) at ../glib/gmain.c:3381 #18 g_main_context_dispatch (context=0x7fe364000c20) at ../glib/gmain.c:4099 #19 0x00007fe37f327288 in g_main_context_iterate.constprop.0 (context=context@entry=0x7fe364000c20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4175 #20 0x00007fe37f2cf9e3 in g_main_context_iteration (context=0x7fe364000c20, may_block=1) at ../glib/gmain.c:4240 #21 0x00007fe381c74b78 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7fe364000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423 #22 0x00007fe381c221a2 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7fe36d78cbd0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69 #23 0x00007fe381a652aa in QThread::exec() (this=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qflags.h:121 #24 0x00007fe381a664a6 in QThreadPrivate::start(void*) (arg=0x558b8b9bc0d0) at thread/qthread_unix.cpp:329 #25 0x00007fe3813caaaf in start_thread (arg=<optimized out>) at pthread_create.c:434 #26 0x00007fe38144f300 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81 The crashes started after an update with updates-testing enabled which included libinput-1.18.901-1.fc35 on 2021-9-3. I downgraded to libinput-1.18.1-1.fc35 and rebooted. The crashes didn't happen when logging out of Plasma with libinput-1.18.1-1.fc35. A change between libinput-1.18.1-1.fc35 and libinput-1.18.901-1.fc35 might be involved in these crashes. Version-Release number of selected component (if applicable): libinput-1.18.901-1.fc35 kwin-wayland-5.22.5-1.fc35.x86_64 qt5-qtbase-5.15.2-22.fc35.x86_64 kf5-plasma-5.85.0-2.fc35.x86_64 How reproducible: The crash happened 3/3 times when logging out of Plasma with libinput-1.18.901-1.fc35 Steps to Reproduce: 1. Boot a Fedora 35 KDE Plasma installation 2. Log in to Plasma on Wayland 3. Start konsole 4. sudo dnf offline-upgrade download 5. sudo dnf offline-upgrade reboot 6. Log in to Plasma on Wayland 7. Log out of Plasma Actual results: kwin_wayland segmentation faulted in KWin::LibInput::Context::closeRestricted when logging out of Plasma with libinput-1.18.901-1.fc35 Expected results: Plasma would log out normally. Additional info:
The crash happened 4/4 times when logging out of Plasma with libinput-1.18.901-1.fc35 using a mouse, but it didn't happen when I logged out using a touchpad. I reported this problem at https://bugs.kde.org/show_bug.cgi?id=442104
I've seen this kwin_wayland crash happen about 9/12 times when logging out of Plasma using a mouse and 3/6 using a touchpad. The crash also happened 2/3 times with libinput-1.19.0-1.fc35 from koji using a mouse. The problem might involve a race condition where the file descriptor fd had been closed or memory had been freed sometimes before being used by KWin::LibInput::Context::closeRestricted while Plasma was logging out. I'm reassigning this report to kwin to inform its maintainers. Feel free to reassign it to libinput or whereever else as appropriate.
Vlad Zahorodnii wrote patches to fix this problem "The fix has been pushed to git master only. It will be back ported to 5.23 after more testing (the main reason: the fix changes some threading code)." https://bugs.kde.org/show_bug.cgi?id=442104#c12 If Plasma 5.22.5 will be in the F35 release, then those patches might need to be backported to it. If 5.23 is going to be in F35 at release, then the patches might be in it then. F35 KDE Plasma after the beta release is affected by this issue since libinput-1.19.0-1.fc35 is in the F35 stable repo https://bodhi.fedoraproject.org/updates/FEDORA-2021-b5b05b8a12 Should this problem be proposed as a possible F35 blocker or freeze exception given the criterion "Shutting down, rebooting, logging in and logging out must work using standard console commands and the mechanisms offered (if any) by all release-blocking desktops. "? https://fedoraproject.org/wiki/Fedora_35_Beta_Release_Criteria#Shutdown.2C_reboot.2C_login.2C_logout Thanks.
Yeah, if this is the bug that causes logout to fail and return you to an active desktop for the user you were trying to log out from, it should definitely be proposed as a blocker. I'd been seeing this happen in Rawhide but not F35 yet.
(In reply to Adam Williamson from comment #4) > Yeah, if this is the bug that causes logout to fail and return you to an > active desktop for the user you were trying to log out from, it should > definitely be proposed as a blocker. I'd been seeing this happen in Rawhide > but not F35 yet. Yes, Plasma restarted after kwin_wayland crashed which happened in 60-70% of the times I've logged out with libinput-1.18.901-1.fc35 to 1.19.1 installed. F35 KDE Plasma beta wasn't affected by this because libinput-1.18.901-1.fc35 or later hadn't been pushed to stable before the beta release. This problem also happened in testing Fedora-KDE-Live-x86_64-Rawhide-20211002.n.0.iso with Plasma 5.22.90. Vlad Zahorodnii backported the three kwin patches to the 5.23 branch which I guess will be in 5.23.0 https://bugs.kde.org/show_bug.cgi?id=442104#c16 Thanks Adam.
I'm running a scratch build with all of Vlad's patches backported: https://koji.fedoraproject.org/koji/taskinfo?taskID=76834408 if folks could test that, it'd be good. Bit nervous to submit it as an official update yet, as this is a fairly large pile of changes. For the record, it includes backports of: https://invent.kde.org/plasma/kwin/commit/7dc1f92c5a26d46df685a5d08b848a5457770b5a https://invent.kde.org/plasma/kwin/commit/d18f89b52f499a30527011020a74733c004f0814 https://invent.kde.org/plasma/kwin/commit/14090a249d65ac83df4058ebb06cb6d185be65ca https://invent.kde.org/plasma/kwin/commit/31b9f34d9b1009b9f267393d8cf8a21d0ecd0883 That last one is for Nate's https://bugs.kde.org/show_bug.cgi?id=443088 , which seems like a slightly more complex case, so if it causes problems we could potentially back it out.
that build failed on a line from the last patch, so running one now with just the first three patches, it seems to be succeeding: https://koji.fedoraproject.org/koji/taskinfo?taskID=76835467
(In reply to Adam Williamson from comment #7) > https://koji.fedoraproject.org/koji/taskinfo?taskID=76835467 With kwin-5.22.5-1.fc35, I reproduced the problem (logout didn't work and returned me to my desktop) on my fourth logout attempt. With that koji build, I performed 10 successful logouts in a row without issues (except some issues about kf5-init crashes popping up). Due to the race condition manner of this bug, that might not mean much, though.
(In reply to Adam Williamson from comment #7) > that build failed on a line from the last patch, so running one now with > just the first three patches, it seems to be succeeding: > > https://koji.fedoraproject.org/koji/taskinfo?taskID=76835467 Plasma logged out correctly each of several times without the kwin_wayland crashes with the scratch build kwin-5.22.5-3.fc35. Thanks. There were four xdg-desktop-portal-kde and five klauncher aborts during those logouts, but those were preexisting problems due to kwin_wayland sometimes stopping normally before them leading to errors that their Wayland connections had broken.
OK. I think what I'll try and do here is push -2 (which has the cursor offset in VMs fix) stable first, then submit -3 with these patches as another update. That way if we do find an issue with these patches, it won't prevent us pushing the cursor offset fix stable.
+5 in https://pagure.io/fedora-qa/blocker-review/issue/518 , marking as accepted blocker.
FEDORA-2021-cc968dd926 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-cc968dd926
FEDORA-2021-cc968dd926 has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-cc968dd926` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-cc968dd926 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Can folks please provide karma on the update? it can't go stable without feedback. Thanks!
I gave it karma +1, but I have to say that with that update I again started seeing the race condition where a logout gives you a black screen with a blinking cursor. I saw it several times in a row, then 5 minutes later, I couldn't reproduce it at least once. It's likely the same issue we've already dealt with during F34 release. So I don't expect this to be caused by Adam's update.
FEDORA-2021-cc968dd926 has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.