Bug 2260406 - sddm-greeter crashed in QtWaylandClient::QWaylandWindow::createDecoration sometimes when logging in
Summary: sddm-greeter crashed in QtWaylandClient::QWaylandWindow::createDecoration som...
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: sddm
Version: 40
Hardware: Unspecified
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Neal Gompa
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-01-25 22:29 UTC by Matt Fagnani
Modified: 2024-02-15 23:12 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: ---
Embargoed:

Attachments (Terms of Use)
Full trace of all threads of sddm-greeter crash (105.99 KB, text/plain)
2024-01-25 22:33 UTC, Matt Fagnani 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
KDE Software Compilation 479302 0 NOR RESOLVED Several things crash in QWaylandWindow::createDecoration 2024-01-25 22:30:57 UTC
Qt Bug Tracker QTBUG-105703 0 P1: Critical Closed QWaylandWindow::createDecoration() is called from multiple threads 2024-01-25 22:30:57 UTC

Description Matt Fagnani 2024-01-25 22:29:53 UTC 
sddm-greeter crashed in QtWaylandClient::QWaylandWindow::createDecoration sometimes when logging in. This problem happened 3/5 times after I updated a Fedora Rawhide/40 KDE Plasma installation after the compose on 2024-1-25. This update included about 130 rpms. I don't see any obvious packages in the update which would be involved. The trace of the crashing thread was

Core was generated by `/usr/bin/sddm-greeter --socket /tmp/sddm--EkWLGU --theme /usr/share/sddm/themes'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007ff3e7cc0a40 in typeinfo name for QObjectCleanupHandler () from /lib64/libQt6Core.so.6
[Current thread is 1 (Thread 0x7ff3aa6006c0 (LWP 24994))]

(gdb) bt
#0  0x00007ff3e7cc0a40 in typeinfo name for QObjectCleanupHandler () at /lib64/libQt6Core.so.6
#1  0x00007ff3e77a6f5a in QtWaylandClient::QWaylandWindow::createDecoration (this=0x55e4df055a50)
    at /usr/src/debug/qt6-qtwayland-6.6.1-1.fc40.x86_64/src/client/qwaylandwindow.cpp:1034
#2  0x00007ff3e341499c in QtWaylandClient::QWaylandGLContext::makeCurrent
    (this=this@entry=0x7ff3740021e0, surface=<optimized out>)
    at /usr/src/debug/qt6-qtwayland-6.6.1-1.fc40.x86_64/src/hardwareintegration/client/wayland-egl/qwaylandglcontext.cpp:315
#3  0x00007ff3e859c188 in QOpenGLContext::makeCurrent (this=0x7ff374001f30, surface=surface@entry=0x55e4dedf8130)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/gui/kernel/qopenglcontext.cpp:661
#4  0x00007ff3e85b48e9 in QRhiGles2::ensureContext (this=0x7ff3740018c0, surface=0x55e4dedf8130)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/gui/rhi/qrhigles2.cpp:619
#5  0x00007ff3e85c071e in QRhiGles2::beginFrame (this=0x7ff3740018c0, swapChain=0x7ff3741e1600)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/gui/rhi/qrhigles2.cpp:2028
#6  0x00007ff3e8444bea in QRhi::beginFrame (this=0x7ff3740018a0, swapChain=0x7ff3741e1600, flags=..., flags@entry=...)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/gui/rhi/qrhi.cpp:10146
#7  0x00007ff3e98c29f4 in QSGRenderThread::syncAndRender (this=this@entry=0x55e4df861b20)
    at /usr/include/qt6/QtCore/qflags.h:73
#8  0x00007ff3e98c5e93 in QSGRenderThread::run (this=0x55e4df861b20)
    at /usr/src/debug/qt6-qtdeclarative-6.6.1-1.fc40.x86_64/src/quick/scenegraph/qsgthreadedrenderloop.cpp:946
#9  0x00007ff3e7b50ace in operator() (__closure=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/thread/qthread_unix.cpp:324
#10 (anonymous namespace)::terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > (t=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/thread/qthread_unix.cpp:260
#11 QThreadPrivate::start (arg=0x55e4df861b20)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/thread/qthread_unix.cpp:283
#12 0x00007ff3e72a81f7 in start_thread (arg=<optimized out>) at pthread_create.c:447
#13 0x00007ff3e732a2dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

QtWaylandClient::QWaylandWindow::createDecoration in frame 1 had a null pointer mShellSurface. The problem might involve a race condition where mShellSurface was sometimes null then used.
 
(gdb) frame 1
#1  0x00007ff3e77a6f5a in QtWaylandClient::QWaylandWindow::createDecoration (this=0x55e4df055a50)
    at /usr/src/debug/qt6-qtwayland-6.6.1-1.fc40.x86_64/src/client/qwaylandwindow.cpp:1034
1034        if (!mShellSurface || !mShellSurface->wantsDecorations())
(gdb) p mShellSurface
$1 = (QtWaylandClient::QWaylandShellSurface *) 0x0

I've attached the full trace of all threads. The package versions were as follows.
sddm-0.20.0-7.fc40.x86_64
qt6-qtwayland-6.6.1-1.fc40.x86_64
kwin-5.92.0-1.fc40.x86_64

Reproducible: Sometimes

Steps to Reproduce:
1. Boot a Fedora Rawhide KDE Plasma installation updated to 2024-1-25 
2. Log in to Plasma 5.92.0 on Wayland from sddm
3. If the problem didn't happen, log out and log in until it does
Actual Results:  
sddm-greeter crashed in QtWaylandClient::QWaylandWindow::createDecoration sometimes when logging in

Expected Results:  
sddm-greeter shouldn't have crashed.

I reported plasmashell crashes with similar traces at https://bugzilla.redhat.com/show_bug.cgi?id=2252833 Several KDE programs were reported to crash in QWaylandWindow::createDecoration since it was called from multiple threads but was not thread-safe https://bugs.kde.org/show_bug.cgi?id=479302 https://bugreports.qt.io/browse/QTBUG-105703 David Edmundson wrote a patch to qt6-qtwayland for this problem at https://codereview.qt-project.org/c/qt/qtwayland/+/529547
Comment 1 Matt Fagnani 2024-01-25 22:33:55 UTC 
Created attachment 2010589 [details]
Full trace of all threads of sddm-greeter crash
Comment 2 Aoife Moloney 2024-02-15 23:12:19 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 40 development cycle.
Changing version to 40.
Note You need to log in before you can comment on or make changes to this bug.