search

NVIDIA / egl-wayland

The EGLStream-based Wayland external platform
MIT License
275 stars 43 forks source link

unaligned fastbin chunk detected, possible libEGL_nvidia/libnvidia-eglcore #99

Closed tim-rex closed 5 months ago

tim-rex commented 5 months ago

Please advise if this should be directed elsewhere

I've just today started setting up kwin/plasma, running on Fedora 39 I have a dual GPU setup (GTX 970 and RX 580) with both nvidia + amdgpu drivers setup

At this point in time, kwin/plasma is only utilising the display on my nVidia device (HDMI-A-3). The other displays are inactive.

The problem Running 'kscreen-doctor -o' is producing a SIGABRT and emitting malloc_consolidate(): unaligned fastbin chunk detected

A batcktrace seems to suggest this is ocurring in the nVidia stack during cleanup/exit handlers.

-Interestingly, this crash was not evident until after I had succesfully rotated the display for a portrait orientation. ^^ Turns out this crash is non deterministic. It has equal chance of SIGABRT or Seg Fault as it does of succeeding without error. I don't believe this is in any way related to portrait/landscape.

Session follows:

[timk@fender-local ~]$ kscreen-doctor -o
Output: 1 HDMI-A-3 enabled connected priority 1 HDMI Modes: 0:2560x1440@60*! 1:2048x1080@60 2:2048x1080@24 3:1920x1080@60 4:1920x1080@60 5:1920x1080@50 6:1600x1200@60 7:1280x1024@75 8:1280x1024@60 9:1152x864@75 10:1280x720@60 11:1280x720@60 12:1280x720@50 13:1024x768@75 14:1024x768@60 15:800x600@75 16:800x600@60 17:720x576@50 18:720x480@60 19:640x480@75 20:640x480@60 21:640x480@60 Geometry: 0,0 2560x1440 Scale: 1 Rotation: 1 Overscan: 0 Vrr: incapable RgbRange: unknown
Output: 2 DP-1 disabled connected priority 0 DisplayPort Modes: 0:3840x2160@60*! 1:3840x2160@60 2:3840x2160@60 3:3840x2160@50 4:3840x2160@30 5:3840x2160@30 6:3840x2160@30 7:3840x2160@25 8:3840x2160@24 9:3840x2160@24 10:2560x1440@60 11:1920x1200@60 12:1920x1080@60 13:1920x1080@60 14:1920x1080@60 15:1920x1080@50 16:1920x1080@30 17:1920x1080@30 18:1920x1080@25 19:1920x1080@24 20:1920x1080@24 21:1600x1200@60 22:1680x1050@60 23:1600x900@60 24:1280x1024@75 25:1280x1024@60 26:1440x900@60 27:1280x800@60 28:1152x864@75 29:1280x720@60 30:1280x720@60 31:1280x720@60 32:1280x720@50 33:1024x768@75 34:1024x768@60 35:832x624@75 36:800x600@75 37:800x600@60 38:720x576@50 39:720x480@60 40:720x480@60 41:640x480@75 42:640x480@60 43:640x480@60 44:640x480@60 45:720x400@70 46:1600x1200@60 47:1280x1024@60 48:1024x768@60 49:2560x1600@60 50:1920x1200@60 51:3840x2160@60 52:3200x1800@60 53:2880x1620@60 54:2560x1440@60 55:1920x1080@60 56:1600x900@60 57:1368x768@60 58:1280x720@60 Geometry: 0,0 3840x2160 Scale: 1 Rotation: 1 Overscan: 0 Vrr: incapable RgbRange: unknown
Output: 3 DP-2 disabled connected priority 0 DisplayPort Modes: 0:2560x1440@60*! 1:1920x1200@60 2:2048x1080@60 3:2048x1080@24 4:1920x1080@60 5:1920x1080@60 6:1920x1080@60 7:1920x1080@50 8:1920x1080@30 9:1920x1080@30 10:1920x1080@25 11:1920x1080@24 12:1920x1080@24 13:1600x1200@60 14:1680x1050@60 15:1280x1024@75 16:1280x1024@60 17:1440x900@60 18:1280x800@60 19:1152x864@75 20:1280x720@60 21:1280x720@60 22:1280x720@60 23:1280x720@50 24:1024x768@75 25:1024x768@60 26:800x600@75 27:800x600@60 28:720x576@50 29:720x576@50 30:720x480@60 31:720x480@60 32:720x480@60 33:720x480@60 34:640x480@75 35:640x480@60 36:640x480@60 37:640x480@60 38:720x400@70 39:1600x1200@60 40:1280x1024@60 41:1024x768@60 42:1920x1200@60 43:1280x800@60 44:1920x1080@60 45:1600x900@60 46:1368x768@60 47:1280x720@60 Geometry: 0,0 2560x1440 Scale: 1 Rotation: 1 Overscan: 0 Vrr: incapable RgbRange: unknown

[timk@fender-local ~]$ kscreen-doctor output.HDMI-A-3.rotation.left
[timk@fender-local ~]$ kscreen-doctor output.HDMI-A-3.rotation.left
[timk@fender-local ~]$ kscreen-doctor output.HDMI-A-3.rotation.right

[timk@fender-local ~]$ kscreen-doctor -o
Output: 1 HDMI-A-3 enabled connected priority 1 HDMI Modes: 0:2560x1440@60*! 1:2048x1080@60 2:2048x1080@24 3:1920x1080@60 4:1920x1080@60 5:1920x1080@50 6:1600x1200@60 7:1280x1024@75 8:1280x1024@60 9:1152x864@75 10:1280x720@60 11:1280x720@60 12:1280x720@50 13:1024x768@75 14:1024x768@60 15:800x600@75 16:800x600@60 17:720x576@50 18:720x480@60 19:640x480@75 20:640x480@60 21:640x480@60 Geometry: 0,0 1440x2560 Scale: 1 Rotation: 8 Overscan: 0 Vrr: incapable RgbRange: unknown
Output: 2 DP-1 disabled connected priority 0 DisplayPort Modes: 0:3840x2160@60*! 1:3840x2160@60 2:3840x2160@60 3:3840x2160@50 4:3840x2160@30 5:3840x2160@30 6:3840x2160@30 7:3840x2160@25 8:3840x2160@24 9:3840x2160@24 10:2560x1440@60 11:1920x1200@60 12:1920x1080@60 13:1920x1080@60 14:1920x1080@60 15:1920x1080@50 16:1920x1080@30 17:1920x1080@30 18:1920x1080@25 19:1920x1080@24 20:1920x1080@24 21:1600x1200@60 22:1680x1050@60 23:1600x900@60 24:1280x1024@75 25:1280x1024@60 26:1440x900@60 27:1280x800@60 28:1152x864@75 29:1280x720@60 30:1280x720@60 31:1280x720@60 32:1280x720@50 33:1024x768@75 34:1024x768@60 35:832x624@75 36:800x600@75 37:800x600@60 38:720x576@50 39:720x480@60 40:720x480@60 41:640x480@75 42:640x480@60 43:640x480@60 44:640x480@60 45:720x400@70 46:1600x1200@60 47:1280x1024@60 48:1024x768@60 49:2560x1600@60 50:1920x1200@60 51:3840x2160@60 52:3200x1800@60 53:2880x1620@60 54:2560x1440@60 55:1920x1080@60 56:1600x900@60 57:1368x768@60 58:1280x720@60 Geometry: 0,0 3840x2160 Scale: 1 Rotation: 1 Overscan: 0 Vrr: incapable RgbRange: unknown
Output: 3 DP-2 disabled connected priority 0 DisplayPort Modes: 0:2560x1440@60*! 1:1920x1200@60 2:2048x1080@60 3:2048x1080@24 4:1920x1080@60 5:1920x1080@60 6:1920x1080@60 7:1920x1080@50 8:1920x1080@30 9:1920x1080@30 10:1920x1080@25 11:1920x1080@24 12:1920x1080@24 13:1600x1200@60 14:1680x1050@60 15:1280x1024@75 16:1280x1024@60 17:1440x900@60 18:1280x800@60 19:1152x864@75 20:1280x720@60 21:1280x720@60 22:1280x720@60 23:1280x720@50 24:1024x768@75 25:1024x768@60 26:800x600@75 27:800x600@60 28:720x576@50 29:720x576@50 30:720x480@60 31:720x480@60 32:720x480@60 33:720x480@60 34:640x480@75 35:640x480@60 36:640x480@60 37:640x480@60 38:720x400@70 39:1600x1200@60 40:1280x1024@60 41:1024x768@60 42:1920x1200@60 43:1280x800@60 44:1920x1080@60 45:1600x900@60 46:1368x768@60 47:1280x720@60 Geometry: 0,0 2560x1440 Scale: 1 Rotation: 1 Overscan: 0 Vrr: incapable RgbRange: unknown
malloc_consolidate(): unaligned fastbin chunk detected
Aborted (core dumped)

[timk@fender-local ~]$ kscreen-doctor -o
Output: 1 HDMI-A-3 enabled connected priority 1 HDMI Modes: 0:2560x1440@60*! 1:2048x1080@60 2:2048x1080@24 3:1920x1080@60 4:1920x1080@60 5:1920x1080@50 6:1600x1200@60 7:1280x1024@75 8:1280x1024@60 9:1152x864@75 10:1280x720@60 11:1280x720@60 12:1280x720@50 13:1024x768@75 14:1024x768@60 15:800x600@75 16:800x600@60 17:720x576@50 18:720x480@60 19:640x480@75 20:640x480@60 21:640x480@60 Geometry: 0,0 1440x2560 Scale: 1 Rotation: 8 Overscan: 0 Vrr: incapable RgbRange: unknown
Output: 2 DP-1 disabled connected priority 0 DisplayPort Modes: 0:3840x2160@60*! 1:3840x2160@60 2:3840x2160@60 3:3840x2160@50 4:3840x2160@30 5:3840x2160@30 6:3840x2160@30 7:3840x2160@25 8:3840x2160@24 9:3840x2160@24 10:2560x1440@60 11:1920x1200@60 12:1920x1080@60 13:1920x1080@60 14:1920x1080@60 15:1920x1080@50 16:1920x1080@30 17:1920x1080@30 18:1920x1080@25 19:1920x1080@24 20:1920x1080@24 21:1600x1200@60 22:1680x1050@60 23:1600x900@60 24:1280x1024@75 25:1280x1024@60 26:1440x900@60 27:1280x800@60 28:1152x864@75 29:1280x720@60 30:1280x720@60 31:1280x720@60 32:1280x720@50 33:1024x768@75 34:1024x768@60 35:832x624@75 36:800x600@75 37:800x600@60 38:720x576@50 39:720x480@60 40:720x480@60 41:640x480@75 42:640x480@60 43:640x480@60 44:640x480@60 45:720x400@70 46:1600x1200@60 47:1280x1024@60 48:1024x768@60 49:2560x1600@60 50:1920x1200@60 51:3840x2160@60 52:3200x1800@60 53:2880x1620@60 54:2560x1440@60 55:1920x1080@60 56:1600x900@60 57:1368x768@60 58:1280x720@60 Geometry: 0,0 3840x2160 Scale: 1 Rotation: 1 Overscan: 0 Vrr: incapable RgbRange: unknown
Output: 3 DP-2 disabled connected priority 0 DisplayPort Modes: 0:2560x1440@60*! 1:1920x1200@60 2:2048x1080@60 3:2048x1080@24 4:1920x1080@60 5:1920x1080@60 6:1920x1080@60 7:1920x1080@50 8:1920x1080@30 9:1920x1080@30 10:1920x1080@25 11:1920x1080@24 12:1920x1080@24 13:1600x1200@60 14:1680x1050@60 15:1280x1024@75 16:1280x1024@60 17:1440x900@60 18:1280x800@60 19:1152x864@75 20:1280x720@60 21:1280x720@60 22:1280x720@60 23:1280x720@50 24:1024x768@75 25:1024x768@60 26:800x600@75 27:800x600@60 28:720x576@50 29:720x576@50 30:720x480@60 31:720x480@60 32:720x480@60 33:720x480@60 34:640x480@75 35:640x480@60 36:640x480@60 37:640x480@60 38:720x400@70 39:1600x1200@60 40:1280x1024@60 41:1024x768@60 42:1920x1200@60 43:1280x800@60 44:1920x1080@60 45:1600x900@60 46:1368x768@60 47:1280x720@60 Geometry: 0,0 2560x1440 Scale: 1 Rotation: 1 Overscan: 0 Vrr: incapable RgbRange: unknown
Segmentation fault (core dumped)

[timk@fender-local ~]$ gdb kscreen-doctor
(gdb) run -o
Starting program: /usr/bin/kscreen-doctor -o
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffe63ff6c0 (LWP 4586)]
[New Thread 0x7fffde9ce6c0 (LWP 4593)]
[New Thread 0x7fffde1cd6c0 (LWP 4594)]
Downloading separate debug info for /usr/lib64/qt5/plugins/wayland-graphics-integration-client/libqt-plugin-wayland-egl.so
Downloading separate debug info for /lib64/libEGL_nvidia.so.0
Downloading separate debug info for /lib64/libnvidia-glsi.so.545.29.06
Downloading separate debug info for /lib64/libnvidia-eglcore.so.545.29.06
Downloading separate debug info for /lib64/libnvidia-gpucomp.so.545.29.06
Downloading separate debug info for /lib64/libgbm.so.1
Downloading separate debug info for /lib64/libEGL_mesa.so.0
Downloading separate debug info for /lib64/libglapi.so.0
[New Thread 0x7fffdd1a36c0 (LWP 4595)]
[New Thread 0x7fffdc9a26c0 (LWP 4596)]
[New Thread 0x7fffd61ff6c0 (LWP 4597)]
[Thread 0x7fffd61ff6c0 (LWP 4597) exited]
[Thread 0x7fffdd1a36c0 (LWP 4595) exited]
[Thread 0x7fffdc9a26c0 (LWP 4596) exited]
Output: 1 HDMI-A-3 enabled connected priority 1 HDMI Modes: 0:2560x1440@60*! 1:2048x1080@60 2:2048x1080@24 3:1920x1080@60 4:1920x1080@60 5:1920x1080@50 6:1600x1200@60 7:1280x1024@75 8:1280x1024@60 9:1152x864@75 10:1280x720@60 11:1280x720@60 12:1280x720@50 13:1024x768@75 14:1024x768@60 15:800x600@75 16:800x600@60 17:720x576@50 18:720x480@60 19:640x480@75 20:640x480@60 21:640x480@60 Geometry: 0,0 1440x2560 Scale: 1 Rotation: 8 Overscan: 0 Vrr: incapable RgbRange: unknown
Output: 2 DP-1 disabled connected priority 0 DisplayPort Modes: 0:3840x2160@60*! 1:3840x2160@60 2:3840x2160@60 3:3840x2160@50 4:3840x2160@30 5:3840x2160@30 6:3840x2160@30 7:3840x2160@25 8:3840x2160@24 9:3840x2160@24 10:2560x1440@60 11:1920x1200@60 12:1920x1080@60 13:1920x1080@60 14:1920x1080@60 15:1920x1080@50 16:1920x1080@30 17:1920x1080@30 18:1920x1080@25 19:1920x1080@24 20:1920x1080@24 21:1600x1200@60 22:1680x1050@60 23:1600x900@60 24:1280x1024@75 25:1280x1024@60 26:1440x900@60 27:1280x800@60 28:1152x864@75 29:1280x720@60 30:1280x720@60 31:1280x720@60 32:1280x720@50 33:1024x768@75 34:1024x768@60 35:832x624@75 36:800x600@75 37:800x600@60 38:720x576@50 39:720x480@60 40:720x480@60 41:640x480@75 42:640x480@60 43:640x480@60 44:640x480@60 45:720x400@70 46:1600x1200@60 47:1280x1024@60 48:1024x768@60 49:2560x1600@60 50:1920x1200@60 51:3840x2160@60 52:3200x1800@60 53:2880x1620@60 54:2560x1440@60 55:1920x1080@60 56:1600x900@60 57:1368x768@60 58:1280x720@60 Geometry: 0,0 3840x2160 Scale: 1 Rotation: 1 Overscan: 0 Vrr: incapable RgbRange: unknown
Output: 3 DP-2 disabled connected priority 0 DisplayPort Modes: 0:2560x1440@60*! 1:1920x1200@60 2:2048x1080@60 3:2048x1080@24 4:1920x1080@60 5:1920x1080@60 6:1920x1080@60 7:1920x1080@50 8:1920x1080@30 9:1920x1080@30 10:1920x1080@25 11:1920x1080@24 12:1920x1080@24 13:1600x1200@60 14:1680x1050@60 15:1280x1024@75 16:1280x1024@60 17:1440x900@60 18:1280x800@60 19:1152x864@75 20:1280x720@60 21:1280x720@60 22:1280x720@60 23:1280x720@50 24:1024x768@75 25:1024x768@60 26:800x600@75 27:800x600@60 28:720x576@50 29:720x576@50 30:720x480@60 31:720x480@60 32:720x480@60 33:720x480@60 34:640x480@75 35:640x480@60 36:640x480@60 37:640x480@60 38:720x400@70 39:1600x1200@60 40:1280x1024@60 41:1024x768@60 42:1920x1200@60 43:1280x800@60 44:1920x1080@60 45:1600x900@60 46:1368x768@60 47:1280x720@60 Geometry: 0,0 2560x1440 Scale: 1 Rotation: 1 Overscan: 0 Vrr: incapable RgbRange: unknown
[Thread 0x7fffde9ce6c0 (LWP 4593) exited]
[Thread 0x7fffde1cd6c0 (LWP 4594) exited]
malloc_consolidate(): unaligned fastbin chunk detected

Thread 1 "kscreen-doctor" received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
Downloading source file /usr/src/debug/glibc-2.38-14.fc39.x86_64/nptl/pthread_kill.c
44   return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;
Missing separate debuginfos, use: dnf debuginfo-install libkscreen-qt5-5.27.10-1.fc39.x86_64

(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007ffff6cae8a3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007ffff6c5c8ee in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007ffff6c448ff in __GI_abort () at abort.c:79
#4  0x00007ffff6c457d0 in __libc_message (fmt=fmt@entry=0x7ffff6dc256a "%s\n") at ../sysdeps/posix/libc_fatal.c:150
#5  0x00007ffff6cb87a5 in malloc_printerr (str=str@entry=0x7ffff6dc5190 "malloc_consolidate(): unaligned fastbin chunk detected") at malloc.c:5765
#6  0x00007ffff6cb936c in malloc_consolidate (av=0x7ffff6df6ac0 <main_arena>) at malloc.c:4839
#7  0x00007ffff6cba4d5 in _int_free_maybe_consolidate (av=av@entry=0x7ffff6df6ac0 <main_arena>, size=<optimized out>) at malloc.c:4772
#8  0x00007ffff6cba7fe in _int_free_maybe_consolidate (size=<optimized out>, av=0x7ffff6df6ac0 <main_arena>) at malloc.c:4695
#9  0x00007ffff6cbab4a in _int_free (av=0x7ffff6df6ac0 <main_arena>, p=p@entry=0x55555573fa70, have_lock=<optimized out>, have_lock@entry=0) at malloc.c:4639
#10 0x00007ffff6cbd3de in __GI___libc_free (mem=0x55555573fa80) at malloc.c:3391
#11 0x00007fffd6bef716 in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#12 0x00007fffd690c99e in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#13 0x00007fffd6c4cf02 in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#14 0x00007fffd6d0f8de in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#15 0x00007fffd6c508a4 in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#16 0x00007fffd6c51a58 in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#17 0x00007fffd6c2c67b in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#18 0x00007fffd6c2f10d in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#19 0x00007fffd6befaa0 in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#20 0x00007fffd6bf0e81 in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#21 0x00007fffd6c04227 in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#22 0x00007fffdd6a4c88 in ??? () at /lib64/libEGL_nvidia.so.0
#23 0x00007fffdd6a327d in ??? () at /lib64/libEGL_nvidia.so.0
#24 0x00007ffff6c5efd6 in __run_exit_handlers (status=0, listp=<optimized out>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true)
    at exit.c:111
#25 0x00007ffff6c5f11e in __GI_exit (status=<optimized out>) at exit.c:141
#26 0x00007ffff6c46151 in __libc_start_call_main (main=main@entry=0x55555555a440 <main(int, char**)>, argc=argc@entry=2, argv=argv@entry=0x7fffffffdce8)
    at ../sysdeps/nptl/libc_start_call_main.h:74
#27 0x00007ffff6c4620b in __libc_start_main_impl
    (main=0x55555555a440 <main(int, char**)>, argc=2, argv=0x7fffffffdce8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdcd8) at ../csu/libc-start.c:360
#28 0x000055555555bc05 in _start ()

(gdb) bt full
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
        tid = <optimized out>
        ret = 0
        pd = <optimized out>
        old_mask = {__val = {2222}}
        ret = <optimized out>
#1  0x00007ffff6cae8a3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007ffff6c5c8ee in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
        ret = <optimized out>
#3  0x00007ffff6c448ff in __GI_abort () at abort.c:79
        save_stage = 1
        act = {__sigaction_handler = {sa_handler = 0x20, sa_sigaction = 0x20}, sa_mask = {__val = {140737488344624, 140733253368755, 140736907446640, 140736907449662, 140737333398616, 4159178112, 0, 140737352566144, 93824992826720, 93824992824496, 140736907449662, 3838766306, 140737488344752, 140737488344720, 140737353954780, 6}}, sa_flags = 1432245600, sa_restorer = 0x5}
#4  0x00007ffff6c457d0 in __libc_message (fmt=fmt@entry=0x7ffff6dc256a "%s\n") at ../sysdeps/posix/libc_fatal.c:150
        ap = {{gp_offset = 16, fp_offset = 32767, overflow_arg_area = 0x7fffffffd6e0, reg_save_area = 0x7fffffffd670}}
        fd = 2
        list = <optimized out>
        nlist = <optimized out>
        cp = <optimized out>
#5  0x00007ffff6cb87a5 in malloc_printerr (str=str@entry=0x7ffff6dc5190 "malloc_consolidate(): unaligned fastbin chunk detected") at malloc.c:5765
#6  0x00007ffff6cb936c in malloc_consolidate (av=0x7ffff6df6ac0 <main_arena>) at malloc.c:4839
        idx = <optimized out>
        fb = 0x7ffff6df6ad0 <main_arena+16>
        maxfb = 0x7ffff6df6b18 <main_arena+88>
        p = 0x55500022ef4b
        nextp = <optimized out>
        unsorted_bin = 0x7ffff6df6b20 <main_arena+96>
        first_unsorted = <optimized out>
        nextchunk = <optimized out>
        size = <optimized out>
        nextsize = <optimized out>
        prevsize = <optimized out>
        nextinuse = <optimized out>
#7  0x00007ffff6cba4d5 in _int_free_maybe_consolidate (av=av@entry=0x7ffff6df6ac0 <main_arena>, size=<optimized out>) at malloc.c:4772
        __PRETTY_FUNCTION__ = "_int_free_maybe_consolidate"
#8  0x00007ffff6cba7fe in _int_free_maybe_consolidate (size=<optimized out>, av=0x7ffff6df6ac0 <main_arena>) at malloc.c:4695
        __PRETTY_FUNCTION__ = "_int_free_maybe_consolidate"
        heap = <optimized out>
#9  0x00007ffff6cbab4a in _int_free (av=0x7ffff6df6ac0 <main_arena>, p=p@entry=0x55555573fa70, have_lock=<optimized out>, have_lock@entry=0) at malloc.c:4639
        size = <optimized out>
        fb = <optimized out>
#10 0x00007ffff6cbd3de in __GI___libc_free (mem=0x55555573fa80) at malloc.c:3391
        ar_ptr = <optimized out>
        p = 0x55555573fa70
        err = 22
#11 0x00007fffd6bef716 in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#12 0x00007fffd690c99e in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#13 0x00007fffd6c4cf02 in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#14 0x00007fffd6d0f8de in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#15 0x00007fffd6c508a4 in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#16 0x00007fffd6c51a58 in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#17 0x00007fffd6c2c67b in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#18 0x00007fffd6c2f10d in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#19 0x00007fffd6befaa0 in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#20 0x00007fffd6bf0e81 in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#21 0x00007fffd6c04227 in ??? () at /lib64/libnvidia-eglcore.so.545.29.06
#22 0x00007fffdd6a4c88 in ??? () at /lib64/libEGL_nvidia.so.0
#23 0x00007fffdd6a327d in ??? () at /lib64/libEGL_nvidia.so.0
#24 0x00007ffff6c5efd6 in __run_exit_handlers (status=0, listp=<optimized out>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true)
    at exit.c:111
        atfct = <optimized out>
        onfct = <optimized out>
        cxafct = <optimized out>
        arg = <optimized out>
        f = <optimized out>
        new_exitfn_called = 1295
        cur = 0x5555555ddc90
        restart = <optimized out>
#25 0x00007ffff6c5f11e in __GI_exit (status=<optimized out>) at exit.c:141
#26 0x00007ffff6c46151 in __libc_start_call_main (main=main@entry=0x55555555a440 <main(int, char**)>, argc=argc@entry=2, argv=argv@entry=0x7fffffffdce8)
    at ../sysdeps/nptl/libc_start_call_main.h:74
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737488346344, -9179539544873873024, 2, 0, 140737354125312, 93824992319288, -9179539544687226496, -9179555278031007360}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x2, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 2}}}
        not_first_call = <optimized out>
#27 0x00007ffff6c4620b in __libc_start_main_impl
    (main=0x55555555a440 <main(int, char**)>, argc=2, argv=0x7fffffffdce8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdcd8) at ../csu/libc-start.c:360
#28 0x000055555555bc05 in _start ()

Fedora 39 Kernel 6.6.9 KDE Plasma v5.27.10

inxi reports:

Graphics:
  Device-1: NVIDIA GM204 [GeForce GTX 970] vendor: ASUSTeK driver: nvidia
    v: 545.29.06 arch: Maxwell bus-ID: 01:00.0
  Device-2: AMD Ellesmere [Radeon RX 470/480/570/570X/580/580X/590]
    vendor: Sapphire Nitro+ driver: amdgpu v: kernel arch: GCN-4 bus-ID: 02:00.0
    temp: 46.0 C
  Display: wayland server: X.Org v: 23.2.3 with: Xwayland v: 23.2.3
    compositor: kwin_wayland driver: X: loaded: amdgpu,nvidia
    unloaded: fbdev,modesetting,nouveau,vesa dri: radeonsi
    gpu: amdgpu,nvidia,nvidia-nvswitch resolution: 1440x2560~60Hz
  API: EGL v: 1.5 drivers: kms_swrast,nvidia,radeonsi,swrast platforms:
    active: gbm,wayland,x11,surfaceless,device inactive: device-2
  API: OpenGL v: 4.6.0 compat-v: 4.5 vendor: nvidia mesa v: 545.29.06
    glx-v: 1.4 direct-render: yes renderer: NVIDIA GeForce GTX 970/PCIe/SSE2
  API: Vulkan v: 1.3.268 drivers: nvidia,radv,llvmpipe
    surfaces: xcb,xlib,wayland devices: 3
erik-kz commented 5 months ago

I'm pretty sure this is a bug either in kscreen-doctor or maybe Qt. Running it with valgrind reports several invalid writes to freed heap memory while destroying various Qt objects. See below for one example. Heap corruption like this is a pernicious thing. It generally won't cause a crash right away, but later on some completely unrelated piece of code can trip over it. In our case, that code happens to belong to the NVIDIA driver.

==2983883== Invalid write of size 8
==2983883==    at 0x5AA2A3D: wl_list_init (wayland-util.c:40)
==2983883==    by 0x5AA2FDF: wl_event_queue_release (wayland-client.c:321)
==2983883==    by 0x5AA32B9: wl_display_disconnect (wayland-client.c:1323)
==2983883==    by 0x5B27A9E: QtWaylandClient::QWaylandDisplay::~QWaylandDisplay() (in /usr/lib/libQt5WaylandClient.so.5.15.11)
==2983883==    by 0x5B14EA9: QtWaylandClient::QWaylandIntegration::~QWaylandIntegration() (in /usr/lib/libQt5WaylandClient.so.5.15.11)
==2983883==    by 0x5B14F3D: QtWaylandClient::QWaylandIntegration::~QWaylandIntegration() (in /usr/lib/libQt5WaylandClient.so.5.15.11)
==2983883==    by 0x4A21C9C: QGuiApplicationPrivate::~QGuiApplicationPrivate() (in /usr/lib/libQt5Gui.so.5.15.11)
==2983883==    by 0x4A2226D: QGuiApplicationPrivate::~QGuiApplicationPrivate() (in /usr/lib/libQt5Gui.so.5.15.11)
==2983883==    by 0x10D926: ??? (in /usr/bin/kscreen-doctor)
==2983883==    by 0x573ACCF: (below main) (libc_start_call_main.h:58)
==2983883==  Address 0x27512a80 is 80 bytes inside a block of size 96 free'd
==2983883==    at 0x484412F: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2983883==    by 0x27749F05: KWayland::Client::Registry::destroy() (in /usr/lib/libKF5WaylandClient.so.5.112.0)
==2983883==    by 0x522F096: ??? (in /usr/lib/libQt5Core.so.5.15.11)
==2983883==    by 0x522F096: ??? (in /usr/lib/libQt5Core.so.5.15.11)
==2983883==    by 0x522F493: QObject::destroyed(QObject*) (in /usr/lib/libQt5Core.so.5.15.11)
==2983883==    by 0x52255AB: QObject::~QObject() (in /usr/lib/libQt5Core.so.5.15.11)
==2983883==    by 0x5B145C6: ??? (in /usr/lib/libQt5WaylandClient.so.5.15.11)
==2983883==    by 0x5B14DC9: QtWaylandClient::QWaylandIntegration::~QWaylandIntegration() (in /usr/lib/libQt5WaylandClient.so.5.15.11)
==2983883==    by 0x5B14F3D: QtWaylandClient::QWaylandIntegration::~QWaylandIntegration() (in /usr/lib/libQt5WaylandClient.so.5.15.11)
==2983883==    by 0x4A21C9C: QGuiApplicationPrivate::~QGuiApplicationPrivate() (in /usr/lib/libQt5Gui.so.5.15.11)
==2983883==    by 0x4A2226D: QGuiApplicationPrivate::~QGuiApplicationPrivate() (in /usr/lib/libQt5Gui.so.5.15.11)
==2983883==    by 0x10D926: ??? (in /usr/bin/kscreen-doctor)
==2983883==  Block was alloc'd at
==2983883==    at 0x48469B3: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2983883==    by 0x5AA4C94: UnknownInlinedFun (wayland-private.h:234)
==2983883==    by 0x5AA4C94: proxy_create (wayland-client.c:446)
==2983883==    by 0x5AA4E30: UnknownInlinedFun (wayland-client.c:703)
==2983883==    by 0x5AA4E30: wl_proxy_marshal_array_flags (wayland-client.c:870)
==2983883==    by 0x5AA5BD9: wl_proxy_marshal_flags (wayland-client.c:823)
==2983883==    by 0x2774C809: KWayland::Client::Registry::create(wl_display*) (in /usr/lib/libKF5WaylandClient.so.5.112.0)
==2983883==    by 0x2774FD9B: KWayland::Client::Registry::create(KWayland::Client::ConnectionThread*) (in /usr/lib/libKF5WaylandClient.so.5.112.0)
==2983883==    by 0x27684B00: qt_plugin_instance (in /usr/lib/qt/plugins/kf5/kscreen/KSC_KWayland.so)
==2983883==    by 0x51F555E: ??? (in /usr/lib/libQt5Core.so.5.15.11)
==2983883==    by 0x48A5C41: KScreen::BackendManager::loadBackendPlugin(QPluginLoader*, QString const&, QMap<QString, QVariant> const&) (in /usr/lib/libKF5Screen.so.5.27.9)
==2983883==    by 0x48A8EC0: KScreen::BackendManager::loadBackendInProcess(QString const&) (in /usr/lib/libKF5Screen.so.5.27.9)
==2983883==    by 0x48B1D07: ??? (in /usr/lib/libKF5Screen.so.5.27.9)
==2983883==    by 0x48B2EF7: KScreen::GetConfigOperation:
tim-rex commented 5 months ago

Thanks for the insight @erik-kz I probably shouldn't have been so quick to file the issue here as I did have my doubts.

I'll see if I can repro elsewhere and file appropriately, though the valgrind report may be sufficient.

tim-rex commented 5 months ago

Can confirm kscreen-doctor has issues when running without nVidia drivers present. The crash is much less frequent, and manifests slightly differently when running with amdgpu/nouveau, though not unexpected where heap corruption is at play

Closing for now. I'll update with a link once I post the issue in the correct channel

EDIT: Reported to KDE here and then again... here