Closed tim-rex closed 5 months ago
I'm pretty sure this is a bug either in kscreen-doctor or maybe Qt. Running it with valgrind reports several invalid writes to freed heap memory while destroying various Qt objects. See below for one example. Heap corruption like this is a pernicious thing. It generally won't cause a crash right away, but later on some completely unrelated piece of code can trip over it. In our case, that code happens to belong to the NVIDIA driver.
==2983883== Invalid write of size 8
==2983883== at 0x5AA2A3D: wl_list_init (wayland-util.c:40)
==2983883== by 0x5AA2FDF: wl_event_queue_release (wayland-client.c:321)
==2983883== by 0x5AA32B9: wl_display_disconnect (wayland-client.c:1323)
==2983883== by 0x5B27A9E: QtWaylandClient::QWaylandDisplay::~QWaylandDisplay() (in /usr/lib/libQt5WaylandClient.so.5.15.11)
==2983883== by 0x5B14EA9: QtWaylandClient::QWaylandIntegration::~QWaylandIntegration() (in /usr/lib/libQt5WaylandClient.so.5.15.11)
==2983883== by 0x5B14F3D: QtWaylandClient::QWaylandIntegration::~QWaylandIntegration() (in /usr/lib/libQt5WaylandClient.so.5.15.11)
==2983883== by 0x4A21C9C: QGuiApplicationPrivate::~QGuiApplicationPrivate() (in /usr/lib/libQt5Gui.so.5.15.11)
==2983883== by 0x4A2226D: QGuiApplicationPrivate::~QGuiApplicationPrivate() (in /usr/lib/libQt5Gui.so.5.15.11)
==2983883== by 0x10D926: ??? (in /usr/bin/kscreen-doctor)
==2983883== by 0x573ACCF: (below main) (libc_start_call_main.h:58)
==2983883== Address 0x27512a80 is 80 bytes inside a block of size 96 free'd
==2983883== at 0x484412F: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2983883== by 0x27749F05: KWayland::Client::Registry::destroy() (in /usr/lib/libKF5WaylandClient.so.5.112.0)
==2983883== by 0x522F096: ??? (in /usr/lib/libQt5Core.so.5.15.11)
==2983883== by 0x522F096: ??? (in /usr/lib/libQt5Core.so.5.15.11)
==2983883== by 0x522F493: QObject::destroyed(QObject*) (in /usr/lib/libQt5Core.so.5.15.11)
==2983883== by 0x52255AB: QObject::~QObject() (in /usr/lib/libQt5Core.so.5.15.11)
==2983883== by 0x5B145C6: ??? (in /usr/lib/libQt5WaylandClient.so.5.15.11)
==2983883== by 0x5B14DC9: QtWaylandClient::QWaylandIntegration::~QWaylandIntegration() (in /usr/lib/libQt5WaylandClient.so.5.15.11)
==2983883== by 0x5B14F3D: QtWaylandClient::QWaylandIntegration::~QWaylandIntegration() (in /usr/lib/libQt5WaylandClient.so.5.15.11)
==2983883== by 0x4A21C9C: QGuiApplicationPrivate::~QGuiApplicationPrivate() (in /usr/lib/libQt5Gui.so.5.15.11)
==2983883== by 0x4A2226D: QGuiApplicationPrivate::~QGuiApplicationPrivate() (in /usr/lib/libQt5Gui.so.5.15.11)
==2983883== by 0x10D926: ??? (in /usr/bin/kscreen-doctor)
==2983883== Block was alloc'd at
==2983883== at 0x48469B3: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2983883== by 0x5AA4C94: UnknownInlinedFun (wayland-private.h:234)
==2983883== by 0x5AA4C94: proxy_create (wayland-client.c:446)
==2983883== by 0x5AA4E30: UnknownInlinedFun (wayland-client.c:703)
==2983883== by 0x5AA4E30: wl_proxy_marshal_array_flags (wayland-client.c:870)
==2983883== by 0x5AA5BD9: wl_proxy_marshal_flags (wayland-client.c:823)
==2983883== by 0x2774C809: KWayland::Client::Registry::create(wl_display*) (in /usr/lib/libKF5WaylandClient.so.5.112.0)
==2983883== by 0x2774FD9B: KWayland::Client::Registry::create(KWayland::Client::ConnectionThread*) (in /usr/lib/libKF5WaylandClient.so.5.112.0)
==2983883== by 0x27684B00: qt_plugin_instance (in /usr/lib/qt/plugins/kf5/kscreen/KSC_KWayland.so)
==2983883== by 0x51F555E: ??? (in /usr/lib/libQt5Core.so.5.15.11)
==2983883== by 0x48A5C41: KScreen::BackendManager::loadBackendPlugin(QPluginLoader*, QString const&, QMap<QString, QVariant> const&) (in /usr/lib/libKF5Screen.so.5.27.9)
==2983883== by 0x48A8EC0: KScreen::BackendManager::loadBackendInProcess(QString const&) (in /usr/lib/libKF5Screen.so.5.27.9)
==2983883== by 0x48B1D07: ??? (in /usr/lib/libKF5Screen.so.5.27.9)
==2983883== by 0x48B2EF7: KScreen::GetConfigOperation:
Thanks for the insight @erik-kz I probably shouldn't have been so quick to file the issue here as I did have my doubts.
I'll see if I can repro elsewhere and file appropriately, though the valgrind report may be sufficient.
Can confirm kscreen-doctor has issues when running without nVidia drivers present. The crash is much less frequent, and manifests slightly differently when running with amdgpu/nouveau, though not unexpected where heap corruption is at play
Closing for now. I'll update with a link once I post the issue in the correct channel
Please advise if this should be directed elsewhere
I've just today started setting up kwin/plasma, running on Fedora 39 I have a dual GPU setup (GTX 970 and RX 580) with both nvidia + amdgpu drivers setup
At this point in time, kwin/plasma is only utilising the display on my nVidia device (HDMI-A-3). The other displays are inactive.
The problem Running 'kscreen-doctor -o' is producing a SIGABRT and emitting
malloc_consolidate(): unaligned fastbin chunk detected
A batcktrace seems to suggest this is ocurring in the nVidia stack during cleanup/exit handlers.
-Interestingly, this crash was not evident until after I had succesfully rotated the display for a portrait orientation.^^ Turns out this crash is non deterministic. It has equal chance of SIGABRT or Seg Fault as it does of succeeding without error. I don't believe this is in any way related to portrait/landscape.Session follows:
Fedora 39 Kernel 6.6.9 KDE Plasma v5.27.10
inxi reports: