470.86 and 470.94 segfaults on libnvidia-glcore and KDE plasmashell on openSUSE Tumbleweed, Xorg 21.1.1

Hi,

I’m harvesting this crash here on a regular base:

Application: Plasma (plasmashell), signal: Segmentation fault
Content of s_kcrashErrorMessage: std::unique_ptr<char []> = {get() = 0x0}
[KCrash Handler]
#6  0x00007fd65eaffa7e in  () at /lib64/libnvidia-glcore.so.470.94
#7  0x00007fd66e1ceb1e in QOpenGLFunctions::glVertexAttribPointer(unsigned int, int, unsigned int, unsigned char, int, void const*) (ptr=<optimized out>, stride=0, normalized=0 '\000', type=5126, size=1, indx=<optimized out>, this=0x7fd56c12aa30) at /usr/include/qt5/QtGui/qopenglfunctions.h:2174
#8  QSGBatchRenderer::Renderer::renderMergedBatch(QSGBatchRenderer::Batch const*) (batch=<optimized out>, this=0x7fd56c12a8c0) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp:3129
#9  QSGBatchRenderer::Renderer::renderMergedBatch(QSGBatchRenderer::Batch const*) (this=0x7fd56c12a8c0, batch=0x7fd56d22e830) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp:3026
#10 0x00007fd66e1d4185 in QSGBatchRenderer::Renderer::renderBatches() (this=this@entry=0x7fd56c12a8c0) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp:4066
#11 0x00007fd66e1d49b2 in QSGBatchRenderer::Renderer::render() (this=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp:4363
#12 0x00007fd66e1bbfa0 in QSGRenderer::renderScene(QSGBindable const&) (bindable=<optimized out>, this=0x7fd56c12a8c0) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgrenderer.cpp:264
#13 QSGRenderer::renderScene(QSGBindable const&) (this=0x7fd56c12a8c0, bindable=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgrenderer.cpp:220
#14 0x00007fd66e1bc473 in QSGRenderer::renderScene(unsigned int) (this=<optimized out>, fboId=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgrenderer.cpp:212
#15 0x00007fd66e220f63 in QSGDefaultRenderContext::renderNextFrame(QSGRenderer*, unsigned int) (this=0x55ddc3eace60, renderer=0x7fd56c12a8c0, fboId=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/qsgdefaultrendercontext.cpp:228
#16 0x00007fd66e28ed69 in QQuickWindowPrivate::renderSceneGraph(QSize const&, QSize const&) (this=0x55ddc63eb5f0, size=..., surfaceSize=...) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/items/qquickwindow.cpp:617
#17 0x00007fd66e22f62d in QSGRenderThread::syncAndRender(QImage*) (this=0x55ddc6401310, grabImage=0x0) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/qsgthreadedrenderloop.cpp:837
#18 0x00007fd66e22ffd7 in QSGRenderThread::run() (this=0x55ddc6401310) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/qsgthreadedrenderloop.cpp:1043
#19 0x00007fd66c575e61 in QThreadPrivate::start(void*) (arg=0x55ddc6401310) at thread/qthread_unix.cpp:329
#20 0x00007fd66c0dc427 in start_thread (arg=<optimized out>) at pthread_create.c:435
#21 0x00007fd66c165810 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Thread 8 (Thread 0x7fd62e7fc640 (LWP 3675) "QSGRenderThread"):
#1  __GI___lll_lock_wait (futex=futex@entry=0x7fd65ffeafa0, private=0) at lowlevellock.c:50
#2  0x00007fd66c0dfa8d in lll_mutex_lock_optimized (mutex=0x7fd65ffeafa0) at pthread_mutex_lock.c:49
#3  ___pthread_mutex_lock (mutex=0x7fd65ffeafa0) at pthread_mutex_lock.c:124
#4  0x00007fd65ed20769 in  () at /lib64/libnvidia-glcore.so.470.94
#5  0x00007fd65eaffa49 in  () at /lib64/libnvidia-glcore.so.470.94
#6  0x00007fd66e1ceaba in QOpenGLFunctions::glVertexAttribPointer(unsigned int, int, unsigned int, unsigned char, int, void const*) (ptr=<optimized out>, stride=<optimized out>, normalized=<optimized out>, type=<optimized out>, size=<optimized out>, indx=<optimized out>, this=0x7fd604126c40) at /usr/include/qt5/QtGui/qopenglfunctions.h:2174
#7  QSGBatchRenderer::Renderer::renderMergedBatch(QSGBatchRenderer::Batch const*) (batch=<optimized out>, this=0x7fd604126ad0) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp:3125
#8  QSGBatchRenderer::Renderer::renderMergedBatch(QSGBatchRenderer::Batch const*) (this=0x7fd604126ad0, batch=0x7fd605713030) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp:3026
#9  0x00007fd66e1d4185 in QSGBatchRenderer::Renderer::renderBatches() (this=this@entry=0x7fd604126ad0) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp:4066
#10 0x00007fd66e1d49b2 in QSGBatchRenderer::Renderer::render() (this=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp:4363
#11 0x00007fd66e1bbfa0 in QSGRenderer::renderScene(QSGBindable const&) (bindable=<optimized out>, this=0x7fd604126ad0) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgrenderer.cpp:264
#12 QSGRenderer::renderScene(QSGBindable const&) (this=0x7fd604126ad0, bindable=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgrenderer.cpp:220
#13 0x00007fd66e1bc473 in QSGRenderer::renderScene(unsigned int) (this=<optimized out>, fboId=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgrenderer.cpp:212
#14 0x00007fd66e220f63 in QSGDefaultRenderContext::renderNextFrame(QSGRenderer*, unsigned int) (this=0x55ddc44e7230, renderer=0x7fd604126ad0, fboId=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/qsgdefaultrendercontext.cpp:228
#15 0x00007fd66e28ed69 in QQuickWindowPrivate::renderSceneGraph(QSize const&, QSize const&) (this=0x55ddc390af40, size=..., surfaceSize=...) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/items/qquickwindow.cpp:617
#16 0x00007fd66e22f62d in QSGRenderThread::syncAndRender(QImage*) (this=0x55ddc6278a70, grabImage=0x0) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/qsgthreadedrenderloop.cpp:837
#17 0x00007fd66e22ffd7 in QSGRenderThread::run() (this=0x55ddc6278a70) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/qsgthreadedrenderloop.cpp:1043
#18 0x00007fd66c575e61 in QThreadPrivate::start(void*) (arg=0x55ddc6278a70) at thread/qthread_unix.cpp:329
#19 0x00007fd66c0dc427 in start_thread (arg=<optimized out>) at pthread_create.c:435
#20 0x00007fd66c165810 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Thread 7 (Thread 0x7fd627fff640 (LWP 3641) "CPMMListener"):
#1  0x00007fd65ed24141 in  () at /lib64/libnvidia-glcore.so.470.94
#2  0x00007fd65ed21c6d in  () at /lib64/libnvidia-glcore.so.470.94
#3  0x00007fd66c0dc427 in start_thread (arg=<optimized out>) at pthread_create.c:435
#4  0x00007fd66c165810 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Thread 6 (Thread 0x7fd6351d4640 (LWP 3435) "QSGRenderThread"):
#1  __GI___lll_lock_wait (futex=futex@entry=0x7fd65ffeafa0, private=0) at lowlevellock.c:50
#2  0x00007fd66c0dfa8d in lll_mutex_lock_optimized (mutex=0x7fd65ffeafa0) at pthread_mutex_lock.c:49
#3  ___pthread_mutex_lock (mutex=0x7fd65ffeafa0) at pthread_mutex_lock.c:124
#4  0x00007fd65ed20769 in  () at /lib64/libnvidia-glcore.so.470.94
#5  0x00007fd65edf8e33 in  () at /lib64/libnvidia-glcore.so.470.94
#6  0x00007fd65eda4061 in  () at /lib64/libnvidia-glcore.so.470.94
#7  0x00007fd65eda594e in  () at /lib64/libnvidia-glcore.so.470.94
#8  0x00007fd65edabb28 in  () at /lib64/libnvidia-glcore.so.470.94
#9  0x00007fd65edaf893 in  () at /lib64/libnvidia-glcore.so.470.94
#10 0x00007fd65ef2359e in  () at /lib64/libnvidia-glcore.so.470.94
#11 0x00007fd65ef3237a in  () at /lib64/libnvidia-glcore.so.470.94
#12 0x00007fd65eb0fb46 in  () at /lib64/libnvidia-glcore.so.470.94
#13 0x00007fd66e1cfc07 in QOpenGLFunctions::glDrawElements(unsigned int, int, unsigned int, void const*) (indices=0x40, type=<optimized out>, count=<optimized out>, mode=<optimized out>, this=0x7fd614125660) at /usr/include/qt5/QtGui/qopenglfunctions.h:760
#14 QSGBatchRenderer::Renderer::renderUnmergedBatch(QSGBatchRenderer::Batch const*) (this=this@entry=0x7fd6141254f0, batch=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp:3243
#15 0x00007fd66e1d4085 in QSGBatchRenderer::Renderer::renderBatches() (this=this@entry=0x7fd6141254f0) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp:4070
#16 0x00007fd66e1d49b2 in QSGBatchRenderer::Renderer::render() (this=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp:4363
#17 0x00007fd66e1bbfa0 in QSGRenderer::renderScene(QSGBindable const&) (bindable=<optimized out>, this=0x7fd6141254f0) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgrenderer.cpp:264
#18 QSGRenderer::renderScene(QSGBindable const&) (this=0x7fd6141254f0, bindable=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgrenderer.cpp:220
#19 0x00007fd66e1bc473 in QSGRenderer::renderScene(unsigned int) (this=<optimized out>, fboId=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/coreapi/qsgrenderer.cpp:212
#20 0x00007fd66e220f63 in QSGDefaultRenderContext::renderNextFrame(QSGRenderer*, unsigned int) (this=0x55ddc3c15a10, renderer=0x7fd6141254f0, fboId=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/qsgdefaultrendercontext.cpp:228
#21 0x00007fd66e28ed69 in QQuickWindowPrivate::renderSceneGraph(QSize const&, QSize const&) (this=0x55ddc3a16a60, size=..., surfaceSize=...) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/items/qquickwindow.cpp:617
#22 0x00007fd66e22f62d in QSGRenderThread::syncAndRender(QImage*) (this=0x7fd660003f40, grabImage=0x0) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/qsgthreadedrenderloop.cpp:837
#23 0x00007fd66e22ffd7 in QSGRenderThread::run() (this=0x7fd660003f40) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.2.x86_64/src/quick/scenegraph/qsgthreadedrenderloop.cpp:1043
#24 0x00007fd66c575e61 in QThreadPrivate::start(void*) (arg=0x7fd660003f40) at thread/qthread_unix.cpp:329
#25 0x00007fd66c0dc427 in start_thread (arg=<optimized out>) at pthread_create.c:435
#26 0x00007fd66c165810 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

[omitted any threads without nvidia in the bt, I have ~10 full back traces available]

This is on Tumbleweed 20211215, Xorg 21.1.1, and plasma5-workspace 5.23.4, and is reproducible (well it happens after something of 8-48h uptime) with both OpenGL 2.0 and 3.1 compositors and 470.{86,94}.
Kernel, while probably not relevant: 5.15.10.

The nvidia-gfxG05 driver is built as rpm in a local OBS from official sources
I help our primary maintainer Stefan Dirsch with packaging, and submitted 470.94 already.