Bug 282933 - closing session crash
Summary: closing session crash
Status: RESOLVED FIXED
Alias: None
Product: kwin
Classification: Plasma
Component: general (show other bugs)
Version: unspecified
Platform: Compiled Sources Linux
: NOR crash
Target Milestone: 4.9
Assignee: KWin default assignee
URL: https://git.reviewboard.kde.org/r/104...
Keywords:
: 285634 286637 293182 297893 298011 299076 299933 307068 308593 308636 309862 309934 313828 314430 320106 321632 323363 326622 (view as bug list)
Depends on:
Blocks:
 
Reported: 2011-09-27 21:14 UTC by Valentin Rusu
Modified: 2014-04-09 21:21 UTC (History)
19 users (show)

See Also:
Latest Commit:
Version Fixed In: 4.9.0
Sentry Crash Report:
mgraesslin: ReviewRequest+


Attachments
New crash information added by DrKonqi (2.22 KB, text/plain)
2011-10-31 17:23 UTC, Hrvoje Senjan
Details
patch attempt (1.08 KB, patch)
2011-10-31 21:47 UTC, Thomas Lübking
Details
correct backtrace for patched 4.7.3 (3.03 KB, application/octet-stream)
2011-11-03 19:03 UTC, Daniel Eklöf
Details
New crash information added by DrKonqi (5.02 KB, text/plain)
2014-04-09 21:21 UTC, Bharat Gourab Das
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Valentin Rusu 2011-09-27 21:14:47 UTC
Application: kwin (4.7.2 (4.7.2))
KDE Platform Version: 4.7.2 (4.7.2) (Compiled from sources)
Qt Version: 4.8.0
Operating System: Linux 3.0.3-41-desktop x86_64
Distribution: "openSUSE 11.4 (x86_64)"

-- Information about the crash:
- What I was doing when the application crashed:
I was closing my session.
Please note I'm using Qt 4.8 updated last week-end.

-- Backtrace:
Application: KWin (kwin), signal: Segmentation fault
[KCrash Handler]
#6  __cxxabiv1::__dynamic_cast (src_ptr=<value optimized out>, src_type=0x7f337526ae40, dst_type=0x7f337526b6f0, src2dst=0) at ../../../../libstdc++-v3/libsupc++/dyncast.cc:61
#7  0x00007f3374fc3f66 in KWin::Deleted::copyToDeleted (this=0xba2680, c=0x1c2b2e0) at /home/kde/src/kde-workspace/kwin/deleted.cpp:67
#8  0x00007f3374fc3ec2 in KWin::Deleted::create (c=0x1c2b2e0) at /home/kde/src/kde-workspace/kwin/deleted.cpp:53
#9  0x00007f3374fa0873 in KWin::Unmanaged::release (this=0x1c2b2e0) at /home/kde/src/kde-workspace/kwin/unmanaged.cpp:84
#10 0x00007f3374f11645 in KWin::Workspace::~Workspace (this=0xb1cbb0, __in_chrg=<value optimized out>) at /home/kde/src/kde-workspace/kwin/workspace.cpp:534
#11 0x00007f3374f11d88 in KWin::Workspace::~Workspace (this=0xb1cbb0, __in_chrg=<value optimized out>) at /home/kde/src/kde-workspace/kwin/workspace.cpp:564
#12 0x00007f3374f42d30 in KWin::Application::~Application (this=0x7fff3e91d530, __in_chrg=<value optimized out>) at /home/kde/src/kde-workspace/kwin/main.cpp:340
#13 0x00007f3374f43fcb in kdemain (argc=1, argv=0x7fff3e91db28) at /home/kde/src/kde-workspace/kwin/main.cpp:495
#14 0x00000000004009e6 in main (argc=1, argv=0x7fff3e91db28) at /home/kde/src/superbuild/kdebase/build/Build/kde-workspace/kwin/kwin_dummy.cpp:3

Reported using DrKonqi
Comment 1 Martin Flöser 2011-10-15 08:21:26 UTC
crashed in 
assert(dynamic_cast< Deleted* >(c) == NULL);
Comment 2 Thomas Lübking 2011-10-15 11:18:46 UTC
segfault, not abort

a) "heisenbug" (does it happen always or at least often?)
b) dyncast is broken (unlikely)
c) Qt freed the List before the deconstructor???
Comment 3 Raymond Wooninck 2011-10-21 08:53:27 UTC
I am using KDE master build against Qt 4.8 snapshot and I have exactly the same issue. kwin functions fine during the whole session, but as soon as I logoff or shutdown the laptop, kwin crashes. 

This happens every time that I logoff/shutdown and is very reproducible. 

Please let me know if you need any additional information.
Comment 4 Raymond Wooninck 2011-10-31 08:47:45 UTC
Could this bug be related to https://bugs.kde.org/show_bug.cgi?id=284989 ?? It seems due to a certain change in Qt 4.8, several programs are crashing due to changes in qDeleteAll. However as indicated in the Qtbug https://bugreports.qt.nokia.com/browse/QTBUG-22037 this would be the correct behavior and changes are required on the KDE side.
Comment 5 Hrvoje Senjan 2011-10-31 17:23:19 UTC
Created attachment 65082 [details]
New crash information added by DrKonqi

kwin (4.7.2 (4.7.2) "release 5") on KDE Platform 4.7.2 (4.7.2) "release 5" using Qt 4.8.0

- What I was doing when the application crashed:

Same as the reporters before: Kwin crashes at logout & using qt 4.8 (yesterday's snapshots).

-- Backtrace (Reduced):
#6  KWin::Deleted::create (c=0xbabababababababa) at /usr/src/debug/kde-workspace-4.7.2/build/kwin/deleted.moc:80
#7  0x00007f6ecbe844c0 in KWin::Unmanaged::release (this=0xbabababababababa) at /usr/src/debug/kde-workspace-4.7.2/kwin/unmanaged.cpp:84
#8  0x00007f6ecbe04acd in KWin::Workspace::~Workspace (this=0x85b510, __in_chrg=<optimized out>) at /usr/src/debug/kde-workspace-4.7.2/kwin/workspace.cpp:542
#9  0x00007f6ecbe053d9 in KWin::Workspace::~Workspace (this=0x85b510, __in_chrg=<optimized out>) at /usr/src/debug/kde-workspace-4.7.2/kwin/workspace.cpp:574
#10 0x00007f6ecbe1bb25 in KWin::Application::~Application (this=0x7fff0d5f2060, __in_chrg=<optimized out>) at /usr/src/debug/kde-workspace-4.7.2/kwin/main.cpp:338
Comment 6 Thomas Lübking 2011-10-31 21:47:14 UTC
Created attachment 65096 [details]
patch attempt

The KWIn code is for sure buggy, ::release*() isn't const.

==> Can anyone with Qt 4.8 please try the attached patch?
(I fear we could encounter more or that kind...)
Comment 7 Hrvoje Senjan 2011-11-01 15:43:00 UTC
Is this for master only? Can we apply the patch against 4.7.2?
Comment 8 Thomas Lübking 2011-11-01 16:05:13 UTC
There might be some offset, but the patch should apply to 4.7 just as well.
Comment 9 Hrvoje Senjan 2011-11-01 19:42:37 UTC
Thomas, patch works! Thanks!
Comment 10 Thomas Lübking 2011-11-01 20:25:32 UTC
Git commit b82f942ddedbe4616c2eb8572547cdd821e8e6ec by Thomas Lübking.
Committed on 01/11/2011 at 21:20.
Pushed by luebking into branch 'master'.

don't use const_iterator's when calling non const functions

BUG: 282933
FIXED-IN: 4.7.4

M  +2    -6    kwin/workspace.cpp

http://commits.kde.org/kde-workspace/b82f942ddedbe4616c2eb8572547cdd821e8e6ec
Comment 11 Thomas Lübking 2011-11-03 14:26:22 UTC
*** Bug 285634 has been marked as a duplicate of this bug. ***
Comment 12 Daniel Eklöf 2011-11-03 17:04:21 UTC
The patch doesn't fix this issue for me. After applying it to kde-workspace-4.7.3 (qt-4.8rc1), I'm still seeing the occasional crash:

#6  KWin::Deleted::create (c=0xff000000) at /mnt/ram/kde-workspace-4.7.3/kwin/deleted.cpp:52
#7  0x00007f2e9a144130 in KWin::Unmanaged::release (this=0xff000000) at /mnt/ram/kde-workspace-4.7.3/kwin/unmanaged.cpp:84
#8  0x00007f2e9a0c4442 in KWin::Workspace::~Workspace (this=0x1228b30, __in_chrg=<value optimized out>) at /mnt/ram/kde-workspace-4.7.3/kwin/workspace.cpp:542
#9  0x00007f2e9a0c4969 in KWin::Workspace::~Workspace (this=0x1228b30, __in_chrg=<value optimized out>) at /mnt/ram/kde-workspace-4.7.3/kwin/workspace.cpp:574
#10 0x00007f2e9a0e21d3 in KWin::Application::~Application (this=0x7fffbc100960, __in_chrg=<value optimized out>) at /mnt/ram/kde-workspace-4.7.3/kwin/main.cpp:338
#11 0x00007f2e9a0e39e2 in kdemain (argc=3, argv=<value optimized out>) at /mnt/ram/kde-workspace-4.7.3/kwin/main.cpp:491
#12 0x00007f2e99d101eb in __libc_start_main () from /lib64/libc.so.6
#13 0x0000000000400601 in _start ()

I've been unable to reproduce it with kquitapp kwin; it only happens (so far) when doing a real logout.
Comment 13 Thomas Lübking 2011-11-03 18:43:47 UTC
Can you please post the new backtrace instead of a copy of the old?
Comment 14 Hrvoje Senjan 2011-11-03 18:48:17 UTC
I still didn't get any crashes. Patched 4.7.2 built against whatever snapshot D. Mueller uploaded:
https://build.opensuse.org/package/files?package=libqt4&project=KDE%3AQt48
This is newer snapshot than rc1 so maybe that's why Daniel is still getting crashes?
Comment 15 Daniel Eklöf 2011-11-03 19:03:11 UTC
Created attachment 65205 [details]
correct backtrace for patched 4.7.3

Sorry about that. Copied from the wrong file.
Comment 16 Thomas Lübking 2011-11-03 19:42:06 UTC
Git commit 5c9a9e9db66272938c9b7d13512262e768d5f826 by Thomas Lübking.
Committed on 01/11/2011 at 21:20.
Pushed by luebking into branch 'KDE/4.7'.

don't use const_iterator's when calling non const functions

BUG: 282933
FIXED-IN: 4.7.4
(cherry picked from commit b82f942ddedbe4616c2eb8572547cdd821e8e6ec)

M  +2    -6    kwin/workspace.cpp

http://commits.kde.org/kde-workspace/5c9a9e9db66272938c9b7d13512262e768d5f826
Comment 17 Thomas Lübking 2011-11-03 20:43:20 UTC
(In reply to comment #14)
> This is newer snapshot than rc1 so maybe that's why Daniel is still getting
> crashes?
Maybe, but:
a) differend optimization modes for KWin/Qt (anyone -o3?)
b) Daniel only encounters it on session ends, what could suggest a general
memory corruption

However, Daniel's new trace ends up incredibly high in the stack as well, where
the first one was near the heap (@Daniel: are the numbers for
KWin::Deleted::create always that large now?) and more interestingly the OP
just suffered bad heap, but no stack deref %)

Ultimately we could simply just bypass Deleted::create() in the deconstructor
(it's pointless anyway - the compositor is gone at that time) but that does of
course not really fix the issue. :S

@Daniel:
can you try swapping the release loops for CLients and Unmanaged in workspace.cpp ~ line 540? (It will likely still crash, but the question is "where")
Comment 18 Daniel Eklöf 2011-11-03 21:06:00 UTC
(In reply to comment #17)
> a) differend optimization modes for KWin/Qt (anyone -o3?)

No, my cxxflags are:
-O2 -march=native -ftracer -maccumulate-outgoing-args -pipe -fexcess-precision=fast

I do use a newer gcc version (4.6.2) than I did when I compiled KDE 4.7.2 (4.6.1) though.

> b) Daniel only encounters it on session ends, what could suggest a general
> memory corruption

Well, it crashes less frequently after the patch, so it might be that it's possible to trigger it with kquitapp too, just that I haven't tried enough. But, I don't think so. I've tried many more kquitapps than logouts, and it never crashes with kquitapp so far, but a couple of times when logging out.
 
> However, Daniel's new trace ends up incredibly high in the stack as well, where
> the first one was near the heap (@Daniel: are the numbers for
> KWin::Deleted::create always that large now?)

You're right, the pointers do look weird. Not sure if they always do; I haven't paid attention to that. I'll do that from now on.

> @Daniel:
> can you try swapping the release loops for CLients and Unmanaged in
> workspace.cpp ~ line 540? (It will likely still crash, but the question is
> "where")

I'll do that tomorrow.
Comment 19 Daniel Eklöf 2011-11-04 13:27:11 UTC
Today I haven't seen any crashes: not before swapping the release loops, and not after. Maybe not all that surprising as they didn't occur that frequently to begin with.

Anyway, I realize there isn't much that can be done at this point. I'll post updated backtraces if/when I see more crashes.
Comment 20 Thomas Lübking 2011-11-14 23:53:10 UTC
*** Bug 286637 has been marked as a duplicate of this bug. ***
Comment 21 Thomas Lübking 2012-04-11 21:01:02 UTC
*** Bug 297893 has been marked as a duplicate of this bug. ***
Comment 22 Thomas Lübking 2012-04-11 21:02:02 UTC
from latest dupe.
sth. invalidates the memory and it's apparently not that list usage :-(

Thread 1 (Thread 0xb1d679b0 (LWP 3207)):
[KCrash Handler]
#7  0xb5d4d503 in QRegion::operator=(QRegion const&) () from /usr/lib/qt4/libQtGui.so.4
#8  0xb765d2f4 in KWin::Toplevel::copyToDeleted (this=0x91c98a8, c=0x95b3ab0) at /var/tmp/portage/kde-base/kwin-4.8.2/work/kwin-4.8.2/kwin/toplevel.cpp:131
#9  0xb767fbf7 in KWin::Deleted::copyToDeleted (this=0x91c98a8, c=0x95b3ab0) at /var/tmp/portage/kde-base/kwin-4.8.2/work/kwin-4.8.2/kwin/deleted.cpp:68
#10 0xb767fecb in KWin::Deleted::create (c=0x95b3ab0) at /var/tmp/portage/kde-base/kwin-4.8.2/work/kwin-4.8.2/kwin/deleted.cpp:53
#11 0xb765e660 in KWin::Unmanaged::release (this=0x95b3ab0) at /var/tmp/portage/kde-base/kwin-4.8.2/work/kwin-4.8.2/kwin/unmanaged.cpp:85
#12 0xb75e93f5 in KWin::Workspace::~Workspace (this=0x91ec890, __in_chrg=<optimized out>) at /var/tmp/portage/kde-base/kwin-4.8.2/work/kwin-4.8.2/kwin/workspace.cpp:533
#13 0xb75e9ab3 in KWin::Workspace::~Workspace (this=0x91ec890, __in_chrg=<optimized out>) at /var/tmp/portage/kde-base/kwin-4.8.2/work/kwin-4.8.2/kwin/workspace.cpp:563
#14 0xb7603bea in KWin::Application::~Application (this=0xbf897ac8, __in_chrg=<optimized out>) at /var/tmp/portage/kde-base/kwin-4.8.2/work/kwin-4.8.2/kwin/main.cpp:340
#15 0xb7606900 in kdemain (argc=3, argv=0xbf897d74) at /var/tmp/portage/kde-base/kwin-4.8.2/work/kwin-4.8.2/kwin/main.cpp:511
#16 0x080486cb in main (argc=3, argv=0xbf897d74) at /var/tmp/portage/kde-base/kwin-4.8.2/work/kwin-4.8.2_build/kwin/kwin_dummy.cpp:3
Comment 23 Martin Flöser 2012-04-13 06:12:14 UTC
*** Bug 298011 has been marked as a duplicate of this bug. ***
Comment 24 Martin Flöser 2012-04-22 15:51:38 UTC
Git commit 53027ef8587845877ffa4e8492fdc10f2833db7c by Martin Gräßlin.
Committed on 22/04/2012 at 09:27.
Pushed by graesslin into branch 'master'.

Do not create Deleted on Workspace Shutdown

When the Workspace is shutting down the compositor is torn down
before Clients and Unmanaged are released. This means that there
is no need to create the Deleted windows.

Furthermore creating the Deleted manipulates the stacking_order
while Workspace dtor loops over this list to release all clients.
This may cause crashes.
FIXED-IN: 4.9.0
REVIEW: 104690

M  +8    -3    kwin/client.cpp
M  +10   -5    kwin/unmanaged.cpp
M  +1    -1    kwin/unmanaged.h
M  +1    -1    kwin/workspace.cpp

http://commits.kde.org/kde-workspace/53027ef8587845877ffa4e8492fdc10f2833db7c
Comment 25 Martin Flöser 2012-04-30 04:35:01 UTC
*** Bug 299076 has been marked as a duplicate of this bug. ***
Comment 26 Martin Flöser 2012-05-13 11:52:20 UTC
*** Bug 299933 has been marked as a duplicate of this bug. ***
Comment 27 Thomas Lübking 2012-05-13 16:47:43 UTC
can anyone experiencing this bug please check the output of
ps -A | grep -E '(emerald|decorator)'
Comment 28 Toralf Förster 2012-05-14 20:34:20 UTC
(In reply to comment #24)
> Git commit 53027ef8587845877ffa4e8492fdc10f2833db7c by Martin Gräßlin.
> Committed on 22/04/2012 at 09:27.
> Pushed by graesslin into branch 'master'.
> 
> Do not create Deleted on Workspace Shutdown
> 
> When the Workspace is shutting down the compositor is torn down
> before Clients and Unmanaged are released. This means that there
> is no need to create the Deleted windows.
> 
> Furthermore creating the Deleted manipulates the stacking_order
> M  +1    -1    kwin/workspace.cpp
I could apply the patch against 4.8.3 except the piece for this file, where I created a separate diff :
tfoerste@n22 /etc/portage/patches/kde-base/kwin-4.8.3 $ cat workspace.patch 
--- a/kwin/workspace.cpp_orig   2012-05-13 19:13:03.931031792 +0200
+++ b/kwin/workspace.cpp        2012-05-13 19:13:15.706995478 +0200
@@ -530,7 +530,7 @@
         desktops.removeAll(*it);
     }
     for (UnmanagedList::iterator it = unmanaged.begin(), end = unmanaged.end(); it != end; ++it)
-        (*it)->release();
+        (*it)->release(true);
 #ifdef KWIN_BUILD_DESKTOPCHANGEOSD
     delete desktop_change_osd;
 #endif

Now I'm wondering whether it ok to backport this to 4.8.x or not.
Comment 29 Martin Flöser 2012-05-14 21:01:10 UTC
(In reply to comment #28)
> Now I'm wondering whether it ok to backport this to 4.8.x or not.
No, the change is in my opinion too big to be considered for 4.8.
Comment 30 Thomas Lübking 2012-09-19 20:07:47 UTC
*** Bug 293182 has been marked as a duplicate of this bug. ***
Comment 31 Thomas Lübking 2012-09-19 20:07:55 UTC
*** Bug 307068 has been marked as a duplicate of this bug. ***
Comment 32 Martin Flöser 2012-10-18 12:39:36 UTC
*** Bug 308593 has been marked as a duplicate of this bug. ***
Comment 33 Thomas Lübking 2012-10-19 05:02:36 UTC
*** Bug 308636 has been marked as a duplicate of this bug. ***
Comment 34 Martin Flöser 2012-11-10 15:45:45 UTC
*** Bug 309862 has been marked as a duplicate of this bug. ***
Comment 35 Thomas Lübking 2012-11-12 01:26:09 UTC
*** Bug 309934 has been marked as a duplicate of this bug. ***
Comment 36 Thomas Lübking 2013-01-24 14:13:23 UTC
*** Bug 313828 has been marked as a duplicate of this bug. ***
Comment 37 Thomas Lübking 2013-02-04 18:34:04 UTC
*** Bug 314430 has been marked as a duplicate of this bug. ***
Comment 38 Thomas Lübking 2013-05-21 19:26:38 UTC
*** Bug 320106 has been marked as a duplicate of this bug. ***
Comment 39 Martin Flöser 2013-06-26 13:18:42 UTC
*** Bug 321632 has been marked as a duplicate of this bug. ***
Comment 40 Thomas Lübking 2013-08-11 06:55:54 UTC
*** Bug 323363 has been marked as a duplicate of this bug. ***
Comment 41 Martin Flöser 2013-10-25 10:51:37 UTC
*** Bug 326622 has been marked as a duplicate of this bug. ***
Comment 42 Bharat Gourab Das 2014-04-09 21:21:36 UTC
Created attachment 86023 [details]
New crash information added by DrKonqi

kwin (4.8.5 (4.8.5)) on KDE Platform 4.8.5 (4.8.5) using Qt 4.8.1

- What I was doing when the application crashed:
Changed to and fro Kwin-Compiz, this creates a few problems such as youtube video in not coming full screen instead it comes as a small rectangle inside a black screen

It also makes applications not to respnd for  2-3 clicks

- Custom settings of the application:

-- Backtrace (Reduced):
#7  0x00007f854684892a in KWin::Deleted::copyToDeleted (this=0x16e41b0, c=0x1bdf0f0) at ../../kwin/deleted.cpp:78
#8  0x00007f8546848bad in KWin::Deleted::create (c=0x1bdf0f0) at ../../kwin/deleted.cpp:53
#9  0x00007f854682a570 in KWin::Unmanaged::release (this=0x1bdf0f0) at ../../kwin/unmanaged.cpp:85
#10 0x00007f85467c2ced in KWin::Workspace::~Workspace (this=0x1231940, __in_chrg=<optimized out>) at ../../kwin/workspace.cpp:533
#11 0x00007f85467c3559 in KWin::Workspace::~Workspace (this=0x1231940, __in_chrg=<optimized out>) at ../../kwin/workspace.cpp:563