Bug 237345

Summary: Crash in KWin::TabBox::ClientModel::data
Product: [Plasma] kwin Reporter: paul s. romanchenko <kde>
Component: tabboxAssignee: KWin default assignee <kwin-bugs-null>
Status: RESOLVED WORKSFORME    
Severity: crash CC: alexmannx13, jospoortvliet, x545
Priority: NOR Keywords: triaged
Version: unspecified   
Target Milestone: ---   
Platform: Debian unstable   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: New crash information added by DrKonqi
New crash information added by DrKonqi
xorg.conf

Description paul s. romanchenko 2010-05-12 09:35:12 UTC
Application: kwin (4.4.3 (KDE 4.4.3))
KDE Platform Version: 4.4.3 (KDE 4.4.3)
Qt Version: 4.6.2
Operating System: Linux 2.6.32-4-amd64 x86_64
Distribution: Debian GNU/Linux unstable (sid)

-- Information about the crash:
Crashed when I choosed new themed decoration engine, downloaded theme and applied.
KWin crashed. After crash, engine and theme were applied successfully.

 -- Backtrace:
Application: KWin (kwin), signal: Segmentation fault
The current source language is "auto; currently c".
[KCrash Handler]
#5  0x00007f6560de436a in KWin::TabBox::ClientModel::data (this=<value optimized out>, index=<value optimized out>, role=<value optimized out>) at ../../kwin/tabbox/clientmodel.cpp:67
#6  0x00007f6560de2ec0 in KWin::TabBox::ClientItemDelegate::rowSize (this=<value optimized out>, index=..., row=<value optimized out>) at ../../kwin/tabbox/clientitemdelegate.cpp:235
#7  0x00007f6560de301e in KWin::TabBox::ClientItemDelegate::sizeHint (this=0x20e29a0, option=<value optimized out>, index=...) at ../../kwin/tabbox/clientitemdelegate.cpp:82
#8  0x00007f655e850351 in QTableView::sizeHintForColumn (this=<value optimized out>, column=<value optimized out>) at itemviews/qtableview.cpp:2210
#9  0x00007f6560dee356 in KWin::TabBox::TabBoxAdditionalView::sizeHint (this=0x7fff4c50e7b0) at ../../kwin/tabbox/tabboxview.cpp:438
#10 0x00007f655e3456e2 in QWidgetPrivate::adjustedSize (this=0x2163e50) at kernel/qwidget.cpp:7755
#11 0x00007f655e34bc22 in QWidget::adjustSize (this=0x2154430) at kernel/qwidget.cpp:7819
#12 0x00007f655e3541ad in QWidget::setVisible (this=0x2154430, visible=<value optimized out>) at kernel/qwidget.cpp:7407
#13 0x00007f6560deeb7e in QWidget::show (this=0x2102b60) at /usr/include/qt4/QtGui/qwidget.h:485
#14 KWin::TabBox::TabBoxView::configChanged (this=0x2102b60) at ../../kwin/tabbox/tabboxview.cpp:288
#15 0x00007f6560def081 in KWin::TabBox::TabBoxView::qt_metacall (this=0x2102b60, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fff4c50efe0) at ./tabboxview.moc:79
#16 0x00007f655db7fb1f in QMetaObject::activate (sender=0x20fde10, m=<value optimized out>, local_signal_index=<value optimized out>, argv=0xfffffffffff8313c) at kernel/qobject.cpp:3293
#17 0x00007f6560dedcb1 in KWin::TabBox::TabBoxHandler::setConfig (this=0x20fde10, config=...) at ../../kwin/tabbox/tabboxhandler.cpp:445
#18 0x00007f6560de0cce in KWin::TabBox::TabBox::reconfigure (this=0x21028e0) at ../../kwin/tabbox.cpp:503
#19 0x00007f6560dc01eb in KWin::Workspace::slotReconfigure (this=0x1fdba00) at ../../kwin/workspace.cpp:1058
#20 0x00007f6560dc1511 in KWin::Workspace::qt_metacall (this=0x1fdba00, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fff4c50f2d0) at ./workspace.moc:498
#21 0x00007f655db7fb1f in QMetaObject::activate (sender=0x1fdbd00, m=<value optimized out>, local_signal_index=<value optimized out>, argv=0xfffffffffff8313c) at kernel/qobject.cpp:3293
#22 0x00007f655db7c743 in QObject::event (this=0x1fdbd00, e=0x7fff4c50fa20) at kernel/qobject.cpp:1212
#23 0x00007f655e2f68fc in QApplicationPrivate::notify_helper (this=0x1db19a0, receiver=0x1fdbd00, e=0x7fff4c50fa20) at kernel/qapplication.cpp:4300
#24 0x00007f655e2fcddb in QApplication::notify (this=0x7fff4c50fe00, receiver=0x1fdbd00, e=0x7fff4c50fa20) at kernel/qapplication.cpp:4183
#25 0x00007f6560626366 in KApplication::notify (this=0x7fff4c50fe00, receiver=0x1fdbd00, event=0x7fff4c50fa20) at ../../kdeui/kernel/kapplication.cpp:302
#26 0x00007f655db6cddc in QCoreApplication::notifyInternal (this=0x7fff4c50fe00, receiver=0x1fdbd00, event=0x7fff4c50fa20) at kernel/qcoreapplication.cpp:704
#27 0x00007f655db99942 in QCoreApplication::sendEvent (this=0x1db2400) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#28 QTimerInfoList::activateTimers (this=0x1db2400) at kernel/qeventdispatcher_unix.cpp:603
#29 0x00007f655db99abc in QEventDispatcherUNIX::processEvents (this=0x1d986a0, flags=) at kernel/qeventdispatcher_unix.cpp:924
#30 0x00007f655e3a70c9 in QEventDispatcherX11::processEvents (this=<value optimized out>, flags=) at kernel/qeventdispatcher_x11.cpp:152
#31 0x00007f655db6b702 in QEventLoop::processEvents (this=<value optimized out>, flags=) at kernel/qeventloop.cpp:149
#32 0x00007f655db6badc in QEventLoop::exec (this=0x7fff4c50fd40, flags=) at kernel/qeventloop.cpp:201
#33 0x00007f655db6f81b in QCoreApplication::exec () at kernel/qcoreapplication.cpp:981
#34 0x00007f6560ddc50e in kdemain (argc=<value optimized out>, argv=<value optimized out>) at ../../kwin/main.cpp:526
#35 0x00007f6560a58a8d in __libc_start_main (main=<value optimized out>, argc=<value optimized out>, ubp_av=<value optimized out>, init=<value optimized out>, fini=<value optimized out>, 
    rtld_fini=<value optimized out>, stack_end=0x7fff4c510308) at libc-start.c:222
#36 0x00000000004006a9 in _start ()

Reported using DrKonqi
Comment 1 Martin Flöser 2010-05-23 16:36:39 UTC
the backtrace indicates that you were using alt+tab when KWin crashed. Is that correct?
Comment 2 paul s. romanchenko 2010-05-23 17:26:21 UTC
yes, it can be true. i don't remember correctly.

On Sun, May 23, 2010 at 6:36 PM, Martin Gräßlin
<kde@martin-graesslin.com> wrote:
> https://bugs.kde.org/show_bug.cgi?id=237345
>
>
>
>
>
> --- Comment #1 from Martin Gräßlin <kde martin-graesslin com>  2010-05-23 16:36:39 ---
> the backtrace indicates that you were using alt+tab when KWin crashed. Is that
> correct?
>
> --
> Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
> ------- You are receiving this mail because: -------
> You reported the bug.
Comment 3 Martin Flöser 2010-06-10 22:05:48 UTC
it crashes in 
return m_clientList[ clientIndex ]->caption();

Unfortunately the backtrace stops there. It cannot be the last entry. So it either crashed in index access (client was closed between index check and access) or in TabBoxClientImpl when accessing the caption method.

So I don't think I will be able to fix that crash as I don't know how to reproduce and investigate the issue.
Comment 4 Nicolas L. 2010-07-20 15:15:00 UTC
*** Bug 245193 has been marked as a duplicate of this bug. ***
Comment 5 Thomas Lübking 2010-12-17 16:44:16 UTC
*** Bug 260365 has been marked as a duplicate of this bug. ***
Comment 6 jos poortvliet 2011-01-09 22:27:02 UTC
Created attachment 55788 [details]
New crash information added by DrKonqi

kwin (4.5.5 (KDE 4.5.5) "release 1") on KDE Platform 4.5.5 (KDE 4.5.5) "release 1" using Qt 4.6.3

- What I was doing when the application crashed:
KWin keeps crashing 4-5 times a day on alt-tab. Is there anything I can do to find the culprit? I'm running KWin 4.5.5 and I'd love to get this fixed in 4.5.6 :D

I have the NVidia drivers, might be related?!?

-- Backtrace (Reduced):
#7  0xb76a077a in KWin::TabBox::ClientModel::data (this=0x83abd48, index=..., role=33) at /usr/src/debug/kdebase-workspace-4.5.5/kwin/tabbox/clientmodel.cpp:67
#8  0xb76ef382 in KWin::TabBox::ClientItemDelegate::rowSize (this=0x8394bf8, index=..., row=0) at /usr/src/debug/kdebase-workspace-4.5.5/kwin/tabbox/clientitemdelegate.cpp:264
#9  0xb76ef548 in KWin::TabBox::ClientItemDelegate::sizeHint (this=0x8394bf8, option=..., index=...) at /usr/src/debug/kdebase-workspace-4.5.5/kwin/tabbox/clientitemdelegate.cpp:82
#10 0xb61db6ce in QTableView::sizeHintForColumn (this=0x8429538, column=0) at itemviews/qtableview.cpp:2217
#11 0xb769dcfb in KWin::TabBox::TabBoxAdditionalView::sizeHint (this=0x8429538) at /usr/src/debug/kdebase-workspace-4.5.5/kwin/tabbox/tabboxview.cpp:450
Comment 7 Martin Flöser 2011-01-09 22:35:43 UTC
> - What I was doing when the application crashed:
> KWin keeps crashing 4-5 times a day on alt-tab. Is there anything I can do
> to find the culprit?
whatch for patterns. E.g. "It only happens when I use Firefox" or "It always 
happens when a window closes". A way to circumvent the problem is to use one 
of the effects. They don't hit the code path.

Just as a note: I never see the crash and alt+tab is one of my most often used 
shortcuts a day.
> I'm running KWin 4.5.5 and I'd love to get this fixed
> in 4.5.6 :D
I doubt there will be a 4.5.6, at least I won't backport to 4.5 any more.
> 
> I have the NVidia drivers, might be related?!?
I doubt it. It's not hitting any driver related pathes and believe me that the 
NVIDIA driver is the most stable one.
Comment 8 Thomas Lübking 2011-01-09 22:42:20 UTC
see the comment in bug #260365

the lines are in workspace.cpp:700ff - since i can't reproduce this myself either, you'll have to try whether swapping those two blocks improves things for you, it's nothing but a wild guess from my side.

  700      updateStackingOrder( true );
  701  
  702      if( tab_grab )
  703          tab_box->reset( true );

==>

  702      if( tab_grab )
  703          tab_box->reset( true );
  701  
  700      updateStackingOrder( true );
Comment 9 alexmannx13 2011-01-25 21:00:46 UTC
Created attachment 56427 [details]
New crash information added by DrKonqi

kwin (4.5.5 (KDE 4.5.5)) on KDE Platform 4.5.5 (KDE 4.5.5) using Qt 4.7.1

- What I was doing when the application crashed:

I was alternating between opera 11 and adobe pdf reader; this happens when I
- use the alt-tab to switch windows
- use the mouse to select the window from the task bar / manager

On another note, I have noticed a similar crash report when I activate the screen corners with the mouse in either 'show windows from current screen' and 'show all screens and windows' views.

-- Backtrace (Reduced):
#14 0xb66b0900 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#15 0xb66b5e10 in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4
#16 0xb5b823f4 in QApplication::exec() () from /usr/lib/libQtGui.so.4
#17 0xb7727bef in kdemain () from /usr/lib/libkdeinit4_kwin.so
#18 0x080485cb in _start ()
Comment 10 Thomas Lübking 2011-01-26 18:10:22 UTC
(In reply to comment #9)
> I was alternating between opera 11 and adobe pdf reader; this happens when I
> - use the alt-tab to switch windows
> - use the mouse to select the window from the task bar / manager

"either" or "and"?
Comment 11 alexmannx13 2011-01-26 20:22:46 UTC
(In reply to comment #10)
> (In reply to comment #9)
> > I was alternating between opera 11 and adobe pdf reader; this happens when I
> > - use the alt-tab to switch windows
> > - use the mouse to select the window from the task bar / manager
> 
> "either" or "and"?

It occurs in both instances.
Comment 12 alexmannx13 2011-02-06 11:12:55 UTC
Created attachment 56913 [details]
xorg.conf
Comment 13 alexmannx13 2011-02-06 11:14:02 UTC
Comment on attachment 56913 [details]
xorg.conf

After reading posts on various forums, it would appear (to me at least) that the nvidia video driver is not cooperating with kwin.  

I decided to experiment with some driver configurations and have the current "stable" setup:
OS: Mandriva 2010.2
KDE: 4.5.5

NVidia packages installed:
libkwinnvidiahack4-4.5.5
dkms-nvidia-current-260.19.36
x11-driver-video-nvidia-current-260.19.36
nvidia-current-kernel-desktop-latest-195.36.24
nvidia-current-kernel-2.6.33.7-desktop-2mnb-195.36.24

Copy of xorg.conf:
(attached)
Comment 14 Martin Flöser 2011-05-07 09:23:36 UTC
everything from comment #9 to this comment is actually unrelated to the original report and is a different issue (sorry that we didn't notice before).

As I am not able to reproduce: is the original problem still valid and is there a reliable way to reproduce?
Comment 15 paul s. romanchenko 2011-05-07 14:41:45 UTC
No reliable way. It's random crash. Didn't has it for a long time.
Comment 16 Martin Flöser 2011-05-07 15:00:24 UTC
well random crashers are impossible to investigate. Let's hope that someone else can provide a way to trigger the crash. It's also possible that it is fixed, but without a way to reproduce we cannot know.
Comment 17 Martin Flöser 2012-05-22 16:36:43 UTC
Git commit 05a3420175c88c7a106a245071d4bb3a75694e00 by Martin Gräßlin.
Committed on 20/05/2012 at 15:52.
Pushed by graesslin into branch 'master'.

Use smart pointers to protect access to TabBoxClient

Client holds a SharedPointer to the TabBoxClient and only
provides access to a WeakPointer which is passed to TabBox.
ClientModel is adjusted to hold a list of WeakPointers instead
of the direct pointers.

This fixes the following reproducable crash:
1. Configure both primary and secondary TabBox with different
   layouts
2. Use primary TabBox
3. Close a window, best the one which used to be active
4. Use secondary TabBox
-> Crash

The reason is that the ClientModel still contains the pointer
to the deleted TabBoxClient in step 3 and while creating the
layout access to the TabBoxClient is needed to get the Client's
icon.

By using the weak pointer it can be ensured that we don't try
to dereference the deleted pointer and prevent the crash.
Related: bug 290482, bug 285747
REVIEW: 105000

M  +1    -4    kwin/client.cpp
M  +3    -3    kwin/client.h
M  +40   -28   kwin/tabbox/clientmodel.cpp
M  +1    -1    kwin/tabbox/clientmodel.h
M  +26   -14   kwin/tabbox/tabbox.cpp
M  +4    -4    kwin/tabbox/tabbox.h
M  +28   -6    kwin/tabbox/tabboxhandler.cpp
M  +6    -6    kwin/tabbox/tabboxhandler.h

http://commits.kde.org/kde-workspace/05a3420175c88c7a106a245071d4bb3a75694e00
Comment 18 Martin Flöser 2012-05-29 05:55:23 UTC
Git commit 19c0fa5abd90a46de2ef6949a15de31111f930f4 by Martin Gräßlin.
Committed on 20/05/2012 at 15:52.
Pushed by graesslin into branch 'KDE/4.8'.

Use smart pointers to protect access to TabBoxClient

Client holds a SharedPointer to the TabBoxClient and only
provides access to a WeakPointer which is passed to TabBox.
ClientModel is adjusted to hold a list of WeakPointers instead
of the direct pointers.

This fixes the following reproducable crash:
1. Configure both primary and secondary TabBox with different
   layouts
2. Use primary TabBox
3. Close a window, best the one which used to be active
4. Use secondary TabBox
-> Crash

The reason is that the ClientModel still contains the pointer
to the deleted TabBoxClient in step 3 and while creating the
layout access to the TabBoxClient is needed to get the Client's
icon.

By using the weak pointer it can be ensured that we don't try
to dereference the deleted pointer and prevent the crash.

Cherry-Picked from 05a3420175c88c7a106a245071d4bb3a75694e00
Related: bug 290482, bug 285747
FIXED-IN: 4.8.4
REVIEW: 105000
REVIEW: 105069

M  +1    -4    kwin/client.cpp
M  +3    -3    kwin/client.h
M  +31   -22   kwin/tabbox/clientmodel.cpp
M  +1    -1    kwin/tabbox/clientmodel.h
M  +4    -2    kwin/tabbox/desktopitemdelegate.cpp
M  +19   -12   kwin/tabbox/tabbox.cpp
M  +4    -4    kwin/tabbox/tabbox.h
M  +28   -6    kwin/tabbox/tabboxhandler.cpp
M  +6    -6    kwin/tabbox/tabboxhandler.h

http://commits.kde.org/kde-workspace/19c0fa5abd90a46de2ef6949a15de31111f930f4
Comment 19 Andrew Crouthamel 2018-09-23 02:37:18 UTC
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days, the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information.

For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please set the bug status as REPORTED so that the KDE team knows that the bug is ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 20 Andrew Crouthamel 2018-10-27 02:18:04 UTC
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information.

For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!