Summary: | Kwin 4.9 beta crashes on logout | ||
---|---|---|---|
Product: | [Plasma] kwin | Reporter: | l.mierzwa |
Component: | general | Assignee: | KWin default assignee <kwin-bugs-null> |
Status: | RESOLVED FIXED | ||
Severity: | crash | CC: | aacid, bugs.kde.org3, ivan.stetsenko, rtdvrs, salsa_temps, sinozzuke, vkrevs |
Priority: | NOR | Flags: | thomas.luebking:
ReviewRequest+
|
Version: | unspecified | ||
Target Milestone: | 4.9.2 | ||
Platform: | Ubuntu | ||
OS: | Linux | ||
Latest Commit: | http://commits.kde.org/kde-workspace/f90b52838b1bc35d580935cd4aa64fc12792f501 | Version Fixed In: | 4.9.2 |
Attachments: |
New crash information added by DrKonqi
New crash information added by DrKonqi New crash information added by DrKonqi New crash information added by DrKonqi Track unmanaged Clear Unmanaged Erase unmanaged Valgrind trace #1 Valgrind trace #2 Output with Track patch test Unmanaged pointer on shutdown Track adding Fix releasing unmanaged windows New crash information added by DrKonqi |
Description
l.mierzwa
2012-07-09 16:48:15 UTC
Created attachment 72407 [details]
New crash information added by DrKonqi
kwin (4.8.90 (4.8.90)) on KDE Platform 4.8.90 (4.8.90) using Qt 4.8.1
Another logout another crash
-- Backtrace (Reduced):
#7 0x00007fa426d4dd5f in KWin::Toplevel::windowClosed (this=<optimized out>, _t1=0x1bf1270, _t2=0x0) at ./toplevel.moc:347
#8 0x00007fa426d4e9f3 in KWin::Unmanaged::release (this=0x1bf1270, on_shutdown=true) at ../../kwin/unmanaged.cpp:89
#9 0x00007fa426ce0192 in KWin::Workspace::~Workspace (this=0xe26590, __in_chrg=<optimized out>) at ../../kwin/workspace.cpp:534
#10 0x00007fa426ce09d9 in KWin::Workspace::~Workspace (this=0xe26590, __in_chrg=<optimized out>) at ../../kwin/workspace.cpp:561
#11 0x00007fa426cfbf05 in KWin::Application::~Application (this=0x7fff8b921140, __in_chrg=<optimized out>) at ../../kwin/main.cpp:343
Created attachment 72550 [details]
New crash information added by DrKonqi
kwin (4.8.90 (4.8.90)) on KDE Platform 4.8.90 (4.8.90) using Qt 4.8.1
- What I was doing when the application crashed:
I logged out, just like the others have mentioned.
-- Backtrace (Reduced):
#6 0x00007f41c48ef9f9 in KWin::Unmanaged::release (this=0x20abdd0, on_shutdown=true) at ../../kwin/unmanaged.cpp:90
#7 0x00007f41c4881192 in KWin::Workspace::~Workspace (this=0x18c9e80, __in_chrg=<optimized out>) at ../../kwin/workspace.cpp:534
#8 0x00007f41c48819d9 in KWin::Workspace::~Workspace (this=0x18c9e80, __in_chrg=<optimized out>) at ../../kwin/workspace.cpp:561
#9 0x00007f41c489cf05 in KWin::Application::~Application (this=0x7fffdf0739f0, __in_chrg=<optimized out>) at ../../kwin/main.cpp:343
#10 0x00007f41c489f7b4 in kdemain (argc=<optimized out>, argv=<optimized out>) at ../../kwin/main.cpp:545
Can anyone here try a patch? Reason: I guess i know what happens* but not why for it should not. Since it doesn't crash here it would be great if someone who gets those crashes could ensure that the assumed fix actually fixes the *assumed* issue. * ~Workspace() as very first action calls finishCompositing(); what calls scene->windowClosed(c, NULL); for all windows and then deletes effects and the scene. Next step is to unrelease all windows what emits windowClosed(this, del); This is where the code crashes, but should not, because the signal is only bound by effects and scene - which should at this point no longer exist. A trivial patch would be to not "emit windowClosed(this, del);" "on_shutdown" on ::release() - it's not necessary anyway because finishCompositing just called that on the scene and the effects (which should no longer exist!) don't have anything reasonable to do anymore anyway. random observations: all three crashes are with Qt 4.8.1 and I would assume Ubuntu? Maybe something is fishy there... "2" crashes - OP and comment #1 is the same system. Also both are on x86_64 (fwwi) *** Bug 304538 has been marked as a duplicate of this bug. *** Created attachment 73143 [details]
New crash information added by DrKonqi
kwin (4.9.00) on KDE Platform 4.9.00 using Qt 4.8.1
- What I was doing when the application crashed:
Launching Firefox from the plasma icontask manager.
-- Backtrace (Reduced):
#7 0x00007f817689491f in KWin::Toplevel::windowClosed (this=<optimized out>, _t1=0x15a1460, _t2=0x0) at ./toplevel.moc:350
#8 0x00007f81768955d3 in KWin::Unmanaged::release (this=0x15a1460, on_shutdown=true) at ../../kwin/unmanaged.cpp:89
#9 0x00007f8176826902 in KWin::Workspace::~Workspace (this=0x14ef3f0, __in_chrg=<optimized out>) at ../../kwin/workspace.cpp:537
#10 0x00007f8176827149 in KWin::Workspace::~Workspace (this=0x14ef3f0, __in_chrg=<optimized out>) at ../../kwin/workspace.cpp:564
#11 0x00007f8176843da7 in KWin::Application::lostSelection (this=0x7fff429b2c00) at ../../kwin/main.cpp:354
*** Bug 305944 has been marked as a duplicate of this bug. *** Created attachment 73667 [details]
New crash information added by DrKonqi
kwin (4.9.00) on KDE Platform 4.9.00 using Qt 4.8.2
- What I was doing when the application crashed:
Started compiz/unity while kwin was running
-- Backtrace (Reduced):
#6 0x00007f3a29ba48b9 in KWin::Unmanaged::release (this=0xb06c50, on_shutdown=<optimized out>) at ../../kwin/unmanaged.cpp:90
#7 0x00007f3a29b3b962 in KWin::Workspace::~Workspace (this=0xa1c4d0, __in_chrg=<optimized out>) at ../../kwin/workspace.cpp:537
#8 0x00007f3a29b3c039 in KWin::Workspace::~Workspace (this=0xa1c4d0, __in_chrg=<optimized out>) at ../../kwin/workspace.cpp:564
#9 0x00007f3a29b58a07 in KWin::Application::lostSelection (this=0x7fff9305f890) at ../../kwin/main.cpp:354
[...]
#11 0x00007f3a2937fb13 in KSelectionOwner::filterEvent (this=0x7fff9305f8a8, ev_P=<optimized out>) at ../../kdeui/util/kmanagerselection.cpp:224
Relevant info from bug #305944 - best trace we have so far: #9 0x00007fbff8fa89f3 in KWin::Unmanaged::release (this=0x1b6c6a0, on_shutdown=true) at ../../kwin/unmanaged.cpp:89 --> watch the "this" pointer #8 0x00007fbff8fa7d5f in KWin::Toplevel::windowClosed (this=<optimized out>, _t1=0x1b6c6a0, _t2=0x0) at ./toplevel.moc:347 --> _t2 is ok to be NULL #7 QMetaObject::activate (sender=0x1b6c6a0, m=<optimized out>, local_signal_index=6, argv=0x7fffcead1b90) at kernel/qobject.cpp:3456 --> watch sender, matches Unmanaged this pointer #6 isSignalConnected (signal_index=8, this=0x0) at kernel/qobject_p.h:229 this is NULL, so segfault inevitable - BUT "this" is "sender->d_func()" options a) Qt bug b) dangeling Unmanaged pointer where (b) either means that the window is twice in the unmanaged list or the workspace deconstructor gets called twice. Could anybody halfwise reliably reproducing this crash compile in a short patch to monitor deconstructors and releases resp. try whether and how erasing the unmanaged list (on the run or after processing) fixes this? Sure, where's the patch? Many thanks but i spotted an apparent double delete on the first debug out - i'll check whether i can track that down and if not come back with a "fixes perhaps" patch later Created attachment 73676 [details]
Track unmanaged
No, sorry - gcc is just really good at re-using existing memory (and that's probably the "problem")
Attached is a patch that tracks memory usage by Unmanaged and aborts if there's an attempt to release a window that was not re/created
However, i got some crash messages in konsole (w/o DrKonqui, though) and those seem to have gone after the first of the following patches.
Created attachment 73677 [details]
Clear Unmanaged
This patch clears the unmanaged list after releasing all unmanaged windows in it and to correct my before observation: the compositor got auto-deactivated and reactivating it brought back the silent crashes
Nevertheless it may fix /this/ issue
Created attachment 73678 [details]
Erase unmanaged
Last patch for now. It *replaces* "clear unmanaged" with in loop erasing, this has no functional difference but might expose an issue in Qt (but i frankly doubt)
The two latter patches are orthogonal to the (quite talky) first one.
Just to make sure, want me to compile and try to repro the crash with these 3 patches, right? No, the last two ones are mutually exclusive. The one to initially test to fix the crash is "Clear Unmanaged" The "Track Unmanaged" adds much debug out and aborts before a double delete. so it will pot. give us more information esp. if "Clear Unmanaged" doesn' t work. "Erase Unmanaged" is just a wild shot catching a rare and unlikely incident in QList - i bet your right arm it will not fix anything that is not fixed by "Clear Unmanaged" as well. Created attachment 73685 [details]
Valgrind trace #1
This is the valgrind trace that leads to the crash with both unpatched and "Clear unmanaged"
Created attachment 73686 [details]
Valgrind trace #2
This is the valgrind trace with the "Erase unmanaged" patch applied (you crashed valgrind!)
Created attachment 73687 [details]
Output with Track patch
Created attachment 73723 [details]
test Unmanaged pointer on shutdown
Ok, thanks - crashing valgrind looks more than suspicious to me (ie. i doubt that this is a simple heap invalidation)
However, attached is another patch that tries to access the Unmanaged pointer on shutdown so we can figure whether the unmanaged pointer dangles or this is a deeper issue (if the object is sane, but the d_ptr is NULL there should be sth. _severely_ broken, yesno?!)
Btw: i only have an unmanaged window if i explicitly show a tooltip when restarting kwin (or another WM) so i wonder whether there's maybe some notification system or similar kicking in here (since you seem to get this bug on every shutdown/replace, correct?)
Maybe it is a double free? Yes, i can reproduce this all the time by just starting kwin and then starting unity (which replaces the window manager) testing pointer sanity of 0x1b06cb20 seems sane testing pointer sanity of 0x18746930 seems sane testing pointer sanity of 0x1b193d10 seems sane testing pointer sanity of 0x1c591070 seems sane testing pointer sanity of 0x1e82c920 seems sane testing pointer sanity of 0x1e8991f0 seems sane testing pointer sanity of 0x1ebcffc0 seems sane testing pointer sanity of 0x21398b40 seems sane testing pointer sanity of 0x21398b40 ==8256== Invalid read of size 4 ==8256== at 0x95A8390: QRect::contains(QPoint const&, bool) const (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.2) ==8256== by 0x4F0D83D: KWin::Unmanaged::release(bool) (unmanaged.cpp:92) ==8256== by 0x4E73509: KWin::Workspace::~Workspace() (workspace.cpp:537) ==8256== by 0x4E73B1D: KWin::Workspace::~Workspace() (workspace.cpp:564) ==8256== by 0x4EAE31C: KWin::Application::lostSelection() (main.cpp:354) ==8256== by 0x4EAF57C: KWin::Application::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (main.moc:51) ==8256== by 0x968A31E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.2) ==8256== by 0x582FB12: KSelectionOwner::filterEvent(_XEvent*) (kmanagerselection.cpp:224) ==8256== by 0x57CF83D: KApplication::x11EventFilter(_XEvent*) (kapplication.cpp:918) ==8256== by 0x4EAE3A9: KWin::Application::x11EventFilter(_XEvent*) (main.cpp:364) ==8256== by 0x9C0459B: qt_x11EventFilter(_XEvent*) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.2) ==8256== by 0x9C1453F: QApplication::x11ProcessEvent(_XEvent*) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.2) ==8256== Address 0x21398b50 is 16 bytes inside a block of size 208 free'd ==8256== at 0x4C2A4BC: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==8256== by 0x4F0D4BF: KWin::Unmanaged::~Unmanaged() (unmanaged.cpp:40) ==8256== by 0x4F0D9E0: KWin::Unmanaged::deleteUnmanaged(KWin::Unmanaged*, KWin::allowed_t) (unmanaged.cpp:113) ==8256== by 0x4F0D9AB: KWin::Unmanaged::release(bool) (unmanaged.cpp:108) ==8256== by 0x4E73509: KWin::Workspace::~Workspace() (workspace.cpp:537) ==8256== by 0x4E73B1D: KWin::Workspace::~Workspace() (workspace.cpp:564) ==8256== by 0x4EAE31C: KWin::Application::lostSelection() (main.cpp:354) ==8256== by 0x4EAF57C: KWin::Application::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (main.moc:51) ==8256== by 0x968A31E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.2) ==8256== by 0x582FB12: KSelectionOwner::filterEvent(_XEvent*) (kmanagerselection.cpp:224) ==8256== by 0x57CF83D: KApplication::x11EventFilter(_XEvent*) (kapplication.cpp:918) ==8256== by 0x4EAE3A9: KWin::Application::x11EventFilter(_XEvent*) (main.cpp:364) ==8256== ==8256== Invalid read of size 4 ==8256== at 0x95A8392: QRect::contains(QPoint const&, bool) const (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.2) ==8256== by 0x4F0D83D: KWin::Unmanaged::release(bool) (unmanaged.cpp:92) ==8256== by 0x4E73509: KWin::Workspace::~Workspace() (workspace.cpp:537) ==8256== by 0x4E73B1D: KWin::Workspace::~Workspace() (workspace.cpp:564) ==8256== by 0x4EAE31C: KWin::Application::lostSelection() (main.cpp:354) ==8256== by 0x4EAF57C: KWin::Application::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (main.moc:51) ==8256== by 0x968A31E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.2) ==8256== by 0x582FB12: KSelectionOwner::filterEvent(_XEvent*) (kmanagerselection.cpp:224) ==8256== by 0x57CF83D: KApplication::x11EventFilter(_XEvent*) (kapplication.cpp:918) ==8256== by 0x4EAE3A9: KWin::Application::x11EventFilter(_XEvent*) (main.cpp:364) ==8256== by 0x9C0459B: qt_x11EventFilter(_XEvent*) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.2) ==8256== by 0x9C1453F: QApplication::x11ProcessEvent(_XEvent*) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.2) ==8256== Address 0x21398b58 is 24 bytes inside a block of size 208 free'd ==8256== at 0x4C2A4BC: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==8256== by 0x4F0D4BF: KWin::Unmanaged::~Unmanaged() (unmanaged.cpp:40) ==8256== by 0x4F0D9E0: KWin::Unmanaged::deleteUnmanaged(KWin::Unmanaged*, KWin::allowed_t) (unmanaged.cpp:113) ==8256== by 0x4F0D9AB: KWin::Unmanaged::release(bool) (unmanaged.cpp:108) ==8256== by 0x4E73509: KWin::Workspace::~Workspace() (workspace.cpp:537) ==8256== by 0x4E73B1D: KWin::Workspace::~Workspace() (workspace.cpp:564) ==8256== by 0x4EAE31C: KWin::Application::lostSelection() (main.cpp:354) ==8256== by 0x4EAF57C: KWin::Application::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (main.moc:51) ==8256== by 0x968A31E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.2) ==8256== by 0x582FB12: KSelectionOwner::filterEvent(_XEvent*) (kmanagerselection.cpp:224) ==8256== by 0x57CF83D: KApplication::x11EventFilter(_XEvent*) (kapplication.cpp:918) ==8256== by 0x4EAE3A9: KWin::Application::x11EventFilter(_XEvent*) (main.cpp:364) ==8256== seems sane ==8256== Invalid read of size 8 ==8256== at 0x968A0B5: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.2) ==8256== by 0x4F0D06C: KWin::Toplevel::windowClosed(KWin::Toplevel*, KWin::Deleted*) (toplevel.moc:354) ==8256== by 0x4F0D882: KWin::Unmanaged::release(bool) (unmanaged.cpp:95) ==8256== by 0x4E73509: KWin::Workspace::~Workspace() (workspace.cpp:537) ==8256== by 0x4E73B1D: KWin::Workspace::~Workspace() (workspace.cpp:564) ==8256== by 0x4EAE31C: KWin::Application::lostSelection() (main.cpp:354) ==8256== by 0x4EAF57C: KWin::Application::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (main.moc:51) ==8256== by 0x968A31E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.2) ==8256== by 0x582FB12: KSelectionOwner::filterEvent(_XEvent*) (kmanagerselection.cpp:224) ==8256== by 0x57CF83D: KApplication::x11EventFilter(_XEvent*) (kapplication.cpp:918) ==8256== by 0x4EAE3A9: KWin::Application::x11EventFilter(_XEvent*) (main.cpp:364) ==8256== by 0x9C0459B: qt_x11EventFilter(_XEvent*) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.2) ==8256== Address 0x21398b48 is 8 bytes inside a block of size 208 free'd ==8256== at 0x4C2A4BC: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==8256== by 0x4F0D4BF: KWin::Unmanaged::~Unmanaged() (unmanaged.cpp:40) ==8256== by 0x4F0D9E0: KWin::Unmanaged::deleteUnmanaged(KWin::Unmanaged*, KWin::allowed_t) (unmanaged.cpp:113) ==8256== by 0x4F0D9AB: KWin::Unmanaged::release(bool) (unmanaged.cpp:108) ==8256== by 0x4E73509: KWin::Workspace::~Workspace() (workspace.cpp:537) ==8256== by 0x4E73B1D: KWin::Workspace::~Workspace() (workspace.cpp:564) ==8256== by 0x4EAE31C: KWin::Application::lostSelection() (main.cpp:354) ==8256== by 0x4EAF57C: KWin::Application::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (main.moc:51) ==8256== by 0x968A31E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.2) ==8256== by 0x582FB12: KSelectionOwner::filterEvent(_XEvent*) (kmanagerselection.cpp:224) ==8256== by 0x57CF83D: KApplication::x11EventFilter(_XEvent*) (kapplication.cpp:918) ==8256== by 0x4EAE3A9: KWin::Application::x11EventFilter(_XEvent*) (main.cpp:364) ==8256== ==8256== Invalid read of size 4 ==8256== at 0x968A0C9: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.2) ==8256== by 0x4F0D06C: KWin::Toplevel::windowClosed(KWin::Toplevel*, KWin::Deleted*) (toplevel.moc:354) ==8256== by 0x4F0D882: KWin::Unmanaged::release(bool) (unmanaged.cpp:95) ==8256== by 0x4E73509: KWin::Workspace::~Workspace() (workspace.cpp:537) ==8256== by 0x4E73B1D: KWin::Workspace::~Workspace() (workspace.cpp:564) ==8256== by 0x4EAE31C: KWin::Application::lostSelection() (main.cpp:354) ==8256== by 0x4EAF57C: KWin::Application::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (main.moc:51) ==8256== by 0x968A31E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.2) ==8256== by 0x582FB12: KSelectionOwner::filterEvent(_XEvent*) (kmanagerselection.cpp:224) ==8256== by 0x57CF83D: KApplication::x11EventFilter(_XEvent*) (kapplication.cpp:918) ==8256== by 0x4EAE3A9: KWin::Application::x11EventFilter(_XEvent*) (main.cpp:364) ==8256== by 0x9C0459B: qt_x11EventFilter(_XEvent*) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.2) ==8256== Address 0x60 is not stack'd, malloc'd or (recently) free'd ==8256== Application::crashHandler() called with signal 11; recent crashes: 1 KCrash: Application 'kwin' crashing... KCrash: Attempting to start /usr/lib/kde4/libexec/drkonqi from kdeinit QDBusConnection: session D-Bus connection created before QCoreApplication. Application may misbehave. ==8256== Invalid read of size 4 ==8256== at 0x5829FA0: startFromKdeinit(int, char const**) (kcrash.cpp:781) ==8256== by 0x582AA25: KCrash::startProcess(int, char const**, bool) (kcrash.cpp:537) ==8256== by 0x582AE30: KCrash::defaultCrashHandler(int) (kcrash.cpp:435) ==8256== by 0x521E47F: ??? (in /lib/x86_64-linux-gnu/libc-2.15.so) ==8256== by 0x968A0C8: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.2) ==8256== by 0x4F0D06C: KWin::Toplevel::windowClosed(KWin::Toplevel*, KWin::Deleted*) (toplevel.moc:354) ==8256== by 0x4F0D882: KWin::Unmanaged::release(bool) (unmanaged.cpp:95) ==8256== by 0x4E73509: KWin::Workspace::~Workspace() (workspace.cpp:537) ==8256== by 0x4E73B1D: KWin::Workspace::~Workspace() (workspace.cpp:564) ==8256== by 0x4EAE31C: KWin::Application::lostSelection() (main.cpp:354) ==8256== by 0x4EAF57C: KWin::Application::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (main.moc:51) ==8256== by 0x968A31E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.2) ==8256== Address 0x1b219590 is 0 bytes inside a block of size 3 alloc'd ==8256== at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==8256== by 0x5829F00: startFromKdeinit(int, char const**) (kcrash.cpp:660) ==8256== by 0x582AA25: KCrash::startProcess(int, char const**, bool) (kcrash.cpp:537) ==8256== by 0x582AE30: KCrash::defaultCrashHandler(int) (kcrash.cpp:435) ==8256== by 0x521E47F: ??? (in /lib/x86_64-linux-gnu/libc-2.15.so) ==8256== by 0x968A0C8: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.2) ==8256== by 0x4F0D06C: KWin::Toplevel::windowClosed(KWin::Toplevel*, KWin::Deleted*) (toplevel.moc:354) ==8256== by 0x4F0D882: KWin::Unmanaged::release(bool) (unmanaged.cpp:95) ==8256== by 0x4E73509: KWin::Workspace::~Workspace() (workspace.cpp:537) ==8256== by 0x4E73B1D: KWin::Workspace::~Workspace() (workspace.cpp:564) ==8256== by 0x4EAE31C: KWin::Application::lostSelection() (main.cpp:354) ==8256== by 0x4EAF57C: KWin::Application::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (main.moc:51) ==8256== Created attachment 73742 [details]
Track adding
testing pointer sanity of 0x21398b40
seems sane
testing pointer sanity of 0x21398b40
==8256== Invalid read of size 4
An etry is twice in the list, so yes - clearly a double free.
New attachment tracks adding of unmanaged and if a present pointer is attempted to be added to the list, the code aborts and tries to provide as much info as possible about the unmanaged (while most fields will likely be junk)
Let's hope the backtrace tells us about what causes the double add. (but the reason will be that there two mapnotify events w/o an unmap notification inbetween...)
The former tracking patch however did not suggest so (or at least i can't see)
Nope, never triggers Created attachment 73745 [details]
Fix releasing unmanaged windows
Thanks alot.
The list is corrupted during the pass because Unmanaged::releaseWindow unlike Cient::releaseWindow manipulates it onShutdown
please for a final try confirm that the new patch fixes the issue.
Yes, that fixes the crashes and valgrind warnings for me when replacity kwin with unity/compiz New and better RR https://git.reviewboard.kde.org/r/106382/ *** Bug 306597 has been marked as a duplicate of this bug. *** *** Bug 306715 has been marked as a duplicate of this bug. *** Created attachment 73949 [details]
New crash information added by DrKonqi
kwin (4.9.1) on KDE Platform 4.9.1 using Qt 4.8.2
- What I was doing when the application crashed:
15 sept 2012 shutting down latest pushed version of kwin and it crashed
-- Backtrace (Reduced):
#7 0x00007f304a1fcf7f in KWin::Toplevel::windowClosed (this=<optimized out>, _t1=0x10723c0, _t2=0x0) at ./toplevel.moc:354
#8 0x00007f304a1fdc63 in KWin::Unmanaged::release (this=0x10723c0, on_shutdown=true) at ../../kwin/unmanaged.cpp:89
#9 0x00007f304a18ec22 in KWin::Workspace::~Workspace (this=0x8a7fa0, __in_chrg=<optimized out>) at ../../kwin/workspace.cpp:537
#10 0x00007f304a18f469 in KWin::Workspace::~Workspace (this=0x8a7fa0, __in_chrg=<optimized out>) at ../../kwin/workspace.cpp:564
#11 0x00007f304a1aac95 in KWin::Application::~Application (this=0x7fff2955a170, __in_chrg=<optimized out>) at ../../kwin/main.cpp:343
Git commit f90b52838b1bc35d580935cd4aa64fc12792f501 by Thomas Lübking. Committed on 14/09/2012 at 16:10. Pushed by luebking into branch 'KDE/4.9'. Do not unlist Unmanaged when released onShutdown FIXED-IN: 4.9.2 REVIEW: 106382 M +1 -1 kwin/unmanaged.cpp http://commits.kde.org/kde-workspace/f90b52838b1bc35d580935cd4aa64fc12792f501 |