Bug 304620

Summary: KWin crashes when alt-tabbing after plasma crash
Product: [Plasma] kwin Reporter: Franz Trischberger <franz.trischberger>
Component: tabboxAssignee: Martin Flöser <mgraesslin>
Status: RESOLVED FIXED    
Severity: crash CC: kwin-bugs-null, matthew
Priority: NOR Flags: mgraesslin: ReviewRequest+
Version: 4.9.0   
Target Milestone: 4.9.1   
Platform: Compiled Sources   
OS: Linux   
URL: https://git.reviewboard.kde.org/r/105935/
Latest Commit: http://commits.kde.org/kde-workspace/ee12ed430639afbfce3e5e6904b850abbf31f3f1 Version Fixed In: 4.9.1
Sentry Crash Report:

Description Franz Trischberger 2012-08-05 14:53:17 UTC 
Application: kwin (4.9.00)
KDE Platform Version: 4.9.00 (Compiled from sources)
Qt Version: 4.8.2
Operating System: Linux 3.5.0-gentoo x86_64
Distribution: "Gentoo Base System release 2.1"

-- Information about the crash:
- What I was doing when the application crashed:
1) make sure there is no visible application open on your workspace (none open at all or all minimized)
2) make plasma-desktop crash or just kill it
3) ALT+TAB

The crash can be reproduced every time.

-- Backtrace:
Application: KWin (kwin), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
[Current thread is 1 (Thread 0x7fc76be08780 (LWP 2580))]

Thread 3 (Thread 0x7fc767454700 (LWP 2584)):
#0  0x00007fc7789ef0eb in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007fc778c8109f in wait (time=30000, this=0x1ebab60) at thread/qwaitcondition_unix.cpp:84
#2  QWaitCondition::wait (this=<optimized out>, mutex=0x1f61078, time=30000) at thread/qwaitcondition_unix.cpp:158
#3  0x00007fc778c74f8f in QThreadPoolThread::run (this=0x1fd5a90) at concurrent/qthreadpool.cpp:141
#4  0x00007fc778c80c3b in QThreadPrivate::start (arg=0x1fd5a90) at thread/qthread_unix.cpp:307
#5  0x00007fc7789eae2c in start_thread () from /lib64/libpthread.so.0
#6  0x00007fc77d1714ad in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 2 (Thread 0x7fc75f7e6700 (LWP 2589)):
#0  0x00007fc7789eed6c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007fc77a020582 in QTWTF::TCMalloc_PageHeap::scavengerThread (this=0x7fc77a2f3e20) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:2359
#2  0x00007fc77a0205b9 in QTWTF::TCMalloc_PageHeap::runScavengerThread (context=<optimized out>) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:1464
#3  0x00007fc7789eae2c in start_thread () from /lib64/libpthread.so.0
#4  0x00007fc77d1714ad in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 1 (Thread 0x7fc76be08780 (LWP 2580)):
[KCrash Handler]
#6  0x00007fc77d523a49 in updateOutline (this=0x1f6bbc0) at /var/tmp/paludis/kde-base-kwin-4.9.0/work/kwin-4.9.0/kwin/tabbox/tabboxhandler.cpp:128
#7  KWin::TabBox::TabBoxHandlerPrivate::updateOutline (this=0x1f6bbc0) at /var/tmp/paludis/kde-base-kwin-4.9.0/work/kwin-4.9.0/kwin/tabbox/tabboxhandler.cpp:118
#8  0x00007fc77d523cf9 in KWin::TabBox::TabBoxHandler::show (this=0x1d91260) at /var/tmp/paludis/kde-base-kwin-4.9.0/work/kwin-4.9.0/kwin/tabbox/tabboxhandler.cpp:245
#9  0x00007fc77d51d4bd in qt_static_metacall (_a=<optimized out>, _id=<optimized out>, _o=<optimized out>, _c=<optimized out>) at /var/tmp/paludis/kde-base-kwin-4.9.0/work/kwin-4.9.0_build/kwin/tabbox.moc:139
#10 KWin::TabBox::TabBox::qt_static_metacall (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at /var/tmp/paludis/kde-base-kwin-4.9.0/work/kwin-4.9.0_build/kwin/tabbox.moc:128
#11 0x00007fc778d909f9 in QMetaObject::activate (sender=0x1f6b888, m=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3547
#12 0x00007fc778d957f9 in QObject::event (this=0x1f6b888, e=<optimized out>) at kernel/qobject.cpp:1157
#13 0x00007fc777f15bc4 in notify_helper (e=0x7fff18f2c7e0, receiver=0x1f6b888, this=0x1d8dc00) at kernel/qapplication.cpp:4551
#14 QApplicationPrivate::notify_helper (this=0x1d8dc00, receiver=0x1f6b888, e=0x7fff18f2c7e0) at kernel/qapplication.cpp:4523
#15 0x00007fc777f1b281 in QApplication::notify (this=0x7fff18f2cbc0, receiver=0x1f6b888, e=0x7fff18f2c7e0) at kernel/qapplication.cpp:3933
#16 0x00007fc77cc5c486 in KApplication::notify (this=0x7fff18f2cbc0, receiver=0x1f6b888, event=0x7fff18f2c7e0) at /var/tmp/paludis/kde-base-kdelibs-4.9.0/work/kdelibs-4.9.0/kdeui/kernel/kapplication.cpp:311
#17 0x00007fc778d7d04c in QCoreApplication::notifyInternal (this=0x7fff18f2cbc0, receiver=0x1f6b888, event=0x7fff18f2c7e0) at kernel/qcoreapplication.cpp:915
#18 0x00007fc778dad2d2 in sendEvent (event=0x7fff18f2c7e0, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#19 QTimerInfoList::activateTimers (this=0x1d8e5f8) at kernel/qeventdispatcher_unix.cpp:611
#20 0x00007fc778dadd94 in QEventDispatcherUNIX::processEvents (this=0x1d31ad0, flags=...) at kernel/qeventdispatcher_unix.cpp:930
#21 0x00007fc777fb8216 in QEventDispatcherX11::processEvents (this=0x1d31ad0, flags=...) at kernel/qeventdispatcher_x11.cpp:152
#22 0x00007fc778d7bbb2 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#23 0x00007fc778d7be07 in QEventLoop::exec (this=0x7fff18f2cb40, flags=...) at kernel/qeventloop.cpp:204
#24 0x00007fc778d80af5 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1187
#25 0x00007fc77d487663 in kdemain (argc=<optimized out>, argv=<optimized out>) at /var/tmp/paludis/kde-base-kwin-4.9.0/work/kwin-4.9.0/kwin/main.cpp:545
#26 0x00007fc77d0bb38d in __libc_start_main (main=0x400760 <main(int, char**)>, argc=1, ubp_av=0x7fff18f2d2b8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff18f2d2a8) at libc-start.c:226
#27 0x0000000000400791 in _start () at ../sysdeps/x86_64/elf/start.S:113

Reported using DrKonqi
Comment 1 Thomas Lübking 2012-08-05 17:11:37 UTC 
I'd say it happens because the tabbox is not build [1] and we also don't enter "empty tabbox" mode

[1] clientmodel.cpp:190 TabBoxClient* c = tabBox->nextClientFocusChain(start).data(); is null

@Martin
Proposal: in case the focus chain returns 0, we could just fall through to the stacking order?

Semi-related observations:
a) it does not seem possible to effectively select StackingOrder (it's not the GUI, the config is updated)

b) i don't understand this:
TabBoxClient* c = tabBox->nextClientFocusChain(start).data();
gets called for sure, but
Client* TabBox::nextClientFocusChain(Client* c) const seems not (i added debug out there) in the empty(?) focus chain case (otherwise yes)
Comment 2 Martin Flöser 2012-08-17 15:54:48 UTC 
Git commit ee12ed430639afbfce3e5e6904b850abbf31f3f1 by Martin Gräßlin.
Committed on 08/08/2012 at 22:28.
Pushed by graesslin into branch 'KDE/4.9'.

Verify QVariant is valid before casting to Client*

If the ClientModel does not contain any Clients, which can
happen if there is no desktop window, accessing the data of a
ModelIndex returns an invalid QVariant. Because of that it
needs to be ensured that the QVariant is valid before trying to
cast it to a Client Pointer.
FIXED-IN: 4.9.1
REVIEW: 105935

M  +5    -1    kwin/tabbox/tabboxhandler.cpp
M  +18   -0    kwin/tabbox/tests/CMakeLists.txt
A  +55   -0    kwin/tabbox/tests/test_tabbox_handler.cpp     [License: GPL (v2)]

http://commits.kde.org/kde-workspace/ee12ed430639afbfce3e5e6904b850abbf31f3f1
Comment 3 Martin Flöser 2012-10-12 13:51:08 UTC 
*** Bug 308294 has been marked as a duplicate of this bug. ***