Bug 350708

Summary: kwin crashes when starting tvtime
Product: [Frameworks and Libraries] frameworks-kwindowsystem Reporter: Wolfgang Bauer <wbauer1>
Component: generalAssignee: Martin Flöser <mgraesslin>
Status: RESOLVED DUPLICATE    
Severity: normal CC: kdelibs-bugs-null, keel_lambert
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
See Also: https://bugs.kde.org/show_bug.cgi?id=350173
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Wolfgang Bauer 2015-07-28 13:13:09 UTC 
When starting tvtime (http://tvtime.sourceforge.net/) in a Plasma5 session, the graphics display freezes immediately.
The only way to fix the freeze is to switch to a text console and kill kwin_x11, tvtime actually shows its "window" (without decorations of course) and works then.

Last output of kwin when run in a terminal window:
QXcbWindow: Unhandled client message: "KWM_KEEP_ON_TOP"
Application::crashHandler() called with signal 11; recent crashes: 1
KCrash: Application 'kwin_x11' crashing...
KCrash: Attempting to start /usr/lib64/libexec/drkonqi from kdeinit


Reproducible: Always

Steps to Reproduce:
1. Login to a Plasma5 session with kwin as window manager
2. Run tvtime


Actual Results:  
The display freezes and is not updated any more before tvtime even opens a window. You can move the mouse pointer, but not interact with anything.

Expected Results:  
tvtime's window shows up, the desktop session is still usable.

As you might guess from the output, the freeze is actually caused by drkonqi it seems (probably worth another bug report?). After disabling it (KDE_DEBUG=1), kwin tries to restart and crashes again a few times, and finally gives up with an offer to change to a different window manager.

Disabling compositing makes no difference, and it doesn't seem to be related to the graphics driver either (I can reproduce this with intel and radeon, and another user reported it with nouveau).
It also makes no difference whether you start tvtime in fullscreen or windowed mode.

tvtime works fine inside a KDE4 session, or in a Plasma5 session with kwin 4.11.20.  This is a regression in kwin 5.x.

gdb backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x00007fd81a0bcf0b in __memcpy_sse2_unaligned () from /lib64/libc.so.6
(gdb) bt
#0  0x00007fd81a0bcf0b in __memcpy_sse2_unaligned () at /lib64/libc.so.6
#1  0x00007fd8197b9051 in NETWinInfo::update(QFlags<NET::Property>, QFlags<NET::Property2>) (__len=204010948, __src=0x7fd7fc005ff8, __dest=<optimized out>)
    at /usr/include/bits/string3.h:51
#2  0x00007fd8197b9051 in NETWinInfo::update(QFlags<NET::Property>, QFlags<NET::Property2>) (icon_count=@0x1c4a3f0: 34, icons=..., cookie=..., c=<optimized out>) at /usr/src/debug/kwindowsystem-5.12.0/src/netwm.cpp:563
#3  0x00007fd8197b9051 in NETWinInfo::update(QFlags<NET::Property>, QFlags<NET::Property2>) (this=0x19f12b0, dirtyProperties=..., dirtyProperties2=...)
    at /usr/src/debug/kwindowsystem-5.12.0/src/netwm.cpp:4471
#4  0x00007fd819c82a17 in KWin::WinInfo::WinInfo(KWin::Client*, unsigned int, unsigned int, QFlags<NET::Property>, QFlags<NET::Property2>) (this=0x19f12b0, c=
    0x1e80a50, window=25165825, rwin=<optimized out>, properties=..., properties2=...) at /usr/src/debug/kwin-5.3.2/netinfo.cpp:233
#5  0x00007fd819cb5053 in KWin::Client::manage(unsigned int, bool) (this=this@entry=0x1e80a50, w=w@entry=25165825, isMapped=isMapped@entry=false)
    at /usr/src/debug/kwin-5.3.2/manage.cpp:111
#6  0x00007fd819c5b93d in KWin::Workspace::createClient(unsigned int, bool) (this=this@entry=0x1ab6cd0, w=25165825, is_mapped=is_mapped@entry=false)
    at /usr/src/debug/kwin-5.3.2/workspace.cpp:440
#7  0x00007fd819c9f283 in KWin::Workspace::workspaceEvent(xcb_generic_event_t*) (this=0x1ab6cd0, e=0x7fd7fc001d10) at /usr/src/debug/kwin-5.3.2/events.cpp:419
#8  0x00007fd8181a4490 in QAbstractEventDispatcher::filterNativeEvent(QByteArray const&, void*, long*) (this=this@entry=
    0x1a0c6e0, eventType=..., message=message@entry=0x7fd7fc001d10, result=result@entry=0x7ffcdad0cd78) at kernel/qabstracteventdispatcher.cpp:460
#9  0x00007fd804ba4f3d in QXcbConnection::handleXcbEvent(xcb_generic_event_t*) (this=this@entry=0x19c8fb0, event=event@entry=0x7fd7fc001d10)
    at qxcbconnection.cpp:864
#10 0x00007fd804ba629b in QXcbConnection::processXcbEvents() (this=0x19c8fb0)
    at qxcbconnection.cpp:1356
#11 0x00007fd8181d7946 in QObject::event(QEvent*) (this=0x19c8fb0, e=<optimized out>) at kernel/qobject.cpp:1245
#12 0x00007fd818e66bac in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=this@entry=0x19be7d0, receiver=receiver@entry=0x19c8fb0, e=e@entry=
    0x7fd7fc001f00) at kernel/qapplication.cpp:3720
#13 0x00007fd818e6ba00 in QApplication::notify(QObject*, QEvent*) (this=
    0x7ffcdad0d4d0, receiver=0x19c8fb0, e=0x7fd7fc001f00)
    at kernel/qapplication.cpp:3503
#14 0x00007fd8181a72b5 in QCoreApplication::notifyInternal(QObject*, QEvent*) (this=0x7ffcdad0d4d0, receiver=0x19c8fb0, event=event@entry=0x7fd7fc001f00)
    at kernel/qcoreapplication.cpp:935
#15 0x00007fd8181a914f in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (event=0x7fd7fc001f00, receiver=<optimized out>)
    at kernel/qcoreapplication.h:228
#16 0x00007fd8181a914f in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x19ad5b0) at kernel/qcoreapplication.cpp:1552
#17 0x00007fd8181fc744 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x1a0c6e0, flags=flags@entry=...)
    at kernel/qeventdispatcher_unix.cpp:579
#18 0x00007fd804bfa51d in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=...)
    at eventdispatchers/qunixeventdispatcher.cpp:62
#19 0x00007fd8181a521b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffcdad0d400, flags=..., flags@entry=...)
    at kernel/qeventloop.cpp:204
#20 0x00007fd8181ac886 in QCoreApplication::exec() ()
    at kernel/qcoreapplication.cpp:1188
#21 0x00007fd8186d50cc in QGuiApplication::exec() ()
    at kernel/qguiapplication.cpp:1507
#22 0x00007fd818e63275 in QApplication::exec() ()
    at kernel/qapplication.cpp:2956
#23 0x00007fd81a3d9638 in kdemain(int, char**) (argc=3, argv=0x7ffcdad0d638)
    at /usr/src/debug/kwin-5.3.2/main_x11.cpp:301
#24 0x00007fd81a04eb05 in __libc_start_main () at /lib64/libc.so.6
#25 0x000000000040085e in _start () at ../sysdeps/x86_64/start.S:122
Comment 1 Thomas Lübking 2015-07-28 13:36:17 UTC 
Could easily be bug #350173, but I'm a bit worried on the idea that so many clients would put junk there.

https://git.reviewboard.kde.org/r/124354/
but the patch has a bug itself (needs to be more like "j + width*height > reply->value_len")
Comment 2 Wolfgang Bauer 2015-07-28 16:00:31 UTC 
(In reply to Thomas Lübking from comment #1)
> Could easily be bug #350173, but I'm a bit worried on the idea that so many
> clients would put junk there.

Yes, looks like it.
And xprop seems to "confirm" it too:
...
_NET_WM_ICON(CARDINAL) = xprop: error: Out of memory!

> https://git.reviewboard.kde.org/r/124354/
That patch does indeed fix the crash.

So I suppose we can close this as duplicate...

> but the patch has a bug itself (needs to be more like "j + width*height > reply->value_len")
You mean in line#558? Yes, I agree.

So I suppose we can close this as duplicate...

*** This bug has been marked as a duplicate of bug 350173 ***