Bug 351724

Summary: kwin crash when executing ctrl-f11 to activate "Desktop Grid" effect (possibly multiscreen related)
Product: [Plasma] kwin Reporter: smkr <steve.mckuhr>
Component: effects-variousAssignee: KWin default assignee <kwin-bugs-null>
Status: RESOLVED FIXED    
Severity: crash Keywords: drkonqi
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Fedora RPMs   
OS: Linux   
Latest Commit: http://commits.kde.org/kwin/57f8c6d5f88cfb05945d8a2837ed0cec3218e2f9 Version Fixed In: 5.4.2
Sentry Crash Report:

Description smkr 2015-08-24 21:10:31 UTC 
Application: kwin (4.11.18)
KDE Platform Version: 4.14.9
Qt Version: 4.8.6
Operating System: Linux 4.1.3-100.fc21.x86_64 x86_64
Distribution: "Fedora release 21 (Twenty One)"

-- Information about the crash:
- What I was doing when the application crashed: as the title says I pressed Ctrl-F11 to display the Desktop Grid.

The crash does not seem to be reproducible.

-- Backtrace:
Application: KWin (kwin), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
81	T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
[Current thread is 1 (Thread 0x7fcf59151900 (LWP 2821))]

Thread 2 (Thread 0x7fcf2e894700 (LWP 2867)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007fcf5813049a in QTWTF::TCMalloc_PageHeap::scavengerThread (this=0x7fcf58435f80 <QTWTF::pageheap_memory>) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:2359
#2  0x00007fcf581304c9 in QTWTF::TCMalloc_PageHeap::runScavengerThread (context=<optimized out>) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:1464
#3  0x00007fcf5287052a in start_thread (arg=0x7fcf2e894700) at pthread_create.c:310
#4  0x00007fcf5099a22d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 1 (Thread 0x7fcf59151900 (LWP 2821)):
[KCrash Handler]
#6  0x00007fcf2c131b47 in KWin::PresentWindowsEffect::calculateWindowTransformationsClosest(QList<KWin::EffectWindow*>, int, KWin::WindowMotionManager&) [clone .part.127] () from /usr/lib64/kde4/kwin4_effect_builtins.so
#7  0x00007fcf2c1327b5 in KWin::PresentWindowsEffect::calculateWindowTransformations(QList<KWin::EffectWindow*>, int, KWin::WindowMotionManager&, bool) () from /usr/lib64/kde4/kwin4_effect_builtins.so
#8  0x00007fcf2c139145 in KWin::PresentWindowsEffectProxy::calculateWindowTransformations(QList<KWin::EffectWindow*>, int, KWin::WindowMotionManager&) () from /usr/lib64/kde4/kwin4_effect_builtins.so
#9  0x00007fcf2c14573b in KWin::DesktopGridEffect::setup() [clone .part.108] () from /usr/lib64/kde4/kwin4_effect_builtins.so
#10 0x00007fcf2c1477d5 in KWin::DesktopGridEffect::setActive(bool) () from /usr/lib64/kde4/kwin4_effect_builtins.so
#11 0x00007fcf52c1fd9c in QMetaObject::activate (sender=sender@entry=0x1674f70, m=m@entry=0x7fcf5282c5c0 <QAction::staticMetaObject>, local_signal_index=local_signal_index@entry=1, argv=argv@entry=0x7ffea999ced0) at kernel/qobject.cpp:3567
#12 0x00007fcf51d3c792 in QAction::triggered (this=this@entry=0x1674f70, _t1=false) at .moc/release-shared/moc_qaction.cpp:276
#13 0x00007fcf51d3e317 in QAction::activate (this=this@entry=0x1674f70, event=event@entry=QAction::Trigger) at kernel/qaction.cpp:1257
#14 0x00007fcf53974c9f in trigger (this=0x1674f70) at /usr/include/QtGui/qaction.h:218
#15 KGlobalAccelPrivate::_k_invokeAction (this=<optimized out>, componentUnique=..., actionUnique=..., timestamp=350514484) at /usr/src/debug/kdelibs-4.14.9/kdeui/shortcuts/kglobalaccel.cpp:449
#16 0x00007fcf52c1fd9c in QMetaObject::activate (sender=0xa62cc0, m=m@entry=0x7fcf53d68b80 <OrgKdeKglobalaccelComponentInterface::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffea999d0e0) at kernel/qobject.cpp:3567
#17 0x00007fcf53a87c69 in OrgKdeKglobalaccelComponentInterface::globalShortcutPressed (this=<optimized out>, _t1=..., _t2=..., _t3=350514484) at /usr/src/debug/kdelibs-4.14.9/x86_64-redhat-linux-gnu/kdeui/kglobalaccel_component_interface.moc:163
#18 0x00007fcf53a87e44 in OrgKdeKglobalaccelComponentInterface::qt_static_metacall (_o=_o@entry=0xa62cc0, _id=_id@entry=0, _a=_a@entry=0x7ffea999d390, _c=QMetaObject::InvokeMetaMethod) at /usr/src/debug/kdelibs-4.14.9/x86_64-redhat-linux-gnu/kdeui/kglobalaccel_component_interface.moc:74
#19 0x00007fcf53a882f5 in qt_static_metacall (_a=0x7ffea999d390, _id=0, _c=QMetaObject::InvokeMetaMethod, _o=0xa62cc0) at /usr/src/debug/kdelibs-4.14.9/x86_64-redhat-linux-gnu/kdeui/kglobalaccel_component_interface.moc:128
#20 OrgKdeKglobalaccelComponentInterface::qt_metacall (this=0xa62cc0, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x7ffea999d390) at /usr/src/debug/kdelibs-4.14.9/x86_64-redhat-linux-gnu/kdeui/kglobalaccel_component_interface.moc:129
#21 0x00007fcf52f98696 in QDBusConnectionPrivate::deliverCall (this=0x930560, object=0xa62cc0, msg=..., metaTypes=..., slotIdx=5) at qdbusintegrator.cpp:951
#22 0x00007fcf52c24491 in QObject::event (this=0xa62cc0, e=<optimized out>) at kernel/qobject.cpp:1222
#23 0x00007fcf51d42efc in QApplicationPrivate::notify_helper (this=this@entry=0x9352e0, receiver=receiver@entry=0xa62cc0, e=e@entry=0x2b942a0) at kernel/qapplication.cpp:4565
#24 0x00007fcf51d49958 in QApplication::notify (this=this@entry=0x7ffea999dbf0, receiver=receiver@entry=0xa62cc0, e=e@entry=0x2b942a0) at kernel/qapplication.cpp:4351
#25 0x00007fcf5392ee0a in KApplication::notify (this=0x7ffea999dbf0, receiver=0xa62cc0, event=0x2b942a0) at /usr/src/debug/kdelibs-4.14.9/kdeui/kernel/kapplication.cpp:311
#26 0x00007fcf52c0b22d in QCoreApplication::notifyInternal (this=0x7ffea999dbf0, receiver=receiver@entry=0xa62cc0, event=event@entry=0x2b942a0) at kernel/qcoreapplication.cpp:953
#27 0x00007fcf52c0e4f1 in sendEvent (event=0x2b942a0, receiver=0xa62cc0) at kernel/qcoreapplication.h:231
#28 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x8e1180) at kernel/qcoreapplication.cpp:1577
#29 0x00007fcf52c0e983 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0) at kernel/qcoreapplication.cpp:1470
#30 0x00007fcf51de68ec in sendPostedEvents () at ../../src/corelib/kernel/qcoreapplication.h:236
#31 QEventDispatcherX11::processEvents (this=0x8e2b00, flags=...) at kernel/qeventdispatcher_x11.cpp:75
#32 0x00007fcf52c09d81 in QEventLoop::processEvents (this=this@entry=0x7ffea999da60, flags=...) at kernel/qeventloop.cpp:149
#33 0x00007fcf52c0a0e5 in QEventLoop::exec (this=this@entry=0x7ffea999da60, flags=...) at kernel/qeventloop.cpp:204
#34 0x00007fcf52c0f7c9 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1225
#35 0x00007fcf58caf048 in kdemain () from /lib64/libkdeinit4_kwin.so
#36 0x00007fcf508b9fe0 in __libc_start_main (main=0x4009d0 <main>, argc=3, argv=0x7ffea999dd48, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffea999dd38) at libc-start.c:289
#37 0x00000000004009fe in _start ()

Possible duplicates by query: bug 326032.

Reported using DrKonqi
Comment 1 Thomas Lübking 2015-08-24 21:16:06 UTC 
How many screens do you have?
bug #314409
bug #326032
Comment 2 smkr 2015-08-24 22:35:02 UTC 
(In reply to Thomas Lübking from comment #1)
> How many screens do you have?

I have 2 monitors and 8 virtual desktops.

> bug #314409

That one appears to have been solved in 4.10.1. My Kwin is at:

   ~ $ rpm -q --changelog kwin | head
   * Tue Apr 28 2015 Rex Dieter <rdieter@fedoraproject.org> 4.11.18-3
   - revert "-devel: drop dep on kwin-gles-libs (#1188877)"

   * Mon Apr 27 2015 Rex Dieter <rdieter@fedoraproject.org> 4.11.18-2
   - -devel: Requires: kwin-libs (owner of libkdecorations.so symlink target)

   * Sun Apr 12 2015 Rex Dieter <rdieter@fedoraproject.org> 4.11.18-1
   - 4.11.18

   * Thu Mar 12 2015 Rex Dieter <rdieter@fedoraproject.org> 4.11.16-4
 
> bug #326032

Bug 326302 comment 7 says it was pushed to 4.11 branch but I can't find any 
reference in RedHat Bugzilla or package changelog. If there isn't any way to 
confirm that the fix made it in other than looking at sources I'll do that 
later on next week.


Much appreciated the time you put into this Thomas.
Comment 3 Thomas Lübking 2015-08-25 07:50:13 UTC 
The patches are in your version, I just wanted to know whether there might be "yet another uncaught multiscreen out of bounds access"
Comment 4 Thomas Lübking 2015-08-27 22:58:14 UTC 
I think it is because PresentWindowsEffect::screenCountChanged() is shortcut for "if (!isActive())", but the desktopgrid doesn't call PresentWindowsEffect::setActive (or at least PresentWindowsEffect::screenCountChanged), so the effect can "miss" the increasing screen count change (it sees the signal, but ignores it) and when desktopgrid calls it, it assumes the m_gridSizes array is big enough (but it isn't)

1. effects are loaded, 1 screen present
2. 2nd screen gets added, but inactive effects ignore that
3. desktop grid gets activated, updates according to screen count, calls presentwindows for screen #2
4. presentwindows data is only prepared for one screen from step 1 => booom
Comment 5 Thomas Lübking 2015-09-14 20:07:23 UTC 
Git commit 57f8c6d5f88cfb05945d8a2837ed0cec3218e2f9 by Thomas Lübking.
Committed on 14/09/2015 at 19:01.
Pushed by luebking into branch 'Plasma/5.4'.

recreate presentwindows grids from desktopgrid

Theory:
----------
because PresentWindowsEffect::screenCountChanged() is shortcut
for "if (!isActive())", but the desktopgrid doesn't call
PresentWindowsEffect::setActive (or at least
PresentWindowsEffect::screenCountChanged), so the effect can
"miss" the increasing screen count change (it sees the signal,
but ignores it) and when desktopgrid calls it, it assumes the
m_gridSizes array is big enough (but it isn't)

Steps:
----------
1. effects are loaded, 1 screen present
2. 2nd screen gets added, but inactive effects ignore that
3. desktop grid gets activated, updates according to screen count,
   calls presentwindows for screen #2
4. presentwindows data is only prepared for one screen from step 1
   => BOOM
Related: bug 326032
FIXED-IN: 5.4.2
REVIEW: 124960

M  +1    -0    effects/desktopgrid/desktopgrid.cpp
M  +8    -5    effects/presentwindows/presentwindows.cpp
M  +1    -1    effects/presentwindows/presentwindows.h
M  +5    -0    effects/presentwindows/presentwindows_proxy.cpp
M  +2    -0    effects/presentwindows/presentwindows_proxy.h

http://commits.kde.org/kwin/57f8c6d5f88cfb05945d8a2837ed0cec3218e2f9