Bug 361551

Unfortunately debug symbols are not available, thus the backtrace doesn't tell us anything.

The crash won't happen if you disable compositing, e.g. use the failsafe session.

Setup looks prone to be, and description supports this, bug #361342 (and friends, there's plenty of them)
The plasmashell panel sets ridiculous struts, so the entire workspace looks covered by a panel and is not available to windows.
Avoiding struts (allow maximized windows to go under/over the panel) should "resolve" that.

In general, consider multiscreen unsupported in plasma5 for the time being. Qt is broken, KScreen is broken - and plasmashell uses the concurrently. Multiscreen simply does not work.
Might change with Qt 5.6 and plasma 5.7 - until then it's like begging for issues :-(

----

About the segfault, I'm not sure whether that's related to the main problem - looks like happening when a window closes. But we really need a backtrace for deeper insight.

Here's another crash, this time Plasma, when trying to reproduce this. Not sure if it is related but I guess so...

    https://bugs.kde.org/show_bug.cgi?id=361563

Guessing that Qt 5.6 comes soon, but will it really require Plasma 5.7? It's been a mess for quite a while...

(In reply to Thomas Lübking from comment #2)
> Setup looks prone to be, and description supports this, bug #361342 (and
> friends, there's plenty of them)
> The plasmashell panel sets ridiculous struts, so the entire workspace looks
> covered by a panel and is not available to windows.
> Avoiding struts (allow maximized windows to go under/over the panel) should
> "resolve" that.
> 
> In general, consider multiscreen unsupported in plasma5 for the time being.
> Qt is broken, KScreen is broken - and plasmashell uses the concurrently.
> Multiscreen simply does not work.
> Might change with Qt 5.6 and plasma 5.7 - until then it's like begging for
> issues :-(
> 
> ----
> 
> About the segfault, I'm not sure whether that's related to the main problem
> - looks like happening when a window closes. But we really need a backtrace
> for deeper insight.

Will try to get a backtrace. Meanwhile, you're right: if I set the panel to allow windows to cover it, the problem's gone. I'm now going to submit a krunner crash I just had, not sure if that one is ALSO related... Will try to reproduce, but damn, other stuff keeps crashing, too...

Now KRunner puked on me. https://bugs.kde.org/show_bug.cgi?id=361564

How about this backtrace:

=====================
Application: KWin (kwin_x11), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f0cfb626940 (LWP 16487))]

Thread 4 (Thread 0x7f0ce3105700 (LWP 16490)):
#0  0x00007f0cfad9d43d in poll () at /lib64/libc.so.6
#1  0x00007f0cf8b06432 in  () at /usr/lib64/libxcb.so.1
#2  0x00007f0cf8b08007 in xcb_wait_for_event () at /usr/lib64/libxcb.so.1
#3  0x00007f0ce39a9dd9 in QXcbEventReader::run() (this=0x1da6720) at qxcbconnection.cpp:1229
#4  0x00007f0cf8dc590f in QThreadPrivate::start(void*) (arg=0x1da6720) at thread/qthread_unix.cpp:331
#5  0x00007f0cfb068454 in start_thread () at /lib64/libpthread.so.0
#6  0x00007f0cfada5d8d in clone () at /lib64/libc.so.6

Thread 3 (Thread 0x7f0cdf7dc700 (LWP 16503)):
#0  0x00007f0cfad9eab3 in select () at /lib64/libc.so.6
#1  0x00007f0cf8fe5dbf in qt_safe_select(int, fd_set*, fd_set*, fd_set*, timespec const*) (nfds=13, fdread=fdread@entry=0x203a148, fdwrite=fdwrite@entry=0x203a3d8, fdexcept=fdexcept@entry=0x203a668, orig_timeout=orig_timeout@entry=0x0) at kernel/qcore_unix.cpp:75
#2  0x00007f0cf8fe779b in QEventDispatcherUNIXPrivate::doSelect(QFlags<QEventLoop::ProcessEventsFlag>, timespec*) (timeout=0x0, exceptfds=0x203a668, writefds=0x203a3d8, readfds=0x203a148, nfds=<optimized out>, this=0x202aae0) at kernel/qeventdispatcher_unix.cpp:320
#3  0x00007f0cf8fe779b in QEventDispatcherUNIXPrivate::doSelect(QFlags<QEventLoop::ProcessEventsFlag>, timespec*) (this=this@entry=0x2039fb0, flags=..., flags@entry=..., timeout=timeout@entry=0x0) at kernel/qeventdispatcher_unix.cpp:196
#4  0x00007f0cf8fe7c96 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x202aae0, flags=...) at kernel/qeventdispatcher_unix.cpp:607
#5  0x00007f0cf8f945ca in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7f0cdf7dbc70, flags=..., flags@entry=...) at kernel/qeventloop.cpp:204
#6  0x00007f0cf8dc0adc in QThread::exec() (this=this@entry=0x1f5ec30) at thread/qthread.cpp:503
#7  0x00007f0cf30d97b5 in QQmlThreadPrivate::run() (this=0x1f5ec30) at /usr/src/debug/qtdeclarative-opensource-src-5.5.1/src/qml/qml/ftw/qqmlthread.cpp:141
#8  0x00007f0cf8dc590f in QThreadPrivate::start(void*) (arg=0x1f5ec30) at thread/qthread_unix.cpp:331
#9  0x00007f0cfb068454 in start_thread () at /lib64/libpthread.so.0
#10 0x00007f0cfada5d8d in clone () at /lib64/libc.so.6

Thread 2 (Thread 0x7f0cdca02700 (LWP 16510)):
#0  0x00007f0cfb06e02f in pthread_cond_wait@@GLIBC_2.3.2 () at /lib64/libpthread.so.0
#1  0x00007f0cf7d4ba84 in QTWTF::TCMalloc_PageHeap::scavengerThread() (this=0x7f0cf8032ea0 <QTWTF::pageheap_memory>) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:2359
#2  0x00007f0cf7d4bac9 in QTWTF::TCMalloc_PageHeap::runScavengerThread(void*) (context=<optimized out>) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:1464
#3  0x00007f0cfb068454 in start_thread () at /lib64/libpthread.so.0
#4  0x00007f0cfada5d8d in clone () at /lib64/libc.so.6

Thread 1 (Thread 0x7f0cfb626940 (LWP 16487)):
[KCrash Handler]
#6  0x00007f0cf412ab60 in KWin::GLTexture::isNull() const (this=this@entry=0x0) at /usr/src/debug/kwin-5.6.1/libkwineffects/kwingltexture.cpp:319
#7  0x00007f0cf412bdc0 in KWin::GLTexture::update(QImage const&, QPoint const&, QRect const&) (this=0x0, image=..., offset=..., src=...) at /usr/src/debug/kwin-5.6.1/libkwineffects/kwingltexture.cpp:330
#8  0x00007f0cfa97b787 in KWin::SceneOpenGLDecorationRenderer::render() (rotated=true, offset=..., partRect=..., geo=..., __closure=<synthetic pointer>) at /usr/src/debug/kwin-5.6.1/scene_opengl.cpp:2468
#9  0x00007f0cfa97b787 in KWin::SceneOpenGLDecorationRenderer::render() (this=0x22ebeb0) at /usr/src/debug/kwin-5.6.1/scene_opengl.cpp:2470
#10 0x00007f0cfa97ba62 in KWin::SceneOpenGLDecorationRenderer::reparent(KWin::Deleted*) (this=0x22ebeb0, deleted=0x32b42f0) at /usr/src/debug/kwin-5.6.1/scene_opengl.cpp:2509
#11 0x00007f0cfa984781 in KWin::Deleted::copyToDeleted(KWin::Toplevel*) (this=this@entry=0x32b42f0, c=c@entry=0x1fb8880) at /usr/src/debug/kwin-5.6.1/deleted.cpp:101
#12 0x00007f0cfa9847d9 in KWin::Deleted::create(KWin::Toplevel*) (c=c@entry=0x1fb8880) at /usr/src/debug/kwin-5.6.1/deleted.cpp:63
#13 0x00007f0cfa8bc203 in KWin::Client::destroyClient() (this=this@entry=0x1fb8880) at /usr/src/debug/kwin-5.6.1/client.cpp:282
#14 0x00007f0cfa8fd03e in KWin::Client::unmapNotifyEvent(xcb_unmap_notify_event_t*) (this=0x1fb8880, e=<optimized out>) at /usr/src/debug/kwin-5.6.1/events.cpp:815
#15 0x00007f0cfa900853 in KWin::Client::windowEvent(xcb_generic_event_t*) (this=0x1fb8880, e=e@entry=0x2bc5b00) at /usr/src/debug/kwin-5.6.1/events.cpp:655
#16 0x00007f0cfa901bff in KWin::Workspace::workspaceEvent(xcb_generic_event_t*) (this=0x1e83c30, e=0x2bc5b00) at /usr/src/debug/kwin-5.6.1/events.cpp:352
#17 0x00007f0cf8f9380f in QAbstractEventDispatcher::filterNativeEvent(QByteArray const&, void*, long*) (this=<optimized out>, eventType=..., message=message@entry=0x2bc5b00, result=result@entry=0x7ffc1c095178) at kernel/qabstracteventdispatcher.cpp:460
#18 0x00007f0ce39ad7b4 in QXcbConnection::handleXcbEvent(xcb_generic_event_t*) (this=this@entry=0x1d9a890, event=event@entry=0x2bc5b00) at qxcbconnection.cpp:1020
#19 0x00007f0ce39ae53b in QXcbConnection::processXcbEvents() (this=0x1d9a890) at qxcbconnection.cpp:1504
#20 0x00007f0cf8fc4cf9 in QObject::event(QEvent*) (this=0x1d9a890, e=<optimized out>) at kernel/qobject.cpp:1239
#21 0x00007f0cf9c7987c in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=this@entry=0x1d8f2c0, receiver=receiver@entry=0x1d9a890, e=e@entry=0x316cb50) at kernel/qapplication.cpp:3716
#22 0x00007f0cf9c7e986 in QApplication::notify(QObject*, QEvent*) (this=0x7ffc1c095750, receiver=0x1d9a890, e=0x316cb50) at kernel/qapplication.cpp:3499
#23 0x00007f0cf8f96c83 in QCoreApplication::notifyInternal(QObject*, QEvent*) (this=0x7ffc1c095750, receiver=0x1d9a890, event=event@entry=0x316cb50) at kernel/qcoreapplication.cpp:965
#24 0x00007f0cf8f98fa6 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (event=0x316cb50, receiver=<optimized out>) at kernel/qcoreapplication.h:224
#25 0x00007f0cf8f98fa6 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x1d7ea50) at kernel/qcoreapplication.cpp:1593
#26 0x00007f0cf8fe7b62 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x1ddf540, flags=flags@entry=...) at kernel/qeventdispatcher_unix.cpp:579
#27 0x00007f0ce3a0d66d in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=...) at eventdispatchers/qunixeventdispatcher.cpp:62
#28 0x00007f0cf8f945ca in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffc1c095650, flags=..., flags@entry=...) at kernel/qeventloop.cpp:204
#29 0x00007f0cf8f9c28d in QCoreApplication::exec() () at kernel/qcoreapplication.cpp:1229
#30 0x00007f0cf94d253c in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1529
#31 0x00007f0cf9c75f25 in QApplication::exec() () at kernel/qapplication.cpp:2976
#32 0x00007f0cfb283c4f in kdemain(int, char**) (argc=3, argv=0x7ffc1c0958c8) at /usr/src/debug/kwin-5.6.1/main_x11.cpp:327
#33 0x00007f0cfacdc5b0 in __libc_start_main () at /lib64/libc.so.6
#34 0x0000000000400809 in _start () at ../sysdeps/x86_64/start.S:118

Qt 5.6 needs to be a required dependency to get rid of the QScreen/KScreen intermix in plasmashell. This obviously can't happen before 5.7.

The crash is a simple nullptr resolution.
SceneOpenGLDecorationRenderer::resizeTextture results in an empty size, thus m_texture is 0x0 and that's not caught in ::render() - I assume an early exit will do.

diff --git a/scene_opengl.cpp b/scene_opengl.cpp
index c81c2b8..049bc1d 100644
--- a/scene_opengl.cpp
+++ b/scene_opengl.cpp
@@ -2451,6 +2451,9 @@ void SceneOpenGLDecorationRenderer::render()
         resetImageSizesDirty();
     }
 
+    if (!m_texture)
+        return;
+
     QRect left, top, right, bottom;
     client()->client()->layoutDecorationRects(left, top, right, bottom);

It was a hard fight but I succeeded creating a test case for the condition: https://phabricator.kde.org/D1383

Git commit 0df4406c2cf8df56f90a7a006eb911775a120886 by Martin Gräßlin.
Committed on 14/04/2016 at 05:35.
Pushed by graesslin into branch 'Plasma/5.6'.

Fix crash on repainting an invalid sizes decoration

Summary:
If a window has an invalid size the decoration also has an invalid
size. This results in the texture used by the
SceneOpenGLDecorationRenderer to be invalid and being reset to null.
Of course we shouldn't try to use this texture to render to.

The change comes with a test case to simulate the situation. We cannot
simulate it with Wayland clients as the geometry can never be empty.
Thus we create an X11 client, resize it to an empty size and unmap it.

This is the first integration test case which creates an X11 Client!
It's also a test case which needs the OpenGL compositor. This will most
likely not work on build.kde.org yet - we need to see what to do about
it. Will need adjustments to get it at least skip on build.kde.org.
FIXED-IN: 5.6.3

Reviewers: #plasma

Subscribers: plasma-devel

Projects: #plasma

Differential Revision: https://phabricator.kde.org/D1383

M  +9    -0    autotests/wayland/CMakeLists.txt
A  +221  -0    autotests/wayland/dont_crash_empty_deco.cpp     [License: GPL (v2)]
M  +1    -1    client.h
M  +5    -0    scene_opengl.cpp

http://commits.kde.org/kwin/0df4406c2cf8df56f90a7a006eb911775a120886

Thank you Martin, Thomas.