Bug 285747 - kwin crash switching desktop
Summary: kwin crash switching desktop
Status: RESOLVED FIXED
Alias: None
Product: kwin
Classification: Plasma
Component: tabbox (show other bugs)
Version: unspecified
Platform: Compiled Sources Linux
: NOR crash
Target Milestone: ---
Assignee: KWin default assignee
URL: https://git.reviewboard.kde.org/r/105...
Keywords: regression
: 292569 292944 296604 297551 300569 (view as bug list)
Depends on:
Blocks:
 
Reported: 2011-11-04 12:17 UTC by Francesco Riosa
Modified: 2012-06-02 16:59 UTC (History)
11 users (show)

See Also:
Latest Commit:
Version Fixed In: 4.8.4
Sentry Crash Report:
mgraesslin: ReviewRequest+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Francesco Riosa 2011-11-04 12:17:50 UTC
Application: kwin (4.7.3 (4.7.3))
KDE Platform Version: 4.7.3 (4.7.3) (Compiled from sources)
Qt Version: 4.7.4
Operating System: Linux 3.0.3-fc15-aufs-x86_64 x86_64
Distribution (Platform): Gentoo Packages

-- Information about the crash:
I'm not totally sure that the crash trigger was switching from desktop2 to desktop1 but seem plausible.

kde sc is compiled from git/svn

-- Backtrace:
Application: KWin (kwin), signal: Segmentation fault
82	T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
[Current thread is 1 (Thread 0x7fd49fd8d7c0 (LWP 28561))]

Thread 2 (Thread 0x7fd482d06700 (LWP 28568)):
#0  pthread_cond_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007fd49cd8df32 in QTWTF::TCMalloc_PageHeap::scavengerThread (this=0x7fd49d08bf40) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:2359
#2  0x00007fd49cd8df69 in QTWTF::TCMalloc_PageHeap::runScavengerThread (context=<optimized out>) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:1464
#3  0x00007fd49a86fbb0 in start_thread (arg=0x7fd482d06700) at pthread_create.c:301
#4  0x00007fd4987ff28d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 1 (Thread 0x7fd49fd8d7c0 (LWP 28561)):
[KCrash Handler]
#6  KWin::TabBox::ImageProvider::requestPixmap (this=<optimized out>, id=..., size=0x7fff059b4b20, requestedSize=...) at /usr/src/debug/kde-base/kwin-9999/kwin-9999/kwin/tabbox/declarative.cpp:71
#7  0x00007fd49c5cea85 in QDeclarativeEnginePrivate::getPixmapFromProvider (this=0x2384ca0, url=..., size=0x7fff059b4b20, req_size=...) at qml/qdeclarativeengine.cpp:837
#8  0x00007fd49c511344 in createPixmapDataSync (ok=<synthetic pointer>, requestSize=..., url=..., engine=0x235cd80) at util/qdeclarativepixmapcache.cpp:802
#9  QDeclarativePixmap::load (this=0x23feb38, engine=0x235cd80, url=..., requestSize=..., options=...) at util/qdeclarativepixmapcache.cpp:1003
#10 0x00007fd49c55abbd in QDeclarativeImageBase::load (this=0x23fe8a0) at graphicsitems/qdeclarativeimagebase.cpp:205
#11 0x00007fd49c5e2f33 in QDeclarativeComponentPrivate::complete (enginePriv=0x2384ca0, state=0x2409a60) at qml/qdeclarativecomponent.cpp:962
#12 0x00007fd49c5e35ff in completeCreate (this=<optimized out>) at qml/qdeclarativecomponent.cpp:1035
#13 QDeclarativeComponentPrivate::completeCreate (this=<optimized out>) at qml/qdeclarativecomponent.cpp:1031
#14 0x00007fd49c59885d in QDeclarativeVisualDataModel::completeItem (this=<optimized out>) at graphicsitems/qdeclarativevisualitemmodel.cpp:1125
#15 0x00007fd49c5a662b in QDeclarativeListViewPrivate::createItem (this=0x2414bf0, modelIndex=<optimized out>) at graphicsitems/qdeclarativelistview.cpp:664
#16 0x00007fd49c5ab15b in QDeclarativeListViewPrivate::updateCurrent (this=0x2414bf0, modelIndex=0) at graphicsitems/qdeclarativelistview.cpp:1158
#17 0x00007fd49c5ae47b in QDeclarativeListView::setModel (this=0x250b500, model=<optimized out>) at graphicsitems/qdeclarativelistview.cpp:1768
#18 0x00007fd49c6d2320 in QDeclarativeListView::qt_metacall (this=0x250b500, _c=QMetaObject::WriteProperty, _id=0, _a=0x7fff059b5170) at .moc/debug-shared/moc_qdeclarativelistview_p.cpp:529
#19 0x00007fd49c5c2810 in QDeclarativeVMEMetaObject::metaCall (this=0x2408330, c=QMetaObject::WriteProperty, _id=67, a=0x7fff059b5170) at qml/qdeclarativevmemetaobject.cpp:673
#20 0x00007fd49c5dfecd in QDeclarativePropertyPrivate::write (object=0x250b500, property=<optimized out>, value=<optimized out>, context=<optimized out>, flags=...) at qml/qdeclarativeproperty.cpp:1173
#21 0x00007fd49c678cac in QDeclarativeObjectScriptClass::setProperty (this=0x23cb180, obj=0x250b500, name=<optimized out>, value=..., context=0x7fd480b480a0, evalContext=0x24083e0) at qml/qdeclarativeobjectscriptclass.cpp:404
#22 0x00007fd49ce08dd6 in QScript::DeclarativeObjectDelegate::put (this=0x2415390, object=0x7fd49c6790e0, exec=<optimized out>, propertyName=<optimized out>, value=..., slot=...) at bridge/qscriptdeclarativeobject.cpp:99
#23 0x00007fd49cce2ef8 in put (slot=..., value=<optimized out>, propertyName=<optimized out>, exec=0x7fd480b480a0, this=0x7fff059b55c0) at ../3rdparty/javascriptcore/JavaScriptCore/runtime/JSObject.h:658
#24 QTJSC::cti_op_put_by_id (args=<optimized out>) at ../3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp:1243
#25 0x00007fd49fc154f8 in ?? ()
#26 0x0000000000000000 in ?? ()

Reported using DrKonqi
Comment 1 Martin Flöser 2011-11-04 18:30:20 UTC
The crash indicates you were using Alt+Tab (or something related) when the crash happened. Can you figure out a way to reproduce the crash.

I had a few crashes after the recent change of Alt+Tab code but had not seen this one.
Comment 2 Francesco Riosa 2011-11-05 12:37:31 UTC
I've _not_ been able to reproduce this in the latest days.

I'm using this revision at the moment and will upgrade tomorrow
commit 92b1e7cc6766023050aaaae41390bb5cfcc07ec5
Date:   Thu Nov 3 11:48:32 2011 +0800
Comment 3 Martin Flöser 2011-12-10 08:37:01 UTC
assuming it is fixed
Comment 4 Andre Woebbeking 2012-01-10 10:33:43 UTC
Hi Martin,

I've the same crash in KDE 4.8 and Qt 4.8.0 (both self compiled from uptodate branch). KWin crashes sometimes when I press Meta+Tab (switch desktop) for a very short time as I only want to jump to the last used desktop. I had disabled the desktop effect for switching desktops.


Cheers,
André
Comment 5 Thomas Lübking 2012-01-27 15:36:41 UTC
*** Bug 292569 has been marked as a duplicate of this bug. ***
Comment 6 Martin Flöser 2012-01-27 20:01:41 UTC
The problem is most likely fixed in master. I have to switch to the 4.8 branch in order to fix it. I have a pretty good idea about what is going wrong there and hope to find the time to investigate the issue and fix it for 4.8.

Sorry for introducing this regression.
Comment 7 Thomas Lübking 2012-01-31 13:21:08 UTC
*** Bug 292944 has been marked as a duplicate of this bug. ***
Comment 8 g111 2012-01-31 18:14:47 UTC
This crash happens several times a day. Here is another backtrace (I do not know if it helps or if it is redundant? But it looks a bit more detailed.)

Kubuntu 11.10
KDE4.8.0 from kubuntu backports

Crash happens when switching to the last desktop by a hotkey (in my case ctrl+tab).

Application: KWin (kwin), signal: Segmentation fault
[Current thread is 1 (Thread 0xb1feb720 (LWP 6649))]

Thread 3 (Thread 0xaf25eb70 (LWP 6654)):
#0  0xb2ef6d10 in __GI_clock_gettime (clock_id=1, tp=0xaf25e058) at ../sysdeps/unix/clock_gettime.c:116
#1  0xb609f7d5 in do_gettime (frac=0xaf25e050, sec=0xaf25e048) at tools/qelapsedtimer_unix.cpp:123
#2  qt_gettime () at tools/qelapsedtimer_unix.cpp:140
#3  0xb61724b6 in QTimerInfoList::updateCurrentTime (this=0x94ab9f0) at kernel/qeventdispatcher_unix.cpp:339
#4  0xb6173eab in QEventDispatcherUNIXPrivate::doSelect (this=0x94ab350, flags=..., timeout=0x0) at kernel/qeventdispatcher_unix.cpp:182
#5  0xb6174454 in QEventDispatcherUNIX::processEvents (this=0x9454098, flags=...) at kernel/qeventdispatcher_unix.cpp:918
#6  0xb61421dd in QEventLoop::processEvents (this=0xaf25e2a0, flags=...) at kernel/qeventloop.cpp:149
#7  0xb6142421 in QEventLoop::exec (this=0xaf25e2a0, flags=...) at kernel/qeventloop.cpp:201
#8  0xb604590b in QThread::exec (this=0x94193e8) at thread/qthread.cpp:498
#9  0xb6122e2d in QInotifyFileSystemWatcherEngine::run (this=0x94193e8) at io/qfilesystemwatcher_inotify.cpp:248
#10 0xb60487b3 in QThreadPrivate::start (arg=0x94193e8) at thread/qthread_unix.cpp:331
#11 0xb2eafd31 in start_thread (arg=0xaf25eb70) at pthread_create.c:304
#12 0xb768e0ce in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
Backtrace stopped: Not enough registers or memory available to unwind further

Thread 2 (Thread 0xae8beb70 (LWP 6655)):
#0  0xb789e424 in __kernel_vsyscall ()
#1  0xb2eb3a5c in pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_wait.S:169
#2  0xb769bcfc in __pthread_cond_wait (cond=0xb68eda50, mutex=0xb68eda38) at forward.c:139
#3  0xb67e89a9 in QTWTF::TCMalloc_PageHeap::scavengerThread (this=0xb68e8960) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:2359
#4  0xb67e89ef in QTWTF::TCMalloc_PageHeap::runScavengerThread (context=0xb68e8960) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:1464
#5  0xb2eafd31 in start_thread (arg=0xae8beb70) at pthread_create.c:304
#6  0xb768e0ce in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
Backtrace stopped: Not enough registers or memory available to unwind further

Thread 1 (Thread 0xb1feb720 (LWP 6649)):
[KCrash Handler]
#7  0x00000010 in ?? ()
#8  0xb7843fbb in KWin::TabBox::ClientModel::data (this=0x93932b0, index=..., role=37) at ../../kwin/tabbox/clientmodel.cpp:80
#9  0xb6c6ad99 in QDeclarativeVisualDataModelDataMetaObject::initialValue (this=0x9258460, propId=159308512) at graphicsitems/qdeclarativevisualitemmodel.cpp:534
#10 0xb6bcf5c4 in QDeclarativeOpenMetaObjectPrivate::getData (this=0x9b05e70, idx=3) at util/qdeclarativeopenmetaobject.cpp:149
#11 0xb6bce08c in QDeclarativeOpenMetaObject::metaCall (this=0x994be20, c=QMetaObject::ReadProperty, id=5, a=0xbf866830) at util/qdeclarativeopenmetaobject.cpp:230
#12 0xb6149b7d in metacall (argv=0xbf866830, idx=5, cl=QMetaObject::ReadProperty, object=0x9a9a278) at kernel/qmetaobject.cpp:237
#13 QMetaObject::metacall (object=0x9a9a278, cl=QMetaObject::ReadProperty, idx=5, argv=0xbf866830) at kernel/qmetaobject.cpp:232
#14 0xb614c99b in QMetaProperty::read (this=0xbf8668b8, object=0x9a9a278) at kernel/qmetaobject.cpp:2238
#15 0xb6d46b06 in QDeclarativeObjectScriptClass::property (this=0xbf8668b8, obj=0x9a9a278, name=@0x97edae0) at qml/qdeclarativeobjectscriptclass.cpp:311
#16 0xb6d4c325 in QDeclarativeContextScriptClass::property (this=0x99f0048, object=0x9b1c6c8, name=@0x9258460) at qml/qdeclarativecontextscriptclass.cpp:289
#17 0xb686c576 in QScript::DeclarativeObjectDelegate::getOwnPropertySlot (this=0x9b1c6f8, object=0xad651e40, exec=0xad6900f8, propertyName=..., slot=...) at bridge/qscriptdeclarativeobject.cpp:76
#18 0xb68537f4 in QScriptObject::getOwnPropertySlot (this=0xad651e40, exec=0xad6900f8, propertyName=..., slot=...) at bridge/qscriptobject.cpp:61
#19 0xb672d77c in fastGetOwnPropertySlot (this=0xad651e40, slot=..., propertyName=..., exec=0xad6900f8) at ../3rdparty/javascriptcore/JavaScriptCore/runtime/JSObject.h:382
#20 getPropertySlot (slot=<optimized out>, propertyName=<optimized out>, exec=<optimized out>, this=<optimized out>) at ../3rdparty/javascriptcore/JavaScriptCore/runtime/JSObject.h:391
#21 QTJSC::cti_op_resolve_skip (args=0x3) at ../3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp:2298
#22 0xaea18854 in ?? ()
#23 0xb66e7a47 in execute (exception=<optimized out>, globalData=<optimized out>, callFrame=<optimized out>, registerFile=<optimized out>, this=<optimized out>) at ../3rdparty/javascriptcore/JavaScriptCore/jit/JITCode.h:79
#24 QTJSC::Interpreter::execute (this=0xadfc6ba0, functionExecutable=0xae02ff78, callFrame=0xad6900a0, function=0xad651ec0, thisObj=0xad6900f8, args=..., scopeChain=0xae03cf90, exception=0xadfc4294) at ../3rdparty/javascriptcore/JavaScriptCore/interpreter/Interpreter.cpp:716
#25 0xb67843f2 in QTJSC::JSFunction::call (this=0xad651ec0, exec=0xad6900a0, thisValue=..., args=...) at ../3rdparty/javascriptcore/JavaScriptCore/runtime/JSFunction.cpp:122
#26 0xb6757c89 in QTJSC::call (exec=0xad6900a0, functionObject=..., callType=QTJSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../3rdparty/javascriptcore/JavaScriptCore/runtime/CallData.cpp:62
#27 0xb684c63c in QScriptValue::call (this=0x97edae0, thisObject=..., args=...) at api/qscriptvalue.cpp:1610
#28 0xb6ca56f8 in QDeclarativeQtScriptExpression::eval (this=0x9ae2520, secondaryScope=0x97edae0, isUndefined=0xbf866f7c) at qml/qdeclarativeexpression.cpp:518
#29 0xb6ca5a12 in QDeclarativeQtScriptExpression::scriptValue (this=0x9ae2520, secondaryScope=0x97edae0, isUndefined=0xbf866f7c) at qml/qdeclarativeexpression.cpp:470
#30 0xb6ca5d1e in QDeclarativeExpressionPrivate::scriptValue (this=0x9ae2520, secondaryScope=0x97edae0, isUndefined=0x97edae0) at qml/qdeclarativeexpression.cpp:653
#31 0xb6ca7877 in QDeclarativeBinding::update (this=0x9ae24a0, flags=...) at qml/qdeclarativebinding.cpp:365
#32 0xb6ca8932 in QDeclarativeBinding::setEnabled (this=0x9ae24a0, e=true, flags=...) at qml/qdeclarativebinding.cpp:474
#33 0xb6cb0b0f in QDeclarativeComponentPrivate::complete (enginePriv=0x99ca3e0, state=0x99997b0) at qml/qdeclarativecomponent.cpp:948
#34 0xb6cb1154 in completeCreate (this=0x9999740) at qml/qdeclarativecomponent.cpp:1035
#35 QDeclarativeComponentPrivate::completeCreate (this=0x9999740) at qml/qdeclarativecomponent.cpp:1031
#36 0xb6c6592e in QDeclarativeVisualDataModel::completeItem (this=0x98ebdc0) at graphicsitems/qdeclarativevisualitemmodel.cpp:1125
#37 0xb6c6fe03 in QDeclarativeListViewPrivate::createItem (this=0x9ae1680, modelIndex=0) at graphicsitems/qdeclarativelistview.cpp:664
#38 0xb6c76670 in refill (doBuffer=false, to=547, from=-0, this=0x9ae1680) at graphicsitems/qdeclarativelistview.cpp:766
#39 QDeclarativeListViewPrivate::refill (this=0x9ae1680, from=-0, to=547, doBuffer=false) at graphicsitems/qdeclarativelistview.cpp:710
#40 0xb6c76a0c in QDeclarativeListView::refill (this=0x9b25d80) at graphicsitems/qdeclarativelistview.cpp:3130
#41 0xb6c7b050 in QDeclarativeListView::setModel (this=0x9b25d80, model=...) at graphicsitems/qdeclarativelistview.cpp:1766
#42 0xb6da8a95 in QDeclarativeListView::qt_metacall (this=0x9b25d80, _c=QMetaObject::WriteProperty, _id=0, _a=0xbf8674b4) at .moc/release-shared/moc_qdeclarativelistview_p.cpp:529
#43 0xb6c8fd21 in QDeclarativeVMEMetaObject::metaCall (this=0x9b52a00, c=QMetaObject::WriteProperty, _id=67, a=0xbf8674b4) at qml/qdeclarativevmemetaobject.cpp:673
#44 0xb6149b7d in metacall (argv=0xbf8674b4, idx=67, cl=QMetaObject::WriteProperty, object=0x9b25d80) at kernel/qmetaobject.cpp:237
#45 QMetaObject::metacall (object=0x9b25d80, cl=QMetaObject::WriteProperty, idx=67, argv=0xbf8674b4) at kernel/qmetaobject.cpp:232
#46 0xb6cadb34 in QDeclarativePropertyPrivate::write (object=0x9b25d80, property=..., value=..., context=0x98eb120, flags=...) at qml/qdeclarativeproperty.cpp:1173
#47 0xb6d48074 in QDeclarativeObjectScriptClass::setProperty (this=0x99f1270, obj=0x9b25d80, name=@0x97edae0, value=..., context=0xad6900a0, evalContext=0x98eb120) at qml/qdeclarativeobjectscriptclass.cpp:404
#48 0xb6d48538 in QDeclarativeObjectScriptClass::setProperty (this=0x99f1270, object=0x9957938, name=@0xbf8676b0, value=...) at qml/qdeclarativeobjectscriptclass.cpp:321
#49 0xb686c87a in QScript::DeclarativeObjectDelegate::put (this=0x9b57868, object=0x97edae0, exec=0xbf8676bc, propertyName=..., value=..., slot=...) at bridge/qscriptdeclarativeobject.cpp:99
#50 0xb6853134 in QScriptObject::put (this=0xad65a000, exec=0xad6900a0, propertyName=..., value=..., slot=...) at bridge/qscriptobject.cpp:80
#51 0xb6734d36 in put (slot=..., value=<optimized out>, propertyName=..., exec=0xad6900a0, this=0xbf867768) at ../3rdparty/javascriptcore/JavaScriptCore/runtime/JSObject.h:658
#52 QTJSC::cti_op_put_by_id (args=0x9ae1040) at ../3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp:1243
#53 0xaea139e5 in ?? ()
#54 0xb66e7a47 in execute (exception=<optimized out>, globalData=<optimized out>, callFrame=<optimized out>, registerFile=<optimized out>, this=<optimized out>) at ../3rdparty/javascriptcore/JavaScriptCore/jit/JITCode.h:79
#55 QTJSC::Interpreter::execute (this=0xadfc6ba0, functionExecutable=0xadfcbd38, callFrame=0x99cbb64, function=0xad647440, thisObj=0xad6900a0, args=..., scopeChain=0xae00a630, exception=0xadfc4294) at ../3rdparty/javascriptcore/JavaScriptCore/interpreter/Interpreter.cpp:716
#56 0xb67843f2 in QTJSC::JSFunction::call (this=0xad647440, exec=0x99cbb64, thisValue=..., args=...) at ../3rdparty/javascriptcore/JavaScriptCore/runtime/JSFunction.cpp:122
#57 0xb6757c89 in QTJSC::call (exec=0x99cbb64, functionObject=..., callType=QTJSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../3rdparty/javascriptcore/JavaScriptCore/runtime/CallData.cpp:62
#58 0xb684c63c in QScriptValue::call (this=0x97edae0, thisObject=..., args=...) at api/qscriptvalue.cpp:1610
#59 0xb6ca56f8 in QDeclarativeQtScriptExpression::eval (this=0x99f4670, secondaryScope=0x97edae0, isUndefined=0x0) at qml/qdeclarativeexpression.cpp:518
#60 0xb6ca5a12 in QDeclarativeQtScriptExpression::scriptValue (this=0x99f4670, secondaryScope=0x97edae0, isUndefined=0x0) at qml/qdeclarativeexpression.cpp:470
#61 0xb6ca5d1e in QDeclarativeExpressionPrivate::scriptValue (this=0x99f4670, secondaryScope=0x97edae0, isUndefined=0x97edae0) at qml/qdeclarativeexpression.cpp:653
#62 0xb6ca5ea4 in QDeclarativeExpressionPrivate::value (this=0x99f4620, secondaryScope=0x0, isUndefined=0x0) at qml/qdeclarativeexpression.cpp:667
#63 0xb6ce1658 in QDeclarativeBoundSignal::qt_metacall (this=0x9a24890, c=QMetaObject::InvokeMetaMethod, id=4, a=0xbf867c44) at qml/qdeclarativeboundsignal.cpp:186
#64 0xb6149b7d in metacall (argv=0xbf867c44, idx=4, cl=QMetaObject::InvokeMetaMethod, object=0x9a24890) at kernel/qmetaobject.cpp:237
#65 QMetaObject::metacall (object=0x9a24890, cl=QMetaObject::InvokeMetaMethod, idx=4, argv=0xbf867c44) at kernel/qmetaobject.cpp:232
#66 0xb6158a6a in QMetaObject::activate (sender=0x9a1e3e8, m=0xb6e744f8, local_signal_index=4, argv=0x0) at kernel/qobject.cpp:3278
#67 0xb6c3b1f5 in QDeclarativeLoader::loaded (this=0x9a1e3e8) at .moc/release-shared/moc_qdeclarativeloader_p.cpp:187
#68 0xb6c3ba7d in QDeclarativeLoaderPrivate::_q_sourceLoaded (this=0x9a299c8) at graphicsitems/qdeclarativeloader.cpp:423
#69 0xb6c3c324 in QDeclarativeLoader::qt_metacall (this=0x9a1e3e8, _c=QMetaObject::WriteProperty, _id=0, _a=0xbf867ebc) at .moc/release-shared/moc_qdeclarativeloader_p.cpp:136
#70 0xb6c8fd21 in QDeclarativeVMEMetaObject::metaCall (this=0x9a248b0, c=QMetaObject::WriteProperty, _id=43, a=0xbf867ebc) at qml/qdeclarativevmemetaobject.cpp:673
#71 0xb6149b7d in metacall (argv=0xbf867ebc, idx=43, cl=QMetaObject::WriteProperty, object=0x9a1e3e8) at kernel/qmetaobject.cpp:237
#72 QMetaObject::metacall (object=0x9a1e3e8, cl=QMetaObject::WriteProperty, idx=43, argv=0xbf867ebc) at kernel/qmetaobject.cpp:232
#73 0xb614cf03 in QMetaProperty::write (this=0x0, object=0x9a1e3e8, value=...) at kernel/qmetaobject.cpp:2312
#74 0xb615c6fa in QObject::setProperty (this=0x9a1e3e8, name=0xb7870bdc "source", value=...) at kernel/qobject.cpp:3434
#75 0xb7845b60 in KWin::TabBox::DeclarativeView::updateQmlSource (this=0x99771e0) at ../../kwin/tabbox/declarative.cpp:215
#76 0xb7774be4 in KWin::TabBox::DeclarativeView::qt_metacall (this=0x99771e0, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0xbf8680f4) at moc_declarative.cpp:77
#77 0xb6149b7d in metacall (argv=0xbf8680f4, idx=43, cl=QMetaObject::InvokeMetaMethod, object=0x99771e0) at kernel/qmetaobject.cpp:237
#78 QMetaObject::metacall (object=0x99771e0, cl=QMetaObject::InvokeMetaMethod, idx=43, argv=0xbf8680f4) at kernel/qmetaobject.cpp:232
#79 0xb6158a6a in QMetaObject::activate (sender=0x93946d8, m=0xb7897b08, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3278
#80 0xb7776a05 in KWin::TabBox::TabBoxHandler::configChanged (this=0x93946d8) at moc_tabboxhandler.cpp:86
#81 0xb78503b0 in KWin::TabBox::TabBoxHandler::setConfig (this=0x93946d8, config=...) at ../../kwin/tabbox/tabboxhandler.cpp:401
#82 0xb783cc9e in setMode (this=0x9291d80, mode=<optimized out>) at ../../kwin/tabbox/tabbox.cpp:373
#83 KWin::TabBox::TabBox::setMode (this=0x9291d80, mode=KWin::TabBoxDesktopMode) at ../../kwin/tabbox/tabbox.cpp:362
#84 0xb7840a7a in startWalkThroughDesktops (mode=KWin::TabBoxDesktopMode, this=0x9291d80) at ../../kwin/tabbox/tabbox.cpp:933
#85 KWin::TabBox::TabBox::startWalkThroughDesktops (this=0x9291d80, mode=KWin::TabBoxDesktopMode) at ../../kwin/tabbox/tabbox.cpp:927
#86 0xb7840bb7 in KWin::TabBox::TabBox::startWalkThroughDesktops (this=0x9291d80) at ../../kwin/tabbox/tabbox.cpp:940
#87 0xb7840c68 in KWin::TabBox::TabBox::slotWalkThroughDesktops (this=0x9291d80) at ../../kwin/tabbox/tabbox.cpp:804
#88 0xb7840fd7 in KWin::TabBox::TabBox::qt_metacall (this=0x9291d80, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0xbf868338) at ./tabbox.moc:124
#89 0xb6149b7d in metacall (argv=0xbf868338, idx=9, cl=QMetaObject::InvokeMetaMethod, object=0x9291d80) at kernel/qmetaobject.cpp:237
#90 QMetaObject::metacall (object=0x9291d80, cl=QMetaObject::InvokeMetaMethod, idx=9, argv=0xbf868338) at kernel/qmetaobject.cpp:232
#91 0xb6158a6a in QMetaObject::activate (sender=0x94e6e30, m=0xb5fb6458, local_signal_index=1, argv=0xbf868338) at kernel/qobject.cpp:3278
#92 0xb566686d in QAction::triggered (this=0x94e6e30, _t1=false) at .moc/release-shared/moc_qaction.cpp:263
#93 0xb5666b0b in QAction::activate (this=0x94e6e30, event=QAction::Trigger) at kernel/qaction.cpp:1257
#94 0xb73b8b1f in trigger (this=0x94e6e30) at /usr/include/qt4/QtGui/qaction.h:218
#95 KGlobalAccelPrivate::_k_invokeAction (this=0x93b8fc8, componentUnique=..., actionUnique=..., timestamp=378168376) at ../../kdeui/shortcuts/kglobalaccel.cpp:449
#96 0xb73bb74f in KGlobalAccel::qt_metacall (this=0x93d94d8, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0xbf868520) at ./kglobalaccel.moc:77
#97 0xb6149b7d in metacall (argv=0xbf868520, idx=4, cl=QMetaObject::InvokeMetaMethod, object=0x93d94d8) at kernel/qmetaobject.cpp:237
#98 QMetaObject::metacall (object=0x93d94d8, cl=QMetaObject::InvokeMetaMethod, idx=4, argv=0xbf868520) at kernel/qmetaobject.cpp:232
#99 0xb6158a6a in QMetaObject::activate (sender=0x93b8ea8, m=0xb75b55d8, local_signal_index=0, argv=0xbf868520) at kernel/qobject.cpp:3278
#100 0xb74f3955 in OrgKdeKglobalaccelComponentInterface::globalShortcutPressed (this=0x93b8ea8, _t1=..., _t2=..., _t3=378168376) at kglobalaccel_component_interface.moc:150
#101 0xb74f3e4e in OrgKdeKglobalaccelComponentInterface::qt_metacall (this=0x93b8ea8, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0xbf86870c) at kglobalaccel_component_interface.moc:98
#102 0xb629cd87 in QDBusConnectionPrivate::deliverCall (this=0x924b590, object=0x93b8ea8, msg=..., metaTypes=..., slotIdx=159308512) at qdbusintegrator.cpp:942
#103 0xb62a6c26 in QDBusCallDeliveryEvent::placeMetaCall (this=0x98ddf08, object=0x93b8ea8) at qdbusintegrator_p.h:103
#104 0xb615bb52 in QObject::event (this=0x93b8ea8, e=0x98ddf08) at kernel/qobject.cpp:1217
#105 0xb566dd84 in notify_helper (e=0x98ddf08, receiver=0x93b8ea8, this=0x92555d0) at kernel/qapplication.cpp:4486
#106 QApplicationPrivate::notify_helper (this=0x92555d0, receiver=0x93b8ea8, e=0x98ddf08) at kernel/qapplication.cpp:4458
#107 0xb5673133 in QApplication::notify (this=0x98ddf08, receiver=0x93b8ea8, e=0x98ddf08) at kernel/qapplication.cpp:3886
#108 0xb7369011 in KApplication::notify (this=0xbf868e08, receiver=0x93b8ea8, event=0x98ddf08) at ../../kdeui/kernel/kapplication.cpp:311
#109 0xb779df5f in notify (e=0x98ddf08, o=0x93b8ea8, this=0xbf868e08) at ../../kwin/main.cpp:368
#110 KWin::Application::notify (this=0xbf868e08, o=0x93b8ea8, e=0x98ddf08) at ../../kwin/main.cpp:364
#111 0xb614319e in QCoreApplication::notifyInternal (this=0xbf868e08, receiver=0x93b8ea8, event=0x98ddf08) at kernel/qcoreapplication.cpp:787
#112 0xb6146f93 in sendEvent (event=<optimized out>, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#113 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x91fc2e0) at kernel/qcoreapplication.cpp:1428
#114 0xb61470ec in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1321
#115 0xb5726d2d in sendPostedEvents () at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220
#116 QEventDispatcherX11::processEvents (this=0x9255180, flags=...) at kernel/qeventdispatcher_x11.cpp:75
#117 0xb61421dd in QEventLoop::processEvents (this=0xbf868d44, flags=...) at kernel/qeventloop.cpp:149
#118 0xb6142421 in QEventLoop::exec (this=0xbf868d44, flags=...) at kernel/qeventloop.cpp:201
#119 0xb614719d in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1064
#120 0xb566b924 in QApplication::exec () at kernel/qapplication.cpp:3760
#121 0xb77a0ef5 in kdemain (argc=3, argv=0xbf8690b4) at ../../kwin/main.cpp:541
#122 0x0804850b in main (argc=3, argv=0xbf8690b4) at kwin_dummy.cpp:3
Comment 9 Thomas Lübking 2012-02-01 15:18:55 UTC
last trace is a dupe of bug #290482 - still likely the same issue
Comment 10 Martin Flöser 2012-02-05 20:48:08 UTC
I just recompiled KWin 4.8 and are unable to reproduce the issue. No matter how I use ctrl+tab to switch between desktop I don't get a crash.

Can someone provide a 100 % sure way to reproduce the issue? Including all relevant settings (yes everything is relevant).
Comment 11 Leonardo Giordani 2012-02-06 14:51:04 UTC
Sorry but I cannot find a way to surely reproduce it: the only sure thing is that I can experience it on several Kubuntu 11.10 installation with KDE 4.8 packages (ppa:kubuntu-ppa/backports).

Feel free to ask details of the installation if you need them; I don't know what could be useful.
Comment 12 g111 2012-02-06 15:25:01 UTC
I do have the same problem. I cannot find a way to reproduce it. It just happens several times a day. Sometimes it works 20 or more times without crashing, sometimes it crashes two times in maybe 6 desktop switches.

All crashes did only happen by switching "to last desktop" via hot key. It did not happen yet when switching to the left, right, upper or lower desktop.

I have configured a desktop grid of 3x6 desktops.

I have composite enabled and am using the Xrender extension as the current intel video driver in ubuntu crashes xorg with KDE. (This is fixed with the latest xorg backports, but I want to wait for the next ubuntu release for upgrading xorg.)
Comment 13 Leonardo Giordani 2012-02-06 16:12:40 UTC
I though I had composite switched off, but now I looked into it and found that my "desktop effects are not available" since "OpenGL composite crashed Kwin" (my translation in english). So at the time being I cannot say if it depends on buggy composite or not. As soon as possible I'm going to update this. Thanks
Comment 14 Martin Flöser 2012-03-09 07:20:04 UTC
As I am unable to reproduce, there is unfortunately nothing I can do about the crash in 4.8. I know that this crash has been fixed in 4.9 due to changes in general to the affected code base which also means that I can no longer even try to reproduce the issue in my working system.

Because of that I change the state of the bug to fixed. I am sorry for any inconvenience in the usage of 4.8.

If someone can provide a 100 % sure way to reproduce the crash I am willing to look at it again.
Comment 15 Andre Woebbeking 2012-03-13 11:29:45 UTC
Hi Martin, can I help you somehow? And no, I don't have a 100 % sure way :-( But today I had two crashes again.
Comment 16 Martin Flöser 2012-03-13 16:21:36 UTC
Without a clear way on how to reproduce the issue, I won't be able to investigate it. Given that I work on 4.9 and there the crash is fixed, it is rather difficult for me.

If there is a way to reproduce the crash with a reliability of at least 90 % I can try to look at it.
Comment 17 Thomas Lübking 2012-03-13 19:11:55 UTC
the traces look like m_clientList is garbled (esp. see comment #8) but what makes me really wonder:
How please can switching the desktop (via shortcut, one of the reports is even by mousewheel) cause a crash in the tabbox? And if it was some overflow from the desktop indicator, why so reproducible segfault location?

-> Do i terribly miss something? Do we have a tabbox for VDs as well?
-> Does it crash if you disable the desktop switching indicators (esp. that one showing the arrow)?
Comment 18 Leonardo Giordani 2012-03-13 19:15:23 UTC
I cannot confirm my previous report of crashing after switch with mouse wheel; it never happened again so perhaps I wrongly reported it. I can experience it with keyboard shortcut anyway. Sorry for the bad report.
Comment 19 Martin Flöser 2012-03-13 19:22:03 UTC
> the traces look like m_clientList is garbled (esp. see comment #8) but what
> makes me really wonder:
> How please can switching the desktop (via shortcut, one of the reports is
> even by mousewheel) cause a crash in the tabbox? And if it was some
> overflow from the desktop indicator, why so reproducible segfault location?
> 
> -> Do i terribly miss something? Do we have a tabbox for VDs as well?
yes, that exists and that could be related. My feeling is, that the crashes 
are caused by:
1. tabbox gets activated for desktop switching
2. declarative view gets somehow activated
3. tries to access the icon of the selected client
4. that does not exist -> crash

The 2. should not happen. If desktop switching tabbox is selected it should 
not interfere at all with the window switching code path. This is what I don't 
understand and where I need the way to reproduce the crash. When I have a 
pattern on how to reproduce I hope to find a solution for why it gets 
activated. Btw. I think this crash is related to the other tabbox crash we 
have/had in 4.8.

In master it is fixed as desktop switching tabbox now also uses a declarative 
view.
> -> Does it crash if you disable the desktop switching indicators (esp. that
> one showing the arrow)?
I doubt it. Completely different code.
Comment 20 Thomas Lübking 2012-03-23 16:13:24 UTC
*** Bug 296604 has been marked as a duplicate of this bug. ***
Comment 21 leiz 2012-03-23 21:15:07 UTC
So I see this is fixed in 4.9, but not 4.8, and there's nothing to cherry-pick back to 4.8 since the code got rewritten in some way. This is unfortunate, since Ubuntu's LTS is with 4.8. This means KDE users with Ubuntu's LTS will have this bug for a couple years. Many users on this bug and I are all hitting this crash several times a day.

I also don't have a way to repro the bug consistently, but when it happens, it's always from hitting the hotkey for "Walk Through Desktop List" in rapid succession. In my case, I have 3 virtual desktops.
Comment 22 leiz 2012-04-03 23:52:55 UTC
It is also more likely to happen when the machine is under load. This happens several times a day. Would it be helpful to do a local build with some logging to help figure out how this crash occurs?
Comment 23 Martin Flöser 2012-04-05 18:45:27 UTC
*** Bug 297551 has been marked as a duplicate of this bug. ***
Comment 24 Martin Flöser 2012-05-20 15:30:19 UTC
A possible fix for this crash might be https://git.reviewboard.kde.org/r/105000/

It would be appreciated if someone could test whether the patch fixes this issue, too.
Comment 25 Martin Flöser 2012-05-22 16:36:43 UTC
Git commit 05a3420175c88c7a106a245071d4bb3a75694e00 by Martin Gräßlin.
Committed on 20/05/2012 at 15:52.
Pushed by graesslin into branch 'master'.

Use smart pointers to protect access to TabBoxClient

Client holds a SharedPointer to the TabBoxClient and only
provides access to a WeakPointer which is passed to TabBox.
ClientModel is adjusted to hold a list of WeakPointers instead
of the direct pointers.

This fixes the following reproducable crash:
1. Configure both primary and secondary TabBox with different
   layouts
2. Use primary TabBox
3. Close a window, best the one which used to be active
4. Use secondary TabBox
-> Crash

The reason is that the ClientModel still contains the pointer
to the deleted TabBoxClient in step 3 and while creating the
layout access to the TabBoxClient is needed to get the Client's
icon.

By using the weak pointer it can be ensured that we don't try
to dereference the deleted pointer and prevent the crash.
Related: bug 290482, bug 237345
REVIEW: 105000

M  +1    -4    kwin/client.cpp
M  +3    -3    kwin/client.h
M  +40   -28   kwin/tabbox/clientmodel.cpp
M  +1    -1    kwin/tabbox/clientmodel.h
M  +26   -14   kwin/tabbox/tabbox.cpp
M  +4    -4    kwin/tabbox/tabbox.h
M  +28   -6    kwin/tabbox/tabboxhandler.cpp
M  +6    -6    kwin/tabbox/tabboxhandler.h

http://commits.kde.org/kde-workspace/05a3420175c88c7a106a245071d4bb3a75694e00
Comment 26 Martin Flöser 2012-05-24 19:28:44 UTC
*** Bug 300569 has been marked as a duplicate of this bug. ***
Comment 27 Martin Flöser 2012-05-29 05:55:23 UTC
Git commit 19c0fa5abd90a46de2ef6949a15de31111f930f4 by Martin Gräßlin.
Committed on 20/05/2012 at 15:52.
Pushed by graesslin into branch 'KDE/4.8'.

Use smart pointers to protect access to TabBoxClient

Client holds a SharedPointer to the TabBoxClient and only
provides access to a WeakPointer which is passed to TabBox.
ClientModel is adjusted to hold a list of WeakPointers instead
of the direct pointers.

This fixes the following reproducable crash:
1. Configure both primary and secondary TabBox with different
   layouts
2. Use primary TabBox
3. Close a window, best the one which used to be active
4. Use secondary TabBox
-> Crash

The reason is that the ClientModel still contains the pointer
to the deleted TabBoxClient in step 3 and while creating the
layout access to the TabBoxClient is needed to get the Client's
icon.

By using the weak pointer it can be ensured that we don't try
to dereference the deleted pointer and prevent the crash.

Cherry-Picked from 05a3420175c88c7a106a245071d4bb3a75694e00
Related: bug 290482, bug 237345
FIXED-IN: 4.8.4
REVIEW: 105000
REVIEW: 105069

M  +1    -4    kwin/client.cpp
M  +3    -3    kwin/client.h
M  +31   -22   kwin/tabbox/clientmodel.cpp
M  +1    -1    kwin/tabbox/clientmodel.h
M  +4    -2    kwin/tabbox/desktopitemdelegate.cpp
M  +19   -12   kwin/tabbox/tabbox.cpp
M  +4    -4    kwin/tabbox/tabbox.h
M  +28   -6    kwin/tabbox/tabboxhandler.cpp
M  +6    -6    kwin/tabbox/tabboxhandler.h

http://commits.kde.org/kde-workspace/19c0fa5abd90a46de2ef6949a15de31111f930f4