299582 – Kwin crashes everytime the "Dim Inactive" effect is turned off

Bug 299582 - Kwin crashes everytime the "Dim Inactive" effect is turned off

Summary: Kwin crashes everytime the "Dim Inactive" effect is turned off

Status:	RESOLVED FIXED

Alias:	None

Product:	kwin
Classification:	Plasma
Component:	effects-various (show other bugs)
Version:	git master
Platform:	Compiled Sources Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	KWin default assignee

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-05-07 19:07 UTC by Jekyll Wu
Modified:	2013-01-18 22:57 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:	http://commits.kde.org/kde-workspace/3a2abb892ecb11886460ad8786e01e351aa6a249
Version Fixed In:	4.9
Sentry Crash Report:

Flags:	thomas.luebking: ReviewRequest+

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Jekyll Wu 2012-05-07 19:07:08 UTC

Application: kwin (4.8.3 (4.8.3))
KDE Platform Version: 4.8.3 (4.8.3) (Compiled from sources)
Qt Version: 4.8.1
Operating System: Linux 3.3.2-gentoo+ i686
Distribution: "Gentoo Base System release 2.1"

-- Information about the crash:
- What I was doing when the application crashed:

Turn off the "Dim Inactive" effect .

Below is the output of `qdbus org.kde.kwin /KWin supportInformation` before turning off the "Dim Inactive" effect


==========================

Options
=======
focusPolicy: 0
nextFocusPrefersMouse: false
clickRaise: true
autoRaise: false
autoRaiseInterval: 0
delayFocusInterval: 0
shadeHover: false
shadeHoverInterval: 250
tiling: false
tilingLayout: 0
tilingRaisePolicy: 0
separateScreenFocus: false
activeMouseScreen: false
placement: 4
focusPolicyIsReasonable: true
borderSnapZone: 10
windowSnapZone: 10
centerSnapZone: 0
snapOnlyWhenOverlapping: false
showDesktopIsMinimizeAll: false
rollOverDesktops: true
focusStealingPreventionLevel: 1
legacyFullscreenSupport: false
operationTitlebarDblClick: 
commandActiveTitlebar1: 0
commandActiveTitlebar2: 30
commandActiveTitlebar3: 2
commandInactiveTitlebar1: 4
commandInactiveTitlebar2: 30
commandInactiveTitlebar3: 2
commandWindow1: 7
commandWindow2: 8
commandWindow3: 8
commandWindowWheel: 31
commandAll1: 10
commandAll2: 3
commandAll3: 14
keyCmdAllModKey: 16777251
showGeometryTip: false
electricBorders: false
electricBorderDelay: 150
electricBorderCooldown: 350
electricBorderPushbackPixels: 1
electricBorderMaximize: false
electricBorderTiling: false
borderlessMaximizedWindows: false
killPingTimeout: 5000
hideUtilityWindowsForInactive: true
inactiveTabsSkipTaskbar: false
autogroupSimilarWindows: false
autogroupInForeground: true
compositingMode: 1
useCompositing: true
compositingInitialized: true
hiddenPreviews: 1
unredirectFullscreen: false
glSmoothScale: 1
glVSync: false
xrenderSmoothScale: false
maxFpsInterval: 17
refreshRate: 0
glDirect: true
glStrictBinding: false
glStrictBindingFollowsDriver: true

Compositing
===========
Qt Graphics System: raster
Compositing is active
Compositing Type: OpenGL
OpenGL vendor string: NVIDIA Corporation
OpenGL renderer string: GeForce 9300M G/PCIe/SSE2
OpenGL version string: 3.3.0 NVIDIA 295.49
Driver: NVIDIA
Driver version: 295.49
GPU class: G80/G90
OpenGL version: 3.3
X server version: 1.12.1
Linux kernel version: 3.3.2
Direct rendering: yes
Requires strict binding: no
GLSL shaders:  yes
Texture NPOT support:  yes
OpenGL 2 Shaders are used

Loaded Effects:
---------------
kwin4_effect_zoom
kwin4_effect_login
kwin4_effect_slidingpopups
kwin4_effect_diminactive
kwin4_effect_coverswitch
kwin4_effect_translucency
kwin4_effect_boxswitch
kwin4_effect_slide
kwin4_effect_desktopgrid
kwin4_effect_fade
kwin4_effect_dialogparent
kwin4_effect_highlightwindow
kwin4_effect_taskbarthumbnail
kwin4_effect_presentwindows
kwin4_effect_blur
kwin4_effect_logout
kwin4_effect_dashboard
kwin4_effect_startupfeedback

Currently Active Effects:
-------------------------
kwin4_effect_diminactive
kwin4_effect_translucency
kwin4_effect_blur

The crash can be reproduced every time.

-- Backtrace:
Application: KWin (kwin), signal: Segmentation fault
Using host libthread_db library "/lib/libthread_db.so.1".
[Current thread is 1 (Thread 0xaf332740 (LWP 3542))]

Thread 4 (Thread 0xadfeeb40 (LWP 3550)):
#0  0xb76f6424 in __kernel_vsyscall ()
#1  0xb5e41914 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:236
#2  0xb7517e15 in __pthread_cond_timedwait (cond=0x8429980, mutex=0x8429968, abstime=0xadfee160) at forward.c:152
#3  0xb5ebd090 in wait (time=30000, this=0x8429968) at thread/qwaitcondition_unix.cpp:84
#4  QWaitCondition::wait (this=0x8429910, mutex=0x842990c, time=30000) at thread/qwaitcondition_unix.cpp:158
#5  0xb5eafb88 in QThreadPoolThread::run (this=0x8429a18) at concurrent/qthreadpool.cpp:141
#6  0xb5ebc1ca in QThreadPrivate::start (arg=0x8429a18) at thread/qthread_unix.cpp:298
#7  0xb64cea01 in ?? () from /usr/lib/libGL.so.1
#8  0x5c8b0824 in ?? ()
#9  0xbab80424 in ?? ()
#10 0x65000000 in ?? ()
#11 0x001015ff in ?? ()
#12 0xd3890000 in ?? ()
#13 0xfff0013d in ?? ()
#14 0xc30173ff in ?? ()
#15 0x0f9084e8 in ?? ()
#16 0x6fc18100 in ?? ()
#17 0x8b001564 in ?? ()
#18 0xffff1089 in ?? ()
#19 0x29d231ff in ?? ()
#20 0x118965c2 in ?? ()
#21 0xebffc883 in ?? ()
#22 0x909090e2 in ?? ()
#23 0x81e58955 in ?? ()
#24 0x0000b8ec in ?? ()
#25 0xf45d8900 in ?? ()
#26 0x89f87589 in ?? ()
#27 0x00e8fc7d in ?? ()
#28 0x5b000000 in ?? ()
#29 0x643dc381 in ?? ()
#30 0x7d8b0015 in ?? ()
#31 0x5cb58d08 in ?? ()
#32 0xc7ffffff in ?? ()
#33 0x00042444 in ?? ()
#34 0x89000000 in ?? ()
#35 0x89082474 in ?? ()
#36 0x55e8243c in ?? ()
#37 0x89fffff8 in ?? ()
#38 0xffffb8c2 in ?? ()
#39 0xd285ffff in ?? ()
#40 0x5d8b1279 in ?? ()
#41 0xf8758bf4 in ?? ()
#42 0xc9fc7d8b in ?? ()
#43 0x26b48dc3 in ?? ()
#44 0x00000000 in ?? ()

Thread 3 (Thread 0xacbffb40 (LWP 3553)):
#0  0xb76f6424 in __kernel_vsyscall ()
#1  0xb5e41914 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:236
#2  0xb7517e15 in __pthread_cond_timedwait (cond=0x8429980, mutex=0x8429968, abstime=0xacbff160) at forward.c:152
#3  0xb5ebd090 in wait (time=30000, this=0x8429968) at thread/qwaitcondition_unix.cpp:84
#4  QWaitCondition::wait (this=0x8429910, mutex=0x842990c, time=30000) at thread/qwaitcondition_unix.cpp:158
#5  0xb5eafb88 in QThreadPoolThread::run (this=0x8459f38) at concurrent/qthreadpool.cpp:141
#6  0xb5ebc1ca in QThreadPrivate::start (arg=0x8459f38) at thread/qthread_unix.cpp:298
#7  0xb64cea01 in ?? () from /usr/lib/libGL.so.1
#8  0x5c8b0824 in ?? ()
#9  0xbab80424 in ?? ()
#10 0x65000000 in ?? ()
#11 0x001015ff in ?? ()
#12 0xd3890000 in ?? ()
#13 0xfff0013d in ?? ()
#14 0xc30173ff in ?? ()
#15 0x0f9084e8 in ?? ()
#16 0x6fc18100 in ?? ()
#17 0x8b001564 in ?? ()
#18 0xffff1089 in ?? ()
#19 0x29d231ff in ?? ()
#20 0x118965c2 in ?? ()
#21 0xebffc883 in ?? ()
#22 0x909090e2 in ?? ()
#23 0x81e58955 in ?? ()
#24 0x0000b8ec in ?? ()
#25 0xf45d8900 in ?? ()
#26 0x89f87589 in ?? ()
#27 0x00e8fc7d in ?? ()
#28 0x5b000000 in ?? ()
#29 0x643dc381 in ?? ()
#30 0x7d8b0015 in ?? ()
#31 0x5cb58d08 in ?? ()
#32 0xc7ffffff in ?? ()
#33 0x00042444 in ?? ()
#34 0x89000000 in ?? ()
#35 0x89082474 in ?? ()
#36 0x55e8243c in ?? ()
#37 0x89fffff8 in ?? ()
#38 0xffffb8c2 in ?? ()
#39 0xd285ffff in ?? ()
#40 0x5d8b1279 in ?? ()
#41 0xf8758bf4 in ?? ()
#42 0xc9fc7d8b in ?? ()
#43 0x26b48dc3 in ?? ()
#44 0x00000000 in ?? ()

Thread 2 (Thread 0xa7c76b40 (LWP 3554)):
#0  0xb76f6424 in __kernel_vsyscall ()
#1  0xb5e4155c in pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_wait.S:169
#2  0xb7517dbe in __pthread_cond_wait (cond=0xb67f5290, mutex=0xb67f5278) at forward.c:139
#3  0xb66db787 in ?? () from /usr/lib/qt4/libQtScript.so.4
#4  0xb66db7d1 in ?? () from /usr/lib/qt4/libQtScript.so.4
#5  0xb64cea01 in ?? () from /usr/lib/libGL.so.1
#6  0x5c8b0824 in ?? ()
#7  0xbab80424 in ?? ()
#8  0x65000000 in ?? ()
#9  0x001015ff in ?? ()
#10 0xd3890000 in ?? ()
#11 0xfff0013d in ?? ()
#12 0xc30173ff in ?? ()
#13 0x0f9084e8 in ?? ()
#14 0x6fc18100 in ?? ()
#15 0x8b001564 in ?? ()
#16 0xffff1089 in ?? ()
#17 0x29d231ff in ?? ()
#18 0x118965c2 in ?? ()
#19 0xebffc883 in ?? ()
#20 0x909090e2 in ?? ()
#21 0x81e58955 in ?? ()
#22 0x0000b8ec in ?? ()
#23 0xf45d8900 in ?? ()
#24 0x89f87589 in ?? ()
#25 0x00e8fc7d in ?? ()
#26 0x5b000000 in ?? ()
#27 0x643dc381 in ?? ()
#28 0x7d8b0015 in ?? ()
#29 0x5cb58d08 in ?? ()
#30 0xc7ffffff in ?? ()
#31 0x00042444 in ?? ()
#32 0x89000000 in ?? ()
#33 0x89082474 in ?? ()
#34 0x55e8243c in ?? ()
#35 0x89fffff8 in ?? ()
#36 0xffffb8c2 in ?? ()
#37 0xd285ffff in ?? ()
#38 0x5d8b1279 in ?? ()
#39 0xf8758bf4 in ?? ()
#40 0xc9fc7d8b in ?? ()
#41 0x26b48dc3 in ?? ()
#42 0x00000000 in ?? ()

Thread 1 (Thread 0xaf332740 (LWP 3542)):
[KCrash Handler]
#7  0xb76834ab in KWin::EffectsHandlerImpl::buildQuads (this=0x8872d28, w=0x8883c78, quadList=...) at /tmp/portage/kde-base/kwin-9999/work/kwin-9999/kwin/effects.cpp:311
#8  0xb765c924 in KWin::Scene::Window::buildQuads (this=0x87eca08, force=true) at /tmp/portage/kde-base/kwin-9999/work/kwin-9999/kwin/scene.cpp:604
#9  0xb767d934 in KWin::EffectWindowImpl::buildQuads (this=0x8883c78, force=true) at /tmp/portage/kde-base/kwin-9999/work/kwin-9999/kwin/effects.cpp:1497
#10 0xb760e0c6 in KWin::Shadow::updateShadow (this=0x8b7eca0) at /tmp/portage/kde-base/kwin-9999/work/kwin-9999/kwin/shadow.cpp:216
#11 0xb76586b8 in KWin::Toplevel::getShadow (this=0x84c1800) at /tmp/portage/kde-base/kwin-9999/work/kwin-9999/kwin/toplevel.cpp:376
#12 0xb760bad0 in KWin::Toplevel::propertyNotifyEvent (this=0x84c1800, e=0xbf88ce0c) at /tmp/portage/kde-base/kwin-9999/work/kwin-9999/kwin/events.cpp:1658
#13 0xb760bb1d in KWin::Client::propertyNotifyEvent (this=0x84c1800, e=0xbf88ce0c) at /tmp/portage/kde-base/kwin-9999/work/kwin-9999/kwin/events.cpp:824
#14 0xb760b06c in KWin::Client::windowEvent (this=0x84c1800, e=0xbf88ce0c) at /tmp/portage/kde-base/kwin-9999/work/kwin-9999/kwin/events.cpp:595
#15 0xb760c316 in KWin::Workspace::workspaceEvent (this=0x84597b8, e=0xbf88ce0c) at /tmp/portage/kde-base/kwin-9999/work/kwin-9999/kwin/events.cpp:294
#16 0xb75fc0b3 in KWin::Application::x11EventFilter (this=0xbf88cff4, e=0xbf88ce0c) at /tmp/portage/kde-base/kwin-9999/work/kwin-9999/kwin/main.cpp:362
#17 0xb5550074 in qt_x11EventFilter (ev=0xbf88ce0c) at kernel/qapplication_x11.cpp:435
#18 0xb555eac5 in QApplication::x11ProcessEvent (this=0xbf88cff4, event=0xbf88ce0c) at kernel/qapplication_x11.cpp:3337
#19 0xb558ad93 in QEventDispatcherX11::processEvents (this=0x8284ea0, flags=...) at kernel/qeventdispatcher_x11.cpp:132
#20 0xb5fce6aa in QEventLoop::processEvents (this=0xbf88cf44, flags=...) at kernel/qeventloop.cpp:149
#21 0xb5fce9b2 in QEventLoop::exec (this=0xbf88cf44, flags=...) at kernel/qeventloop.cpp:204
#22 0xb5fd3741 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1148
#23 0xb54d48d8 in QApplication::exec () at kernel/qapplication.cpp:3815
#24 0xb75feceb in kdemain (argc=2, argv=0xbf88d294) at /tmp/portage/kde-base/kwin-9999/work/kwin-9999/kwin/main.cpp:545
#25 0x080486db in main (argc=2, argv=0xbf88d294) at /tmp/portage/kde-base/kwin-9999/work/kwin-9999_build/kwin/kwin_dummy.cpp:3

Possible duplicates by query: bug 294451.

Reported using DrKonqi

Comment 1 Martin Flöser 2012-05-07 19:24:06 UTC

how old is your master? git rev?

Comment 2 Thomas Lübking 2012-05-07 19:27:30 UTC

I'd say the issue here is that the m_currentBuildQuadsIterator is initialized in startPaint() so that whenever the effect chain is altered between two paint passes, this can cause a crash for a dangeling iterator?! (also see the dupe, corrupted memory)

Any reason why the iterator not initialized right before the quad building recursion is triggered (protected by a  recursion check)?

Comment 3 Jekyll Wu 2012-05-07 19:32:21 UTC

(In reply to comment #1)
> how old is your master? git rev?

I built it a few ours ago. Should be 08909f1ae3b485b4e3857b8d660d018d2476a37f .

Comment 4 Martin Flöser 2012-05-07 19:52:14 UTC

(In reply to comment #2)
> I'd say the issue here is that the m_currentBuildQuadsIterator is
> initialized in startPaint() so that whenever the effect chain is altered
> between two paint passes, this can cause a crash for a dangeling iterator?!
> (also see the dupe, corrupted memory)
Is that possible at all? I would hope that after startPaint() no event would interrupt the processing till endPaint, shouldn't it?
> 
> Any reason why the iterator not initialized right before the quad building
> recursion is triggered (protected by a  recursion check)?
nobody added it yet?

Comment 5 Thomas Lübking 2012-05-07 20:18:00 UTC

(In reply to comment #4)
> (In reply to comment #2)
> > I'd say the issue here is that the m_currentBuildQuadsIterator is
> > initialized in startPaint() so that whenever the effect chain is altered
> > between two paint passes, this can cause a crash for a dangeling iterator?!
> > (also see the dupe, corrupted memory)
> Is that possible at all? I would hope that after startPaint() no event would
> interrupt the processing till endPaint, shouldn't it?
No (well, hopefully not ;-), but there is of course event processing between two *starts*, so if the iterator is on the effect that gets removed inbetween it suddenly points nowhere (and it's not explicitly set back after the paint cycle ended or anywhen else - just "validated" by the recursion.

> nobody added it yet?
:-P

Comment 6 Thomas Lübking 2012-05-07 20:38:08 UTC

http://git.reviewboard.kde.org/r/104881/

Comment 7 Thomas Lübking 2012-05-10 17:35:59 UTC

Git commit 3a2abb892ecb11886460ad8786e01e351aa6a249 by Thomas Lübking.
Committed on 07/05/2012 at 22:29.
Pushed by luebking into branch 'master'.

handle m_currentBuildQuadsIterator validation independent form painting pass

issue is that the effect chain may (will) change between two paint passes and buildQuads is called outside the paint pass
(shadows / decos whatever changes) so that the iterator may dangle
FIXED-IN: 4.9
REVIEW: 104881

M  +7    -1    kwin/effects.cpp

http://commits.kde.org/kde-workspace/3a2abb892ecb11886460ad8786e01e351aa6a249

Comment 8 Martin Flöser 2013-01-18 19:42:17 UTC

*** Bug 294451 has been marked as a duplicate of this bug. ***

Comment 9 abulak 2013-01-18 22:11:59 UTC

kde-4.9.5
Gentoo (unstable)

I still experience the crash upon deactivating DimInactive.

Comment 10 Thomas Lübking 2013-01-18 22:26:34 UTC

It's not certain that those bugs are dupes.
@Jekyll - have you experienced the crash after the commit?

Comment 11 Jekyll Wu 2013-01-18 22:52:08 UTC

(In reply to comment #10)
> It's not certain that those bugs are dupes.
> @Jekyll - have you experienced the crash after the commit?

No crash for me anymore .

Comment 12 Thomas Lübking 2013-01-18 22:57:26 UTC

Many thanks for the info.