I try to run Plasma 5.1 Beta (with KF5.3) on kubuntu 14.10 and always get a crash in KWindwosSystem. I'm not sure if it's a drive bug or a bug in KWindowSystem. Had a look at the sources, but it's too heavy for me. The 5.1 Beta with KF5.2 (with openbox instead of kwin) was running fine. I also had the crash with the preliminary KF5.3 packages. The system is not a clean install, but an upgrade of an old installation and all packages are up to date. Reproducible: Always Steps to Reproduce: start an application which uses KwindowSystem, e.g. kwin_x11, plasmashell or kded5 Actual Results: crashes Expected Results: no crash Application: KWin (kwin_x11), signal: Aborted Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". [Current thread is 1 (Thread 0xb1db5740 (LWP 7549))] Thread 2 (Thread 0xb01ddb40 (LWP 7555)): #0 0xb7746c7c in __kernel_vsyscall () #1 0xb4c03076 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:245 #2 0xb765f9f4 in __pthread_cond_timedwait (cond=0x9832ae8, mutex=0x9832ad0, abstime=0xb01dd228) at forward.c:162 #3 0xb60f4995 in wait_relative (time=<optimized out>, this=<optimized out>) at thread/qwaitcondition_unix.cpp:126 #4 wait (time=<optimized out>, this=<optimized out>) at thread/qwaitcondition_unix.cpp:134 #5 QWaitCondition::wait (this=0x9832ad0, mutex=0x982c788, time=30000) at thread/qwaitcondition_unix.cpp:208 #6 0xb60f0865 in QThreadPoolThread::run (this=0x98095e0) at thread/qthreadpool.cpp:135 #7 0xb60f391b in QThreadPrivate::start (arg=0x98095e0) at thread/qthread_unix.cpp:345 #8 0xb4bfef16 in start_thread (arg=0xb01ddb40) at pthread_create.c:309 #9 0xb76529fe in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:129 Thread 1 (Thread 0xb1db5740 (LWP 7549)): [KCrash Handler] #6 0xb7746c7c in __kernel_vsyscall () #7 0xb7595577 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #8 0xb7596cf3 in __GI_abort () at abort.c:89 #9 0xb75d4953 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0xb76c9f70 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:175 #10 0xb7663b7b in __GI___fortify_fail (msg=<optimized out>, msg@entry=0xb76c9f58 "stack smashing detected") at fortify_fail.c:37 #11 0xb7663b0a in __stack_chk_fail () at stack_chk_fail.c:28 #12 0xb72b3414 in __stack_chk_fail_local () from /usr/lib/i386-linux-gnu/libKF5WindowSystem.so.5 #13 0xb72a58f5 in create_netwm_atoms (c=0x97938e8) at ../../src/netwm.cpp:520 #14 0xb72b1040 in NETRootInfo::NETRootInfo (this=0x98c7888, connection=0x97938e8, supportWindow=60817415, wmName=0xb749292d "KWin", properties=..., windowTypes=..., states=..., properties2=..., actions=..., screen=0, doActivate=true) at ../../src/netwm.cpp:697 #15 0xb7365f3a in KWin::RootInfo::RootInfo (this=0x98c7888, w=60817415, name=0xb749292d "KWin", properties=..., types=..., states=..., properties2=..., actions=..., scr=0) at ../netinfo.cpp:146 #16 0xb736623a in KWin::RootInfo::create () at ../netinfo.cpp:131 #17 0xb734307c in KWin::Workspace::init (this=0x9814a20) at ../workspace.cpp:261 #18 0xb7344935 in KWin::Workspace::Workspace (this=0x9814a20, restore=false) at ../workspace.cpp:229 #19 0xb737284d in KWin::Application::createWorkspace (this=0xbfabba40) at ../main.cpp:373 #20 0xb7717c42 in operator() (__closure=<synthetic pointer>) at ../main_x11.cpp:170 #21 call (arg=0xbfabb1c8, f=...) at /usr/include/i386-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:502 #22 call<QtPrivate::List<>, void> (arg=0xbfabb1c8, f=...) at /usr/include/i386-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:559 #23 QtPrivate::QFunctorSlotObject<KWin::ApplicationX11::performStartup()::<lambda()>, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=1, this_=0x97d8c60, r=0x97d77b0, a=0xbfabb1c8, ret=0x0) at /usr/include/i386-linux-gnu/qt5/QtCore/qobject_impl.h:200 #24 0xb634a907 in call (a=0xbfabb1c8, r=0x97d77b0, this=0x97d8c60) at ../../include/QtCore/../../src/corelib/kernel/qobject_impl.h:132 #25 QMetaObject::activate (sender=0x97d77b0, signalOffset=3, local_signal_index=1, argv=0x0) at kernel/qobject.cpp:3666 #26 0xb634b17d in QMetaObject::activate (sender=0x97d77b0, m=0xb72cdde0 <KSelectionOwner::staticMetaObject>, local_signal_index=1, argv=0x0) at kernel/qobject.cpp:3546 #27 0xb72b2252 in KSelectionOwner::claimedOwnership (this=0x97d77b0) at moc_kselectionowner.cpp:149 #28 0xb72934f0 in KSelectionOwner::Private::claimSucceeded (this=0x97daad0) at ../../src/kselectionowner.cpp:180 #29 0xb7293575 in KSelectionOwner::Private::gotTimestamp (this=0x97daad0) at ../../src/kselectionowner.cpp:214 #30 0xb7293df5 in KSelectionOwner::filterEvent (this=0x97d77b0, ev_P=0x1d7d) at ../../src/kselectionowner.cpp:398 #31 0xb729486b in KSelectionOwner::Private::nativeEventFilter (this=0x97daad0, eventType=..., message=0xb0f01168, result=0xbfabb3c8) at ../../src/kselectionowner.cpp:113 #32 0xb63163c7 in QAbstractEventDispatcher::filterNativeEvent (this=0x97b58a8, eventType=..., message=0xb0f01168, result=0xbfabb3c8) at kernel/qabstracteventdispatcher.cpp:468 #33 0xb199c09e in QXcbConnection::handleXcbEvent (this=0x9792c98, event=0xb0f01168) at qxcbconnection.cpp:823 #34 0xb199d570 in QXcbConnection::processXcbEvents (this=0x9792c98) at qxcbconnection.cpp:1232 #35 0xb19c36d4 in QXcbConnection::qt_static_metacall (_o=0x9792c98, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0xb0f01790) at .moc/moc_qxcbconnection.cpp:179 #36 0xb63489c0 in QMetaCallEvent::placeMetaCall (this=0xb0f01190, object=0x9792c98) at kernel/qobject.cpp:487 #37 0xb634bc53 in QObject::event (this=0x9792c98, e=0xb0f01190) at kernel/qobject.cpp:1241 #38 0xb6c47e1a in QApplicationPrivate::notify_helper (this=0x97890a0, receiver=0x9792c98, e=0xb0f01190) at kernel/qapplication.cpp:3504 #39 0xb6c4d3d1 in QApplication::notify (this=0xbfabba40, receiver=0x9792c98, e=0xb0f01190) at kernel/qapplication.cpp:3287 #40 0xb73736ba in KWin::Application::notify (this=0xbfabba40, o=0x9792c98, e=0xb0f01190) at ../main.cpp:228 #41 0xb6319a9a in QCoreApplication::notifyInternal (this=0xbfabba40, receiver=0x9792c98, event=0xb0f01190) at kernel/qcoreapplication.cpp:935 #42 0xb631bcd4 in sendEvent (event=0xb0f01190, receiver=0x9792c98) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:237 #43 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x977ffc0) at kernel/qcoreapplication.cpp:1539 #44 0xb63719b4 in QEventDispatcherUNIX::processEvents (this=0x97b58a8, flags=...) at kernel/qeventdispatcher_unix.cpp:587 #45 0xb19f10ff in QUnixEventDispatcherQPA::processEvents (this=0x97b58a8, flags=...) at eventdispatchers/qunixeventdispatcher.cpp:70 #46 0xb6316cb3 in QEventLoop::processEvents (this=0xbfabb978, flags=...) at kernel/qeventloop.cpp:136 #47 0xb63170fa in QEventLoop::exec (this=0xbfabb978, flags=...) at kernel/qeventloop.cpp:212 #48 0xb631f115 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1188 #49 0xb6651b81 in QGuiApplication::exec () at kernel/qguiapplication.cpp:1436 #50 0xb6c461c4 in QApplication::exec () at kernel/qapplication.cpp:2749 #51 0xb7718aef in kdemain (argc=3, argv=0xbfabbb44) at ../main_x11.cpp:294 #52 0x08048647 in main (argc=3, argv=0xbfabbb44) at kwin_x11_dummy.cpp:3
@Harald: that looks similar to the crash trace you sent me the other day. Might it be that there is a problem with the kubuntu packages? If it affects all applications using KWindowSystem it should also crash the unit test applications on our CI system.
Yep, that seems to be the same issue. It is entirely possible that it is a kubuntu thing, in which case I'd be hard pressed to find out where the problem is as we have no patches against kwindowsystem (as is the case with just about all of frameworks). Furthermore it is suspicious that it does not appear on 64bit. One random bit about the backtrace at hand I'll highlight though: QEventDispatcherUNIX. Unless Qt5 changed that, this is the !glib dispatcher and has all sorts of issue to begin with (e.g. polkit will not work at all).
(In reply to Harald Sitter from comment #2) > Furthermore it is suspicious that it does not appear on 64bit. that is a good starting point! And could explain why I cannot reproduce. > > One random bit about the backtrace at hand I'll highlight though: > QEventDispatcherUNIX. Unless Qt5 changed that, this is the !glib dispatcher > and has all sorts of issue to begin with (e.g. polkit will not work at all). ah yes, KWin disables the glib dispatcher because it caused all kind of problems which are specific to a window manager.
No, the backtrace and the error message is a good starting point. The backtrace tells us that the abort() happened in create_netwm_atoms() and the error message that we walked off the end of an array allocated on the stack. If we count the members of the atoms[] array we find that it has 92 atoms, while netAtomCount is 91. This means that we write one element past the end of the cookies[] array.
whoops, that's embarrassing.
review request created: https://git.reviewboard.kde.org/r/120539/
Git commit 3576df163c8c64ebba74fc51c95de900dbf0220e by Martin Gräßlin. Committed on 09/10/2014 at 09:06. Pushed by graesslin into branch 'master'. Fix incorrect count of netwm atoms This fixes a regression introduced with 59cb063b99e6ec13c0bc3cf3fd95a01258184e86. The commit added 4 new atoms but only incremented the atom count by 3. Which can cause a crash as soon as the NET classes are used. To ensure that such an error is not introduced again, an assert is added. REVIEW: 120539 M +2 -1 src/netwm.cpp http://commits.kde.org/kwindowsystem/3576df163c8c64ebba74fc51c95de900dbf0220e
also put this as a patch in Kubuntu packages