Bug 363251 - Changed Rendering Backend kwin --reload crash
Summary: Changed Rendering Backend kwin --reload crash
Status: RESOLVED FIXED
Alias: None
Product: kwin
Classification: Plasma
Component: general (show other bugs)
Version: 5.5.5
Platform: Ubuntu Linux
: NOR crash
Target Milestone: ---
Assignee: KWin default assignee
URL:
Keywords: drkonqi
Depends on:
Blocks:
 
Reported: 2016-05-19 01:17 UTC by phillip
Modified: 2016-06-14 07:33 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description phillip 2016-05-19 01:17:26 UTC
Application: kwin_x11 (5.5.5)

Qt Version: 5.5.1
Operating System: Linux 4.4.0-22-generic x86_64
Distribution: Ubuntu 16.04 LTS

-- Information about the crash:
- What I was doing when the application crashed:

I changed my Compositor rendering backend from OpenGL 3.1 (GLX) to XRender. I hit Apply. Then I switched to OpenGL 2.0. Then I press Alt+F2 and typed kwin --replace

The crash does not seem to be reproducible.

-- Backtrace:
Application: KWin (kwin_x11), signal: Aborted
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f6b1fa90940 (LWP 5782))]

Thread 2 (Thread 0x7f6aed421700 (LWP 5789)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007f6b1ccd0bd4 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Script.so.5
#2  0x00007f6b1ccd0c19 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Script.so.5
#3  0x00007f6b194fc6fa in start_thread (arg=0x7f6aed421700) at pthread_create.c:333
#4  0x00007f6b1f580b5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 1 (Thread 0x7f6b1fa90940 (LWP 5782)):
[KCrash Handler]
#6  0x00007f6b1f4af418 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#7  0x00007f6b1f4b101a in __GI_abort () at abort.c:89
#8  0x00007f6b1f4f172a in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7f6b1f60a6b0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#9  0x00007f6b1f4f9f4a in malloc_printerr (ar_ptr=<optimized out>, ptr=<optimized out>, str=0x7f6b1f60a7e0 "double free or corruption (!prev)", action=3) at malloc.c:5007
#10 _int_free (av=<optimized out>, p=<optimized out>, have_lock=1) at malloc.c:3868
#11 0x00007f6b1f4fca99 in _int_realloc (av=av@entry=0x7f6b1f83db20 <main_arena>, oldp=oldp@entry=0xfff4f0, oldsize=oldsize@entry=240, nb=nb@entry=272) at malloc.c:4359
#12 0x00007f6b1f4fddb9 in __GI___libc_realloc (oldmem=0xfff500, bytes=256) at malloc.c:3046
#13 0x00007f6b108082c6 in ?? () from /usr/lib/x86_64-linux-gnu/tls/libnvidia-tls.so.361.42
#14 0x00007f6b1d88d7b7 in get_index (c=0xff2920, c=0xff2920, idx=8) at ../../src/xcb_ext.c:52
#15 get_lazyreply (c=c@entry=0xff2920, ext=ext@entry=0x7f6b1ac8c050 <xcb_render_id>) at ../../src/xcb_ext.c:74
#16 0x00007f6b1d88d843 in xcb_get_extension_data (c=c@entry=0xff2920, ext=0x7f6b1ac8c050 <xcb_render_id>) at ../../src/xcb_ext.c:95
#17 0x00007f6b1d88b527 in xcb_send_request64 (c=0xff2920, flags=flags@entry=0, vector=vector@entry=0x7ffcdbd14ae0, req=req@entry=0x7f6b1ac8bc40 <xcb_req>) at ../../src/xcb_out.c:204
#18 0x00007f6b1d88b969 in xcb_send_request (c=<optimized out>, flags=flags@entry=0, vector=vector@entry=0x7ffcdbd14ae0, req=req@entry=0x7f6b1ac8bc40 <xcb_req>) at ../../src/xcb_out.c:292
#19 0x00007f6b1aa873ab in xcb_render_free_picture (c=<optimized out>, picture=<optimized out>) at render.c:1157
#20 0x00007f6b1d0cb690 in KWin::XRenderPictureData::~XRenderPictureData (this=<optimized out>, __in_chrg=<optimized out>) at /build/kwin-2AFxJo/kwin-5.5.5/libkwineffects/kwinxrenderutils.cpp:154
#21 0x00007f6b1f1297b4 in QExplicitlySharedDataPointer<KWin::XRenderPictureData>::~QExplicitlySharedDataPointer (this=<optimized out>, __in_chrg=<optimized out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qshareddata.h:156
#22 KWin::XRenderPicture::~XRenderPicture (this=<optimized out>, __in_chrg=<optimized out>) at /build/kwin-2AFxJo/kwin-5.5.5/libkwineffects/kwinxrenderutils.h:66
#23 0x00007f6b1f4b3fe8 in __run_exit_handlers (status=0, listp=0x7f6b1f83d5f8 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true) at exit.c:82
#24 0x00007f6b1f4b4035 in __GI_exit (status=<optimized out>) at exit.c:104
#25 0x00007f6b1f49a837 in __libc_start_main (main=0x400780 <main(int, char**)>, argc=2, argv=0x7ffcdbd14c58, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffcdbd14c48) at ../csu/libc-start.c:325
#26 0x00000000004007b9 in _start ()

Possible duplicates by query: bug 354434, bug 349754, bug 348699, bug 348624.

Reported using DrKonqi
Comment 1 Martin Flöser 2016-05-31 15:36:06 UTC
the crash happens in the old kwin, which you stopped by starting a new. It's a crash during cleanup. Looks to me like it tried accessing xcb after the connection got already destroyed.
Comment 2 Martin Flöser 2016-05-31 15:45:43 UTC
If my theory is correct, then we have two possible places for that:
libkwineffects/kwinxrenderutils.cpp:    static XRenderPicture s_blendPicture(XCB_RENDER_PICTURE_NONE);
scene_xrender.cpp:                    static XRenderPicture cFadeAlpha(XCB_RENDER_PICTURE_NONE);

Both are static XRenderPictures which would be cleaned up after the application terminated the xcb connection.
Comment 3 Martin Flöser 2016-06-01 08:26:02 UTC
one case addressed with: https://phabricator.kde.org/D1731
Comment 4 Martin Flöser 2016-06-13 13:32:37 UTC
Git commit d49fba5d30cbc4a7d8530def7656f1bd6e71484a by Martin Gräßlin.
Committed on 13/06/2016 at 13:29.
Pushed by graesslin into branch 'master'.

[libkwinxrenderutils] Clean up static blend picture before going down

Summary:
The method xRenderBlendPicture created a static XRenderPicture on
first usage. To cleanup a XRenderPicture an xcb_connection_t* is needed.
As it's static the cleanup happens on exit handler and at that time Qt
already destroyed the xcb_connection_t*. With a certain chance this will
crash.

To expose the problem a Q_ASSERT(qApp) is added in the destructor of
XRenderPicture. Using xrenderBlendPicture() will hit this assert on
application exit. This is demonstrated by the added auto test.

The actual fix to the problem is moving the static variable out of
the method and introduce a global cleanup method just like the init
method. This is now called from Workspace dtor, so before application
goes down.

Reviewers: #plasma

Subscribers: plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D1731

M  +1    -0    autotests/CMakeLists.txt
A  +11   -0    autotests/libxrenderutils/CMakeLists.txt
A  +59   -0    autotests/libxrenderutils/blendpicture_test.cpp     [License: GPL (v2)]
M  +16   -6    libkwineffects/kwinxrenderutils.cpp
M  +5    -0    libkwineffects/kwinxrenderutils.h
M  +3    -0    workspace.cpp

http://commits.kde.org/kwin/d49fba5d30cbc4a7d8530def7656f1bd6e71484a
Comment 5 Martin Flöser 2016-06-13 13:32:37 UTC
Git commit 1b40feca3a119f8d7098bff299cb8be4032fedda by Martin Gräßlin.
Committed on 13/06/2016 at 13:29.
Pushed by graesslin into branch 'master'.

SceneXRender::Window uses a static XRenderPicture which it didn't clean up

Summary:
Using a static XRenderPicture results in a crash on exit as for cleanup
the already destroyed xcb_connection_t* is required.

This change ensures that the static XRenderPicture gets destroyed in the
static cleanup handler for SceneXRender::Window.

Reviewers: #plasma

Subscribers: plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D1733

M  +8    -5    scene_xrender.cpp
M  +1    -0    scene_xrender.h

http://commits.kde.org/kwin/1b40feca3a119f8d7098bff299cb8be4032fedda
Comment 6 Martin Flöser 2016-06-14 07:33:54 UTC
I hope that were the only cases where we hit this situation. Assuming fixed. Thanks for reporting, that was an interesting crash (and I like those ;-) ).