385376 – kwin crashes in KWin::Client::readUserTimeMapTimestamp (isSplash) every time I open a window

Bug 385376 - kwin crashes in KWin::Client::readUserTimeMapTimestamp (isSplash) every time I open a window

Summary: kwin crashes in KWin::Client::readUserTimeMapTimestamp (isSplash) every time ...

Status:	RESOLVED NOT A BUG

Alias:	None

Product:	kwin
Classification:	Plasma
Component:	core (show other bugs)
Version:	unspecified
Platform:	Compiled Sources Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	KWin default assignee

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-10-04 20:05 UTC by David Faure
Modified:	2017-10-05 14:41 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
gdb backtrace (6.86 KB, text/plain) 2017-10-04 20:10 UTC, David Faure	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description David Faure 2017-10-04 20:05:17 UTC

gdb:

Thread 1 "kwin_x11" received signal SIGSEGV, Segmentation fault.
0x00007fcd98797603 in KWin::Toplevel::isSplash (this=0x7fcd98d14920 <vtable for KWin::Client+16>) at /d/kde/src/5/kde/workspace/kwin/toplevel.h:659
659         return windowType() == NET::Splash;
(gdb) bt
#0  0x00007fcd98797603 in KWin::Toplevel::isSplash (this=0x7fcd98d14920 <vtable for KWin::Client+16>) at /d/kde/src/5/kde/workspace/kwin/toplevel.h:659
#1  0x00007fcd9884db32 in KWin::Client::<lambda(const KWin::Client*)>::operator()(const KWin::Client *) const (__closure=0x7ffdd41ec590, cl=0x7fcd98d14920 <vtable for KWin::Client+16>) at /d/kde/src/5/kde/workspace/kwin/activation.cpp:761
#2  0x00007fcd9884e790 in std::_Function_handler<bool(const KWin::Client*), KWin::Client::readUserTimeMapTimestamp(const KStartupInfoId*, const KStartupInfoData*, bool) const::<lambda(const KWin::Client*)> >::_M_invoke(const std::_Any_data &, const KWin::Client *&&) (__functor=..., __args#0=@0x1474480: 0x7fcd98d14920 <vtable for KWin::Client+16>) at /usr/include/c++/5/functional:1857
#3  0x00007fcd98787749 in std::function<bool (KWin::Client const*)>::operator()(KWin::Client const*) const (this=0x7ffdd41ec590, __args#0=0x1474480) at /usr/include/c++/4.8/functional:2471
#4  0x00007fcd98784283 in std::__find_if<QList<KWin::Client*>::const_iterator, std::function<bool (KWin::Client const*)> >(QList<KWin::Client*>::const_iterator, QList<KWin::Client*>::const_iterator, std::function<bool (KWin::Client const*)>, std::random_access_iterator_tag) (__first=..., __last=..., __pred=...) at /usr/include/c++/4.8/bits/stl_algo.h:214
#5  0x00007fcd98781213 in std::find_if<QList<KWin::Client*>::const_iterator, std::function<bool (KWin::Client const*)> >(QList<KWin::Client*>::const_iterator, QList<KWin::Client*>::const_iterator, std::function<bool (KWin::Client const*)>) (__first=..., __last=..., __pred=...) at /usr/include/c++/4.8/bits/stl_algo.h:4465
#6  0x00007fcd9877c087 in KWin::Toplevel::findInList<KWin::Client, KWin::Client>(QList<KWin::Client*> const&, std::function<bool (KWin::Client const*)>) (list=QList<KWin::Client *> = {...}, func=...) at /d/kde/src/5/kde/workspace/kwin/toplevel.h:829
#7  0x00007fcd98773178 in KWin::Workspace::findClient(std::function<bool (KWin::Client const*)>) const (this=0x11f7b80, func=...) at /d/kde/src/5/kde/workspace/kwin/workspace.cpp:1675
#8  0x00007fcd9884dfec in KWin::Client::readUserTimeMapTimestamp (this=0x65b8f00, asn_id=0x0, asn_data=0x0, session=false) at /d/kde/src/5/kde/workspace/kwin/activation.cpp:784
#9  0x00007fcd98849c06 in KWin::Client::manage (this=0x65b8f00, w=182452229, isMapped=false) at /d/kde/src/5/kde/workspace/kwin/manage.cpp:572
#10 0x00007fcd9876a06d in KWin::Workspace::createClient (this=0x11f7b80, w=182452229, is_mapped=false) at /d/kde/src/5/kde/workspace/kwin/workspace.cpp:537
#11 0x00007fcd9882d3f5 in KWin::Workspace::workspaceEvent (this=0x11f7b80, e=0x7fcd78029170) at /d/kde/src/5/kde/workspace/kwin/events.cpp:357
#12 0x00007fcd988235c8 in KWin::XcbEventFilter::nativeEventFilter (this=0x11a3cf0, eventType=<QXcbNativeInterface::QXcbNativeInterface()::{lambda()#1}::operator()() const::qbytearray_literal+24> "xcb_generic_event_t" = {...}, message=0x7fcd78029170, result=0x7ffdd41ed738) at /d/kde/src/5/kde/workspace/kwin/main.cpp:420
#13 0x00007fcd8e590bf3 in QAbstractEventDispatcher::filterNativeEvent (this=<optimized out>, eventType=<QXcbNativeInterface::QXcbNativeInterface()::{lambda()#1}::operator()() const::qbytearray_literal+24> "xcb_generic_event_t" = {...}, message=message@entry=0x7fcd78029170, result=result@entry=0x7ffdd41ed738) at /d/qt/5/kde/qtbase/src/corelib/kernel/qabstracteventdispatcher.cpp:467
#14 0x00007fcd7e6c7ca4 in QXcbConnection::handleXcbEvent (this=this@entry=0x113c0b0, event=event@entry=0x7fcd78029170) at /d/qt/5/kde/qtbase/src/plugins/platforms/xcb/qxcbconnection.cpp:1091
#15 0x00007fcd7e6c8a8a in QXcbConnection::processXcbEvents (this=0x113c0b0) at /d/qt/5/kde/qtbase/src/plugins/platforms/xcb/qxcbconnection.cpp:1731
#16 0x00007fcd7e6fec17 in QXcbConnection::qt_static_metacall (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at .moc/moc_qxcbconnection.cpp:189
#17 0x00007fcd8e5bf752 in QMetaCallEvent::placeMetaCall (this=0x7fcd7800cd90, object=0x113c0b0) at /d/qt/5/kde/qtbase/src/corelib/kernel/qobject.cpp:503
#18 0x00007fcd8e5c4410 in QObject::event (this=0x113c0b0, e=<optimized out>) at /d/qt/5/kde/qtbase/src/corelib/kernel/qobject.cpp:1246
#19 0x00007fcd7e6cbafe in QXcbConnection::event (this=<optimized out>, e=0x7fcd7800cd90) at /d/qt/5/kde/qtbase/src/plugins/platforms/xcb/qxcbconnection.cpp:2328
#20 0x00007fcd8f4c3c23 in QApplicationPrivate::notify_helper (this=this@entry=0x110f9a0, receiver=receiver@entry=0x113c0b0, e=e@entry=0x7fcd7800cd90) at /d/qt/5/kde/qtbase/src/widgets/kernel/qapplication.cpp:3722
#21 0x00007fcd8f4cb2ca in QApplication::notify (this=0x7ffdd41ee070, receiver=0x113c0b0, e=0x7fcd7800cd90) at /d/qt/5/kde/qtbase/src/widgets/kernel/qapplication.cpp:3094
#22 0x00007fcd98d2b90b in KWin::ApplicationX11::notify (this=0x7ffdd41ee070, o=0x113c0b0, e=0x7fcd7800cd90) at /d/kde/src/5/kde/workspace/kwin/main_x11.cpp:277
#23 0x00007fcd8e593e50 in QCoreApplication::notifyInternal2 (receiver=receiver@entry=0x113c0b0, event=event@entry=0x7fcd7800cd90) at /d/qt/5/kde/qtbase/src/corelib/kernel/qcoreapplication.cpp:1018
#24 0x00007fcd8e598fca in QCoreApplication::sendEvent (event=0x7fcd7800cd90, receiver=0x113c0b0) at /d/qt/5/kde/qtbase/src/corelib/kernel/qcoreapplication.h:233
#25 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x10fc7c0) at /d/qt/5/kde/qtbase/src/corelib/kernel/qcoreapplication.cpp:1678
#26 0x00007fcd8e5ea16a in QEventDispatcherUNIX::processEvents (this=0x11a73b0, flags=..., flags@entry=...) at /d/qt/5/kde/qtbase/src/corelib/kernel/qeventdispatcher_unix.cpp:466
#27 0x00007fcd7e728109 in QUnixEventDispatcherQPA::processEvents (this=<optimized out>, flags=...) at /d/qt/5/kde/qtbase/src/platformsupport/eventdispatchers/qunixeventdispatcher.cpp:68
#28 0x00007fcd8e591c91 in QEventLoop::processEvents (this=this@entry=0x7ffdd41edf40, flags=..., flags@entry=...) at /d/qt/5/kde/qtbase/src/corelib/kernel/qeventloop.cpp:134
#29 0x00007fcd8e5920e9 in QEventLoop::exec (this=this@entry=0x7ffdd41edf40, flags=..., flags@entry=...) at /d/qt/5/kde/qtbase/src/corelib/kernel/qeventloop.cpp:212
#30 0x00007fcd8e59b6c1 in QCoreApplication::exec () at /d/qt/5/kde/qtbase/src/corelib/kernel/qcoreapplication.cpp:1291
#31 0x00007fcd8eb22774 in QGuiApplication::exec () at /d/qt/5/kde/qtbase/src/gui/kernel/qguiapplication.cpp:1679
#32 0x00007fcd8f4c3ae1 in QApplication::exec () at /d/qt/5/kde/qtbase/src/widgets/kernel/qapplication.cpp:2910
#33 0x00007fcd98d2c9ec in kdemain (argc=3, argv=0x7ffdd41ee358) at /d/kde/src/5/kde/workspace/kwin/main_x11.cpp:466
#34 0x0000000000400d88 in main (argc=3, argv=0x7ffdd41ee358) at /d/kde/build/5/kde/workspace/kwin/kwin_x11_dummy.cpp:3

The value of "this" seems bogus: "this=0x7fcd98d14920 <vtable for KWin::Client+16>" unless gdb is mistaken there.

valgrind's addrcheck says:

==22123== 
==22123== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==22123==    at 0xCC1E9DB: raise (pt-raise.c:36)
==22123==    by 0xDA1AE8B: KCrash::defaultCrashHandler(int) (kcrash.cpp:434)
==22123==    by 0x1032A94F: ??? (in /lib64/libc-2.22.so)
==22123==    by 0xE8C78948F4758BEF: ???
==22123==    by 0x524AB31: KWin::Client::readUserTimeMapTimestamp(KStartupInfoId const*, KStartupInfoData const*, bool) const::{lambda(KWin::Client const*)#1}::operator()(KWin::Client const*) const (activation.cpp:761)
==22123==    by 0x524B78F: std::_Function_handler<bool (KWin::Client const*), KWin::Client::readUserTimeMapTimestamp(KStartupInfoId const*, KStartupInfoData const*, bool) const::{lambda(KWin::Client const*)#1}>::_M_invoke(std::_Any_data const&, KWin::Client const*&&) (functional:1857)
==22123==    by 0x5184748: std::function<bool (KWin::Client const*)>::operator()(KWin::Client const*) const (functional:2267)
==22123==    by 0x5181282: QList<KWin::Client*>::const_iterator std::__find_if<QList<KWin::Client*>::const_iterator, std::function<bool (KWin::Client const*)> >(QList<KWin::Client*>::const_iterator, QList<KWin::Client*>::const_iterator, std::function<bool (KWin::Client const*)>, std::random_access_iterator_tag) (stl_algo.h:214)
==22123==    by 0x517E212: QList<KWin::Client*>::const_iterator std::find_if<QList<KWin::Client*>::const_iterator, std::function<bool (KWin::Client const*)> >(QList<KWin::Client*>::const_iterator, QList<KWin::Client*>::const_iterator, std::function<bool (KWin::Client const*)>) (stl_algo.h:4465)
==22123==    by 0x5179086: KWin::Client* KWin::Toplevel::findInList<KWin::Client, KWin::Client>(QList<KWin::Client*> const&, std::function<bool (KWin::Client const*)>) (toplevel.h:829)
==22123==    by 0x5170177: KWin::Workspace::findClient(std::function<bool (KWin::Client const*)>) const (workspace.cpp:1675)
==22123==    by 0x524AFEB: KWin::Client::readUserTimeMapTimestamp(KStartupInfoId const*, KStartupInfoData const*, bool) const (activation.cpp:784)
==22123==    by 0x5246C05: KWin::Client::manage(unsigned int, bool) (manage.cpp:572)
==22123==    by 0x516706C: KWin::Workspace::createClient(unsigned int, bool) (workspace.cpp:537)

Note the re-entrancy, readUserTimeMapTimestamp() calls findClient() which ends up calling readUserTimeMapTimestamp().

Here's what the KWIN_CORE debug output indicates (in valgrind), just before the crash:
KWin::Client::readUserTimeMapTimestamp: User timestamp, ASN: 4294967295

qtbase 8ea5c40109 (5.9 git branch)
KF5 5.38
kwin 5e7b3c6c7 (Plasma/5.11 git branch)
gcc-5 (SUSE Linux) 5.3.1  (possibly mixed with some gcc-4 stuff, I just switched to 5 for compiling all of Qt+KF5+workspace+apps)

Comment 1 David Faure 2017-10-04 20:10:28 UTC

Created attachment 108172 [details]
gdb backtrace

Comment 2 Martin Flöser 2017-10-05 04:23:38 UTC

There is nothing in that code which would explain a crash.

I think your crash must be somewhere else. What I notice is that you use a rather old compiler. KWin requires C++14.

Comment 3 David Faure 2017-10-05 12:03:26 UTC

Well I just switched *from* gcc-4.8 *to* gcc-5.3.1 (which does support C++14).

But you're right, this must have been a miscompilation. I rebuilt kwin from scratch and the problems are gone.

This is weird, I was pretty sure I had wiped out the builddir when switching to gcc5...

Sorry for the noise.

Comment 4 Martin Flöser 2017-10-05 14:41:52 UTC

> Sorry for the noise.

No problem. I rather prefer that being a compile issue than an actual crash in a core part of KWin.