409815 – Dangling pointer in Workspace::constrainedStackingOrder

Bug 409815 - Dangling pointer in Workspace::constrainedStackingOrder

Summary: Dangling pointer in Workspace::constrainedStackingOrder

Status:	RESOLVED DUPLICATE of bug 406784

Alias:	None

Product:	kwin
Classification:	Plasma
Component:	general (show other bugs)
Version:	5.12.7
Platform:	Ubuntu Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	KWin default assignee

URL:
Keywords:	drkonqi

Depends on:
Blocks:

Reported:	2019-07-15 09:29 UTC by firefreu
Modified:	2019-07-15 14:19 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description firefreu 2019-07-15 09:29:28 UTC

Application: kwin_x11 (5.12.7)

Qt Version: 5.9.5
Frameworks Version: 5.44.0
Operating System: Linux 4.15.0-54-generic x86_64
Distribution: Ubuntu 18.04.2 LTS

-- Information about the crash:
- What I was doing when the application crashed:

Alt+TABbing regularly causes kwin_x11 to crash 

Notes:

- What seems to mitigate the frequency of the occurance by about 1:10 was switching to the 'compact' task switcher as opposed to the 'cover flip', or one of the other presumeably more resource intensive ones
- This has happened a lot, like through the lifetime of my 18.04 Kubuntu installation it's probably in the triple digits, but this was the first time the crash handler caught it

The crash can be reproduced sometimes.

-- Backtrace:
Application: KWin (kwin_x11), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7fdaf5a9cd00 (LWP 1471))]

Thread 6 (Thread 0x7fda377dd700 (LWP 2205)):
#0  0x00007fdaee4809f3 in futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x55aaf6c79de4) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  0x00007fdaee4809f3 in __pthread_cond_wait_common (abstime=0x0, mutex=0x55aaf6c79d90, cond=0x55aaf6c79db8) at pthread_cond_wait.c:502
#2  0x00007fdaee4809f3 in __pthread_cond_wait (cond=0x55aaf6c79db8, mutex=0x55aaf6c79d90) at pthread_cond_wait.c:655
#3  0x00007fdaf25e459b in QWaitCondition::wait(QMutex*, unsigned long) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007fdaed6546a8 in  () at /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5
#5  0x00007fdaed654b0a in  () at /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5
#6  0x00007fdaf25e316d in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#7  0x00007fdaee47a6db in start_thread (arg=0x7fda377dd700) at pthread_create.c:463
#8  0x00007fdaf542188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 5 (Thread 0x7fdad19b1700 (LWP 2204)):
#0  0x00007fdaee4809f3 in futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x55aaf6a2a3f4) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  0x00007fdaee4809f3 in __pthread_cond_wait_common (abstime=0x0, mutex=0x55aaf6a2a3a0, cond=0x55aaf6a2a3c8) at pthread_cond_wait.c:502
#2  0x00007fdaee4809f3 in __pthread_cond_wait (cond=0x55aaf6a2a3c8, mutex=0x55aaf6a2a3a0) at pthread_cond_wait.c:655
#3  0x00007fdaf25e459b in QWaitCondition::wait(QMutex*, unsigned long) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007fdaed6546a8 in  () at /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5
#5  0x00007fdaed654b0a in  () at /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5
#6  0x00007fdaf25e316d in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#7  0x00007fdaee47a6db in start_thread (arg=0x7fdad19b1700) at pthread_create.c:463
#8  0x00007fdaf542188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 0x7fdac2def700 (LWP 1622)):
#0  0x00007fdaee4809f3 in futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x7fdaf1a17fb8) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  0x00007fdaee4809f3 in __pthread_cond_wait_common (abstime=0x0, mutex=0x7fdaf1a17f68, cond=0x7fdaf1a17f90) at pthread_cond_wait.c:502
#2  0x00007fdaee4809f3 in __pthread_cond_wait (cond=0x7fdaf1a17f90, mutex=0x7fdaf1a17f68) at pthread_cond_wait.c:655
#3  0x00007fdaf17215f4 in  () at /usr/lib/x86_64-linux-gnu/libQt5Script.so.5
#4  0x00007fdaf1721639 in  () at /usr/lib/x86_64-linux-gnu/libQt5Script.so.5
#5  0x00007fdaee47a6db in start_thread (arg=0x7fdac2def700) at pthread_create.c:463
#6  0x00007fdaf542188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7fdad0d51700 (LWP 1620)):
#0  0x00007fdaf5414cf6 in __GI_ppoll (fds=0x7fdac8000d48, nfds=1, timeout=<optimized out>, sigmask=0x0) at ../sysdeps/unix/sysv/linux/ppoll.c:39
#1  0x00007fdaf28165c1 in qt_safe_poll(pollfd*, unsigned long, timespec const*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#2  0x00007fdaf2817cde in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#3  0x00007fdaf27bf9ea in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007fdaf25de22a in QThread::exec() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007fdaecf666f5 in  () at /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#6  0x00007fdaf25e316d in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#7  0x00007fdaee47a6db in start_thread (arg=0x7fdad0d51700) at pthread_create.c:463
#8  0x00007fdaf542188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7fdad2c2d700 (LWP 1586)):
#0  0x00007fdaf5414cf6 in __GI_ppoll (fds=0x7fdacc00b368, nfds=1, timeout=<optimized out>, sigmask=0x0) at ../sysdeps/unix/sysv/linux/ppoll.c:39
#1  0x00007fdaf28165c1 in qt_safe_poll(pollfd*, unsigned long, timespec const*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#2  0x00007fdaf2817cde in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#3  0x00007fdaf27bf9ea in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007fdaf25de22a in QThread::exec() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007fdaebe3fd45 in  () at /usr/lib/x86_64-linux-gnu/libQt5DBus.so.5
#6  0x00007fdaf25e316d in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#7  0x00007fdaee47a6db in start_thread (arg=0x7fdad2c2d700) at pthread_create.c:463
#8  0x00007fdaf542188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7fdaf5a9cd00 (LWP 1471)):
[KCrash Handler]
#6  0x000055aaf6fd19e0 in  ()
#7  0x00007fdaf4f0cd6d in KWin::Workspace::constrainedStackingOrder() () at /usr/lib/x86_64-linux-gnu/libkwin.so.5
#8  0x00007fdaf4f0d538 in KWin::Workspace::updateStackingOrder(bool) () at /usr/lib/x86_64-linux-gnu/libkwin.so.5
#9  0x00007fdaf4f0dac0 in KWin::Workspace::blockStackingUpdates(bool) () at /usr/lib/x86_64-linux-gnu/libkwin.so.5
#10 0x00007fdaf4eb8870 in KWin::Client::destroyClient() () at /usr/lib/x86_64-linux-gnu/libkwin.so.5
#11 0x00007fdaf4f18769 in KWin::Client::unmapNotifyEvent(xcb_unmap_notify_event_t*) () at /usr/lib/x86_64-linux-gnu/libkwin.so.5
#12 0x00007fdaf4f1be6b in KWin::Client::windowEvent(xcb_generic_event_t*) () at /usr/lib/x86_64-linux-gnu/libkwin.so.5
#13 0x00007fdaf4f1c7f5 in KWin::Workspace::workspaceEvent(xcb_generic_event_t*) () at /usr/lib/x86_64-linux-gnu/libkwin.so.5
#14 0x00007fdaf27be58f in QAbstractEventDispatcher::filterNativeEvent(QByteArray const&, void*, long*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#15 0x00007fdada253820 in QXcbConnection::handleXcbEvent(xcb_generic_event_t*) () at /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#16 0x00007fdada2544ac in QXcbConnection::processXcbEvents() () at /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#17 0x00007fdaf27f1122 in QObject::event(QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#18 0x00007fdaf353f82c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#19 0x00007fdaf35470f4 in QApplication::notify(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#20 0x00007fdaf27c19a8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#21 0x00007fdaf27c411d in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#22 0x00007fdaf2817af4 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#23 0x00007fdada2b55cd in  () at /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#24 0x00007fdaf27bf9ea in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#25 0x00007fdaf27c8a84 in QCoreApplication::exec() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#26 0x00007fdaf56f9dbb in kdemain () at /usr/lib/x86_64-linux-gnu/libkdeinit5_kwin_x11.so
#27 0x00007fdaf5321b97 in __libc_start_main (main=0x55aaf5379730, argc=1, argv=0x7ffccd6d1a48, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffccd6d1a38) at ../csu/libc-start.c:310
#28 0x000055aaf537976a in _start ()

Reported using DrKonqi

Comment 1 Vlad Zahorodnii 2019-07-15 09:32:12 UTC

Please post output of
    qdbus org.kde.KWin /KWin supportInformation

Can you recall if any window were closed during alt-tabbing?

Comment 2 firefreu 2019-07-15 13:44:00 UTC

(In reply to Vlad Zahorodnii from comment #1)
> Please post output of
>     qdbus org.kde.KWin /KWin supportInformation
> 
> Can you recall if any window were closed during alt-tabbing?

First the output of 'qdbus org.kde.KWin /KWin support information:



==========================

Version
=======
KWin version: 5.12.7
Qt Version: 5.9.5
Qt compile version: 5.9.5
XCB compile version: 1.13

Operation Mode: X11 only

Build Options
=============
KWIN_BUILD_DECORATIONS: yes
KWIN_BUILD_TABBOX: yes
KWIN_BUILD_ACTIVITIES: yes
HAVE_INPUT: yes
HAVE_DRM: yes
HAVE_GBM: yes
HAVE_X11_XCB: yes
HAVE_EPOXY_GLX: yes
HAVE_WAYLAND_EGL: yes

X11
===
Vendor: The X.Org Foundation
Vendor Release: 11906000
Protocol Version/Revision: 11/0
SHAPE: yes; Version: 0x11
RANDR: yes; Version: 0x14
DAMAGE: yes; Version: 0x11
Composite: yes; Version: 0x4
RENDER: yes; Version: 0xb
XFIXES: yes; Version: 0x50
SYNC: yes; Version: 0x31
GLX: yes; Version: 0x0

Decoration
==========
Plugin: org.kde.breeze
Theme: 
Blur: 0
onAllDesktopsAvailable: true
alphaChannelSupported: false
closeOnDoubleClickOnMenu: false
decorationButtonsLeft: 0, 2
decorationButtonsRight: 6, 3, 4, 5
borderSize: 3
gridUnit: 10
font: Noto Sans,10,-1,0,50,0,0,0,0,0,Regular
smallSpacing: 2
largeSpacing: 10

Platform
==========
Name: KWin::X11StandalonePlatform

Options
=======
focusPolicy: 0
nextFocusPrefersMouse: false
clickRaise: true
autoRaise: false
autoRaiseInterval: 0
delayFocusInterval: 0
shadeHover: false
shadeHoverInterval: 250
separateScreenFocus: false
placement: 4
focusPolicyIsReasonable: true
borderSnapZone: 10
windowSnapZone: 10
centerSnapZone: 0
snapOnlyWhenOverlapping: false
rollOverDesktops: true
focusStealingPreventionLevel: 1
legacyFullscreenSupport: false
operationTitlebarDblClick: 5000
operationMaxButtonLeftClick: 5000
operationMaxButtonMiddleClick: 5015
operationMaxButtonRightClick: 5014
commandActiveTitlebar1: 0
commandActiveTitlebar2: 30
commandActiveTitlebar3: 2
commandInactiveTitlebar1: 4
commandInactiveTitlebar2: 30
commandInactiveTitlebar3: 2
commandWindow1: 7
commandWindow2: 8
commandWindow3: 8
commandWindowWheel: 31
commandAll1: 10
commandAll2: 3
commandAll3: 14
keyCmdAllModKey: 16777251
showGeometryTip: false
condensedTitle: false
electricBorderMaximize: true
electricBorderTiling: true
electricBorderCornerRatio: 0.25
borderlessMaximizedWindows: false
killPingTimeout: 5000
hideUtilityWindowsForInactive: true
inactiveTabsSkipTaskbar: false
autogroupSimilarWindows: false
autogroupInForeground: true
compositingMode: 1
useCompositing: false
compositingInitialized: false
hiddenPreviews: 1
glSmoothScale: 2
xrenderSmoothScale: false
maxFpsInterval: 16666666
refreshRate: 0
vBlankTime: 6000000
glStrictBinding: true
glStrictBindingFollowsDriver: true
glCoreProfile: false
glPreferBufferSwap: 97
glPlatformInterface: 1
windowsBlockCompositing: true

Screen Edges
============
desktopSwitching: false
desktopSwitchingMovingClients: false
cursorPushBackDistance: 1x1
timeThreshold: 150
reActivateThreshold: 350
actionTopLeft: 0
actionTop: 0
actionTopRight: 0
actionRight: 0
actionBottomRight: 0
actionBottom: 0
actionBottomLeft: 0
actionLeft: 0

Screens
=======
Multi-Head: no
Active screen follows mouse:  no
Number of Screens: 2

Screen 0:
---------
Name: LVDS-0
Geometry: 1920,0,1366x768
Scale: 1
Refresh Rate: 59.9939

Screen 1:
---------
Name: VGA-0
Geometry: 0,0,1920x1080
Scale: 1
Refresh Rate: 60


Compositing
===========
Compositing is not active

===============================



Secondly: Regarding whether I could remember whether a window was closed: That actually makes the crash reproducible every time.
If the task switcher is open and the window which closes happens to be selected kwin crashes. It survives if the window which closes is not selected so that hunch was on the money.

Comment 3 Vlad Zahorodnii 2019-07-15 13:53:45 UTC

That's a known bug. I fixed it quite recently but I can't recall if the fix was backported to 5.12 branch.

In either case, you can work around the bug by just enabling compositing.

Comment 4 Vlad Zahorodnii 2019-07-15 14:05:08 UTC

I backported the fix to 5.12 branch.

The fix will be available in 5.12.9, which is released on 9/10/2019.

*** This bug has been marked as a duplicate of bug 406784 ***

Comment 5 firefreu 2019-07-15 14:19:31 UTC

In any case thank you very much for providing me an workaround and pointing me towards a fix!

Much appreciated!

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, July 15, 2019 3:53 PM, Vlad Zahorodnii <bugzilla_noreply@kde.org> wrote:

> https://bugs.kde.org/show_bug.cgi?id=409815
>
> --- Comment #3 from Vlad Zahorodnii vladzzag@gmail.com ---
>
> That's a known bug. I fixed it quite recently but I can't recall if the fix was
> backported to 5.12 branch.
>
> In either case, you can work around the bug by just enabling compositing.
>
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> You are receiving this mail because:
> You reported the bug.