Segfault after 1820 alt-Tab switches in wmaker 0.95.9

[roboshim]

Hello all,

I am surprised, that none other has the same issue in 0.95.9 as me. I have first found this issue on Gentoo after update wmaker 0.95.8 to 0.95.9. After downgrade to 0.95.8 wmaker was again OK.

Now I have same issue in Debian 11, again with wmaker 0.95.9-2.

I have noticed random wmaker restarts after pressing alt-tab (to switch app). It does not happen everytime, but only after some time. I thought it could happen after any count of alt-tab switches but of-course I could you count the alt-tabs during my work.

Now I have created easy bash script using xdotool to simulate pressing alt-tab and counting the number.

a=0 ; pid="$( pgrep -f '/usr/lib/WindowMaker/wmaker.*real' )" ; while ps -p "$pid" fh -o pid,lstart,etime,cmd &>/dev/null ; do xdotool key 'alt+Tab' ; echo "$a" ; sleep 0.01 ; a=$(($a+1)) ; done ; echo "$a"

I have found, that wmaker creashes with segfault everytime exactly after 1820 switches. Could you test the script yourself and check if you get the same segfault?

Nov 27 18:46:21 kernel: wmaker[3093039]: segfault at a28 ip 00007f8ebce40f74 sp 00007ffc4a51be60 error 4 in libX11.so.6.4.0[7f8ebce36000+8c000]
Nov 27 18:49:47 kernel: wmaker[4135936]: segfault at 0 ip 0000000000000000 sp 00007ffc0c129138 error 14 in wmaker[55df0f2cc000+15000]
Nov 27 19:43:24 kernel: wmaker[4142524]: segfault at 10 ip 00007f5c683b038b sp 00007ffdfcc64810 error 4 in libWINGs.so.3.1.0[7f5c683a5000+34000]
Nov 27 23:39:59 kernel: wmaker[4166558]: segfault at a88 ip 00007fa5cabacf74 sp 00007ffc5b78acb0 error 4 in libX11.so.6.4.0[7fa5caba2000+8c000]
Nov 27 23:42:54 kernel: wmaker[63121]: segfault at 564600000000 ip 00007fa48261ddab sp 00007ffcdb034a50 error 4 in libX11.so.6.4.0[7fa4825f6000+8c000]
Nov 27 23:45:20 kernel: wmaker[69580]: segfault at 4709bde5c1 ip 00007faad812cf82 sp 00007fff88dbb140 error 4 in libX11.so.6.4.0[7faad8122000+8c000]
Nov 27 23:47:28 kernel: wmaker[75808]: segfault at 9c8 ip 00007fbc2aea7f74 sp 00007ffeb81605e0 error 4 in libX11.so.6.4.0[7fbc2ae9d000+8c000]
Nov 28 00:11:02 kernel: wmaker[81943]: segfault at 9a8 ip 00007f864468ff74 sp 00007ffdffe236f0 error 4 in libX11.so.6.4.0[7f8644685000+8c000]
Nov 28 00:13:11 kernel: wmaker[95835]: segfault at a28 ip 00007fc9db082f74 sp 00007ffea8b93a20 error 4 in libX11.so.6.4.0[7fc9db078000+8c000]

Could you compile wmaker with debug symbols and find out the reason of the segfault?

I presume something with the new feature "switchpanel configurable" ("SwitchPanelIconSize"), but I am no programmer to find it out myself.

Can you find the problem?

Thank you very much.

Regards,

Robert Wolf.

[roboshim]

Maybe something with the following code at the beginning of WSwitchPanel *wInitSwitchPanel(WScreen *scr, WWindow *curwin, Bool class_only)?

  int wmScaleWidth, wmScaleHeight;
  WMGetScaleBaseFromSystemFont(scr->wmscreen, &wmScaleWidth, &wmScaleHeight);

  icon_size = wPreferences.switch_panel_icon_size;
  icon_tile_size = (short int)(((float)icon_size * (float)1.2) + 0.5);
  border_space = WMScaleY(10);
  label_height = WMScaleY(25);

This is the only new code. The other changes are only switch from DEFINE constant to static short int variables.

Maybe something in WMGetScaleBaseFromSystemFont(scr->wmscreen, &wmScaleWidth, &wmScaleHeight);?

Or something with WMScaleX() or WMScaleY() functions?

[roboshim]

on KVM VM it crashes after 2184 switches with debian standard live ISO (with xterm xfonts-base xdotool xbase-clients lxdm wmaker installed) and arch linux

[d-torrance]

I've noticed frequent crashes while alt-tabbing for quite a while too, but never got around to spending any time debugging it. It's interesting that it's so easily reproducible and occurs after a fixed number of attempts! Thanks for all of the info -- that should definitely help!

[roboshim]

Hello all. I have compiled different commits to test, when the crash appears. I have found, that the crash does not happen in commit 3665410377a2fbac7bfb3728eadbef0fc87b2830 ("make switchpanel configurable"), but curiously after the commit 31f16b65a33632c8345b150baa7bf79fa0a4a8c6 ("higher resolution images for switch panel").

Binary files a/WindowMaker/Pixmaps/swback.png and b/WindowMaker/Pixmaps/swback.png differ Binary files a/WindowMaker/Pixmaps/swback2.png and b/WindowMaker/Pixmaps/swback2.png differ Binary files a/WindowMaker/Pixmaps/swtile.png and b/WindowMaker/Pixmaps/swtile.png differ

Old files are:

swback2.png PNG 64x90 64x90+0+0 8-bit sRGB 4298B 0.000u 0:00.000 swback.png PNG 64x90 64x90+0+0 8-bit sRGB 5483B 0.000u 0:00.000 swtile.png PNG 64x64 64x64+0+0 8-bit sRGB 1349B 0.000u 0:00.000

And new files are:

swback2.png PNG 300x300 300x300+0+0 8-bit sRGB 8653B 0.000u 0:00.000 swback.png PNG 300x300 300x300+0+0 8-bit sRGB 9054B 0.000u 0:00.000 swtile.png PNG 300x300 300x300+0+0 8-bit sRGB 8599B 0.000u 0:00.000

The code probably does not allocate correct size for the images and therefore makes it segfault?

I have installed the released wmaker-0.95.9 from debian repo and wmaker crashed again after 2184 switches.

I have then replaced the new 300x300 switchpanel images with the 64x64/64x90 old images and now it does not crashed after 3000 switches.

The issue are really the new images and the old images are simple fast fix.

Could you, Haroldo @h-g-s , please check this issue, why the wmaker does crash with the new bigger images? Thank you very much.

Regards,

Robert.

[roboshim]

Hello again.

There is maybe any bug in static RImage *assemblePuzzleImage(RImage **images, int width, int height). If the back image is too big, the th get negative. If there are only a few windows on desktop, then even tw get negative (becase of short panel). And then the assemblePuzzleImage() returns NULL for back image.

Using SwitchPanelImages = (swtile.old.png); works correctly.

Using SwitchPanelImages = (swtile.new.png); generates negative th (and sometimes even tw) and returns NULL for back image and after some number of switches generates segfault.

Setting SwitchPanelImages = (swtile.old.png, swback2.old.png, 30, 40); because the panel is 103 pixel high, the back image is 90 pixel, ie. middle image is 40 and the top and bottom part are 25, then 103-25-25 is 53.

Setting SwitchPanelImages = (swtile.new.png, swback2.new.png, W, H); generates negative th because total height is 103, but the image is 300. The images have height (300-H)/2 (H should define middle square of image). If you use H=100, then top and bottom of image is 100 and 103-100-100 is -97. You can use big H and W, e.g.250, then the top and bottom are 25, but then the switch panel has strange huge borders.

With option SwitchPanelImages = (swtile.new.png, swback2.new.png, 250, 250); looks like in attachment.

I am sorry, that I cannot correctly debug it, I am no programmer.

Thank you for finding this issue.

Regards,

Robert.

[dmaciejak]

Thanks for the repro steps, I don't think it's related to the commit mentioned above about the "higher resolution images for switch panel". On my side I am not using those and wmaker is still crashing. Looks to be when the underlying view is freeing especially the gray color that was used as background color.

Program received signal SIGSEGV, Segmentation fault.
0x00007f5a0f5402cb in WMReleaseColor (color=0x56108f5ca470) at wcolor.c:156
156         XFreeColors(color->screen->display, color->screen->colormap, &(color->color.pixel), 1, 0);
(gdb) bt
#0  0x00007f5a0f5402cb in WMReleaseColor (color=0x56108f5ca470) at wcolor.c:156
#1  WMReleaseColor (color=0x56108f5ca470) at wcolor.c:151
#2  0x00007f5a0f56872d in destroyView (view=0x56108f7e27d0) at wview.c:402
#3  0x00007f5a0f5686af in destroyView (view=0x56108f7df200) at wview.c:372
#4  0x00007f5a0f5686af in destroyView (view=0x56108f7df3d0) at wview.c:372
#5  0x00007f5a0f5686af in destroyView (view=0x56108f7c9540) at wview.c:372
#6  0x00007f5a0f56882e in destroyView (view=<optimized out>) at wview.c:327
#7  0x00007f5a0f54f29b in WMDestroyWidget (widget=<optimized out>) at widgets.c:938
#8  0x000056108f32b897 in wSwitchPanelDestroy (panel=panel@entry=0x56108f5918e0) at switchpanel.c:567
#9  0x000056108f2f7e8b in StartWindozeCycle (wwin=<optimized out>, event=<optimized out>, next=<optimized out>, class_only=<optimized out>) at cycling.c:247
#10 0x00007f5a0f549281 in WMHandleEvent (event=event@entry=0x7ffd4f562290) at wevent.c:208
#11 0x000056108f31124c in EventLoop () at event.c:400
#12 0x000056108f2ec647 in real_main (argv=<optimized out>, argc=2) at main.c:807
#13 main (argc=<optimized out>, argv=<optimized out>) at main.c:601

[roboshim]

@dmaciejak thank you for debugging. As I have written, I am no developer :) But for me replacing the new hires images with the old ones has helped and I have no crashes since then. But it's great that you could find the problem. @crmafra thank you for pushing

[gryf]

Fixed in 2a14004fc37c855a762eac3967956acd642407a2.