[plasmashell] [Bug 408847] Plasma crashes when I click the button to open the apps launcher a few times in sequence

[Matt Fagnani]

https://bugs.kde.org/show_bug.cgi?id=408847

Matt Fagnani <matthew.fagn...@utoronto.ca> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |matthew.fagn...@utoronto.ca

--- Comment #3 from Matt Fagnani <matthew.fagn...@utoronto.ca> ---
Created attachment 121068
  --> https://bugs.kde.org/attachment.cgi?id=121068&action=edit
trace of plasmashell segmentation fault in Plasma 5.15.5 on Wayland with Qt
5.12.4

I saw segmentation faults of plasmashell in wl_proxy_marshal_constructor at
wayland-client.c:819 when starting Plasma 5.15.5 on Wayland in Fedora 30. These
crashes occurred on startup of one session, and three times in another session.
These crashes started right after I updated from Qt 5.12.1 to 5.12.4 from koji
along with the dependent Plasma and KF5 rebuilds. drkonqi wouldn't allow me to
submit the attached trace which had the following segmentation fault and
crashing thread.

Application: Plasma (plasmashell), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
futex_wait_cancelable (private=0, expected=0, futex_word=0x564abb0ba9b0) at
../sysdeps/unix/sysv/linux/futex-internal.h:88
88        int err = lll_futex_timed_wait (futex_word, expected, NULL, private);
[Current thread is 1 (Thread 0x7f5298ae7d00 (LWP 1518))]

Thread 23 (Thread 0x7f522cff7700 (LWP 1744)):
[KCrash Handler]
#6  wl_proxy_marshal_constructor (proxy=0x0, opcode=opcode@entry=3,
interface=0x7f5296fb8980 <wl_callback_interface>) at src/wayland-client.c:819
#7  0x00007f52867430ed in wl_surface_frame (wl_surface=<optimized out>) at
../../include/QtWaylandClient/5.12.4/QtWaylandClient/private/../../../../../src/client/wayland-wayland-client-protocol.h:2798
#8  QtWayland::wl_surface::frame (this=this@entry=0x564aba0561a8) at
qwayland-wayland.cpp:1134
#9  0x00007f52867203ab in QtWaylandClient::QWaylandWindow::handleUpdate
(this=0x564aba056180) at qwaylandwindow.cpp:1151
#10 0x00007f527f9a2f04 in QtWaylandClient::QWaylandGLContext::swapBuffers
(this=0x564aba8448a0, surface=<optimized out>) at
../../../../hardwareintegration/client/wayland-egl/qwaylandglcontext.cpp:568
#11 0x00007f5297ac4441 in QOpenGLContext::swapBuffers (this=0x564ab9f4dc10,
surface=<optimized out>) at kernel/qopenglcontext.cpp:1115
#12 0x00007f52992e3401 in QSGRenderThread::syncAndRender
(this=this@entry=0x7f524801db40) at scenegraph/qsgthreadedrenderloop.cpp:652
#13 0x00007f52992e7168 in QSGRenderThread::run (this=0x7f524801db40) at
scenegraph/qsgthreadedrenderloop.cpp:730
#14 0x00007f529750e786 in QThreadPrivate::start (arg=0x7f524801db40) at
thread/qthread_unix.cpp:361
#15 0x00007f52969715a2 in start_thread (arg=<optimized out>) at
pthread_create.c:486
#16 0x00007f5297184303 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

I think the segmentation fault might've been due to a null pointer dereference
since proxy=0x0 in the wl_proxy_marshal_constructor call, and proxy was
dereferenced at wayland-client.c:820 in
proxy->object.interface->methods[opcode].signature

The wl_proxy_marshal_constructor function was as follows

812     WL_EXPORT struct wl_proxy *
813     wl_proxy_marshal_constructor(struct wl_proxy *proxy, uint32_t opcode,
814                                  const struct wl_interface *interface, ...)
815     {
816             union wl_argument args[WL_CLOSURE_MAX_ARGS];
817             va_list ap;
818
819             va_start(ap, interface);
820            
wl_argument_from_va_list(proxy->object.interface->methods[opcode].signature,
821                                      args, WL_CLOSURE_MAX_ARGS, ap);
822             va_end(ap);
823
824             return wl_proxy_marshal_array_constructor(proxy, opcode,
825                                                       args, interface);
826     }

Functions from qt5-qtwayland at #8-10 and qt5-qtdeclarative lower in the
crashing thread might be involved. I've seen a similar segmentation fault in
plasmashell with qt 5.12.4 with a different trace which I might make another
report for.

SOFTWARE/OS VERSIONS
Operating System: Fedora 30, 5.1.12 kernel
KDE Plasma Version: 5.15.5
KDE Frameworks Version: 5.59.0
Qt Version: 5.12.4

kf5-kwayland-0:5.59.0-2.fc30.x86_64
libwayland-client-0:1.17.0-1.fc30.x86_64
plasma-workspace-0:5.15.5-1.fc30.x86_64
qt5-qtwayland-0:5.12.4-1.fc30.x86_64

The following reports have plasmashell crashes with Qt 5.12.4 with similar
traces:
https://bugs.kde.org/show_bug.cgi?id=408969
https://bugs.kde.org/show_bug.cgi?id=408973
https://bugs.kde.org/show_bug.cgi?id=409014

-- 
You are receiving this mail because:
You are watching all bug changes.