[plasmashell] [Bug 478970] plasmawindowed 5.91.0 crashed sometimes when closing

Matt Fagnani Sun, 24 Dec 2023 20:59:37 -0800

https://bugs.kde.org/show_bug.cgi?id=478970


--- Comment #2 from Matt Fagnani <matt.fagn...@bell.net> ---
Created attachment 164433
  --> https://bugs.kde.org/attachment.cgi?id=164433&action=edit
Full trace of all threads of plasmawindowed crash in QObject::parent

plasmawindowed org.kde.plasma.kickoff crashed when closing with a different
trace in QObject::parent. The crash might've been a null pointer dereference
since QObject::parent had this=0x0.

Core was generated by `plasmawindowed org.kde.plasma.kickoff'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  QObject::parent (this=0x0) at /usr/include/qt6/QtCore/qscopedpointer.h:90
Downloading source file /usr/include/qt6/QtCore/qscopedpointer.h
90          T *operator->() const noexcept                                      
[Current thread is 1 (Thread 0x7fbed19f9b80 (LWP 13870))]
Missing separate debuginfos, use: dnf debuginfo-install
plasma-workspace-5.91.0-2.fc40.x86_64
(gdb) bt
#0  QObject::parent (this=0x0) at /usr/include/qt6/QtCore/qscopedpointer.h:90
#1  Plasma::Applet::containment (this=<optimized out>)
    at /usr/src/debug/libplasma-5.91.0-1.fc40.x86_64/src/plasma/applet.cpp:733
#2  0x00007fbed3210af3 in Plasma::AppletPrivate::mainConfigGroup
(this=0x5603941b7b40)
    at
/usr/src/debug/libplasma-5.91.0-1.fc40.x86_64/src/plasma/private/applet_p.cpp:514
#3  0x00007fbed31eeea5 in Plasma::AppletPrivate::mainConfigGroup
(this=<optimized out>)
    at /usr/include/qt6/QtCore/qarraydatapointer.h:413
#4  Plasma::Applet::config (this=0x5603941ac5b0)
    at /usr/src/debug/libplasma-5.91.0-1.fc40.x86_64/src/plasma/applet.cpp:205
#5  0x00007fbed3273f8f in PlasmaQuick::AppletQuickItem::~AppletQuickItem
(this=<optimized out>, this=<optimized out>)
    at
/usr/src/debug/libplasma-5.91.0-1.fc40.x86_64/src/plasmaquick/appletquickitem.cpp:459
#6  0x00007fbed32750e2 in PlasmoidItem::~PlasmoidItem (this=<optimized out>,
this=<optimized out>)
    at
/usr/src/debug/libplasma-5.91.0-1.fc40.x86_64/src/plasmaquick/plasmoid/plasmoiditem.cpp:46
#7  QQmlPrivate::QQmlElement<PlasmoidItem>::~QQmlElement (this=<optimized out>,
this=<optimized out>)
    at /usr/include/qt6/QtQml/qqmlprivate.h:99
#8  QQmlPrivate::QQmlElement<PlasmoidItem>::~QQmlElement (this=<optimized out>,
this=<optimized out>)
    at /usr/include/qt6/QtQml/qqmlprivate.h:99
#9  0x00007fbed328e5d0 in PlasmaQuick::SharedQmlEngine::~SharedQmlEngine
(this=<optimized out>, this=<optimized out>)
    at
/usr/src/debug/libplasma-5.91.0-1.fc40.x86_64/src/plasmaquick/sharedqmlengine.cpp:153
#10 0x00007fbed328e685 in PlasmaQuick::SharedQmlEngine::~SharedQmlEngine
(this=<optimized out>, this=<optimized out>)
    at
/usr/src/debug/libplasma-5.91.0-1.fc40.x86_64/src/plasmaquick/sharedqmlengine.cpp:155
#11 0x00007fbed09fa92d in QObjectPrivate::deleteChildren
(this=this@entry=0x5603941ade50)
    at
/usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qobject.cpp:2206
#12 0x00007fbed09fef68 in QObject::~QObject (this=<optimized out>,
__in_chrg=<optimized out>)
    at
/usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qobject.cpp:1159
#13 0x00007fbed31ea135 in Plasma::Applet::~Applet (this=<optimized out>,
this=<optimized out>)
    at /usr/src/debug/libplasma-5.91.0-1.fc40.x86_64/src/plasma/applet.cpp:90
#14 0x00007fbed09f3629 in QObject::event (this=0x5603941ac5b0,
e=0x7fbe7cf5e620)
--Type <RET> for more, q to quit, c to continue without paging--c
    at
/usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qobject.cpp:1424
#15 0x00007fbed1bc3168 in QApplicationPrivate::notify_helper (this=<optimized
out>, receiver=0x5603941ac5b0, 
    e=0x7fbe7cf5e620) at
/usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/widgets/kernel/qapplication.cpp:3296
#16 0x00007fbed09a0e08 in QCoreApplication::notifyInternal2
(receiver=0x5603941ac5b0, event=0x7fbe7cf5e620)
    at
/usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1121
#17 0x00007fbed09a100d in QCoreApplication::sendEvent (receiver=<optimized
out>, event=<optimized out>)
    at
/usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1539
#18 0x00007fbed09a4d05 in QCoreApplicationPrivate::sendPostedEvents
(receiver=0x0, event_type=0, data=0x560393dceb60)
    at
/usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1901
#19 0x00007fbed09a507d in QCoreApplication::sendPostedEvents
(receiver=<optimized out>, event_type=<optimized out>)
    at
/usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1760
#20 0x00007fbed0c6daef in postEventSourceDispatch (s=0x560393e5c8e0)
    at
/usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:243
#21 0x00007fbecf614e5c in g_main_dispatch (context=0x7fbeb8000ef0) at
../glib/gmain.c:3476
#22 g_main_context_dispatch_unlocked (context=0x7fbeb8000ef0) at
../glib/gmain.c:4284
#23 0x00007fbecf66ff18 in g_main_context_iterate_unlocked.isra.0
(context=context@entry=0x7fbeb8000ef0, 
    block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at
../glib/gmain.c:4349
#24 0x00007fbecf612ad3 in g_main_context_iteration (context=0x7fbeb8000ef0,
may_block=1) at ../glib/gmain.c:4414
#25 0x00007fbed0c6d39f in QEventDispatcherGlib::processEvents
(this=0x560393dd5590, flags=...)
    at
/usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:393
#26 0x00007fbed09adbcb in QEventLoop::exec (this=this@entry=0x7ffec341ab20,
flags=..., flags@entry=...)
    at
/usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/global/qflags.h:34
#27 0x00007fbed09a99cd in QCoreApplication::exec ()
    at
/usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/global/qflags.h:74
#28 0x00007fbed11fa05d in QGuiApplication::exec ()
    at
/usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/gui/kernel/qguiapplication.cpp:1925
#29 0x00007fbed1bc30d9 in QApplication::exec ()
    at
/usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/widgets/kernel/qapplication.cpp:2574
#30 0x0000560393c1149b in main (argc=<optimized out>, argv=<optimized out>)
    at
/usr/src/debug/plasma-workspace-5.91.0-2.fc40.x86_64/plasma-windowed/main.cpp:78

Plasma::AppletPrivate::mainConfigGroup in frame 2 had a null q pointer and ran
q->containment() so that might be where the null pointer was from.

(gdb) frame 2
#2  0x00007fbed3210af3 in Plasma::AppletPrivate::mainConfigGroup
(this=0x5603941b7b40)
    at
/usr/src/debug/libplasma-5.91.0-1.fc40.x86_64/src/plasma/private/applet_p.cpp:514
Downloading source file
/usr/src/debug/libplasma-5.91.0-1.fc40.x86_64/src/plasma/private/applet_p.cpp
514         Containment *c = q->containment();                                  
(gdb) p q

The invalid reads and frees I saw with valgrind might've led to the different
traces in a race condition depending on whether the memory corruption was
detected by glibc or the crash in QObject::parent happened first. The full
trace of all threads is attached.

-- 
You are receiving this mail because:
You are watching all bug changes.

[plasmashell] [Bug 478970] plasmawindowed 5.91.0 crashed sometimes when closing

Reply via email to