Bug 394534

Summary: kcminit crash on startup
Product: [Applications] systemsettings Reporter: Alessandro <alessandro.sturniolo>
Component: kcm_mouseAssignee: Unassigned bugs mailing-list <unassigned-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: christiandehne, dap.darkness, fabian, fodrek.p, hbs, kde, kde, michael, nate, raul.malea, smetz3, software, suhn, unassigned-bugs
Priority: NOR Keywords: drkonqi
Version: unspecified   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
See Also: https://bugs.kde.org/show_bug.cgi?id=395765
Latest Commit: https://commits.kde.org/plasma-desktop/ead2c3e859dcb8531df99e87c0fe6eff64650952 Version Fixed In: 5.13.1
Attachments: New crash information added by DrKonqi

Description Alessandro 2018-05-21 18:48:47 UTC 
Application: kcminit ()

Qt Version: 5.10.0
Frameworks Version: 5.46.0
Operating System: Linux 4.4.126-48-default x86_64
Distribution: "openSUSE Leap 42.3"

-- Information about the crash:
- What I was doing when the application crashed:
Start KDE desktop.
I've tryed from different users, and kcminit crashes every time.

- Unusual behavior I noticed:
I don't know if it is related or not, but I've also strange behaviours on plasma widgets: wrong sizes and placements. If it's necessary I can attach some screenshots.

The binaries comes from here: 
http://download.opensuse.org/repositories/KDE:/Frameworks5/openSUSE_Leap_42.3/

The crash can be reproduced every time.

-- Backtrace:
Application: KCMInit (kcminit), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
[Current thread is 1 (Thread 0x7fa2e6311900 (LWP 15515))]

Thread 2 (Thread 0x7fa2d02aa700 (LWP 15529)):
#0  0x00007fa2e5c8f30d in poll () from /lib64/libc.so.6
#1  0x00007fa2e0847314 in ?? () from /usr/lib64/libglib-2.0.so.0
#2  0x00007fa2e084742c in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#3  0x00007fa2e441efbb in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQt5Core.so.5
#4  0x00007fa2e43caa4b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQt5Core.so.5
#5  0x00007fa2e420814a in QThread::exec() () from /usr/lib64/libQt5Core.so.5
#6  0x00007fa2e52297b5 in ?? () from /usr/lib64/libQt5DBus.so.5
#7  0x00007fa2e420ce0f in ?? () from /usr/lib64/libQt5Core.so.5
#8  0x00007fa2e2cbb724 in start_thread () from /lib64/libpthread.so.0
#9  0x00007fa2e5c97e8d in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x7fa2e6311900 (LWP 15515)):
[KCrash Handler]
#6  QMapData<KEntryKey, KEntry>::findNode (this=0x4545454545454545, akey=...) at /usr/include/qt5/QtCore/qmap.h:284
#7  0x00007fa2e335046d in QMap<KEntryKey, KEntry>::constFind (akey=..., this=0x21a70b0) at /usr/include/qt5/QtCore/qmap.h:869
#8  QMap<KEntryKey, KEntry>::find (akey=..., this=0x21a70b0) at /usr/include/qt5/QtCore/qmap.h:876
#9  KEntryMap::findEntry (this=this@entry=0x21a70b0, group=..., key=..., flags=...) at /usr/src/debug/kconfig-5.46.0/src/core/kconfigdata.cpp:74
#10 0x00007fa2e3350504 in KEntryMap::getEntry (this=this@entry=0x21a70b0, group=..., key=..., defaultValue=..., flags=..., flags@entry=..., expand=expand@entry=0x7ffd5567b78f) at /usr/src/debug/kconfig-5.46.0/src/core/kconfigdata.cpp:224
#11 0x00007fa2e3345b48 in KConfigPrivate::lookupData (this=0x21a7090, group=..., key=key@entry=0x7fa2cd7e3ea7 "cursorTheme", flags=..., flags@entry=..., expand=expand@entry=0x7ffd5567b78f) at /usr/src/debug/kconfig-5.46.0/src/core/kconfig.cpp:1005
#12 0x00007fa2e335472b in KConfigGroup::readEntry (this=this@entry=0x7ffd5567b860, key=key@entry=0x7fa2cd7e3ea7 "cursorTheme", aDefault=...) at /usr/src/debug/kconfig-5.46.0/src/core/kconfiggroup.cpp:687
#13 0x00007fa2cd7d25cb in X11Backend::kcmInit (this=0x2190b60) at /usr/src/debug/plasma-desktop-5.12.90/kcms/input/backends/x11/x11_backend.cpp:127
#14 0x00007fa2cd7c9f84 in kcminit_mouse () at /usr/src/debug/plasma-desktop-5.12.90/kcms/input/kcm/configcontainer.cpp:31
#15 0x00007fa2e5f578c7 in KCMInit::runModule (this=this@entry=0x7ffd5567bc30, libName=..., service=...) at /usr/src/debug/plasma-workspace-5.12.90/startkde/kcminit/main.cpp:87
#16 0x00007fa2e5f581b1 in KCMInit::runModules (this=this@entry=0x7ffd5567bc30, phase=phase@entry=-1) at /usr/src/debug/plasma-workspace-5.12.90/startkde/kcminit/main.cpp:129
#17 0x00007fa2e5f58898 in KCMInit::KCMInit (this=0x7ffd5567bc30, args=...) at /usr/src/debug/plasma-workspace-5.12.90/startkde/kcminit/main.cpp:189
#18 0x00007fa2e5f59395 in kdemain (argc=1, argv=<optimized out>) at /usr/src/debug/plasma-workspace-5.12.90/startkde/kcminit/main.cpp:241
#19 0x00007fa2e5bcb725 in __libc_start_main () from /lib64/libc.so.6
#20 0x00000000004006b9 in _start () at ../sysdeps/x86_64/start.S:118

Reported using DrKonqi
Comment 1 Kai Uwe Broulik 2018-05-22 07:53:56 UTC 
Crashes in Mouse KCM init
Comment 2 Christoph Feck 2018-06-07 22:00:18 UTC 
*** Bug 395121 has been marked as a duplicate of this bug. ***
Comment 3 Christoph Feck 2018-06-17 13:54:57 UTC 
*** Bug 395482 has been marked as a duplicate of this bug. ***
Comment 4 Christoph Feck 2018-06-18 00:15:33 UTC 
*** Bug 395539 has been marked as a duplicate of this bug. ***
Comment 5 Christoph Feck 2018-06-18 00:17:07 UTC 
All duplicates from openSUSE.
Comment 6 Fabian Vogt 2018-06-18 08:38:48 UTC 
(In reply to Christoph Feck from comment #5)
> All duplicates from openSUSE.

Likely a red herring because of different compiler or environment options for additional hardening.

This looks like wrong use of KConfig to me, it creates a dangling pointer:
https://cgit.kde.org/plasma-desktop.git/tree/kcms/mouse/backends/x11/x11_backend.cpp#n126
Comment 7 David Edmundson 2018-06-18 10:37:56 UTC 
Yep. Never crashes here but a minimal test of the same code does produce a valgrind warning.

Writing the correct version which keeps the lifespan of the KConfig object does nto produce the warning. Will fix this.
Comment 8 steffko 2018-06-18 16:41:30 UTC 
I reported my duplicate 395539 less than 24 hours ago.

Great to see that you're on top of it.

Thanks a lot, keep it up!
Comment 9 David Edmundson 2018-06-19 08:09:18 UTC 
Git commit ead2c3e859dcb8531df99e87c0fe6eff64650952 by David Edmundson.
Committed on 19/06/2018 at 08:02.
Pushed by davidedmundson into branch 'Plasma/5.13'.

Ref KConfig whilst we're using it

Summary:
In current code we would have a KConfigGroup with a dangling KConfig
deleted after the RHS for the group fetch has finished.

Test Plan:
Wrote minimal test case of code
It produced a valgrind warning (weirdly didn't crash though)
Modified to correct version
No longer any warnings

Reviewers: #plasma

Subscribers: plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D13599

M  +3    -1    kcms/mouse/backends/x11/x11_backend.cpp

https://commits.kde.org/plasma-desktop/ead2c3e859dcb8531df99e87c0fe6eff64650952
Comment 10 Christoph Feck 2018-06-20 13:57:06 UTC 
*** Bug 395613 has been marked as a duplicate of this bug. ***
Comment 11 software 2018-06-23 09:22:05 UTC 
Created attachment 113521 [details]
New crash information added by DrKonqi

kdeinit5 () using Qt 5.11.0

- What I was doing when the application crashed:
Logging in via sddm.
Happens with all users on this system, even with new created ones.

-- Backtrace (Reduced):
#6  0x00007f21e87e11ea in QMapData<KEntryKey, KEntry>::findNode (this=0x4545454545454545, akey=...) at /usr/include/qt5/QtCore/qmap.h:284
#7  0x00007f21e87e639b in QMap<KEntryKey, KEntry>::constFind (this=0x561798ad0500, akey=...) at /usr/include/qt5/QtCore/qmap.h:874
#8  QMap<KEntryKey, KEntry>::find (akey=..., this=0x561798ad0500) at /usr/include/qt5/QtCore/qmap.h:876
#9  KEntryMap::findEntry (this=this@entry=0x561798ad0500, group=..., key=..., flags=...) at /usr/src/debug/kconfig-5.46.0-1.2.x86_64/src/core/kconfigdata.cpp:74
#10 0x00007f21e87e64bb in KEntryMap::getEntry (this=this@entry=0x561798ad0500, group=..., key=..., defaultValue=..., flags=..., flags@entry=..., expand=0x7ffd1aba4b27) at /usr/src/debug/kconfig-5.46.0-1.2.x86_64/src/core/kconfigdata.cpp:224
Comment 12 Christoph Feck 2018-06-25 22:34:10 UTC 
*** Bug 395779 has been marked as a duplicate of this bug. ***
Comment 13 Christoph Feck 2018-06-25 22:34:13 UTC 
*** Bug 395869 has been marked as a duplicate of this bug. ***
Comment 14 Christoph Feck 2018-06-25 22:39:18 UTC 
We also get the same crash for Akregator on Tumbleweed, see bug 384134.

Could anyone understanding the Plasma fix propose a fix for Akregator?
Comment 15 Kai Uwe Broulik 2018-06-27 08:05:38 UTC 
*** Bug 395913 has been marked as a duplicate of this bug. ***
Comment 16 Christoph Feck 2018-07-18 19:37:01 UTC 
Okular is also affected, see bug 395765.
Comment 17 Fabian Vogt 2018-07-19 06:46:03 UTC 
(In reply to Christoph Feck from comment #16)
> Okular is also affected, see bug 395765.

The backtraces are basically identical, seems to be caused by KMainWindow. I don't see anything wrong with a first glance though.
Comment 18 Christoph Feck 2018-07-19 11:58:29 UTC 
*** Bug 395691 has been marked as a duplicate of this bug. ***