Bug 417552

Summary: Plasmashell crashes on teardown when system tray was expanded
Product: [Plasma] plasmashell Reporter: Kai Uwe Broulik <kde>
Component: System TrayAssignee: Konrad Materka <materka>
Status: RESOLVED FIXED    
Severity: crash CC: materka
Priority: NOR    
Version: master   
Target Milestone: 1.0   
Platform: Other   
OS: Linux   
Latest Commit: https://commits.kde.org/plasma-workspace/ccd4536a6ce83529bf31d65f622ba24abacc68f1 Version Fixed In: 5.19.0
Sentry Crash Report:
Attachments: Stack trace

Description Kai Uwe Broulik 2020-02-13 11:17:35 UTC 
SUMMARY
When having expanded System Tray once, plasmashell crashes on teardown:

STEPS TO REPRODUCE
1. Start plasmashell
2. Open System Tray popup, close it again
3. run kquitapp5 plasmashell

OBSERVED RESULT
Plasma crashes and restarts

EXPECTED RESULT
Plasma doesn't crash

SOFTWARE/OS VERSIONS
KDE Plasma Version: 5.18.80 (master)
KDE Frameworks Version: 5.66 (master)
Qt Version: 5.13.2

ADDITIONAL INFORMATION
Git bisect suggests a79f80ed79ae2a1de379d1f31f4e0cbec05d83ce in plasma-workspace as the cause. At a glance looks like a Qt bug to me but still quite peculiar.

#6  0x00007f441e2138d8 in QQmlData::addNotify(int, QQmlNotifierEndpoint*) (this=<optimized out>, index=index@entry=-1, endpoint=endpoint@entry=0x5619b00aaf80) at qml/qqmlengine.cpp:1880
#7  0x00007f441e26de5a in QQmlNotifierEndpoint::connect(QObject*, int, QQmlEngine*, bool) (this=0x5619b00aaf80, source=0x5619a8162aa0, sourceSignal=-1, engine=<optimized out>, doNotify=<optimized out>) at qml/qqmlnotifier.cpp:140
#8  0x00007f441e2e1375 in QQmlConnections::connectSignals() (this=0x5619af1951e0) at types/qqmlconnections.cpp:287
#9  0x00007f441e2a32f3 in QQmlObjectCreator::finalize(QQmlInstantiationInterrupt&) (this=0x5619ab5620b0, interrupt=...) at qml/qqmlobjectcreator.cpp:1403
#10 0x00007f441e22e5b2 in QQmlIncubatorPrivate::incubate(QQmlInstantiationInterrupt&) (this=0x5619aaa9ec00, i=...) at qml/qqmlincubator.cpp:345
#11 0x00007f441e22eb4c in QQmlEnginePrivate::incubate(QQmlIncubator&, QQmlContextData*) (this=this@entry=0x5619a7e21570, i=..., forContext=forContext@entry=0x5619ab8ff900) at qml/qqmlincubator.cpp:89
#12 0x00007f441e22b43c in QQmlComponent::create(QQmlIncubator&, QQmlContext*, QQmlContext*) (this=this@entry=0x5619ac4ef880, incubator=..., context=<optimized out>, context@entry=0x5619ab8a3500, forContext=forContext@entry=0x0) at qml/qqmlcomponent.cpp:1070
#13 0x00007f441ed0bb30 in KDeclarative::QmlObject::createObjectFromComponent(QQmlComponent*, QQmlContext*, QHash<QString, QVariant> const&) (this=0x5619a8130c80, component=0x5619ac4ef880, context=<optimized out>, initialProperties=...) at ./src/kdeclarative/qmlobject.cpp:347
#14 0x00007f44204d51b4 in  () at /usr/lib/x86_64-linux-gnu/libKF5PlasmaQuick.so.5
#15 0x00007f44204d5bb8 in  () at /usr/lib/x86_64-linux-gnu/libKF5PlasmaQuick.so.5
#16 0x00007f44204d8745 in PlasmaQuick::AppletQuickItem::setExpanded(bool) () at /usr/lib/x86_64-linux-gnu/libKF5PlasmaQuick.so.5

It appears the systray applet gets expanded (AppletInterface::setExpanded(true) is called) on teardown which has it try to create a full rep and then blow up somewhere.
Comment 1 Konrad Materka 2020-02-13 21:28:07 UTC 
I think I found it,crash caused by this in PlasmoidItem.qml:
Component.onDestruction: {
    applet = null
}
nothing extraordinary... 
I will do more tests tomorrow.
Comment 2 Konrad Materka 2020-02-14 13:13:38 UTC 
Created attachment 126010 [details]
Stack trace

I'm attaching full stack trace. On shutdown plasma sets expanded state which then (unnecessarily?) recreates compact and full representation. Is this a bug?

It is crashing on first plasmoid item in hidden area. If all items are visible it is not crashing.
Plasma does not crash if https://phabricator.kde.org/D26992 is fully applied.

It might be a Qt bug (I'm not sure) but easy to workaround, I will prepare a patch.
Comment 3 Konrad Materka 2020-02-14 18:25:04 UTC 
Git commit ccd4536a6ce83529bf31d65f622ba24abacc68f1 by Konrad Materka.
Committed on 14/02/2020 at 18:24.
Pushed by kmaterka into branch 'master'.

[applets/SystemTray] Fix crash on shutdown

Summary:
When having expanded System Tray once, plasmashell crashes on teardown.
Fixes regression introduced in D27085.
FIXED-IN: 5.19.0

Test Plan:
1. Start plasmashell
2. Open System Tray popup, close it again
3. run kquitapp5 plasmashell, it should not crash

Reviewers: #plasma_workspaces, #plasma, broulik, ngraham

Reviewed By: ngraham

Subscribers: anthonyfieroni, plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D27401

M  +1    -5    applets/systemtray/package/contents/ui/items/PlasmoidItem.qml

https://commits.kde.org/plasma-workspace/ccd4536a6ce83529bf31d65f622ba24abacc68f1