Bug 435588

Summary: kwin_wayland crashed while I was hovering over previews of Konsoles grouped in task manager
Product: [Plasma] kwin Reporter: Patrick Silva <bugseforuns>
Component: generalAssignee: KWin default assignee <kwin-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: kde, nate
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: https://invent.kde.org/plasma/kwin/commit/3a51749f09a95e37cc225c4c3f920925fc1de64b Version Fixed In: 5.22
Sentry Crash Report:

Description Patrick Silva 2021-04-10 16:06:17 UTC 
I had several instances of Konsole grouped in task manager, I enabled
tooltips of task manager in General Behavior KCM, I hovered over Konsoles grouped
in task manager (tooltips shown up with some empty previews), then kwin_wayland crashed when I hovered over some previews.


SOFTWARE/OS VERSIONS
Operating System: KDE neon Unstable Edition
KDE Plasma Version: 5.21.80
KDE Frameworks Version: 5.81.0
Qt Version: 5.15.2
Graphics Platform: Wayland


Thread 9 (Thread 0x7f931bfff700 (LWP 30037)):
#0  0x00007f93469deaff in __GI___poll (fds=0x7f9310004e60, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f93449a436e in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x7f9310004e60, timeout=<optimized out>, context=0x7f9310000c20) at ../../../glib/gmain.c:4346
#2  g_main_context_iterate (context=context@entry=0x7f9310000c20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4042
#3  0x00007f93449a44a3 in g_main_context_iteration (context=0x7f9310000c20, may_block=may_block@entry=1) at ../../../glib/gmain.c:4108
#4  0x00007f93471c5fe2 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7f9310000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007f934716a1eb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7f931bffecc0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:141
#6  0x00007f9346f84a52 in QThread::exec() (this=this@entry=0x5596bc451340) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#7  0x00007f9345e06fa9 in QQmlThreadPrivate::run() (this=0x5596bc451340) at qml/ftw/qqmlthread.cpp:155
#8  0x00007f9346f85bec in QThreadPrivate::start(void*) (arg=0x5596bc451340) at thread/qthread_unix.cpp:329
#9  0x00007f9346d6b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#10 0x00007f93469eb293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 8 (Thread 0x7f932b7fe700 (LWP 30035)):
#0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x5596bbb1fb28) at ../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x5596bbb1fad8, cond=0x5596bbb1fb00) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x5596bbb1fb00, mutex=0x5596bbb1fad8) at pthread_cond_wait.c:638
#3  0x00007f9339d05e6b in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#4  0x00007f9339d05a6b in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#5  0x00007f9346d6b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#6  0x00007f93469eb293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 7 (Thread 0x7f932bfff700 (LWP 30034)):
#0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x5596bbb1fb28) at ../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x5596bbb1fad8, cond=0x5596bbb1fb00) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x5596bbb1fb00, mutex=0x5596bbb1fad8) at pthread_cond_wait.c:638
#3  0x00007f9339d05e6b in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#4  0x00007f9339d05a6b in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#5  0x00007f9346d6b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#6  0x00007f93469eb293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 6 (Thread 0x7f9338fa9700 (LWP 30033)):
#0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x5596bbb1fb28) at ../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x5596bbb1fad8, cond=0x5596bbb1fb00) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x5596bbb1fb00, mutex=0x5596bbb1fad8) at pthread_cond_wait.c:638
#3  0x00007f9339d05e6b in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#4  0x00007f9339d05a6b in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#5  0x00007f9346d6b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#6  0x00007f93469eb293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 5 (Thread 0x7f933b7fe700 (LWP 30031)):
#0  0x00007f93469deaff in __GI___poll (fds=0x7f932c004630, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f93449a436e in g_main_context_poll (priority=<optimized out>, n_fds=2, fds=0x7f932c004630, timeout=<optimized out>, context=0x7f932c000c20) at ../../../glib/gmain.c:4346
#2  g_main_context_iterate (context=context@entry=0x7f932c000c20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4042
#3  0x00007f93449a44a3 in g_main_context_iteration (context=0x7f932c000c20, may_block=may_block@entry=1) at ../../../glib/gmain.c:4108
#4  0x00007f93471c5fe2 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7f932c000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007f934716a1eb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7f933b7fdce0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:141
#6  0x00007f9346f84a52 in QThread::exec() (this=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#7  0x00007f9346f85bec in QThreadPrivate::start(void*) (arg=0x5596bb8a3a20) at thread/qthread_unix.cpp:329
#8  0x00007f9346d6b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#9  0x00007f93469eb293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 0x7f93397aa700 (LWP 30032)):
#0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x5596bbb1fb28) at ../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x5596bbb1fad8, cond=0x5596bbb1fb00) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x5596bbb1fb00, mutex=0x5596bbb1fad8) at pthread_cond_wait.c:638
#3  0x00007f9339d05e6b in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#4  0x00007f9339d05a6b in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#5  0x00007f9346d6b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#6  0x00007f93469eb293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7f933bfff700 (LWP 30030)):
#0  0x00007f93469deaff in __GI___poll (fds=0x7f9334005240, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f93449a436e in g_main_context_poll (priority=<optimized out>, n_fds=2, fds=0x7f9334005240, timeout=<optimized out>, context=0x7f9334000c20) at ../../../glib/gmain.c:4346
#2  g_main_context_iterate (context=context@entry=0x7f9334000c20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4042
#3  0x00007f93449a44a3 in g_main_context_iteration (context=0x7f9334000c20, may_block=may_block@entry=1) at ../../../glib/gmain.c:4108
#4  0x00007f93471c5fe2 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7f9334000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007f934716a1eb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7f933bffece0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:141
#6  0x00007f9346f84a52 in QThread::exec() (this=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#7  0x00007f9346f85bec in QThreadPrivate::start(void*) (arg=0x5596bb88fd60) at thread/qthread_unix.cpp:329
#8  0x00007f9346d6b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#9  0x00007f93469eb293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7f9340f51700 (LWP 30029)):
#0  0x00007f93469deaff in __GI___poll (fds=0x7f933c018d50, nfds=4, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f93449a436e in g_main_context_poll (priority=<optimized out>, n_fds=4, fds=0x7f933c018d50, timeout=<optimized out>, context=0x7f933c001ce0) at ../../../glib/gmain.c:4346
#2  g_main_context_iterate (context=context@entry=0x7f933c001ce0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4042
#3  0x00007f93449a44a3 in g_main_context_iteration (context=0x7f933c001ce0, may_block=may_block@entry=1) at ../../../glib/gmain.c:4108
#4  0x00007f93471c5fe2 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7f933c000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007f934716a1eb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7f9340f50cb0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:141
#6  0x00007f9346f84a52 in QThread::exec() (this=this@entry=0x7f9348e87d80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#7  0x00007f9348e03f4b in QDBusConnectionManager::run() (this=0x7f9348e87d80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:179
#8  0x00007f9346f85bec in QThreadPrivate::start(void*) (arg=0x7f9348e87d80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:329
#9  0x00007f9346d6b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#10 0x00007f93469eb293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7f934196b8c0 (LWP 30028)):
#0  0x00007f93047ae380 in  ()
#1  0x00005596bcad3b48 in  ()
#2  0x00005596bcad3b48 in  ()
#3  0x0000000000000000 in  ()
Comment 1 David Edmundson 2021-04-10 16:59:07 UTC 
>Thread 1 (Thread 0x7f934196b8c0 (LWP 30028)):
#0  0x00007f93047ae380 in  ()
#1  0x00005596bcad3b48 in  ()
#2  0x00005596bcad3b48 in  ()
#3  0x0000000000000000 in  ()

Well that's not very unhelpful! 
I got the same when trying to reproduce a pipewire quitting crash, which sounds similar.
Comment 2 Bug Janitor Service 2021-04-13 08:31:15 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/852
Comment 3 Alois Wohlschlager 2021-04-13 08:45:27 UTC 
Git commit 59f6b77612d3e80fa579064ebdcccfd2127158c9 by Alois Wohlschlager.
Committed on 13/04/2021 at 08:28.
Pushed by davidedmundson into branch 'master'.

Fix crash when stopping PipeWire streaming

The stream object was deleted from a slot connected to its stopStreaming
signal. This is unsafe and can lead to memory corruption and ultimately
crashes when PipWwire streaming is stopped. Use deleteLater instead.
Related: bug 428268

M  +1    -1    src/plugins/screencast/screencastmanager.cpp

https://invent.kde.org/plasma/kwin/commit/59f6b77612d3e80fa579064ebdcccfd2127158c9
Comment 4 Aleix Pol 2021-04-18 18:50:12 UTC 
Git commit 3a51749f09a95e37cc225c4c3f920925fc1de64b by Aleix Pol, on behalf of Alois Wohlschlager.
Committed on 18/04/2021 at 18:49.
Pushed by apol into branch 'Plasma/5.21'.

Fix crash when stopping PipeWire streaming

The stream object was deleted from a slot connected to its stopStreaming
signal. This is unsafe and can lead to memory corruption and ultimately
crashes when PipWwire streaming is stopped. Use deleteLater instead.
Related: bug 428268

M  +1    -1    plugins/screencast/screencastmanager.cpp

https://invent.kde.org/plasma/kwin/commit/3a51749f09a95e37cc225c4c3f920925fc1de64b