Bug 435811

Summary: plasma-browser-integration-host crashes in loop on Wayland when Firefox asks if I want to make it default browser
Product: [Plasma] plasma-browser-integration Reporter: Patrick Silva <bugseforuns>
Component: FirefoxAssignee: Kai Uwe Broulik <kde>
Status: RESOLVED FIXED    
Severity: crash CC: alex765, isma.af, kde, nate, noahadvs, sitter
Priority: VHI    
Version: unspecified   
Target Milestone: ---   
Platform: Neon   
OS: Linux   
Latest Commit: Version Fixed In: 5.22
Attachments: screenshot

Description Patrick Silva 2021-04-16 12:01:05 UTC
Created attachment 137652 [details]
screenshot

SUMMARY
This crash only occurs on Wayland and when Firefox asks if I want to make it
default browser on opening. Unfortunately drkonqi fails to generate the backtrace
for these crashes and "coredumpctl" command shows no coredump related to
plasma-integration-host. I'm attaching a screenshot showing many crash icons
in system tray.

SOFTWARE/OS VERSIONS
Operating System: KDE neon Unstable Edition
KDE Plasma Version: 5.21.80
KDE Frameworks Version: 5.82.0
Qt Version: 5.15.2
Graphics Platform: Wayland
Comment 1 Patrick Silva 2021-04-16 12:22:51 UTC
ok, I got a backtrace with coredumpctl.


Thread 3 (Thread 0x7ff4242fe700 (LWP 52921)):
#0  0x00007ff42966daff in __GI___poll (fds=0x7ff41c005240, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007ff4279b836e in g_main_context_poll (priority=<optimized out>, n_fds=2, fds=0x7ff41c005240, timeout=<optimized out>, context=0x7ff41c000c20) at ../../../glib/gmain.c:4346
#2  g_main_context_iterate (context=context@entry=0x7ff41c000c20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4042
#3  0x00007ff4279b84a3 in g_main_context_iteration (context=0x7ff41c000c20, may_block=may_block@entry=1) at ../../../glib/gmain.c:4108
#4  0x00007ff429c38fe2 in QEventDispatcherGlib::processEvents (this=0x7ff41c000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007ff429bdd1eb in QEventLoop::exec (this=this@entry=0x7ff4242fdd30, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:141
#6  0x00007ff4299f7a52 in QThread::exec (this=this@entry=0x7ff42ac95d80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#7  0x00007ff42ac11f4b in QDBusConnectionManager::run (this=0x7ff42ac95d80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:179
#8  0x00007ff4299f8bec in QThreadPrivate::start (arg=0x7ff42ac95d80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:329
#9  0x00007ff4283db609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#10 0x00007ff42967a293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7ff4230ed700 (LWP 52923)):
#0  0x00007ff4296383bf in __GI___clock_nanosleep (clock_id=clock_id@entry=0, flags=flags@entry=0, req=req@entry=0x7ff4230ebc40, rem=rem@entry=0x0) at ../sysdeps/unix/sysv/linux/clock_nanosleep.c:78
#1  0x00007ff42963e047 in __GI___nanosleep (requested_time=requested_time@entry=0x7ff4230ebc40, remaining=remaining@entry=0x0) at nanosleep.c:27
#2  0x00007ff4296709bf in usleep (useconds=useconds@entry=1000) at ../sysdeps/posix/usleep.c:32
#3  0x00007ff428de2b79 in KWayland::Client::readData (fd=10, data=...) at ./src/client/plasmawindowmanagement.cpp:637
#4  0x00007ff428de6dac in non-virtual thunk to QtConcurrent::RunFunctionTask<QIcon>::run() () at /usr/include/x86_64-linux-gnu/qt5/QtCore/qfuturewatcher.h:169
#5  0x00007ff4299fbff2 in QThreadPoolThread::run (this=0x562c52bd7de0) at thread/qthreadpool.cpp:100
#6  0x00007ff4299f8bec in QThreadPrivate::start (arg=0x562c52bd7de0) at thread/qthread_unix.cpp:329
#7  0x00007ff4283db609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#8  0x00007ff42967a293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7ff425746840 (LWP 52920)):
#0  0x0000562c516cf383 in ?? ()
#1  0x00007ff429c156fe in QtPrivate::QSlotObjectBase::call (a=0x7fffc856d5d0, r=0x562c51716080, this=0x562c52b73aa0) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#2  doActivate<false> (sender=0x562c52b4fa20, signal_index=13, argv=0x7fffc856d5d0) at kernel/qobject.cpp:3886
#3  0x00007ff429c0eac7 in QMetaObject::activate (sender=sender@entry=0x562c52b4fa20, m=m@entry=0x7ff429e77020 <QAbstractItemModel::staticMetaObject>, local_signal_index=local_signal_index@entry=10, argv=argv@entry=0x7fffc856d5d0) at kernel/qobject.cpp:3946
#4  0x00007ff429b80a92 in QAbstractItemModel::rowsInserted (this=this@entry=0x562c52b4fa20, _t1=..., _t2=<optimized out>, _t3=<optimized out>, _t4=...) at .moc/moc_qabstractitemmodel.cpp:592
#5  0x00007ff429b89652 in QAbstractItemModel::endInsertRows (this=0x562c52b4fa20) at itemmodels/qabstractitemmodel.cpp:2780
#6  0x00007ff429ba945b in QIdentityProxyModelPrivate::_q_sourceRowsInserted (end=<optimized out>, start=<optimized out>, parent=..., this=<optimized out>) at itemmodels/qidentityproxymodel.cpp:611
#7  QIdentityProxyModel::qt_static_metacall (_c=QMetaObject::InvokeMetaMethod, _a=<optimized out>, _id=<optimized out>, _o=<optimized out>) at .moc/moc_qidentityproxymodel.cpp:153
#8  QIdentityProxyModel::qt_static_metacall (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at .moc/moc_qidentityproxymodel.cpp:146
#9  0x00007ff429c15730 in doActivate<false> (sender=0x562c52b58160, signal_index=13, argv=0x7fffc856d7a0) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:395
#10 0x00007ff429c0eac7 in QMetaObject::activate (sender=sender@entry=0x562c52b58160, m=m@entry=0x7ff429e77020 <QAbstractItemModel::staticMetaObject>, local_signal_index=local_signal_index@entry=10, argv=argv@entry=0x7fffc856d7a0) at kernel/qobject.cpp:3946
#11 0x00007ff429b80a92 in QAbstractItemModel::rowsInserted (this=this@entry=0x562c52b58160, _t1=..., _t2=<optimized out>, _t3=<optimized out>, _t4=...) at .moc/moc_qabstractitemmodel.cpp:592
#12 0x00007ff429b89652 in QAbstractItemModel::endInsertRows (this=0x562c52b58160) at itemmodels/qabstractitemmodel.cpp:2780
#13 0x00007ff42b173494 in TaskManager::WaylandTasksModel::Private::addWindow (this=0x562c52b6a060, window=<optimized out>) at ./libtaskmanager/waylandtasksmodel.cpp:181
#14 0x00007ff429c156fe in QtPrivate::QSlotObjectBase::call (a=0x7fffc856d9a0, r=0x562c52b58160, this=0x562c52bcd350) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#15 doActivate<false> (sender=0x562c52bddf70, signal_index=6, argv=0x7fffc856d9a0) at kernel/qobject.cpp:3886
#16 0x00007ff429c0eac7 in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7ff428e4f6a0 <KWayland::Client::PlasmaWindowManagement::staticMetaObject>, local_signal_index=local_signal_index@entry=3, argv=argv@entry=0x7fffc856d9a0) at kernel/qobject.cpp:3946
#17 0x00007ff428dc8046 in KWayland::Client::PlasmaWindowManagement::windowCreated (this=<optimized out>, _t1=<optimized out>) at ./obj-x86_64-linux-gnu/src/client/KF5WaylandClient_autogen/EWIEGA46WW/moc_plasmawindowmanagement.cpp:246
#18 0x00007ff42592aff5 in ffi_call_unix64 () at ../src/x86/unix64.S:101
#19 0x00007ff42592a40a in ffi_call_int (cif=<optimized out>, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>, closure=<optimized out>) at ../src/x86/ffi64.c:669
#20 0x00007ff4278f63a8 in wl_closure_invoke (closure=closure@entry=0x562c52bdc3b0, flags=flags@entry=1, target=<optimized out>, target@entry=0x562c52bcf1f0, opcode=opcode@entry=6, data=<optimized out>) at ../src/connection.c:1018
#21 0x00007ff4278f2c48 in dispatch_event (display=display@entry=0x562c52b1e670, queue=<optimized out>) at ../src/wayland-client.c:1445
#22 0x00007ff4278f421c in dispatch_queue (queue=0x562c52b1e740, display=0x562c52b1e670) at ../src/wayland-client.c:1591
#23 wl_display_dispatch_queue_pending (display=0x562c52b1e670, queue=0x562c52b1e740) at ../src/wayland-client.c:1833
#24 0x00007ff4278f4280 in wl_display_dispatch_pending (display=<optimized out>) at ../src/wayland-client.c:1896
#25 0x00007ff425343155 in QtWaylandClient::QWaylandDisplay::flushRequests (this=0x562c52b1e510) at qwaylanddisplay.cpp:221
#26 0x00007ff429c15730 in doActivate<false> (sender=0x562c52b93080, signal_index=3, argv=0x7fffc856deb0) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:395
#27 0x00007ff429c0eac7 in QMetaObject::activate (sender=sender@entry=0x562c52b93080, m=m@entry=0x7ff429e78b40 <QSocketNotifier::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fffc856deb0) at kernel/qobject.cpp:3946
#28 0x00007ff429c19773 in QSocketNotifier::activated (this=this@entry=0x562c52b93080, _t1=..., _t2=<optimized out>, _t3=...) at .moc/moc_qsocketnotifier.cpp:178
#29 0x00007ff429c19f13 in QSocketNotifier::event (this=0x562c52b93080, e=0x7fffc856e180) at kernel/qsocketnotifier.cpp:302
#30 0x00007ff42a6b5dc3 in QApplicationPrivate::notify_helper (this=this@entry=0x562c52b14920, receiver=receiver@entry=0x562c52b93080, e=e@entry=0x7fffc856e180) at kernel/qapplication.cpp:3632
#31 0x00007ff42a6bebb8 in QApplication::notify (this=0x7fffc856e420, receiver=0x562c52b93080, e=0x7fffc856e180) at kernel/qapplication.cpp:3156
#32 0x00007ff429bde6da in QCoreApplication::notifyInternal2 (receiver=0x562c52b93080, event=0x7fffc856e180) at ../../include/QtCore/5.15.2/QtCore/private/../../../../../src/corelib/thread/qthread_p.h:325
#33 0x00007ff429c39be5 in socketNotifierSourceDispatch (source=0x562c52b4efd0) at kernel/qeventdispatcher_glib.cpp:107
#34 0x00007ff4279b817d in g_main_dispatch (context=0x562c52b58800) at ../../../glib/gmain.c:3309
#35 g_main_context_dispatch (context=context@entry=0x562c52b58800) at ../../../glib/gmain.c:3974
#36 0x00007ff4279b8400 in g_main_context_iterate (context=context@entry=0x562c52b58800, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4047
#37 0x00007ff4279b84a3 in g_main_context_iteration (context=0x562c52b58800, may_block=may_block@entry=1) at ../../../glib/gmain.c:4108
#38 0x00007ff429c38fe2 in QEventDispatcherGlib::processEvents (this=0x562c52b92ef0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#39 0x00007ff429bdd1eb in QEventLoop::exec (this=this@entry=0x7fffc856e390, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:141
#40 0x00007ff429be5394 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#41 0x0000562c516c61e4 in ?? ()
#42 0x00007ff42957f0b3 in __libc_start_main (main=0x562c516c6000, argc=3, argv=0x7fffc856e588, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffc856e578) at ../csu/libc-start.c:308
#43 0x0000562c516c6a1e in ?? ()
Comment 2 Nate Graham 2021-04-16 18:36:20 UTC
#13 0x00007ff42b173494 in TaskManager::WaylandTasksModel::Private::addWindow (this=0x562c52b6a060, window=<optimized out>) at ./libtaskmanager/waylandtasksmodel.cpp:181

[...]

#17 0x00007ff428dc8046 in KWayland::Client::PlasmaWindowManagement::windowCreated (this=<optimized out>, _t1=<optimized out>) at ./obj-x86_64-linux-gnu/src/client/KF5WaylandClient_autogen/EWIEGA46WW/moc_plasmawindowmanagement.cpp:246
Comment 3 David Redondo 2021-04-22 07:48:01 UTC
It happens on me during plasma start, if I close Firefox and open it later it doesn't crash
Comment 4 David Redondo 2021-04-22 09:03:20 UTC
We are crashing in the lambda in Settings
#0  0x0000561aac2203a3 in Settings::<lambda(const QModelIndex&, int, int)>::operator() (__closure=0x561aae0ed560, last=<optimized out>, first=<optimized out>, 
    parent=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qabstractitemmodel.h:60
#1  QtPrivate::FunctorCall<QtPrivate::IndexesList<0, 1, 2>, QtPrivate::List<const QModelIndex&, int, int>, void, Settings::Settings()::<lambda(const QModelIndex&, int, int)> >::call (arg=<optimized out>, f=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:146
#2  QtPrivate::Functor<Settings::Settings()::<lambda(const QModelIndex&, int, int)>, 3>::call<QtPrivate::List<QModelIndex const&, int, int>, void> (
    arg=<optimized out>, f=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:256
#3  QtPrivate::QFunctorSlotObject<Settings::Settings()::<lambda(const QModelIndex&, int, int)>, 3, QtPrivate::List<const QModelIndex&, int, int>, void>::impl (
    which=1, r=<optimized out>, ret=<optimized out>, a=<optimized out>, this_=0x561aae0ed550) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:443
#4  QtPrivate::QFunctorSlotObject<Settings::Settings()::<lambda(const QModelIndex&, int, int)>, 3, QtPrivate::List<const QModelIndex&, int, int>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=<optimized out>, this_=0x561aae0ed550, r=<optimized out>, a=<optimized out>, 
    ret=<optimized out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:436
#5  0x00007fb64f9516fe in QtPrivate::QSlotObjectBase::call (a=0x7ffc39164af0, r=0x561aac267080 <Settings::self()::s_self>, this=0x561aae0ed550)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#6  doActivate<false> (sender=0x561aae0b66b0, signal_index=13, argv=0x7ffc39164af0) at kernel/qobject.cpp:3886
#7  0x00007fb64f94aac7 in QMetaObject::activate (sender=sender@entry=0x561aae0b66b0, m=m@entry=0x7fb64fbb3020 <QAbstractItemModel::staticMetaObject>, 
    local_signal_index=local_signal_index@entry=10, argv=argv@entry=0x7ffc39164af0) at kernel/qobject.cpp:3946
#8  0x00007fb64f8bca92 in QAbstractItemModel::rowsInserted (this=this@entry=0x561aae0b66b0, _t1=..., _t2=<optimized out>, _t3=<optimized out>, _t4=...)
    at .moc/moc_qabstractitemmodel.cpp:592
Comment 5 Ismael Asensio 2021-04-30 18:16:49 UTC
Similar backtrace, but gdb points me to:

/home/isma/kde/src/plasma-browser-integration/host/settings.cpp:120

where m_tasksModel seems to be a null pointer

#0  __GI_raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:49
#1  0x00007f9b781ec6e5 in KCrash::defaultCrashHandler (sig=11)
at /home/isma/kde/src/kcrash/src/kcrash.cpp:567
#2  <signal handler called>
#3  operator() (__closure=0x55d3aeca0bb0, parent=..., first=6, last=6)
at /home/isma/kde/src/plasma-browser-integration/host/settings.cpp:120
#4  0x000055d3acdb9b71 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0, 1, 2>, QtPrivate::List<const QModelIndex&, int, int>, void, Settings::Settings()::<lambda(const QModelIndex&, int, int)> >::call(struct {...} &, void **) (f=..., arg=0x7ffc917e14c0) at /home/isma/kde/qt5/include/QtCore/qobjectdefs_impl.h:146
#5  0x000055d3acdb9af4 in QtPrivate::Functor<Settings::Settings()::<lambda(const QModelIndex&, int, int)>, 3>::call<QtPrivate::List<QModelIndex const&, int, int>, void>(struct {...} &, void *, void **) (f=..., 
arg=0x7ffc917e14c0) at /home/isma/kde/qt5/include/QtCore/qobjectdefs_impl.h:256
#6  0x000055d3acdb9a39 in QtPrivate::QFunctorSlotObject<Settings::Settings()::<lambda(const QModelIndex&, int,int)>, 3, QtPrivate::List<const QModelIndex&, int, int>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=1, this_=0x55d3aeca0ba0, r=0x55d3ace0d080 <Settings::self()::s_self>, 
a=0x7ffc917e14c0, ret=0x0) at /home/isma/kde/qt5/include/QtCore/qobjectdefs_impl.h:443
#7  0x00007f9b76e19d06 in QtPrivate::QSlotObjectBase::call (a=0x7ffc917e14c0, 
r=0x55d3ace0d080 <Settings::self()::s_self>, this=0x55d3aeca0ba0)
at ../../include/QtCore/../../../../../src/Qt5/qtbase/src/corelib/kernel/qobjectdefs_impl.h:398
#8  doActivate<false> (sender=0x55d3aec7d270, signal_index=13, argv=argv@entry=0x7ffc917e14c0)
at /home/isma/kde/src/Qt5/qtbase/src/corelib/kernel/qobject.cpp:3886
#9  0x00007f9b76e12e58 in QMetaObject::activate (sender=sender@entry=0x55d3aec7d270, 
m=m@entry=0x7f9b770ca660 <QAbstractItemModel::staticMetaObject>, 
local_signal_index=local_signal_index@entry=10, argv=argv@entry=0x7ffc917e14c0)
at /home/isma/kde/src/Qt5/qtbase/src/corelib/kernel/qobject.cpp:3946
#10 0x00007f9b76d7b632 in QAbstractItemModel::rowsInserted (this=this@entry=0x55d3aec7d270, _t1=..., 
_t2=<optimized out>, _t3=<optimized out>, _t4=...) at .moc/moc_qabstractitemmodel.cpp:592
Comment 6 Ismael Asensio 2021-04-30 19:24:45 UTC
To reproduce it, I need the following situation:
- On Wayland
- Firefox 'Restore previous session' enabled
- One of the tabs of the last session must have a video playing (youtube, netflix, etc)

It doesn't crash if I open such videos after the session has restored.
Comment 7 Harald Sitter 2021-05-11 09:48:57 UTC
What I believe happens is that TaskManager::WindowTasksModel::rowsInserted calls into setEnvironmentFromTasksModelIndex which does m_tasksModel->deleteLater() and sets the pointer to null. BUT that doesn't disconnect the connection so when another rowsInserted happens after that it will stumble over the previously set nullptr. Not quite sure how to best resolve this, probably simplest to disconnect.
Comment 8 Bug Janitor Service 2021-05-11 10:04:44 UTC
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-browser-integration/-/merge_requests/47
Comment 9 Harald Sitter 2021-05-12 09:48:25 UTC
Git commit 779ba1bc977e75a922cd460994f490beb4a8fd7d by Harald Sitter.
Committed on 11/05/2021 at 10:04.
Pushed by sitter into branch 'master'.

disconnect m_tasksModel before marking it for deletion

otherwise we might get further signals from it and subsequently crash
when trying to call m_tasksModel->index() in the slot lambda again
FIXED-IN: 5.22

M  +2    -0    host/settings.cpp

https://invent.kde.org/plasma/plasma-browser-integration/commit/779ba1bc977e75a922cd460994f490beb4a8fd7d
Comment 10 Patrick Silva 2021-05-14 18:33:55 UTC
*** Bug 432958 has been marked as a duplicate of this bug. ***