Bug 436630

Summary: konsole crash in Konsole::PlainTextDecoder::decodeLine() on exit
Product: [Applications] konsole Reporter: albrubesc
Component: generalAssignee: Konsole Developer <konsole-devel>
Status: RESOLVED FIXED    
Severity: crash CC: adam, albrubesc, aleixpol, antoine.gatineau, bughunt, casm, cbc.alves, christian, frealgagu, grosales, jani, jiri.rohlicek, junkblocker, martin.sandsmark, mgulick, mtilsted, nate, ninjalj, rdieter, robert, thanosk
Priority: VHI Keywords: drkonqi, wayland
Version: 21.04.0   
Target Milestone: ---   
Platform: Fedora RPMs   
OS: Linux   
See Also: https://bugs.kde.org/show_bug.cgi?id=437689
Latest Commit: 66e19aaf4110ced12c2607d85f3dfcf49f268b8f Version Fixed In: v21.08.0
Sentry Crash Report:
Attachments: New crash information added by DrKonqi
Valgrind output
New crash information added by DrKonqi
New crash information added by DrKonqi

Description albrubesc 2021-05-05 13:25:34 UTC 
Application: konsole (21.04.0)

Qt Version: 5.15.2
Frameworks Version: 5.81.0
Operating System: Linux 5.11.17-200.fc33.x86_64 x86_64
Windowing System: Wayland
Drkonqi Version: 5.21.5
Distribution: Fedora 33 (Thirty Three)

-- Information about the crash:
- What I was doing when the application crashed:
I opened konsole, i typed 'exit' and i pressed enter key, then the crash happened.

The crash can be reproduced every time.

-- Backtrace:
Application: Konsole (konsole), signal: Segmentation fault

[KCrash Handler]
#4  Konsole::PlainTextDecoder::decodeLine (this=<optimized out>, characters=<optimized out>, count=<optimized out>) at /usr/src/debug/konsole5-21.04.0-1.fc33.x86_64/src/decoders/PlainTextDecoder.cpp:106
#5  0x00007f46256df491 in Konsole::TerminalDisplay::inputMethodQuery (this=0x5567c08ac300, query=<optimized out>) at /usr/src/debug/konsole5-21.04.0-1.fc33.x86_64/src/terminalDisplay/TerminalDisplay.cpp:2375
#6  0x00007f4624af9ff5 in QWidget::event (this=0x5567c08ac300, event=0x7ffdd16425a0) at kernel/qwidget.cpp:8731
#7  0x00007f4624ab8ec3 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x5567c08ac300, e=0x7ffdd16425a0) at kernel/qapplication.cpp:3632
#8  0x00007f4624021bd8 in QCoreApplication::notifyInternal2 (receiver=0x5567c08ac300, event=0x7ffdd16425a0) at kernel/qcoreapplication.cpp:1063
#9  0x00007f4621fecd7a in QtWaylandClient::QWaylandTextInput::updateState (this=0x5567c065f570, queries=..., flags=3) at qwaylandinputcontext.cpp:134
#10 0x00007f4624454c9b in QGuiApplicationPrivate::_q_updateFocusObject (this=<optimized out>, object=0x5567c08ac300) at kernel/qguiapplication.cpp:4300
#11 0x00007f46240513c0 in doActivate<false> (sender=0x5567c08a93a0, signal_index=19, argv=argv@entry=0x7ffdd1642770) at kernel/qobject.cpp:3898
#12 0x00007f462404b9a8 in QMetaObject::activate (sender=sender@entry=0x5567c08a93a0, m=m@entry=0x7f46248e8ea0 <QWindow::staticMetaObject>, local_signal_index=local_signal_index@entry=16, argv=argv@entry=0x7ffdd1642770) at kernel/qobject.cpp:3946
#13 0x00007f4624463536 in QWindow::focusObjectChanged (this=this@entry=0x5567c08a93a0, _t1=<optimized out>) at .moc/moc_qwindow.cpp:840
#14 0x00007f4624af406b in QWidget::clearFocus (this=this@entry=0x5567c0649800) at kernel/qwidget.cpp:6493
#15 0x00007f4624af5128 in QWidget::~QWidget (this=this@entry=0x5567c0649800, __in_chrg=<optimized out>) at kernel/qwidget.cpp:1459
#16 0x00007f46256765a5 in Konsole::TerminalColor::~TerminalColor (this=<optimized out>, this=<optimized out>) at /usr/src/debug/konsole5-21.04.0-1.fc33.x86_64/x86_64-redhat-linux-gnu/src/konsoleprivate_autogen/DRAQINE3W2/../../../../src/terminalDisplay/TerminalColor.h:27
#17 Konsole::TerminalColor::~TerminalColor (this=<optimized out>, this=<optimized out>) at /usr/src/debug/konsole5-21.04.0-1.fc33.x86_64/x86_64-redhat-linux-gnu/src/konsoleprivate_autogen/DRAQINE3W2/../../../../src/terminalDisplay/TerminalColor.h:27
#18 0x00007f46256d1b73 in Konsole::TerminalDisplay::~TerminalDisplay (this=<optimized out>, this=<optimized out>) at /usr/src/debug/konsole5-21.04.0-1.fc33.x86_64/src/terminalDisplay/TerminalDisplay.cpp:360
#19 0x00007f46256d1d6d in Konsole::TerminalDisplay::~TerminalDisplay (this=<optimized out>, this=<optimized out>) at /usr/src/debug/konsole5-21.04.0-1.fc33.x86_64/src/terminalDisplay/TerminalDisplay.cpp:362
#20 0x00007f4624049b21 in QObject::event (this=0x5567c08ac300, e=0x5567c0ae0cb0) at kernel/qobject.cpp:1301
#21 0x00007f4624ab8ec3 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x5567c08ac300, e=0x5567c0ae0cb0) at kernel/qapplication.cpp:3632
#22 0x00007f4624021bd8 in QCoreApplication::notifyInternal2 (receiver=0x5567c08ac300, event=0x5567c0ae0cb0) at kernel/qcoreapplication.cpp:1063
#23 0x00007f46240248c7 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5567c0653300) at kernel/qcoreapplication.cpp:1817
#24 0x00007f462406ec27 in postEventSourceDispatch (s=0x5567c0689420) at kernel/qeventdispatcher_glib.cpp:277
#25 0x00007f4622681a9f in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#26 0x00007f46226d3a98 in g_main_context_iterate.constprop () from /lib64/libglib-2.0.so.0
#27 0x00007f462267ee73 in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#28 0x00007f462406e6f3 in QEventDispatcherGlib::processEvents (this=0x5567c06751f0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#29 0x00007f462402057b in QEventLoop::exec (this=this@entry=0x7ffdd1642c10, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#30 0x00007f46240281b4 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#31 0x00007f4624453b20 in QGuiApplication::exec () at kernel/qguiapplication.cpp:1860
#32 0x00007f4624ab8e39 in QApplication::exec () at kernel/qapplication.cpp:2824
#33 0x00007f462598c805 in kdemain (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/konsole5-21.04.0-1.fc33.x86_64/src/main.cpp:220
#34 0x00007f46257bb1e2 in __libc_start_main () from /lib64/libc.so.6
#35 0x00005567beafb0ae in _start ()
[Inferior 1 (process 11829) detached]

Possible duplicates by query: bug 429973, bug 413345, bug 403101, bug 381101, bug 370639.

Reported using DrKonqi
Comment 1 albrubesc 2021-05-06 13:11:27 UTC 
Crash solved upgrading to Fedora 34.
Comment 2 albrubesc 2021-05-10 18:51:18 UTC 
The bug returned, updated info and backtrace below: 

Application: konsole (21.04.0)

Qt Version: 5.15.2
Frameworks Version: 5.82.0
Operating System: Linux 5.11.18-300.fc34.x86_64
Windowing System: Wayland
Distribution: Fedora 34 (Thirty Four)

--Backtrace:
Application: Konsole (konsole), signal: Segmentation fault

[KCrash Handler]
#4  Konsole::PlainTextDecoder::decodeLine (this=<optimized out>, characters=<optimized out>, count=<optimized out>) at /usr/src/debug/konsole5-21.04.0-1.fc34.x86_64/src/decoders/PlainTextDecoder.cpp:106
#5  0x00007ff3f450f0cd in Konsole::TerminalDisplay::inputMethodQuery (this=0x55ccebc867c0, query=<optimized out>) at /usr/src/debug/konsole5-21.04.0-1.fc34.x86_64/src/terminalDisplay/TerminalDisplay.cpp:2375
#6  0x00007ff3f39c7d3c in QWidget::event(QEvent*) () from /lib64/libQt5Widgets.so.5
#7  0x00007ff3f3986e73 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib64/libQt5Widgets.so.5
#8  0x00007ff3f4a0ef48 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib64/libQt5Core.so.5
#9  0x00007ff3ef5b758a in QtWaylandClient::QWaylandTextInput::updateState(QFlags<Qt::InputMethodQuery>, unsigned int) () from /lib64/libQt5WaylandClient.so.5
#10 0x00007ff3f332758d in QGuiApplicationPrivate::_q_updateFocusObject(QObject*) () from /lib64/libQt5Gui.so.5
#11 0x00007ff3f4a3f4fd in void doActivate<false>(QObject*, int, void**) () from /lib64/libQt5Core.so.5
#12 0x00007ff3f3335e66 in QWindow::focusObjectChanged(QObject*) () from /lib64/libQt5Gui.so.5
#13 0x00007ff3f39c1d7b in QWidget::clearFocus() () from /lib64/libQt5Widgets.so.5
#14 0x00007ff3f39c2e48 in QWidget::~QWidget() () from /lib64/libQt5Widgets.so.5
#15 0x00007ff3f44a65a5 in Konsole::TerminalColor::~TerminalColor (this=<optimized out>, this=<optimized out>) at /usr/src/debug/konsole5-21.04.0-1.fc34.x86_64/x86_64-redhat-linux-gnu/src/konsoleprivate_autogen/DRAQINE3W2/../../../../src/terminalDisplay/TerminalColor.h:27
#16 Konsole::TerminalColor::~TerminalColor (this=<optimized out>, this=<optimized out>) at /usr/src/debug/konsole5-21.04.0-1.fc34.x86_64/x86_64-redhat-linux-gnu/src/konsoleprivate_autogen/DRAQINE3W2/../../../../src/terminalDisplay/TerminalColor.h:27
#17 0x00007ff3f4501373 in Konsole::TerminalDisplay::~TerminalDisplay (this=<optimized out>, this=<optimized out>) at /usr/src/debug/konsole5-21.04.0-1.fc34.x86_64/src/terminalDisplay/TerminalDisplay.cpp:360
#18 0x00007ff3f450156d in Konsole::TerminalDisplay::~TerminalDisplay (this=<optimized out>, this=<optimized out>) at /usr/src/debug/konsole5-21.04.0-1.fc34.x86_64/src/terminalDisplay/TerminalDisplay.cpp:362
#19 0x00007ff3f4a360c1 in QObject::event(QEvent*) () from /lib64/libQt5Core.so.5
#20 0x00007ff3f3986e73 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib64/libQt5Widgets.so.5
#21 0x00007ff3f4a0ef48 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib64/libQt5Core.so.5
#22 0x00007ff3f4a11c76 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /lib64/libQt5Core.so.5
#23 0x00007ff3f4a5bc57 in postEventSourceDispatch(_GSource*, int (*)(void*), void*) () from /lib64/libQt5Core.so.5
#24 0x00007ff3f26e44cf in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#25 0x00007ff3f27384e8 in g_main_context_iterate.constprop () from /lib64/libglib-2.0.so.0
#26 0x00007ff3f26e1c03 in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#27 0x00007ff3f4a5b6f8 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQt5Core.so.5
#28 0x00007ff3f4a0d9b2 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQt5Core.so.5
#29 0x00007ff3f4a15544 in QCoreApplication::exec() () from /lib64/libQt5Core.so.5
#30 0x00007ff3f4dab88d in kdemain (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/konsole5-21.04.0-1.fc34.x86_64/src/main.cpp:220
#31 0x00007ff3f45e8b75 in __libc_start_main () from /lib64/libc.so.6
#32 0x000055cceaf3814e in _start ()
[Inferior 1 (process 18070) detached]
Comment 3 albrubesc 2021-05-14 15:09:22 UTC 
Crash solved in konsole version 21.04.1
Comment 4 ninjalj 2021-06-15 15:53:00 UTC 
*** Bug 437689 has been marked as a duplicate of this bug. ***
Comment 5 ninjalj 2021-06-15 15:53:58 UTC 
*** Bug 438239 has been marked as a duplicate of this bug. ***
Comment 6 ninjalj 2021-06-15 15:55:07 UTC 
*** Bug 438282 has been marked as a duplicate of this bug. ***
Comment 7 ninjalj 2021-06-15 15:57:22 UTC 
*** Bug 438593 has been marked as a duplicate of this bug. ***
Comment 8 ninjalj 2021-06-15 15:57:59 UTC 
*** Bug 438616 has been marked as a duplicate of this bug. ***
Comment 9 Adam Batkin 2021-06-15 16:02:05 UTC 
I can also reproduce with Ctrl+D and exiting using the application menu
Comment 10 ninjalj 2021-06-15 16:08:49 UTC 
From the backtraces:

During TerminalDisplay() destructor, _image is deleted and then TerminalColor() destructor is called, which being a QWidget calls QWidget::clearFocus(), which ends up transfering focus to TerminalDisplay.  Under some circumstances (apparently something having to do with some Wayland compositor) this causes a call to TerminalDisplay::inputMethodQuery(..., Qt::ImSurroundingText), which then tries to access the already deleted _image.

This should be fixed by https://invent.kde.org/utilities/konsole/-/commit/66e19aaf4110ced12c2607d85f3dfcf49f268b8f

Can any of you guys test with the above commit?
Comment 11 ninjalj 2021-06-15 17:05:47 UTC 
*** Bug 434600 has been marked as a duplicate of this bug. ***
Comment 12 ninjalj 2021-06-16 17:09:15 UTC 
*** Bug 438717 has been marked as a duplicate of this bug. ***
Comment 13 ninjalj 2021-06-19 18:41:25 UTC 
*** Bug 438885 has been marked as a duplicate of this bug. ***
Comment 14 ninjalj 2021-06-19 18:44:12 UTC 
Even after installing a Fedora VM, I've been unable to reproduce this crash.

Which Compositor and Input Method are you using?

Can anyone confirm whether https://invent.kde.org/utilities/konsole/-/commit/66e19aaf4110ced12c2607d85f3dfcf49f268b8f fixes this crash?
Comment 15 junkblocker 2021-06-20 18:07:41 UTC 
The following consistently crashes for me:

1. Open konsole from konsole with something like 

  konsole -e bash &

2. Exit out of the new konsole using whatever means.
Comment 16 Mike Gulick 2021-06-21 01:54:05 UTC 
(In reply to ninjalj from comment #14)
> Even after installing a Fedora VM, I've been unable to reproduce this crash.
> 
> Which Compositor and Input Method are you using?
> 
> Can anyone confirm whether
> https://invent.kde.org/utilities/konsole/-/commit/
> 66e19aaf4110ced12c2607d85f3dfcf49f268b8f fixes this crash?

I rebuilt the konsole5 package in Fedora 34 with this patch applied, and it did fix the crash for me!
Comment 17 albrubesc 2021-06-21 14:12:52 UTC 
The crash comes and goes with system updates. It actually occurs for me again.

Application: konsole (21.04.2)

Qt Version: 5.15.2
Frameworks Version: 5.83.0
Operating System: Linux 5.12.11-300.fc34.x86_64 x86_64
Windowing System: Wayland
Distribution: Fedora 34 (Thirty Four)
Compositor: kwin_wayland
Input method: i don't know how to determine wich is in use, sorry. Ibus is installed so my guess is ibus, but i'm not sure.
Comment 18 ninjalj 2021-06-22 11:58:16 UTC 
CC'ing Rex Dieter, as he may want to include https://invent.kde.org/utilities/konsole/-/commit/66e19aaf4110ced12c2607d85f3dfcf49f268b8f in the Fedora package.
Comment 19 ninjalj 2021-07-04 22:37:41 UTC 
*** Bug 439479 has been marked as a duplicate of this bug. ***
Comment 20 Gerardo 2021-07-20 03:56:38 UTC 
Created attachment 140205 [details]
New crash information added by DrKonqi

konsole (21.04.2) using Qt 5.15.2

Fedora 34, latest updates applied, on Thinkpad T450
KDE Plasma spin (Wayland session)

Konsole shows an chrash message everytime it is closed (either by command or using the window controls)

-- Backtrace (Reduced):
#4  0x00007f3846c449d8 in Konsole::PlainTextDecoder::decodeLine(Konsole::Character const*, int, unsigned char) () from /lib64/libkonsoleprivate.so.21
#5  0x00007f3846bffffd in Konsole::TerminalDisplay::inputMethodQuery(Qt::InputMethodQuery) const () from /lib64/libkonsoleprivate.so.21
#6  0x00007f384608c2bb in QWidget::event(QEvent*) () from /lib64/libQt5Widgets.so.5
#7  0x00007f3846049423 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib64/libQt5Widgets.so.5
#8  0x00007f3847127098 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib64/libQt5Core.so.5
Comment 21 Martin Sandsmark 2021-07-20 11:58:41 UTC 
I don't think that commit is related.

What seems to happen is that the crash happens when PlainTextDecoder tries to read the last of the characters passed into it.

And it is told that there is _usedColumns number of characters, and the characters are passed from `&_image[loc(0, cursorPos.y())]`.

So I suspect what is happening is that after the reflow code changed there probably isn't necessarily _usedColumns number of characters per line anymore, maybe?

I'm CCing in Carlos Alves, since he knows this code the best so maybe he spots something obvious here.
Comment 22 Martin Sandsmark 2021-07-20 12:01:54 UTC 
And I can't reproduce it here (probably because I don't have some input method thing running), but if you can reproduce it could you run it under valgrind? I. e. just launch `valgrind konsole`, and exit to trigger the crash.
Comment 23 Carlos Alves 2021-07-21 11:08:10 UTC 
After reading everything here, if it is reproduced just after konsole opens, it is probably not related to reflow. But I can't test it here, wayland doesn't run here, and it is a bug related to some wayland bahavior with the input.

Luis Javier Merino seems to have tested it and solved.

(In reply to Martin Sandsmark from comment #21)

> I don't think that commit is related.
> 
> What seems to happen is that the crash happens when PlainTextDecoder tries
> to read the last of the characters passed into it.
> 
> And it is told that there is _usedColumns number of characters, and the
> characters are passed from `&_image[loc(0, cursorPos.y())]`.
> 
> So I suspect what is happening is that after the reflow code changed there
> probably isn't necessarily _usedColumns number of characters per line
> anymore, maybe?
> 
> I'm CCing in Carlos Alves, since he knows this code the best so maybe he
> spots something obvious here.
Comment 24 albrubesc 2021-07-22 07:46:35 UTC 
Created attachment 140243 [details]
Valgrind output
Comment 25 Antoine Gatineau 2021-08-08 07:32:01 UTC 
Created attachment 140583 [details]
New crash information added by DrKonqi

konsole (21.04.2) using Qt 5.15.2

- What I was doing when the application crashed:
When I log out from the last session in konsole (ctrl+d or exit).
Note: it happens only with wayland, not with X11

-- Backtrace (Reduced):
#4  0x00007f491420b9d8 in Konsole::PlainTextDecoder::decodeLine(Konsole::Character const*, int, unsigned char) () from /lib64/libkonsoleprivate.so.21
#5  0x00007f49141c6ffd in Konsole::TerminalDisplay::inputMethodQuery(Qt::InputMethodQuery) const () from /lib64/libkonsoleprivate.so.21
#6  0x00007f49136532bb in QWidget::event(QEvent*) () from /lib64/libQt5Widgets.so.5
#7  0x00007f4913610423 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib64/libQt5Widgets.so.5
#8  0x00007f49146ee098 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib64/libQt5Core.so.5
Comment 26 albrubesc 2021-10-08 12:26:33 UTC 
Since various versions ago, i'm not experiencing this 'crash' anymore.
Konsole: 21.08.2
Frameworks: 5.86.0
Qt: 5.15.2
Kernel: 5.14.9-200.fc34.x86_64
Comment 27 ninjalj 2021-11-29 16:06:30 UTC 
Should be fixed by https://invent.kde.org/utilities/konsole/-/commit/66e19aaf4110ced12c2607d85f3dfcf49f268b8f

Closing. Feel free to reopen if it happens again.
Comment 28 ninjalj 2022-01-03 23:04:52 UTC 
*** Bug 440920 has been marked as a duplicate of this bug. ***
Comment 29 Jani Heinonen 2022-06-05 17:06:08 UTC 
Created attachment 149487 [details]
New crash information added by DrKonqi

konsole (21.12.2) using Qt 5.15.3

- What I was doing when the application crashed:
I closed nvim and couple of tabs. Then closed the last tab and then Konsole crashed.

-- Backtrace (Reduced):
#4  0x00007f1215710dee in KNS3::QtQuickDialogWrapper::exec() () from /lib64/libKF5NewStuff.so.5
#5  0x00007f1215700d84 in KNS3::Button::showDialog() () from /lib64/libKF5NewStuff.so.5
#6  0x00007f12162c0c36 in void doActivate<false>(QObject*, int, void**) () from /lib64/libQt5Core.so.5
#7  0x00007f1216ef5ae6 in QAbstractButton::clicked(bool) () from /lib64/libQt5Widgets.so.5
#8  0x00007f1216ef5d5e in QAbstractButtonPrivate::emitClicked() () from /lib64/libQt5Widgets.so.5
Comment 30 ninjalj 2022-06-06 09:42:13 UTC 
Comment 29: That looks like bug 452593. Had you tried to install a new colorscheme?
Comment 31 Fredy GarcĂ­a 2022-09-24 14:15:40 UTC 
It's happening to me with the latest version of konsole 22.08.1