Bug 448825

Summary:	kwin_wayland crashes in overview/krunner
Product:	[Plasma] krunner	Reporter:	Alexandre Pereira <pereira.alex>
Component:	general	Assignee:	Alexander Lohnau <alexander.lohnau>
Status:	RESOLVED FIXED
Severity:	crash	CC:	elman, eric1, gustashminecraft, indecisiveautomator, jamezsdk, kde, liubomirwm, mail, nate, nicolas.fella, plasma-bugs, priv.luk
Priority:	VHI
Version:	master
Target Milestone:	---
Platform:	Other
OS:	Other
Latest Commit:	https://invent.kde.org/frameworks/krunner/commit/491d6999733c8919db51e9107abaed02e6feebc4	Version Fixed In:	Frameworks 5.101

Description Alexandre Pereira 2022-01-20 14:28:18 UTC

Hi,
I am using kwin master, from 19 January 2021.

I have overview set up to fire with meta key, because I use overview effect a lot.

When using overview effect, and starting to type (will begin to fill the search field), if I press meta key to exit overview, it will result in a Hard lock from kwin. (no mouse movement, no image movement, cannot switch to tty)
This might not happen the first time, but quickly and repeatedly activating the effect, typing and at the same time exiting the effect will hard lock kwin.

I have managed to successfully reproduce this several times, helped with having another computer logged in through ssh and issuing a "killall -KILL kwin_wayland". ( so I really recommend before testing, to have another computer logged in through ssh ).

Thanks!

Comment 1 Alexandre Pereira 2022-01-20 14:37:16 UTC

Addional info to be clear:

It seems the issue is really triggered by typing while the animation of "exiting the effect" is happening.

Respecting the "animation timings" ( meaning activate effect, wait ... write, wait .... exit, wait will not trigger it )

Comment 2 Vlad Zahorodnii 2022-01-24 12:23:29 UTC

Cannot reproduce. Can you retrieve kwin's backtrace when it's frozen? You may need another computer to ssh.

Comment 3 Alexandre Pereira 2022-01-24 14:32:13 UTC

(In reply to Vlad Zahorodnii from comment #2)
> Cannot reproduce. Can you retrieve kwin's backtrace when it's frozen? You
> may need another computer to ssh.

Can you confirm that you have Overview to the Meta key ?:

[ModifierOnlyShortcuts]
Meta=org.kde.kglobalaccel,/component/kwin,org.kde.kglobalaccel.Component,invokeShortcut,Overview 

?

I can confirm that I also didn't manage to trigger it without having Meta as the "launcher" for Overview.
But I can with Meta as the overview launcher

Comment 4 Alexandre Pereira 2022-01-24 14:37:52 UTC

Where can I upload the coredump ? Its 19M

Kwin now, instead of hard locking, just crashes and is being able to restart. ( dunno why, although I did change sddm and updated everything to latest git versions ).

Comment 5 Alexandre Pereira 2022-02-07 14:19:29 UTC

backtrace:

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
--Type <RET> for more, q to quit, c to continue without paging--c
Core was generated by `/usr/bin/kwin_wayland --wayland-fd 5 --socket wayland-0 --xwayland-fd 6 --xwayl'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f08cd0e0f39 in ?? () from /usr/lib64/libQt5Core.so.5
[Current thread is 1 (Thread 0x7f0804ff9640 (LWP 21893))]
(gdb) bt
#0  0x00007f08cd0e0f39 in  () at /usr/lib64/libQt5Core.so.5
#1  0x00007f08cd0e1769 in QJsonObject::value(QStringView) const () at /usr/lib64/libQt5Core.so.5
#2  0x00007f08cd0e1ba8 in QJsonObject::operator[](QString const&) const () at /usr/lib64/libQt5Core.so.5
#3  0x00007f08ce326e1b in KPluginMetaData::rootObject() const () at /usr/lib64/libKF5CoreAddons.so.5
#4  0x00007f08ce3272b0 in KPluginMetaData::iconName() const () at /usr/lib64/libKF5CoreAddons.so.5
#5  0x00007f0828b01b71 in  () at /usr/lib64/qt5/plugins/kf5/krunner/krunner_systemsettings.so
#6  0x00007f0828b02720 in  () at /usr/lib64/qt5/plugins/kf5/krunner/krunner_systemsettings.so
#7  0x00007f086a8e9441 in  () at /usr/lib64/libKF5Runner.so.5
#8  0x00007f086a8a2999 in ThreadWeaver::Executor::run(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) ()
    at /usr/lib64/libKF5ThreadWeaver.so.5
#9  0x00007f086a8a3810 in ThreadWeaver::Job::execute(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) ()
    at /usr/lib64/libKF5ThreadWeaver.so.5
#10 0x00007f086a8a7e91 in ThreadWeaver::Thread::run() () at /usr/lib64/libKF5ThreadWeaver.so.5
#11 0x00007f08cce6c21f in  () at /usr/lib64/libQt5Core.so.5
#12 0x00007f08ccc4edee in start_thread () at /lib64/libpthread.so.0
#13 0x00007f08cc73816f in clone () at /lib64/libc.so.6

Comment 6 Nicolas Fella 2022-10-19 10:29:43 UTC

*** Bug 451718 has been marked as a duplicate of this bug. ***

Comment 7 Nicolas Fella 2022-10-19 10:30:19 UTC

*** Bug 453751 has been marked as a duplicate of this bug. ***

Comment 8 Nicolas Fella 2022-10-19 10:32:27 UTC

*** Bug 459515 has been marked as a duplicate of this bug. ***

Comment 9 Nicolas Fella 2022-10-19 10:33:47 UTC

*** Bug 460702 has been marked as a duplicate of this bug. ***

Comment 10 Nicolas Fella 2022-10-21 15:56:40 UTC

Can be seen in testrunnermodel in plasma-workspace

#0  indexOf<QStringView>(QExplicitlySharedDataPointer<QCborContainerPrivate> const&, QStringView, bool*) (o=..., key=..., keyExists=keyExists@entry=0x7fff94b778af) at serialization/qjsonobject.cpp:320
#1  0x00007ffff4bf0baa in QJsonObject::valueImpl<QStringView>(QStringView) const (key=..., this=0x865ad8) at serialization/qjsonobject.cpp:375
#2  QJsonObject::value(QStringView) const (this=0x865ad8, key=...) at serialization/qjsonobject.cpp:353
#3  0x00007ffff4bf0f95 in QJsonObject::operator[](QStringView) const (key=..., this=<optimized out>) at ../../include/QtCore/../../src/corelib/serialization/qjsonobject.h:102
#4  QJsonObject::operator[](QString const&) const (this=<optimized out>, key=...) at serialization/qjsonobject.cpp:393
#5  0x00007ffff64a790c in KPluginMetaData::rootObject() const (this=<optimized out>) at /home/nico/kde/src/kcoreaddons/src/lib/plugin/kpluginmetadata.cpp:346
#6  0x00007ffff64a81c6 in KPluginMetaData::pluginId() const (this=0x865ad8) at /home/nico/kde/src/kcoreaddons/src/lib/plugin/kpluginmetadata.cpp:468
#7  0x00007ffff64a839d in KPluginMetaData::isValid() const (this=0x865ad8) at /home/nico/kde/src/kcoreaddons/src/lib/plugin/kpluginmetadata.cpp:336
#8  0x00007ffff7c80769 in Plasma::AbstractRunner::name() const (this=this@entry=0x8750d0) at /home/nico/kde/src/krunner/src/abstractrunner.cpp:337
#9  0x00007ffff7c96225 in Plasma::DefaultRunnerPolicy::free(QSharedPointer<ThreadWeaver::JobInterface>) (this=0x7ffff7cb0cc0 <Plasma::DefaultRunnerPolicy::instance()::policy>, job=...)
    at /home/nico/kde/src/krunner/src/runnerjobs.cpp:98
#10 0x00007ffff41121bb in ThreadWeaver::Private::Job_Private::freeQueuePolicyResources(QSharedPointer<ThreadWeaver::JobInterface>) (this=0xd14b40, job=...) at /home/nico/kde/src/threadweaver/src/job_p.cpp:30
#11 0x00007ffff411186c in ThreadWeaver::Job::defaultEnd(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) (this=<optimized out>, job=...)
    at /home/nico/kde/src/threadweaver/src/job.cpp:125
#12 0x00007ffff4111bc2 in ThreadWeaver::Job::execute(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) (this=<optimized out>, self=..., th=0xcd2740)
    at /home/nico/kde/src/threadweaver/src/job.cpp:79
#13 0x00007ffff4115ab8 in ThreadWeaver::Thread::run() (this=0xcd2740) at /home/nico/kde/src/threadweaver/src/thread.cpp:98
#14 0x00007ffff499b6b9 in QThreadPrivate::start(void*) (arg=0xcd2740) at thread/qthread_unix.cpp:330
#15 0x00007ffff441fe2d in start_thread (arg=<optimized out>) at pthread_create.c:442
#16 0x00007ffff44a51b0 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Comment 11 Nicolas Fella 2022-10-21 16:15:33 UTC

CI also has a different, but somewhat similar crash

    #0 0x7f61877ecc7f  (/lib64/libappstream.so.4+0x55c7f)
    #1 0x7f618ad65368 in AppStream::Pool::load() (/lib64/libAppStreamQt.so.2+0x29368)
    #2 0x7f618ad6541e in AppStream::Pool::load(QString*) (/lib64/libAppStreamQt.so.2+0x2941e)
    #3 0x7f617f2b93bc in InstallerRunner::findComponentsByString(QString const&) /builds/plasma/plasma-workspace/runners/appstream/appstreamrunner.cpp:153
    #4 0x7f617f2b79ce in InstallerRunner::match(Plasma::RunnerContext&) /builds/plasma/plasma-workspace/runners/appstream/appstreamrunner.cpp:93
    #5 0x7f6197bb85c1 in Plasma::FindMatchesJob::run(QSharedPointer<ThreadWeaver::JobInterface>, ThreadWeaver::Thread*) /builds/frameworks/krunner/src/runnerjobs.cpp:140
    #6 0x7f6188776863 in ThreadWeaver::Executor::run(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) /builds/frameworks/threadweaver/src/executor.cpp:33
    #7 0x7f618877ebc8 in ThreadWeaver::Private::DefaultExecutor::execute(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) /builds/frameworks/threadweaver/src/job_p.cpp:49
    #8 0x7f6188775edb in ThreadWeaver::ExecuteWrapper::executeWrapped(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) /builds/frameworks/threadweaver/src/executewrapper.cpp:44
    #9 0x7f618877eab4 in ThreadWeaver::Private::DebugExecuteWrapper::execute(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) /builds/frameworks/threadweaver/src/job_p.cpp:38
    #10 0x7f6188779a10 in ThreadWeaver::Job::execute(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) /builds/frameworks/threadweaver/src/job.cpp:64
    #11 0x7f618878cc48 in ThreadWeaver::Thread::run() /builds/frameworks/threadweaver/src/thread.cpp:98
    #12 0x7f618a2e5e4c  (/lib64/libQt5Core.so.5+0xf5e4c)
    #13 0x7f6189d549ac in start_thread (/lib64/libc.so.6+0x8e9ac)
    #14 0x7f6189dda253 in clone (/lib64/libc.so.6+0x114253)

Comment 12 Nicolas Fella 2022-10-21 16:31:30 UTC

Interesting, after building with asan+ubsan locally I get the same crash as on CI

Comment 13 Nicolas Fella 2022-10-21 21:35:29 UTC

https://invent.kde.org/plasma/plasma-workspace/-/merge_requests/2246 fixes the test crash. Probably there's a similar issue in the kwin code

Comment 14 elman 2022-10-26 08:31:56 UTC

I have generated backtrace for bug I reported in 460702, if it helps.

Core was generated by `/usr/bin/kwin_wayland --wayland-fd 7 --socket wayland-0 --xwayland-fd 8 --xwayl'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fd9c9e93ee5 in QExplicitlySharedDataPointer<QCborContainerPrivate>::operator! (this=<optimized out>,
this=<optimized out>) at ../../include/QtCore/../../src/corelib/tools/qshareddata.h:231
231     ../../include/QtCore/../../src/corelib/tools/qshareddata.h: Directory not empty.
[Current thread is 1 (Thread 0x7fd9221d56c0 (LWP 18024))]
(gdb) bt
#0  0x00007fd9c9e93ee5 in QExplicitlySharedDataPointer<QCborContainerPrivate>::operator!() const
(this=<optimized out>, this=<optimized out>) at ../../include/QtCore/../../src/corelib/tools/qshareddata.h:231
#1  QJsonObject::valueImpl<QStringView>(QStringView) const (key=..., this=<optimized out>)
at serialization/qjsonobject.cpp:371
#2  QJsonObject::value(QStringView) const (this=0x30, key=...) at serialization/qjsonobject.cpp:353
#3  0x00007fd9c9e9419c in QJsonObject::operator[](QStringView) const (key=..., this=<optimized out>)
at ../../include/QtCore/../../src/corelib/serialization/qjsonobject.h:102
#4  QJsonObject::operator[](QString const&) const (this=<optimized out>, key=...) at serialization/qjsonobject.cpp:393
#5  0x00007fd9c99b8d8f in KPluginMetaData::rootObject() const (this=<optimized out>)
at /usr/src/debug/kcoreaddons-5.99.0/src/lib/plugin/kpluginmetadata.cpp:346
#6  0x00007fd9c99b921b in KPluginMetaData::pluginId() const (this=0x30)
at /usr/src/debug/kcoreaddons-5.99.0/src/lib/plugin/kpluginmetadata.cpp:468
#7  0x00007fd9c99b9460 in KPluginMetaData::isValid() const (this=0x30)
at /usr/src/debug/kcoreaddons-5.99.0/src/lib/plugin/kpluginmetadata.cpp:336
#8  0x00007fd9705afbcc in Plasma::AbstractRunner::name() const (this=0x55ff8f9db4b0)
at /usr/src/debug/krunner-5.99.0/src/abstractrunner.cpp:337
#9  0x00007fd9705bb85e in Plasma::DefaultRunnerPolicy::free(QSharedPointer<ThreadWeaver::JobInterface>)
(this=0x7fd9705d80e0 <Plasma::DefaultRunnerPolicy::instance()::policy>, job=...)
at /usr/src/debug/krunner-5.99.0/src/runnerjobs.cpp:98
#10 0x00007fd971466c4b in ThreadWeaver::Private::Job_Private::freeQueuePolicyResources(QSharedPointer<ThreadWeaver::JobInterface>) (this=0x55ff8edc7de0, job=...) at /usr/src/debug/threadweaver-5.99.0/src/job_p.cpp:30
#11 0x00007fd97146a141 in ThreadWeaver::Job::defaultEnd(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) (this=<optimized out>, job=...) at /usr/src/debug/threadweaver-5.99.0/src/job.cpp:125
#12 0x00007fd97146a0b4 in ThreadWeaver::Job::execute(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) (this=<optimized out>, self=..., th=0x55ff8f3e9220) at /usr/src/debug/threadweaver-5.99.0/src/job.cpp:79
#13 0x00007fd97146dde2 in ThreadWeaver::Thread::run() (this=0x55ff8f3e9220)
at /usr/src/debug/threadweaver-5.99.0/src/thread.cpp:98
#14 0x00007fd9c9c882ba in QThreadPrivate::start(void*) (arg=0x55ff8f3e9220) at thread/qthread_unix.cpp:330
#15 0x00007fd9c8cca8fd in start_thread (arg=<optimized out>) at pthread_create.c:442
#16 0x00007fd9c8d4ca60 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Comment 15 Nate Graham 2022-10-31 17:56:50 UTC

*** Bug 461116 has been marked as a duplicate of this bug. ***

Comment 16 Alexander Lohnau 2022-11-07 07:54:23 UTC

I am not sure to why the crash happens in KWin, but am able to reproduce the same stacktrace in an adjusted autotest without any sanitizers or other special setup

Comment 17 Bug Janitor Service 2022-11-07 08:18:14 UTC

A possibly relevant merge request was started @ https://invent.kde.org/frameworks/krunner/-/merge_requests/113

Comment 18 Alexander Lohnau 2022-11-19 06:05:19 UTC

Git commit 491d6999733c8919db51e9107abaed02e6feebc4 by Alexander Lohnau.
Committed on 19/11/2022 at 06:03.
Pushed by alex into branch 'master'.

Fix crash when deleting RunnerManager while jobs are running

M  +1    -0    autotests/CMakeLists.txt
M  +10   -0    autotests/fakerunner.h
M  +14   -0    autotests/runnermanagertest.cpp
M  +7    -1    src/runnermanager.cpp

https://invent.kde.org/frameworks/krunner/commit/491d6999733c8919db51e9107abaed02e6feebc4

Comment 19 Nicolas Fella 2022-11-28 12:01:19 UTC

*** Bug 462311 has been marked as a duplicate of this bug. ***

Comment 20 Nate Graham 2022-11-28 23:26:57 UTC

*** Bug 455507 has been marked as a duplicate of this bug. ***

Comment 21 Aitor 2022-11-29 22:46:09 UTC

*** Bug 462397 has been marked as a duplicate of this bug. ***

Comment 22 Nicolas Fella 2023-01-06 20:09:29 UTC

*** Bug 463919 has been marked as a duplicate of this bug. ***

Comment 23 Gustavo Parreira 2023-01-06 20:43:39 UTC

*** Bug 463919 has been marked as a duplicate of this bug. ***

Comment 24 Gustavo Parreira 2023-01-06 20:46:15 UTC

In krunner 5.101.0, which includes commit 491d6999733c8919db51e9107abaed02e6feebc4, a hard crash is happening now under slightly different circumstances as noted in https://bugs.kde.org/show_bug.cgi?id=463919

I've attached relevant crash logs and coredumps there, and have been told it seems related to this issue.