Bug 452660

Summary: Random Plasma crashes caused by `reuseItems: true` in DelegateModel
Product: [Plasma] plasmashell Reporter: Stefan Schmidt <thrimbor+kdebugs>
Component: Task Manager and Icons-Only Task ManagerAssignee: Plasma Bugs List <plasma-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: kde, nate, qydwhotmail, thrimbor+kdebugs
Priority: NOR Keywords: drkonqi
Version: 5.24.4   
Target Milestone: 1.0   
Platform: Arch Linux   
OS: Linux   
See Also: https://bugreports.qt.io/browse/QTBUG-102811
https://bugreports.qt.io/browse/QTBUG-91425
Latest Commit: https://invent.kde.org/qt/qt/qtdeclarative/-/merge_requests/42 Version Fixed In: kde/5.15
Sentry Crash Report:
Attachments: New crash information added by DrKonqi

Description Stefan Schmidt 2022-04-15 13:58:16 UTC 
Application: plasmashell (5.24.4)

Qt Version: 5.15.3
Frameworks Version: 5.93.0
Operating System: Linux 5.17.3-arch1-1 x86_64
Windowing System: X11
Distribution: "Arch Linux"
DrKonqi: 5.24.4 [KCrashBackend]

-- Information about the crash:
I'm experiencing Plasma crashes, but so far couldn't narrow it down to some specific action or situation.
Today it crashed when I clicked on the icon of an open dolphin instance in the task bar, two days ago it crashed when I opened Firefox (which opens a lot of windows).
These actions do not reliably reproduce the crash, and I've had crashes where I didn't even actively do anything.

I've tried to install all debug symbols, but the debug dialog mentioned that the symbols for /usr/bin/plasmashell are still not there. I will try to have debuginfod ready the next time.

The crash can be reproduced sometimes.

-- Backtrace:
Application: Plasma (plasmashell), signal: Segmentation fault

[KCrash Handler]
#4  std::__atomic_base<int>::load(std::memory_order) const (__m=std::memory_order_relaxed, this=0x70006f006f0070, this=<optimized out>, __m=<optimized out>) at /usr/include/c++/11.2.0/bits/atomic_base.h:479
#5  QAtomicOps<int>::loadRelaxed<int>(std::atomic<int> const&) (_q_value=..., _q_value=<optimized out>) at /usr/include/qt/QtCore/qatomic_cxx11.h:239
#6  QBasicAtomicInteger<int>::loadRelaxed() const (this=0x70006f006f0070, this=<optimized out>) at /usr/include/qt/QtCore/qbasicatomic.h:107
#7  QWeakPointer<QObject>::internalData() const (this=0x5630186a0e48) at /usr/include/qt/QtCore/qsharedpointer_impl.h:698
#8  QPointer<QObject>::data() const (this=0x5630186a0e48, this=<optimized out>) at /usr/include/qt/QtCore/qpointer.h:77
#9  QPointer<QObject>::operator QObject*() const (this=0x5630186a0e48, this=<optimized out>) at /usr/include/qt/QtCore/qpointer.h:83
#10 QQmlDelegateModelPrivate::destroyCacheItem(QQmlDelegateModelItem*) (this=0x563014e01b10, cacheItem=0x5630186a0e20) at /usr/src/debug/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:643
#11 0x00007f86f5be1bb2 in std::function<void (QQmlDelegateModelItem*)>::operator()(QQmlDelegateModelItem*) const (__args#0=0x5630186a0e20, this=0x7ffefb8e8220) at /usr/include/c++/11.2.0/bits/std_function.h:560
#12 QQmlReusableDelegateModelItemsPool::drain(int, std::function<void (QQmlDelegateModelItem*)>) (this=0x563014e01d08, maxPoolTime=0, releaseItem=...) at /usr/src/debug/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:3821
#13 0x00007f86f5bd1c6b in QQmlDelegateModelPrivate::drainReusableItemsPool(int) (maxPoolTime=<optimized out>, this=<optimized out>) at /usr/src/debug/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:1118
#14 QQmlDelegateModel::drainReusableItemsPool(int) (this=<optimized out>, maxPoolTime=<optimized out>) at /usr/src/debug/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:1123
#15 0x00007f86f86d0f15 in QQuickListView::geometryChanged(QRectF const&, QRectF const&) (this=0x5630172220b0, newGeometry=..., oldGeometry=...) at /usr/src/debug/qtdeclarative/src/quick/items/qquicklistview.cpp:3418
#16 0x00007f86f85fd530 in QQuickItem::setSize(QSizeF const&) (this=this@entry=0x5630172220b0, size=...) at /usr/src/debug/qtdeclarative/src/quick/items/qquickitem.cpp:7045
#17 0x00007f86f0efd2fb in QQuickControlPrivate::resizeContent() (this=<optimized out>) at /usr/src/debug/qtquickcontrols2/src/quicktemplates2/qquickcontrol.cpp:402
#18 0x00007f86f0efff6b in QQuickControl::geometryChanged(QRectF const&, QRectF const&) (this=0x56301619e5c0, newGeometry=..., oldGeometry=...) at /usr/src/debug/qtquickcontrols2/src/quicktemplates2/qquickcontrol.cpp:2222
#19 0x00007f86f85fd3ec in QQuickItem::setImplicitHeight(double) (this=0x56301619e5c0, h=<optimized out>) at /usr/src/debug/qtdeclarative/src/quick/items/qquickitem.cpp:6944
#20 0x00007f86f8149b11 in QQmlPropertyData::writeProperty(QObject*, void*, QFlags<QQmlPropertyData::WriteFlag>) const (this=<optimized out>, target=<optimized out>, value=<optimized out>, flags=...) at ../../include/QtQml/5.15.3/QtQml/private/../../../../../../qtdeclarative/src/qml/qml/qqmlpropertydata_p.h:375
#21 0x00007f86f819f73b in GenericBinding<6>::doStore<double>(double, QQmlPropertyData const*, QFlags<QQmlPropertyData::WriteFlag>) const (flags=..., pd=<optimized out>, value=<optimized out>, this=0x563014c4e090) at /usr/src/debug/qtdeclarative/src/qml/qml/qqmlbinding.cpp:342
#22 GenericBinding<6>::write(QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) (this=0x563014c4e090, result=..., isUndefined=<optimized out>, flags=...) at /usr/src/debug/qtdeclarative/src/qml/qml/qqmlbinding.cpp:315
#23 0x00007f86f81a82e6 in QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) (this=0x563014c4e090, watcher=..., flags=..., scope=<optimized out>) at /usr/src/debug/qtdeclarative/src/qml/qml/qqmlbinding.cpp:258
#24 0x00007f86f81a91cc in QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) (this=0x563014c4e090, flags=...) at /usr/src/debug/qtdeclarative/src/qml/qml/qqmlbinding.cpp:194
#25 0x00007f86f8185af5 in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) (endpoint=<optimized out>, a=0x7ffefb8e9fa0) at /usr/src/debug/qtdeclarative/src/qml/qml/qqmlnotifier.cpp:104
#26 0x00007f86f6d37fbe in doActivate<false>(QObject*, int, void**) (sender=0x56301665f1e0, signal_index=3, argv=0x7ffefb8e9fa0) at kernel/qobject.cpp:3778
#27 0x00007f86f85f8877 in QQuickItem::childrenRectChanged(QRectF const&) (this=<optimized out>, _t1=<optimized out>) at .moc/moc_qquickitem.cpp:1069
#28 0x00007f86f85ec00b in QQuickItemPrivate::emitChildrenRectChanged(QRectF const&) (rect=..., this=<optimized out>) at ../../include/QtQuick/5.15.3/QtQuick/private/../../../../../../qtdeclarative/src/quick/items/qquickitem_p.h:591
#29 QQuickContents::updateRect() (this=0x5630167aaa80) at /usr/src/debug/qtdeclarative/src/quick/items/qquickitem.cpp:270
#30 QQuickContents::itemGeometryChanged(QQuickItem*, QQuickGeometryChange, QRectF const&) (this=0x5630167aaa80, changed=<optimized out>, change=...) at /usr/src/debug/qtdeclarative/src/quick/items/qquickitem.cpp:284
#31 0x00007f86f85ee393 in QQuickItem::geometryChanged(QRectF const&, QRectF const&) (this=this@entry=0x563018087990, newGeometry=..., oldGeometry=...) at /usr/src/debug/qtdeclarative/src/quick/items/qquickitem.cpp:3767
#32 0x00007f86dce1b865 in QQuickLayout::geometryChanged(QRectF const&, QRectF const&) (this=0x563018087990, newGeometry=..., oldGeometry=...) at /usr/src/debug/qtdeclarative/src/imports/layouts/qquicklayout.cpp:883
#33 0x00007f86f85f3f69 in QQuickItem::setHeight(double) (this=0x563018087990, h=<optimized out>) at /usr/src/debug/qtdeclarative/src/quick/items/qquickitem.cpp:6890
#34 0x00007f86f86017e3 in QQuickItem::qt_metacall(QMetaObject::Call, int, void**) (this=this@entry=0x563018087990, _c=_c@entry=QMetaObject::WriteProperty, _id=8, _a=_a@entry=0x7ffefb8ea330) at .moc/moc_qquickitem.cpp:1048
#35 0x00007f86dce1bddc in QQuickLayout::qt_metacall(QMetaObject::Call, int, void**) (this=this@entry=0x563018087990, _c=_c@entry=QMetaObject::WriteProperty, _id=<optimized out>, _a=_a@entry=0x7ffefb8ea330) at .moc/moc_qquicklayout_p.cpp:132
#36 0x00007f86dce1be7a in QQuickGridLayoutBase::qt_metacall(QMetaObject::Call, int, void**) (this=this@entry=0x563018087990, _c=_c@entry=QMetaObject::WriteProperty, _id=<optimized out>, _a=_a@entry=0x7ffefb8ea330) at .moc/moc_qquicklinearlayout_p.cpp:158
#37 0x00007f86dce1bfda in QQuickLinearLayout::qt_metacall(QMetaObject::Call, int, void**) (this=0x563018087990, _c=QMetaObject::WriteProperty, _id=<optimized out>, _a=0x7ffefb8ea330) at .moc/moc_qquicklinearlayout_p.cpp:572
#38 0x00007f86f808892a in QV4::QObjectWrapper::setProperty(QV4::ExecutionEngine*, QObject*, QQmlPropertyData*, QV4::Value const&) (engine=0x563010f8ede0, object=0x563018087990, property=0x7f86e00a0328, value=...) at ../../include/QtQml/5.15.3/QtQml/private/../../../../../../qtdeclarative/src/qml/qml/qqmlpropertydata_p.h:285
#39 0x00007f86f80891b5 in QV4::QObjectWrapper::setQmlProperty(QV4::ExecutionEngine*, QQmlContextData*, QObject*, QV4::String*, QV4::QObjectWrapper::RevisionMode, QV4::Value const&) (value=..., revisionMode=QV4::QObjectWrapper::CheckRevision, name=<optimized out>, object=0x563018087990, qmlContext=<optimized out>, engine=0x563010f8ede0) at /usr/src/debug/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:435
#40 QV4::QObjectWrapper::setQmlProperty(QV4::ExecutionEngine*, QQmlContextData*, QObject*, QV4::String*, QV4::QObjectWrapper::RevisionMode, QV4::Value const&) (engine=0x563010f8ede0, qmlContext=<optimized out>, object=0x563018087990, name=<optimized out>, revisionMode=QV4::QObjectWrapper::CheckRevision, value=...) at /usr/src/debug/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:418
#41 0x00007f86f8069f0c in QV4::QQmlContextWrapper::virtualPut(QV4::Managed*, QV4::PropertyKey, QV4::Value const&, QV4::Value*) (m=<optimized out>, id=..., value=..., receiver=<optimized out>) at /usr/src/debug/qtdeclarative/src/qml/jsruntime/qv4qmlcontext.cpp:432
#42 0x00007f86f803595f in QV4::Object::put(QV4::StringOrSymbol*, QV4::Value const&, QV4::Value*) (receiver=0x7f86dfbc1758, v=..., name=0x7f86dfbc1750, this=0x7f86dfbc1758) at ../../include/QtQml/5.15.3/QtQml/private/../../../../../../qtdeclarative/src/qml/jsruntime/qv4string_p.h:280
#43 QV4::ExecutionContext::setProperty(QV4::String*, QV4::Value const&) (this=<optimized out>, name=0x7f86dfbc1750, value=...) at /usr/src/debug/qtdeclarative/src/qml/jsruntime/qv4context.cpp:313
#44 0x00007f86f80b1b3c in QV4::Runtime::StoreNameSloppy::call(QV4::ExecutionEngine*, int, QV4::Value const&) (engine=0x563010f8ede0, nameIndex=<optimized out>, value=...) at /usr/src/debug/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:990
#45 0x00007f8699b419ca in  ()
#46 0x0000000000000000 in  ()
[Inferior 1 (process 925) detached]

Possible duplicates by query: bug 450900, bug 449981, bug 445417, bug 443352, bug 443059.

Reported using DrKonqi
Comment 1 Stefan Schmidt 2022-04-18 11:10:11 UTC 
Created attachment 148217 [details]
New crash information added by DrKonqi

plasmashell (5.24.4) using Qt 5.15.3

This time it crashed when pressing the Meta key. I had debuginfod installed, so it retrieved the debug info from the web this time.

-- Backtrace (Reduced):
#6  std::__atomic_base<int>::load(std::memory_order) const (__m=std::memory_order_relaxed, this=0x70006f006f0070, this=<optimized out>, __m=<optimized out>) at /usr/include/c++/11.2.0/bits/atomic_base.h:479
#7  QAtomicOps<int>::loadRelaxed<int>(std::atomic<int> const&) (_q_value=..., _q_value=<optimized out>) at /usr/include/qt/QtCore/qatomic_cxx11.h:239
#8  QBasicAtomicInteger<int>::loadRelaxed() const (this=0x70006f006f0070, this=<optimized out>) at /usr/include/qt/QtCore/qbasicatomic.h:107
#9  QWeakPointer<QObject>::internalData() const (this=0x55aaab606348) at /usr/include/qt/QtCore/qsharedpointer_impl.h:698
#10 QPointer<QObject>::data() const (this=0x55aaab606348, this=<optimized out>) at /usr/include/qt/QtCore/qpointer.h:77
Comment 2 Nate Graham 2022-04-18 15:23:21 UTC 
No KDE code implicated; no idea what this could be. Might be a Qt bug.
Comment 3 Fushan Wen 2022-04-23 14:51:50 UTC 
The crash is caused by QQmlDelegateModel. Currently in Plasma only task manager uses it if you don't have other 3rd applets installed.
Comment 4 Fushan Wen 2022-04-23 15:39:27 UTC 
When an item is pooled and then destroyed, the program will crash.
Comment 5 Fushan Wen 2022-04-25 20:13:59 UTC 
Git commit a23fb82fcac7d4af4e981a9c84780cb25a82e88a by Fushan Wen.
Committed on 24/04/2022 at 00:52.
Pushed by ngraham into branch 'Plasma/5.24'.

applets/taskmanager: Disable `reuseItems` to avoid a crash

When the size (height) of ScrollView depends on its delegate items and
`reuseItems` is set to true, the program is prone to crash.

M  +1    -1    applets/taskmanager/package/contents/ui/ToolTipDelegate.qml

https://invent.kde.org/plasma/plasma-desktop/commit/a23fb82fcac7d4af4e981a9c84780cb25a82e88a
Comment 6 Nate Graham 2022-04-25 20:23:40 UTC 
Git commit 22d9376c3bc36104ec56d935642f9ad7d8fd219a by Nate Graham, on behalf of Fushan Wen.
Committed on 25/04/2022 at 20:23.
Pushed by ngraham into branch 'master'.

applets/taskmanager: Workaround for QTBUG-102811

When the size of ScrollView depends on its delegate items and `reuseItems`
is set to true, the program is prone to crash.

Although delayed binding on `Layout.minimumWidth` mitigates the crash,
there are still some related crash reports.

This adds a workaround for QTBUG-102811 to fix the potential crash. To
reproduce the crash, open 20 Konsole windows and 2 windows of other
program, set `delayed: false` in `Binding on Layout.minimumWidth` in the
origin code, and move mouse between the two grouped tasks in the task
manager.

M  +18   -15   applets/taskmanager/package/contents/ui/ToolTipDelegate.qml

https://invent.kde.org/plasma/plasma-desktop/commit/22d9376c3bc36104ec56d935642f9ad7d8fd219a
Comment 7 Bug Janitor Service 2023-03-04 03:35:35 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-desktop/-/merge_requests/1418
Comment 8 Fushan Wen 2023-03-09 10:32:45 UTC 
Git commit af51f8e0529f8db0b5612a15830adba53cfa900b by Fushan Wen.
Committed on 09/03/2023 at 10:28.
Pushed by fusionfuture into branch 'master'.

applets/taskmanager: remove workaround for QTBUG-102811

It's no longer reproducible with
3ba196eddc8c37bc56a799a8189c18a4da550a4c because the loader will unload
the model when the current tooltip type changes.

M  +3    -10   applets/taskmanager/package/contents/ui/ToolTipDelegate.qml

https://invent.kde.org/plasma/plasma-desktop/commit/af51f8e0529f8db0b5612a15830adba53cfa900b