Bug 471531

Summary: KUiServerV2JobTracker::registerJob crash
Product: [Frameworks and Libraries] frameworks-kjobwidgets Reporter: Riccardo Lesca <riccardo.lesca>
Component: generalAssignee: kdelibs bugs <kdelibs-bugs>
Status: REOPENED ---    
Severity: crash CC: abdussamedulutas, andrej.s.korshikov, aronkvh, bigallinux, brunopitrus, christoph, datenhamster, ddascalescu+kde, doncbugs, giecrilj, groszdanielpub, hsushipei1, igor_penza58, ilgaz, incredible.angst, jlp, jsardid, justin.zobel, kdebugs, kdebugtrackaccountcreatedbecausepolicysaysdontuseprimarybutdontusedisposable, meirgoldstein06, mesut.erdemir, opensuse.lietuviu.kalba, oshiorns1+kdebugs, pavlicek, personal, support, toralf.foerster, vasvir, waqar.17a, wuestenbaeckersaeltester, yzubkov, zyss
Priority: VHI Keywords: drkonqi
Version: 5.108.0   
Target Milestone: ---   
Platform: Debian stable   
OS: Linux   
Latest Commit: https://invent.kde.org/frameworks/kjobwidgets/-/commit/6f3496ce99d5cb9e4ce561d0bfc3b703fe9eec24 Version Fixed In:
Sentry Crash Report:

Description Riccardo Lesca 2023-06-28 12:32:49 UTC 
Application: kate (22.12.3)

Qt Version: 5.15.8
Frameworks Version: 5.103.0
Operating System: Linux 6.1.0-9-amd64 x86_64
Windowing System: Wayland
Distribution: Debian GNU/Linux 12 (bookworm)
DrKonqi: 5.27.5 [KCrashBackend]

-- Information about the crash:
laptop screen + external monitor
Kate was already open when the screen locked (timeout, everything fine).
Unlocked from Plasma lock screen.
Kate window has been redisplayed (after unlocking) then suddenly closed with error.

The reporter is unsure if this crash is reproducible.

-- Backtrace:
Application: Kate (kate), signal: Segmentation fault

[KCrash Handler]
#4  0x0000299d6a24004a in ?? ()
#5  0x00007f1deece4af1 in QObject::property(char const*) const () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007f1df00d32a1 in KUiServerV2JobTracker::registerJob(KJob*) () from /lib/x86_64-linux-gnu/libKF5JobWidgets.so.5
#7  0x00007f1df00d21f6 in ?? () from /lib/x86_64-linux-gnu/libKF5JobWidgets.so.5
#8  0x00007f1deece8f4f in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#9  0x00007f1deece8f4f in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#10 0x00007f1df02acdaf in QDBusServiceWatcher::serviceOwnerChanged(QString const&, QString const&, QString const&) () from /lib/x86_64-linux-gnu/libQt5DBus.so.5
#11 0x00007f1df02ad6ca in ?? () from /lib/x86_64-linux-gnu/libQt5DBus.so.5
#12 0x00007f1df02adb73 in QDBusServiceWatcher::qt_metacall(QMetaObject::Call, int, void**) () from /lib/x86_64-linux-gnu/libQt5DBus.so.5
#13 0x00007f1df025f61b in ?? () from /lib/x86_64-linux-gnu/libQt5DBus.so.5
#14 0x00007f1deecdd6f0 in QObject::event(QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#15 0x00007f1defb62fae in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#16 0x00007f1deecb16f8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#17 0x00007f1deecb4681 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#18 0x00007f1deed0a153 in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#19 0x00007f1decb1e7a9 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007f1decb1ea38 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007f1decb1eacc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#22 0x00007f1deed09836 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#23 0x00007f1deecb017b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#24 0x00007f1deecb82d6 in QCoreApplication::exec() () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#25 0x0000558082248e33 in ?? ()
#26 0x00007f1dee84618a in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#27 0x00007f1dee846245 in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#28 0x000055808224aa91 in ?? ()
[Inferior 1 (process 10026) detached]

Reported using DrKonqi
Comment 1 Christoph Cullmann 2023-06-29 15:47:51 UTC 
*** Bug 471465 has been marked as a duplicate of this bug. ***
Comment 2 Christoph Cullmann 2023-06-29 15:53:44 UTC 
Other bug shows 5.107.0 affected, too.
Comment 3 Christoph Cullmann 2023-06-29 16:22:24 UTC 
*** Bug 461318 has been marked as a duplicate of this bug. ***
Comment 4 Christoph Cullmann 2023-06-29 16:22:30 UTC 
*** Bug 462826 has been marked as a duplicate of this bug. ***
Comment 5 Christoph Cullmann 2023-06-29 16:51:47 UTC 
*** Bug 470478 has been marked as a duplicate of this bug. ***
Comment 6 Christoph Cullmann 2023-06-29 16:51:54 UTC 
*** Bug 468323 has been marked as a duplicate of this bug. ***
Comment 7 Christoph Cullmann 2023-06-29 16:53:12 UTC 
*** Bug 466663 has been marked as a duplicate of this bug. ***
Comment 8 Christoph Cullmann 2023-06-29 16:53:27 UTC 
-- Backtrace:
Application: Dolphin (dolphin), signal: Segmentation fault
Content of s_kcrashErrorMessage: std::unique_ptr<char []> = {get() = <optimized out>}
[KCrash Handler]
#6  0x00007f49c8abab63 in QObject::property (this=this@entry=0x55889ae883d0, name=name@entry=0x7f49ca906f96 "desktopFileName") at kernel/qobject.cpp:4123
#7  0x00007f49ca900b85 in KUiServerV2JobTracker::registerJob (this=0x55889aeba0a0, job=<optimized out>) at /usr/src/debug/kjobwidgets/kjobwidgets-5.103.0/src/kuiserverv2jobtracker.cpp:186
#8  0x00007f49ca8fdae3 in operator() (__closure=0x55889aeccd60) at /usr/src/debug/kjobwidgets/kjobwidgets-5.103.0/src/kuiserverv2jobtracker.cpp:227
#9  QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, KUiServerV2JobTracker::registerJob(KJob*)::<lambda()> >::call (arg=<optimized out>, f=...) at /usr/include/qt/QtCore/qobjectdefs_impl.h:146
#10 QtPrivate::Functor<KUiServerV2JobTracker::registerJob(KJob*)::<lambda()>, 0>::call<QtPrivate::List<>, void> (arg=<optimized out>, f=...) at /usr/include/qt/QtCore/qobjectdefs_impl.h:256
#11 QtPrivate::QFunctorSlotObject<KUiServerV2JobTracker::registerJob(KJob*)::<lambda()>, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=<optimized out>, this_=0x55889aeccd50, r=<optimized out>, a=<optimized out>, ret=<optimized out>) at /usr/include/qt/QtCore/qobjectdefs_impl.h:443
#12 0x00007f49c8abea71 in QtPrivate::QSlotObjectBase::call (a=<optimized out>, r=<optimized out>, this=<optimized out>, this=<optimized out>, r=<optimized out>, a=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#13 doActivate<false> (sender=0x7f49ca90e060 <_ZZN12_GLOBAL__N_117Q_QGS_serverProxy13innerFunctionEvE6holder.lto_priv.1>, signal_index=3, argv=0x7ffdaf9bd9e0) at kernel/qobject.cpp:3923
#14 0x00007f49c8abea71 in QtPrivate::QSlotObjectBase::call (a=<optimized out>, r=<optimized out>, this=<optimized out>, this=<optimized out>, r=<optimized out>, a=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#15 doActivate<false> (sender=0x55889aebdbe0, signal_index=5, argv=0x7ffdaf9bdb00) at kernel/qobject.cpp:3923
#16 0x00007f49c9eb9e94 in QDBusServiceWatcher::serviceOwnerChanged (this=this@entry=0x55889aebdbe0, _t1=..., _t2=..., _t3=...) at .moc/moc_qdbusservicewatcher.cpp:242
#17 0x00007f49c9ebfb33 in QDBusServiceWatcherPrivate::_q_serviceOwnerChanged (this=<optimized out>, newOwner=..., oldOwner=..., service=...) at /usr/src/debug/qt5-base/qtbase/src/dbus/qdbusservicewatcher.cpp:76
#18 QDBusServiceWatcher::qt_static_metacall (_o=_o@entry=0x55889aebdbe0, _c=_c@entry=QMetaObject::InvokeMetaMethod, _id=_id@entry=3, _a=_a@entry=0x7ffdaf9bdc80) at .moc/moc_qdbusservicewatcher.cpp:116
#19 0x00007f49c9ebfe13 in QDBusServiceWatcher::qt_metacall (this=0x55889aebdbe0, _c=QMetaObject::InvokeMetaMethod, _id=3, _a=0x7ffdaf9bdc80) at .moc/moc_qdbusservicewatcher.cpp:197
#20 0x00007f49c9ec345f in QDBusConnectionPrivate::deliverCall(QObject*, int, QDBusMessage const&, QVector<int> const&, int) [clone .constprop.0] (this=<optimized out>, object=<optimized out>, msg=..., metaTypes=..., slotIdx=<optimized out>) at /usr/src/debug/qt5-base/qtbase/src/dbus/qdbusintegrator.cpp:1001
#21 0x00007f49c8ab1bb0 in QObject::event (this=0x55889aebdbe0, e=0x7f49bc011ec0) at kernel/qobject.cpp:1347
#22 0x00007f49c9778b5c in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x55889aebdbe0, e=0x7f49bc011ec0) at kernel/qapplication.cpp:3640
#23 0x00007f49c8a8df48 in QCoreApplication::notifyInternal2 (receiver=0x55889aebdbe0, event=0x7f49bc011ec0) at kernel/qcoreapplication.cpp:1064
#24 0x00007f49c8a8dfb3 in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>) at kernel/qcoreapplication.cpp:1462
#25 0x00007f49c8a8ea53 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x55889a0edad0) at kernel/qcoreapplication.cpp:1821
#26 0x00007f49c8ad4e88 in postEventSourceDispatch (s=0x55889a115da0) at kernel/qeventdispatcher_glib.cpp:277
#27 0x00007f49c691682b in g_main_dispatch (context=0x7f49bc005010) at ../glib/glib/gmain.c:3454
#28 g_main_context_dispatch (context=0x7f49bc005010) at ../glib/glib/gmain.c:4172
#29 0x00007f49c696dcc9 in g_main_context_iterate.constprop.0 (context=0x7f49bc005010, block=1, dispatch=1, self=<optimized out>) at ../glib/glib/gmain.c:4248
#30 0x00007f49c69150e2 in g_main_context_iteration (context=0x7f49bc005010, may_block=1) at ../glib/glib/gmain.c:4313
#31 0x00007f49c8ad8c6c in QEventDispatcherGlib::processEvents (this=0x55889a0c95c0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#32 0x00007f49c8a866ec in QEventLoop::exec (this=0x7ffdaf9be150, flags=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#33 0x00007f49c8a91219 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#34 0x00007f49c8f39fe2 in QGuiApplication::exec () at kernel/qguiapplication.cpp:1870
#35 0x00007f49c9776f2a in QApplication::exec () at kernel/qapplication.cpp:2832
#36 0x00005588996e4f53 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/dolphin/dolphin-22.12.2/src/main.cpp:258
[Inferior 1 (process 11756) detached]
Comment 9 Christoph Cullmann 2023-06-29 16:53:42 UTC 
*** Bug 465820 has been marked as a duplicate of this bug. ***
Comment 10 Christoph Cullmann 2023-06-29 16:55:01 UTC 
*** Bug 465717 has been marked as a duplicate of this bug. ***
Comment 11 Christoph Cullmann 2023-06-29 16:55:07 UTC 
*** Bug 464900 has been marked as a duplicate of this bug. ***
Comment 12 Christoph Cullmann 2023-06-29 16:55:20 UTC 
*** Bug 464653 has been marked as a duplicate of this bug. ***
Comment 13 Christoph Cullmann 2023-06-29 16:55:26 UTC 
*** Bug 463690 has been marked as a duplicate of this bug. ***
Comment 14 Christoph Cullmann 2023-06-29 16:55:34 UTC 
*** Bug 461825 has been marked as a duplicate of this bug. ***
Comment 15 Christoph Cullmann 2023-06-29 16:55:53 UTC 
*** Bug 457314 has been marked as a duplicate of this bug. ***
Comment 16 Christoph Cullmann 2023-08-16 16:55:17 UTC 
*** Bug 473455 has been marked as a duplicate of this bug. ***
Comment 17 Christoph Cullmann 2023-08-27 15:58:00 UTC 
*** Bug 473781 has been marked as a duplicate of this bug. ***
Comment 18 Christoph Cullmann 2023-09-03 21:19:35 UTC 
*** Bug 455696 has been marked as a duplicate of this bug. ***
Comment 19 Christoph Cullmann 2023-12-02 15:56:55 UTC 
*** Bug 476582 has been marked as a duplicate of this bug. ***
Comment 20 Christoph Cullmann 2023-12-02 15:57:05 UTC 
*** Bug 476202 has been marked as a duplicate of this bug. ***
Comment 21 Christoph Cullmann 2023-12-02 15:57:13 UTC 
*** Bug 475803 has been marked as a duplicate of this bug. ***
Comment 22 Christoph Cullmann 2023-12-02 15:58:02 UTC 
*** Bug 473625 has been marked as a duplicate of this bug. ***
Comment 23 Christoph Cullmann 2023-12-02 15:58:08 UTC 
*** Bug 473722 has been marked as a duplicate of this bug. ***
Comment 24 Christoph Cullmann 2023-12-02 15:58:27 UTC 
*** Bug 474156 has been marked as a duplicate of this bug. ***
Comment 25 Christoph Cullmann 2023-12-02 15:58:34 UTC 
*** Bug 474867 has been marked as a duplicate of this bug. ***
Comment 26 Christoph Cullmann 2023-12-02 15:58:46 UTC 
*** Bug 473482 has been marked as a duplicate of this bug. ***
Comment 27 Méven 2023-12-03 08:43:45 UTC 
Git commit 75410fa3df5fbb182790a14af22ce5705cc1b86d by Méven Car.
Committed on 03/12/2023 at 09:41.
Pushed by meven into branch 'master'.

KUiServerV2JobTracker: prevent potenial use-after-free

M  +7    -5    src/kuiserverv2jobtracker.cpp

https://invent.kde.org/frameworks/kjobwidgets/-/commit/75410fa3df5fbb182790a14af22ce5705cc1b86d
Comment 28 Bug Janitor Service 2023-12-03 15:27:53 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/kjobwidgets/-/merge_requests/48
Comment 29 Méven 2023-12-03 16:14:42 UTC 
Git commit 10f8cb306978f2a70d2e4388b67cc6855a1ca8a3 by Méven Car.
Committed on 03/12/2023 at 16:27.
Pushed by cullmann into branch 'kf5'.

KUiServerV2JobTracker: prevent potenial use-after-free
(cherry picked from commit 75410fa3df5fbb182790a14af22ce5705cc1b86d)

M  +7    -5    src/kuiserverv2jobtracker.cpp

https://invent.kde.org/frameworks/kjobwidgets/-/commit/10f8cb306978f2a70d2e4388b67cc6855a1ca8a3
Comment 30 Akseli Lahtinen 2024-02-01 14:27:18 UTC 
*** Bug 480524 has been marked as a duplicate of this bug. ***
Comment 31 Akseli Lahtinen 2024-02-20 09:01:55 UTC 
*** Bug 481529 has been marked as a duplicate of this bug. ***
Comment 32 Christoph Cullmann 2024-03-23 14:47:07 UTC 
*** Bug 484297 has been marked as a duplicate of this bug. ***
Comment 33 Christoph Cullmann 2024-03-23 14:47:25 UTC 
*** Bug 483153 has been marked as a duplicate of this bug. ***
Comment 34 Christoph Cullmann 2024-03-23 14:49:43 UTC 
*** Bug 481451 has been marked as a duplicate of this bug. ***
Comment 35 Christoph Cullmann 2024-03-23 14:49:54 UTC 
*** Bug 481343 has been marked as a duplicate of this bug. ***
Comment 36 Christoph Cullmann 2024-03-23 14:50:02 UTC 
*** Bug 481169 has been marked as a duplicate of this bug. ***
Comment 37 Bug Janitor Service 2024-04-08 16:59:17 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/kjobwidgets/-/merge_requests/53
Comment 38 Christoph Cullmann 2024-05-07 19:29:11 UTC 
Git commit 6f3496ce99d5cb9e4ce561d0bfc3b703fe9eec24 by Christoph Cullmann, on behalf of Méven Car.
Committed on 07/05/2024 at 19:28.
Pushed by cullmann into branch 'master'.

KUiServerV2JobTracker: prevent a crash
Related: bug 483582

This is a very-common crash, happening when plasma crashes itself:
https://crash-reports.kde.org/organizations/kde/issues/10390/activity/?project=4&query=is%3Aunresolved&referrer=issue-stream&stream_index=0

I think this is due to the line 204 indeed, dereferencing a jobViews key, which is nullptr, because the `QTimer::timeout` callback in `KUiServerV2JobTracker::registerJob` did implicitely insert a jobViews[nullptr] when the job was already removed. Guard with jobGuard.
The first change is not necessary but I felt it makes the code implicit, otherwise we have a QPointer implicit conversion to `*`.

cc @broulik

M  +5    -6    src/kuiserverv2jobtracker.cpp

https://invent.kde.org/frameworks/kjobwidgets/-/commit/6f3496ce99d5cb9e4ce561d0bfc3b703fe9eec24
Comment 39 Waqar Ahmed 2024-10-07 06:40:41 UTC 
This doesn't seem to be fixed. https://crash-reports.kde.org/organizations/kde/issues/72734