| Summary: | plasmashell crash in ModelSource::item() due to SEGV | ||
|---|---|---|---|
| Product: | [Frameworks and Libraries] frameworks-kquickcharts | Reporter: | Eduard <e.bachmakov> |
| Component: | general | Assignee: | Arjen Hiemstra <ahiemstra> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | crash | CC: | kdelibs-bugs-null, martial_vipers.2p, mds_foss, nate, northon_patrick3, parona |
| Priority: | NOR | ||
| Version First Reported In: | 6.17.0 | ||
| Target Milestone: | --- | ||
| Platform: | NixOS | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
| Attachments: | kcrash report | ||
Looks a bit similar outwardly to Bug 503099, but the backtrace is different enough that I don't think it's the same issue. Eduard, it looks like you're very technically knowledgeable. Would you be interested in investigating this further and submitting a patch to fix the issue? That would be super! Hey Nate, appreciate the offer! While my paste is a bit more involved than "just `bt`" it's just my normal take-a-look I do for most coredumps with no domain expertise. For actual investigation with crash I cannot reproduce I think it's down to reading code and experimentation. And with with zero Qt/KDE coding experience and little time, I don't really see this happening anytime soon, I'm afraid :-(. No worries. I just thought I'd ask. Created attachment 184786 [details]
kcrash report
I had this same crash while trying to copy files from a remote via Dolphin.
The only non-default Plasmoid I use is an older version of org.kde.olib.thermalmonitor.
# SOFTWARE/OS VERSIONS
Operating System: Arch Linux
KDE Plasma Version: 6.4.4
KDE Frameworks Version: 6.17.0
Qt Version: 6.9.2
Kernel Version: 6.12.45-1-lts (64-bit)
Graphics Platform: Wayland
The only thing I find in the logs is:
Sep 07 14:57:42 plasmashell[1423]: kf.quickcharts.datasource: ModelSource: Invalid role -1 "data"
Sep 07 14:57:42 plasmashell[1423]: KCrash: Application 'plasmashell' crashing... crashRecursionCounter = 2
Sep 07 14:57:42 systemd-coredump[14589]: Process 1423 (plasmashell) of user 1000 terminated abnormally with signal 11/SEGV, processing...
But `kf.quickcharts.datasource: ModelSource: Invalid role -1 "data"` already appears multiple times before that without a crash.
I can reliably reproduce this warning by opening a file from the remote server in Okular or Gwenview.
The "Copying (to /tmp/XXXX)" notification appears and the warning gets printed to the logs.
However, I'm unable to reproduce the crash just by doing this.
I think the following information from the coredump might help (in addition to what Eduard sent):
(gdb) f 9
#9 0x000079aca5785e1d in ModelSource::item (this=0x5724026eecd0, index=0)
at /usr/src/debug/kquickcharts/kquickcharts-6.17.0/src/datasource/ModelSource.cpp:93
93 return m_model->data(modelIndex, m_role);
(gdb) l -
71 // For certain model (QML ListModel for example), the roleNames() are more
72 // dynamic and may only be valid when this method gets called. So try and
73 // lookup the role first before anything else.
74 if (m_role < 0) {
75 if (m_roleName.isEmpty()) {
76 return QVariant{};
77 }
78
79 m_role = m_model->roleNames().key(m_roleName.toLatin1(), -1);
80 if (m_role < 0) {
81 qCWarning(DATASOURCE) << "ModelSource: Invalid role " << m_role << m_roleName;
82 return QVariant{};
83 }
84 }
85
86 if (!m_indexColumns && (m_column < 0 || m_column > m_model->columnCount())) {
87 qCDebug(DATASOURCE) << "ModelSource: Invalid column" << m_column;
88 return QVariant{};
89 }
90
91 auto modelIndex = m_indexColumns ? m_model->index(0, index) : m_model->index(index, m_column);
92 if (modelIndex.isValid()) {
93 return m_model->data(modelIndex, m_role);
94 }
95
96 return QVariant{};
97 }
m_role == 0
m_roleName == "data"
m_indexColumns == false
m_column == 0
index == 0
modelIndex: row 0, column 0, internal pointer = 0x57240723c140
m_model == (QAbstractItemModel*)0x57240723c140
The model object at 0x57240723c140 resolves to a QQmlListModel-type object (vtable = QQmlPrivate::QQmlElement).
I assume ModelSource called m_model->data(modelIndex, 0) while m_roleName == "data", but the model did not report a matching role, causing a segfault inside QQmlListModel::data() in some cases.
Not sure how to investigate this further. Hopefully Arjen can take it from here.
It only seem to happen sometimes when I open and close the notification area.
#12 0x00007fb04d1d3645 in LegendModel::update (this=<optimized out>) at /usr/src/debug/kquickcharts/kquickcharts-6.17.0/controls/LegendModel.cpp:164
(gdb) print item
$3 = {name = {d = {d = 0x55d976cf30f0, ptr = 0x55d976cf3100 u"Speed", size = 5}}, shortName = {d = {d = 0x0, ptr = 0x0, size = 0}}, color = {
cspec = QColor::Rgb, ct = {argb = {alpha = 65535, red = 43433, green = 12593, blue = 17476, pad = 0}, ahsv = {alpha = 65535, hue = 43433,
saturation = 12593, value = 17476, pad = 0}, acmyk = {alpha = 65535, cyan = 43433, magenta = 12593, yellow = 17476, black = 0}, ahsl = {
alpha = 65535, hue = 43433, saturation = 12593, lightness = 17476, pad = 0}, argbExtended = {alphaF16 = 65535, redF16 = 43433, greenF16 = 12593,
blueF16 = 17476, pad = 0}, array = {65535, 43433, 12593, 17476, 0}}}, value = {d = {static MaxInternalSize = 24, data = {
data = '\000' <repeats 23 times>, shared = 0x0, _forAlignment = 0}, is_shared = 0, is_null = 1, packedType = 0}}}
Something to do with speed, like transfer speed of files? I will try to disable application progress in notification area and see what happen.
This is very similar to Bug 509192, although the stack trace is different here, and older Qt too. But I got the stacktrace from Bug 509192 (and corresponding plasmashell crash loop) also while opening notifications, as the commenter above said (but wasn't copying anything and shouldn't have had anything with a progress in general there?). Maybe I was copying things, I didn't notice. It will need more testing. It seem all tied to widgets using qml and qjsengine, it might be a sign of a deeper problem. I have not experienced any crashes since turning off application progress in notification area. Before it would have crashed a few times a day. *** This bug has been marked as a duplicate of bug 503099 *** |
SUMMARY plasmashell crashed. Looks like it's caused within ModelSource::item() (kquickcharts-6.17.0) on the KDE side. STEPS TO REPRODUCE 1. Unknown, IIRC there was a mouse click on the panel OBSERVED RESULT crash EXPECTED RESULT no crash SOFTWARE/OS VERSIONS Operating System: NixOS 25.11 KDE Plasma Version: 6.4.4 KDE Frameworks Version: 6.17.0 Qt Version: 6.9.1 Kernel Version: 6.16.1 (64-bit) Graphics Platform: Wayland Processors: 24 × AMD Ryzen 9 5900X 12-Core Processor Memory: 32 GiB of RAM (31.3 GiB usable) Graphics Processor: AMD Radeon RX 7900 XTX ADDITIONAL INFORMATION (gdb) bt #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=11, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007fb84e09cfa3 in __pthread_kill_internal (threadid=<optimized out>, signo=11) at pthread_kill.c:78 #2 0x00007fb84e04190e in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26 #3 0x00007fb85256b6f3 in KCrash::defaultCrashHandler (sig=11) at /build/kcrash-6.17.0/src/kcrash.cpp:605 #4 <signal handler called> #5 QJSEngine::handle (this=0x0) at /build/qtdeclarative-everywhere-src-6.9.1/src/qml/jsapi/qjsengine.h:298 #6 QQmlListModel::engine (this=this@entry=0x3ff40530) at /build/qtdeclarative-everywhere-src-6.9.1/src/qmlmodels/qqmllistmodel.cpp:2128 #7 0x00007fb8512e9bda in QQmlListModel::data (this=0x3ff40530, index=<optimized out>, role=0) at /build/qtdeclarative-everywhere-src-6.9.1/src/qmlmodels/qqmllistmodel.cpp:2319 #8 0x00007fb8512ea0f4 in QQmlListModel::data (this=<optimized out>, index=..., role=<optimized out>) at /nix/store/a7vlrrzdya0qsnsbwddmgpw873xj5mdb-qtbase-6.9.1/include/QtCore/qabstractitemmodel.h:130 #9 0x00007fb7ad577658 in ModelSource::item (this=<optimized out>, index=<optimized out>) at /build/kquickcharts-6.17.0/src/datasource/ModelSource.cpp:93 #10 0x00007fb7ad572611 in ChartDataSource::first (this=<optimized out>) at /build/kquickcharts-6.17.0/src/datasource/ChartDataSource.cpp:20 #11 0x00007fb7ad50b9fe in LegendModel::getValueForItem (this=this@entry=0x40ffb7b0, item=item@entry=0) at /build/kquickcharts-6.17.0/controls/LegendModel.cpp:263 #12 0x00007fb7ad50c799 in LegendModel::update (this=<optimized out>) at /build/kquickcharts-6.17.0/controls/LegendModel.cpp:164 #13 0x00007fb84ea16f0a in QObject::event (this=0x40ffb7b0, e=0x40375ea0) at /build/qtbase-everywhere-src-6.9.1/src/corelib/kernel/qobject.cpp:1431 #14 0x00007fb8517a1c2d in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x40ffb7b0, e=0x40375ea0) at /build/qtbase-everywhere-src-6.9.1/src/widgets/kernel/qapplication.cpp:3303 #15 0x00007fb84e9b8098 in QCoreApplication::notifyInternal2 (receiver=0x40ffb7b0, event=0x40375ea0) at /build/qtbase-everywhere-src-6.9.1/src/corelib/kernel/qcoreapplication.cpp:1106 #16 0x00007fb84e9b82fd in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>) at /build/qtbase-everywhere-src-6.9.1/src/corelib/kernel/qcoreapplication.cpp:1546 #17 0x00007fb84e9bbf88 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x3ae41d80) at /build/qtbase-everywhere-src-6.9.1/src/corelib/kernel/qcoreapplication.cpp:1879 #18 0x00007fb84ece5f3f in postEventSourceDispatch (s=0x3af935b0) at /build/qtbase-everywhere-src-6.9.1/src/corelib/kernel/qeventdispatcher_glib.cpp:246 #19 0x00007fb84dba8f6d in g_main_dispatch (context=0x7fb844000f00) at ../glib/gmain.c:3398 #20 g_main_context_dispatch_unlocked (context=context@entry=0x7fb844000f00) at ../glib/gmain.c:4249 #21 0x00007fb84dbab2b8 in g_main_context_iterate_unlocked (context=context@entry=0x7fb844000f00, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4314 #22 0x00007fb84dbabb4f in g_main_context_iteration (context=0x7fb844000f00, may_block=1) at ../glib/gmain.c:4379 #23 0x00007fb84ece55d3 in QEventDispatcherGlib::processEvents (this=0x3ae6fb70, flags=...) at /build/qtbase-everywhere-src-6.9.1/src/corelib/kernel/qeventdispatcher_glib.cpp:399 #24 0x00007fb84e9c6e4b in QEventLoop::exec (this=this@entry=0x7fffee3d27d0, flags=..., flags@entry=...) at /build/qtbase-everywhere-src-6.9.1/src/corelib/global/qflags.h:77 #25 0x00007fb84e9c1ea1 in QCoreApplication::exec () at /build/qtbase-everywhere-src-6.9.1/src/corelib/global/qflags.h:77 #26 0x00007fb84f5f34bd in QGuiApplication::exec () at /build/qtbase-everywhere-src-6.9.1/src/gui/kernel/qguiapplication.cpp:1986 #27 0x00007fb8517a1b99 in QApplication::exec () at /build/qtbase-everywhere-src-6.9.1/src/widgets/kernel/qapplication.cpp:2570 #28 0x000000000042de5e in main (argc=<optimized out>, argv=<optimized out>) at /build/plasma-workspace-6.4.4/shell/main.cpp:188 (gdb) frame 5 #5 QJSEngine::handle (this=0x0) at /build/qtdeclarative-everywhere-src-6.9.1/src/qml/jsapi/qjsengine.h:298 298 QV4::ExecutionEngine *handle() const { return m_v4Engine; } (gdb) l 293 void installExtensions(Extensions extensions, const QJSValue &object = QJSValue()); 294 295 void setInterrupted(bool interrupted); 296 bool isInterrupted() const; 297 298 QV4::ExecutionEngine *handle() const { return m_v4Engine; } 299 300 void throwError(const QString &message); 301 void throwError(QJSValue::ErrorType errorType, const QString &message = QString()); 302 void throwError(const QJSValue &error); #6 QQmlListModel::engine (this=this@entry=0x3ff40530) at /build/qtdeclarative-everywhere-src-6.9.1/src/qmlmodels/qqmllistmodel.cpp:2128 2128 m_engine = qmlEngine(this)->handle(); (gdb) l 2123 } 2124 2125 QV4::ExecutionEngine *QQmlListModel::engine() const 2126 { 2127 if (m_engine == nullptr) { 2128 m_engine = qmlEngine(this)->handle(); 2129 } 2130 2131 return m_engine; 2132 } (gdb) p *this $1 = {<QAbstractListModel> = {<QAbstractItemModel> = {<QObject> = {_vptr.QObject = 0x7fb8513670a8 <vtable for QQmlPrivate::QQmlElement<QQmlListModel>+16>, static staticMetaObject = {d = {superdata = {direct = 0x0}, stringdata = 0x7fb84ed3f410 <QObject::qt_staticMetaObjectStaticContent<(anonymous namespace)::qt_meta_tag_ZN7QObjectE_t>+272>, data = 0x7fb84ed3f300 <QObject::qt_staticMetaObjectStaticContent<(anonymous namespace)::qt_meta_tag_ZN7QObjectE_t>>, static_metacall = 0x7fb84ea22ce0 <QObject::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, metaTypes = 0x7fb84eebf2c0 <QObject::qt_staticMetaObjectRelocatingContent<(anonymous namespace)::qt_meta_tag_ZN7QObjectE_t>>, extradata = 0x0}}, d_ptr = {d = 0x406d1c10}}, static staticMetaObject = {d = {superdata = {direct = 0x7fb84eeb9520 <QObject::staticMetaObject>}, stringdata = 0x7fb84ee04dd4 <QAbstractItemModel::qt_staticMetaObjectStaticContent<(anonymous namespace)::qt_meta_tag_ZN18QAbstractItemModelE_t>+3508>, data = 0x7fb84ee04020 <QAbstractItemModel::qt_staticMetaObjectStaticContent<(anonymous namespace)::qt_meta_tag_ZN18QAbstractItemModelE_t>>, static_metacall = 0x7fb84ec5eb10 <QAbstractItemModel::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, metaTypes = 0x7fb84eec3ae0 <QAbstractItemModel::qt_staticMetaObjectRelocatingContent<(anonymous namespace)::qt_meta_tag_ZN18QAbstractItemModelE_t>>, extradata = 0x0}}}, static staticMetaObject = {d = {superdata = { direct = 0x7fb84eec3aa0 <QAbstractItemModel::staticMetaObject>}, stringdata = 0x7fb84ee03f9c <QAbstractListModel::qt_staticMetaObjectStaticContent<(anonymous namespace)::qt_meta_tag_ZN18QAbstractListModelE_t>+60>, data = 0x7fb84ee03f60 <QAbstractListModel::qt_staticMetaObjectStaticContent<(anonymous namespace)::qt_meta_tag_ZN18QAbstractListModelE_t>>, static_metacall = 0x7fb84ec59560 <QAbstractListModel::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, metaTypes = 0x7fb84eeba828 <QAbstractListModel::qt_staticMetaObjectRelocatingContent<(anonymous namespace)::qt_meta_tag_ZN18QAbstractListModelE_t>>, extradata = 0x0}}}, static staticMetaObject = {d = {superdata = { direct = 0x7fb84eec3a20 <QAbstractListModel::staticMetaObject>}, stringdata = 0x7fb85134d2a8 <QQmlListModel::qt_staticMetaObjectStaticContent<(anonymous namespace)::qt_meta_tag_ZN13QQmlListModelE_t>+520>, data = 0x7fb85134d0a0 <QQmlListModel::qt_staticMetaObjectStaticContent<(anonymous namespace)::qt_meta_tag_ZN13QQmlListModelE_t>>, static_metacall = 0x7fb8512f9120 <QQmlListModel::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, metaTypes = 0x7fb8513688c0 <QQmlListModel::qt_staticMetaObjectRelocatingContent<(anonymous namespace)::qt_meta_tag_ZN13QQmlListModelE_t>>, extradata = 0x0}}, m_agent = 0x0, m_engine = 0x0, m_compilationUnit = {o = 0x0}, m_mainThread = true, m_primary = true, m_dynamicRoles = false, m_layout = 0x406d1cf0, m_listModel = 0x406dc960, translationChangeHandler = std::unique_ptr<QPropertyNotifier> = {get() = 0x0}, m_modelObjects = {<QListSpecialMethods<DynamicRoleModelNode*>> = {<QListSpecialMethodsBase<DynamicRoleModelNode*>> = {<No data fields>}, <No data fields>}, d = {d = 0x0, ptr = 0x0, size = 0}}, m_roles = {<QListSpecialMethods<QString>> = {<QListSpecialMethodsBase<QString>> = {<No data fields>}, <No data fields>}, d = {d = 0x0, ptr = 0x0, size = 0}}} (gdb) f 9 Downloading source file /build/kquickcharts-6.17.0/src/datasource/ModelSource.cpp #9 0x00007fb7ad577658 in ModelSource::item (this=<optimized out>, index=<optimized out>) at /build/kquickcharts-6.17.0/src/datasource/ModelSource.cpp:93 93 return m_model->data(modelIndex, m_role); (gdb) l 88 return QVariant{}; 89 } 90 91 auto modelIndex = m_indexColumns ? m_model->index(0, index) : m_model->index(index, m_column); 92 if (modelIndex.isValid()) { 93 return m_model->data(modelIndex, m_role); 94 } 95 96 return QVariant{}; 97 } (gdb) p modelIndex $8 = {r = 0, c = 0, i = 0, m = {ptr = 0x3ff40530}}