405049 – [Wayland] Plasma crashes when you try to reopen the hamburger menu of plasma-pa

Bug 405049 - [Wayland] Plasma crashes when you try to reopen the hamburger menu of plasma-pa

Summary: [Wayland] Plasma crashes when you try to reopen the hamburger menu of plasma-pa

Status:	RESOLVED FIXED

Alias:	None

Product:	plasmashell
Classification:	Plasma
Component:	generic-wayland (show other bugs)
Version:	5.16.90
Platform:	Arch Linux Linux

Importance:	NOR crash
Target Milestone:	1.0
Assignee:	Plasma Bugs List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-03-03 23:15 UTC by Patrick Silva
Modified:	2020-09-18 20:13 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Patrick Silva 2019-03-03 23:15:30 UTC

SUMMARY
crash reproducinle on neon dev unstable and Arch Linux.

STEPS TO REPRODUCE
1. start Wayland session
2. click on sound icon in the systray
3. click on hamburger menu
4. while hamburger menu is still open, click on sound icon again to close the popup
5. click on sound icon again
6. click on hamburger button again

OBSERVED RESULT
plasma crashes

EXPECTED RESULT
no crash

SOFTWARE/OS VERSIONS
Operating System: KDE neon Developer Edition
KDE Plasma Version: 5.15.80
KDE Frameworks Version: 5.56.0
Qt Version: 5.12.0


Thread 17 (Thread 0x7fff9ca6f700 (LWP 16976)):
#0  0x00007fffee5fc9f3 in futex_wait_cancelable (private=<optimized out>, 
    expected=0, futex_word=0x7fff9425a314)
    at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  __pthread_cond_wait_common (abstime=0x0, mutex=0x7fff9425a2c0, 
    cond=0x7fff9425a2e8) at pthread_cond_wait.c:502
#2  __pthread_cond_wait (cond=0x7fff9425a2e8, mutex=0x7fff9425a2c0)
    at pthread_cond_wait.c:655
#3  0x00007ffff1ae8b4b in QWaitConditionPrivate::wait (deadline=..., 
    this=0x7fff9425a2c0) at thread/qwaitcondition_unix.cpp:146
#4  QWaitCondition::wait (this=<optimized out>, mutex=0x55555ae622b0, 
    deadline=...) at thread/qwaitcondition_unix.cpp:225
#5  0x00007ffff1ae8e59 in QWaitCondition::wait (
    this=this@entry=0x55555ae622b8, mutex=mutex@entry=0x55555ae622b0, 
    time=time@entry=18446744073709551615)
    at thread/qwaitcondition_unix.cpp:208
#6  0x00007ffff5e24da8 in QSGRenderThreadEventQueue::takeEvent (wait=true, this=0x55555ae622a8)
    at scenegraph/qsgthreadedrenderloop.cpp:245
#7  QSGRenderThread::processEventsAndWaitForMore (this=this@entry=0x55555ae62230)
    at scenegraph/qsgthreadedrenderloop.cpp:709
#8  0x00007ffff5e251da in QSGRenderThread::run (this=0x55555ae62230)
    at scenegraph/qsgthreadedrenderloop.cpp:738
#9  0x00007ffff1ae1bc2 in QThreadPrivate::start (arg=0x55555ae62230) at thread/qthread_unix.cpp:361
#10 0x00007fffee5f66db in start_thread (arg=0x7fff9ca6f700) at pthread_create.c:463
#11 0x00007ffff13e188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 16 (Thread 0x7fff9effd700 (LWP 16972)):
#0  0x00007fffee5fc9f3 in futex_wait_cancelable (private=<optimized out>, expected=0, 
    futex_word=0x555559120090) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  __pthread_cond_wait_common (abstime=0x0, mutex=0x555559120040, cond=0x555559120068)
    at pthread_cond_wait.c:502
#2  __pthread_cond_wait (cond=0x555559120068, mutex=0x555559120040) at pthread_cond_wait.c:655
#3  0x00007ffff1ae8b4b in QWaitConditionPrivate::wait (deadline=..., this=0x555559120040)
    at thread/qwaitcondition_unix.cpp:146
#4  QWaitCondition::wait (this=<optimized out>, mutex=0x555556246570, deadline=...)
    at thread/qwaitcondition_unix.cpp:225
#5  0x00007ffff1ae8e59 in QWaitCondition::wait (this=this@entry=0x555556246578, 
    mutex=mutex@entry=0x555556246570, time=time@entry=18446744073709551615)
    at thread/qwaitcondition_unix.cpp:208
#6  0x00007ffff5e24da8 in QSGRenderThreadEventQueue::takeEvent (wait=true, this=0x555556246568)
    at scenegraph/qsgthreadedrenderloop.cpp:245
#7  QSGRenderThread::processEventsAndWaitForMore (this=this@entry=0x5555562464f0)
    at scenegraph/qsgthreadedrenderloop.cpp:709
#8  0x00007ffff5e251da in QSGRenderThread::run (this=0x5555562464f0)
    at scenegraph/qsgthreadedrenderloop.cpp:738
#9  0x00007ffff1ae1bc2 in QThreadPrivate::start (arg=0x5555562464f0) at thread/qthread_unix.cpp:361
#10 0x00007fffee5f66db in start_thread (arg=0x7fff9effd700) at pthread_create.c:463
#11 0x00007ffff13e188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 13 (Thread 0x7fff8eb88700 (LWP 16940)):
#0  0x00007fffee5fc9f3 in futex_wait_cancelable (private=<optimized out>, expected=0, 
    futex_word=0x555557272b90) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  __pthread_cond_wait_common (abstime=0x0, mutex=0x555557272b40, cond=0x555557272b68)
    at pthread_cond_wait.c:502
#2  __pthread_cond_wait (cond=0x555557272b68, mutex=0x555557272b40) at pthread_cond_wait.c:655
#3  0x00007ffff1ae8b4b in QWaitConditionPrivate::wait (deadline=..., this=0x555557272b40)
    at thread/qwaitcondition_unix.cpp:146
#4  QWaitCondition::wait (this=<optimized out>, mutex=0x555557243cd0, deadline=...)
    at thread/qwaitcondition_unix.cpp:225
#5  0x00007ffff1ae8e59 in QWaitCondition::wait (this=this@entry=0x555557243cd8, 
    mutex=mutex@entry=0x555557243cd0, time=time@entry=18446744073709551615)
    at thread/qwaitcondition_unix.cpp:208
#6  0x00007ffff5e24da8 in QSGRenderThreadEventQueue::takeEvent (wait=true, this=0x555557243cc8)
    at scenegraph/qsgthreadedrenderloop.cpp:245
#7  QSGRenderThread::processEventsAndWaitForMore (this=this@entry=0x555557243c50)
    at scenegraph/qsgthreadedrenderloop.cpp:709
#8  0x00007ffff5e251da in QSGRenderThread::run (this=0x555557243c50)
    at scenegraph/qsgthreadedrenderloop.cpp:738
#9  0x00007ffff1ae1bc2 in QThreadPrivate::start (arg=0x555557243c50) at thread/qthread_unix.cpp:361
#10 0x00007fffee5f66db in start_thread (arg=0x7fff8eb88700) at pthread_create.c:463
#11 0x00007ffff13e188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 9 (Thread 0x7fff9ffff700 (LWP 16935)):
#0  0x00007ffff13d4bf9 in __GI___poll (fds=0x555556e59520, nfds=2, timeout=-1)
    at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fffeb23b539 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fffeb23b8d2 in g_main_loop_run () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fffb5282026 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#4  0x00007fffeb263105 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007fffee5f66db in start_thread (arg=0x7fff9ffff700) at pthread_create.c:463
#6  0x00007ffff13e188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 8 (Thread 0x7fffa4a60700 (LWP 16934)):
#0  0x00007ffff13d4bf9 in __GI___poll (fds=0x555556e46e00, nfds=2, timeout=-1)
    at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fffeb23b539 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fffeb23b64c in g_main_context_iteration () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fffeb23b691 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007fffeb263105 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007fffee5f66db in start_thread (arg=0x7fffa4a60700) at pthread_create.c:463
#6  0x00007ffff13e188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 6 (Thread 0x7fffbef3a700 (LWP 16923)):
#0  0x00007fffee5fc9f3 in futex_wait_cancelable (private=<optimized out>, expected=0, 
    futex_word=0x5555558eec84) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  __pthread_cond_wait_common (abstime=0x0, mutex=0x5555558eec30, cond=0x5555558eec58)
    at pthread_cond_wait.c:502
#2  __pthread_cond_wait (cond=0x5555558eec58, mutex=0x5555558eec30) at pthread_cond_wait.c:655
#3  0x00007ffff1ae8b4b in QWaitConditionPrivate::wait (deadline=..., this=0x5555558eec30)
    at thread/qwaitcondition_unix.cpp:146
#4  QWaitCondition::wait (this=<optimized out>, mutex=0x555556054d20, deadline=...)
    at thread/qwaitcondition_unix.cpp:225
#5  0x00007ffff1ae8e59 in QWaitCondition::wait (this=this@entry=0x555556054d28, 
    mutex=mutex@entry=0x555556054d20, time=time@entry=18446744073709551615)
    at thread/qwaitcondition_unix.cpp:208
#6  0x00007ffff5e24da8 in QSGRenderThreadEventQueue::takeEvent (wait=true, this=0x555556054d18)
    at scenegraph/qsgthreadedrenderloop.cpp:245
#7  QSGRenderThread::processEventsAndWaitForMore (this=this@entry=0x555556054ca0)
    at scenegraph/qsgthreadedrenderloop.cpp:709
#8  0x00007ffff5e251da in QSGRenderThread::run (this=0x555556054ca0)
    at scenegraph/qsgthreadedrenderloop.cpp:738
#9  0x00007ffff1ae1bc2 in QThreadPrivate::start (arg=0x555556054ca0) at thread/qthread_unix.cpp:361
#10 0x00007fffee5f66db in start_thread (arg=0x7fffbef3a700) at pthread_create.c:463
#11 0x00007ffff13e188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 5 (Thread 0x7fffc51ee700 (LWP 16922)):
#0  0x00007ffff13d4bf9 in __GI___poll (fds=0x7fffc0005130, nfds=1, timeout=-1)
    at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fffeb23b539 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fffeb23b64c in g_main_context_iteration () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff1d1713f in QEventDispatcherGlib::processEvents (this=0x7fffc0000b20, flags=...)
    at kernel/qeventdispatcher_glib.cpp:422
#4  0x00007ffff1cb864a in QEventLoop::exec (this=this@entry=0x7fffc51edcb0, flags=..., 
    flags@entry=...) at kernel/qeventloop.cpp:225
#5  0x00007ffff1ae041a in QThread::exec (this=this@entry=0x5555558c96e0) at thread/qthread.cpp:531
#6  0x00007ffff5d9f1c6 in QQuickPixmapReader::run (this=0x5555558c96e0)
    at util/qquickpixmapcache.cpp:949
#7  0x00007ffff1ae1bc2 in QThreadPrivate::start (arg=0x5555558c96e0) at thread/qthread_unix.cpp:361
#8  0x00007fffee5f66db in start_thread (arg=0x7fffc51ee700) at pthread_create.c:463
#9  0x00007ffff13e188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 0x7fffd2b89700 (LWP 16921)):
#0  0x00007fffee5fc9f3 in futex_wait_cancelable (private=<optimized out>, expected=0, 
    futex_word=0x555555c1451c) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  __pthread_cond_wait_common (abstime=0x0, mutex=0x555555c144c8, cond=0x555555c144f0)
    at pthread_cond_wait.c:502
#2  __pthread_cond_wait (cond=0x555555c144f0, mutex=0x555555c144c8) at pthread_cond_wait.c:655
#3  0x00007fffd36e5b1b in ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#4  0x00007fffd36e5847 in ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#5  0x00007fffee5f66db in start_thread (arg=0x7fffd2b89700) at pthread_create.c:463
#6  0x00007ffff13e188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7fffe129d700 (LWP 16920)):
#0  0x00007ffff13d4bf9 in __GI___poll (fds=0x7fffd4004e00, nfds=1, timeout=-1)
    at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fffeb23b539 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fffeb23b64c in g_main_context_iteration () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff1d1713f in QEventDispatcherGlib::processEvents (this=0x7fffd4000b20, flags=...)
    at kernel/qeventdispatcher_glib.cpp:422
#4  0x00007ffff1cb864a in QEventLoop::exec (this=this@entry=0x7fffe129cd00, flags=..., 
    flags@entry=...) at kernel/qeventloop.cpp:225
#5  0x00007ffff1ae041a in QThread::exec (this=this@entry=0x55555590de10) at thread/qthread.cpp:531
#6  0x00007ffff58da2e5 in QQmlThreadPrivate::run (this=0x55555590de10) at qml/ftw/qqmlthread.cpp:148
#7  0x00007ffff1ae1bc2 in QThreadPrivate::start (arg=0x55555590de10) at thread/qthread_unix.cpp:361
#8  0x00007fffee5f66db in start_thread (arg=0x7fffe129d700) at pthread_create.c:463
#9  0x00007ffff13e188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7fffe2cd2700 (LWP 16919)):
#0  0x00007ffff13d4bf9 in __GI___poll (fds=0x7fffdc003ce0, nfds=3, timeout=-1)
    at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fffeb23b539 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fffeb23b64c in g_main_context_iteration () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff1d1713f in QEventDispatcherGlib::processEvents (this=0x7fffdc000b20, flags=...)
    at kernel/qeventdispatcher_glib.cpp:422
#4  0x00007ffff1cb864a in QEventLoop::exec (this=this@entry=0x7fffe2cd1cf0, flags=..., 
    flags@entry=...) at kernel/qeventloop.cpp:225
#5  0x00007ffff1ae041a in QThread::exec (
    this=this@entry=0x7ffff3035d80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>)
    at thread/qthread.cpp:531
#6  0x00007ffff2dbe015 in QDBusConnectionManager::run (
    this=0x7ffff3035d80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>)
    at qdbusconnection.cpp:178
#7  0x00007ffff1ae1bc2 in QThreadPrivate::start (
    arg=0x7ffff3035d80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>)
    at thread/qthread_unix.cpp:361
#8  0x00007fffee5f66db in start_thread (arg=0x7fffe2cd2700) at pthread_create.c:463
#9  0x00007ffff13e188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7ffff7fa8880 (LWP 16912)):
#0  0x00007fffc51f6ead in QtWaylandClient::QWaylandXdgSurface::setPopup (this=0x5555597059e0, 
    parent=0x55555681e6e0, device=0x555555815410, serial=6806, grab=<optimized out>)
    at qwaylandxdgshell.cpp:348
#1  0x00007fffc51f740a in QtWaylandClient::QWaylandXdgShell::getXdgSurface (this=0x555556050400, 
    window=0x555558864290) at qwaylandxdgshell.cpp:407
#2  0x00007fffe4fbb7d4 in QtWaylandClient::QWaylandWindow::initWindow (this=this@entry=0x555558864290)
    at qwaylandwindow.cpp:142
#3  0x00007fffe4fbbe09 in QtWaylandClient::QWaylandWindow::setVisible (
    this=this@entry=0x555558864290, visible=<optimized out>) at qwaylandwindow.cpp:389
#4  0x00007fffda6a3884 in QtWaylandClient::QWaylandEglWindow::setVisible (this=0x555558864290, 
    visible=<optimized out>)
    at ../../../../hardwareintegration/client/wayland-egl/qwaylandeglwindow.cpp:164
#5  0x00007ffff228d6a4 in QWindowPrivate::setVisible (this=0x55555957d9a0, visible=visible@entry=true)
    at kernel/qwindow.cpp:402
#6  0x00007ffff366dd6d in QWidgetWindow::setNativeWindowVisibility (this=this@entry=0x55555ae21b30, 
    visible=visible@entry=true) at kernel/qwidgetwindow.cpp:205
#7  0x00007ffff3648256 in QWidgetPrivate::show_sys (this=this@entry=0x555559025900)
    at kernel/qwidget.cpp:8105
#8  0x00007ffff36512bb in QWidgetPrivate::show_helper (this=this@entry=0x555559025900)
    at kernel/qwidget.cpp:8028
#9  0x00007ffff36543eb in QWidget::setVisible (this=0x5555590258c0, visible=<optimized out>)
    at kernel/qwidget.cpp:8322
#10 0x00007ffff37889a0 in QMenu::popup (this=0x5555590258c0, p=..., atAction=atAction@entry=0x0)
    at widgets/qmenu.cpp:2596
#11 0x00007fffd15da297 in QMenuProxy::openInternal (this=this@entry=0x555559025760, pos=...)
    at ./src/declarativeimports/plasmacomponents/qmenu.cpp:459
#12 0x00007fffd15db113 in QMenuProxy::openRelative (this=0x555559025760)
    at ./src/declarativeimports/plasmacomponents/qmenu.cpp:429
#13 0x00007fffd15deb15 in QMenuProxy::qt_static_metacall (_o=_o@entry=0x555559025760, 
    _c=_c@entry=QMetaObject::InvokeMetaMethod, _id=_id@entry=12, _a=_a@entry=0x7fffffff5bd0)
    at ./obj-x86_64-linux-gnu/src/declarativeimports/plasmacomponents/plasmacomponentsplugin_autogen/EWIEGA46WW/moc_qmenu.cpp:197
#14 0x00007fffd15df105 in QMenuProxy::qt_metacall (this=0x555559025760, 
    _c=QMetaObject::InvokeMetaMethod, _id=12, _a=0x7fffffff5bd0)
    at ./obj-x86_64-linux-gnu/src/declarativeimports/plasmacomponents/plasmacomponentsplugin_autogen/EWIEGA46WW/moc_qmenu.cpp:380
#15 0x00007ffff582599e in QQmlVMEMetaObject::metaCall (this=0x555559026350, o=<optimized out>, 
    c=QMetaObject::InvokeMetaMethod, _id=17, a=0x7fffffff5bd0) at qml/qqmlvmemetaobject.cpp:981
#16 0x00007ffff587faf9 in QQmlObjectOrGadget::metacall (this=this@entry=0x7fffffff5ec0, 
    type=type@entry=QMetaObject::InvokeMetaMethod, index=<optimized out>, index@entry=17, 
    argv=argv@entry=0x7fffffff5bd0) at qml/qqmlpropertycache.cpp:1735
#17 0x00007ffff578162b in CallMethod (object=..., index=17, returnType=returnType@entry=43, 
    argCount=argCount@entry=0, argTypes=argTypes@entry=0x0, engine=engine@entry=0x55555590ab80, 
    callArgs=0x7fffe065e8a0, callType=QMetaObject::InvokeMetaMethod)
    at jsruntime/qv4qobjectwrapper.cpp:1231
#18 0x00007ffff5783522 in CallPrecise (object=..., data=..., engine=engine@entry=0x55555590ab80, 
    callArgs=callArgs@entry=0x7fffe065e8a0, callType=callType@entry=QMetaObject::InvokeMetaMethod)
    at jsruntime/qv4qobjectwrapper.cpp:1479
#19 0x00007ffff57841ff in QV4::QObjectMethod::callInternal (this=<optimized out>, 
    thisObject=0x7fffe065e888, argv=<optimized out>, argc=<optimized out>)
    at jsruntime/qv4qobjectwrapper.cpp:2017
#20 0x00007ffff58059e7 in QV4::FunctionObject::call (argc=0, argv=0x7fffe065e800, 
    thisObject=0x7fffe065e888, this=<optimized out>) at jsruntime/qv4functionobject_p.h:202
#21 QV4::Runtime::method_callName (engine=0x55555590ab80, nameIndex=266, argv=0x7fffe065e800, argc=0)
    at jsruntime/qv4runtime.cpp:1346
#22 0x00007ffff7feedea in ?? ()
#23 0x0000000000000000 in ?? ()

Comment 1 Matthieu Gras 2019-03-04 17:42:54 UTC

It's a Qt bug
I can reproduce the bug + 

I found a similar bug by doing:
1. open kickoff
3. right click on an item to get a menu
4. Click on Desktop
5. Open kickoff
6. Right click on the same item multiple times

In both bugs Valgrind reports an invalid read of a pointer in Qt.

Comment 2 Patrick Silva 2019-07-01 14:01:26 UTC

This crash is still happening.

Operating System: Arch Linux 
KDE Plasma Version: 5.16.2
KDE Frameworks Version: 5.59.0
Qt Version: 5.13.0

Comment 3 Patrick Silva 2020-01-18 14:02:19 UTC

still reproducible with Plasma 5.18 beta on Arch Linux.

Comment 4 Patrick Silva 2020-09-18 20:13:06 UTC

cannot reproduce. Let's consider this crash fixed.

Operating System: Arch Linux
KDE Plasma Version: 5.19.90
KDE Frameworks Version: 5.74.0
Qt Version: 5.15.1