SUMMARY I was using Plasma 5.18.4.1 on Wayland in the Fedora Rawhide live image Fedora-KDE-Live-x86_64-Rawhide-20200414.n.0.iso which has KF 5.68.0, Qt 5.14.2. I downloaded Firefox Nightly 77.0a1 (2020-4-18). I extracted Firefox using ark 19.12.3. I opened dolphin 19.12.3 on Wayland, and I selected the firefox directory in dolphin. A segmentation fault in kdeinit5 in XRenderHasDepths at Xrender.c:126 in libXrender-0.9.10-11.fc32.x86_64 was shown by dr. konqi. The same crash was shown 4/4 times when I opened the firefox directory in dolphin. The trace has some functions involving thumbnails so some thumbnails in the firefox directory might be involved. Application: kdeinit5 (kdeinit5), signal: Segmentation fault Using host libthread_db library "/lib64/libthread_db.so.1". [Current thread is 1 (Thread 0x7fcbb0939dc0 (LWP 30869))] Thread 14 (Thread 0x7fcb637fe700 (LWP 30882)): #0 0x00007fcbb06bfb00 in QTimerInfoList::repairTimersIfNeeded() () from /lib64/libQt5Core.so.5 #1 0x00007fcbb06bfb97 in QTimerInfoList::timerWait(timespec&) () from /lib64/libQt5Core.so.5 #2 0x00007fcbb06c129e in timerSourcePrepare(_GSource*, int*) () from /lib64/libQt5Core.so.5 #3 0x00007fcbaee85002 in g_main_context_prepare () from /lib64/libglib-2.0.so.0 #4 0x00007fcbaee85a1b in g_main_context_iterate.constprop () from /lib64/libglib-2.0.so.0 #5 0x00007fcbaee85c23 in g_main_context_iteration () from /lib64/libglib-2.0.so.0 #6 0x00007fcbb06c156b in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQt5Core.so.5 #7 0x00007fcbb067430b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQt5Core.so.5 #8 0x00007fcbb04e03d7 in QThread::exec() () from /lib64/libQt5Core.so.5 #9 0x00007fcb9f17c51b in QDBusConnectionManager::run() () from /lib64/libQt5DBus.so.5 #10 0x00007fcbb04e1640 in QThreadPrivate::start(void*) () from /lib64/libQt5Core.so.5 #11 0x00007fcbaf8d4472 in start_thread () from /lib64/libpthread.so.0 #12 0x00007fcbb034c9b3 in clone () from /lib64/libc.so.6 Thread 13 (Thread 0x7fcb63fff700 (LWP 30881)): #0 0x00007fcbaf8dab02 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 #1 0x00007fcb9c04afcb in util_queue_thread_func () from /usr/lib64/dri/radeonsi_dri.so #2 0x00007fcb9c04aa9b in impl_thrd_routine () from /usr/lib64/dri/radeonsi_dri.so #3 0x00007fcbaf8d4472 in start_thread () from /lib64/libpthread.so.0 #4 0x00007fcbb034c9b3 in clone () from /lib64/libc.so.6 Thread 12 (Thread 0x7fcb8cff9700 (LWP 30880)): #0 0x00007fcbaf8dab02 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 #1 0x00007fcb9c04afcb in util_queue_thread_func () from /usr/lib64/dri/radeonsi_dri.so #2 0x00007fcb9c04aa9b in impl_thrd_routine () from /usr/lib64/dri/radeonsi_dri.so #3 0x00007fcbaf8d4472 in start_thread () from /lib64/libpthread.so.0 #4 0x00007fcbb034c9b3 in clone () from /lib64/libc.so.6 Thread 11 (Thread 0x7fcb8d7fa700 (LWP 30879)): #0 0x00007fcbaf8dab02 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 #1 0x00007fcb9c04afcb in util_queue_thread_func () from /usr/lib64/dri/radeonsi_dri.so #2 0x00007fcb9c04aa9b in impl_thrd_routine () from /usr/lib64/dri/radeonsi_dri.so #3 0x00007fcbaf8d4472 in start_thread () from /lib64/libpthread.so.0 #4 0x00007fcbb034c9b3 in clone () from /lib64/libc.so.6 Thread 10 (Thread 0x7fcb8dffb700 (LWP 30878)): #0 0x00007fcbaf8dab02 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 #1 0x00007fcb9c04afcb in util_queue_thread_func () from /usr/lib64/dri/radeonsi_dri.so #2 0x00007fcb9c04aa9b in impl_thrd_routine () from /usr/lib64/dri/radeonsi_dri.so #3 0x00007fcbaf8d4472 in start_thread () from /lib64/libpthread.so.0 #4 0x00007fcbb034c9b3 in clone () from /lib64/libc.so.6 Thread 9 (Thread 0x7fcb8e7fc700 (LWP 30877)): #0 0x00007fcbaf8dab02 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 #1 0x00007fcb9c04afcb in util_queue_thread_func () from /usr/lib64/dri/radeonsi_dri.so #2 0x00007fcb9c04aa9b in impl_thrd_routine () from /usr/lib64/dri/radeonsi_dri.so #3 0x00007fcbaf8d4472 in start_thread () from /lib64/libpthread.so.0 #4 0x00007fcbb034c9b3 in clone () from /lib64/libc.so.6 Thread 8 (Thread 0x7fcb8effd700 (LWP 30876)): #0 0x00007fcbaf8dab02 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 #1 0x00007fcb9c04afcb in util_queue_thread_func () from /usr/lib64/dri/radeonsi_dri.so #2 0x00007fcb9c04aa9b in impl_thrd_routine () from /usr/lib64/dri/radeonsi_dri.so #3 0x00007fcbaf8d4472 in start_thread () from /lib64/libpthread.so.0 #4 0x00007fcbb034c9b3 in clone () from /lib64/libc.so.6 Thread 7 (Thread 0x7fcb8f7fe700 (LWP 30875)): #0 0x00007fcbaf8dab02 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 #1 0x00007fcb9c04afcb in util_queue_thread_func () from /usr/lib64/dri/radeonsi_dri.so #2 0x00007fcb9c04aa9b in impl_thrd_routine () from /usr/lib64/dri/radeonsi_dri.so #3 0x00007fcbaf8d4472 in start_thread () from /lib64/libpthread.so.0 #4 0x00007fcbb034c9b3 in clone () from /lib64/libc.so.6 Thread 6 (Thread 0x7fcb8ffff700 (LWP 30874)): #0 0x00007fcbaf8dab02 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 #1 0x00007fcb9c04afcb in util_queue_thread_func () from /usr/lib64/dri/radeonsi_dri.so #2 0x00007fcb9c04aa9b in impl_thrd_routine () from /usr/lib64/dri/radeonsi_dri.so #3 0x00007fcbaf8d4472 in start_thread () from /lib64/libpthread.so.0 #4 0x00007fcbb034c9b3 in clone () from /lib64/libc.so.6 Thread 5 (Thread 0x7fcb94c58700 (LWP 30873)): #0 0x00007fcbaf8dab02 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 #1 0x00007fcb9c04afcb in util_queue_thread_func () from /usr/lib64/dri/radeonsi_dri.so #2 0x00007fcb9c04aa9b in impl_thrd_routine () from /usr/lib64/dri/radeonsi_dri.so #3 0x00007fcbaf8d4472 in start_thread () from /lib64/libpthread.so.0 #4 0x00007fcbb034c9b3 in clone () from /lib64/libc.so.6 Thread 4 (Thread 0x7fcb95459700 (LWP 30872)): #0 0x00007fcbaf8dab02 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 #1 0x00007fcb9c04afcb in util_queue_thread_func () from /usr/lib64/dri/radeonsi_dri.so #2 0x00007fcb9c04aa9b in impl_thrd_routine () from /usr/lib64/dri/radeonsi_dri.so #3 0x00007fcbaf8d4472 in start_thread () from /lib64/libpthread.so.0 #4 0x00007fcbb034c9b3 in clone () from /lib64/libc.so.6 Thread 3 (Thread 0x7fcb95c5a700 (LWP 30871)): #0 0x00007fcbaf8dab02 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 #1 0x00007fcb9c04afcb in util_queue_thread_func () from /usr/lib64/dri/radeonsi_dri.so #2 0x00007fcb9c04aa9b in impl_thrd_routine () from /usr/lib64/dri/radeonsi_dri.so #3 0x00007fcbaf8d4472 in start_thread () from /lib64/libpthread.so.0 #4 0x00007fcbb034c9b3 in clone () from /lib64/libc.so.6 Thread 2 (Thread 0x7fcb96dba700 (LWP 30870)): #0 0x00007fcbaf8dab02 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 #1 0x00007fcb9c04afcb in util_queue_thread_func () from /usr/lib64/dri/radeonsi_dri.so #2 0x00007fcb9c04aa9b in impl_thrd_routine () from /usr/lib64/dri/radeonsi_dri.so #3 0x00007fcbaf8d4472 in start_thread () from /lib64/libpthread.so.0 #4 0x00007fcbb034c9b3 in clone () from /lib64/libc.so.6 Thread 1 (Thread 0x7fcbb0939dc0 (LWP 30869)): [KCrash Handler] #6 XRenderHasDepths (dpy=0x55bf50a99310) at Xrender.c:126 #7 XRenderExtAddDisplay (extinfo=0x7fcb9d597110 <XRenderExtensionInfo>, ext_name=0x7fcb9d5970f0 <XRenderExtensionName> "RENDER", dpy=0x55bf50a99310) at Xrender.c:202 #8 XRenderFindDisplay (dpy=0x55bf50a99310) at Xrender.c:289 #9 XRenderFindDisplay (dpy=0x55bf50a99310) at Xrender.c:283 #10 0x00007fcb9d592af5 in XRenderQueryExtension (dpy=dpy@entry=0x55bf50a99310, event_basep=event_basep@entry=0x7ffe4d800334, error_basep=error_basep@entry=0x7ffe4d800338) at Xrender.c:311 #11 0x00007fcb61ddbec5 in _XftDisplayInfoGet (dpy=0x55bf50a99310, createIfNecessary=1) at xftdpy.c:99 #12 0x00007fcb61ddc2a9 in _XftDisplayInfoGet (dpy=dpy@entry=0x55bf50a99310, createIfNecessary=createIfNecessary@entry=1) at xftdpy.c:85 #13 0x00007fcb61de0a9e in XftFontInfoFill (dpy=dpy@entry=0x55bf50a99310, pattern=pattern@entry=0x55bf50e84740, fi=fi@entry=0x7ffe4d800460) at xftfreetype.c:367 #14 0x00007fcb61de1360 in XftFontOpenPattern (dpy=0x55bf50a99310, pattern=0x55bf50e84740) at xftfreetype.c:1015 #15 0x00007fcb61ff1c8c in KFI::CFcEngine::getFont (this=this@entry=0x55bf50cdf308, size=size@entry=8) at /usr/src/debug/plasma-desktop-5.18.4.1-1.fc33.x86_64/kcms/kfontinst/lib/FcEngine.cpp:1299 #16 0x00007fcb61ff20e8 in KFI::CFcEngine::queryFont (this=this@entry=0x55bf50cdf308) at /usr/src/debug/plasma-desktop-5.18.4.1-1.fc33.x86_64/kcms/kfontinst/lib/FcEngine.cpp:1233 #17 0x00007fcb61ff28b8 in KFI::CFcEngine::getSizes (this=0x55bf50cdf308) at /usr/src/debug/plasma-desktop-5.18.4.1-1.fc33.x86_64/kcms/kfontinst/lib/FcEngine.cpp:1391 #18 KFI::CFcEngine::getSizes (this=0x55bf50cdf308) at /usr/src/debug/plasma-desktop-5.18.4.1-1.fc33.x86_64/kcms/kfontinst/lib/FcEngine.cpp:1383 #19 0x00007fcb61ff3ed0 in KFI::CFcEngine::draw (this=this@entry=0x55bf50cdf308, name=..., style=style@entry=4294967295, faceNo=faceNo@entry=0, txt=..., bgnd=..., w=128, h=128, thumb=true, range=..., chars=0x0) at /usr/src/debug/plasma-desktop-5.18.4.1-1.fc33.x86_64/kcms/kfontinst/lib/FcEngine.cpp:876 #20 0x00007fcb61ffda1c in KFI::CFontThumbnail::create (this=0x55bf50cdf300, path=..., width=128, height=128, img=...) at /usr/include/qt5/QtCore/qscopedpointer.h:116 #21 0x00007fcbb10e426d in ThumbnailProtocol::createSubThumbnail (this=this@entry=0x7ffe4d800e40, thumbnail=..., filePath=..., segmentWidth=segmentWidth@entry=54, segmentHeight=segmentHeight@entry=34) at /usr/src/debug/kio-extras-19.12.3-1.fc33.x86_64/thumbnail/thumbnail.cpp:727 #22 0x00007fcbb10e458c in ThumbnailProtocol::drawSubThumbnail (this=this@entry=0x7ffe4d800e40, p=..., filePath=..., width=width@entry=54, height=height@entry=34, xPos=xPos@entry=9, yPos=38, frameWidth=2) at /usr/src/debug/kio-extras-19.12.3-1.fc33.x86_64/thumbnail/thumbnail.cpp:759 #23 0x00007fcbb10e4b9a in ThumbnailProtocol::thumbForDirectory (this=this@entry=0x7ffe4d800e40, directory=...) at /usr/src/debug/kio-extras-19.12.3-1.fc33.x86_64/thumbnail/thumbnail.cpp:562 #24 0x00007fcbb10e5d38 in ThumbnailProtocol::get (this=0x7ffe4d800e40, url=...) at /usr/src/debug/kio-extras-19.12.3-1.fc33.x86_64/thumbnail/thumbnail.cpp:238 #25 0x00007fcb9f6ed33e in KIO::SlaveBase::dispatch (this=0x7ffe4d800e40, command=67, data=...) at /usr/src/debug/kf5-kio-5.68.0-1.fc33.x86_64/src/core/slavebase.cpp:1197 #26 0x00007fcb9f6edc26 in KIO::SlaveBase::dispatchLoop (this=0x7ffe4d800e40) at /usr/src/debug/kf5-kio-5.68.0-1.fc33.x86_64/src/core/slavebase.cpp:338 #27 0x00007fcbb10e37a3 in kdemain (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kio-extras-19.12.3-1.fc33.x86_64/thumbnail/thumbnail.cpp:138 #28 0x000055bf4ebc0a3d in launch (argc=4, _name=0x55bf50a67bb8 "/usr/lib64/qt5/plugins/kf5/kio/thumbnail.so", args=<optimized out>, cwd=<optimized out>, envc=0, envs=<optimized out>, reset_env=false, tty=0x0, avoid_loops=false, startup_id_str=0x55bf4ebc4192 "0") at /usr/src/debug/kf5-kinit-5.68.0-1.fc33.x86_64/src/kdeinit/kinit.cpp:708 #29 0x000055bf4ebc1dd8 in handle_launcher_request (sock=8, who=<optimized out>) at /usr/src/debug/kf5-kinit-5.68.0-1.fc33.x86_64/src/kdeinit/kinit.cpp:1146 #30 0x000055bf4ebc240b in handle_requests (waitForPid=0) at /usr/src/debug/kf5-kinit-5.68.0-1.fc33.x86_64/src/kdeinit/kinit.cpp:1339 #31 0x000055bf4ebbe03d in main (argc=5, argv=<optimized out>) at /usr/src/debug/kf5-kinit-5.68.0-1.fc33.x86_64/src/kdeinit/kinit.cpp:1777 [Inferior 1 (process 30869) detached] STEPS TO REPRODUCE 1. Boot Fedora Rawhide KDE Plasma spin live image Fedora-KDE-Live-x86_64-Rawhide-20200414.n.0.iso from https://koji.fedoraproject.org/koji/buildinfo?buildID=1493256 2. sudo dnf upgrade --refresh (in konsole) 3. sudo dnf install kwin-wayland plasma-workspace-wayland 4. Start Plasma System Settings 5. Select Login Screen (SDDM) > Advanced 6. Set Automatically log in to off 7. Close Plasma System Settings 8. Log out of Plasma 9. Log in to Plasma on Wayland 10. download Firefox Nightly 77.0a1 (2020-4-18) from https://www.mozilla.org/en-US/firefox/77.0a1/releasenotes/ 11. Extract Firefox with ark 12. Start dolphin on Wayland 13. Open the firefox directory extracted with ark OBSERVED RESULT kdeinit5 segmentation fault in XRenderHasDepths when using dolphin to open a firefox directory EXPECTED RESULT No crashes would happen. SOFTWARE/OS VERSIONS Linux/KDE Plasma: Fedora Rawhide (available in About System) KDE Plasma Version: 5.18.4.1 KDE Frameworks Version: 5.68.0 Qt Version: 5.14.2 ADDITIONAL INFORMATION
Created attachment 127676 [details] valgrind log when run on kdeinit5 and opening the firefox directory in dolphin Opening /usr/lib64/firefox from firefox-75.0-2.fc33.x86_64 in dolphin led to the same crash, so downloading Firefox Nightly 77.0a1 isn't necessary to reproduce it. I ran valgrind --log-file=valgrind-kdeinit5-dolphin-crash-2.txt /usr/bin/kdeinit5 and opened the Firefox Nightly directory in dolphin. Multiple SIGTERM and SIGALRM were sent to kdeinit5 according to the valgrind log. Several Conditional jump or move depends on uninitialised value(s) messages occurred. An invalid read happened in XAddExtension at InitExt.c:73 in libX11-1.6.9-3.fc32.x86_64. ==38773== Invalid read of size 8 ==38773== at 0x48ED597: XAddExtension (InitExt.c:73) ==38773== by 0x293D7E7C: _XftDisplayInfoGet.part.0 (xftdpy.c:91) ==38773== by 0x293DCA9D: XftFontInfoFill (xftfreetype.c:367) ==38773== by 0x293DD35F: XftFontOpenPattern (xftfreetype.c:1015) ==38773== by 0x289EB0E7: KFI::CFcEngine::queryFont() (FcEngine.cpp:1233) ==38773== by 0x289EB8B7: UnknownInlinedFun (FcEngine.cpp:1391) ==38773== by 0x289EB8B7: KFI::CFcEngine::getSizes() (FcEngine.cpp:1383) ==38773== by 0x289ECECF: KFI::CFcEngine::draw(QString const&, unsigned int, int, QColor const&, QColor const&, int, int, bool, QList<KFI::CFcEngine::TRange> const&, QList<KFI::CFcEngine::TChar>*) (FcEngine.cpp:876) ==38773== by 0x289DFA1B: KFI::CFontThumbnail::create(QString const&, int, int, QImage&) (FontThumbnail.cpp:114) ==38773== by 0x485126C: ThumbnailProtocol::createSubThumbnail(QImage&, QString const&, int, int) (thumbnail.cpp:727) ==38773== by 0x485158B: ThumbnailProtocol::drawSubThumbnail(QPainter&, QString const&, int, int, int, int, int) (thumbnail.cpp:759) ==38773== by 0x4851B99: ThumbnailProtocol::thumbForDirectory(QUrl const&) (thumbnail.cpp:562) ==38773== by 0x4852D37: ThumbnailProtocol::get(QUrl const&) (thumbnail.cpp:238) ==38773== Address 0x6574726f7078655f is not stack'd, malloc'd or (recently) free'd Functions like _XftDisplayInfoGet and lower in the stack showing the invalid read were in the crashing thread of kdeinit5. I'm attaching the valgrind log.
*** This bug has been marked as a duplicate of bug 420166 ***