444015 – plasmashell crashes at showing window thumbnails

Bug 444015 - plasmashell crashes at showing window thumbnails

Summary: plasmashell crashes at showing window thumbnails

Status:	RESOLVED FIXED

Alias:	None

Product:	plasmashell
Classification:	Plasma
Component:	general (show other bugs)
Version:	master
Platform:	openSUSE Linux

Importance:	NOR crash
Target Milestone:	1.0
Assignee:	David Edmundson

URL:
Keywords:	drkonqi

Duplicates (1):	444068 (view as bug list)
Depends on:
Blocks:

Reported:	2021-10-19 04:29 UTC by Fushan Wen
Modified:	2021-10-20 18:16 UTC (History)
CC List:	6 users (show)

See Also:
Latest Commit:	https://invent.kde.org/frameworks/plasma-framework/commit/bd8c296ab79fe00e77aaf3f7b38aff373d9ee6ee
Version Fixed In:
Sentry Crash Report:

Attachments
New crash information added by DrKonqi (23.01 KB, text/plain) 2021-10-19 07:24 UTC, Javier O. Cordero Pérez (Cuperino)	Details
New crash information added by DrKonqi (54.38 KB, text/plain) 2021-10-19 14:59 UTC, Laura David Hurka	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Fushan Wen 2021-10-19 04:29:38 UTC

Application: plasmashell (5.23.80)

Qt Version: 5.15.2
Frameworks Version: 5.88.0
Operating System: Linux 5.14.11-1-default x86_64
Windowing System: X11
Distribution: "openSUSE Tumbleweed"
DrKonqi: 5.23.80 [KCrashBackend]

-- Information about the crash:
- What I was doing when the application crashed:
Start plasmashell.
Wait until the panel appears.
plasmashell crashs.

The crash can be reproduced every time.

-- Backtrace:
Application: Plasma (plasmashell), signal: Segmentation fault
Content of s_kcrashErrorMessage: std::unique_ptr<char []> = {get() = <optimized out>}
[KCrash Handler]
#6  doActivate<false>(QObject*, int, void**) (sender=0x5611d18a7b10, signal_index=3, argv=0x0) at kernel/qobject.h:132
#7  0x00007f93d07b54ff in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (sender=sender@entry=0x5611d18a7b10, m=m@entry=0x7f93d2582800 <QSGTextureProvider::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x0) at kernel/qobject.cpp:3946
#8  0x00007f93d22090f0 in QSGTextureProvider::textureChanged() (this=this@entry=0x5611d18a7b10) at .moc/moc_qsgtextureprovider.cpp:131
#9  0x00007f93ac12a784 in Plasma::WindowTextureProvider::setTexture(QSGTexture*) (texture=<optimized out>, this=0x5611d18a7b10) at /usr/src/debug/plasma-framework-5.88.0git.20211018T112254~9f2d4dcde-ku.5.1.x86_64/src/declarativeimports/core/windowthumbnail.cpp:126
#10 Plasma::WindowThumbnail::iconToTexture(Plasma::WindowTextureProvider*) (this=this@entry=0x5611d185afb0, textureProvider=textureProvider@entry=0x5611d18a7b10) at /usr/src/debug/plasma-framework-5.88.0git.20211018T112254~9f2d4dcde-ku.5.1.x86_64/src/declarativeimports/core/windowthumbnail.cpp:384
#11 0x00007f93ac12ac9b in Plasma::WindowThumbnail::windowToTexture(Plasma::WindowTextureProvider*) (textureProvider=0x5611d18a7b10, this=0x5611d185afb0) at /usr/src/debug/plasma-framework-5.88.0git.20211018T112254~9f2d4dcde-ku.5.1.x86_64/src/declarativeimports/core/windowthumbnail.cpp:520
#12 Plasma::WindowThumbnail::updatePaintNode(QSGNode*, QQuickItem::UpdatePaintNodeData*) (this=0x5611d185afb0, oldNode=0x0, updatePaintNodeData=<optimized out>) at /usr/src/debug/plasma-framework-5.88.0git.20211018T112254~9f2d4dcde-ku.5.1.x86_64/src/declarativeimports/core/windowthumbnail.cpp:317
#13 0x00007f93d22af648 in QQuickWindowPrivate::updateDirtyNode(QQuickItem*) (this=0x5611d0ac62b0, item=0x5611d185afb0) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde29-ku.1.1.x86_64/src/quick/items/qquickwindow.cpp:3872
#14 0x00007f93d22afbeb in QQuickWindowPrivate::updateDirtyNodes() (this=this@entry=0x5611d0ac62b0) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde29-ku.1.1.x86_64/src/quick/items/qquickwindow.cpp:3617
#15 0x00007f93d22b17ec in QQuickWindowPrivate::syncSceneGraph() (this=this@entry=0x5611d0ac62b0) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde29-ku.1.1.x86_64/src/quick/items/qquickwindow.cpp:524
#16 0x00007f93d222e389 in QSGGuiThreadRenderLoop::renderWindow(QQuickWindow*) (this=0x5611cf7bce30, window=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde29-ku.1.1.x86_64/src/quick/scenegraph/qsgrenderloop.cpp:751
#17 0x00007f93d22bfdaf in QQuickWindow::event(QEvent*) (this=0x5611d00d6e30, e=0x7ffec61240b0) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde29-ku.1.1.x86_64/src/quick/items/qquickwindow.cpp:1858
#18 0x00007f93d151ba7f in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x5611d00d6e30, e=0x7ffec61240b0) at kernel/qapplication.cpp:3632
#19 0x00007f93d07859ea in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x5611d00d6e30, event=0x7ffec61240b0) at kernel/qcoreapplication.cpp:1064
#20 0x00007f93d0bcd794 in QPlatformWindow::deliverUpdateRequest() (this=<optimized out>) at kernel/qplatformwindow.cpp:789
#21 QPlatformWindow::windowEvent(QEvent*) (this=<optimized out>, event=<optimized out>) at kernel/qplatformwindow.cpp:476
#22 0x00007f93d1522b76 in QApplication::notify(QObject*, QEvent*) (this=0x7ffec6124700, receiver=0x5611d00d6e30, e=0x7ffec6124340) at kernel/qapplication.cpp:2874
#23 0x00007f93d07859ea in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x5611d00d6e30, event=0x7ffec6124340) at kernel/qcoreapplication.cpp:1064
#24 0x00007f93d07dc25b in QTimerInfoList::activateTimers() (this=this@entry=0x5611cf175c20) at kernel/qtimerinfo_unix.cpp:643
#25 0x00007f93d07dcb04 in timerSourceDispatch(GSource*, GSourceFunc, gpointer) (source=source@entry=0x5611cf175bc0) at kernel/qeventdispatcher_glib.cpp:183
#26 0x00007f93ceaddd5f in g_main_dispatch (context=0x7f93c4005000) at ../glib/gmain.c:3381
#27 g_main_context_dispatch (context=0x7f93c4005000) at ../glib/gmain.c:4099
#28 0x00007f93ceade0e8 in g_main_context_iterate (context=context@entry=0x7f93c4005000, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4175
#29 0x00007f93ceade19f in g_main_context_iteration (context=0x7f93c4005000, may_block=1) at ../glib/gmain.c:4240
#30 0x00007f93d07dcec4 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x5611cf1801b0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#31 0x00007f93d07843eb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffec6124580, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#32 0x00007f93d078c6d0 in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#33 0x00007f93d0bd219c in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1867
#34 0x00007f93d151b9f5 in QApplication::exec() () at kernel/qapplication.cpp:2824
#35 0x00005611ce1113e6 in main(int, char**) (argc=<optimized out>, argv=0x7ffec6124740) at /usr/src/debug/plasma5-workspace-5.23.80git.20211018T145130~d01061522-ku.27.1.x86_64/shell/main.cpp:238
[Inferior 1 (process 2507) detached]

Possible duplicates by query: bug 443961, bug 443838, bug 443825, bug 443823, bug 443782.

Reported using DrKonqi

Comment 1 Bug Janitor Service 2021-10-19 05:09:41 UTC

A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-desktop/-/merge_requests/609

Comment 2 Fushan Wen 2021-10-19 05:26:34 UTC

After updating these packages, the bug occurs:
  kdeclarative-components kdeclarative-devel kwin5 kwin5-devel libKF5CalendarEvents5 libKF5Declarative5 libKF5Plasma5
  libKF5QuickAddons5 plasma-framework plasma-framework-components plasma-framework-devel

Comment 3 Bug Janitor Service 2021-10-19 06:33:30 UTC

A possibly relevant merge request was started @ https://invent.kde.org/frameworks/plasma-framework/-/merge_requests/358

Comment 4 Javier O. Cordero Pérez (Cuperino) 2021-10-19 07:24:03 UTC

Created attachment 142602 [details]
New crash information added by DrKonqi

plasmashell (5.23.0) using Qt 5.15.3

- What I was doing when the application crashed:
Hovering mouse cursor over open app icons from Icons-Only Task Manager. Crashes only when hovering over the icon of an open app, irregardless of whether it's minimized or not.

- Custom settings of the application:
I'm using the Icons-Only variant of the task manger. I have the following KWin desktop effects fully enabled: Invert, Zoom, Desaturate Unresponsive Applications, Fading Popups, Full Screen, Login, Logout, Maximize, Morphing Popups, Mouse Mark, Screen Edge, Sliding popups, Wobbly Windows, Magic Lamp, Dialog Parent, Window Aperture, Slide, Desktop Grid, Present Windows, Glide; and the following partially enabled effects: Background contrast, Blur.

-- Backtrace (Reduced):
#3  0x00007f66df0aa7c4 in Plasma::WindowThumbnail::updatePaintNode(QSGNode*, QQuickItem::UpdatePaintNodeData*) (this=0x56119704cbd0, oldNode=<optimized out>, updatePaintNodeData=<optimized out>) at ./src/declarativeimports/core/windowthumbnail.cpp:327
#4  0x00007f670ac3d380 in QQuickWindowPrivate::updateDirtyNode(QQuickItem*) (this=0x561193a4be10, item=0x56119704cbd0) at items/qquickwindow.cpp:3872
#5  0x00007f670ac3dc3b in QQuickWindowPrivate::updateDirtyNodes() (this=this@entry=0x561193a4be10) at items/qquickwindow.cpp:3617
#6  0x00007f670ac3f330 in QQuickWindowPrivate::syncSceneGraph() (this=this@entry=0x561193a4be10) at items/qquickwindow.cpp:524
#7  0x00007f670abdce97 in QSGRenderThread::sync(bool, bool) (this=this@entry=0x561193ebaf10, inExpose=inExpose@entry=false, inGrab=inGrab@entry=false) at scenegraph/qsgthreadedrenderloop.cpp:647

Comment 5 Nate Graham 2021-10-19 11:44:57 UTC

Git commit bd8c296ab79fe00e77aaf3f7b38aff373d9ee6ee by Nate Graham, on behalf of Vlad Zahorodnii.
Committed on 19/10/2021 at 11:44.
Pushed by ngraham into branch 'master'.

Fix crash in WindowThumbnail::updatePaintNode()

Recently, the WindowThumbnail was changed so it properly discards the
texture provider in the releaseResources() function.

But it appears like there's a case where the releaseResources() function
can be called in the windowToTexture() function, which will result in
use after free bugs.

Based on af5a855da42c3ada2f0e802c68ad8f7c0e73b38e, it looks like the
WindowThumbnail item didn't use QQuickItem::releaseResources() to
properly release its graphics resources. It was checking whether the
texture node still has a texture. If there's no texture, it means that
the texture got discarded and it needs to be re-created; otherwise it
is okay to re-use the old texture.

With QQuickItem::releaseResources(), we don't need that workaround
anymore since QtQuick will call the releaseResources() function whenever
it wants the WindowThumbnail to discard graphics resources.

M  +0    -5    src/declarativeimports/core/windowthumbnail.cpp

https://invent.kde.org/frameworks/plasma-framework/commit/bd8c296ab79fe00e77aaf3f7b38aff373d9ee6ee

Comment 6 Laura David Hurka 2021-10-19 14:59:31 UTC

Created attachment 142630 [details]
New crash information added by DrKonqi

plasmashell (5.23.80) using Qt 5.15.3

- What I was doing when the application crashed:
Move mouse cursor on the task manager.

- Custom settings of the application:
I have the panel on the top, otherwise it is as usual.
When the crash first appeared, I had two windows with the same title (one with <2> appended), and a fullscreen window.

This crash appeared immediately after installing updates and logging in again.

The Alt+Tab task switcher (which also uses thumbnail images) works correctly.

-- Backtrace (Reduced):
#3  0x00007fa598fd17c4 in Plasma::WindowThumbnail::updatePaintNode(QSGNode*, QQuickItem::UpdatePaintNodeData*) (this=0x55ba251e92c0, oldNode=<optimized out>, updatePaintNodeData=<optimized out>) at ./src/declarativeimports/core/windowthumbnail.cpp:327
#4  0x00007fa606c82380 in QQuickWindowPrivate::updateDirtyNode(QQuickItem*) (this=0x55ba23b02970, item=0x55ba251e92c0) at items/qquickwindow.cpp:3872
#5  0x00007fa606c82c3b in QQuickWindowPrivate::updateDirtyNodes() (this=this@entry=0x55ba23b02970) at items/qquickwindow.cpp:3617
#6  0x00007fa606c84330 in QQuickWindowPrivate::syncSceneGraph() (this=this@entry=0x55ba23b02970) at items/qquickwindow.cpp:524
#7  0x00007fa606c21e97 in QSGRenderThread::sync(bool, bool) (this=this@entry=0x55ba24985240, inExpose=inExpose@entry=false, inGrab=inGrab@entry=false) at scenegraph/qsgthreadedrenderloop.cpp:647

Comment 7 Nate Graham 2021-10-20 16:57:09 UTC

Git commit 80928f4344af159f58e61225a02ea7a874cb5493 by Nate Graham, on behalf of Fushan Wen.
Committed on 20/10/2021 at 16:56.
Pushed by ngraham into branch 'master'.

taskmanager: Ensure tooltips are really disabled when "Show tooltips" is unchecked

Before frameworks/plasma-framework!358, if enabled is not set (default
true), when the tooltip is disabled in the settings, plasmashell will
still crash at showing window thumbnails, which means the content in
the tooltip is just not visible, but the relevant code is still
executed.

This ensures tooltips are really disabled when "Show tooltips" is not
checked, which is beneficial for people who want to extend the battery
life or avoid the unresponsiveness caused by tooltips.
Related: bug 444001

M  +2    -1    applets/taskmanager/package/contents/ui/Task.qml

https://invent.kde.org/plasma/plasma-desktop/commit/80928f4344af159f58e61225a02ea7a874cb5493

Comment 8 Nate Graham 2021-10-20 18:16:45 UTC

*** Bug 444068 has been marked as a duplicate of this bug. ***