465872 – Plasma keeps crashing

Bug 465872 - Plasma keeps crashing

Summary: Plasma keeps crashing

Status:	RESOLVED DOWNSTREAM

Alias:	None

Product:	plasmashell
Classification:	Plasma
Component:	generic-crash (show other bugs)
Version:	5.27.0
Platform:	openSUSE Linux

Importance:	NOR crash
Target Milestone:	1.0
Assignee:	Plasma Bugs List

URL:	https://bugzilla.suse.com/show_bug.cg...
Keywords:	drkonqi

Depends on:
Blocks:

Reported:	2023-02-16 21:42 UTC by Hans Brage
Modified:	2023-03-03 07:26 UTC (History)
CC List:	7 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
attachment-2084109-0.html (2.22 KB, text/html) 2023-02-17 09:08 UTC, Hans Brage	Details
valgrind of plasmashell (11.51 KB, text/plain) 2023-03-01 09:42 UTC, Jiri Slaby	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Hans Brage 2023-02-16 21:42:40 UTC

Application: plasmashell (5.27.0)

Qt Version: 5.15.8
Frameworks Version: 5.103.0
Operating System: Linux 6.1.10-1-pae i686
Windowing System: X11
Distribution: "openSUSE Tumbleweed"
DrKonqi: 5.27.0 [KCrashBackend]

-- Information about the crash:
Applied regular updates to the system (zypper -dup) and since then plasma keeps crashing with segmentation faults.  Restarts and crashes again.

The crash can be reproduced every time.

-- Backtrace:
Application: Plasma (plasmashell), signal: Segmentation fault

[KCrash Handler]
#5  0xb705c376 in QQmlJavaScriptExpression::DeleteWatcher::wasDeleted() const (this=<optimized out>) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/qml/qqmljavascriptexpression_p.h:230
#6  QQmlPropertyCapture::captureProperty(QObject*, int, int, bool) (this=0x8dc35e5b, o=0x387a3d0, c=-1, n=0, doNotify=false) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/qml/qqmljavascriptexpression.cpp:281
#7  0xb442e75c in QV4::ModelObject::virtualGet(QV4::Managed const*, QV4::PropertyKey, QV4::Value const*, bool*) (m=0xa15c0820, id=..., receiver=0xa15c0820, hasProperty=0x0) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qmlmodels/qqmllistmodel.cpp:1639
#8  0xb6ef2681 in QV4::Object::get(QV4::StringOrSymbol*, bool*, QV4::Value const*) const (receiver=0xa15c0820, hasProperty=0x0, name=<optimized out>, this=0xa15c0820) at ../../include/QtQml/5.15.8/QtQml/private/../../../../../../src/qml/jsruntime/qv4object_p.h:308
#9  QV4::Lookup::getterFallback(QV4::Lookup*, QV4::ExecutionEngine*, QV4::Value const&) (l=0x3877f80, engine=0x18c0a60, object=...) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4lookup.cpp:231
#10 0xb4429b39 in QV4::ModelObject::virtualResolveLookupGetter(QV4::Object const*, QV4::ExecutionEngine*, QV4::Lookup*) (object=0xa15c0788, engine=0x18c0a60, lookup=0x3877f80) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qmlmodels/qqmllistmodel.cpp:1650
#11 0xb6ef378e in QV4::Lookup::getterGeneric(QV4::Lookup*, QV4::ExecutionEngine*, QV4::Value const&) (l=0x3877f80, engine=0x18c0a60, object=...) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4lookup.cpp:144
#12 0xb6f6520c in QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) (frame=0x72023400, engine=0x18c0a60, code=0x920b4c46 ":n:o\030\a:pL\006\026\a:q\030\a\026\t>r\a\026\a:sL\005\026\tp\030\t\026\bx\030\bRH\304\016\002") at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4vme_moth.cpp:641
#13 0xb6f68e3c in QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) (engine=0x18c0a60, frame=0xbff5ce38) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4vme_moth.cpp:466
#14 QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) (frame=0xbff5ce38, engine=0x18c0a60) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4vme_moth.cpp:430
#15 0xb6f13cfe in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) (fo=0xbff5ceb4, thisObject=0xa15c0770, argv=0xa15c0670, argc=0) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4functionobject.cpp:528
#16 0xb6f7a3ea in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const (argc=0, argv=0xa15c0670, thisObject=0xa15c0770, this=0xbff5ceb4) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4functionobject_p.h:202
#17 QV4::Runtime::CallQmlContextPropertyLookup::call(QV4::ExecutionEngine*, unsigned int, QV4::Value*, int) (engine=0x18c0a60, index=26, argv=0xa15c0670, argc=0) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4runtime.cpp:1366
#18 0xb6f66e14 in QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) (frame=0x72023400, engine=0x18c0a60, code=0x920b4531 "\320\016\002") at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4vme_moth.cpp:787
#19 0xb6f68e3c in QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) (engine=0x18c0a60, frame=0xbff5d058) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4vme_moth.cpp:466
#20 QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) (frame=0xbff5d058, engine=0x18c0a60) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4vme_moth.cpp:430
#21 0xb6f13cfe in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) (fo=0xbff5d0d4, thisObject=0xa15c0668, argv=0xa15c0618, argc=3) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4functionobject.cpp:528
#22 0xb6f7a3ea in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const (argc=3, argv=0xa15c0618, thisObject=0xa15c0668, this=0xbff5d0d4) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4functionobject_p.h:202
#23 QV4::Runtime::CallQmlContextPropertyLookup::call(QV4::ExecutionEngine*, unsigned int, QV4::Value*, int) (engine=0x18c0a60, index=89, argv=0xa15c0618, argc=3) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4runtime.cpp:1366
#24 0xb6f66e14 in QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) (frame=0x72023400, engine=0x18c0a60, code=0x920b4ab0 "RH\337\270") at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4vme_moth.cpp:787
#25 0xb6f68e3c in QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) (engine=0x18c0a60, frame=0xbff5d278) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4vme_moth.cpp:466
#26 QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) (frame=0xbff5d278, engine=0x18c0a60) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4vme_moth.cpp:430
#27 0xb6f13cfe in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) (fo=0xbff5d38c, thisObject=0xa15c0538, argv=0xa15c0500, argc=0) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4functionobject.cpp:528
#28 0xb6ed6bc0 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const (this=<optimized out>, thisObject=<optimized out>, argv=<optimized out>, argc=0) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4functionobject_p.h:202
#29 0xb6f656fb in QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) (frame=0x72023400, engine=0x18c0a60, code=0xbff5d488 "`\n\214\001") at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4vme_moth.cpp:757
#30 0xb6f68e3c in QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) (engine=0x18c0a60, frame=0xbff5d488) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4vme_moth.cpp:466
#31 QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) (frame=0xbff5d488, engine=0x18c0a60) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4vme_moth.cpp:430
#32 0xb6f0a261 in QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext const*) (this=0x38783a0, thisObject=0xa15c04e8, argv=0xa15c0500, argc=0, context=0x920c2368) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4function.cpp:69
#33 0xb7061659 in QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) (this=0x3882f00, callData=0xa15c04d0, isUndefined=0x0) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/qml/qqmljavascriptexpression.cpp:212
#34 0xb701ecf3 in QQmlBoundSignalExpression::evaluate(void**) (this=<optimized out>, a=<optimized out>) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/qml/qqmlboundsignal.cpp:224
#35 0xb701f36f in QQmlBoundSignal_callback(QQmlNotifierEndpoint*, void**) (a=0x0, e=0x38830c0) at ../../include/QtQml/5.15.8/QtQml/private/../../../../../../src/qml/qml/qqmlboundsignalexpressionpointer_p.h:69
#36 QQmlBoundSignal_callback(QQmlNotifierEndpoint*, void**) (e=0x38830c0, a=0x0) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/qml/qqmlboundsignal.cpp:341
#37 0xb7042116 in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) (endpoint=<optimized out>, a=0x0) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/qml/qqmlnotifier.cpp:104
#38 0xb7005cb9 in QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) (object=0x3892230, index=3, a=0x0) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/qml/qqmlengine.cpp:834
#39 0xb56ee0ac in doActivate<false>(QObject*, int, void**) (sender=0x3892230, signal_index=3, argv=0x0) at kernel/qobject.cpp:3815
#40 0xb56e76ff in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (sender=<optimized out>, m=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3983
#41 0xb70b5d72 in QQmlComponentAttached::completed() (this=0x3892230) at .moc/moc_qqmlcomponentattached_p.cpp:148
#42 0xb706f05d in QQmlObjectCreator::finalize(QQmlInstantiationInterrupt&) (this=0x387ed40, interrupt=...) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/qml/qqmlobjectcreator.cpp:1441
#43 0xb7016ac6 in QQmlIncubatorPrivate::incubate(QQmlInstantiationInterrupt&) (this=0x1947990, i=...) at /usr/include/qt5/QtCore/qscopedpointer.h:116
#44 0xb7016e66 in QQmlEnginePrivate::incubate(QQmlIncubator&, QQmlContextData*) (this=0x16c8f40, i=..., forContext=0x1947a10) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/qml/qqmlincubator.cpp:89
#45 0xb7010832 in QQmlComponent::create(QQmlIncubator&, QQmlContext*, QQmlContext*) (this=0x3834150, incubator=..., context=<optimized out>, forContext=0x0) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/qml/qqmlcomponent.cpp:1191
#46 0xb7c25207 in KDeclarative::QmlObject::completeInitialization(QHash<QString, QVariant> const&) (initialProperties=..., this=0x194b230) at /usr/src/debug/kdeclarative-5.103.0/src/kdeclarative/qmlobject.cpp:322
#47 KDeclarative::QmlObject::completeInitialization(QHash<QString, QVariant> const&) (this=0x194b230, initialProperties=...) at /usr/src/debug/kdeclarative-5.103.0/src/kdeclarative/qmlobject.cpp:304
#48 0xb7f27a9c in PlasmaQuick::AppletQuickItem::init() (this=<optimized out>) at /usr/src/debug/plasma-framework-5.103.0/src/plasmaquick/appletquickitem.cpp:662
#49 0xa5539eea in AppletInterface::init() (this=0x1947bd0) at /usr/src/debug/plasma-framework-5.103.0/src/scriptengines/qml/plasmoid/appletinterface.cpp:151
#50 0xa553a4e6 in ContainmentInterface::init() (this=0x1947bd0) at /usr/src/debug/plasma-framework-5.103.0/src/scriptengines/qml/plasmoid/containmentinterface.cpp:77
#51 0xb7f26072 in PlasmaQuick::AppletQuickItem::itemChange(QQuickItem::ItemChange, QQuickItem::ItemChangeData const&) (this=0x1947bd0, change=QQuickItem::ItemSceneChange, value=...) at /usr/src/debug/plasma-framework-5.103.0/src/plasmaquick/appletquickitem.cpp:944
#52 0xa5541faa in ContainmentInterface::itemChange(QQuickItem::ItemChange, QQuickItem::ItemChangeData const&) (this=0x1947bd0, change=QQuickItem::ItemSceneChange, value=...) at /usr/src/debug/plasma-framework-5.103.0/src/scriptengines/qml/plasmoid/containmentinterface.cpp:1191
#53 0xb762c3b6 in QQuickItemPrivate::refWindow(QQuickWindow*) (this=0x19145c0, c=0x2e5e4b0) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/quick/items/qquickitem.cpp:3016
#54 0xb762c7be in QQuickItem::setParentItem(QQuickItem*) (this=0x1947bd0, parentItem=0x32cc270) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/quick/items/qquickitem.cpp:2727
#55 0xb7f362d8 in PlasmaQuick::ContainmentViewPrivate::setContainment(Plasma::Containment*) (cont=0x19474b0, this=0x18d0ed0) at /usr/src/debug/plasma-framework-5.103.0/src/plasmaquick/containmentview.cpp:122
#56 PlasmaQuick::ContainmentView::setContainment(Plasma::Containment*) (this=0x2e5e4b0, cont=0x19474b0) at /usr/src/debug/plasma-framework-5.103.0/src/plasmaquick/containmentview.cpp:251
#57 0x0048625f in  ()
#58 0xb56ee3b1 in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0xbff5ec34, r=0x136cf80, this=0x15cf670) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#59 doActivate<false>(QObject*, int, void**) (sender=<optimized out>, signal_index=<optimized out>, argv=0xbff5ec34) at kernel/qobject.cpp:3923
#60 0xb56e76ff in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (sender=<optimized out>, m=<optimized out>, local_signal_index=<optimized out>, argv=0xbff5ec34) at kernel/qobject.cpp:3983
#61 0xb56f2781 in QTimer::timeout(QTimer::QPrivateSignal) (this=0x136cff4, _t1=...) at .moc/moc_qtimer.cpp:205
#62 0xb56f2c01 in QTimer::timerEvent(QTimerEvent*) (e=0xbff5ef4c, this=0x136cff4) at kernel/qtimer.cpp:257
#63 QTimer::timerEvent(QTimerEvent*) (this=0x136cff4, e=0xbff5ef4c) at kernel/qtimer.cpp:252
#64 0xb56e2a13 in QObject::event(QEvent*) (this=0x136cff4, e=0xbff5ef4c) at kernel/qobject.cpp:1369
#65 0xb6523906 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=0x126dc50, receiver=0x136cff4, e=0xbff5ef4c) at kernel/qapplication.cpp:3640
#66 0xb652b566 in QApplication::notify(QObject*, QEvent*) (this=0xbff5f294, receiver=0x136cff4, e=0xbff5ef4c) at kernel/qapplication.cpp:3164
#67 0xb56b422a in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x136cff4, event=0xbff5ef4c) at kernel/qcoreapplication.cpp:1064
#68 0xb56b44b8 in QCoreApplication::sendEvent(QObject*, QEvent*) (receiver=0x136cff4, event=0xbff5ef4c) at kernel/qcoreapplication.cpp:1462
#69 0xb57118ba in QTimerInfoList::activateTimers() (this=0x135f614) at kernel/qtimerinfo_unix.cpp:643
#70 0xb57123dc in timerSourceDispatch (source=<optimized out>) at kernel/qeventdispatcher_glib.cpp:183
#71 idleTimerSourceDispatch(GSource*, GSourceFunc, gpointer) (source=0x13611f0) at kernel/qeventdispatcher_glib.cpp:230
#72 0xb41dcaf5 in g_main_context_dispatch () at /lib/libglib-2.0.so.0
#73 0xb41dced9 in  () at /lib/libglib-2.0.so.0
#74 0xb41dcf84 in g_main_context_iteration () at /lib/libglib-2.0.so.0
#75 0xb5712785 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x1344a40, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#76 0xb0ae8021 in QXcbGlibEventDispatcher::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x1344a40, flags=...) at qxcbeventdispatcher.cpp:143
#77 0xb56b2917 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#78 0xb56bb940 in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#79 0xb5b21e11 in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1870
#80 0xb6523874 in QApplication::exec() () at kernel/qapplication.cpp:2832
#81 0x0045c7dd in  ()
#82 0xb4c23795 in __libc_start_call_main () at /lib/libc.so.6
#83 0xb4c23858 in __libc_start_main_impl () at /lib/libc.so.6
#84 0x0045cbb7 in  ()
[Inferior 1 (process 3423) detached]

Reported using DrKonqi

Comment 1 Fushan Wen 2023-02-17 01:02:42 UTC

Try to delete ~/.cache folder and test again

Comment 2 Hans Brage 2023-02-17 07:08:16 UTC

Tried to remove ~/.cache (renamed it) and then rebooted the system.  
Folder is recreated but plasma still crasches.



Den 2023-02-17 kl. 02:02, skrev Fushan Wen:
> https://bugs.kde.org/show_bug.cgi?id=465872
>
> Fushan Wen <qydwhotmail@gmail.com> changed:
>
>             What    |Removed                     |Added
> ----------------------------------------------------------------------------
>                   CC|                            |qydwhotmail@gmail.com
>
> --- Comment #1 from Fushan Wen <qydwhotmail@gmail.com> ---
> Try to delete ~/.cache folder and test again
>

Comment 3 David Redondo 2023-02-17 08:25:51 UTC

Does it crash right after it is started? Randomly during execution? Or when you do something specifc?

Comment 4 Hans Brage 2023-02-17 09:08:11 UTC

Created attachment 156356 [details]
attachment-2084109-0.html

It crashes shortly after login. I can see that background and desktop icons 
briefly appears and disappears. Then is the crash window displayed for some 
second and I looks like also that application crashes as the window disappears.

Then it looks like it tries to restart itself as I can see objects on 
desktop occasionally flashing and also some crash windows flashing by. 
/var/log/messages also fills up with repeated entries.

To be able to send the report I used the killall and a manual start of plasma.

Den 17 februari 2023 09:30:05 skrev "David Redondo" <bugzilla_noreply@kde.org>:

> https://bugs.kde.org/show_bug.cgi?id=465872
>
> David Redondo <kde@david-redondo.de> changed:
>
>           What    |Removed                     |Added
> ----------------------------------------------------------------------------
>                 CC|                            |kde@david-redondo.de
>
> --- Comment #3 from David Redondo <kde@david-redondo.de> ---
> Does it crash right after it is started? Randomly during execution? Or when you
> do something specifc?
>
> --
> You are receiving this mail because:
> You reported the bug.

Comment 5 Aleksey Kontsevich 2023-02-17 21:39:34 UTC Comment hidden (spam)

I have the same bug after recent openSUSE Tubleweed upgrades: Plasmashell constantly freezes (100% CPU) and crashes.

Comment 6 Nate Graham 2023-02-17 22:55:54 UTC Comment hidden (spam)

Please file a new bug report for that, as there's no way to know it's the same issue without a backtrace of the crash.

Comment 7 Aleksey Kontsevich 2023-02-18 01:51:16 UTC Comment hidden (spam)

(In reply to Nate Graham from comment #6)
> Please file a new bug report for that, as there's no way to know it's the
> same issue without a backtrace of the crash.

Same OS, same kernel, same plasma version, same symptoms, same time! What else?! I reported the bug but kde crash reporter had not uploaded it for some reason - also buggy! ;)

I did kill plasmashell, then deleted ~/.cache, then restarted plasmashell - no freezes observed since then. Will check more tomorrow.

Comment 8 Nate Graham 2023-02-18 02:08:49 UTC Comment hidden (spam)

If you can reproduce it, please get a backtrace and file a new bug report.

Comment 9 Aleksey Kontsevich 2023-02-19 01:38:24 UTC Comment hidden (spam)

(In reply to Nate Graham from comment #8)
> If you can reproduce it, please get a backtrace and file a new bug report.

After cache cleaning it sometimes crashes but now it restarts immediately after the crash so it is less annoying. However crash reporter does not appear now, so I can't report the stack.

Comment 10 Aleksey Kontsevich 2023-02-20 08:00:03 UTC Comment hidden (spam)

(In reply to Aleksey Kontsevich from comment #9)
> (In reply to Nate Graham from comment #8)
> > If you can reproduce it, please get a backtrace and file a new bug report.
> 
> After cache cleaning it sometimes crashes but now it restarts immediately
> after the crash so it is less annoying. However crash reporter does not
> appear now, so I can't report the stack.

Crashes again, workaround helped temporarily.

Comment 11 Aleksey Kontsevich 2023-02-20 12:21:32 UTC Comment hidden (spam)

Now it freezes all the time!!! Every minute!!! 100% CPU load - killing and restart does not help!!! Do something!

Comment 12 Nate Graham 2023-02-21 19:47:11 UTC Comment hidden (spam)

I already told you what you need to do, Aleksey: get a backtrace and submit a new bug report with it, as there is no indication that your issue is the same as this one.

Comment 13 Aleksey Kontsevich 2023-02-21 22:25:28 UTC Comment hidden (spam)

(In reply to Nate Graham from comment #12)
> I already told you what you need to do, 

I already told You that I can't!

>Aleksey: get a backtrace and submit

HOW???!!!  Crash reporter does not appear!

> there is no indication that your issue is the same as this one.

There are a lot of indications the issues is the same:
- Same OS - openSUSE Tumbleweed
- same kernel version
- same plasma version
- same symptoms
- same time it appeared - same OS upgrade in Tumbleweed
!!!!

Comment 14 Nate Graham 2023-02-21 23:09:49 UTC Comment hidden (spam)

See https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports#Retrieving_a_backtrace_using_coredumpctl to get a backtrace of the crash without the wizard appearing.

Please don't add any new comments to this bug report.

Comment 15 Aleksey Kontsevich 2023-02-22 09:09:21 UTC Comment hidden (spam)

> coredumpctl
No coredumps found.

Comment 16 Aleksey Kontsevich 2023-02-22 09:50:31 UTC Comment hidden (spam)

Tried gdb however it does not allow to catch these freezes  - only crashes, no crash yet however.

Comment 17 Aleksey Kontsevich 2023-02-22 09:55:51 UTC Comment hidden (spam)

However found condition when it always crashes/freezes: press Klipper hotkey - to show records at mouse position, switch to cyrillic, type something - to filter records - crash/freeze.

Comment 18 Aleksey Kontsevich 2023-02-22 10:13:59 UTC Comment hidden (spam)

Ha, appeared drkonqi created the bug reports already:

- https://bugs.kde.org/show_bug.cgi?id=465962
- https://bugs.kde.org/show_bug.cgi?id=466236

The latter with debug symbols.

Comment 19 Jiri Slaby 2023-03-01 09:15:54 UTC

For me, it works until I update (only) this:
  glibc              2.36-9.2 -> 2.37-1.4
  glibc-devel        2.36-9.2 -> 2.37-1.4
  glibc-extra        2.36-9.2 -> 2.37-1.4
  glibc-locale       2.36-9.2 -> 2.37-1.4
  glibc-locale-base  2.36-9.2 -> 2.37-1.4

Comment 20 Jiri Slaby 2023-03-01 09:42:57 UTC

Created attachment 156860 [details]
valgrind of plasmashell

> Invalid read of size 4
>    at 0x5686376: UnknownInlinedFun (qqmljavascriptexpression_p.h:230)
>    by 0x5686376: QQmlPropertyCapture::captureProperty(QObject*, int, int, bool) (qqmljavascriptexpression.cpp:281)
>    by 0x831975B: QV4::ModelObject::virtualGet(QV4::Managed const*, QV4::PropertyKey, QV4::Value const*, bool*) (qqmllistmodel.cpp:1639)
>    by 0x551C680: UnknownInlinedFun (qv4object_p.h:308)
>    by 0x551C680: QV4::Lookup::getterFallback(QV4::Lookup*, QV4::ExecutionEngine*, QV4::Value const&) (qv4lookup.cpp:231)
>    by 0x8314B38: QV4::ModelObject::virtualResolveLookupGetter(QV4::Object const*, QV4::ExecutionEngine*, QV4::Lookup*) (qqmllistmodel.cpp:1650)
>    by 0x551D78D: QV4::Lookup::getterGeneric(QV4::Lookup*, QV4::ExecutionEngine*, QV4::Value const&) (qv4lookup.cpp:144)
>    by 0x558F20B: QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) (qv4vme_moth.cpp:641)
>    by 0x5592E3B: UnknownInlinedFun (qv4vme_moth.cpp:466)
>    by 0x5592E3B: QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) (qv4vme_moth.cpp:430)
>    by 0x553DCFD: QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) (qv4functionobject.cpp:528)
>    by 0x55A43E9: UnknownInlinedFun (qv4functionobject_p.h:202)
>    by 0x55A43E9: QV4::Runtime::CallQmlContextPropertyLookup::call(QV4::ExecutionEngine*, unsigned int, QV4::Value*, int) (qv4runtime.cpp:1366)
>    by 0x5590E13: QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) (qv4vme_moth.cpp:787)
>    by 0x5592E3B: UnknownInlinedFun (qv4vme_moth.cpp:466)
>    by 0x5592E3B: QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) (qv4vme_moth.cpp:430)
>    by 0x553DCFD: QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) (qv4functionobject.cpp:528)
>  Address 0x8dc35e63 is not stack'd, malloc'd or (recently) free'd

So it's apparently not even use after free.

Comment 21 Jiri Slaby 2023-03-02 07:46:03 UTC

(In reply to Hans Brage from comment #0)
> #7  0xb442e75c in QV4::ModelObject::virtualGet(QV4::Managed const*,
> QV4::PropertyKey, QV4::Value const*, bool*) (m=0xa15c0820, id=...,
> receiver=0xa15c0820, hasProperty=0x0) at
> /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qmlmodels/
> qqmllistmodel.cpp:1639

ep is corrupted:
1639        if (QQmlEngine *qmlEngine = that->engine()->qmlEngine()) {
1640            QQmlEnginePrivate *ep = QQmlEnginePrivate::get(qmlEngine);
1641            if (ep && ep->propertyCapture) {
1642                    qDebug() << __func__ << ep << ep->propertyCapture;
1643                ep->propertyCapture->captureProperty(that->object(), -1, role->index, /*doNotify=*/ false);
1644            }
1645        }

This prints:
virtualGet 0xb706dff0 0x8dc35e5b

So:
> (gdb) p *(QQmlEnginePrivate *)0xb706dff0
> $3 = {<QJSEnginePrivate> = {<QObjectPrivate> = {<QObjectData> = {_vptr.QObjectData = 0x39e85356, q_ptr = 0x81ffe0f8, parent = 0x1a1265c3, children = {<QListSpecialMethods<QObject*>> = {<No data fields>}, {p = {
>               static shared_null = {ref = {atomic = {_q_value = std::atomic<int> = { -1 }}}, alloc = 0, begin = 0, end = 0, array = {0x0}}, d = 0x4ec8300}, d = 0x4ec8300}}, isWidget = 1, blockSig = 1, wasDeleted = 0,
>         isDeletingChildren = 1, sendChildEvents = 0, receiveChildEvents = 0, isWindow = 0, deleteLaterCalled = 1, unused = 1320052, postedEvents = 1081407109, metaObject = 0x8d08ec83}, extraData = 0xed9c9483,
>       threadData = {<QBasicAtomicPointer<QThreadData>> = {_q_value = std::atomic<QThreadData *> = { 0xe85650ff }}, <No data fields>}, connections = {<QBasicAtomicPointer<QObjectPrivate::ConnectionData>> = {
>           _q_value = std::atomic<QObjectPrivate::ConnectionData *> = { 0xffe076c8 }}, <No data fields>}, {currentChildBeingDeleted = 0x8910c483, declarativeData = 0x8910c483},
>       sharedRefcount = {<QBasicAtomicPointer<QtSharedPointer::ExternalRefCountData>> = {_q_value = std::atomic<QtSharedPointer::ExternalRefCountData *> = { 0x24448bc2 }}, <No data fields>}},
>     mutex = {<QMutex> = {<QBasicMutex> = {d_ptr = {_q_value = std::atomic<QMutexData *> = { 0x75d28510 }}}, <No data fields>}, <No data fields>}, uiLanguage = {d = 0x4c4830b}},
>   static baseModulesUninitialized = false, propertyCapture = 0x8dc35e5b, jsExpressionGuardPool = {d = 0x90002674}, rootContext = 0x5608ec83, profiler = 0x5756e850, outputWarningsToMsgLog = 224, cleanup = 0x4c48310,
>   erroredBindings = 0x8dc35e5b, inProgressCreations = -1879038348, workerScriptEngine = 0xd9ebc031, baseUrl = {d = 0x26748d}, activeObjectCreator = 0x53565755, networkAccessManager = 0xe0f7d7e8,
>   networkAccessManagerFactory = 0x3c381ff, imageProviders = {{d = 0x83001a12, e = 0x83001a12}}, urlInterceptor = 0x748b0cec, scarceResourcesRefCount = 2089493540, importDatabase = {
>     qmldirCache = {<QStringHashBase> = {<No data fields>}, data = {buckets = 0xf6852024, numBuckets = -326927756, size = 1417907464, numBits = -4460}, newedNodes = 0xe85650fd, nodePool = 0xffe07660},
>     filePluginPath = {<QList<QString>> = {<QListSpecialMethods<QString>> = {<No data fields>}, {p = {static shared_null = {ref = {atomic = {_q_value = std::atomic<int> = { -1 }}}, alloc = 0, begin = 0, end = 0,
>               array = {0x0}}, d = 0x8510c483}, d = 0x8510c483}}, <No data fields>}, fileImportPath = {<QList<QString>> = {<QListSpecialMethods<QString>> = {<No data fields>}, {p = {static shared_null = {ref = {
>                 atomic = {_q_value = std::atomic<int> = { -1 }}}, alloc = 0, begin = 0, end = 0, array = {0x0}}, d = 0x833174c0}, d = 0x833174c0}}, <No data fields>}, qmlDirFilesForWhichPluginsHaveBeenLoaded = {
>       q_hash = {{d = 0x838d08ec, e = 0x838d08ec}}}, initializedPlugins = {q_hash = {{d = 0xffeee270, e = 0xffeee270}}}, engine = 0x49e85650}, typeLoader = {m_engine = 0x83ffe076, m_thread = 0xc08510c4,
>     m_mutex = @0xec831774, m_profiler = {d = 0x94838d08}, m_networkReplies = {{d = 0x50ffeee2, e = 0x50ffeee2}}, m_typeCache = {{d = 0x7632e856, e = 0x7632e856}}, m_typeCacheTrimThreshold = -997982240,
>     m_scriptCache = {{d = 0x75c08510, e = 0x75c08510}}, m_qmldirCache = {{d = 0x86f8d13, e = 0x86f8d13}}, m_importDirCache = {f = 0x890cc483, l = 0x5f5e5be8, hash = {{
>           d = 0xb68dc35d <QMenuBar::mousePressEvent(QMouseEvent*)+29>, e = 0xb68dc35d <QMenuBar::mousePressEvent(QMouseEvent*)+29>}}, mx = 0, total = 1443425411},
>     m_importQmlDirCache = {<QStringHashBase> = {<No data fields>}, data = {buckets = 0x56bee857, numBuckets = -997982240, size = 214205200, numBits = -14967}, newedNodes = 0x5d5f5ee8, nodePool = 0x26b48dc3}},
>   offlineStoragePath = {d = 0x0}, uniqueId = 3438013745, incubatorList = {__first = 0x26748d}, incubatorCount = 69485707, incubationController = 0x30440c7, static qml_debugging_enabled = false,
>   networkAccessManagerMutex = {<QBasicMutex> = {d_ptr = {_q_value = std::atomic<QMutexData *> = { 0xc3000000 }}}, <No data fields>}, singletonInstances = {{d = 0x26748d, e = 0x26748d}}, cachedValueTypeInstances = {{
>       d = 0x89565755, e = 0x89565755}}, m_compositeTypes = {{d = 0x25e853c6, e = 0x25e853c6}}, static s_designerMode = false, toDeleteInEngineThread = {_first = 0x81ffe0f7, _last = 0x1a1151c3, _flag = 0,
>     _count = 376848768}}

Many values/pointers are 0x8dc35e5b or -1879038348/0x90002674 or 0xc483ffe0/-997982240 or their combination. That is obviously bogus.

Comment 22 Jiri Slaby 2023-03-02 07:51:28 UTC

(In reply to Jiri Slaby from comment #21)
> ep is corrupted:
> 1639        if (QQmlEngine *qmlEngine = that->engine()->qmlEngine()) {
> 1640            QQmlEnginePrivate *ep = QQmlEnginePrivate::get(qmlEngine);
> 1641            if (ep && ep->propertyCapture) {
> 1642                    qDebug() << __func__ << ep << ep->propertyCapture;
> 1643                ep->propertyCapture->captureProperty(that->object(), -1,
> role->index, /*doNotify=*/ false);
> 1644            }
> 1645        }
> 
> This prints:
> virtualGet 0xb706dff0 0x8dc35e5b
...
> Many values/pointers are 0x8dc35e5b or -1879038348/0x90002674 or
> 0xc483ffe0/-997982240 or their combination. That is obviously bogus.

Ah, because it's not ep at that location -- 0xb706dff0 is code, not data:
> (gdb) x/24x 0xb706dff0
> 0xb706dff0 <_ZN20QQmlDelayedCallQueue11qt_metacastEPKc>:        0x39e85356      0x81ffe0f8      0x1a1265c3      0x04ec8300
> 0xb706e000 <_ZN20QQmlDelayedCallQueue11qt_metacastEPKc+16>:     0x1424748b      0x4074f685      0x8d08ec83      0xed9c9483
> 0xb706e010 <_ZN20QQmlDelayedCallQueue11qt_metacastEPKc+32>:     0xe85650ff      0xffe076c8      0x8910c483      0x24448bc2
> 0xb706e020 <_ZN20QQmlDelayedCallQueue11qt_metacastEPKc+48>:     0x75d28510      0x04c4830b      0x8dc35e5b      0x90002674
> 0xb706e030 <_ZN20QQmlDelayedCallQueue11qt_metacastEPKc+64>:     0x5608ec83      0x5756e850      0xc483ffe0      0x04c48310
> 0xb706e040 <_ZN20QQmlDelayedCallQueue11qt_metacastEPKc+80>:     0x8dc35e5b      0x90002674      0xd9ebc031      0x0026748d

Comment 23 Jiri Slaby 2023-03-02 09:37:58 UTC

(In reply to Jiri Slaby from comment #22)
> Ah, because it's not ep at that location -- 0xb706dff0 is code, not data:

So:
================ ExecutionEngine::setQmlEngine(this=0xb59250) sets m_qmlEngine to 0xb7b73c
<no other setQmlEngine() here>
virtualGet that=0x9fbc0820
        eng=0xb59250
        qeng=0xb7208f08

I.e. ExecutionEngine is created by new(), 0xb7b73c is set as m_qmlEngine. Nothing else sets m_qmlEngine during runtime and then it crashes. At that point, the engine is still the one created earlier (0xb59250), but its m_qmlEngine is suddenly 0xb7208f08 (a pointer to the code). This really looks like a memory corruption.

Note that when I set up a breakpoint in ExecutionEngine::setQmlEngine, the issue doesn't occur. So it is likely racy on the top of the above. (I wanted to add a "watch" to ExecutionEngine::m_qmlEngine there to see who overwrites that.

Maybe we should continue in downstream (openSUSE miscompilation) or upstream (qt bug).

Comment 24 Fabian Vogt 2023-03-02 09:58:54 UTC

(In reply to Jiri Slaby from comment #23)
> (In reply to Jiri Slaby from comment #22)
> > Ah, because it's not ep at that location -- 0xb706dff0 is code, not data:
> 
> So:
> ================ ExecutionEngine::setQmlEngine(this=0xb59250) sets
> m_qmlEngine to 0xb7b73c
> <no other setQmlEngine() here>
> virtualGet that=0x9fbc0820
>         eng=0xb59250
>         qeng=0xb7208f08
> 
> I.e. ExecutionEngine is created by new(), 0xb7b73c is set as m_qmlEngine.
> Nothing else sets m_qmlEngine during runtime and then it crashes. At that
> point, the engine is still the one created earlier (0xb59250), but its
> m_qmlEngine is suddenly 0xb7208f08 (a pointer to the code). This really
> looks like a memory corruption.
> 
> Note that when I set up a breakpoint in ExecutionEngine::setQmlEngine, the
> issue doesn't occur. So it is likely racy on the top of the above. (I wanted
> to add a "watch" to ExecutionEngine::m_qmlEngine there to see who overwrites
> that.
> 
> Maybe we should continue in downstream (openSUSE miscompilation) or upstream
> (qt bug).

Can you try a hardware watchpoint on that location before the corruption happens, i.e. `watch -l m_qmlEngine`?

Comment 25 Jiri Slaby 2023-03-03 07:01:08 UTC

(In reply to Jiri Slaby from comment #23)
> Maybe we should continue in downstream (openSUSE miscompilation) or upstream
> (qt bug).

Resolved downstream by dropping non-sse2 builds of qt libraries (which are apparently broken), see the downstream bug. https://bugzilla.suse.com/show_bug.cgi?id=1208188

Comment 26 Aleksey Kontsevich 2023-03-03 07:17:10 UTC

(In reply to Jiri Slaby from comment #25)
> (In reply to Jiri Slaby from comment #23)
> > Maybe we should continue in downstream (openSUSE miscompilation) or upstream
> > (qt bug).
> 
> Resolved downstream by dropping non-sse2 builds of qt libraries (which are
> apparently broken), see the downstream bug.
> https://bugzilla.suse.com/show_bug.cgi?id=1208188

They said it is a different bug! https://bugzilla.suse.com/show_bug.cgi?id=1208188#c12

Comment 27 Fabian Vogt 2023-03-03 07:23:09 UTC

This bug report is specific to 32bit x86. If you see something on x86_64, that's a different bug.

Please do not reopen this bug.

Comment 28 Aleksey Kontsevich 2023-03-03 07:26:06 UTC

(In reply to Fabian Vogt from comment #27)
> This bug report is specific to 32bit x86. If you see something on x86_64,
> that's a different bug.
> 
> Please do not reopen this bug.

Ah sorry, not mine, mine is: https://bugs.kde.org/show_bug.cgi?id=466236