Bug 472378 - Plasma crashes in TaskManager::LauncherTasksModel::Private::requestRemoveLauncherFromActivities() when unpinning Task Manager shortcut
Summary: Plasma crashes in TaskManager::LauncherTasksModel::Private::requestRemoveLaun...
Status: RESOLVED FIXED
Alias: None
Product: plasmashell
Classification: Plasma
Component: Task Manager and Icons-Only Task Manager (show other bugs)
Version: 5.27.6
Platform: openSUSE Linux
: NOR crash
Target Milestone: 1.0
Assignee: Will
URL:
Keywords: drkonqi
: 412822 460327 483917 (view as bug list)
Depends on:
Blocks:
 
Reported: 2023-07-19 02:23 UTC by Will
Modified: 2024-04-10 19:38 UTC (History)
6 users (show)

See Also:
Latest Commit: https://invent.kde.org/plasma/plasma-workspace/-/commit/6309a138092016b05bee00c76401a199324c8c71
Version Fixed In: 5.27.7

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Will 2023-07-19 02:23:47 UTC 
Application: plasmashell (5.27.6)

Qt Version: 5.15.10
Frameworks Version: 5.108.0
Operating System: Linux 6.4.3-1-default x86_64
Windowing System: X11
Distribution: openSUSE Tumbleweed
DrKonqi: 5.27.6 [CoredumpBackend]

-- Information about the crash:
Unpinned firefox shortcut shortly after launching. Firefox is starting a 2nd taskbar icon due to WMClass not matching. This could possibly be related to the 1st firefox icon disappearing quickly, as the 2nd one is created for the firefox subprocess during launch. And then quickly unpinning the 1st icon from taskbar.

The reporter is unsure if this crash is reproducible.

-- Backtrace:
Application: Plasma (plasmashell), signal: Segmentation fault

           PID: 1556 (plasmashell)
           UID: 1000 (will)
           GID: 1000 (will)
        Signal: 11 (SEGV)
     Timestamp: Tue 2023-07-18 18:59:39 PDT (4min 59s ago)
  Command Line: /usr/bin/plasmashell --no-respawn
    Executable: /usr/bin/plasmashell
 Control Group: /user.slice/user-1000.slice/user@1000.service/session.slice/plasma-plasmashell.service
          Unit: user@1000.service
     User Unit: plasma-plasmashell.service
         Slice: user-1000.slice
     Owner UID: 1000 (will)
       Boot ID: 256ccc6d2bef43d9bee18e809c4d0efa
    Machine ID: 35bbab8c5a0449aeba77a054f0d6bc69
      Hostname: localhost.localdomain
       Storage: /var/lib/systemd/coredump/core.plasmashell.1000.256ccc6d2bef43d9bee18e809c4d0efa.1556.1689731979000000.zst (present)
  Size on Disk: 23.8M
       Message: Process 1556 (plasmashell) of user 1000 dumped core.
                
                Stack trace of thread 1556:
                #0  0x00007f9fc3c97f28 pthread_sigmask@GLIBC_2.2.5 (libc.so.6 + 0x94f28)
                #1  0x00007f9fc3c4154d sigprocmask (libc.so.6 + 0x3e54d)
                #2  0x00007f9fc662c87b _ZN6KCrash15setCrashHandlerEPFviE (libKF5Crash.so.5 + 0x587b)
                #3  0x00007f9fc662ed33 _ZN6KCrash19defaultCrashHandlerEi (libKF5Crash.so.5 + 0x7d33)
                #4  0x00007f9fc3c41330 __restore_rt (libc.so.6 + 0x3e330)
                #5  0x00007f9fc433edc9 _Z5qHashRK7QStringj (libQt5Core.so.5 + 0x13edc9)
                #6  0x00007f9fc4438ff1 _Z5qHashRK4QUrlj (libQt5Core.so.5 + 0x238ff1)
                #7  0x00007f9fbc12c56b n/a (libtaskmanager.so.6 + 0x3756b)
                #8  0x00007f9fbc1322ef _ZN11TaskManager18LauncherTasksModel21requestRemoveLauncherERK4QUrl (libtaskmanager.so.6 + 0x3d2ef)
                #9  0x00007f9fbc1462b5 _ZN11TaskManager10TasksModel21requestRemoveLauncherERK4QUrl (libtaskmanager.so.6 + 0x512b5)
                #10 0x00007f9fbc12a5e8 n/a (libtaskmanager.so.6 + 0x355e8)
                #11 0x00007f9fbc12abd3 _ZN11TaskManager10TasksModel11qt_metacallEN11QMetaObject4CallEiPPv (libtaskmanager.so.6 + 0x35bd3)
                #12 0x00007f9fc5ae1353 n/a (libQt5Qml.so.5 + 0x2e1353)
                #13 0x00007f9fc59bda99 n/a (libQt5Qml.so.5 + 0x1bda99)
                #14 0x00007f9fc59bf73b _ZNK3QV413QObjectMethod12callInternalEPKNS_5ValueES3_i (libQt5Qml.so.5 + 0x1bf73b)
                #15 0x00007f9fc59ee9da _ZN3QV47Runtime18CallPropertyLookup4callEPNS_15ExecutionEngineERKNS_5ValueEjPS4_i (libQt5Qml.so.5 + 0x1ee9da)
                #16 0x00007f9f69bd2688 n/a (n/a + 0x0)
                #17 0x00007f9fc59dfa70 n/a (libQt5Qml.so.5 + 0x1dfa70)
                #18 0x00007f9fc59722a2 _ZN3QV48Function4callEPKNS_5ValueES3_iPKNS_16ExecutionContextE (libQt5Qml.so.5 + 0x1722a2)
                #19 0x00007f9fc5afbf0d _ZN24QQmlJavaScriptExpression8evaluateEPN3QV48CallDataEPb (libQt5Qml.so.5 + 0x2fbf0d)
                #20 0x00007f9fc5aacecf _ZN25QQmlBoundSignalExpression8evaluateEPPv (libQt5Qml.so.5 + 0x2acecf)
                #21 0x00007f9fc5aae0b0 n/a (libQt5Qml.so.5 + 0x2ae0b0)
                #22 0x00007f9fc5ae0e25 _ZN12QQmlNotifier10emitNotifyEP20QQmlNotifierEndpointPPv (libQt5Qml.so.5 + 0x2e0e25)
                #23 0x00007f9fc452508d n/a (libQt5Core.so.5 + 0x32508d)
                #24 0x00007f9fc45257a2 n/a (libQt5Core.so.5 + 0x3257a2)
                #25 0x00007f9fc519e8b2 _ZN7QAction9triggeredEb (libQt5Widgets.so.5 + 0x19e8b2)
                #26 0x00007f9fc51a142f _ZN7QAction8activateENS_11ActionEventE (libQt5Widgets.so.5 + 0x1a142f)
                #27 0x00007f9fc5325ef2 n/a (libQt5Widgets.so.5 + 0x325ef2)
                #28 0x00007f9fc532dd23 n/a (libQt5Widgets.so.5 + 0x32dd23)
                #29 0x00007f9fc51e6d68 _ZN7QWidget5eventEP6QEvent (libQt5Widgets.so.5 + 0x1e6d68)
                #30 0x00007f9fc51a519e _ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent (libQt5Widgets.so.5 + 0x1a519e)
                #31 0x00007f9fc51ad5cf _ZN12QApplication6notifyEP7QObjectP6QEvent (libQt5Widgets.so.5 + 0x1ad5cf)
                #32 0x00007f9fc44ed4f8 _ZN16QCoreApplication15notifyInternal2EP7QObjectP6QEvent (libQt5Core.so.5 + 0x2ed4f8)
                #33 0x00007f9fc51ab92e _ZN19QApplicationPrivate14sendMouseEventEP7QWidgetP11QMouseEventS1_S1_PS1_R8QPointerIS0_Ebb (libQt5Widgets.so.5 + 0x1ab92e)
                #34 0x00007f9fc52002ca n/a (libQt5Widgets.so.5 + 0x2002ca)
                #35 0x00007f9fc5202d1f n/a (libQt5Widgets.so.5 + 0x202d1f)
                #36 0x00007f9fc51a519e _ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent (libQt5Widgets.so.5 + 0x1a519e)
                #37 0x00007f9fc44ed4f8 _ZN16QCoreApplication15notifyInternal2EP7QObjectP6QEvent (libQt5Core.so.5 + 0x2ed4f8)
                #38 0x00007f9fc497d12b _ZN22QGuiApplicationPrivate17processMouseEventEPN29QWindowSystemInterfacePrivate10MouseEventE (libQt5Gui.so.5 + 0x17d12b)
                #39 0x00007f9fc49503ac _ZN22QWindowSystemInterface22sendWindowSystemEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE (libQt5Gui.so.5 + 0x1503ac)
                #40 0x00007f9fc151b1aa n/a (libQt5XcbQpa.so.5 + 0x6d1aa)
                #41 0x00007f9fc2f44988 g_main_context_dispatch (libglib-2.0.so.0 + 0x5d988)
                #42 0x00007f9fc2f44d98 n/a (libglib-2.0.so.0 + 0x5dd98)
                #43 0x00007f9fc2f44e2c g_main_context_iteration (libglib-2.0.so.0 + 0x5de2c)
                #44 0x00007f9fc45464ae _ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE (libQt5Core.so.5 + 0x3464ae)
                #45 0x00007f9fc44ebf8b _ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE (libQt5Core.so.5 + 0x2ebf8b)
                #46 0x00007f9fc44f4420 _ZN16QCoreApplication4execEv (libQt5Core.so.5 + 0x2f4420)
                #47 0x0000557b5d85fa91 n/a (plasmashell + 0x29a91)
                #48 0x00007f9fc3c2abf0 __libc_start_call_main (libc.so.6 + 0x27bf0)
                #49 0x00007f9fc3c2acb9 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x27cb9)
                #50 0x0000557b5d85fe25 n/a (plasmashell + 0x29e25)
                
                Stack trace of thread 1561:
                #0  0x00007f9fc3d0a48f __poll (libc.so.6 + 0x10748f)
                #1  0x00007f9fc2f44d0e n/a (libglib-2.0.so.0 + 0x5dd0e)
                #2  0x00007f9fc2f44e2c g_main_context_iteration (libglib-2.0.so.0 + 0x5de2c)
                #3  0x00007f9fc45464ae _ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE (libQt5Core.so.5 + 0x3464ae)
                #4  0x00007f9fc44ebf8b _ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE (libQt5Core.so.5 + 0x2ebf8b)
                #5  0x00007f9fc4302d5e _ZN7QThread4execEv (libQt5Core.so.5 + 0x102d5e)
                #6  0x00007f9fc5786517 n/a (libQt5DBus.so.5 + 0x1a517)
                #7  0x00007f9fc4303f8d n/a (libQt5Core.so.5 + 0x103f8d)
                #8  0x00007f9fc3c90c64 start_thread (libc.so.6 + 0x8dc64)
                #9  0x00007f9fc3d18550 __clone3 (libc.so.6 + 0x115550)
                
                Stack trace of thread 1564:
                #0  0x00007f9fc3c8d20e __futex_abstimed_wait_common (libc.so.6 + 0x8a20e)
                #1  0x00007f9fc3c8ff50 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x8cf50)
                #2  0x00007f9fb66a16e3 n/a (swrast_dri.so + 0x6a16e3)
                #3  0x00007f9fb610d037 n/a (swrast_dri.so + 0x10d037)
                #4  0x00007f9fc3c90c64 start_thread (libc.so.6 + 0x8dc64)
                #5  0x00007f9fc3d18550 __clone3 (libc.so.6 + 0x115550)
                
                Stack trace of thread 1567:
                #0  0x00007f9fc3c8d20e __futex_abstimed_wait_common (libc.so.6 + 0x8a20e)
                #1  0x00007f9fc3c8ff50 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x8cf50)
                #2  0x00007f9fb66a16e3 n/a (swrast_dri.so + 0x6a16e3)
                #3  0x00007f9fb610d037 n/a (swrast_dri.so + 0x10d037)
                #4  0x00007f9fc3c90c64 start_thread (libc.so.6 + 0x8dc64)
                #5  0x00007f9fc3d18550 __clone3 (libc.so.6 + 0x115550)
                
                Stack trace of thread 1569:
                #0  0x00007f9fc3c8d20e __futex_abstimed_wait_common (libc.so.6 + 0x8a20e)
                #1  0x00007f9fc3c8ff50 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x8cf50)
                #2  0x00007f9fb668db83 n/a (swrast_dri.so + 0x68db83)
                #3  0x00007f9fb610d037 n/a (swrast_dri.so + 0x10d037)
                #4  0x00007f9fc3c90c64 start_thread (libc.so.6 + 0x8dc64)
                #5  0x00007f9fc3d18550 __clone3 (libc.so.6 + 0x115550)
                
                Stack trace of thread 1572:
                #0  0x00007f9fc3c8d20e __futex_abstimed_wait_common (libc.so.6 + 0x8a20e)
                #1  0x00007f9fc3c8ff50 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x8cf50)
                #2  0x00007f9fb60be80b n/a (swrast_dri.so + 0xbe80b)
                #3  0x00007f9fb610d037 n/a (swrast_dri.so + 0x10d037)
                #4  0x00007f9fc3c90c64 start_thread (libc.so.6 + 0x8dc64)
                #5  0x00007f9fc3d18550 __clone3 (libc.so.6 + 0x115550)
                
                Stack trace of thread 1725:
                #0  0x00007f9fc3d0a48f __poll (libc.so.6 + 0x10748f)
                #1  0x00007f9fc2f44d0e n/a (libglib-2.0.so.0 + 0x5dd0e)
                #2  0x00007f9fc2f44e2c g_main_context_iteration (libglib-2.0.so.0 + 0x5de2c)
                #3  0x00007f9fc4546496 _ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE (libQt5Core.so.5 + 0x346496)
                #4  0x00007f9fc44ebf8b _ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE (libQt5Core.so.5 + 0x2ebf8b)
                #5  0x00007f9fc4302d5e _ZN7QThread4execEv (libQt5Core.so.5 + 0x102d5e)
                #6  0x00007f9fc5b42685 n/a (libQt5Qml.so.5 + 0x342685)
                #7  0x00007f9fc4303f8d n/a (libQt5Core.so.5 + 0x103f8d)
                #8  0x00007f9fc3c90c64 start_thread (libc.so.6 + 0x8dc64)
                #9  0x00007f9fc3d18550 __clone3 (libc.so.6 + 0x115550)
                
                Stack trace of thread 1849:
                #0  0x00007f9fc3d0d231 pselect (libc.so.6 + 0x10a231)
                #1  0x00007f9fc22eeb57 n/a (libusbmuxd-2.0.so.6 + 0x4b57)
                #2  0x00007f9fc22ef7c3 n/a (libusbmuxd-2.0.so.6 + 0x57c3)
                #3  0x00007f9fc3c90c64 start_thread (libc.so.6 + 0x8dc64)
                #4  0x00007f9fc3d18550 __clone3 (libc.so.6 + 0x115550)
                
                Stack trace of thread 1565:
                #0  0x00007f9fc3c8d20e __futex_abstimed_wait_common (libc.so.6 + 0x8a20e)
                #1  0x00007f9fc3c8ff50 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x8cf50)
                #2  0x00007f9fb66a16e3 n/a (swrast_dri.so + 0x6a16e3)
                #3  0x00007f9fb610d037 n/a (swrast_dri.so + 0x10d037)
                #4  0x00007f9fc3c90c64 start_thread (libc.so.6 + 0x8dc64)
                #5  0x00007f9fc3d18550 __clone3 (libc.so.6 + 0x115550)
                
                Stack trace of thread 1568:
                #0  0x00007f9fc3c8d20e __futex_abstimed_wait_common (libc.so.6 + 0x8a20e)
                #1  0x00007f9fc3c8ff50 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x8cf50)
                #2  0x00007f9fb668db83 n/a (swrast_dri.so + 0x68db83)
                #3  0x00007f9fb610d037 n/a (swrast_dri.so + 0x10d037)
                #4  0x00007f9fc3c90c64 start_thread (libc.so.6 + 0x8dc64)
                #5  0x00007f9fc3d18550 __clone3 (libc.so.6 + 0x115550)
                
                Stack trace of thread 1566:
                #0  0x00007f9fc3c8d20e __futex_abstimed_wait_common (libc.so.6 + 0x8a20e)
                #1  0x00007f9fc3c8ff50 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x8cf50)
                #2  0x00007f9fb66a16e3 n/a (swrast_dri.so + 0x6a16e3)
                #3  0x00007f9fb610d037 n/a (swrast_dri.so + 0x10d037)
                #4  0x00007f9fc3c90c64 start_thread (libc.so.6 + 0x8dc64)
                #5  0x00007f9fc3d18550 __clone3 (libc.so.6 + 0x115550)
                
                Stack trace of thread 1570:
                #0  0x00007f9fc3c8d20e __futex_abstimed_wait_common (libc.so.6 + 0x8a20e)
                #1  0x00007f9fc3c8ff50 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x8cf50)
                #2  0x00007f9fb668db83 n/a (swrast_dri.so + 0x68db83)
                #3  0x00007f9fb610d037 n/a (swrast_dri.so + 0x10d037)
                #4  0x00007f9fc3c90c64 start_thread (libc.so.6 + 0x8dc64)
                #5  0x00007f9fc3d18550 __clone3 (libc.so.6 + 0x115550)
                
                Stack trace of thread 1571:
                #0  0x00007f9fc3c8d20e __futex_abstimed_wait_common (libc.so.6 + 0x8a20e)
                #1  0x00007f9fc3c8ff50 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x8cf50)
                #2  0x00007f9fb668db83 n/a (swrast_dri.so + 0x68db83)
                #3  0x00007f9fb610d037 n/a (swrast_dri.so + 0x10d037)
                #4  0x00007f9fc3c90c64 start_thread (libc.so.6 + 0x8dc64)
                #5  0x00007f9fc3d18550 __clone3 (libc.so.6 + 0x115550)
                
                Stack trace of thread 1865:
                #0  0x00007f9fc3d0a48f __poll (libc.so.6 + 0x10748f)
                #1  0x00007f9fc2f44d0e n/a (libglib-2.0.so.0 + 0x5dd0e)
                #2  0x00007f9fc2f44e2c g_main_context_iteration (libglib-2.0.so.0 + 0x5de2c)
                #3  0x00007f9fc4546496 _ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE (libQt5Core.so.5 + 0x346496)
                #4  0x00007f9fc44ebf8b _ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE (libQt5Core.so.5 + 0x2ebf8b)
                #5  0x00007f9fc4302d5e _ZN7QThread4execEv (libQt5Core.so.5 + 0x102d5e)
                #6  0x00007f9f84d9bf47 _ZN15KCupsConnection3runEv (libkcupslib.so + 0x20f47)
                #7  0x00007f9fc4303f8d n/a (libQt5Core.so.5 + 0x103f8d)
                #8  0x00007f9fc3c90c64 start_thread (libc.so.6 + 0x8dc64)
                #9  0x00007f9fc3d18550 __clone3 (libc.so.6 + 0x115550)
                ELF object binary architecture: AMD x86-64

[New LWP 1556]
[New LWP 1561]
[New LWP 1564]
[New LWP 1567]
[New LWP 1569]
[New LWP 1572]
[New LWP 1725]
[New LWP 1849]
[New LWP 1565]
[New LWP 1568]
[New LWP 1566]
[New LWP 1570]
[New LWP 1571]
[New LWP 1865]

This GDB supports auto-downloading debuginfo from the following URLs:
  <https://debuginfod.opensuse.org/>
Enable debuginfod for this session? (y or [n]) [answered N; input not from terminal]
Debuginfod has been disabled.
To make this setting permanent, add 'set debuginfod enabled off' to .gdbinit.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/bin/plasmashell --no-respawn'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f9fc3c97f28 in pthread_sigmask@GLIBC_2.2.5 () from /lib64/libc.so.6
[Current thread is 1 (Thread 0x7f9fc1981980 (LWP 1556))]
[Current thread is 13 (Thread 0x7f9f9bfff6c0 (LWP 1571))]

Thread 14 (Thread 0x7f9f85dd36c0 (LWP 1865)):
#0  0x00007f9fc3d0a48f in poll () from /lib64/libc.so.6
#1  0x00007f9fc2f44d0e in ?? () from /lib64/libglib-2.0.so.0
#2  0x00007f9fc2f44e2c in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#3  0x00007f9fc4546496 in QEventDispatcherGlib::processEvents (this=0x7f9f74001370, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#4  0x00007f9fc44ebf8b in QEventLoop::exec (this=this@entry=0x7f9f85dd2bc0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#5  0x00007f9fc4302d5e in QThread::exec (this=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#6  0x00007f9f84d9bf47 in KCupsConnection::run() () from /lib64/libkcupslib.so
#7  0x00007f9fc4303f8d in operator() (__closure=<optimized out>) at thread/qthread_unix.cpp:350
#8  (anonymous namespace)::terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > (t=...) at thread/qthread_unix.cpp:287
#9  QThreadPrivate::start (arg=0x557b5f976e50) at thread/qthread_unix.cpp:310
#10 0x00007f9fc3c90c64 in start_thread () from /lib64/libc.so.6
#11 0x00007f9fc3d18550 in clone3 () from /lib64/libc.so.6

Thread 13 (Thread 0x7f9f9bfff6c0 (LWP 1571)):
#0  0x00007f9fc3c8d20e in __futex_abstimed_wait_common () from /lib64/libc.so.6
#1  0x00007f9fc3c8ff50 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libc.so.6
#2  0x00007f9fb668db83 in ?? () from /usr/lib64/dri/swrast_dri.so
#3  0x00007f9fb610d037 in ?? () from /usr/lib64/dri/swrast_dri.so
#4  0x00007f9fc3c90c64 in start_thread () from /lib64/libc.so.6
#5  0x00007f9fc3d18550 in clone3 () from /lib64/libc.so.6

Thread 12 (Thread 0x7f9fa8bff6c0 (LWP 1570)):
#0  0x00007f9fc3c8d20e in __futex_abstimed_wait_common () from /lib64/libc.so.6
#1  0x00007f9fc3c8ff50 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libc.so.6
#2  0x00007f9fb668db83 in ?? () from /usr/lib64/dri/swrast_dri.so
#3  0x00007f9fb610d037 in ?? () from /usr/lib64/dri/swrast_dri.so
#4  0x00007f9fc3c90c64 in start_thread () from /lib64/libc.so.6
#5  0x00007f9fc3d18550 in clone3 () from /lib64/libc.so.6

Thread 11 (Thread 0x7f9fbce926c0 (LWP 1566)):
#0  0x00007f9fc3c8d20e in __futex_abstimed_wait_common () from /lib64/libc.so.6
#1  0x00007f9fc3c8ff50 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libc.so.6
#2  0x00007f9fb66a16e3 in ?? () from /usr/lib64/dri/swrast_dri.so
#3  0x00007f9fb610d037 in ?? () from /usr/lib64/dri/swrast_dri.so
#4  0x00007f9fc3c90c64 in start_thread () from /lib64/libc.so.6
#5  0x00007f9fc3d18550 in clone3 () from /lib64/libc.so.6

Thread 10 (Thread 0x7f9fb57fe6c0 (LWP 1568)):
#0  0x00007f9fc3c8d20e in __futex_abstimed_wait_common () from /lib64/libc.so.6
#1  0x00007f9fc3c8ff50 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libc.so.6
#2  0x00007f9fb668db83 in ?? () from /usr/lib64/dri/swrast_dri.so
#3  0x00007f9fb610d037 in ?? () from /usr/lib64/dri/swrast_dri.so
#4  0x00007f9fc3c90c64 in start_thread () from /lib64/libc.so.6
#5  0x00007f9fc3d18550 in clone3 () from /lib64/libc.so.6

Thread 9 (Thread 0x7f9fbd6936c0 (LWP 1565)):
#0  0x00007f9fc3c8d20e in __futex_abstimed_wait_common () from /lib64/libc.so.6
#1  0x00007f9fc3c8ff50 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libc.so.6
#2  0x00007f9fb66a16e3 in ?? () from /usr/lib64/dri/swrast_dri.so
#3  0x00007f9fb610d037 in ?? () from /usr/lib64/dri/swrast_dri.so
#4  0x00007f9fc3c90c64 in start_thread () from /lib64/libc.so.6
#5  0x00007f9fc3d18550 in clone3 () from /lib64/libc.so.6

Thread 8 (Thread 0x7f9f867596c0 (LWP 1849)):
#0  0x00007f9fc3d0d231 in pselect () from /lib64/libc.so.6
#1  0x00007f9fc22eeb57 in ?? () from /lib64/libusbmuxd-2.0.so.6
#2  0x00007f9fc22ef7c3 in ?? () from /lib64/libusbmuxd-2.0.so.6
#3  0x00007f9fc3c90c64 in start_thread () from /lib64/libc.so.6
#4  0x00007f9fc3d18550 in clone3 () from /lib64/libc.so.6

Thread 7 (Thread 0x7f9f9a3ff6c0 (LWP 1725)):
#0  0x00007f9fc3d0a48f in poll () from /lib64/libc.so.6
#1  0x00007f9fc2f44d0e in ?? () from /lib64/libglib-2.0.so.0
#2  0x00007f9fc2f44e2c in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#3  0x00007f9fc4546496 in QEventDispatcherGlib::processEvents (this=0x7f9f7c000b70, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#4  0x00007f9fc44ebf8b in QEventLoop::exec (this=this@entry=0x7f9f9a3febe0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#5  0x00007f9fc4302d5e in QThread::exec (this=this@entry=0x557b5f081ac0) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#6  0x00007f9fc5b42685 in QQmlThreadPrivate::run (this=0x557b5f081ac0) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.10+kde26/src/qml/qml/ftw/qqmlthread.cpp:155
#7  0x00007f9fc4303f8d in operator() (__closure=<optimized out>) at thread/qthread_unix.cpp:350
#8  (anonymous namespace)::terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > (t=...) at thread/qthread_unix.cpp:287
#9  QThreadPrivate::start (arg=0x557b5f081ac0) at thread/qthread_unix.cpp:310
#10 0x00007f9fc3c90c64 in start_thread () from /lib64/libc.so.6
#11 0x00007f9fc3d18550 in clone3 () from /lib64/libc.so.6

Thread 6 (Thread 0x7f9f9b7fe6c0 (LWP 1572)):
#0  0x00007f9fc3c8d20e in __futex_abstimed_wait_common () from /lib64/libc.so.6
#1  0x00007f9fc3c8ff50 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libc.so.6
#2  0x00007f9fb60be80b in ?? () from /usr/lib64/dri/swrast_dri.so
#3  0x00007f9fb610d037 in ?? () from /usr/lib64/dri/swrast_dri.so
#4  0x00007f9fc3c90c64 in start_thread () from /lib64/libc.so.6
#5  0x00007f9fc3d18550 in clone3 () from /lib64/libc.so.6

Thread 5 (Thread 0x7f9fb4ffd6c0 (LWP 1569)):
#0  0x00007f9fc3c8d20e in __futex_abstimed_wait_common () from /lib64/libc.so.6
#1  0x00007f9fc3c8ff50 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libc.so.6
#2  0x00007f9fb668db83 in ?? () from /usr/lib64/dri/swrast_dri.so
#3  0x00007f9fb610d037 in ?? () from /usr/lib64/dri/swrast_dri.so
#4  0x00007f9fc3c90c64 in start_thread () from /lib64/libc.so.6
#5  0x00007f9fc3d18550 in clone3 () from /lib64/libc.so.6

Thread 4 (Thread 0x7f9fb5fff6c0 (LWP 1567)):
#0  0x00007f9fc3c8d20e in __futex_abstimed_wait_common () from /lib64/libc.so.6
#1  0x00007f9fc3c8ff50 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libc.so.6
#2  0x00007f9fb66a16e3 in ?? () from /usr/lib64/dri/swrast_dri.so
#3  0x00007f9fb610d037 in ?? () from /usr/lib64/dri/swrast_dri.so
#4  0x00007f9fc3c90c64 in start_thread () from /lib64/libc.so.6
#5  0x00007f9fc3d18550 in clone3 () from /lib64/libc.so.6

Thread 3 (Thread 0x7f9fbde946c0 (LWP 1564)):
#0  0x00007f9fc3c8d20e in __futex_abstimed_wait_common () from /lib64/libc.so.6
#1  0x00007f9fc3c8ff50 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libc.so.6
#2  0x00007f9fb66a16e3 in ?? () from /usr/lib64/dri/swrast_dri.so
#3  0x00007f9fb610d037 in ?? () from /usr/lib64/dri/swrast_dri.so
#4  0x00007f9fc3c90c64 in start_thread () from /lib64/libc.so.6
#5  0x00007f9fc3d18550 in clone3 () from /lib64/libc.so.6

Thread 2 (Thread 0x7f9fbf5e16c0 (LWP 1561)):
#0  0x00007f9fc3d0a48f in poll () from /lib64/libc.so.6
#1  0x00007f9fc2f44d0e in ?? () from /lib64/libglib-2.0.so.0
#2  0x00007f9fc2f44e2c in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#3  0x00007f9fc45464ae in QEventDispatcherGlib::processEvents (this=0x7f9fb8000b70, flags=...) at kernel/qeventdispatcher_glib.cpp:425
#4  0x00007f9fc44ebf8b in QEventLoop::exec (this=this@entry=0x7f9fbf5e0bd0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#5  0x00007f9fc4302d5e in QThread::exec (this=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#6  0x00007f9fc5786517 in ?? () from /lib64/libQt5DBus.so.5
#7  0x00007f9fc4303f8d in operator() (__closure=<optimized out>) at thread/qthread_unix.cpp:350
#8  (anonymous namespace)::terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > (t=...) at thread/qthread_unix.cpp:287
#9  QThreadPrivate::start (arg=0x7f9fc57ff060) at thread/qthread_unix.cpp:310
#10 0x00007f9fc3c90c64 in start_thread () from /lib64/libc.so.6
#11 0x00007f9fc3d18550 in clone3 () from /lib64/libc.so.6

Thread 1 (Thread 0x7f9fc1981980 (LWP 1556)):
[KCrash Handler]
#5  0x00007f9fc433edc9 in qHash (key=..., seed=seed@entry=0) at tools/qhash.cpp:239
#6  0x00007f9fc4438ff1 in qHash (url=..., seed=2132999063) at io/qurl.cpp:4205
#7  0x00007f9fbc12c56b in QHash<QUrl, TaskManager::AppData>::findNode (ahp=0x0, akey=..., this=0x557b5fcf17c8) at /usr/include/qt5/QtCore/qhash.h:946
#8  QHash<QUrl, TaskManager::AppData>::remove (akey=..., this=0x557b5fcf17c8) at /usr/include/qt5/QtCore/qhash.h:818
#9  TaskManager::LauncherTasksModel::Private::requestRemoveLauncherFromActivities (this=0x557b5fcf17a0, url=..., activities=...) at /usr/src/debug/plasma-workspace-5.27.6/libtaskmanager/launchertasksmodel.cpp:259
#10 0x00007f9fbc1322ef in TaskManager::LauncherTasksModel::requestRemoveLauncher (this=<optimized out>, url=...) at /usr/src/debug/plasma-workspace-5.27.6/libtaskmanager/launchertasksmodel.cpp:510
#11 0x00007f9fbc1462b5 in TaskManager::TasksModel::requestRemoveLauncher (this=0x557b5fcbca50, url=...) at /usr/src/debug/plasma-workspace-5.27.6/libtaskmanager/tasksmodel.cpp:1429
#12 0x00007f9fbc12a5e8 in TaskManager::TasksModel::qt_static_metacall (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=0x7ffd9641dc80) at /usr/src/debug/plasma-workspace-5.27.6/build/libtaskmanager/taskmanager_autogen/EWIEGA46WW/moc_tasksmodel.cpp:437
#13 0x00007f9fbc12abd3 in TaskManager::TasksModel::qt_metacall (this=0x557b5fcbca50, _c=QMetaObject::InvokeMetaMethod, _id=27, _a=0x7ffd9641dc80) at /usr/src/debug/plasma-workspace-5.27.6/build/libtaskmanager/taskmanager_autogen/EWIEGA46WW/moc_tasksmodel.cpp:763
#14 0x00007f9fc5ae1353 in QQmlObjectOrGadget::metacall (this=this@entry=0x7ffd9641df10, type=type@entry=QMetaObject::InvokeMetaMethod, index=<optimized out>, index@entry=123, argv=<optimized out>) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.10+kde26/src/qml/qml/qqmlobjectorgadget.cpp:51
#15 0x00007f9fc59bda99 in CallMethod (callType=<optimized out>, callArgs=0x50, engine=<optimized out>, argTypes=<optimized out>, argCount=<optimized out>, returnType=<optimized out>, index=<optimized out>, object=...) at /usr/include/qt5/QtCore/qvarlengtharray.h:189
#16 CallPrecise (object=..., data=..., engine=engine@entry=0x557b5f042da0, callArgs=callArgs@entry=0x7f9fb43be5a0, callType=callType@entry=QMetaObject::InvokeMetaMethod) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.10+kde26/src/qml/jsruntime/qv4qobjectwrapper.cpp:1553
#17 0x00007f9fc59bf73b in CallOverloaded (callType=<optimized out>, propertyCache=<optimized out>, callArgs=<optimized out>, engine=<optimized out>, data=..., object=...) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.10+kde26/src/qml/jsruntime/qv4qobjectwrapper.cpp:1629
#18 QV4::QObjectMethod::callInternal (this=<optimized out>, thisObject=<optimized out>, argv=<optimized out>, argc=<optimized out>) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.10+kde26/src/qml/jsruntime/qv4qobjectwrapper.cpp:2117
#19 0x00007f9fc59ee9da in QV4::FunctionObject::call (argc=1, argv=0x7f9fb43be550, thisObject=0x7f9fb43be538, this=0x7ffd9641e038) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.10+kde26/src/qml/jsruntime/qv4functionobject_p.h:202
#20 QV4::Runtime::CallPropertyLookup::call (engine=0x557b5f042da0, base=..., index=<optimized out>, argv=0x7f9fb43be550, argc=1) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.10+kde26/src/qml/jsruntime/qv4runtime.cpp:1460
#21 0x00007f9f69bd2688 in ?? ()
#22 0x0000000000000000 in ?? ()

Reported using DrKonqi
Comment 1 Will 2023-07-25 06:10:44 UTC 
I've created a test case to reliably reproduce this issue and am preparing a merge request with the fix

As a launcher is removed by url, the ref count decreases until it is deallocated, but the url can be used after free when attempting a remove from appCacheData. 

The issue occurs at launchertasksmodel.cpp:257

launchersOrder.removeAt(row); // Removes one reference, this is the same as 'launcher'
activitiesForLauncher.remove(url); // Can remove last reference if url == launcher and it is not present in appDataCache
appDataCache.remove(launcher); // Uses free'd launcher and crashes
Comment 2 Bug Janitor Service 2023-07-25 06:14:15 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-workspace/-/merge_requests/3105
Comment 3 Will 2023-07-25 06:51:52 UTC 
Git commit 9d9f80149096a04d34cbfdd4310d15e279f32bc3 by Will Horne.
Committed on 25/07/2023 at 08:17.
Pushed by fusionfuture into branch 'Plasma/5.27'.

Fix crash in LauncherTasksModel::Private::requestRemoveLauncherFromActivities

Change the 'launcher' variable from a reference to an
implicit shared copy to avoid a use-after-free error

Add a regression test to launchertasksmodeltest.cpp

M  +29   -0    libtaskmanager/autotests/launchertasksmodeltest.cpp
M  +1    -1    libtaskmanager/launchertasksmodel.cpp

https://invent.kde.org/plasma/plasma-workspace/-/commit/9d9f80149096a04d34cbfdd4310d15e279f32bc3
Comment 4 Fushan Wen 2023-07-25 06:54:09 UTC 
Git commit 6309a138092016b05bee00c76401a199324c8c71 by Fushan Wen, on behalf of Will Horne.
Committed on 25/07/2023 at 08:54.
Pushed by fusionfuture into branch 'master'.

Fix crash in LauncherTasksModel::Private::requestRemoveLauncherFromActivities

Change the 'launcher' variable from a reference to an
implicit shared copy to avoid a use-after-free error

Add a regression test to launchertasksmodeltest.cpp


(cherry picked from commit 9d9f80149096a04d34cbfdd4310d15e279f32bc3)

M  +29   -0    libtaskmanager/autotests/launchertasksmodeltest.cpp
M  +1    -1    libtaskmanager/launchertasksmodel.cpp

https://invent.kde.org/plasma/plasma-workspace/-/commit/6309a138092016b05bee00c76401a199324c8c71
Comment 5 Nate Graham 2024-04-10 19:35:48 UTC 
*** Bug 412822 has been marked as a duplicate of this bug. ***
Comment 6 Nate Graham 2024-04-10 19:35:53 UTC 
*** Bug 483917 has been marked as a duplicate of this bug. ***
Comment 7 Nate Graham 2024-04-10 19:35:55 UTC 
*** Bug 460327 has been marked as a duplicate of this bug. ***