Created attachment 173478 [details]
New crash information added by DrKonqi

DrKonqi auto-attaching complete backtrace.

Searchable backtrace


Thread 1 (Thread 0x7f8486a11340 (LWP 1264)):
[KCrash Handler]
#5  std::__atomic_base<int>::load (this=0x0, __m=std::memory_order::relaxed) at /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/14.2.1/../../../../include/c++/14.2.1/bits/atomic_base.h:501
#6  QAtomicOps<int>::loadRelaxed<int> (_q_value=<error reading variable: Cannot access memory at address 0x0>) at /usr/include/qt6/QtCore/qatomic_cxx11.h:202
#7  QBasicAtomicInteger<int>::loadRelaxed (this=0x0) at /usr/include/qt6/QtCore/qbasicatomic.h:36
#8  QtPrivate::QExplicitlySharedDataPointerV2<QMapData<std::map<Plasma::Containment const*, PanelView*, std::less<Plasma::Containment const*>, std::allocator<std::pair<Plasma::Containment const* const, PanelView*> > > > >::isShared (this=0x55c3adf35578) at /usr/include/qt6/QtCore/qshareddata_impl.h:100
#9  QMap<Plasma::Containment const*, PanelView*>::take (this=0x55c3adf35578, key=<optimized out>) at /usr/include/qt6/QtCore/qmap.h:326
#10 ShellCorona::panelContainmentDestroyed (this=0x55c3adf354f0, obj=0x55c3ae317750) at /data/kde/src/plasma-workspace/shell/shellcorona.cpp:1559
#11 0x00007f848c3a3397 in QtPrivate::QSlotObjectBase::call (this=0x55c3af56c310, r=0x55c3adf354f0, a=0x7fff2c511100, this=<optimized out>, r=<optimized out>, a=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qobjectdefs_impl.h:469
#12 doActivate<false> (sender=<optimized out>, signal_index=<optimized out>, argv=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qobject.cpp:4086
#13 0x00007f848c393fb1 in QObject::destroyed (this=<optimized out>, _t1=<optimized out>) at /usr/src/debug/qt6-base/build/src/corelib/kernel/moc_qobject.cpp:229
#14 0x00007f848f2d215d in Plasma::AppletPrivate::cleanUpAndDelete (this=0x55c3ae2ee710) at /data/kde/src/libplasma/src/plasma/private/applet_p.cpp:174
#15 0x000055c393451a06 in ShellCorona::unload (this=0x55c3adf354f0) at /data/kde/src/plasma-workspace/shell/shellcorona.cpp:972
#16 0x000055c393458c7f in ShellCorona::loadLookAndFeelDefaultLayout (this=0x55c3adf354f0, packageName=<optimized out>) at /data/kde/src/plasma-workspace/shell/shellcorona.cpp:693
#17 0x000055c39349a5fb in PlasmaShellAdaptor::qt_metacall (this=0x55c3ae5ec680, _c=QMetaObject::InvokeMetaMethod, _id=6, _a=0xc252741df652be00) at shell/moc_plasmashelladaptor.cpp:291
#18 0x00007f848cb848bd in QDBusConnectionPrivate::deliverCall (this=this@entry=0x7f8480001690, object=object@entry=0x55c3ae5ec680, msg=..., metaTypes=..., slotIdx=10) at /usr/src/debug/qt6-base/qtbase/src/dbus/qdbusintegrator.cpp:1007
#19 0x00007f848cb8561a in QDBusConnectionPrivate::activateCall (this=0x7f8480001690, object=0x55c3ae5ec680, flags=..., msg=...) at /usr/src/debug/qt6-base/qtbase/src/dbus/qdbusintegrator.cpp:909
#20 0x00007f848cb8f32f in QDBusConnectionPrivate::activateObject (this=0x7f8480001690, node=..., msg=..., pathStartPos=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/dbus/qdbusintegrator.cpp:1484
#21 0x00007f848cb8f37a in QDBusActivateObjectEvent::placeMetaCall (this=0x7f8480009280) at /usr/src/debug/qt6-base/qtbase/src/dbus/qdbusintegrator.cpp:1604
#22 0x00007f848c38d89f in QObject::event (this=0x55c3adf354f0, e=0x7f8480009280) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qobject.cpp:1452
#23 0x00007f848e8fc8cc in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x55c3adf354f0, e=0x7f8480009280) at /usr/src/debug/qt6-base/qtbase/src/widgets/kernel/qapplication.cpp:3287
#24 0x00007f848c345aa8 in QCoreApplication::notifyInternal2 (receiver=0x55c3adf354f0, event=event@entry=0x7f8480009280) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1142
#25 0x00007f848c345e6b in QCoreApplication::sendEvent (receiver=<optimized out>, event=0x7f8480009280) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1583
#26 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x55c3ada95a50) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1940
#27 0x00007f848c5aa00c in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1797
#28 postEventSourceDispatch (s=0x55c3adb36e30) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:244
#29 0x00007f848b7b3299 in g_main_dispatch (context=0x7f8480000f00) at ../glib/glib/gmain.c:3344
#30 0x00007f848b815ec7 in g_main_context_dispatch_unlocked (context=0x7f8480000f00) at ../glib/glib/gmain.c:4152
#31 g_main_context_iterate_unlocked.isra.0 (context=context@entry=0x7f8480000f00, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/glib/gmain.c:4217
#32 0x00007f848b7b2795 in g_main_context_iteration (context=0x7f8480000f00, may_block=1) at ../glib/glib/gmain.c:4282
#33 0x00007f848c5a82bd in QEventDispatcherGlib::processEvents (this=0x55c3ada9b4e0, flags=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:394
#34 0x00007f848c34ff66 in QEventLoop::processEvents (this=0x7fff2c511c30, flags=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventloop.cpp:100
#35 QEventLoop::exec (this=0x7fff2c511c30, flags=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventloop.cpp:182
#36 0x00007f848c34a11d in QCoreApplication::exec () at /usr/src/debug/qt6-base/qtbase/src/corelib/global/qflags.h:74
#37 0x000055c39342a8fc in main (argc=<optimized out>, argv=<optimized out>) at /data/kde/src/plasma-workspace/shell/main.cpp:188

Hm, I can't seem to reproduce this on git master (6.1.90).

This step is a bit unclear to me: "Click somewhere else on the desktop to dismiss the apply dialog" Clicking elsewhere in the desktop (outside the System Settings window) does not dismiss the apply dialog for me. I took this to mean "Click somewhere else in the dimmed part of the window", but that might be my error. Could you clarify?

The attached recording should make it clear.(In reply to cwo from comment #3)
> Hm, I can't seem to reproduce this on git master (6.1.90).
> 
> This step is a bit unclear to me: "Click somewhere else on the desktop to
> dismiss the apply dialog" Clicking elsewhere in the desktop (outside the
> System Settings window) does not dismiss the apply dialog for me. I took
> this to mean "Click somewhere else in the dimmed part of the window", but
> that might be my error. Could you clarify?

I meant click on the Global Theme - System Settings window - on the background where all the theme thumbnails are - that dismisses the apply dialog. If it is still unclear I made a full recording of the crash steps here https://www.mtaiwa.com/images/492889.webm

Thanks! I was missing the final step, which you didn't include in the list of replication steps. At the end, you click on a global theme, and then select "Apply desktop and panel layout" for that theme as well and this time do click apply, then it crashes.

I still can't reproduce the crash though - I even ran plasmashell in gdb to see if it crashes and I just don't get the drkonqui popup. There are a couple of threads being restarted, but otherwise gdb stays silent. Maybe someone else has more luck.

(In reply to cwo from comment #5)
> Thanks! I was missing the final step, which you didn't include in the list
> of replication steps. At the end, you click on a global theme, and then
> select "Apply desktop and panel layout" for that theme as well and this time
> do click apply, then it crashes.
> 
> I still can't reproduce the crash though - I even ran plasmashell in gdb to
> see if it crashes and I just don't get the drkonqui popup. There are a
> couple of threads being restarted, but otherwise gdb stays silent. Maybe
> someone else has more luck.

I can reproduce this reliably with both the self compiled binaries and Arch KDE packages by the way - otherwise I was starting to think compiler optimizations etc may be in play. What version are you running?

Ignore my version ask in prior comment - I see you said you are running on 6.1.90. Maybe then distro/compiler matter?

(In reply to Parag W from comment #7)
> Ignore my version ask in prior comment - I see you said you are running on
> 6.1.90. Maybe then distro/compiler matter?

Might be. This is on Tuxedo, with git master built using kde-builder. I also tried in on a different computer in a neon unstable vm and can't reproduce there either.

Can you try it with a fresh user account, so we can narrow down whether there's a user setting that causes this or whether it happens on default settings as well?

(In reply to cwo from comment #8)
> Can you try it with a fresh user account, so we can narrow down whether
> there's a user setting that causes this or whether it happens on default
> settings as well?

Looks like a compiler/optimization level issue with my build - I nuked everything, created a fresh user account and the crash only happens on my source build plasmashell - i.e. no crash on the Arch packaged one.

Ran it under gdb and under my build which uses - 

cmake-options -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_LINKER=lld -DCMAKE_C_FLAGS="-flto=thin -fuse-ld=lld" -DCMAKE_CXX_FLAGS="-flto=thin -fuse-ld=lld" -DCMAKE_LD_FLAGS="-flto=thin -fuse-ld=lld" 

The crash happens in 

    T take(const Key &key)
    {
        if (!d)
            return T();

  Crash -->      const auto copy = d.isShared() ? *this : QMap(); // keep `key` alive across the detach

And when it crashes 'd' is 0x0 - so the if (!d) line doesn't really get executed.

Recompiled with gcc with lto and mold as the linker and no more crashes - so it is pretty clear that clang is miscompiling QMap::take. I wonder if I should bother filing a bug report - going to be some work creating a reduced test case lol.

Very similar to Bug 492344.

Ran plasmashell via gdb and added a breakpoint on ShellCorona::panelContainmentDestroyed - 

1588	   const auto view = m_panelViews.take(cont);
(gdb) s
QMap<Plasma::Containment const*, PanelView*>::take (this=0x555555b14c38, key=<synthetic pointer>: 0x5555569d3870)
    at /usr/include/qt6/QtCore/qmap.h:323
323	       if (!d)
(gdb) p this
$2 = (QMap<Plasma::Containment const*, PanelView*> * const) 0x555555b14c38
(gdb) p *this
$3 = {d = {d = 0x0}}
(gdb) p m_panelViews
No symbol "m_panelViews" in current context.
(gdb) up
#1  ShellCorona::panelContainmentDestroyed (this=0x555555b14bb0, obj=0x5555569d3870)
    at /data/kde/src/plasma-workspace/shell/shellcorona.cpp:1588
1588	   const auto view = m_panelViews.take(cont);
(gdb) p m_panelViews
$4 = {d = {d = 0x0}}
(gdb) c
Continuing.
qt.core.qobject.connect: QObject::disconnect: Unexpected nullptr parameter

Basically every time ShellCorona::panelContainmentDestroyed is called view = m_panelViews.take(cont) returns null - the view is null and calling disconnect on null view results in  QObject::disconnect: Unexpected nullptr parameter

This doesn't crash because QMap::take saves us with the if (!d) check I guess. But this code needs to be looked at - looks like the view vanishes from m_panelViews before we hit panelContainmentDestroyed - here is a backtrace leading up to that -

#0  ShellCorona::panelContainmentDestroyed (this=0x555555b14730, obj=0x5555561b6460)
    at /data/kde/src/plasma-workspace/shell/shellcorona.cpp:1587
#1  0x00007ffff49a3397 in QtPrivate::QSlotObjectBase::call
    (this=0x555557902b50, r=0x555555b14730, a=0x7fffffffc6f0, this=<optimized out>, r=<optimized out>, a=<optimized out>)
    at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qobjectdefs_impl.h:469
#2  doActivate<false> (sender=<optimized out>, signal_index=<optimized out>, argv=<optimized out>)
    at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qobject.cpp:4086
#3  0x00007ffff4993fb1 in QObject::destroyed (this=<optimized out>, _t1=<optimized out>)
    at /usr/src/debug/qt6-base/build/src/corelib/kernel/moc_qobject.cpp:229
#4  0x00007ffff77c39cd in Plasma::AppletPrivate::cleanUpAndDelete (this=0x555555e8d4d0)
    at /data/kde/src/libplasma/src/plasma/private/applet_p.cpp:174
#5  0x00005555555ff3a7 in ShellCorona::unload (this=0x555555b14730)
    at /data/kde/src/plasma-workspace/shell/shellcorona.cpp:973
#6  0x00005555555de148 in ShellCorona::unload (this=0x555555b14730)
    at /data/kde/src/plasma-workspace/shell/shellcorona.cpp:698
#7  ShellCorona::loadLookAndFeelDefaultLayout (this=0x555555b14730, packageName=<optimized out>)
    at /data/kde/src/plasma-workspace/shell/shellcorona.cpp:694

also, since it trying to destroy panels anyways, it almost look like it's trying to apply the layout anyways, even if the dialog was dismissed, trying to reproduce

A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-workspace/-/merge_requests/4747

can you try https://invent.kde.org/plasma/plasma-workspace/-/merge_requests/4747 ?

Git commit 5141a83c54c76b6a41f7044eec6489ea95dbbe95 by Marco Martin.
Committed on 25/09/2024 at 10:00.
Pushed by mart into branch 'master'.

plasmashell: Check for null view in ShellCorona::panelContainmentDestroyed

when applying a new layout, panelContainmentDestroyed will
be called when m_panelViews is already empty, so we need
to check on auto view = m_panelViews.take(cont);

M  +4    -2    shell/shellcorona.cpp

https://invent.kde.org/plasma/plasma-workspace/-/commit/5141a83c54c76b6a41f7044eec6489ea95dbbe95

Git commit 6d9a3187d071767868f17c7938a79f0fac313234 by Marco Martin.
Committed on 26/09/2024 at 14:03.
Pushed by mart into branch 'Plasma/6.2'.

plasmashell: Check for null view in ShellCorona::panelContainmentDestroyed

when applying a new layout, panelContainmentDestroyed will
be called when m_panelViews is already empty, so we need
to check on auto view = m_panelViews.take(cont);


(cherry picked from commit 5141a83c54c76b6a41f7044eec6489ea95dbbe95)

6d0d96e6 Check for null view in ShellCorona::panelContainmentDestroyed

Co-authored-by: Marco Martin <notmart@gmail.com>

M  +4    -2    shell/shellcorona.cpp

https://invent.kde.org/plasma/plasma-workspace/-/commit/6d9a3187d071767868f17c7938a79f0fac313234