Application: plasmashell (6.3.0) ApplicationNotResponding [ANR]: false Qt Version: 6.8.2 Frameworks Version: 6.11.0 Operating System: Linux 6.14.0-0.rc2.22.fc43.x86_64 x86_64 Windowing System: Wayland Distribution: "Fedora Linux 43 (KDE Plasma Prerelease)" DrKonqi: 6.3.0 [CoredumpBackend] -- Information about the crash: I booted the Fedora Rawhide KDE live image Fedora-KDE-Desktop-Live-Rawhide-20250212.n.0.x86_64.iso on bare metal. Plasma 6.3.0 on Wayland started. I clicked on the Networks icon in the system tray a few times. plasmashell crashed the third time the Networks applet was shown. plasmashell crashed sometimes in QSharedPointer<NetworkManager::Device>::deref with what looked like an invalid pointer this=0x11 in frames 4 to 8. The trace was similar but different at its top to the one at https://bugs.kde.org/show_bug.cgi?id=499218 The problem might be due to a GCC 15 problem with C++ coroutines https://bugs.kde.org/show_bug.cgi?id=499218#c4 The crash can be reproduced sometimes. -- Backtrace (Reduced): #5 QSharedPointer<NetworkManager::Device>::~QSharedPointer (this=<optimized out>, this=<optimized out>) at /usr/include/qt6/QtCore/qsharedpointer_impl.h:284 #6 std::destroy_at<QSharedPointer<NetworkManager::Device> > (__location=0x11) at /usr/include/c++/15/bits/stl_construct.h:88 #7 std::_Destroy<QSharedPointer<NetworkManager::Device> > (__pointer=0x11) at /usr/include/c++/15/bits/stl_construct.h:163 #8 std::_Destroy<QSharedPointer<NetworkManager::Device>*> (__first=0x11, __last=0x7ffc15f9b2711) at /usr/include/c++/15/bits/stl_construct.h:211 #9 std::destroy<QSharedPointer<NetworkManager::Device>*> (__first=<optimized out>, __last=0x7ffc15f9b2711) at /usr/include/c++/15/bits/stl_construct.h:288 Reported using DrKonqi
Created attachment 178233 [details] New crash information added by DrKonqi DrKonqi auto-attaching complete backtrace.
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-nm/-/merge_requests/414
Git commit 1754d67e318fdf73633bf8fd62656df52b823eb8 by Fushan Wen, on behalf of David Edmundson. Committed on 14/02/2025 at 01:11. Pushed by fusionfuture into branch 'master'. Guard more qcoro usages co_await does not disconnect a pending event like It's possible for 'this' to be gone and everything to be in a broken state. Lots of this code continued to process things after DBus replies were invalid. Every usage of co_await needs to either manage the lifespan of all objects used or explicitly check. M +29 -1 libs/handler.cpp https://invent.kde.org/plasma/plasma-nm/-/commit/1754d67e318fdf73633bf8fd62656df52b823eb8
Git commit 2c9a19ee5d14ee828c3e075d041301733e9a76fa by Fushan Wen. Committed on 14/02/2025 at 01:14. Pushed by fusionfuture into branch 'Plasma/6.3'. Guard more qcoro usages co_await does not disconnect a pending event like It's possible for 'this' to be gone and everything to be in a broken state. Lots of this code continued to process things after DBus replies were invalid. Every usage of co_await needs to either manage the lifespan of all objects used or explicitly check. (cherry picked from commit 1754d67e318fdf73633bf8fd62656df52b823eb8) Co-authored-by: David Edmundson <kde@davidedmundson.co.uk> M +29 -1 libs/handler.cpp https://invent.kde.org/plasma/plasma-nm/-/commit/2c9a19ee5d14ee828c3e075d041301733e9a76fa
Created attachment 178676 [details] plasmashell 6.3.1 trace I was using Plasma 6.3.1 on Wayland in a Fedora Rawhide live image on bare metal. I clicked on the Networks icon in the system tray repeatedly. plasmashell crashed in QSharedPointer<NetworkManager::Device>::deref with a trace like I reported here. Thread 1 (Thread 0x7fef7b8c4d80 (LWP 2816)): [KCrash Handler] #4 QSharedPointer<NetworkManager::Device>::deref (this=0x10) at /usr/include/qt6/QtCore/qsharedpointer_impl.h:471 #5 QSharedPointer<NetworkManager::Device>::~QSharedPointer (this=<optimized out>, this=<optimized out>) at /usr/include/qt6/QtCore/qsharedpointer_impl.h:284 #6 std::destroy_at<QSharedPointer<NetworkManager::Device> > (__location=0x10) at /usr/include/c++/15/bits/stl_construct.h:88 #7 std::_Destroy<QSharedPointer<NetworkManager::Device> > (__pointer=0x10) at /usr/include/c++/15/bits/stl_construct.h:163 #8 std::_Destroy<QSharedPointer<NetworkManager::Device>*> (__first=0x10, __last=0x7ffcdb3a7b310) at /usr/include/c++/15/bits/stl_construct.h:211 #9 std::destroy<QSharedPointer<NetworkManager::Device>*> (__first=<optimized out>, __last=0x7ffcdb3a7b310) at /usr/include/c++/15/bits/stl_construct.h:288 #10 QtPrivate::QGenericArrayOps<QSharedPointer<NetworkManager::Device> >::destroyAll (this=0x7ffcdb3a7a40) at /usr/include/qt6/QtCore/qarraydataops.h:377 #11 QArrayDataPointer<QSharedPointer<NetworkManager::Device> >::~QArrayDataPointer (this=<optimized out>, this=<optimized out>) at /usr/include/qt6/QtCore/qarraydatapointer.h:109 #12 QArrayDataPointer<QSharedPointer<NetworkManager::Device> >::~QArrayDataPointer (this=<optimized out>, this=<optimized out>) at /usr/include/qt6/QtCore/qarraydatapointer.h:106 #13 0x00007feebc78ced7 in QList<QSharedPointer<NetworkManager::Device> >::~QList (this=<optimized out>, this=<optimized out>) at /usr/include/qt6/QtCore/qlist.h:83 #14 Handler::requestScanInternal (frame_ptr=0x55ebfbb27b30) at /usr/src/debug/plasma-nm-6.3.1-1.fc43.x86_64/libs/handler.cpp:674 #15 0x00007feebc7999e1 in std::__n4861::coroutine_handle<void>::resume (this=<optimized out>) at /usr/include/c++/15/coroutine:142 #16 QCoro::detail::QCoroDBusPendingReply<QDBusObjectPath>::WaitForFinishedOperation::await_suspend(std::__n4861::coroutine_handle<void>)::{lambda(auto:1*)#1}::operator()<QDBusPendingCallWatcher>(QDBusPendingCallWatcher*) (__closure=<optimized out>, watcher=0x55ebfbe7b820) at /usr/include/qcoro6/qcoro/qcorodbuspendingreply.h:43 #17 QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<QDBusPendingCallWatcher*>, void, QCoro::detail::QCoroDBusPendingReply<>::WaitForFinishedOperation::await_suspend(std::__n4861::coroutine_handle<void>)::{lambda(auto:1*)#1}>::call(QCoro::detail::QCoroDBusPendingReply<>::WaitForFinishedOperation::await_suspend(std::__n4861::coroutine_handle<void>)::{lambda(auto:1*)#1}&, void**)::{lambda()#1}::operator()() const (__closure=<optimized out>) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:141 #18 QtPrivate::FunctorCallBase::call_internal<void, QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<QDBusPendingCallWatcher*>, void, QCoro::detail::QCoroDBusPendingReply<>::WaitForFinishedOperation::await_suspend(std::__n4861::coroutine_handle<void>)::{lambda(auto:1*)#1}>::call(QCoro::detail::QCoroDBusPendingReply<>::WaitForFinishedOperation::await_suspend(std::__n4861::coroutine_handle<void>)::{lambda(auto:1*)#1}&, void**)::{lambda()#1}>(void**, QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<QDBusPendingCallWatcher*>, void, QCoro::detail::QCoroDBusPendingReply<>::WaitForFinishedOperation::await_suspend(std::__n4861::coroutine_handle<void>)::{lambda(auto:1*)#1}>::call(QCoro::detail::QCoroDBusPendingReply<>::WaitForFinishedOperation::await_suspend(std::__n4861::coroutine_handle<void>)::{lambda(auto:1*)#1}&, void**)::{lambda()#1}&&) (args=<optimized out>, fn=...) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:65 #19 QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<QDBusPendingCallWatcher*>, void, QCoro::detail::QCoroDBusPendingReply<>::WaitForFinishedOperation::await_suspend(std::__n4861::coroutine_handle<void>)::{lambda(auto:1*)#1}>::call(QCoro::detail::QCoroDBusPendingReply<>::WaitForFinishedOperation::await_suspend(std::__n4861::coroutine_handle<void>)::{lambda(auto:1*)#1}&, void**) (f=..., arg=<optimized out>) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:140 #20 QtPrivate::FunctorCallable<QCoro::detail::QCoroDBusPendingReply<>::WaitForFinishedOperation::await_suspend(std::__n4861::coroutine_handle<void>)::{lambda(auto:1*)#1}, QDBusPendingCallWatcher*>::call<QtPrivate::List<QDBusPendingCallWatcher*>, void>(QCoro::detail::QCoroDBusPendingReply<>::WaitForFinishedOperation::await_suspend(std::__n4861::coroutine_handle<void>)::{lambda(auto:1*)#1}&, void*, void**) (f=..., arg=<optimized out>) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:362 #21 QtPrivate::QCallableObject<QCoro::detail::QCoroDBusPendingReply<>::WaitForFinishedOperation::await_suspend(std::__n4861::coroutine_handle<void>)::{lambda(auto:1*)#1}, QtPrivate::List<QDBusPendingCallWatcher*>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (which=<optimized out>, this_=<optimized out>, r=<optimized out>, a=<optimized out>, ret=<optimized out>) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:572 #22 0x00007fef7a8c5efa in QtPrivate::QSlotObjectBase::call (this=0x55ebfcd3dcc0, r=0x55ebfbe7b820, a=0x7ffcdb3a7bf0) at /usr/src/debug/qt6-qtbase-6.8.2-3.fc43.x86_64/src/corelib/kernel/qobjectdefs_impl.h:486 #23 doActivate<false> (sender=0x55ebfbe7b820, signal_index=3, argv=argv@entry=0x7ffcdb3a7bf0) at /usr/src/debug/qt6-qtbase-6.8.2-3.fc43.x86_64/src/corelib/kernel/qobject.cpp:4115 #24 0x00007fef7a8bc8a9 in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7fef7aed2f00, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffcdb3a7bf0) at /usr/src/debug/qt6-qtbase-6.8.2-3.fc43.x86_64/src/corelib/kernel/qobject.cpp:4175 #25 0x00007fef7ae83471 in QDBusPendingCallWatcher::finished (this=<optimized out>, _t1=<optimized out>) at /usr/src/debug/qt6-qtbase-6.8.2-3.fc43.x86_64/redhat-linux-build/src/dbus/DBus_autogen/include/moc_qdbuspendingcall.cpp:163 #26 0x00007fef7a8b6a2c in QObject::event (this=<optimized out>, e=<optimized out>) at /usr/src/debug/qt6-qtbase-6.8.2-3.fc43.x86_64/src/corelib/kernel/qobject.cpp:1418 #27 0x00007fef7cb944ca in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib64/libQt6Widgets.so.6 #28 0x00007fef7a85c49c in QCoreApplication::notifyInternal2 (receiver=0x55ebfbe7b820, event=0x7fef6008c500) at /usr/src/debug/qt6-qtbase-6.8.2-3.fc43.x86_64/src/corelib/kernel/qcoreapplication.cpp:1172 #29 0x00007fef7a85c6ed in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>) at /usr/src/debug/qt6-qtbase-6.8.2-3.fc43.x86_64/src/corelib/kernel/qcoreapplication.cpp:1612 #30 0x00007fef7a85ffd0 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, event_type@entry=32751, data=0x55ebf643ec10) at /usr/src/debug/qt6-qtbase-6.8.2-3.fc43.x86_64/src/corelib/kernel/qcoreapplication.cpp:1946 #31 0x00007fef7a8602e0 in QCoreApplication::sendPostedEvents (receiver=<optimized out>, event_type=32751) at /usr/src/debug/qt6-qtbase-6.8.2-3.fc43.x86_64/src/corelib/kernel/qcoreapplication.cpp:1800 #32 0x00007fef7ab5e47f in postEventSourceDispatch (s=0x55ebf6446660) at /usr/src/debug/qt6-qtbase-6.8.2-3.fc43.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:246 #33 0x00007fef790a7f16 in g_main_context_dispatch_unlocked.lto_priv () from /lib64/libglib-2.0.so.0 #34 0x00007fef790b1068 in g_main_context_iterate_unlocked.isra () from /lib64/libglib-2.0.so.0 #35 0x00007fef790b1217 in g_main_context_iteration () from /lib64/libglib-2.0.so.0 #36 0x00007fef7ab5dcc3 in QEventDispatcherGlib::processEvents (this=0x55ebf64474b0, flags=...) at /usr/src/debug/qt6-qtbase-6.8.2-3.fc43.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:399 #37 0x00007fef7a8696d3 in QEventLoop::exec (this=this@entry=0x7ffcdb3a8090, flags=..., flags@entry=...) at /usr/src/debug/qt6-qtbase-6.8.2-3.fc43.x86_64/src/corelib/global/qflags.h:34 #38 0x00007fef7a8651d5 in QCoreApplication::exec () at /usr/src/debug/qt6-qtbase-6.8.2-3.fc43.x86_64/src/corelib/kernel/qcoreapplication.cpp:1515 #39 0x000055ebd3861b26 in main () The patch included in 6.3.1 might not be enough to avoid this crash.