Created attachment 1583412 [details] trace of plasmashell segmentation fault in Plasma 5.15.5 on Wayland with Qt 5.12.4 Description of problem: I saw segmentation faults of plasmashell in wl_proxy_set_queue at wayland-client.c:2094 in libwayland-client in Plasma 5.15.5 on Wayland with Qt 5.12.4 in Fedora 30. These crashes occurred on startup of one session, and once in another session. These crashes started right after I updated from Qt 5.12.1 to 5.12.4 from koji along with the dependent Plasma and KF5 rebuilds. drkonqi wouldn't allow me to submit the attached trace which had the following segmentation fault and crashing thread. Application: Plasma (plasmashell), signal: Segmentation fault Using host libthread_db library "/lib64/libthread_db.so.1". futex_wait_cancelable (private=0, expected=0, futex_word=0x5653f336ece4) at ../sysdeps/unix/sysv/linux/futex-internal.h:88 88 int err = lll_futex_timed_wait (futex_word, expected, NULL, private); [Current thread is 1 (Thread 0x7f61ca7bbd00 (LWP 1499))] Thread 22 (Thread 0x7f616a7f9700 (LWP 1746)): [KCrash Handler] #6 0x00007f61c81846f9 in wl_proxy_set_queue (proxy=0x0, queue=0x5653f2af0370) at src/wayland-client.c:2094 #7 0x00007f61b78f2b50 in QtWaylandClient::QWaylandWindow::waitForFrameSync (this=0x5653f3779360, timeout=100) at qwaylandwindow.cpp:646 #8 0x00007f61b4b4f022 in QtWaylandClient::QWaylandGLContext::swapBuffers (this=0x5653f361ac70, surface=<optimized out>) at ../../../../hardwareintegration/client/wayland-egl/qwaylandglcontext.cpp:566 #9 0x00007f61c8c98441 in QOpenGLContext::swapBuffers (this=0x5653f3930280, surface=<optimized out>) at kernel/qopenglcontext.cpp:1115 #10 0x00007f61ca4b7401 in QSGRenderThread::syncAndRender (this=this@entry=0x5653f3915590) at scenegraph/qsgthreadedrenderloop.cpp:652 #11 0x00007f61ca4bb168 in QSGRenderThread::run (this=0x5653f3915590) at scenegraph/qsgthreadedrenderloop.cpp:730 #12 0x00007f61c86e2786 in QThreadPrivate::start (arg=0x5653f3915590) at thread/qthread_unix.cpp:361 #13 0x00007f61c7b455a2 in start_thread (arg=<optimized out>) at pthread_create.c:486 #14 0x00007f61c8358303 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 I think that the segmentation faults might've been due to null pointer dereferences since proxy=0x0 in the wl_proxy_set_queue call, and proxy was dereferenced at wayland-client:2095 as proxy->queue without checking if proxy was null and queue was not null as shown in the wl_proxy_set_queue function. 2091 WL_EXPORT void 2092 wl_proxy_set_queue(struct wl_proxy *proxy, struct wl_event_queue *queue) 2093 { 2094 if (queue) 2095 proxy->queue = queue; 2096 else 2097 proxy->queue = &proxy->display->default_queue; 2098 } qt5-qtwayland functions at #7-8 in the crashing thread and other qt5 functions lower in the stack might be involved. Version-Release number of selected component (if applicable): kf5-kwayland-0:5.59.0-2.fc30.x86_64 libwayland-client-0:1.17.0-1.fc30.x86_64 plasma-workspace-0:5.15.5-1.fc30.x86_64 qt5-qtwayland-0:5.12.4-1.fc30.x86_64 How reproducible: I've seen of crashes of plasmashell in wl_proxy_set_queue at wayland-client.c:2094 at least two times in three Plasma on Wayland sessions since upgrading to Qt 5.12.4. Steps to Reproduce: 1. Boot F30 Plasma spin fully updated with updates-testing enabled 2. Log in to Plasma on Wayland from sddm 3. if qt5-qtnetworkauth is installed, sudo dnf remove qt5-qtnetworkauth (due to dnf dependency problems since qt5-qtnetworkauth-5.12.4 was not available on koji) 4. dnf upgrade to qt5 5.12.4 with dependent Plasma and kf5 rebuilds from koji 5. reboot 6. Log in to Plasma on Wayland 7. coredumpctl 8. coredumpctl debug 9. gnome-abrt Actual results: Crashes of plasmashell in Plasma on Wayland with Qt 5.12.4. Expected results: No crashes. Additional info: I haven't seen any such crashes in Plasma on X with Qt 5.12.4. I reported the crashes at https://bugs.kde.org/show_bug.cgi?id=409021
plasmashell restarted after these crashes, but the application menu in the task bar, the menu in konsole, and the menu when right clicking didn't show up properly. I ran plasmashell under valgrind by editing /etc/xdg/autostart/org.kde.plasmashell.desktop like - Exec=plasmashell + Exec=valgrind --log-file=valgrind-plasmashell-wayland-3.txt --track-origins=yes plasmashell and then logging into Plasma on Wayland from sddm. A segmentation fault in ksplashqml in wl_proxy_set_queue at wayland-client.c:2094 was shown in drkonqi while the splash screen was being shown one such session. The trace of the crashing thread was similar if not the same as in the plasmashell crash I reported. Application: ksplashqml (ksplashqml), signal: Segmentation fault Using host libthread_db library "/lib64/libthread_db.so.1". futex_wait_cancelable (private=0, expected=0, futex_word=0x559d747f9c10) at ../sysdeps/unix/sysv/linux/futex-internal.h:88 88 int err = lll_futex_timed_wait (futex_word, expected, NULL, private); [Current thread is 1 (Thread 0x7f09a1d39840 (LWP 4083))] Thread 12 (Thread 0x7f09617e2700 (LWP 4114)): [KCrash Handler] #7 0x00007f09a09336f9 in wl_proxy_set_queue (proxy=0x0, queue=0x559d74782e40) at src/wayland-client.c:2094 #8 0x00007f098f901b50 in QtWaylandClient::QWaylandWindow::waitForFrameSync (this=0x559d74700940, timeout=100) at qwaylandwindow.cpp:646 #9 0x00007f098e5d6022 in QtWaylandClient::QWaylandGLContext::swapBuffers (this=0x559d7477fe40, surface=<optimized out>) at ../../../../hardwareintegration/client/wayland-egl/qwaylandglcontext.cpp:566 #10 0x00007f09a194f441 in QOpenGLContext::swapBuffers (this=0x559d742d9a30, surface=<optimized out>) at kernel/qopenglcontext.cpp:1115 #11 0x00007f09a20ae401 in QSGRenderThread::syncAndRender (this=this@entry=0x559d747f8b50) at scenegraph/qsgthreadedrenderloop.cpp:652 #12 0x00007f09a20b2168 in QSGRenderThread::run (this=0x559d747f8b50) at scenegraph/qsgthreadedrenderloop.cpp:730 #13 0x00007f09a1399786 in QThreadPrivate::start (arg=0x559d747f8b50) at thread/qthread_unix.cpp:361 #14 0x00007f09a052c5a2 in start_thread (arg=<optimized out>) at pthread_create.c:486 #15 0x00007f09a100f303 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 An invalid read and write in wl_proxy_unref at wayland-client.c:229-230 were in the valgrind log which appear to be use-after-free errors since they both have lines like Address 0xac4affc is 44 bytes inside a block of size 72 free'd. These invalid read/writes might be involved in the segmentation faults as they appear to involve the proxy in wayland-client.c. ==8545== Invalid read of size 4 ==8545== at 0x736BBB4: wl_proxy_unref (wayland-client.c:229) ==8545== by 0x736BCB3: destroy_queued_closure (wayland-client.c:291) ==8545== by 0x736BEC7: dispatch_event.isra.0 (wayland-client.c:1436) ==8545== by 0x736D46B: dispatch_queue (wayland-client.c:1576) ==8545== by 0x736D46B: wl_display_dispatch_queue_pending (wayland-client.c:1818) ==8545== by 0x736D8AA: wl_display_roundtrip_queue (wayland-client.c:1241) ==8545== by 0x4A7AB73: KWayland::Client::ConnectionThread::roundtrip() (connection_thread.cpp:290) ==8545== by 0x1806A189: KWaylandIntegration::init() (kwaylandintegration.cpp:74) ==8545== by 0x180500C0: KdePlatformTheme::KdePlatformTheme() (kdeplatformtheme.cpp:84) ==8545== by 0x1806CDFA: KdePlatformThemePlugin::create(QString const&, QStringList const&) (main.cpp:37) ==8545== by 0x659BE88: QPlatformTheme* qLoadPlugin<QPlatformTheme, QPlatformThemePlugin, QStringList&>(QFactoryLoader const*, QString const&, QStringList&) (qfactoryloader_p.h:108) ==8545== by 0x659B825: QPlatformThemeFactory::create(QString const&, QString const&) (qplatformthemefactory.cpp:73) ==8545== by 0x65A4A0F: init_platform (qguiapplication.cpp:1247) ==8545== by 0x65A4A0F: QGuiApplicationPrivate::createPlatformIntegration() (qguiapplication.cpp:1392) ==8545== Address 0xac4affc is 44 bytes inside a block of size 72 free'd ==8545== at 0x4839A0C: free (vg_replace_malloc.c:540) ==8545== by 0x4A91C14: destroy (wayland_pointer_p.h:63) ==8545== by 0x4A91C14: KWayland::Client::Registry::Private::globalSync(void*, wl_callback*, unsigned int) (registry.cpp:539) ==8545== by 0x8596B27: ffi_call_unix64 (unix64.S:76) ==8545== by 0x8596338: ffi_call (ffi64.c:525) ==8545== by 0x736F606: wl_closure_invoke (connection.c:1014) ==8545== by 0x736BF17: dispatch_event.isra.0 (wayland-client.c:1430) ==8545== by 0x736D46B: dispatch_queue (wayland-client.c:1576) ==8545== by 0x736D46B: wl_display_dispatch_queue_pending (wayland-client.c:1818) ==8545== by 0x736D8AA: wl_display_roundtrip_queue (wayland-client.c:1241) ==8545== by 0x4A7AB73: KWayland::Client::ConnectionThread::roundtrip() (connection_thread.cpp:290) ==8545== by 0x1806A189: KWaylandIntegration::init() (kwaylandintegration.cpp:74) ==8545== by 0x180500C0: KdePlatformTheme::KdePlatformTheme() (kdeplatformtheme.cpp:84) ==8545== by 0x1806CDFA: KdePlatformThemePlugin::create(QString const&, QStringList const&) (main.cpp:37) ==8545== Block was alloc'd at ==8545== at 0x483AB1A: calloc (vg_replace_malloc.c:762) ==8545== by 0x736BD42: UnknownInlinedFun (wayland-private.h:236) ==8545== by 0x736BD42: proxy_create.isra.0 (wayland-client.c:421) ==8545== by 0x736C42B: create_outgoing_proxy (wayland-client.c:650) ==8545== by 0x736C42B: wl_proxy_marshal_array_constructor_versioned (wayland-client.c:735) ==8545== by 0x736C782: wl_proxy_marshal_constructor (wayland-client.c:824) ==8545== by 0x4A920BD: wl_display_sync (wayland-client-protocol.h:958) ==8545== by 0x4A920BD: KWayland::Client::Registry::create(wl_display*) (registry.cpp:470) ==8545== by 0x4A9213A: KWayland::Client::Registry::create(KWayland::Client::ConnectionThread*) (registry.cpp:479) ==8545== by 0x1806A10D: KWaylandIntegration::init() (kwaylandintegration.cpp:56) ==8545== by 0x180500C0: KdePlatformTheme::KdePlatformTheme() (kdeplatformtheme.cpp:84) ==8545== by 0x1806CDFA: KdePlatformThemePlugin::create(QString const&, QStringList const&) (main.cpp:37) ==8545== by 0x659BE88: QPlatformTheme* qLoadPlugin<QPlatformTheme, QPlatformThemePlugin, QStringList&>(QFactoryLoader const*, QString const&, QStringList&) (qfactoryloader_p.h:108) ==8545== by 0x659B825: QPlatformThemeFactory::create(QString const&, QString const&) (qplatformthemefactory.cpp:73) ==8545== by 0x65A4A0F: init_platform (qguiapplication.cpp:1247) ==8545== by 0x65A4A0F: QGuiApplicationPrivate::createPlatformIntegration() (qguiapplication.cpp:1392) ==8545== ==8545== Invalid write of size 4 ==8545== at 0x736BBBE: wl_proxy_unref (wayland-client.c:230) ==8545== by 0x736BCB3: destroy_queued_closure (wayland-client.c:291) ==8545== by 0x736BEC7: dispatch_event.isra.0 (wayland-client.c:1436) ==8545== by 0x736D46B: dispatch_queue (wayland-client.c:1576) ==8545== by 0x736D46B: wl_display_dispatch_queue_pending (wayland-client.c:1818) ==8545== by 0x736D8AA: wl_display_roundtrip_queue (wayland-client.c:1241) ==8545== by 0x4A7AB73: KWayland::Client::ConnectionThread::roundtrip() (connection_thread.cpp:290) ==8545== by 0x1806A189: KWaylandIntegration::init() (kwaylandintegration.cpp:74) ==8545== by 0x180500C0: KdePlatformTheme::KdePlatformTheme() (kdeplatformtheme.cpp:84) ==8545== by 0x1806CDFA: KdePlatformThemePlugin::create(QString const&, QStringList const&) (main.cpp:37) ==8545== by 0x659BE88: QPlatformTheme* qLoadPlugin<QPlatformTheme, QPlatformThemePlugin, QStringList&>(QFactoryLoader const*, QString const&, QStringList&) (qfactoryloader_p.h:108) ==8545== by 0x659B825: QPlatformThemeFactory::create(QString const&, QString const&) (qplatformthemefactory.cpp:73) ==8545== by 0x65A4A0F: init_platform (qguiapplication.cpp:1247) ==8545== by 0x65A4A0F: QGuiApplicationPrivate::createPlatformIntegration() (qguiapplication.cpp:1392) ==8545== Address 0xac4affc is 44 bytes inside a block of size 72 free'd ==8545== at 0x4839A0C: free (vg_replace_malloc.c:540) ==8545== by 0x4A91C14: destroy (wayland_pointer_p.h:63) ==8545== by 0x4A91C14: KWayland::Client::Registry::Private::globalSync(void*, wl_callback*, unsigned int) (registry.cpp:539) ==8545== by 0x8596B27: ffi_call_unix64 (unix64.S:76) ==8545== by 0x8596338: ffi_call (ffi64.c:525) ==8545== by 0x736F606: wl_closure_invoke (connection.c:1014) ==8545== by 0x736BF17: dispatch_event.isra.0 (wayland-client.c:1430) ==8545== by 0x736D46B: dispatch_queue (wayland-client.c:1576) ==8545== by 0x736D46B: wl_display_dispatch_queue_pending (wayland-client.c:1818) ==8545== by 0x736D8AA: wl_display_roundtrip_queue (wayland-client.c:1241) ==8545== by 0x4A7AB73: KWayland::Client::ConnectionThread::roundtrip() (connection_thread.cpp:290) ==8545== by 0x1806A189: KWaylandIntegration::init() (kwaylandintegration.cpp:74) ==8545== by 0x180500C0: KdePlatformTheme::KdePlatformTheme() (kdeplatformtheme.cpp:84) ==8545== by 0x1806CDFA: KdePlatformThemePlugin::create(QString const&, QStringList const&) (main.cpp:37) ==8545== Block was alloc'd at ==8545== at 0x483AB1A: calloc (vg_replace_malloc.c:762) ==8545== by 0x736BD42: UnknownInlinedFun (wayland-private.h:236) ==8545== by 0x736BD42: proxy_create.isra.0 (wayland-client.c:421) ==8545== by 0x736C42B: create_outgoing_proxy (wayland-client.c:650) ==8545== by 0x736C42B: wl_proxy_marshal_array_constructor_versioned (wayland-client.c:735) ==8545== by 0x736C782: wl_proxy_marshal_constructor (wayland-client.c:824) ==8545== by 0x4A920BD: wl_display_sync (wayland-client-protocol.h:958) ==8545== by 0x4A920BD: KWayland::Client::Registry::create(wl_display*) (registry.cpp:470) ==8545== by 0x4A9213A: KWayland::Client::Registry::create(KWayland::Client::ConnectionThread*) (registry.cpp:479) ==8545== by 0x1806A10D: KWaylandIntegration::init() (kwaylandintegration.cpp:56) ==8545== by 0x180500C0: KdePlatformTheme::KdePlatformTheme() (kdeplatformtheme.cpp:84) ==8545== by 0x1806CDFA: KdePlatformThemePlugin::create(QString const&, QStringList const&) (main.cpp:37) ==8545== by 0x659BE88: QPlatformTheme* qLoadPlugin<QPlatformTheme, QPlatformThemePlugin, QStringList&>(QFactoryLoader const*, QString const&, QStringList&) (qfactoryloader_p.h:108) ==8545== by 0x659B825: QPlatformThemeFactory::create(QString const&, QString const&) (qplatformthemefactory.cpp:73) ==8545== by 0x65A4A0F: init_platform (qguiapplication.cpp:1247) ==8545== by 0x65A4A0F: QGuiApplicationPrivate::createPlatformIntegration() (qguiapplication.cpp:1392) = I've seen segmentation faults in konsole and powerdevil and others which involved invalid reads/writes starting at wl_proxy_unref (wayland-client.c:229) https://bugs.kde.org/show_bug.cgi?id=408971 https://bugs.kde.org/show_bug.cgi?id=408553 The valgrind log showed use of a few uninitialized variables including at QtWaylandClient::QWaylandInputDevice::Keyboard::keyboard_key (qwaylandinputdevice.cpp:792) Thread 1: ==8545== Conditional jump or move depends on uninitialised value(s) ==8545== at 0x17ED1571: QtWaylandClient::QWaylandInputDevice::Keyboard::keyboard_key(unsigned int, unsigned int, unsigned int, unsigned int) (qwaylandinputdevice.cpp:792) ==8545== by 0x8596B27: ffi_call_unix64 (unix64.S:76) ==8545== by 0x8596338: ffi_call (ffi64.c:525) ==8545== by 0x736F606: wl_closure_invoke (connection.c:1014) ==8545== by 0x736BF17: dispatch_event.isra.0 (wayland-client.c:1430) ==8545== by 0x736D46B: dispatch_queue (wayland-client.c:1576) ==8545== by 0x736D46B: wl_display_dispatch_queue_pending (wayland-client.c:1818) ==8545== by 0x17ED2361: QtWaylandClient::QWaylandDisplay::flushRequests() (qwaylanddisplay.cpp:187) ==8545== by 0x6C5BD7A: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3801) ==8545== by 0x6C86C16: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_glib.cpp:429) ==8545== by 0x6C309EA: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:225) ==8545== by 0x6C38725: QCoreApplication::exec() (qcoreapplication.cpp:1385) ==8545== by 0x12C808: main (main.cpp:212) ==8545== Uninitialised value was created by a heap allocation ==8545== at 0x4838E86: operator new(unsigned long) (vg_replace_malloc.c:344) ==8545== by 0x17ECF017: QtWaylandClient::QWaylandInputDevice::createKeyboard(QtWaylandClient::QWaylandInputDevice*) (qwaylandinputdevice.cpp:265) ==8545== by 0x17ECEFCC: QtWaylandClient::QWaylandInputDevice::seat_capabilities(unsigned int) (qwaylandinputdevice.cpp:231) ==8545== by 0x8596B27: ffi_call_unix64 (unix64.S:76) ==8545== by 0x8596338: ffi_call (ffi64.c:525) ==8545== by 0x736F606: wl_closure_invoke (connection.c:1014) ==8545== by 0x736BF17: dispatch_event.isra.0 (wayland-client.c:1430) ==8545== by 0x736D46B: dispatch_queue (wayland-client.c:1576) ==8545== by 0x736D46B: wl_display_dispatch_queue_pending (wayland-client.c:1818) ==8545== by 0x17ED2804: QtWaylandClient::QWaylandDisplay::forceRoundTrip() (qwaylanddisplay.cpp:420) ==8545== by 0x17ED35B6: QtWaylandClient::QWaylandDisplay::registry_global(unsigned int, QString const&, unsigned int) (qwaylanddisplay.cpp:282) ==8545== by 0x17EF9DA5: QtWayland::wl_registry::handle_global(void*, wl_registry*, unsigned int, char const*, unsigned int) (qwayland-wayland.cpp:71) ==8545== by 0x8596B27: ffi_call_unix64 (unix64.S:76) ==8545== I don't know if those uninitialized values being used might be related to the crashes. I attached the valgrind log and ksplashqml trace at https://bugs.kde.org/show_bug.cgi?id=409021
This message is a reminder that Fedora 30 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora 30 on 2020-05-26. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '30'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 30 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 30 changed to end-of-life (EOL) status on 2020-05-26. Fedora 30 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.
I was using Plasma 5.19.4 on Wayland in Fedora 33 with KF 5.73.0 and Qt 5.14.2. I set the desktop to use the Application Menu by right-clicking on the button at the bottom left of the screen, selecting Show Alternatives > Application Menu > Switch. I quickly left-clicked to open the Application Menu many times. The Task Manager bar at the bottom of the screen disappeared and reappeared automatically. plasmashell segmentation faulted in wl_proxy_set_queue at src/wayland-client.c:2173 in libwayland-client-1.18.0-2.fc33.x86_64. Core was generated by `/usr/bin/plasmashell'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __GI_raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:49 49 return ret; [Current thread is 1 (Thread 0x7ff5eabe6640 (LWP 8221))] (gdb) bt #0 __GI_raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:49 #1 <signal handler called> #2 0x00007ff688034ca5 in wl_proxy_set_queue (proxy=0x0, queue=0x55f4dc0e5790) at src/wayland-client.c:2173 #3 0x00007ff676c85f8d in QtWaylandClient::QWaylandWindow::waitForFrameSync (timeout=100, this=0x55f4dc0ae900) at qwaylandwindow.cpp:637 #4 QtWaylandClient::QWaylandWindow::waitForFrameSync (this=this@entry=0x55f4dc0ae900, timeout=timeout@entry=100) at qwaylandwindow.cpp:630 #5 0x00007ff6740181ea in QtWaylandClient::QWaylandGLContext::swapBuffers (this=0x55f4dcaacb10, surface=0x55f4dc0ae910) at ../../../../hardwareintegration/client/wayland-egl/qwaylandglcontext.cpp:482 #6 0x00007ff68a00d0c4 in QSGRenderThread::syncAndRender (this=0x55f4dc923380, grabImage=0x0) at scenegraph/qsgthreadedrenderloop.cpp:841 #7 0x00007ff68a013e0f in QSGRenderThread::run (this=0x55f4dc923380) at scenegraph/qsgthreadedrenderloop.cpp:980 #8 0x00007ff68857b690 in QThreadPrivate::start (arg=0x55f4dc923380) at thread/qthread_unix.cpp:342 #9 0x00007ff6879df3f9 in start_thread (arg=0x7ff5eabe6640) at pthread_create.c:463 #10 0x00007ff6881ffb03 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 The pointer proxy=0x0 passed to wl_proxy_set_queue might've led to a null pointer dereference like in the crash I reported here before. (gdb) l src/wayland-client.c:2173 2168 * \memberof wl_proxy 2169 */ 2170 WL_EXPORT void 2171 wl_proxy_set_queue(struct wl_proxy *proxy, struct wl_event_queue *queue) 2172 { 2173 if (queue) 2174 proxy->queue = queue; 2175 else 2176 proxy->queue = &proxy->display->default_queue; 2177 } The crashes might involve a race condition in which the Wayland proxy of the Application menu was occasionally freed or corrupted before it was used. The use-after-free errors I reported in comment 1 might still be happening and leading to the crashes. plasmashell crashed when I've quickly left-clicked to open the Application Menu at other times in the last day with errors like The Wayland connection experienced a fatal error: Invalid argument https://bugzilla.redhat.com/show_bug.cgi?id=1870137 and a segmentation fault in update_buffers in mesa-libEGL https://bugzilla.redhat.com/show_bug.cgi?id=1777733 Those crashes might have been related to this one.
This message is a reminder that Fedora 33 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora 33 on 2021-11-30. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '33'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 33 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 33 changed to end-of-life (EOL) status on 2021-11-30. Fedora 33 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.