Bug 2252833 - plasmashell crashed sometimes when hovering over task manager icons
Summary: plasmashell crashed sometimes when hovering over task manager icons
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: qt6-qtwayland
Version: 40
Hardware: Unspecified
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: KDE SIG
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-12-04 23:03 UTC by Matt Fagnani
Modified: 2025-04-25 23:39 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2025-04-25 23:39:02 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
KDE Software Compilation 478086 0 NOR RESOLVED plasmashell crashed sometimes in QtWaylandClient::QWaylandWindow::createDecoration when hovering over task manager icons 2024-01-11 13:45:12 UTC
KDE Software Compilation 479302 0 NOR RESOLVED Several things crash in QWaylandWindow::createDecoration 2024-01-11 13:52:20 UTC
Qt Bug Tracker QTBUG-105703 0 P1: Critical Closed QWaylandWindow::createDecoration() is called from multiple threads 2024-01-11 13:52:20 UTC

Description Matt Fagnani 2023-12-04 23:03:25 UTC 
I booted the Fedora Rawhide/40 KDE Plasma live image Fedora-KDE-Live-x86_64-Rawhide-20231204.n.0.iso on bare metal. I started Konsole in Plasma 5.90.0 on Wayland. I ran some Fedora kernel tests in Konsole. I quickly moved the cursor over the Konsole icon in the task manager to the icons to its left (Firefox, Dolphin, Discover, System Settings). plasmashell crashed when I did that and the panel disappeared and reappeared automatically a few seconds later. drkonqi appeared. I selected Developer information, installed debuginfo rpms for qt6-qtbase(-gui) glibc glib2, and created a trace. I tried to report to bugs.kde.org through drkonqi, but drkonqi crashed at the point that a list of possible duplicate reports was shown. The core dump was removed probably due to space limitations from the drkonqi crash. The crash was a segmentation fault involving QWaitCondition::wait in qt6-qtbase 6.6.1.

I saw this type of plasmashell crash again in the same session by hovering over the task manager icons with Firefox, Konsole, System Monitor open in a similar way. The core dump wasn't saved due to space limitations and drkonqi didn't appear. The crash only happened sometimes.

I reproduced the crash by moving the cursor quickly between the Dolphin and Konsole icons which were both running. Here is the trace from coredumpctl gdb.

Core was generated by `/usr/bin/plasmashell --no-respawn'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=11, no_tid=no_tid@entry=0) at pthread_kill.c:44
Downloading source file /usr/src/debug/glibc-2.38.9000-26.fc40.x86_64/nptl/pthread_kill.c
44            return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;                                                                                
[Current thread is 1 (Thread 0x7f4b7c44e680 (LWP 1979))]
(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=11, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007f4b794abc23 in __pthread_kill_internal (signo=11, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007f4b794598ee in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26
#3  0x00007f4b7c80b6cb in KCrash::defaultCrashHandler (sig=11) at /usr/src/debug/kf6-kcrash-5.246.0-1.fc40.x86_64/src/kcrash.cpp:612
#4  <signal handler called>
#5  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=11, no_tid=no_tid@entry=0) at pthread_kill.c:44
#6  0x00007f4b794abc23 in __pthread_kill_internal (signo=11, threadid=<optimized out>) at pthread_kill.c:78
#7  0x00007f4b794598ee in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26
#8  <signal handler called>
#9  0x00007f4b794a6407 in __futex_abstimed_wait_common64 (private=0, cancel=true, abstime=0x0, op=393, expected=0, futex_word=0x558c53c52fb0) at futex-internal.c:57
#10 __futex_abstimed_wait_common (futex_word=futex_word@entry=0x558c53c52fb0, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x0, 
    private=private@entry=0, cancel=cancel@entry=true) at futex-internal.c:87
#11 0x00007f4b794a648f in __GI___futex_abstimed_wait_cancelable64 (futex_word=futex_word@entry=0x558c53c52fb0, expected=expected@entry=0, clockid=clockid@entry=0, 
    abstime=abstime@entry=0x0, private=private@entry=0) at futex-internal.c:139
#12 0x00007f4b794a8da9 in __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=<optimized out>, cond=0x558c53c52f88) at pthread_cond_wait.c:503
#13 ___pthread_cond_wait (cond=0x558c53c52f88, mutex=<optimized out>) at pthread_cond_wait.c:618
#14 0x00007f4b79d596eb in QWaitConditionPrivate::wait (deadline=..., this=0x558c53c52f60)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/thread/qwaitcondition_unix.cpp:103
#15 QWaitCondition::wait (this=<optimized out>, mutex=0x558c54e0e408, deadline=...)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/thread/qwaitcondition_unix.cpp:181
#16 0x00007f4b7b8c3a87 in QSGThreadedRenderLoop::handleObscurity (this=this@entry=0x558c53a21d40, w=0x558c555cd020)
    at /usr/src/debug/qt6-qtdeclarative-6.6.1-1.fc40.x86_64/src/quick/scenegraph/qsgthreadedrenderloop.cpp:1334
#17 0x00007f4b7b8c47bd in QSGThreadedRenderLoop::handleObscurity (w=<optimized out>, this=0x558c53a21d40)
    at /usr/src/debug/qt6-qtdeclarative-6.6.1-1.fc40.x86_64/src/quick/scenegraph/qsgthreadedrenderloop.cpp:1323
#18 QSGThreadedRenderLoop::hide (this=0x558c53a21d40, window=0x558c55a70b70)
    at /usr/src/debug/qt6-qtdeclarative-6.6.1-1.fc40.x86_64/src/quick/scenegraph/qsgthreadedrenderloop.cpp:1124
#19 0x00007f4b7a4661d8 in QWindow::event (this=0x558c55a70b70, ev=0x7ffd4cb10390) at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/gui/kernel/qwindow.cpp:2576
#20 0x00007f4b7bdc3168 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x558c55a70b70, e=0x7ffd4cb10390)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/widgets/kernel/qapplication.cpp:3296
#21 0x00007f4b79ba0e08 in QCoreApplication::notifyInternal2 (receiver=0x558c55a70b70, event=0x7ffd4cb10390)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1121
#22 0x00007f4b79ba100d in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1539
--Type <RET> for more, q to quit, c to continue without paging--c
#23 0x00007f4b7a4638b1 in QWindowPrivate::setVisible (visible=false, this=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/gui/kernel/qwindow.cpp:415
#24 QWindow::setVisible (this=<optimized out>, visible=false) at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/gui/kernel/qwindow.cpp:681
#25 0x00007f4b79c02221 in QtPrivate::QSlotObjectBase::call (a=0x7ffd4cb104d0, r=0x558c55a70b70, this=0x558c55b14360)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qobjectdefs_impl.h:433
#26 doActivate<false> (sender=0x558c55b14380, signal_index=3, argv=0x7ffd4cb104d0)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qobject.cpp:4021
#27 0x00007f4b79bf8807 in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7f4b7a06df20, local_signal_index=local_signal_index@entry=0, 
    argv=argv@entry=0x7ffd4cb104d0) at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qobject.cpp:4081
#28 0x00007f4b79c113dd in QTimer::timeout (this=<optimized out>, _t1=...)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/redhat-linux-build/src/corelib/Core_autogen/include/moc_qtimer.cpp:272
#29 0x00007f4b79bf379f in QObject::event (this=0x558c55b14380, e=0x7ffd4cb10660) at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qobject.cpp:1459
#30 0x00007f4b7bdc3168 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x558c55b14380, e=0x7ffd4cb10660)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/widgets/kernel/qapplication.cpp:3296
#31 0x00007f4b79ba0e08 in QCoreApplication::notifyInternal2 (receiver=0x558c55b14380, event=0x7ffd4cb10660)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1121
#32 0x00007f4b79ba100d in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1539
#33 0x00007f4b79d4ef8b in QTimerInfoList::activateTimers (this=0x558c50017700)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qtimerinfo_unix.cpp:507
#34 0x00007f4b79e6d099 in timerSourceDispatch (source=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:149
#35 0x00007f4b78826e5c in g_main_dispatch (context=0x7f4b60000ef0) at ../glib/gmain.c:3476
#36 g_main_context_dispatch_unlocked (context=0x7f4b60000ef0) at ../glib/gmain.c:4284
#37 0x00007f4b78881dd8 in g_main_context_iterate_unlocked.isra.0 (context=context@entry=0x7f4b60000ef0, block=block@entry=1, dispatch=dispatch@entry=1, 
    self=<optimized out>) at ../glib/gmain.c:4349
#38 0x00007f4b78824ad3 in g_main_context_iteration (context=0x7f4b60000ef0, may_block=1) at ../glib/gmain.c:4414
#39 0x00007f4b79e6d39f in QEventDispatcherGlib::processEvents (this=0x558c4ffcce40, flags=...)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:393
#40 0x00007f4b79badbcb in QEventLoop::exec (this=this@entry=0x7ffd4cb10930, flags=..., flags@entry=...)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/global/qflags.h:34
#41 0x00007f4b79ba99cd in QCoreApplication::exec () at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/global/qflags.h:74
#42 0x00007f4b7a3fa05d in QGuiApplication::exec () at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/gui/kernel/qguiapplication.cpp:1925
#43 0x00007f4b7bdc30d9 in QApplication::exec () at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/widgets/kernel/qapplication.cpp:2574
#44 0x0000558c4f021e52 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/plasma-workspace-5.90.0-1.fc40.x86_64/shell/main.cpp:230


Reproducible: Sometimes

Steps to Reproduce:
1. boot the Fedora Rawhide/40 KDE Plasma live image Fedora-KDE-Live-x86_64-Rawhide-20231204.n.0.iso from https://koji.fedoraproject.org/koji/buildinfo?buildID=2327615 on bare metal. 
2. start Konsole in Plasma 5.90.0 on Wayland. 
3. quickly move the cursor over the Konsole icon in the task manager to the icons to its left (Firefox, Dolphin, Discover, System Settings) back and forth until the crash happens.

Actual Results:  
plasmashell crashed sometimes when hovering over task manager icons


Expected Results:  
plasmashell shouldn't have crashed

Linux/KDE Plasma: Fedora Rawhide/40
(available in About System)
KDE Plasma Version: 5.90.0
KDE Frameworks Version: 5.246.0
Qt Version: 6.6.1

The trace was similar to that of https://bugs.kde.org/show_bug.cgi?id=472412 That report was closed with the instruction to make a new report if it still happened. https://bugs.kde.org/show_bug.cgi?id=472412#c2 I reported this problem at https://bugs.kde.org/show_bug.cgi?id=478086
Comment 1 Matt Fagnani 2023-12-07 19:14:00 UTC 
I unchecked "Show small preview windows when hovering over Tasks" in the Task Manager widget's settings window. I tried to reproduce the crash for several minutes, but plasmashell didn't crash. The 5 crashes like this in Plasma 5.90.0 took from 1 second to 2 minutes to happen, so the problem might not happen with the preview windows disabled. I checked "Show small preview windows when hovering over Tasks" in the Task Manager widget's settings window. I reproduced the crash after about 1 minute of moving the cursor as before. I think that the problem is actually in thread 73 instead of thread 1 as in the trace I put in comment. drkonqi focused on thread 1, but it was just waiting/polling. Both thread 73 and thread 1 had [KCrash Handler] at the top in drkonqi. Using coredumpctl gdb, the trace of thread 73 was the following.

(gdb) thread 73
[Switching to thread 73 (Thread 0x7f369df6f6c0 (LWP 3082))]
#0  0x00007f375d51841d in __GI___poll (fds=fds@entry=0x7f369df6d768, nfds=nfds@entry=1, timeout=timeout@entry=1000) at ../sysdeps/unix/sysv/linux/poll.c:29
Downloading source file /usr/src/debug/glibc-2.38.9000-26.fc40.x86_64/io/../sysdeps/unix/sysv/linux/poll.c
29        return SYSCALL_CANCEL (poll, fds, nfds, timeout);
(gdb) bt
#0  0x00007f375d51841d in __GI___poll (fds=fds@entry=0x7f369df6d768, nfds=nfds@entry=1, timeout=timeout@entry=1000) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f37607feb98 in poll (__timeout=1000, __nfds=1, __fds=0x7f369df6d768) at /usr/include/bits/poll2.h:39
#2  pollDrKonqiSocket (sockfd=3, pid=<optimized out>) at /usr/src/debug/kf6-kcrash-5.246.0-1.fc40.x86_64/src/kcrash.cpp:844
#3  KCrash::startProcess (argv=argv@entry=0x7f369df6d8a8, waitAndExit=waitAndExit@entry=true, argc=<optimized out>)
    at /usr/src/debug/kf6-kcrash-5.246.0-1.fc40.x86_64/src/kcrash.cpp:706
#4  0x00007f37607ff659 in KCrash::defaultCrashHandler (sig=11) at /usr/src/debug/kf6-kcrash-5.246.0-1.fc40.x86_64/src/kcrash.cpp:602
#5  <signal handler called>
#6  0x00007f375dec0a40 in typeinfo name for QObjectCleanupHandler () from /lib64/libQt6Core.so.6
#7  0x00007f37604f3f5a in QtWaylandClient::QWaylandWindow::createDecoration (this=0x564f65c87540)
    at /usr/src/debug/qt6-qtwayland-6.6.1-1.fc40.x86_64/src/client/qwaylandwindow.cpp:1034
#8  0x00007f37588e199c in QtWaylandClient::QWaylandGLContext::makeCurrent (this=this@entry=0x7f3710002490, surface=<optimized out>)
    at /usr/src/debug/qt6-qtwayland-6.6.1-1.fc40.x86_64/src/hardwareintegration/client/wayland-egl/qwaylandglcontext.cpp:315
#9  0x00007f375e79c188 in QOpenGLContext::makeCurrent (this=0x7f37100021e0, surface=surface@entry=0x564f65d371f0)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/gui/kernel/qopenglcontext.cpp:661
#10 0x00007f375e7b48e9 in QRhiGles2::ensureContext (this=0x7f3710001b70, surface=0x564f65d371f0)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/gui/rhi/qrhigles2.cpp:619
#11 0x00007f375e7c071e in QRhiGles2::beginFrame (this=0x7f3710001b70, swapChain=0x7f37101c8ea0)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/gui/rhi/qrhigles2.cpp:2028
#12 0x00007f375e644bea in QRhi::beginFrame (this=0x7f3710001b50, swapChain=0x7f37101c8ea0, flags=..., flags@entry=...)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/gui/rhi/qrhi.cpp:10146
#13 0x00007f375f8c29f4 in QSGRenderThread::syncAndRender (this=this@entry=0x564f66f2b500) at /usr/include/qt6/QtCore/qflags.h:73
#14 0x00007f375f8c5e93 in QSGRenderThread::run (this=0x564f66f2b500)
    at /usr/src/debug/qt6-qtdeclarative-6.6.1-1.fc40.x86_64/src/quick/scenegraph/qsgthreadedrenderloop.cpp:946
#15 0x00007f375dd50ace in operator() (__closure=<optimized out>) at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/thread/qthread_unix.cpp:324
#16 (anonymous namespace)::terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > (t=...)
    at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/thread/qthread_unix.cpp:260
#17 QThreadPrivate::start (arg=0x564f66f2b500) at /usr/src/debug/qt6-qtbase-6.6.1-1.fc40.x86_64/src/corelib/thread/qthread_unix.cpp:283
#18 0x00007f375d4a5c91 in start_thread (arg=<optimized out>) at pthread_create.c:447
#19 0x00007f375d525f9c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

QtWaylandClient::QWaylandWindow::createDecoration in frame 7 of thread 73 had mShellSurface=0x0, so the crash might've been a null pointer dereference. This problem might involve a race condition in which the Wayland surface of the window previews was occasionally freed then used.

(gdb) frame 7
#7  0x00007f37604f3f5a in QtWaylandClient::QWaylandWindow::createDecoration (this=0x564f65c87540)
    at /usr/src/debug/qt6-qtwayland-6.6.1-1.fc40.x86_64/src/client/qwaylandwindow.cpp:1034
Downloading source file /usr/src/debug/qt6-qtwayland-6.6.1-1.fc40.x86_64/src/client/qwaylandwindow.cpp
1034        if (!mShellSurface || !mShellSurface->wantsDecorations())
(gdb) p mShellSurface
$1 = (QtWaylandClient::QWaylandShellSurface *) 0x0

The upstream report was reassigned to kpipewire so I'm doing the same for this one.
Comment 2 Matt Fagnani 2024-01-11 13:52:20 UTC 
Several KDE programs were reported to crash in QWaylandWindow::createDecoration since it was called from multiple threads but was not thread-safe https://bugs.kde.org/show_bug.cgi?id=479302 https://bugreports.qt.io/browse/QTBUG-105703 David Edmundson wrote a patch to qt6-qtwayland for this problem at https://codereview.qt-project.org/c/qt/qtwayland/+/529547
Comment 3 Aoife Moloney 2024-02-15 23:06:53 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 40 development cycle.
Changing version to 40.
Comment 4 Aoife Moloney 2025-04-25 10:11:53 UTC 
This message is a reminder that Fedora Linux 40 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 40 on 2025-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '40'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, change the 'version' 
to a later Fedora Linux version. Note that the version field may be hidden.
Click the "Show advanced fields" button if you do not see it.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora Linux 40 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora Linux, you are encouraged to change the 'version' to a later version
prior to this bug being closed.
Comment 5 Matt Fagnani 2025-04-25 23:39:02 UTC 
This problem was fixed in Qt 6.6.3 https://bugs.kde.org/show_bug.cgi?id=479302
Note You need to log in before you can comment on or make changes to this bug.