Bug 2263810 - plasmashell crashed five times in a row when dragging text in Thunderbird
Summary: plasmashell crashed five times in a row when dragging text in Thunderbird
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: plasma-workspace
Version: 40
Hardware: Unspecified
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: KDE SIG
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-02-12 04:56 UTC by Matt Fagnani
Modified: 2025-02-26 14:20 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2025-02-26 14:20:38 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
Full trace of all threads of plasmashell crash (181.15 KB, text/plain)
2024-02-12 04:57 UTC, Matt Fagnani 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
KDE Software Compilation 480474 0 NOR CONFIRMED Plasmashell crashes when dragging files to "combined" windows on icons only task manager 2024-02-12 04:56:21 UTC

Description Matt Fagnani 2024-02-12 04:56:09 UTC 
plasmashell crashed five times in a row when dragging text in Thunderbird in Plasma 5.93.0 on Wayland in a Fedora Rawhide/40 KDE Plasma installation. Thunderbird had 4-5 emails open in separate windows some of which were replying to others. The Thunderbird windows appeared to be combined into one task in the task manager when hovering over it. Text was dragged from one of the emails which was shown in red moving around with the cursor. plasmashell crashed with the same trace repeatedly in std::__atomic_base<QThreadData*>::load. Errors like this=<error reading variable: Cannot access memory at address 0x8> in frames 5-8 might've indicated a null pointer (plus an offset). QCoreApplication::notifyInternal2 in frame 9 had receiver=0x0. QGuiApplicationPrivate::processDrag in frame 11 had w=w@entry=0x0, and QWindowSystemInterface::handleDrag in frame 12 had window=window@entry=0x0. QtWaylandClient::QWaylandDataDevice::data_device_motion in frame 13 had drag = 0x0 according to the full trace which might be where the null pointer was from.

Core was generated by `/usr/bin/plasmashell --no-respawn'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=11, no_tid=no_tid@entry=0)
    at pthread_kill.c:44
44            return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;
[Current thread is 1 (Thread 0x7f1ba6e2cb00 (LWP 23013))]

(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=11, no_tid=no_tid@entry=0)
    at pthread_kill.c:44
#1  0x00007f1ba3ea71f3 in __pthread_kill_internal (signo=11, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007f1ba3e4f65e in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26
#3  0x00007f1ba71ce645 in KCrash::defaultCrashHandler(int) () at /lib64/libKF6Crash.so.6
#4  0x00007f1ba3e4f710 in <signal handler called> () at /lib64/libc.so.6
#5  std::__atomic_base<QThreadData*>::load
    (__m=std::memory_order_acquire, this=<error reading variable: Cannot access memory at address 0x8>)
    at /usr/include/c++/14/bits/atomic_base.h:831
#6  std::atomic<QThreadData*>::load
    (__m=std::memory_order_acquire, this=<error reading variable: Cannot access memory at address 0x8>)
    at /usr/include/c++/14/atomic:582
#7  QAtomicOps<QThreadData*>::loadAcquire<QThreadData*>
    (_q_value=<error reading variable: Cannot access memory at address 0x8>)
    at /usr/src/debug/qt6-qtbase-6.6.1-5.fc40.x86_64/src/corelib/thread/qatomic_cxx11.h:213
#8  QBasicAtomicPointer<QThreadData>::loadAcquire (this=<error reading variable: Cannot access memory at address 0x8>)
    at /usr/src/debug/qt6-qtbase-6.6.1-5.fc40.x86_64/src/corelib/thread/qbasicatomic.h:179
#9  QCoreApplication::notifyInternal2 (receiver=0x0, event=0x7ffdb5954530)
    at /usr/src/debug/qt6-qtbase-6.6.1-5.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1117
#10 0x00007f1ba458f6cd in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.6.1-5.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1539
#11 0x00007f1ba4de47ca in QGuiApplicationPrivate::processDrag
    (w=w@entry=0x0, dropData=dropData@entry=0x55df034eb560, p=..., supportedActions=..., buttons=..., modifiers=...)
    at /usr/src/debug/qt6-qtbase-6.6.1-5.fc40.x86_64/src/gui/kernel/qguiapplication.cpp:3376
#12 0x00007f1ba4e435ed in QWindowSystemInterface::handleDrag
    (window=window@entry=0x0, dropData=0x55df034eb560, p=<optimized out>, supportedActions=supportedActions@entry=..., buttons=..., modifiers=...) at /usr/src/debug/qt6-qtbase-6.6.1-5.fc40.x86_64/src/gui/kernel/qwindowsysteminterface.cpp:845
#13 0x00007f1ba6ee5d45 in QtWaylandClient::QWaylandDataDevice::data_device_motion
--Type <RET> for more, q to quit, c to continue without paging--c
    (this=0x55df007ad9d0, time=<optimized out>, x=<optimized out>, y=<optimized out>)
    at /usr/src/debug/qt6-qtwayland-6.6.1-5.fc40.x86_64/src/client/qwaylanddatadevice.cpp:273
#14 0x00007f1ba3d08056 in ffi_call_unix64 () at ../src/x86/unix64.S:104
#15 0x00007f1ba3d046a0 in ffi_call_int
    (cif=cif@entry=0x7ffdb59548c0, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>, closure=closure@entry=0x0) at ../src/x86/ffi64.c:673
#16 0x00007f1ba3d074ee in ffi_call
    (cif=cif@entry=0x7ffdb59548c0, fn=<optimized out>, rvalue=rvalue@entry=0x0, avalue=avalue@entry=0x7ffdb5954990)
    at ../src/x86/ffi64.c:710
#17 0x00007f1ba726bf2e in wl_closure_invoke (closure=closure@entry=0x7f1b7c0099d0, target=<optimized out>, 
    target@entry=0x55df007b1ab0, opcode=opcode@entry=3, data=<optimized out>, flags=1) at ../src/connection.c:1025
#18 0x00007f1ba726c7a3 in dispatch_event (display=display@entry=0x55df0079fbf0, queue=0x55df0079fce0)
    at ../src/wayland-client.c:1631
#19 0x00007f1ba726ca4c in dispatch_queue (queue=0x55df0079fce0, display=0x55df0079fbf0) at ../src/wayland-client.c:1777
#20 wl_display_dispatch_queue_pending (display=0x55df0079fbf0, queue=0x55df0079fce0) at ../src/wayland-client.c:2019
#21 0x00007f1ba6e9ead2 in QtWaylandClient::QWaylandDisplay::flushRequests (this=<optimized out>)
    at /usr/src/debug/qt6-qtwayland-6.6.1-5.fc40.x86_64/src/client/qwaylanddisplay.cpp:229
#22 0x00007f1ba45f3094 in doActivate<false> (sender=0x55df0079cdc0, signal_index=4, argv=0x7ffdb5954be8)
    at /usr/src/debug/qt6-qtbase-6.6.1-5.fc40.x86_64/src/corelib/kernel/qobject.cpp:4033
#23 0x00007f1ba45e9637 in QMetaObject::activate
    (sender=sender@entry=0x55df0079cdc0, m=m@entry=0x7f1ba4a66860 <QAbstractEventDispatcher::staticMetaObject>, local_signal_index=local_signal_index@entry=1, argv=argv@entry=0x0)
    at /usr/src/debug/qt6-qtbase-6.6.1-5.fc40.x86_64/src/corelib/kernel/qobject.cpp:4081
#24 0x00007f1ba458bf27 in QAbstractEventDispatcher::awake (this=this@entry=0x55df0079cdc0)
    at /usr/src/debug/qt6-qtbase-6.6.1-5.fc40.x86_64/redhat-linux-build/src/corelib/Core_autogen/include/moc_qabstracteventdispatcher.cpp:182
#25 0x00007f1ba4867e0b in QEventDispatcherGlib::processEvents (this=0x55df0079cdc0, flags=...)
    at /usr/src/debug/qt6-qtbase-6.6.1-5.fc40.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:400
#26 0x00007f1ba459c303 in QEventLoop::exec (this=this@entry=0x7ffdb5954d30, flags=..., flags@entry=...)
    at /usr/src/debug/qt6-qtbase-6.6.1-5.fc40.x86_64/src/corelib/global/qflags.h:34
#27 0x00007f1ba459829c in QCoreApplication::exec ()
    at /usr/src/debug/qt6-qtbase-6.6.1-5.fc40.x86_64/src/corelib/global/qflags.h:74
#28 0x00007f1ba4dd2afd in QGuiApplication::exec ()
    at /usr/src/debug/qt6-qtbase-6.6.1-5.fc40.x86_64/src/gui/kernel/qguiapplication.cpp:1925
#29 0x00007f1ba6787e19 in QApplication::exec ()
    at /usr/src/debug/qt6-qtbase-6.6.1-5.fc40.x86_64/src/widgets/kernel/qapplication.cpp:2574
#30 0x000055deff96ae75 in main (argc=<optimized out>, argv=<optimized out>)
    at /usr/src/debug/plasma-workspace-5.93.0-1.fc40.x86_64/shell/main.cpp:214

I'm attaching the full trace of all threads. drkonqi appeared 4-5 times.  Plasma became unresponsive. I used sysrq+alt+e to terminate all processes which made the system go back to sddm. Logging in again showed an error that the /tmp partition was full. The /tmp/drkonqi* directories with the plasmashell core dumps filled up the 3.7 GB /tmp partition.

Reproducible: Sometimes

Steps to Reproduce:
1. Boot a Fedora Rawhide/40 KDE Plasma installation with thunderbird-wayland-115.7.0-1.fc40 installed
2. Log in to Plasma 5.93.0 on Wayland
3. Start Thunderbird 115.7.0 on Wayland
4. Open 3 emails in new windows.
5. Click Reply on 2 emails
6. Select and drag text from one of the emails repeatedly until the crash happens. I don't know where the text needs to be be dragged to and/or dropped for the problem to happen.

Actual Results:  
plasmashell crashed five times in a row when dragging text in Thunderbird

Expected Results:  
plasmashell shouldn't have crashed.

plasmashell crashes with similar traces were reported at https://bugs.kde.org/show_bug.cgi?id=480474 Based on that report, the windows might need to be combined in the task manager and the dragging might need to be done in a way described there.

plasma-workspace-5.93.0-1.fc40.x86_64
kf6-kwindowsystem-5.249.0-1.fc40.x86_64
qt6-qtbase-6.6.1-5.fc40.x86_64
thunderbird-wayland-115.7.0-1.fc40.x86_64
Comment 1 Matt Fagnani 2024-02-12 04:57:30 UTC 
Created attachment 2016423 [details]
Full trace of all threads of plasmashell crash
Comment 2 Aoife Moloney 2025-02-26 12:57:57 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 42 development cycle.
Changing version to 42.
Comment 3 Matt Fagnani 2025-02-26 14:20:38 UTC 
This problem was fixed in Plasma 6.3.0, if not earlier, according to Nate Graham https://bugs.kde.org/show_bug.cgi?id=480474#c10 and happened while Rawhide was F40.
Note You need to log in before you can comment on or make changes to this bug.