[plasmashell] [Bug 518415] New: KIconLoader::newIconLoader() heap corruption due to thread-unsafe concurrent access during theme change

Wed, 01 Apr 2026 16:20:18 -0700 

https://bugs.kde.org/show_bug.cgi?id=518415

            Bug ID: 518415
           Summary: KIconLoader::newIconLoader() heap corruption due to
                    thread-unsafe concurrent access during theme change
    Classification: Plasma
           Product: plasmashell
      Version First 6.5.4
       Reported In:
          Platform: Debian testing
                OS: Linux
            Status: REPORTED
          Severity: crash
          Priority: NOR
         Component: Day/night schedule
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected]
  Target Milestone: 1.0

Created attachment 191192
  --> https://bugs.kde.org/attachment.cgi?id=191192&action=edit
Plasmashell and Krunner coredumps (joined together)

SUMMARY
Switching between light and dark color schemes (via plasma-apply-colorscheme 
and plasma-apply-lookandfeel) reliably crashes both plasmashell and krunner 
with "malloc_consolidate(): unaligned fastbin chunk detected".

STEPS TO REPRODUCE
Run `dark` and `light` a few times. It's a race condition so it may take 4 or 5
times.
```
LIGHT_PLASMA_SCHEME="BreezeLight"
LIGHT_PLASMA_LOOKANDFEEL="org.kde.breeze.desktop"
DARK_PLASMA_SCHEME="BreezeDark"
DARK_PLASMA_LOOKANDFEEL="org.kde.breezedark.desktop"

light() {
        plasma-apply-colorscheme "$LIGHT_PLASMA_SCHEME"
        plasma-apply-lookandfeel -a "$LIGHT_PLASMA_LOOKANDFEEL"
        qdbus6 org.kde.KWin /KWin reconfigure
 }

dark() {
        plasma-apply-colorscheme "$DARK_PLASMA_SCHEME"
        plasma-apply-lookandfeel -a "$DARK_PLASMA_LOOKANDFEEL"
}
```

OBSERVED RESULT
KDE switches between Breeze and BreezeDark.

EXPECTED RESULT
KDE does switch themes properly, but Plasmashell and Krunner are likely to
crash.


SOFTWARE/OS VERSIONS
Operating System: Debian GNU/Linux forky/sid
KDE Plasma Version: 6.5.4
KDE Frameworks Version: 6.23.0
Qt Version: 6.9.2
Kernel Version: 6.19.8+deb14-amd64 (64-bit)
Graphics Platform: Wayland
Processors: 12 × 13th Gen Intel® Core™ i7-1355U
Memory: 16 GiB of RAM (15.4 GiB usable)
Graphics Processor: Intel® Iris® Xe Graphics

ADDITIONAL INFORMATION

I believe the crash is a heap corruption caused by concurrent thread-unsafe
access to KIconLoader/KIconTheme. When a theme change triggers a D-Bus signal,
KIconLoaderPrivate::_k_refreshIcons() calls KIconLoader::newIconLoader() on one
thread while another thread (Qt Quick render thread or worker) is
simultaneously constructing KIconTheme objects. Both threads enter
KSharedConfig::openConfig() and perform heap allocations concurrently,
corrupting malloc metadata.

Bug 499953 is related, it has a similar backtrace. It is closed as WORKSFORME
and comment #5 reports a Night Light trigger.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to