https://bugs.kde.org/show_bug.cgi?id=410332
Bug ID: 410332
Summary: plasmashell 5.16.2 segmentation faults in
wl_proxy_marshal_constructor at
wayland-client.c:819-820 in libwayland-client when
logging out of Plasma on Wayland
Product: plasmashell
Version: 5.16.2
Platform: Fedora RPMs
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: generic-wayland
Assignee: plasma-b...@kde.org
Reporter: matthew.fagn...@utoronto.ca
Target Milestone: 1.0
Created attachment 121807
--> https://bugs.kde.org/attachment.cgi?id=121807&action=edit
valgrind log of plasmashell on wayland when logging in and logging out
SUMMARY
I booted into an installation of the Fedora Rawhide/31 KDE Plasma spin image
Fedora-KDE-Live-x86_64-Rawhide-20190724.n.0.iso at
https://koji.fedoraproject.org/koji/buildinfo?buildID=1319740
I logged into Plasma 5.16.2 on Wayland from sddm. I ran sudo dnf install x*amd*
kwin*way* pla*way* to install
kwayland-integration-5.16.2-1.fc31.x86_64
kwin-wayland-5.16.2-1.fc31.x86_64
plasma-workspace-wayland-5.16.2-2.fc31.x86_64
xorg-x11-drv-amdgpu-19.0.1-1.fc31.x86_64
xorg-x11-server-Xwayland-1.20.5-5.fc31.x86_64
I updated using sudo dnf upgrade --refresh. I logged out of Plasma. After I
logged back into Plasma on Wayland, coredumpctl showed that plasmashell and
drkonqi had aborted during the log out process. The drkonqi command line
indicated a plasmashell segmentation fault.
/usr/libexec/drkonqi -platform wayland --appname plasmashell --apppath /usr/bin
--signal 11 --pid 10618 --appversion 5.16.2 --programname Plasma --bugaddress
sub...@bugs.kde.org --startupid 0 --restarted
The drkonqi abort and trace from coredumpctl gdb were the following.
Core was generated by `/usr/libexec/drkonqi -platform wayland --appname
plasmashell --apppath /usr/bin'.
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 return ret;
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007f90200a28d9 in __GI_abort () at abort.c:79
#2 0x00007f90204d4b05 in qt_message_fatal (context=..., message=<synthetic
pointer>...)
at global/qlogging.cpp:1904
#3 QMessageLogger::fatal (this=this@entry=0x7fff7d7f5920,
msg=msg@entry=0x7f9020dc4737 "%s")
at global/qlogging.cpp:888
#4 0x00007f9020a7e765 in init_platform (argv=<optimized out>,
argc=@0x7fff7d7f5bbc: 18,
platformThemeName=..., platformPluginPath=...,
pluginNamesWithArguments=...)
at ../../include/QtCore/../../src/corelib/tools/qarraydata.h:208
#5 QGuiApplicationPrivate::createPlatformIntegration (this=0x561f4bdafaf0)
at kernel/qguiapplication.cpp:1385
#6 0x00007f9020a7eef8 in QGuiApplicationPrivate::createEventDispatcher
(this=<optimized out>)
at kernel/qguiapplication.cpp:1402
#7 0x00007f90206b80a5 in QCoreApplicationPrivate::init
(this=this@entry=0x561f4bdafaf0)
at kernel/qcoreapplication.cpp:858
#8 0x00007f9020a806b3 in QGuiApplicationPrivate::init
(this=this@entry=0x561f4bdafaf0)
at kernel/qguiapplication.cpp:1431
#9 0x00007f902101b12d in QApplicationPrivate::init (this=0x561f4bdafaf0)
at kernel/qapplication.cpp:566
#10 0x0000561f49e28707 in main (argc=<optimized out>, argv=0x7fff7d7f5db8)
at /usr/src/debug/plasma-drkonqi-5.16.2-1.fc31.x86_64/src/main.cpp:65
plasmashell aborted with the following information from coredumpctl gdb.
Core was generated by `/usr/bin/plasmashell'.
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 return ret;
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007f9b283b28d9 in __GI_abort () at abort.c:79
#2 0x00007f9b287e4b05 in qt_message_fatal (context=..., message=<synthetic
pointer>...)
at global/qlogging.cpp:1904
#3 QMessageLogger::fatal (this=this@entry=0x7ffced9a4ef0,
msg=msg@entry=0x7f9b290d4737 "%s")
at global/qlogging.cpp:888
#4 0x00007f9b28d8e765 in init_platform (argv=<optimized out>,
argc=@0x7ffced9a514c: 1,
platformThemeName=..., platformPluginPath=...,
pluginNamesWithArguments=...)
at ../../include/QtCore/../../src/corelib/tools/qarraydata.h:208
#5 QGuiApplicationPrivate::createPlatformIntegration (this=0x55a8cab5fe80)
at kernel/qguiapplication.cpp:1385
#6 0x00007f9b28d8eef8 in QGuiApplicationPrivate::createEventDispatcher
(this=<optimized out>)
at kernel/qguiapplication.cpp:1402
#7 0x00007f9b289c80a5 in QCoreApplicationPrivate::init
(this=this@entry=0x55a8cab5fe80)
at kernel/qcoreapplication.cpp:858
#8 0x00007f9b28d906b3 in QGuiApplicationPrivate::init
(this=this@entry=0x55a8cab5fe80)
at kernel/qguiapplication.cpp:1431
#9 0x00007f9b294c312d in QApplicationPrivate::init (this=0x55a8cab5fe80)
at kernel/qapplication.cpp:566
#10 0x000055a8c8b5ad34 in main (argc=<optimized out>, argv=0x7ffced9a5318)
at /usr/src/debug/plasma-workspace-5.16.2-2.fc31.x86_64/shell/main.cpp:68
plasmashell had restarted and drkonqi started after the Wayland compositor
connection had been broken during the log out process, and so they aborted with
the errors shown in the following from the journal.
Jul 28 14:28:32 plasmashell[11257]: Failed to create wl_display (No such file
or directory)
Jul 28 14:28:32 plasmashell[11257]: qt.qpa.plugin: Could not load the Qt
platform plugin "wayland" in "" even though it was found.
Jul 28 14:28:32 audit[11257]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=10
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=11257
comm="plasmashell" exe="/usr/bin/plasmashell" sig=6 res=1
Jul 28 14:28:32 audit[11259]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=10
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=11259
comm="drkonqi" exe="/usr/libexec/drkonqi" sig=6 res=1
Jul 28 14:28:32 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:init_t:s0
msg='unit=systemd-coredump@12-11262-0 comm="systemd"
exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 28 14:28:32 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:init_t:s0
msg='unit=systemd-coredump@13-11263-0 comm="systemd"
exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 28 14:28:32 plasmashell[11257]: This application failed to start because no
Qt platform plugin could be initialized. Reinstalling the application may fix
this problem.
Available platform plugins are:
wayland-org.kde.kwin.qpa, eglfs, linuxfb, minimal, minimalegl, offscreen, vnc,
wayland-egl, wayland, wayland-xcomposite-egl, wayland-xcomposite-glx, xcb.
Jul 28 14:28:32 drkonqi[11259]: Failed to create wl_display (No such file or
directory)
Jul 28 14:28:32 drkonqi[11259]: qt.qpa.plugin: Could not load the Qt platform
plugin "wayland" in "" even though it was found.
Jul 28 14:28:32 drkonqi[11259]: This application failed to start because no Qt
platform plugin could be initialized. Reinstalling the application may fix this
problem.
Available platform plugins are:
wayland-org.kde.kwin.qpa, eglfs, linuxfb, minimal, minimalegl, offscreen, vnc,
wayland-egl, wayland, wayland-xcomposite-egl, wayland-xcomposite-glx, xcb.
I switched to VT4 in which I ran gdb -p <pid of plasmashell>. I continued the
plasmashell with c in gdb. I switched back to Plasma and logged out. gdb showed
a segmentation fault in wl_proxy_marshal_constructor at wayland-client.c:819 in
libwayland-client-0:1.17.0-1.fc30.x86_64. The full trace of the crashing thread
showed that the wayland proxy pointer was null in wl_proxy_marshal_constructor
and inaccessible memory errors like
s = 0x3f693637c38ae00 <error: Cannot access memory at address
0x3f693637c38ae00>
s = 0xc <error: Cannot access memory at address 0xc>
s = 0x1 <error: Cannot access memory at address 0x1>
s = 0xa <error: Cannot access memory at address 0xa>
(gdb) bt full
#0 wl_proxy_marshal_constructor (proxy=0x0, opcode=opcode@entry=0,
interface=0x7f96f16330e0 <org_kde_kwin_blur_interface>) at
src/wayland-client.c:819
args = {{i = -278739360, u = 4016227936, f = -278739360, s =
0x7f96ef62c660 "\001",
o = 0x7f96ef62c660, n = 4016227936, a = 0x7f96ef62c660, h =
-278739360}, {i = 1880875328,
u = 1880875328, f = 1880875328, s = 0x55f3701be140
"\350xc\361\226\177",
o = 0x55f3701be140, n = 1880875328, a = 0x55f3701be140, h =
1880875328}, {i = 1566035744,
u = 1566035744, f = 1566035744, s = 0x7fff5d57cf20
"p\234b\357\226\177",
o = 0x7fff5d57cf20, n = 1566035744, a = 0x7fff5d57cf20, h =
1566035744}, {i = 1881849208,
u = 1881849208, f = 1881849208, s = 0x55f3702abd78 "", o =
0x55f3702abd78,
n = 1881849208, a = 0x55f3702abd78, h = 1881849208}, {i =
1874443600, u = 1874443600,
f = 1874443600, s = 0x55f36fb9bd50 "\260s,p\363U", o =
0x55f36fb9bd50, n = 1874443600,
a = 0x55f36fb9bd50, h = 1874443600}, {i = -243106372, u =
4051860924, f = -243106372,
s = 0x7f96f1827dbc <update_get_addr+12> "dL\213\004%\b",
o = 0x7f96f1827dbc <update_get_addr+12>, n = 4051860924,
a = 0x7f96f1827dbc <update_get_addr+12>, h = -243106372}, {i =
1566035552,
u = 1566035552, f = 1566035552, s = 0x7fff5d57ce60
"@\341\033p\363U", o = 0x7fff5d57ce60,
n = 1566035552, a = 0x7fff5d57ce60, h = 1566035552}, {i =
-243085460, u = 4051881836,
f = -243085460, s = 0x7f96f182cf6c <__tls_get_addr+60>
"H\211\354]\303f.\017\037\204",
o = 0x7f96f182cf6c <__tls_get_addr+60>, n = 4051881836,
a = 0x7f96f182cf6c <__tls_get_addr+60>, h = -243085460}, {i =
1880875328, u = 1880875328,
f = 1880875328, s = 0x55f3701be140 "\350xc\361\226\177", o =
0x55f3701be140,
n = 1880875328, a = 0x55f3701be140, h = 1880875328}, {i =
2084089344, u = 2084089344,
f = 2084089344,
s = 0x3f693637c38ae00 <error: Cannot access memory at address
0x3f693637c38ae00>,
o = 0x3f693637c38ae00, n = 2084089344, a = 0x3f693637c38ae00, h =
2084089344}, {i = 12,
--Type <RET> for more, q to quit, c to continue without paging--c
u = 12, f = 12, s = 0xc <error: Cannot access memory at address
0xc>, o = 0xc, n = 12, a = 0xc, h = 12}, {i = 1, u = 1, f = 1, s = 0x1 <error:
Cannot access memory at address 0x1>, o = 0x1, n = 1, a = 0x1, h = 1}, {i =
1880875328, u = 1880875328, f = 1880875328, s = 0x55f3701be140
"\350xc\361\226\177", o = 0x55f3701be140, n = 1880875328, a = 0x55f3701be140, h
= 1880875328}, {i = 1873533840, u = 1873533840, f = 1873533840, s =
0x55f36fabdb90 "\257:", o = 0x55f36fabdb90, n = 1873533840, a = 0x55f36fabdb90,
h = 1873533840}, {i = 1566035744, u = 1566035744, f = 1566035744, s =
0x7fff5d57cf20 "p\234b\357\226\177", o = 0x7fff5d57cf20, n = 1566035744, a =
0x7fff5d57cf20, h = 1566035744}, {i = -278728600, u = 4016238696, f =
-278728600, s = 0x7f96ef62f068 <QCoreApplication::self> "\300\372W]\377\177", o
= 0x7f96ef62f068 <QCoreApplication::self>, n = 4016238696, a = 0x7f96ef62f068
<QCoreApplication::self>, h = -278728600}, {i = 1874443600, u = 1874443600, f =
1874443600, s = 0x55f36fb9bd50 "\260s,p\363U", o = 0x55f36fb9bd50, n =
1874443600, a = 0x55f36fb9bd50, h = 1874443600}, {i = -281568552, u =
4013398744, f = -281568552, s = 0x7f96ef379ad8
<QCoreApplication::notifyInternal2(QObject*, QEvent*)+136>
"A\203l$\b\001H\213L$(dH3\f%(", o = 0x7f96ef379ad8
<QCoreApplication::notifyInternal2(QObject*, QEvent*)+136>, n = 4013398744, a =
0x7f96ef379ad8 <QCoreApplication::notifyInternal2(QObject*, QEvent*)+136>, h =
-281568552}, {i = 10, u = 10, f = 10, s = 0xa <error: Cannot access memory at
address 0xa>, o = 0xa, n = 10, a = 0xa, h = 10}, {i = -1, u = 4294967295, f =
-1, s = 0xffffffff <error: Cannot access memory at address 0xffffffff>, o =
0xffffffff, n = 4294967295, a = 0xffffffff, h = -1}}
ap = {{gp_offset = 0, fp_offset = 0, overflow_arg_area = 0x0,
reg_save_area = 0x0}}
#1 0x00007f96f15bf974 in org_kde_kwin_blur_manager_create (surface=<optimized
out>, org_kde_kwin_blur_manager=<optimized out>) at
/usr/src/debug/kf5-kwayland-5.59.0-2.fc31.x86_64/x86_64-redhat-linux-gnu/src/client/wayland-blur-client-protocol.h:111
id = <optimized out>
id = <optimized out>
#2 KWayland::Client::BlurManager::createBlur (this=0x55f3702c73f0,
surface=0x55f3701be140, parent=0x55f3701be140) at
/usr/src/debug/kf5-kwayland-5.59.0-2.fc31.x86_64/src/client/blur.cpp:91
s = 0x55f370d0f950
w = <optimized out>
#3 0x00007f96dcbddb33 in WindowEffects::enableBlurBehind (this=<optimized
out>, region=..., enable=true, window=<optimized out>) at
/usr/src/debug/kwayland-integration-5.16.2-1.fc31.x86_64/src/windowsystem/windoweffects.cpp:224
blur = <optimized out>
surface = 0x55f3701be140
surface = <optimized out>
blur = <optimized out>
#4 WindowEffects::enableBlurBehind (this=<optimized out>, window=<optimized
out>, enable=<optimized out>, region=...) at
/usr/src/debug/kwayland-integration-5.16.2-1.fc31.x86_64/src/windowsystem/windoweffects.cpp:215
surface = <optimized out>
blur = <optimized out>
#5 0x00007f96dcbde41d in WindowEffects::enableBlurBehind (this=0x55f36fb9bd30,
winId=<optimized out>, enable=<optimized out>, region=...) at
/usr/src/debug/kwayland-integration-5.16.2-1.fc31.x86_64/src/windowsystem/windoweffects.cpp:212
window = 0x55f37013f640
#6 0x00007f96f17b78b0 in PlasmaQuick::DialogPrivate::updateTheme
(this=this@entry=0x55f3701e3c40) at
/usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/plasmaquick/dialog.cpp:244
No locals.
#7 0x00007f96f17b8187 in PlasmaQuick::DialogPrivate::syncToMainItemSize
(this=0x55f3701e3c40) at
/usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/plasmaquick/dialog.cpp:604
s = {wd = -675552000, ht = 32662}
min = {wd = 1882450992, ht = 22003}
max = {wd = -670699728, ht = 32662}
#8 0x00007f96f17b9b9e in PlasmaQuick::DialogPrivate::slotMainItemSizeChanged
(this=<optimized out>) at
/usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/plasmaquick/dialog.cpp:840
No locals.
#9 PlasmaQuick::Dialog::qt_static_metacall (_o=<optimized out>, _c=<optimized
out>, _id=<optimized out>, _a=<optimized out>) at
/usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/x86_64-redhat-linux-gnu/src/plasmaquick/KF5PlasmaQuick_autogen/include/moc_dialog.cpp:235
_t = <optimized out>
#10 0x00007f96ef3a3d5b in QMetaObject::activate (sender=0x55f3701d59b0,
signalOffset=<optimized out>, local_signal_index=<optimized out>,
argv=<optimized out>) at kernel/qobject.cpp:3801
methodIndex = <optimized out>
method_relative = <optimized out>
callFunction = 0x7f96f17b9900
<PlasmaQuick::Dialog::qt_static_metacall(QObject*, QMetaObject::Call, int,
void**)>
receiver = 0x55f37013f640
receiverInSameThread = <optimized out>
sw = {receiver = 0x55f37013f640, previousSender = 0x0, currentSender =
{sender = 0x55f3701d59b0, signal = 25, ref = 1}, switched = true}
c = 0x55f3701ca030
last = 0x55f3701ca030
locker = {val = 140286238069552}
connectionLists = {connectionLists = 0x55f3701ca000}
list = <optimized out>
currentThreadId = 0x7f96f07cbd00
signal_index = 25
empty_argv = {0x0}
#11 0x00007f96f0fe1a9c in QQuickItem::geometryChanged (this=0x55f3701d59b0,
newGeometry=..., oldGeometry=...) at items/qquickitem.cpp:3810
d = <optimized out>
change = <optimized out>
#12 0x00007f96f0fdb2a8 in QQuickItem::setHeight (this=0x55f3701d59b0,
h=<optimized out>) at /usr/include/qt5/QtCore/qrect.h:644
d = 0x55f370193310
oldHeight = 720
#13 0x00007f96f0fec64a in QQuickItem::qt_static_metacall (_o=<optimized out>,
_c=<optimized out>, _id=<optimized out>, _a=0x7fff5d57d5a0) at
.moc/moc_qquickitem.cpp:961
_t = <optimized out>
_v = <optimized out>
#14 0x00007f96f0c021ae in QQmlPropertyData::writeProperty (flags=...,
value=0x7fff5d57d578, target=<optimized out>, this=<optimized out>) at
../../include/QtQml/5.12.4/QtQml/private/../../../../../src/qml/qml/qqmlpropertycache_p.h:346
status = -1
argv = {0x7fff5d57d578, 0x0, 0x7fff5d57d56c, 0x7fff5d57d568}
status = <optimized out>
argv = <optimized out>
#15 GenericBinding<6>::doStore<double> (flags=..., pd=<optimized out>,
value=<optimized out>, this=0x55f3701c97d0) at qml/qqmlbinding.cpp:332
o = 0x7fff5d57d578
o = <optimized out>
#16 GenericBinding<6>::write (this=0x55f3701c97d0, result=...,
isUndefined=<optimized out>, flags=...) at qml/qqmlbinding.cpp:305
pd = 0x7f96d0043b18
vpd = {<QQmlPropertyRawData> = {_flags = {_otherBits = 0, isConstant =
0, isWritable = 0, isResettable = 0, isAlias = 0, isFinal = 0, isOverridden =
0, isDirect = 0, type = 0, isVMEFunction = 0, hasArguments = 0, isSignal = 0,
isVMESignal = 0, isV4Function = 0, isSignalHandler = 0, isOverload = 0,
isCloned = 0, isConstructor = 0, notFullyResolved = 0, overrideIndexIsProperty
= 0}, _coreIndex = -1, _propType = 0, _notifyIndex = -1, _overrideIndex = -1,
_revision = 0 '\000', _typeMinorVersion = 0 '\000', _metaObjectOffset = -1,
_arguments = 0x0, _staticMetaCallFunction = 0x0}, <No data fields>}
vtw = <optimized out>
#17 0x00007f96f0c02ef0 in QQmlNonbindingBinding::doUpdate (this=0x55f3701c97d0,
watcher=..., flags=..., scope=...) at
../../include/QtQml/5.12.4/QtQml/private/../../../../../src/qml/jsruntime/qv4scopedvalue_p.h:239
ep = 0x55f36fb57370
isUndefined = false
result = {ptr = 0x7f96d7bbe4c8}
error = false
#18 0x00007f96f0bff644 in QQmlBinding::update (this=0x55f3701c97d0, flags=...)
at qml/qqmlbinding.cpp:185
watcher = {_c = 0x55f3701d59b0, _w = 0x7fff5d57d6e0, _s =
0x55f3701c97d0}
engine = 0x55f36fb9ae60
scope = {engine = 0x55f36fc688f0, mark = 0x7f96d7bbe4c8}
prof = {<QQmlProfilerHelper> = {<QQmlProfilerDefinitions> = {<No data
fields>}, profiler = 0x0}, <No data fields>}
#19 0x00007f96f0bdb86d in QQmlNotifier::emitNotify (endpoint=<optimized out>,
a=a@entry=0x0) at qml/qqmlnotifier.cpp:104
data = @0x7fff5d57d808: {originalSenderPtr = 0, disconnectWatch =
0x7fff5d57d808, endpoint = 0x55f370222c28}
stack = {a = 256, s = 8, ptr = 0x7fff5d57d790, {array =
"\360\263\035p\363U\000\000\220\327W]\377\177\000\000\370#\323o\363U\000\000\360\263\035p\363U\000\000\250\327W]\377\177\000\000P#\323o\363U\000\000\000\000\000\000\000\000\000\000\300\327W]\377\177\000\000\000\"\323o\363U\000\000\360\263\035p\363U\000\000\330\327W]\377\177\000\000\260-\"p\363U\000\000\360\263\035p\363U\000\000\360\327W]\377\177\000\000\b-\"p\363U\000\000\000\000\000\000\000\000\000\000\b\330W]\377\177\000\000(,\"p\363U\000\000\000\000\000\000\000\000\000\000
\330W]\377\177\000\000\200+\"p\363U\000\000\000\000\000\000\000\000\000\000\070\330W]\377\177\000\000\000\245\034p\363U\000\000\377\377\377\377\000\000\000\000"...,
q_for_alignment_1 = 94504046408688, q_for_alignment_2 =
4.6691202723519573e-310}}
i = 5
#20 0x00007f96f0b77d85 in QQmlData::signalEmitted (object=0x55f3701db3f0,
index=30, a=0x0) at qml/qqmlengine.cpp:883
ep = <optimized out>
ddata = 0x55f3701db410
m = <optimized out>
parameterTypes = <optimized out>
types = <optimized out>
args = <optimized out>
ev = <optimized out>
mpo = <optimized out>
ii = <optimized out>
typeName = <optimized out>
#21 0x00007f96ef3a3763 in QMetaObject::activate (sender=0x55f3701db3f0,
signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at
kernel/qobject.h:121
signal_index = 30
empty_argv = {0x55f3702f2f20}
#22 0x00007f96f0b79b20 in QQmlData::destroyed (this=0x55f3702f4c60,
object=0x55f36fd11e00) at qml/qqmlengine.cpp:1982
guard = <optimized out>
binding = <optimized out>
signalHandler = <optimized out>
#23 0x00007f96ef3ab72d in QObject::~QObject (this=<optimized out>,
__in_chrg=<optimized out>) at kernel/qobject.cpp:920
d = <optimized out>
sharedRefcount = 0x55f3702c8420
d = <optimized out>
sharedRefcount = <optimized out>
signalSlotMutex = <optimized out>
locker = <optimized out>
node = <optimized out>
connectionListsCount = <optimized out>
signal = <optimized out>
connectionList = <optimized out>
c = <optimized out>
m = <optimized out>
needToUnlock = <optimized out>
sender = <optimized out>
m = <optimized out>
needToUnlock = <optimized out>
senderLists = <optimized out>
slotObj = <optimized out>
#24 0x00007f96f0fe97e8 in QQuickItem::~QQuickItem (this=0x55f36fd11e00,
__in_chrg=<optimized out>) at items/qquickitem.cpp:2443
d = <optimized out>
listeners = <optimized out>
change = <optimized out>
__for_range = <optimized out>
__for_begin = <optimized out>
__for_end = <optimized out>
anchor = <optimized out>
change = <optimized out>
__for_range = <optimized out>
__for_begin = <optimized out>
__for_end = <optimized out>
anchor = <optimized out>
change = <optimized out>
__for_range = <optimized out>
__for_begin = <optimized out>
__for_end = <optimized out>
ii = <optimized out>
t = <optimized out>
tp = <optimized out>
#25 0x00007f96f17b1f94 in PlasmaQuick::AppletQuickItem::~AppletQuickItem
(this=0x55f36fd11e00, __in_chrg=<optimized out>) at
/usr/include/c++/9/bits/atomic_base.h:326
No locals.
#26 0x00007f96dc16d5f0 in ContainmentInterface::~ContainmentInterface
(this=0x55f36fd11e00, __in_chrg=<optimized out>) at
/usr/include/c++/9/bits/atomic_base.h:326
No locals.
#27 ContainmentInterface::~ContainmentInterface (this=0x55f36fd11e00,
__in_chrg=<optimized out>) at
/usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/scriptengines/qml/plasmoid/containmentinterface.h:51
No locals.
#28 0x00007f96ef3aacfc in QObjectPrivate::deleteChildren
(this=this@entry=0x55f36fd129d0) at kernel/qobject.cpp:2016
i = 0
#29 0x00007f96ef3abc4f in QObject::~QObject (this=<optimized out>,
__in_chrg=<optimized out>) at kernel/qobject.cpp:1032
d = <optimized out>
sharedRefcount = <optimized out>
d = <optimized out>
sharedRefcount = <optimized out>
signalSlotMutex = <optimized out>
locker = <optimized out>
node = <optimized out>
connectionListsCount = <optimized out>
signal = <optimized out>
connectionList = <optimized out>
c = <optimized out>
m = <optimized out>
needToUnlock = <optimized out>
sender = <optimized out>
m = <optimized out>
needToUnlock = <optimized out>
senderLists = <optimized out>
slotObj = <optimized out>
#30 0x00007f96dc155948 in DeclarativeAppletScript::~DeclarativeAppletScript
(this=0x55f36fd0b7d0, __in_chrg=<optimized out>) at
/usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/scriptengines/qml/plasmoid/declarativeappletscript.cpp:69
No locals.
#31 DeclarativeAppletScript::~DeclarativeAppletScript (this=0x55f36fd0b7d0,
__in_chrg=<optimized out>) at
/usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/scriptengines/qml/plasmoid/declarativeappletscript.cpp:71
No locals.
#32 0x00007f96f130ff9f in Plasma::AppletPrivate::~AppletPrivate
(this=0x55f36fba4da0, __in_chrg=<optimized out>) at
/usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/plasma/private/applet_p.cpp:107
No locals.
#33 0x00007f96f13101ad in Plasma::AppletPrivate::~AppletPrivate
(this=0x55f36fba4da0, __in_chrg=<optimized out>) at
/usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/plasma/private/applet_p.cpp:96
No locals.
#34 0x00007f96f12f961d in Plasma::Applet::~Applet (this=0x55f36fd137f0,
__in_chrg=<optimized out>) at
/usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/plasma/applet.cpp:144
No locals.
#35 0x00007f96f12fec4d in Plasma::Containment::~Containment
(this=0x55f36fd137f0, __in_chrg=<optimized out>) at
/usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/plasma/containment.cpp:84
No locals.
#36 0x000055f36f383209 in ShellCorona::~ShellCorona (this=0x55f36fb5f110,
__in_chrg=<optimized out>) at /usr/include/qt5/QtCore/qlist.h:235
No locals.
#37 0x000055f36f3834ed in ShellCorona::~ShellCorona (this=0x55f36fb5f110,
__in_chrg=<optimized out>) at
/usr/src/debug/plasma-workspace-5.16.2-2.fc31.x86_64/shell/shellcorona.cpp:233
No locals.
#38 0x00007f96ef3aacfc in QObjectPrivate::deleteChildren
(this=this@entry=0x55f36fae6dc0) at kernel/qobject.cpp:2016
i = 0
#39 0x00007f96ef3abc4f in QObject::~QObject (this=<optimized out>,
__in_chrg=<optimized out>) at kernel/qobject.cpp:1032
d = <optimized out>
sharedRefcount = <optimized out>
d = <optimized out>
sharedRefcount = <optimized out>
signalSlotMutex = <optimized out>
locker = <optimized out>
node = <optimized out>
connectionListsCount = <optimized out>
signal = <optimized out>
connectionList = <optimized out>
c = <optimized out>
m = <optimized out>
needToUnlock = <optimized out>
sender = <optimized out>
m = <optimized out>
needToUnlock = <optimized out>
senderLists = <optimized out>
slotObj = <optimized out>
#40 0x000055f36f38f0a7 in ShellManager::~ShellManager (this=0x55f36fb0be00,
__in_chrg=<optimized out>) at
/usr/src/debug/plasma-workspace-5.16.2-2.fc31.x86_64/shell/shellmanager.cpp:57
No locals.
#41 ShellManager::~ShellManager (this=0x55f36fb0be00, __in_chrg=<optimized
out>) at
/usr/src/debug/plasma-workspace-5.16.2-2.fc31.x86_64/shell/shellmanager.cpp:86
No locals.
#42 0x00007f96ef3a4a04 in QObject::event (this=0x55f36fb0be00, e=<optimized
out>) at kernel/qobject.cpp:1251
No locals.
#43 0x00007f96efe74af6 in QApplicationPrivate::notify_helper
(this=this@entry=0x55f36fab7e80, receiver=receiver@entry=0x55f36fb0be00,
e=e@entry=0x55f372c0e740) at kernel/qapplication.cpp:3737
consumed = false
filtered = false
#44 0x00007f96efe7de80 in QApplication::notify (this=0x7fff5d57fac0,
receiver=0x55f36fb0be00, e=0x55f372c0e740) at kernel/qapplication.cpp:3483
w = <optimized out>
extra = <optimized out>
isProxyWidget = <optimized out>
d = <optimized out>
res = false
me = <optimized out>
#45 0x00007f96ef379ad8 in QCoreApplication::notifyInternal2
(receiver=0x55f36fb0be00, event=0x55f372c0e740) at
kernel/qcoreapplication.cpp:1084
selfRequired = true
result = false
cbdata = {0x55f36fb0be00, 0x55f372c0e740, 0x7fff5d57f8bf}
d = <optimized out>
threadData = 0x55f36fabdb90
scopeLevelCounter = {threadData = 0x55f36fabdb90}
#46 0x00007f96ef37ca7b in QCoreApplicationPrivate::sendPostedEvents
(receiver=0x0, event_type=52, data=0x55f36fabdb90) at
kernel/qcoreapplication.cpp:1821
e = 0x55f372c0e740
pe = <optimized out>
r = <optimized out>
unlocker = {m = <synthetic pointer><error reading variable>}
event_deleter = {d = 0x55f372c0e740}
locker = {val = 94504038947776}
startOffset = 3
i = @0x7fff5d57f93c: 3
cleanup = {receiver = 0x0, event_type = 52, data = 0x55f36fabdb90,
exceptionCaught = true}
#47 0x00007f96ef38071f in QCoreApplication::exec () at
kernel/qcoreapplication.h:86
threadData = 0x55f36fabdb90
eventLoop = {<QObject> = {_vptr.QObject = 0x7f96ef629a28 <vtable for
QEventLoop+16>, static staticMetaObject = {d = {superdata = 0x0, stringdata =
0x7f96ef519300 <qt_meta_stringdata_QObject>, data = 0x7f96ef5191e0
<qt_meta_data_QObject>, static_metacall = 0x7f96ef3abfc0
<QObject::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>,
relatedMetaObjects = 0x0, extradata = 0x0}}, d_ptr = {d = 0x55f36fb3f8e0},
static staticQtMetaObject = {d = {superdata = 0x0, stringdata = 0x7f96ef51c220
<qt_meta_stringdata_Qt>, data = 0x7f96ef519420 <qt_meta_data_Qt>,
static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}}, static
staticMetaObject = {d = {superdata = 0x7f96ef621fe0
<QObject::staticMetaObject>, stringdata = 0x7f96ef5136a0
<qt_meta_stringdata_QEventLoop>, data = 0x7f96ef513640
<qt_meta_data_QEventLoop>, static_metacall = 0x7f96ef3786f0
<QEventLoop::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>,
relatedMetaObjects = 0x0, extradata = 0x0}}}
returnCode = 0
#48 0x000055f36f3557e4 in main (argc=<optimized out>, argv=<optimized out>) at
/usr/src/debug/plasma-workspace-5.16.2-2.fc31.x86_64/shell/main.cpp:215
qpaVariable = <optimized out>
app = {<QGuiApplication> = {<QCoreApplication> = {<QObject> =
{_vptr.QObject = 0x7f96f0374f78 <vtable for QApplication+16>, static
staticMetaObject = {d = {superdata = 0x0, stringdata = 0x7f96ef519300
<qt_meta_stringdata_QObject>, data = 0x7f96ef5191e0 <qt_meta_data_QObject>,
static_metacall = 0x7f96ef3abfc0 <QObject::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}},
d_ptr = {d = 0x55f36fab7e80}, static staticQtMetaObject = {d = {superdata =
0x0, stringdata = 0x7f96ef51c220 <qt_meta_stringdata_Qt>, data = 0x7f96ef519420
<qt_meta_data_Qt>, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata =
0x0}}}, static staticMetaObject = {d = {superdata = 0x7f96ef621fe0
<QObject::staticMetaObject>, stringdata = 0x7f96ef513d40
<qt_meta_stringdata_QCoreApplication>, data = 0x7f96ef513c20
<qt_meta_data_QCoreApplication>, static_metacall = 0x7f96ef37b570
<QCoreApplication::qt_static_metacall(QObject*, QMetaObject::Call, int,
void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}, static self =
0x7fff5d57fac0}, static staticMetaObject = {d = {superdata = 0x7f96ef629bc0
<QCoreApplication::staticMetaObject>, stringdata = 0x7f96efa7cde0
<qt_meta_stringdata_QGuiApplication>, data = 0x7f96efa7cb60
<qt_meta_data_QGuiApplication>, static_metacall = 0x7f96ef743de0
<QGuiApplication::qt_static_metacall(QObject*, QMetaObject::Call, int,
void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}}, static staticMetaObject
= {d = {superdata = 0x7f96efb55de0 <QGuiApplication::staticMetaObject>,
stringdata = 0x7f96f021ba40 <qt_meta_stringdata_QApplication>, data =
0x7f96f021b8c0 <qt_meta_data_QApplication>, static_metacall = 0x7f96efe7b2b0
<QApplication::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>,
relatedMetaObjects = 0x0, extradata = 0x0}}}
aboutData = {static staticMetaObject = {d = {superdata = 0x0,
stringdata = 0x7f96f059c160, data = 0x7f96f059c060, static_metacall =
0x7f96f053cbe0 <KAboutData::qt_static_metacall(QObject*, QMetaObject::Call,
int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}, d = 0x55f36faf7890}
service = <incomplete type>
The wl_proxy_marshal_constructor function dereferenced proxy with
proxy->object.interface->methods[opcode].signature without checking if it was
null at line 820.
(gdb) list
814 const struct wl_interface *interface, ...)
815 {
816 union wl_argument args[WL_CLOSURE_MAX_ARGS];
817 va_list ap;
818
819 va_start(ap, interface);
820
wl_argument_from_va_list(proxy->object.interface->methods[opcode].signature,
821 args, WL_CLOSURE_MAX_ARGS, ap);
822 va_end(ap);
(gdb) p proxy
$3 = (struct wl_proxy *) 0x0
(gdb) p proxy->object.interface->methods[opcode].signature
Cannot access memory at address 0x0
I changed /etc/xdg/autostart/org.kde.plasmashell.desktop at line 2 with kate to
run plasmashell under valgrind like
Exec=valgrind --log-file=valgrind-plasmashell-logout-crash-2.txt
--track-origins=yes plasmashell
I logged out and back into Plasma on Wayland. I changed
/etc/xdg/autostart/org.kde.plasmashell.desktop at line 2 back to
Exec=plasmashell
I checked the valgrind log file and then logged out. The valgrind log file
showed invalid read and write in wl_proxy_unref at wayland-client.c:229-230
which appeared to be use-after-free errors due to the lines like "Address
0xac3e20c is 44 bytes inside a block of size 72 free'd"
==10618== Invalid read of size 4
==10618== at 0x7370BB4: wl_proxy_unref (wayland-client.c:229)
==10618== by 0x7370CB3: destroy_queued_closure (wayland-client.c:291)
==10618== by 0x7370EC7: dispatch_event.isra.0 (wayland-client.c:1436)
==10618== by 0x737246B: dispatch_queue (wayland-client.c:1576)
==10618== by 0x737246B: wl_display_dispatch_queue_pending
(wayland-client.c:1818)
==10618== by 0x73728AA: wl_display_roundtrip_queue (wayland-client.c:1241)
==10618== by 0x4A7BB73: KWayland::Client::ConnectionThread::roundtrip()
(connection_thread.cpp:290)
==10618== by 0x1809AEE9: KWaylandIntegration::init()
(kwaylandintegration.cpp:67)
==10618== by 0x18080FA0: KdePlatformTheme::KdePlatformTheme()
(kdeplatformtheme.cpp:84)
==10618== by 0x1809D65A: KdePlatformThemePlugin::create(QString const&,
QStringList const&) (main.cpp:37)
==10618== by 0x659E418: QPlatformTheme* qLoadPlugin<QPlatformTheme,
QPlatformThemePlugin, QStringList&>(QFactoryLoader const*, QString const&,
QStringList&) (qfactoryloader_p.h:108)
==10618== by 0x659DDB5: QPlatformThemeFactory::create(QString const&,
QString const&) (qplatformthemefactory.cpp:73)
==10618== by 0x65A6847: init_platform (qguiapplication.cpp:1247)
==10618== by 0x65A6847: QGuiApplicationPrivate::createPlatformIntegration()
(qguiapplication.cpp:1385)
==10618== Address 0xac3e20c is 44 bytes inside a block of size 72 free'd
==10618== at 0x4839A0C: free (vg_replace_malloc.c:540)
==10618== by 0x4A92C14: destroy (wayland_pointer_p.h:63)
==10618== by 0x4A92C14:
KWayland::Client::Registry::Private::globalSync(void*, wl_callback*, unsigned
int) (registry.cpp:539)
==10618== by 0x857BAA7: ffi_call_unix64 (unix64.S:76)
==10618== by 0x857B2A3: ffi_call (ffi64.c:525)
==10618== by 0x7374606: wl_closure_invoke (connection.c:1014)
==10618== by 0x7370F17: dispatch_event.isra.0 (wayland-client.c:1430)
==10618== by 0x737246B: dispatch_queue (wayland-client.c:1576)
==10618== by 0x737246B: wl_display_dispatch_queue_pending
(wayland-client.c:1818)
==10618== by 0x73728AA: wl_display_roundtrip_queue (wayland-client.c:1241)
==10618== by 0x4A7BB73: KWayland::Client::ConnectionThread::roundtrip()
(connection_thread.cpp:290)
==10618== by 0x1809AEE9: KWaylandIntegration::init()
(kwaylandintegration.cpp:67)
==10618== by 0x18080FA0: KdePlatformTheme::KdePlatformTheme()
(kdeplatformtheme.cpp:84)
==10618== by 0x1809D65A: KdePlatformThemePlugin::create(QString const&,
QStringList const&) (main.cpp:37)
==10618== Block was alloc'd at
==10618== at 0x483AB1A: calloc (vg_replace_malloc.c:762)
==10618== by 0x7370D42: UnknownInlinedFun (wayland-private.h:236)
==10618== by 0x7370D42: proxy_create.isra.0 (wayland-client.c:421)
==10618== by 0x737142B: create_outgoing_proxy (wayland-client.c:650)
==10618== by 0x737142B: wl_proxy_marshal_array_constructor_versioned
(wayland-client.c:735)
==10618== by 0x7371782: wl_proxy_marshal_constructor (wayland-client.c:824)
==10618== by 0x4A930BD: wl_display_sync (wayland-client-protocol.h:958)
==10618== by 0x4A930BD: KWayland::Client::Registry::create(wl_display*)
(registry.cpp:470)
==10618== by 0x4A9313A:
KWayland::Client::Registry::create(KWayland::Client::ConnectionThread*)
(registry.cpp:479)
==10618== by 0x1809AE6D: KWaylandIntegration::init()
(kwaylandintegration.cpp:55)
==10618== by 0x18080FA0: KdePlatformTheme::KdePlatformTheme()
(kdeplatformtheme.cpp:84)
==10618== by 0x1809D65A: KdePlatformThemePlugin::create(QString const&,
QStringList const&) (main.cpp:37)
==10618== by 0x659E418: QPlatformTheme* qLoadPlugin<QPlatformTheme,
QPlatformThemePlugin, QStringList&>(QFactoryLoader const*, QString const&,
QStringList&) (qfactoryloader_p.h:108)
==10618== by 0x659DDB5: QPlatformThemeFactory::create(QString const&,
QString const&) (qplatformthemefactory.cpp:73)
==10618== by 0x65A6847: init_platform (qguiapplication.cpp:1247)
==10618== by 0x65A6847: QGuiApplicationPrivate::createPlatformIntegration()
(qguiapplication.cpp:1385)
==10618==
==10618== Invalid write of size 4
==10618== at 0x7370BBE: wl_proxy_unref (wayland-client.c:230)
==10618== by 0x7370CB3: destroy_queued_closure (wayland-client.c:291)
==10618== by 0x7370EC7: dispatch_event.isra.0 (wayland-client.c:1436)
==10618== by 0x737246B: dispatch_queue (wayland-client.c:1576)
==10618== by 0x737246B: wl_display_dispatch_queue_pending
(wayland-client.c:1818)
==10618== by 0x73728AA: wl_display_roundtrip_queue (wayland-client.c:1241)
==10618== by 0x4A7BB73: KWayland::Client::ConnectionThread::roundtrip()
(connection_thread.cpp:290)
==10618== by 0x1809AEE9: KWaylandIntegration::init()
(kwaylandintegration.cpp:67)
==10618== by 0x18080FA0: KdePlatformTheme::KdePlatformTheme()
(kdeplatformtheme.cpp:84)
==10618== by 0x1809D65A: KdePlatformThemePlugin::create(QString const&,
QStringList const&) (main.cpp:37)
==10618== by 0x659E418: QPlatformTheme* qLoadPlugin<QPlatformTheme,
QPlatformThemePlugin, QStringList&>(QFactoryLoader const*, QString const&,
QStringList&) (qfactoryloader_p.h:108)
==10618== by 0x659DDB5: QPlatformThemeFactory::create(QString const&,
QString const&) (qplatformthemefactory.cpp:73)
==10618== by 0x65A6847: init_platform (qguiapplication.cpp:1247)
==10618== by 0x65A6847: QGuiApplicationPrivate::createPlatformIntegration()
(qguiapplication.cpp:1385)
==10618== Address 0xac3e20c is 44 bytes inside a block of size 72 free'd
==10618== at 0x4839A0C: free (vg_replace_malloc.c:540)
==10618== by 0x4A92C14: destroy (wayland_pointer_p.h:63)
==10618== by 0x4A92C14:
KWayland::Client::Registry::Private::globalSync(void*, wl_callback*, unsigned
int) (registry.cpp:539)
==10618== by 0x857BAA7: ffi_call_unix64 (unix64.S:76)
==10618== by 0x857B2A3: ffi_call (ffi64.c:525)
==10618== by 0x7374606: wl_closure_invoke (connection.c:1014)
==10618== by 0x7370F17: dispatch_event.isra.0 (wayland-client.c:1430)
==10618== by 0x737246B: dispatch_queue (wayland-client.c:1576)
==10618== by 0x737246B: wl_display_dispatch_queue_pending
(wayland-client.c:1818)
==10618== by 0x73728AA: wl_display_roundtrip_queue (wayland-client.c:1241)
==10618== by 0x4A7BB73: KWayland::Client::ConnectionThread::roundtrip()
(connection_thread.cpp:290)
==10618== by 0x1809AEE9: KWaylandIntegration::init()
(kwaylandintegration.cpp:67)
==10618== by 0x18080FA0: KdePlatformTheme::KdePlatformTheme()
(kdeplatformtheme.cpp:84)
==10618== by 0x1809D65A: KdePlatformThemePlugin::create(QString const&,
QStringList const&) (main.cpp:37)
==10618== Block was alloc'd at
==10618== at 0x483AB1A: calloc (vg_replace_malloc.c:762)
==10618== by 0x7370D42: UnknownInlinedFun (wayland-private.h:236)
==10618== by 0x7370D42: proxy_create.isra.0 (wayland-client.c:421)
==10618== by 0x737142B: create_outgoing_proxy (wayland-client.c:650)
==10618== by 0x737142B: wl_proxy_marshal_array_constructor_versioned
(wayland-client.c:735)
==10618== by 0x7371782: wl_proxy_marshal_constructor (wayland-client.c:824)
==10618== by 0x4A930BD: wl_display_sync (wayland-client-protocol.h:958)
==10618== by 0x4A930BD: KWayland::Client::Registry::create(wl_display*)
(registry.cpp:470)
==10618== by 0x4A9313A:
KWayland::Client::Registry::create(KWayland::Client::ConnectionThread*)
(registry.cpp:479)
==10618== by 0x1809AE6D: KWaylandIntegration::init()
(kwaylandintegration.cpp:55)
==10618== by 0x18080FA0: KdePlatformTheme::KdePlatformTheme()
(kdeplatformtheme.cpp:84)
==10618== by 0x1809D65A: KdePlatformThemePlugin::create(QString const&,
QStringList const&) (main.cpp:37)
==10618== by 0x659E418: QPlatformTheme* qLoadPlugin<QPlatformTheme,
QPlatformThemePlugin, QStringList&>(QFactoryLoader const*, QString const&,
QStringList&) (qfactoryloader_p.h:108)
==10618== by 0x659DDB5: QPlatformThemeFactory::create(QString const&,
QString const&) (qplatformthemefactory.cpp:73)
==10618== by 0x65A6847: init_platform (qguiapplication.cpp:1247)
==10618== by 0x65A6847: QGuiApplicationPrivate::createPlatformIntegration()
(qguiapplication.cpp:1385)
==10618==
Ten conditional jumps or moves based on uninitialized variables created by were
shown starting with
==10618== Thread 3 QQmlThread:
==10618== Conditional jump or move depends on uninitialised value(s)
==10618== at 0x1A2A20DC: ???
==10618== by 0x1A1DCD57: ???
==10618== Uninitialised value was created by a heap allocation
==10618== at 0x483AD19: realloc (vg_replace_malloc.c:836)
==10618== by 0x6A963FF: reallocateData (qarraydata.cpp:83)
==10618== by 0x6A963FF: QArrayData::reallocateUnaligned(QArrayData*,
unsigned long, unsigned long, QFlags<QArrayData::AllocationOption>)
(qarraydata.cpp:146)
==10618== by 0x6B05EA9: UnknownInlinedFun (qarraydata.h:232)
==10618== by 0x6B05EA9: QString::reallocData(unsigned int, bool)
(qstring.cpp:2388)
==10618== by 0x6B05F1B: QString::resize(int) (qstring.cpp:2296)
==10618== by 0x6B0ED48: append (qstring.cpp:10971)
==10618== by 0x6B0ED48: QString::append(QStringRef const&)
(qstring.cpp:10965)
==10618== by 0x6BA42DE: operator+= (qstring.h:484)
==10618== by 0x6BA42DE: appendToUser (qurl.cpp:846)
==10618== by 0x6BA42DE: appendPath (qurl.cpp:949)
==10618== by 0x6BA42DE:
QUrl::toString(QUrlTwoFlags<QUrl::UrlFormattingOption,
QUrl::ComponentFormattingOption>) const (qurl.cpp:3362)
==10618== by 0x48A5B07: PlasmaQuick::PackageUrlInterceptor::intercept(QUrl
const&, QQmlAbstractUrlInterceptor::DataType) (packageurlinterceptor.cpp:102)
==10618== by 0x55262F1: QQmlDataBlob::QQmlDataBlob(QUrl const&,
QQmlDataBlob::Type, QQmlTypeLoader*) (qqmltypeloader.cpp:263)
==10618== by 0x5526574: QQmlTypeLoader::Blob::Blob(QUrl const&,
QQmlDataBlob::Type, QQmlTypeLoader*) (qqmltypeloader.cpp:1342)
==10618== by 0x5527E01: QQmlScriptBlob::QQmlScriptBlob(QUrl const&,
QQmlTypeLoader*) (qqmltypeloader.cpp:2998)
==10618== by 0x552D80A: QQmlTypeLoader::getScript(QUrl const&)
(qqmltypeloader.cpp:1748)
==10618== by 0x552E21A: QQmlTypeData::resolveTypes()
(qqmltypeloader.cpp:2676)
==1
An invalid read at 0x0 in wl_proxy_marshal_constructor at wayland-client.c:820
was shown with a trace like that shown by gdb for the segmentation fault. This
invalid read might be a null pointer dereference of proxy.
==10618== Invalid read of size 8
==10618== at 0x737171A: wl_proxy_marshal_constructor (wayland-client.c:820)
==10618== by 0x4A7A973: org_kde_kwin_blur_manager_create
(wayland-blur-client-protocol.h:111)
==10618== by 0x4A7A973:
KWayland::Client::BlurManager::createBlur(KWayland::Client::Surface*, QObject*)
(blur.cpp:91)
==10618== by 0x19E76B32: enableBlurBehind (windoweffects.cpp:224)
==10618== by 0x19E76B32: WindowEffects::enableBlurBehind(QWindow*, bool,
QRegion const&) (windoweffects.cpp:215)
==10618== by 0x19E7741C: WindowEffects::enableBlurBehind(unsigned long long,
bool, QRegion const&) (windoweffects.cpp:212)
==10618== by 0x488D8AF: PlasmaQuick::DialogPrivate::updateTheme()
(dialog.cpp:244)
==10618== by 0x488E186: PlasmaQuick::DialogPrivate::syncToMainItemSize()
(dialog.cpp:604)
==10618== by 0x488FB9D: slotMainItemSizeChanged (dialog.cpp:840)
==10618== by 0x488FB9D: PlasmaQuick::Dialog::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**) (moc_dialog.cpp:235)
==10618== by 0x6C5CD5A: QMetaObject::activate(QObject*, int, int, void**)
(qobject.cpp:3801)
==10618== by 0x4FA0A9B: QQuickItem::geometryChanged(QRectF const&, QRectF
const&) (qquickitem.cpp:3810)
==10618== by 0x4F9A2A7: QQuickItem::setHeight(double) (qquickitem.cpp:6826)
==10618== by 0x4FAB649: QQuickItem::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**) (moc_qquickitem.cpp:961)
==10618== by 0x55771AD: writeProperty (qqmlpropertycache_p.h:346)
==10618== by 0x55771AD: doStore<double> (qqmlbinding.cpp:332)
==10618== by 0x55771AD: GenericBinding<6>::write(QV4::Value const&, bool,
QFlags<QQmlPropertyData::WriteFlag>) (qqmlbinding.cpp:305)
==10618== Address 0x0 is not stack'd, malloc'd or (recently) free'd
coredumpctl showed that plasmashell and drkonqi aborts due to the plasmashell
segmentation fault have happened nine times in the last day which are most of
the times I've logged out of Plasma on Wayland.
STEPS TO REPRODUCE
1. boot into an installation of the Fedora Rawhide/31 KDE Plasma spin image
Fedora-KDE-Live-x86_64-Rawhide-20190724.n.0.iso at
https://koji.fedoraproject.org/koji/buildinfo?buildID=1319740
2. logg into Plasma 5.16.2 on Wayland from sddm
3. sudo dnf install x*amd* kwin*way* pla*way* (in konsole)
4. sudo dnf upgrade --refresh
5. log out of Plasma.
6. log back into Plasma on Wayland
7. coredumpctl
OBSERVED RESULT
plasmashell 5.16.2 segmentation faults in wl_proxy_marshal_constructor at
wayland-client.c:819 in libwayland-client when logging out of Plasma on Wayland
with plasmashell restarting and aborting and drkonqi aborte
EXPECTED RESULT
No plasmashell crashes
SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora Rawhide/31
(available in About System)
KDE Plasma Version: 5.16.2
KDE Frameworks Version: 5.59.0
Qt Version: 5.12.4
ADDITIONAL INFORMATION
The plasmashell segmentation faults reported at
https://bugs.kde.org/show_bug.cgi?id=408847 were also in
wl_proxy_marshal_constructor at wayland-client.c:819-820 and proxy was null.
Those crashes occurred when logging in or within a few minutes after, or
clicking many times on the apps launcher. The other parts of the trace are
different as they involve functions like org_kde_kwin_blur_manager_create and
KWayland::Client::BlurManager::createBlur from
kf5-kwayland-5.59.0-2.fc31.x86_64. The underlying problem might involve
org_kde_kwin_blur_manager_create in kwayland calling
wl_proxy_marshal_constructor with proxy being null. If
wl_proxy_marshal_constructor were to check if proxy was null before it was
dereferenced in line 820, the crash might also be avoided.
--
You are receiving this mail because:
You are watching all bug changes.
