https://bugs.kde.org/show_bug.cgi?id=414200
--- Comment #3 from Matt Fagnani <matthew.fagn...@utoronto.ca> --- Created attachment 124237 --> https://bugs.kde.org/attachment.cgi?id=124237&action=edit valgrind log from kinfocenter run when clicking Energy Information then closing I ran valgrind --log-file=valgrind-kinfocenter-energy-close-2.txt --track-origins=yes kinfocenter & I reproduced the crash in the same way as in my previous comment. The valgrind log showed an invalid read in wl_proxy_unref at wayland-client.c:229 and an invalid write in wl_proxy_unref at wayland-client.c:230 in libwayland-client. They appeared to be use-after-free errors like those I've previously reported for kwin_wayland, plasmashell, konsole, powerdevil, etc. ( https://bugs.kde.org/show_bug.cgi?id=409688 ) Several Conditional jump or move depends on uninitialised value(s) messages were shown. An invalid read in Solid::DevicePrivate::~DevicePrivate() at device.cpp:222 occurred within freed memory. An invalid read at the address 0x8 in data at qpointer.h:86 was like the trace of the crashing thread. The use-after-free error in Solid::DevicePrivate::~DevicePrivate() might have led to the invalid pointer being used with the segmentation fault as a result. ==3962== Invalid read of size 8 ==3962== at 0x1801AE84: Solid::DevicePrivate::~DevicePrivate() (device.cpp:222) ==3962== by 0x1801AFFC: Solid::DevicePrivate::~DevicePrivate() (device.cpp:225) ==3962== by 0x1801C606: Solid::DeviceManagerPrivate::~DeviceManagerPrivate() (devicemanager.cpp:58) ==3962== by 0x1801E27C: Solid::DeviceManagerPrivate::~DeviceManagerPrivate() (devicemanager.cpp:63) ==3962== by 0x5AFC390: QThreadStorageData::finish(void**) (qthreadstorage.cpp:200) ==3962== by 0x5CA1500: QCoreApplicationPrivate::cleanupThreadData() (qcoreapplication.cpp:520) ==3962== by 0x560E7B4: QGuiApplicationPrivate::~QGuiApplicationPrivate() (qguiapplication.cpp:1611) ==3962== by 0x4FCC3BC: QApplicationPrivate::~QApplicationPrivate() (qapplication.cpp:181) ==3962== by 0x5CD0D46: cleanup (qscopedpointer.h:60) ==3962== by 0x5CD0D46: ~QScopedPointer (qscopedpointer.h:107) ==3962== by 0x5CD0D46: QObject::~QObject() (qobject.cpp:891) ==3962== by 0x5CA113D: QCoreApplication::~QCoreApplication() (qcoreapplication.cpp:892) ==3962== by 0x560EE20: QGuiApplication::~QGuiApplication() (qguiapplication.cpp:649) ==3962== by 0x4FCE50D: QApplication::~QApplication() (qapplication.cpp:773) ==3962== Address 0x1a7bd5d0 is 16 bytes inside a block of size 24 free'd ==3962== at 0x483AEFC: operator delete(void*) (vg_replace_malloc.c:586) ==3962== by 0x6903688: QV4::MemoryManager::sweep(bool, void (*)(char const*)) (qv4mm.cpp:926) ==3962== by 0x6903708: QV4::MemoryManager::~MemoryManager() (qv4mm.cpp:1173) ==3962== by 0x6A89059: QV4::ExecutionEngine::~ExecutionEngine() (qv4engine.cpp:659) ==3962== by 0x6987517: QJSEngine::~QJSEngine() (qjsengine.cpp:379) ==3962== by 0x6AC7F39: QQmlEngine::~QQmlEngine() (qqmlengine.cpp:1072) ==3962== by 0x635A94A: _M_release (shared_ptr_base.h:155) ==3962== by 0x635A94A: _M_release (shared_ptr_base.h:148) ==3962== by 0x635A94A: ~__shared_count (shared_ptr_base.h:730) ==3962== by 0x635A94A: ~__shared_ptr (shared_ptr_base.h:1169) ==3962== by 0x635A94A: ~shared_ptr (shared_ptr.h:103) ==3962== by 0x635A94A: ~QmlObjectSharedEnginePrivate (qmlobjectsharedengine.cpp:41) ==3962== by 0x635A94A: operator() (unique_ptr.h:81) ==3962== by 0x635A94A: ~unique_ptr (unique_ptr.h:284) ==3962== by 0x635A94A: KDeclarative::QmlObjectSharedEngine::~QmlObjectSharedEngine() (qmlobjectsharedengine.cpp:74) ==3962== by 0x635AA7C: KDeclarative::QmlObjectSharedEngine::~QmlObjectSharedEngine() (qmlobjectsharedengine.cpp:76) ==3962== by 0x5CCFDAB: QObjectPrivate::deleteChildren() (qobject.cpp:2016) ==3962== by 0x500BD58: QWidget::~QWidget() (qwidget.cpp:1696) ==3962== by 0x4A93BE5: KCModule::~KCModule() (in /usr/lib64/libKF5ConfigWidgets.so.5.64.0) ==3962== by 0x488C92C: KCModuleQml::~KCModuleQml() (kcmoduleqml.cpp:208) ==3962== Block was alloc'd at ==3962== at 0x4839E86: operator new(unsigned long) (vg_replace_malloc.c:344) ==3962== by 0x1801B4DB: Solid::Device::asDeviceInterface(Solid::DeviceInterface::Type const&) const (device.cpp:189) ==3962== by 0x2877DACE: as<Solid::Battery> (device.h:232) ==3962== by 0x2877DACE: BatteryModel::data(QModelIndex const&, int) const (batterymodel.cpp:75) ==3962== by 0x68F874A: data (qabstractitemmodel.h:458) ==3962== by 0x68F874A: value (qqmladaptormodel.cpp:414) ==3962== by 0x68F874A: QQmlDMCachedModelData::metaCall(QMetaObject::Call, int, void**) (qqmladaptormodel.cpp:282) ==3962== by 0x6A0A043: readProperty (qqmlpropertycache_p.h:328) ==3962== by 0x6A0A043: loadProperty(QV4::ExecutionEngine*, QObject*, QQmlPropertyData const&) (qv4qobjectwrapper.cpp:178) ==3962== by 0x6A0BB3B: QV4::QObjectWrapper::virtualResolveLookupGetter(QV4::Object const*, QV4::ExecutionEngine*, QV4::Lookup*) (qv4qobjectwrapper.cpp:877) ==3962== by 0x6A2A714: QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) (qv4vme_moth.cpp:621) ==3962== by 0x6A2F556: QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) (qv4vme_moth.cpp:447) ==3962== by 0x69BC8FE: QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext const*) (qv4function.cpp:68) ==3962== by 0x6B45C06: QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) (qqmljavascriptexpression.cpp:211) ==3962== by 0x6B4B9B2: QQmlBinding::evaluate(bool*) (qqmlbinding.cpp:209) ==3962== by 0x6B504E9: QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) (qqmlbinding.cpp:245) ==3962== ==3962== Invalid read of size 8 ==3962== at 0x180256B4: data (qpointer.h:86) ==3962== by 0x180256B4: Solid::DeviceInterfacePrivate::backendObject() const (deviceinterface.cpp:110) ==3962== by 0x1801AE8C: Solid::DevicePrivate::~DevicePrivate() (device.cpp:222) ==3962== by 0x1801AFFC: Solid::DevicePrivate::~DevicePrivate() (device.cpp:225) ==3962== by 0x1801C606: Solid::DeviceManagerPrivate::~DeviceManagerPrivate() (devicemanager.cpp:58) ==3962== by 0x1801E27C: Solid::DeviceManagerPrivate::~DeviceManagerPrivate() (devicemanager.cpp:63) ==3962== by 0x5AFC390: QThreadStorageData::finish(void**) (qthreadstorage.cpp:200) ==3962== by 0x5CA1500: QCoreApplicationPrivate::cleanupThreadData() (qcoreapplication.cpp:520) ==3962== by 0x560E7B4: QGuiApplicationPrivate::~QGuiApplicationPrivate() (qguiapplication.cpp:1611) ==3962== by 0x4FCC3BC: QApplicationPrivate::~QApplicationPrivate() (qapplication.cpp:181) ==3962== by 0x5CD0D46: cleanup (qscopedpointer.h:60) ==3962== by 0x5CD0D46: ~QScopedPointer (qscopedpointer.h:107) ==3962== by 0x5CD0D46: QObject::~QObject() (qobject.cpp:891) ==3962== by 0x5CA113D: QCoreApplication::~QCoreApplication() (qcoreapplication.cpp:892) ==3962== by 0x560EE20: QGuiApplication::~QGuiApplication() (qguiapplication.cpp:649) ==3962== Address 0x8 is not stack'd, malloc'd or (recently) free'd Two further invalid reads were shown in socketNotifierSourceCheck at qeventdispatcher_glib.cpp:88 and 79 which looked like use-after-free errors. Those errors might be side-effects of the segmentation fault. I've seen this crash 5/5 times. I'm attaching the full valgrind log. -- You are receiving this mail because: You are watching all bug changes.
