https://bugs.kde.org/show_bug.cgi?id=413003
--- Comment #3 from Matt Fagnani <matthew.fagn...@utoronto.ca> --- Created attachment 124238 --> https://bugs.kde.org/attachment.cgi?id=124238&action=edit valgrind log from kinfocenter run when clicking Energy Information, File Indexer Monitor, then Energy Information I ran valgrind --log-file=valgrind-kinfocenter-energy-index-1.txt --track-origins=yes kinfocenter & I reproduced the crash in the same way as in my previous comment. The valgrind log showed an invalid read in wl_proxy_unref at wayland-client.c:229 and an invalid write in wl_proxy_unref at wayland-client.c:230 in libwayland-client. They appeared to be use-after-free errors like those I've previously reported for kwin_wayland, plasmashell, konsole, powerdevil, etc. ( https://bugs.kde.org/show_bug.cgi?id=409688 ) 84 Conditional jump or move depends on uninitialised value(s) and 13 Use of uninitialised value messages were shown. An invalid read in QMetaObject::cast at qmetaobject.cpp:381 in freed memory was followed by an invalid read "Address 0x5300000000 is not stack'd, malloc'd or (recently) free'd" at the same line. This trace looks like that of the crashing thread. The use-after-free error might've led to the segmentation fault due to the invalid pointer. ==5320== Invalid read of size 8 ==5320== at 0x5CA7FA0: QMetaObject::cast(QObject const*) const (qmetaobject.cpp:381) ==5320== by 0x2880DAE0: qobject_cast<Solid::Battery*> (qobject.h:504) ==5320== by 0x2880DAE0: as<Solid::Battery> (device.h:233) ==5320== by 0x2880DAE0: BatteryModel::data(QModelIndex const&, int) const (batterymodel.cpp:75) ==5320== by 0x68F874A: data (qabstractitemmodel.h:458) ==5320== by 0x68F874A: value (qqmladaptormodel.cpp:414) ==5320== by 0x68F874A: QQmlDMCachedModelData::metaCall(QMetaObject::Call, int, void**) (qqmladaptormodel.cpp:282) ==5320== by 0x6A0A043: readProperty (qqmlpropertycache_p.h:328) ==5320== by 0x6A0A043: loadProperty(QV4::ExecutionEngine*, QObject*, QQmlPropertyData const&) (qv4qobjectwrapper.cpp:178) ==5320== by 0x6A0BB3B: QV4::QObjectWrapper::virtualResolveLookupGetter(QV4::Object const*, QV4::ExecutionEngine*, QV4::Lookup*) (qv4qobjectwrapper.cpp:877) ==5320== by 0x6A2A714: QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) (qv4vme_moth.cpp:621) ==5320== by 0x6A2F556: QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) (qv4vme_moth.cpp:447) ==5320== by 0x69BC8FE: QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext const*) (qv4function.cpp:68) ==5320== by 0x6B45C06: QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) (qqmljavascriptexpression.cpp:211) ==5320== by 0x6B4B9B2: QQmlBinding::evaluate(bool*) (qqmlbinding.cpp:209) ==5320== by 0x6B504E9: QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) (qqmlbinding.cpp:245) ==5320== by 0x6B4CC93: QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) (qqmlbinding.cpp:185) ==5320== Address 0x2ae6bf60 is 0 bytes inside a block of size 192 free'd ==5320== at 0x483AA0C: free (vg_replace_malloc.c:540) ==5320== by 0x68EEEAF: UnknownInlinedFun (qarraydata.h:239) ==5320== by 0x68EEEAF: ~QString (qstring.h:1135) ==5320== by 0x68EEEAF: node_destruct (qlist.h:499) ==5320== by 0x68EEEAF: dealloc (qlist.h:868) ==5320== by 0x68EEEAF: QList<QString>::~QList() (qlist.h:830) ==5320== by 0x692050E: ~QStringList (qstringlist.h:99) ==5320== by 0x692050E: QV4::CompiledData::CompilationUnit::loadFromDisk(QUrl const&, QDateTime const&, QString*) (qv4compileddata.cpp:658) ==5320== by 0x6B0C07F: QQmlScriptBlob::dataReceived(QQmlDataBlob::SourceCodeData const&) (qqmltypeloader.cpp:3020) ==5320== by 0x6B04AB1: QQmlTypeLoader::setData(QQmlDataBlob*, QQmlDataBlob::SourceCodeData const&) (qqmltypeloader.cpp:1302) ==5320== by 0x6B053DC: QQmlTypeLoader::setData(QQmlDataBlob*, QString const&) (qqmltypeloader.cpp:1292) ==5320== by 0x6B0550C: QQmlTypeLoader::loadThread(QQmlDataBlob*) (qqmltypeloader.cpp:1162) ==5320== by 0x6B134FB: loadThread (qqmltypeloader.cpp:1007) ==5320== by 0x6B134FB: void QQmlTypeLoader::doLoad<PlainLoader>(PlainLoader const&, QQmlDataBlob*, QQmlTypeLoader::Mode) (qqmltypeloader.cpp:1066) ==5320== by 0x6B05779: QQmlTypeLoader::load(QQmlDataBlob*, QQmlTypeLoader::Mode) (qqmltypeloader.cpp:1098) ==5320== by 0x6B05E6E: QQmlTypeLoader::getScript(QUrl const&) (qqmltypeloader.cpp:1760) ==5320== by 0x6B0896A: QQmlTypeLoader::Blob::addImport(QV4::CompiledData::Import const*, QList<QQmlError>*) (qqmltypeloader.cpp:1444) ==5320== by 0x6B09F6C: QQmlTypeData::tryLoadFromDiskCache() (qqmltypeloader.cpp:2215) ==5320== Block was alloc'd at ==5320== at 0x483980B: malloc (vg_replace_malloc.c:309) ==5320== by 0x5B02100: QArrayData::allocate(unsigned long, unsigned long, unsigned long, QFlags<QArrayData::AllocationOption>) (qarraydata.cpp:118) ==5320== by 0x5B71896: UnknownInlinedFun (qarraydata.h:224) ==5320== by 0x5B71896: QString::QString(int, Qt::Initialization) (qstring.cpp:2176) ==5320== by 0x691BF5A: convertTo<QString> (qstringbuilder.h:112) ==5320== by 0x691BF5A: operator QStringBuilder<QStringBuilder<QStringBuilder<QString, QString>, QLatin1Char>, QString>::ConvertTo (qstringbuilder.h:131) ==5320== by 0x691BF5A: QV4::CompiledData::CompilationUnit::localCacheFilePath(QUrl const&) (qv4compileddata.cpp:140) ==5320== by 0x6920382: QV4::CompiledData::CompilationUnit::loadFromDisk(QUrl const&, QDateTime const&, QString*) (qv4compileddata.cpp:658) ==5320== by 0x6B0C07F: QQmlScriptBlob::dataReceived(QQmlDataBlob::SourceCodeData const&) (qqmltypeloader.cpp:3020) ==5320== by 0x6B04AB1: QQmlTypeLoader::setData(QQmlDataBlob*, QQmlDataBlob::SourceCodeData const&) (qqmltypeloader.cpp:1302) ==5320== by 0x6B053DC: QQmlTypeLoader::setData(QQmlDataBlob*, QString const&) (qqmltypeloader.cpp:1292) ==5320== by 0x6B0550C: QQmlTypeLoader::loadThread(QQmlDataBlob*) (qqmltypeloader.cpp:1162) ==5320== by 0x6B134FB: loadThread (qqmltypeloader.cpp:1007) ==5320== by 0x6B134FB: void QQmlTypeLoader::doLoad<PlainLoader>(PlainLoader const&, QQmlDataBlob*, QQmlTypeLoader::Mode) (qqmltypeloader.cpp:1066) ==5320== by 0x6B05779: QQmlTypeLoader::load(QQmlDataBlob*, QQmlTypeLoader::Mode) (qqmltypeloader.cpp:1098) ==5320== by 0x6B05E6E: QQmlTypeLoader::getScript(QUrl const&) (qqmltypeloader.cpp:1760) ==5320== ==5320== ==5320== More than 100 errors detected. Subsequent errors ==5320== will still be recorded, but in less detail than before. ==5320== Invalid read of size 8 ==5320== at 0x5CA7FAC: QMetaObject::cast(QObject const*) const (qmetaobject.cpp:381) ==5320== by 0x2880DAE0: qobject_cast<Solid::Battery*> (qobject.h:504) ==5320== by 0x2880DAE0: as<Solid::Battery> (device.h:233) ==5320== by 0x2880DAE0: BatteryModel::data(QModelIndex const&, int) const (batterymodel.cpp:75) ==5320== by 0x68F874A: data (qabstractitemmodel.h:458) ==5320== by 0x68F874A: value (qqmladaptormodel.cpp:414) ==5320== by 0x68F874A: QQmlDMCachedModelData::metaCall(QMetaObject::Call, int, void**) (qqmladaptormodel.cpp:282) ==5320== by 0x6A0A043: readProperty (qqmlpropertycache_p.h:328) ==5320== by 0x6A0A043: loadProperty(QV4::ExecutionEngine*, QObject*, QQmlPropertyData const&) (qv4qobjectwrapper.cpp:178) ==5320== by 0x6A0BB3B: QV4::QObjectWrapper::virtualResolveLookupGetter(QV4::Object const*, QV4::ExecutionEngine*, QV4::Lookup*) (qv4qobjectwrapper.cpp:877) ==5320== by 0x6A2A714: QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) (qv4vme_moth.cpp:621) ==5320== by 0x6A2F556: QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) (qv4vme_moth.cpp:447) ==5320== by 0x69BC8FE: QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext const*) (qv4function.cpp:68) ==5320== by 0x6B45C06: QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) (qqmljavascriptexpression.cpp:211) ==5320== by 0x6B4B9B2: QQmlBinding::evaluate(bool*) (qqmlbinding.cpp:209) ==5320== by 0x6B504E9: QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) (qqmlbinding.cpp:245) ==5320== by 0x6B4CC93: QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) (qqmlbinding.cpp:185) ==5320== Address 0x5300000000 is not stack'd, malloc'd or (recently) free'd ==5320== Two further invalid reads were shown in socketNotifierSourceCheck at qeventdispatcher_glib.cpp:88 and 79 which looked like use-after-free errors. Those errors might be side-effects of the segmentation fault. I've seen this crash 4/4 times. I'm attaching the full valgrind log. -- You are receiving this mail because: You are watching all bug changes.
