https://bugs.kde.org/show_bug.cgi?id=447717
--- Comment #28 from Matt Fagnani <matt.fagn...@bell.net> --- Created attachment 153472 --> https://bugs.kde.org/attachment.cgi?id=153472&action=edit valgrind log of running plasmashell --replace I reproduced this type of plasmashell crash twice while running it under valgrind like valgrind --log-file=valgrind-plasmashell-task-manager-icons-2.txt --enable-debuginfod=no plasmashell --replace (in konsole) in a Fedora Rawhide KDE Plasma live image in GNOME Boxes QEMU/KVM VM with Plasma 5.26.2, KF 5.26.2, Qt 5.15.7. I started Firefox and Konsole then moved the cursor back and forth over the task manager icons so that tooltips were shown until the crash happened. The first plasmashell shell had the errors kf.plasma.quick: Couldn't create KWindowShadow for ToolTipDialog(0x23cd7220) wl_display@1: error 1: invalid arguments for org_kde_plasma_surface@157.set_output The Wayland connection experienced a fatal error: Invalid argument The second plasmashell crash had the errors org.kde.kf5.kwindowsystem.kwayland: Failed to recreate shadow for ToolTipDialog(0x24271af0) wl_display@1: error 0: invalid object 204 The Wayland connection experienced a fatal error: Invalid argument The Wayland connection experienced a fatal error: Invalid argument The valgrind logs showed 26 and 11 invalid reads of 16 bytes which were less than 16 bytes from the end of the buffers, and so they might've been overreads. The stacks of the allocations had functions which seemed to be involved with SVG rendering. The stacks of where the invalid reads were just showed ??s so they're difficult to interpret. The first such invalid read from the second crash's run was ==3516== Invalid read of size 16 ==3516== at 0x25B21A90: ??? ==3516== by 0x23DAB237: ??? ==3516== Address 0x23dabf2e is 3,342 bytes inside a block of size 3,352 alloc'd ==3516== at 0x484186F: malloc (vg_replace_malloc.c:393) ==3516== by 0x696F581: QArrayData::allocate(unsigned long, unsigned long, unsigned long, QFlags<QArrayData::AllocationOption>) (qarraydata.cpp:218) ==3516== by 0x69F125D: allocate (qarraydata.h:225) ==3516== by 0x69F125D: QString::fromLatin1_helper(char const*, int) (qstring.cpp:5464) ==3516== by 0x4B44999: UnknownInlinedFun (qstring.h:701) ==3516== by 0x4B44999: UnknownInlinedFun (qstring.h:713) ==3516== by 0x4B44999: Plasma::SharedSvgRenderer::load(QByteArray const&, QString const&, QHash<QString, QRectF>&) [clone .isra.0] (svg.cpp:134) ==3516== by 0x4B320B3: UnknownInlinedFun (svg.cpp:81) ==3516== by 0x4B320B3: Plasma::SvgPrivate::createRenderer() [clone .part.0] (svg.cpp:681) ==3516== by 0x4B23617: UnknownInlinedFun (qbasicatomic.h:118) ==3516== by 0x4B23617: UnknownInlinedFun (svg.cpp:756) ==3516== by 0x4B23617: Plasma::SvgPrivate::elementRect(QString const&) (svg.cpp:745) ==3516== by 0x4B248C3: Plasma::SvgPrivate::checkColorHints() (svg.cpp:777) ==3516== by 0x4B25C8E: Plasma::SvgPrivate::setImagePath(QString const&) (svg.cpp:511) ==3516== by 0x4B27600: Plasma::Svg::setImagePath(QString const&) (svg.cpp:1108) ==3516== by 0x27BFA030: UnknownInlinedFun (iconitem.cpp:186) ==3516== by 0x27BFA030: IconItem::setSource(QVariant const&) (iconitem.cpp:370) ==3516== by 0x56B3701: QQmlPropertyPrivate::write(QObject*, QQmlPropertyData const&, QVariant const&, QQmlContextData*, QFlags<QQmlPropertyData::WriteFlag>) (in /usr/lib64/libQt5Qml.so.5.15.7) ==3516== by 0x571AEFB: QQmlBinding::slowWrite(QQmlPropertyData const&, QQmlPropertyData const&, QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) (in /usr/lib64/libQt5Qml.so.5.15.7) ==3516== There were also many Conditional jump or move depends on uninitialised value(s) lines which could've contributed to the problem. I'm attaching the valgrind log for the second crash's run. -- You are receiving this mail because: You are watching all bug changes.
