https://bugs.kde.org/show_bug.cgi?id=395765
--- Comment #8 from Tobias Deiminger <haxti...@posteo.de> --- Quite interesting. The crash is caused by a dangling KConfig* pointer inside the KConfigGroup that's passed to Shell::readProperties. The KConfig was deleted preliminary during Shell::openUrl(). There a QDialog event loop processed a XSMP "SaveYourself" message, and the related handler code eventually deleted a globally used KConfig instance. It goes like this 1. KMainWindow::restore creates a KConfig *config = KConfigGui::sessionConfig(). This KConfig is managed singleton-like, see static KConfig *KConfigGui::s_sessionConfig. 2. KMainWindow::readPropertiesInternal constructs a KConfigGroup grp(config, ...) with that KConfig, and passes it on to Shell::readProperties (polymorphic call from framework to application). 3. The trouble begins in openUrl(). There we can't find a document, and spawn a QDialog for the "file not found" message. QDialog has an event loop that's stacked onto the application event loop. It happens that ksmserver sent us an XSMP "SaveYourself" message (that's expected after client registration), which now gets processed by the QDialog event loop. We handle "SaveYourself" with KMWSessionManager::saveState => KConfigGui::setSessionConfig and hit the code if (hasSessionConfig()) { delete s_sessionConfig; s_sessionConfig = nullptr; } Sadly, the old s_sessionConfig address is still stored in the KConfigGroup, where the pointer is dangling now. 4. Inside group.readEntry<int>( SESSION_TAB_KEY, 0 ) the dangling KConfig* is accessed, resulting in segfault. I'm not yet sure how to fix it. Shall we discuss it with some KF5 guys? It seems a bit fragile if a framework passes some wrapped up pointer to application code, and said pointer can become invalid for non-obvious reasons. -- You are receiving this mail because: You are the assignee for the bug.