https://bugs.kde.org/show_bug.cgi?id=409021
--- Comment #1 from Matt Fagnani <matthew.fagn...@utoronto.ca> --- Created attachment 121086 --> https://bugs.kde.org/attachment.cgi?id=121086&action=edit valgrind run on plasmashell in Plasma 5.15.5 on Wayland with qt 5.12.4 showing invalid read and write and uninitialized value use plasmashell restarted after these crashes, but the application menu in the task bar, the menu in konsole, and the menu when right clicking didn't show up properly. I ran plasmashell under valgrind by editing /etc/xdg/autostart/org.kde.plasmashell.desktop like - Exec=plasmashell + Exec=valgrind --log-file=valgrind-plasmashell-wayland-3.txt --track-origins=yes plasmashell and then logging into Plasma on Wayland from sddm. A segmentation fault in ksplashqml in wl_proxy_set_queue at wayland-client.c:2094 was shown in drkonqi while the splash screen was being shown one such session. The trace of the crashing thread was similar if not the same as in the plasmashell crash I reported. Application: ksplashqml (ksplashqml), signal: Segmentation fault Using host libthread_db library "/lib64/libthread_db.so.1". futex_wait_cancelable (private=0, expected=0, futex_word=0x559d747f9c10) at ../sysdeps/unix/sysv/linux/futex-internal.h:88 88 int err = lll_futex_timed_wait (futex_word, expected, NULL, private); [Current thread is 1 (Thread 0x7f09a1d39840 (LWP 4083))] Thread 12 (Thread 0x7f09617e2700 (LWP 4114)): [KCrash Handler] #7 0x00007f09a09336f9 in wl_proxy_set_queue (proxy=0x0, queue=0x559d74782e40) at src/wayland-client.c:2094 #8 0x00007f098f901b50 in QtWaylandClient::QWaylandWindow::waitForFrameSync (this=0x559d74700940, timeout=100) at qwaylandwindow.cpp:646 #9 0x00007f098e5d6022 in QtWaylandClient::QWaylandGLContext::swapBuffers (this=0x559d7477fe40, surface=<optimized out>) at ../../../../hardwareintegration/client/wayland-egl/qwaylandglcontext.cpp:566 #10 0x00007f09a194f441 in QOpenGLContext::swapBuffers (this=0x559d742d9a30, surface=<optimized out>) at kernel/qopenglcontext.cpp:1115 #11 0x00007f09a20ae401 in QSGRenderThread::syncAndRender (this=this@entry=0x559d747f8b50) at scenegraph/qsgthreadedrenderloop.cpp:652 #12 0x00007f09a20b2168 in QSGRenderThread::run (this=0x559d747f8b50) at scenegraph/qsgthreadedrenderloop.cpp:730 #13 0x00007f09a1399786 in QThreadPrivate::start (arg=0x559d747f8b50) at thread/qthread_unix.cpp:361 #14 0x00007f09a052c5a2 in start_thread (arg=<optimized out>) at pthread_create.c:486 #15 0x00007f09a100f303 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 An invalid read and write in wl_proxy_unref at wayland-client.c:229-230 were in the valgrind log which appear to be use-after-free errors since they both have lines like Address 0xac4affc is 44 bytes inside a block of size 72 free'd. These invalid read/writes might be involved in the segmentation faults as they appear to involve the proxy in wayland-client.c. ==8545== Invalid read of size 4 ==8545== at 0x736BBB4: wl_proxy_unref (wayland-client.c:229) ==8545== by 0x736BCB3: destroy_queued_closure (wayland-client.c:291) ==8545== by 0x736BEC7: dispatch_event.isra.0 (wayland-client.c:1436) ==8545== by 0x736D46B: dispatch_queue (wayland-client.c:1576) ==8545== by 0x736D46B: wl_display_dispatch_queue_pending (wayland-client.c:1818) ==8545== by 0x736D8AA: wl_display_roundtrip_queue (wayland-client.c:1241) ==8545== by 0x4A7AB73: KWayland::Client::ConnectionThread::roundtrip() (connection_thread.cpp:290) ==8545== by 0x1806A189: KWaylandIntegration::init() (kwaylandintegration.cpp:74) ==8545== by 0x180500C0: KdePlatformTheme::KdePlatformTheme() (kdeplatformtheme.cpp:84) ==8545== by 0x1806CDFA: KdePlatformThemePlugin::create(QString const&, QStringList const&) (main.cpp:37) ==8545== by 0x659BE88: QPlatformTheme* qLoadPlugin<QPlatformTheme, QPlatformThemePlugin, QStringList&>(QFactoryLoader const*, QString const&, QStringList&) (qfactoryloader_p.h:108) ==8545== by 0x659B825: QPlatformThemeFactory::create(QString const&, QString const&) (qplatformthemefactory.cpp:73) ==8545== by 0x65A4A0F: init_platform (qguiapplication.cpp:1247) ==8545== by 0x65A4A0F: QGuiApplicationPrivate::createPlatformIntegration() (qguiapplication.cpp:1392) ==8545== Address 0xac4affc is 44 bytes inside a block of size 72 free'd ==8545== at 0x4839A0C: free (vg_replace_malloc.c:540) ==8545== by 0x4A91C14: destroy (wayland_pointer_p.h:63) ==8545== by 0x4A91C14: KWayland::Client::Registry::Private::globalSync(void*, wl_callback*, unsigned int) (registry.cpp:539) ==8545== by 0x8596B27: ffi_call_unix64 (unix64.S:76) ==8545== by 0x8596338: ffi_call (ffi64.c:525) ==8545== by 0x736F606: wl_closure_invoke (connection.c:1014) ==8545== by 0x736BF17: dispatch_event.isra.0 (wayland-client.c:1430) ==8545== by 0x736D46B: dispatch_queue (wayland-client.c:1576) ==8545== by 0x736D46B: wl_display_dispatch_queue_pending (wayland-client.c:1818) ==8545== by 0x736D8AA: wl_display_roundtrip_queue (wayland-client.c:1241) ==8545== by 0x4A7AB73: KWayland::Client::ConnectionThread::roundtrip() (connection_thread.cpp:290) ==8545== by 0x1806A189: KWaylandIntegration::init() (kwaylandintegration.cpp:74) ==8545== by 0x180500C0: KdePlatformTheme::KdePlatformTheme() (kdeplatformtheme.cpp:84) ==8545== by 0x1806CDFA: KdePlatformThemePlugin::create(QString const&, QStringList const&) (main.cpp:37) ==8545== Block was alloc'd at ==8545== at 0x483AB1A: calloc (vg_replace_malloc.c:762) ==8545== by 0x736BD42: UnknownInlinedFun (wayland-private.h:236) ==8545== by 0x736BD42: proxy_create.isra.0 (wayland-client.c:421) ==8545== by 0x736C42B: create_outgoing_proxy (wayland-client.c:650) ==8545== by 0x736C42B: wl_proxy_marshal_array_constructor_versioned (wayland-client.c:735) ==8545== by 0x736C782: wl_proxy_marshal_constructor (wayland-client.c:824) ==8545== by 0x4A920BD: wl_display_sync (wayland-client-protocol.h:958) ==8545== by 0x4A920BD: KWayland::Client::Registry::create(wl_display*) (registry.cpp:470) ==8545== by 0x4A9213A: KWayland::Client::Registry::create(KWayland::Client::ConnectionThread*) (registry.cpp:479) ==8545== by 0x1806A10D: KWaylandIntegration::init() (kwaylandintegration.cpp:56) ==8545== by 0x180500C0: KdePlatformTheme::KdePlatformTheme() (kdeplatformtheme.cpp:84) ==8545== by 0x1806CDFA: KdePlatformThemePlugin::create(QString const&, QStringList const&) (main.cpp:37) ==8545== by 0x659BE88: QPlatformTheme* qLoadPlugin<QPlatformTheme, QPlatformThemePlugin, QStringList&>(QFactoryLoader const*, QString const&, QStringList&) (qfactoryloader_p.h:108) ==8545== by 0x659B825: QPlatformThemeFactory::create(QString const&, QString const&) (qplatformthemefactory.cpp:73) ==8545== by 0x65A4A0F: init_platform (qguiapplication.cpp:1247) ==8545== by 0x65A4A0F: QGuiApplicationPrivate::createPlatformIntegration() (qguiapplication.cpp:1392) ==8545== ==8545== Invalid write of size 4 ==8545== at 0x736BBBE: wl_proxy_unref (wayland-client.c:230) ==8545== by 0x736BCB3: destroy_queued_closure (wayland-client.c:291) ==8545== by 0x736BEC7: dispatch_event.isra.0 (wayland-client.c:1436) ==8545== by 0x736D46B: dispatch_queue (wayland-client.c:1576) ==8545== by 0x736D46B: wl_display_dispatch_queue_pending (wayland-client.c:1818) ==8545== by 0x736D8AA: wl_display_roundtrip_queue (wayland-client.c:1241) ==8545== by 0x4A7AB73: KWayland::Client::ConnectionThread::roundtrip() (connection_thread.cpp:290) ==8545== by 0x1806A189: KWaylandIntegration::init() (kwaylandintegration.cpp:74) ==8545== by 0x180500C0: KdePlatformTheme::KdePlatformTheme() (kdeplatformtheme.cpp:84) ==8545== by 0x1806CDFA: KdePlatformThemePlugin::create(QString const&, QStringList const&) (main.cpp:37) ==8545== by 0x659BE88: QPlatformTheme* qLoadPlugin<QPlatformTheme, QPlatformThemePlugin, QStringList&>(QFactoryLoader const*, QString const&, QStringList&) (qfactoryloader_p.h:108) ==8545== by 0x659B825: QPlatformThemeFactory::create(QString const&, QString const&) (qplatformthemefactory.cpp:73) ==8545== by 0x65A4A0F: init_platform (qguiapplication.cpp:1247) ==8545== by 0x65A4A0F: QGuiApplicationPrivate::createPlatformIntegration() (qguiapplication.cpp:1392) ==8545== Address 0xac4affc is 44 bytes inside a block of size 72 free'd ==8545== at 0x4839A0C: free (vg_replace_malloc.c:540) ==8545== by 0x4A91C14: destroy (wayland_pointer_p.h:63) ==8545== by 0x4A91C14: KWayland::Client::Registry::Private::globalSync(void*, wl_callback*, unsigned int) (registry.cpp:539) ==8545== by 0x8596B27: ffi_call_unix64 (unix64.S:76) ==8545== by 0x8596338: ffi_call (ffi64.c:525) ==8545== by 0x736F606: wl_closure_invoke (connection.c:1014) ==8545== by 0x736BF17: dispatch_event.isra.0 (wayland-client.c:1430) ==8545== by 0x736D46B: dispatch_queue (wayland-client.c:1576) ==8545== by 0x736D46B: wl_display_dispatch_queue_pending (wayland-client.c:1818) ==8545== by 0x736D8AA: wl_display_roundtrip_queue (wayland-client.c:1241) ==8545== by 0x4A7AB73: KWayland::Client::ConnectionThread::roundtrip() (connection_thread.cpp:290) ==8545== by 0x1806A189: KWaylandIntegration::init() (kwaylandintegration.cpp:74) ==8545== by 0x180500C0: KdePlatformTheme::KdePlatformTheme() (kdeplatformtheme.cpp:84) ==8545== by 0x1806CDFA: KdePlatformThemePlugin::create(QString const&, QStringList const&) (main.cpp:37) ==8545== Block was alloc'd at ==8545== at 0x483AB1A: calloc (vg_replace_malloc.c:762) ==8545== by 0x736BD42: UnknownInlinedFun (wayland-private.h:236) ==8545== by 0x736BD42: proxy_create.isra.0 (wayland-client.c:421) ==8545== by 0x736C42B: create_outgoing_proxy (wayland-client.c:650) ==8545== by 0x736C42B: wl_proxy_marshal_array_constructor_versioned (wayland-client.c:735) ==8545== by 0x736C782: wl_proxy_marshal_constructor (wayland-client.c:824) ==8545== by 0x4A920BD: wl_display_sync (wayland-client-protocol.h:958) ==8545== by 0x4A920BD: KWayland::Client::Registry::create(wl_display*) (registry.cpp:470) ==8545== by 0x4A9213A: KWayland::Client::Registry::create(KWayland::Client::ConnectionThread*) (registry.cpp:479) ==8545== by 0x1806A10D: KWaylandIntegration::init() (kwaylandintegration.cpp:56) ==8545== by 0x180500C0: KdePlatformTheme::KdePlatformTheme() (kdeplatformtheme.cpp:84) ==8545== by 0x1806CDFA: KdePlatformThemePlugin::create(QString const&, QStringList const&) (main.cpp:37) ==8545== by 0x659BE88: QPlatformTheme* qLoadPlugin<QPlatformTheme, QPlatformThemePlugin, QStringList&>(QFactoryLoader const*, QString const&, QStringList&) (qfactoryloader_p.h:108) ==8545== by 0x659B825: QPlatformThemeFactory::create(QString const&, QString const&) (qplatformthemefactory.cpp:73) ==8545== by 0x65A4A0F: init_platform (qguiapplication.cpp:1247) ==8545== by 0x65A4A0F: QGuiApplicationPrivate::createPlatformIntegration() (qguiapplication.cpp:1392) = I've seen segmentation faults in konsole and powerdevil and others which involved invalid reads/writes starting at wl_proxy_unref (wayland-client.c:229) https://bugs.kde.org/show_bug.cgi?id=408971 https://bugs.kde.org/show_bug.cgi?id=408553 The valgrind log showed use of a few uninitialized variables including at QtWaylandClient::QWaylandInputDevice::Keyboard::keyboard_key (qwaylandinputdevice.cpp:792) Thread 1: ==8545== Conditional jump or move depends on uninitialised value(s) ==8545== at 0x17ED1571: QtWaylandClient::QWaylandInputDevice::Keyboard::keyboard_key(unsigned int, unsigned int, unsigned int, unsigned int) (qwaylandinputdevice.cpp:792) ==8545== by 0x8596B27: ffi_call_unix64 (unix64.S:76) ==8545== by 0x8596338: ffi_call (ffi64.c:525) ==8545== by 0x736F606: wl_closure_invoke (connection.c:1014) ==8545== by 0x736BF17: dispatch_event.isra.0 (wayland-client.c:1430) ==8545== by 0x736D46B: dispatch_queue (wayland-client.c:1576) ==8545== by 0x736D46B: wl_display_dispatch_queue_pending (wayland-client.c:1818) ==8545== by 0x17ED2361: QtWaylandClient::QWaylandDisplay::flushRequests() (qwaylanddisplay.cpp:187) ==8545== by 0x6C5BD7A: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3801) ==8545== by 0x6C86C16: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_glib.cpp:429) ==8545== by 0x6C309EA: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:225) ==8545== by 0x6C38725: QCoreApplication::exec() (qcoreapplication.cpp:1385) ==8545== by 0x12C808: main (main.cpp:212) ==8545== Uninitialised value was created by a heap allocation ==8545== at 0x4838E86: operator new(unsigned long) (vg_replace_malloc.c:344) ==8545== by 0x17ECF017: QtWaylandClient::QWaylandInputDevice::createKeyboard(QtWaylandClient::QWaylandInputDevice*) (qwaylandinputdevice.cpp:265) ==8545== by 0x17ECEFCC: QtWaylandClient::QWaylandInputDevice::seat_capabilities(unsigned int) (qwaylandinputdevice.cpp:231) ==8545== by 0x8596B27: ffi_call_unix64 (unix64.S:76) ==8545== by 0x8596338: ffi_call (ffi64.c:525) ==8545== by 0x736F606: wl_closure_invoke (connection.c:1014) ==8545== by 0x736BF17: dispatch_event.isra.0 (wayland-client.c:1430) ==8545== by 0x736D46B: dispatch_queue (wayland-client.c:1576) ==8545== by 0x736D46B: wl_display_dispatch_queue_pending (wayland-client.c:1818) ==8545== by 0x17ED2804: QtWaylandClient::QWaylandDisplay::forceRoundTrip() (qwaylanddisplay.cpp:420) ==8545== by 0x17ED35B6: QtWaylandClient::QWaylandDisplay::registry_global(unsigned int, QString const&, unsigned int) (qwaylanddisplay.cpp:282) ==8545== by 0x17EF9DA5: QtWayland::wl_registry::handle_global(void*, wl_registry*, unsigned int, char const*, unsigned int) (qwayland-wayland.cpp:71) ==8545== by 0x8596B27: ffi_call_unix64 (unix64.S:76) ==8545== I don't know if those uninitialized values being used might be related to the crashes. I'll attach the valgrind log and ksplashqml trace. -- You are receiving this mail because: You are watching all bug changes.
