https://bugs.kde.org/show_bug.cgi?id=405609
--- Comment #13 from Matt Fagnani <matthew.fagn...@utoronto.ca> --- Created attachment 124037 --> https://bugs.kde.org/attachment.cgi?id=124037&action=edit valgrind log file for system settings segmentation fault I ran valgrind --log-file=valgrind-systemsettings5-2.txt systemsettings5 & I reproduced the crash in the same way as in my previous comment. The valgrind log showed an invalid read in wl_proxy_unref at wayland-client.c:229 and an invalid write in wl_proxy_unref at wayland-client.c:230 in libwayland-client. They appeared to be use-after-free errors like those I've previously reported for kwin_wayland, plasmashell, konsole, powerdevil, etc. ( https://bugs.kde.org/show_bug.cgi?id=409688 ) Several Conditional jump or move depends on uninitialised value(s) messages were shown. An invalid read at in load at atomic_base.h:740 of the address 0xb was shown which had a similar trace similar to that of the crashing threads. ==4968== Invalid read of size 8 ==4968== at 0x5D136AA: load (atomic_base.h:740) ==4968== by 0x5D136AA: load (atomic:519) ==4968== by 0x5D136AA: load<QtSharedPointer::ExternalRefCountData*> (qatomic_cxx11.h:227) ==4968== by 0x5D136AA: load (qbasicatomic.h:239) ==4968== by 0x5D136AA: QtSharedPointer::ExternalRefCountData::getAndRef(QObject const*) (qsharedpointer.cpp:1358) ==4968== by 0x6ECFCF7: QWeakPointer<QObject> (qsharedpointer_impl.h:688) ==4968== by 0x6ECFCF7: assign<QObject> (qsharedpointer_impl.h:684) ==4968== by 0x6ECFCF7: operator= (qpointer.h:83) ==4968== by 0x6ECFCF7: QQmlListReferencePrivate::init(QQmlListProperty<QObject> const&, int, QQmlEngine*) (qqmllist.cpp:64) ==4968== by 0x6EDE064: QV4::QmlListWrapper::toVariant() const (qqmllistwrapper.cpp:101) ==4968== by 0x6E20603: toVariant(QV4::ExecutionEngine*, QV4::Value const&, int, bool, QSet<QV4::Heap::Object*>*) (qv4engine.cpp:1306) ==4968== by 0x6E20A68: QV4::ExecutionEngine::toVariant(QV4::Value const&, int, bool) (qv4engine.cpp:1271) ==4968== by 0x6ED8B24: QQmlBinding::slowWrite(QQmlPropertyData const&, QQmlPropertyData const&, QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) (qqmlbinding.cpp:415) ==4968== by 0x6EDA8F2: GenericBinding<2>::write(QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) (qqmlbinding.cpp:325) ==4968== by 0x6EDB53F: QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) (qqmlbinding.cpp:249) ==4968== by 0x6ED7C93: QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) (qqmlbinding.cpp:185) ==4968== by 0x6EE6825: QQmlObjectCreator::finalize(QQmlInstantiationInterrupt&) (qqmlobjectcreator.cpp:1352) ==4968== by 0x6E65F80: complete (qqmlcomponent.cpp:935) ==4968== by 0x6E65F80: QQmlComponentPrivate::complete(QQmlEnginePrivate*, QQmlComponentPrivate::ConstructionState*) (qqmlcomponent.cpp:931) ==4968== by 0x6E66091: completeCreate (qqmlcomponent.cpp:971) ==4968== by 0x6E66091: QQmlComponentPrivate::completeCreate() (qqmlcomponent.cpp:966) ==4968== Address 0xb is not stack'd, malloc'd or (recently) free'd ==4968== This crash might be due to an invalid pointer from the earlier use-after-free errors and use of uninitialized variables. Two further invalid reads were shown in socketNotifierSourceCheck at qeventdispatcher_glib.cpp:88 which look like use-after-free errors. Those errors might be side-effects of the segmentation fault. I've seen this crash 9 times which is about half the times I've tried to reproduce it. I'm attaching the full valgrind log. -- You are receiving this mail because: You are watching all bug changes.
