Summary: | plasmashell segfaults on logout in PlasmaQuick::View::containment (use-after-free?) | ||
---|---|---|---|
Product: | [Plasma] plasmashell | Reporter: | Peter Wu <peter> |
Component: | general | Assignee: | David Edmundson <kde> |
Status: | RESOLVED DUPLICATE | ||
Severity: | crash | CC: | bhush94, bugs.kde.org.id324, kde, plasma-bugs |
Priority: | NOR | ||
Version: | 5.3.0 | ||
Target Milestone: | 1.0 | ||
Platform: | Arch Linux | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: | |||
Attachments: | gdb backtrace (with debugging symbols; normal and full) |
Description
Peter Wu
2015-08-01 20:06:41 UTC
Created attachment 93835 [details]
gdb backtrace (with debugging symbols; normal and full)
I'm on Fedora 22 and Plasma always segfaulted on logout. I just recently enabled "test updates" and upgraded to "dvratil/plasma-5-beta" and it still happens, just less. How can I help with reporting this? pasting inline #0 PlasmaQuick::View::containment (this=0x3220ff0) at /shared/src/plasma-framework-5.12.0/src/plasmaquick/view.cpp:248 #1 0x000000000044d9f6 in ShellCorona::screenForContainment (this=0x2697c70, containment=0x5c74960) at /build/src/plasma-workspace-5.3.2/shell/shellcorona.cpp:1455 #2 0x00007fb7efbd4a51 in ContainmentInterface::availableScreenRect (this=0x506ef20) at /shared/src/plasma-framework-5.12.0/src/scriptengines/qml/plasmoid/containmentinterface.cpp:223 #3 0x00007fb7efbde1dd in ContainmentInterface::qt_static_metacall (_o=_o@entry=0x506ef20, _c=_c@entry=QMetaObject::ReadProperty, _id=_id@entry=5, _a=_a@entry=0x7fffe05c7230) at /shared/src/build/src/scriptengines/qml/moc_containmentinterface.cpp:359 #4 0x00007fb7efbdea5b in ContainmentInterface::qt_metacall (this=0x506ef20, _c=QMetaObject::ReadProperty, _id=5, _a=0x7fffe05c7230) at /shared/src/build/src/scriptengines/qml/moc_containmentinterface.cpp:417 #5 0x00007fb81974cf89 in QV4::QQmlValueTypeReference::readReferenceValue (this=this@entry=0x7fb706f8d0c0) at qml/qqmlvaluetypewrapper.cpp:161 #6 0x00007fb81974dbea in QV4::QQmlValueTypeWrapper::get (m=0x7fb706f8d0c0, name=0x7fb706f8d0b8, hasProperty=0x0) at qml/qqmlvaluetypewrapper.cpp:338 #7 0x00007fb8196ae97e in get (hasProperty=0x0, name=<optimized out>, this=<optimized out>) at jsruntime/qv4object_p.h:276 #8 QV4::Runtime::getProperty (engine=0x644a880, object=..., nameIndex=<optimized out>) at jsruntime/qv4runtime.cpp:672 #9 0x00007fb707c05f95 in ?? () #10 0x00007fb7352f00c8 in ?? () #11 0x9eb41393c302a600 in ?? () #12 0x00007fb740107b20 in ?? () #13 0x0000000000000002 in ?? () #14 0x00007fffe05c7510 in ?? () #15 0x00007fb8165bf6a4 in QMetaObjectPrivate::signal (m=0x65697a0, signal_index=-530811872) at kernel/qmetaobject.cpp:868 #16 0x00007fb8196517ba in QV4::SimpleScriptFunction::call (that=<optimized out>, callData=<optimized out>) at jsruntime/qv4functionobject.cpp:564 #17 0x00007fb81974176f in call (d=0x7fb706f8d008, this=<optimized out>) at ../../include/QtQml/5.5.0/QtQml/private/../../../../../src/qml/jsruntime/qv4object_p.h:302 #18 QQmlJavaScriptExpression::evaluate (this=this@entry=0x65c6e90, context=<optimized out>, function=..., callData=callData@entry=0x7fb706f8d008, isUndefined=isUndefined@entry=0x7fffe05c766c) at qml/qqmljavascriptexpression.cpp:158 #19 0x00007fb819741c9d in QQmlJavaScriptExpression::evaluate (this=this@entry=0x65c6e90, context=<optimized out>, function=..., isUndefined=isUndefined@entry=0x7fffe05c766c) at qml/qqmljavascriptexpression.cpp:116 #20 0x00007fb8197487dc in QQmlBinding::update (this=0x65c6e70, flags=...) at qml/qqmlbinding.cpp:194 #21 0x00007fb819748c9e in update (this=<optimized out>) at qml/qqmlbinding_p.h:97 #22 QQmlBinding::expressionChanged (e=<optimized out>) at qml/qqmlbinding.cpp:260 #23 0x00007fb819724c77 in QQmlNotifier::emitNotify (endpoint=0x65c7538, a=a@entry=0x0) at qml/qqmlnotifier.cpp:73 #24 0x00007fb819724c3e in QQmlNotifier::emitNotify (endpoint=0x65c75a8, a=a@entry=0x0) at qml/qqmlnotifier.cpp:68 #25 0x00007fb819724c3e in QQmlNotifier::emitNotify (endpoint=0x65c7618, a=a@entry=0x0) at qml/qqmlnotifier.cpp:68 #26 0x00007fb819724c3e in QQmlNotifier::emitNotify (endpoint=0x65c7688, a=a@entry=0x0) at qml/qqmlnotifier.cpp:68 #27 0x00007fb8196c78bc in QQmlData::signalEmitted (object=0x506ef20, index=64, a=0x0) at qml/qqmlengine.cpp:751 #28 0x00007fb8165e38f0 in QMetaObject::activate (sender=0x506ef20, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3604 #29 0x00007fb8165e3e77 in call (a=0x7fffe05c7a60, r=0x506ef20, this=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qobject_impl.h:124 #30 QMetaObject::activate (sender=sender@entry=0x2697c70, signalOffset=<optimized out>, local_signal_index=local_signal_index@entry=4, argv=argv@entry=0x0) at kernel/qobject.cpp:3703 #31 0x00007fb8165e47e7 in QMetaObject::activate (sender=sender@entry=0x2697c70, m=m@entry=0x7fb81acd0d20 <Plasma::Corona::staticMetaObject>, local_signal_index=local_signal_index@entry=4, argv=argv@entry=0x0) at kernel/qobject.cpp:3583 #32 0x00007fb81aa52a33 in Plasma::Corona::availableScreenRectChanged (this=this@entry=0x2697c70) at /shared/src/build/src/plasma/moc_corona.cpp:369 #33 0x000000000044f778 in ShellCorona::containmentDeleted (this=0x2697c70, cont=<optimized out>) at /build/src/plasma-workspace-5.3.2/shell/shellcorona.cpp:979 #34 0x0000000000457714 in ShellCorona::qt_static_metacall (_o=_o@entry=0x2697c70, _c=_c@entry=QMetaObject::InvokeMetaMethod, _id=_id@entry=30, _a=_a@entry=0x7fffe05c7c40) at /build/src/build/shell/moc_shellcorona.cpp:296 #35 0x00007fb8165e3fea in QMetaObject::activate (sender=sender@entry=0x2699d30, signalOffset=<optimized out>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fffe05c7c40) at kernel/qobject.cpp:3718 #36 0x00007fb8165e47e7 in QMetaObject::activate (sender=sender@entry=0x2699d30, m=m@entry=0x7fb8169f2b80 <QObject::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fffe05c7c40) at kernel/qobject.cpp:3583 #37 0x00007fb8165e488f in QObject::destroyed (this=this@entry=0x2699d30, _t1=_t1@entry=0x2699d30) at .moc/moc_qobject.cpp:211 #38 0x00007fb8165ebdfa in QObject::~QObject (this=0x2699d30, __in_chrg=<optimized out>) at kernel/qobject.cpp:904 #39 0x00007fb81aa4ae69 in Plasma::Containment::~Containment (this=0x2699d30, __in_chrg=<optimized out>) at /shared/src/plasma-framework-5.12.0/src/plasma/containment.cpp:94 #40 0x0000000000454de6 in qDeleteAll<QList<Plasma::Containment*>::const_iterator> (end=..., begin=...) at /usr/include/qt/QtCore/qalgorithms.h:317 #41 qDeleteAll<QList<Plasma::Containment*> > (c=QList<Plasma::Containment *> = {...}) at /usr/include/qt/QtCore/qalgorithms.h:325 #42 ShellCorona::~ShellCorona (this=0x2697c70, __in_chrg=<optimized out>) at /build/src/plasma-workspace-5.3.2/shell/shellcorona.cpp:182 #43 0x0000000000455049 in ShellCorona::~ShellCorona (this=0x2697c70, __in_chrg=<optimized out>) at /build/src/plasma-workspace-5.3.2/shell/shellcorona.cpp:184 #44 0x00007fb8165e252b in QObjectPrivate::deleteChildren (this=this@entry=0x268f4a0) at kernel/qobject.cpp:1951 #45 0x00007fb8165ec280 in QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>) at kernel/qobject.cpp:1031 #46 0x000000000045cb19 in ShellManager::~ShellManager (this=0x268b9e0, __in_chrg=<optimized out>) at /build/src/plasma-workspace-5.3.2/shell/shellmanager.cpp:94 #47 0x00007fb8165e4ed0 in QObject::event (this=0x268b9e0, e=<optimized out>) at kernel/qobject.cpp:1237 #48 0x00007fb81798400c in QApplicationPrivate::notify_helper (this=this@entry=0x2597f90, receiver=receiver@entry=0x268b9e0, e=e@entry=0x5885900) at kernel/qapplication.cpp:3717 #49 0x00007fb8179894e6 in QApplication::notify (this=0x7fffe05c8330, receiver=0x268b9e0, e=0x5885900) at kernel/qapplication.cpp:3500 #50 0x00007fb8165b589b in QCoreApplication::notifyInternal (this=0x7fffe05c8330, receiver=0x268b9e0, event=event@entry=0x5885900) at kernel/qcoreapplication.cpp:965 #51 0x00007fb8165b7c96 in sendEvent (event=0x5885900, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:224 #52 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=52, data=0x258e4a0) at kernel/qcoreapplication.cpp:1593 #53 0x00007fb8165b8178 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=52) at kernel/qcoreapplication.cpp:1451 #54 0x00007fb8165bb249 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1236 #55 0x00007fb816b0c40c in QGuiApplication::exec () at kernel/qguiapplication.cpp:1528 #56 0x00007fb817980475 in QApplication::exec () at kernel/qapplication.cpp:2977 #57 0x000000000042df06 in main (argc=2, argv=<optimized out>) at /build/src/plasma-workspace-5.3.2/shell/main.cpp:154 #0 PlasmaQuick::View::containment (this=0x3220ff0) at /shared/src/plasma-framework-5.12.0/src/plasmaquick/view.cpp:248 248 return d->containment; $1 = (PlasmaQuick::ViewPrivate * const) 0x0 $2 = (PlasmaQuick::ViewPrivate * const *) 0x3221018 #0 PlasmaQuick::View::containment (this=0x3220ff0) at /shared/src/plasma-framework-5.12.0/src/plasmaquick/view.cpp:248 No locals. #1 0x000000000044d9f6 in ShellCorona::screenForContainment (this=0x2697c70, containment=0x5c74960) at /build/src/plasma-workspace-5.3.2/shell/shellcorona.cpp:1455 i = 0 #2 0x00007fb7efbd4a51 in ContainmentInterface::availableScreenRect (this=0x506ef20) at /shared/src/plasma-framework-5.12.0/src/scriptengines/qml/plasmoid/containmentinterface.cpp:223 rect = {x1 = 0, y1 = 0, x2 = 1599, y2 = 899} screenId = <optimized out> #3 0x00007fb7efbde1dd in ContainmentInterface::qt_static_metacall (_o=_o@entry=0x506ef20, _c=_c@entry=QMetaObject::ReadProperty, _id=_id@entry=5, _a=_a@entry=0x7fffe05c7230) at /shared/src/build/src/scriptengines/qml/moc_containmentinterface.cpp:359 _t = 0x506ef20 _v = 0x26a70d0 #4 0x00007fb7efbdea5b in ContainmentInterface::qt_metacall (this=0x506ef20, _c=QMetaObject::ReadProperty, _id=5, _a=0x7fffe05c7230) at /shared/src/build/src/scriptengines/qml/moc_containmentinterface.cpp:417 No locals. #5 0x00007fb81974cf89 in QV4::QQmlValueTypeReference::readReferenceValue (this=this@entry=0x7fb706f8d0c0) at qml/qqmlvaluetypewrapper.cpp:161 args = {0x26a70d0, 0x0} writebackProperty = {mobj = 0x7fb7efdf1820 <ContainmentInterface::staticMetaObject>, handle = 239, idx = 5, menum = {mobj = 0x0, handle = 0}} #6 0x00007fb81974dbea in QV4::QQmlValueTypeWrapper::get (m=0x7fb706f8d0c0, name=0x7fb706f8d0b8, hasProperty=0x0) at qml/qqmlvaluetypewrapper.cpp:338 r = 0x7fb706f8d0c0 metaObject = 0x300000000 index = -1632365677 gadget = <optimized out> v = {d = {data = {c = -1 '\377', uc = 255 '\377', s = -1, sc = -1 '\377', us = 65535, i = -1, u = 4294967295, l = 4294967295, ul = 4294967295, b = 255, d = 2.1219957904712067e-314, f = -nan(0x7fffff), real = 2.1219957904712067e-314, ll = 4294967295, ull = 4294967295, o = 0xffffffff, ptr = 0xffffffff, shared = 0xffffffff}, type = 1073676288, is_shared = 1, is_null = 1}} args = {0x5b54ac0, 0x7fb700000000} #7 0x00007fb8196ae97e in get (hasProperty=0x0, name=<optimized out>, this=<optimized out>) at jsruntime/qv4object_p.h:276 No locals. #8 QV4::Runtime::getProperty (engine=0x644a880, object=..., nameIndex=<optimized out>) at jsruntime/qv4runtime.cpp:672 scope = {engine = 0x644a880, mark = 0x7fb706f8d0b8} name = {ptr = 0x7fb706f8d0b8} #9 0x00007fb707c05f95 in ?? () No symbol table info available. #10 0x00007fb7352f00c8 in ?? () No symbol table info available. #11 0x9eb41393c302a600 in ?? () No symbol table info available. #12 0x00007fb740107b20 in ?? () No symbol table info available. #13 0x0000000000000002 in ?? () No symbol table info available. #14 0x00007fffe05c7510 in ?? () No symbol table info available. #15 0x00007fb8165bf6a4 in QMetaObjectPrivate::signal (m=0x65697a0, signal_index=-530811872) at kernel/qmetaobject.cpp:868 result = {mobj = 0x0, handle = 0} i = -530811872 #16 0x00007fb8196517ba in QV4::SimpleScriptFunction::call (that=<optimized out>, callData=<optimized out>) at jsruntime/qv4functionobject.cpp:564 v4 = 0x644a880 scope = {engine = 0x644a880, mark = <optimized out>} ctxSaver = {engine = 0x644a880, savedContext = 0x7fb706f8d0b8} ctx = {<QV4::Heap::ExecutionContext> = {<QV4::Heap::Base> = {{vtable = 0x7fb819a9d300 <QV4::CallContext::static_vtbl>, mm_data = 140428681270016}}, callData = 0x7fb706f8d008, engine = 0x644a880, parent = 0x7fb707ce4030, outer = 0x7fb707cd4ab0, lookups = 0x0, compilationUnit = 0x7fb70c0eb0c0, type = QV4::Heap::ExecutionContext::Type_SimpleCallContext, strictMode = false, lineNumber = 59}, function = 0x7fb707bd71f0, locals = 0x7fb706f8d068, activation = 0x0} result = <optimized out> #17 0x00007fb81974176f in call (d=0x7fb706f8d008, this=<optimized out>) at ../../include/QtQml/5.5.0/QtQml/private/../../../../../src/qml/jsruntime/qv4object_p.h:302 No locals. #18 QQmlJavaScriptExpression::evaluate (this=this@entry=0x65c6e90, context=<optimized out>, function=..., callData=callData@entry=0x7fb706f8d008, isUndefined=isUndefined@entry=0x7fffe05c766c) at qml/qqmljavascriptexpression.cpp:158 watcher = {_c = 0x656f160, _w = 0x7fffe05c7560, _s = 0x65c6e90} capture = {<QQmlEnginePrivate::PropertyCapture> = {_vptr.PropertyCapture = 0x7fb819a953c0 <vtable for QQmlJavaScriptExpression::GuardCapture+16>}, engine = 0x6024160, expression = 0x65c6e90, watcher = 0x7fffe05c7550, guards = {_first = 0x0, _last = 0x0, _flag = 0, _count = 0}, errorString = 0x0} lastPropertyCapture = 0x0 scope = {engine = 0x644a880, mark = 0x7fb706f8d048} result = {ptr = 0x7fb706f8d048} #19 0x00007fb819741c9d in QQmlJavaScriptExpression::evaluate (this=this@entry=0x65c6e90, context=<optimized out>, function=..., isUndefined=isUndefined@entry=0x7fffe05c766c) at qml/qqmljavascriptexpression.cpp:116 No locals. #20 0x00007fb8197487dc in QQmlBinding::update (this=0x65c6e70, flags=...) at qml/qqmlbinding.cpp:194 isUndefined = false result = <optimized out> needsErrorLocationData = <optimized out> prof = {<QQmlProfilerHelper> = {<QQmlProfilerDefinitions> = {<No data fields>}, profiler = 0x0}, <No data fields>} watcher = {_c = 0x656aec0, _w = 0x7fffe05c7680, _s = 0x65c6e70} scope = {engine = 0x644a880, mark = 0x7fb706f8d000} f = {ptr = 0x7fb706f8d000} #21 0x00007fb819748c9e in update (this=<optimized out>) at qml/qqmlbinding_p.h:97 No locals. #22 QQmlBinding::expressionChanged (e=<optimized out>) at qml/qqmlbinding.cpp:260 This = <optimized out> #23 0x00007fb819724c77 in QQmlNotifier::emitNotify (endpoint=0x65c7538, a=a@entry=0x0) at qml/qqmlnotifier.cpp:73 originalSenderPtr = 0 disconnectWatch = 0x7fffe05c7740 #24 0x00007fb819724c3e in QQmlNotifier::emitNotify (endpoint=0x65c75a8, a=a@entry=0x0) at qml/qqmlnotifier.cpp:68 originalSenderPtr = 0 disconnectWatch = 0x7fffe05c7770 #25 0x00007fb819724c3e in QQmlNotifier::emitNotify (endpoint=0x65c7618, a=a@entry=0x0) at qml/qqmlnotifier.cpp:68 originalSenderPtr = 84340512 disconnectWatch = 0x7fffe05c77a0 #26 0x00007fb819724c3e in QQmlNotifier::emitNotify (endpoint=0x65c7688, a=a@entry=0x0) at qml/qqmlnotifier.cpp:68 originalSenderPtr = 84340512 disconnectWatch = 0x7fffe05c77d0 #27 0x00007fb8196c78bc in QQmlData::signalEmitted (object=0x506ef20, index=64, a=0x0) at qml/qqmlengine.cpp:751 No locals. #28 0x00007fb8165e38f0 in QMetaObject::activate (sender=0x506ef20, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3604 signal_index = 64 empty_argv = {0x2d8da40} currentThreadId = <optimized out> #29 0x00007fb8165e3e77 in call (a=0x7fffe05c7a60, r=0x506ef20, this=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qobject_impl.h:124 No locals. #30 QMetaObject::activate (sender=sender@entry=0x2697c70, signalOffset=<optimized out>, local_signal_index=local_signal_index@entry=4, argv=argv@entry=0x0) at kernel/qobject.cpp:3703 obj = <optimized out> receiverInSameThread = <optimized out> sw = {receiver = 0x506ef20, previousSender = 0x0, currentSender = {sender = 0x2697c70, signal = 7, ref = 1}, switched = true} callFunction = 0x661aac0 receiver = 0x506ef20 method_relative = <optimized out> c = 0x661a730 last = 0x690c490 locker = {val = 140428630319360} connectionLists = {connectionLists = 0x2691000} list = <optimized out> signal_index = 7 empty_argv = {0x0} currentThreadId = 0x7fb81c37c800 #31 0x00007fb8165e47e7 in QMetaObject::activate (sender=sender@entry=0x2697c70, m=m@entry=0x7fb81acd0d20 <Plasma::Corona::staticMetaObject>, local_signal_index=local_signal_index@entry=4, argv=argv@entry=0x0) at kernel/qobject.cpp:3583 No locals. #32 0x00007fb81aa52a33 in Plasma::Corona::availableScreenRectChanged (this=this@entry=0x2697c70) at /shared/src/build/src/plasma/moc_corona.cpp:369 No locals. #33 0x000000000044f778 in ShellCorona::containmentDeleted (this=0x2697c70, cont=<optimized out>) at /build/src/plasma-workspace-5.3.2/shell/shellcorona.cpp:979 No locals. #34 0x0000000000457714 in ShellCorona::qt_static_metacall (_o=_o@entry=0x2697c70, _c=_c@entry=QMetaObject::InvokeMetaMethod, _id=_id@entry=30, _a=_a@entry=0x7fffe05c7c40) at /build/src/build/shell/moc_shellcorona.cpp:296 _t = 0x2697c70 #35 0x00007fb8165e3fea in QMetaObject::activate (sender=sender@entry=0x2699d30, signalOffset=<optimized out>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fffe05c7c40) at kernel/qobject.cpp:3718 receiverInSameThread = <optimized out> sw = {receiver = 0x2697c70, previousSender = 0x0, currentSender = {sender = 0x2699d30, signal = 0, ref = 1}, switched = true} callFunction = 0x4573f0 <ShellCorona::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)> receiver = 0x2697c70 method_relative = <optimized out> c = 0x52b91e0 last = 0x617b700 locker = {val = 140428630319360} connectionLists = {connectionLists = 0x2cfb5f0} list = <optimized out> signal_index = 0 empty_argv = {0x0} currentThreadId = 0x7fb81c37c800 #36 0x00007fb8165e47e7 in QMetaObject::activate (sender=sender@entry=0x2699d30, m=m@entry=0x7fb8169f2b80 <QObject::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fffe05c7c40) at kernel/qobject.cpp:3583 *** This bug has been marked as a duplicate of bug 348511 *** |