Bug 429027

Summary: System Settings segmentation faulted in KCModuleProxyPrivate::loadModule()
Product: [Frameworks and Libraries] frameworks-kirigami Reporter: Matt Fagnani <matt.fagnani>
Component: generalAssignee: Marco Martin <notmart>
Status: RESOLVED FIXED    
Severity: crash CC: allybear254, bearshoney, bednarczyk.pawel, bugseforuns, buzzer.puckers.0n, deciccomarco71, Enygma2002_ro, esbodev, frankgraz, galdutro, ghostalienmember, gt.ajustis.i, guimarcalsilva, ivan.karev, jfincher42, Jonathan.bragadasilva, kaanc645, kde2021gi, kde, kdebugzilla, matt.fagnani, me, nate, nithinraj1106, notmart, orangewinds, prabhavagrawal7, rmyvct, sitter, worley.jeff
Priority: VHI Keywords: drkonqi
Version: unspecified   
Target Milestone: Not decided   
Platform: Fedora RPMs   
OS: Linux   
Latest Commit: https://invent.kde.org/frameworks/kirigami/commit/5ee8b2888fe092b2228ff410e2ee88e1ec558fb0 Version Fixed In: 5.88.0
Sentry Crash Report:
Attachments: Log - Clicking through every System Settings category - No crash
New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi

Description Matt Fagnani 2020-11-12 18:22:52 UTC 
Application: systemsettings5 (5.20.2)

Qt Version: 5.15.1
Frameworks Version: 5.75.0
Operating System: Linux 5.9.8-200.fc33.x86_64 x86_64
Windowing system: Wayland
Distribution: Fedora 33 (KDE Plasma)

-- Information about the crash:
- What I was doing when the application crashed:

I was using Plasma 5.20.3 on Wayland in Fedora 33 with KF 5.75.0, Qt 5.15.1, Mesa 20.2.2 in Fedora 33. I started System Settings. I selected Startup and Shutdown > Login Screen (SDDM). I set the sddm background to Breeze because the default Breeze Fedora showed a white sddm background after logging out of Plasma. I selected various items on the menu on the left. System Settings segmentation faulted in std::__atomic_base<QObjectPrivate::ConnectionData*>::load when I selected Regional Settings.

-- Backtrace:
Application: System Settings (systemsettings5), signal: Segmentation fault

[KCrash Handler]
#4  0x00007f434d202264 in std::__atomic_base<QObjectPrivate::ConnectionData*>::load(std::memory_order) const (__m=<optimized out>, this=<optimized out>) at /usr/include/c++/10/bits/atomic_base.h:747
#5  std::atomic<QObjectPrivate::ConnectionData*>::load(std::memory_order) const (__m=<optimized out>, this=<optimized out>) at /usr/include/c++/10/atomic:523
#6  QAtomicOps<QObjectPrivate::ConnectionData*>::loadRelaxed<QObjectPrivate::ConnectionData*>(std::atomic<QObjectPrivate::ConnectionData*> const&) (_q_value=<optimized out>) at ../../include/QtCore/../../src/corelib/thread/qatomic_cxx11.h:239
#7  QBasicAtomicPointer<QObjectPrivate::ConnectionData>::loadRelaxed() const (this=<optimized out>) at ../../include/QtCore/../../src/corelib/thread/qbasicatomic.h:248
#8  QObjectPrivate::ensureConnectionData() (this=<optimized out>) at kernel/qobject_p.h:371
#9  QObjectPrivate::addConnection(int, QObjectPrivate::Connection*) (this=0x0, signal=signal@entry=3, c=c@entry=0x55743c065190) at kernel/qobject.cpp:324
#10 0x00007f434d204b3e in QObjectPrivate::connectImpl(QObject const*, int, QObject const*, void**, QtPrivate::QSlotObjectBase*, Qt::ConnectionType, int const*, QMetaObject const*) (sender=0x55743d481e40, signal_index=3, receiver=0x55743c17c8f0, slot=<optimized out>, slotObj=<optimized out>, type=<optimized out>, types=<optimized out>, senderMetaObject=<optimized out>) at kernel/qobject.h:132
#11 0x00007f434d205005 in QObject::connectImpl(QObject const*, void**, QObject const*, void**, QtPrivate::QSlotObjectBase*, Qt::ConnectionType, int const*, QMetaObject const*) (sender=0x55743d481e40, signal=<optimized out>, receiver=0x55743c17c8f0, slot=0x0, slotObj=0x55743c796c90, type=Qt::AutoConnection, types=0x0, senderMetaObject=<optimized out>) at kernel/qobject.cpp:5001
#12 0x00007f432438dd64 in QObject::connect<void (QmlComponentsPool::*)(), ColumnView::classBegin()::<lambda()> > (type=Qt::AutoConnection, slot=..., context=0x55743c17c8f0, signal=(void (QmlComponentsPool::*)(class QmlComponentsPool * const)) 0x7f432437b170 <QmlComponentsPool::gridUnitChanged()>, sender=0x55743d481e40) at /usr/include/qt5/QtCore/qobject.h:347
#13 ColumnView::classBegin() (this=0x55743c17c8f0) at /usr/src/debug/kf5-kirigami2-5.75.0-1.fc33.x86_64/src/columnview.cpp:1406
#14 0x00007f434c2fbe6d in QQmlObjectCreator::createInstance(int, QObject*, bool) (this=0x7ffe1365fc30, index=38, parent=<optimized out>, isContextObject=<optimized out>) at qml/qqmlobjectcreator.cpp:1291
#15 0x00007f434c2fe1fe in QQmlObjectCreator::setPropertyBinding(QQmlPropertyData const*, QV4::CompiledData::Binding const*) (this=this@entry=0x7ffe1365fc30, bindingProperty=bindingProperty@entry=0x7f42f40c93a8, binding=binding@entry=0x7f42b3b4abc8) at /usr/include/qt5/QtCore/qendian.h:288
#16 0x00007f434c2fe7cf in QQmlObjectCreator::setupBindings(bool) (this=0x7ffe1365fc30, applyDeferredBindings=false) at qml/qqmlobjectcreator.cpp:798
#17 0x00007f434c2fb57e in QQmlObjectCreator::populateInstance(int, QObject*, QObject*, QQmlPropertyData const*) (this=this@entry=0x7ffe1365fc30, index=-1, index@entry=0, instance=0x0, bindingTarget=0x0, valueTypeProperty=valueTypeProperty@entry=0x0) at qml/qqmlobjectcreator.cpp:1555
#18 0x00007f434c2fc0db in QQmlObjectCreator::createInstance(int, QObject*, bool) (this=0x7ffe1365fc30, index=0, parent=<optimized out>, isContextObject=<optimized out>) at qml/qqmlobjectcreator.cpp:1348
#19 0x00007f434c2f73a0 in QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*, int) (this=0x7ffe1365fc30, subComponentIndex=<optimized out>, parent=0x0, interrupt=0x0, flags=<optimized out>) at qml/qqmlobjectcreator.cpp:204
#20 0x00007f434c2fc5e6 in QQmlObjectCreator::createInstance(int, QObject*, bool) (this=0x7ffe13660460, index=2, parent=0x55743d559b40, isContextObject=<optimized out>) at qml/qqmlobjectcreator.cpp:1231
#21 0x00007f434c2fe1fe in QQmlObjectCreator::setPropertyBinding(QQmlPropertyData const*, QV4::CompiledData::Binding const*) (this=this@entry=0x7ffe13660460, bindingProperty=bindingProperty@entry=0x7f42b40e8958, binding=binding@entry=0x7f42b389eb90) at /usr/include/qt5/QtCore/qendian.h:288
#22 0x00007f434c2fe7cf in QQmlObjectCreator::setupBindings(bool) (this=0x7ffe13660460, applyDeferredBindings=false) at qml/qqmlobjectcreator.cpp:798
#23 0x00007f434c2fb57e in QQmlObjectCreator::populateInstance(int, QObject*, QObject*, QQmlPropertyData const*) (this=this@entry=0x7ffe13660460, index=-1, index@entry=0, instance=0x0, bindingTarget=0x0, valueTypeProperty=valueTypeProperty@entry=0x0) at qml/qqmlobjectcreator.cpp:1555
#24 0x00007f434c2fc0db in QQmlObjectCreator::createInstance(int, QObject*, bool) (this=0x7ffe13660460, index=0, parent=<optimized out>, isContextObject=<optimized out>) at qml/qqmlobjectcreator.cpp:1348
#25 0x00007f434c2f73a0 in QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*, int) (this=0x7ffe13660460, subComponentIndex=<optimized out>, parent=0x0, interrupt=0x0, flags=<optimized out>) at qml/qqmlobjectcreator.cpp:204
#26 0x00007f434c2fc5e6 in QQmlObjectCreator::createInstance(int, QObject*, bool) (this=0x55743c6b5bf0, index=0, parent=0x0, isContextObject=<optimized out>) at qml/qqmlobjectcreator.cpp:1231
#27 0x00007f434c2f73a0 in QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*, int) (this=0x55743c6b5bf0, subComponentIndex=<optimized out>, parent=0x0, interrupt=0x0, flags=<optimized out>) at qml/qqmlobjectcreator.cpp:204
#28 0x00007f434c29d60b in QQmlComponentPrivate::beginCreate(QQmlContextData*) (this=0x55743d564090, context=<optimized out>) at /usr/include/qt5/QtCore/qscopedpointer.h:116
#29 0x00007f434c29e15a in QQmlComponent::create(QQmlContext*) (this=0x55743be26a80, context=<optimized out>) at qml/qqmlcomponent.cpp:818
#30 0x00007f434e6f2435 in KCModuleQml::KCModuleQml(std::unique_ptr<KQuickAddons::ConfigModule, std::default_delete<KQuickAddons::ConfigModule> >, QWidget*, QList<QVariant> const&) (args=..., parent=0x55743d504a50, configModule=std::unique_ptr<class KQuickAddons::ConfigModule> = {...}, this=0x55743c21ed20) at /usr/src/debug/kf5-kcmutils-5.75.0-1.fc33.x86_64/src/kcmoduleqml.cpp:150
#31 KCModuleLoader::loadModule(KCModuleInfo const&, KCModuleLoader::ErrorReporting, QWidget*, QStringList const&) (mod=<optimized out>, report=<optimized out>, parent=0x55743d504a50, args=<optimized out>) at /usr/src/debug/kf5-kcmutils-5.75.0-1.fc33.x86_64/src/kcmoduleloader.cpp:101
#32 0x00007f434e6f3ae4 in KCModuleProxyPrivate::loadModule() (this=this@entry=0x55743c6fae40) at /usr/src/debug/kf5-kcmutils-5.75.0-1.fc33.x86_64/src/kcmoduleproxy.cpp:83
#33 0x00007f434e6f4178 in KCModuleProxy::realModule() const (this=<optimized out>) at /usr/src/debug/kf5-kcmutils-5.75.0-1.fc33.x86_64/src/kcmoduleproxy.cpp:56
#34 0x00007f434e731439 in ModuleView::updatePageIconHeader(KPageWidgetItem*, bool) (this=<optimized out>, page=0x55743c88da40, light=<optimized out>) at /usr/src/debug/plasma-systemsettings-5.20.3-1.fc33.x86_64/core/ModuleView.cpp:224
#35 0x00007f434e732072 in ModuleView::addModule(KCModuleInfo*, QStringList const&) (this=0x55743a825a00, module=0x55743a839428, args=<optimized out>) at /usr/src/debug/plasma-systemsettings-5.20.3-1.fc33.x86_64/core/ModuleView.cpp:201
#36 0x00007f434e732620 in ModuleView::loadModule(QModelIndex const&, QStringList const&) (args=..., menuItem=<optimized out>, this=0x55743a825a00) at /usr/src/debug/plasma-systemsettings-5.20.3-1.fc33.x86_64/core/ModuleView.cpp:156
#37 ModuleView::loadModule(QModelIndex const&, QStringList const&) (this=0x55743a825a00, menuItem=<optimized out>, args=...) at /usr/src/debug/plasma-systemsettings-5.20.3-1.fc33.x86_64/core/ModuleView.cpp:140
#38 0x00007f4338195915 in SidebarMode::loadModule(QModelIndex const&, QStringList const&) (this=0x55743a7d65f0, activeModule=..., args=...) at /usr/src/debug/plasma-systemsettings-5.20.3-1.fc33.x86_64/sidebar/SidebarMode.cpp:473
#39 0x00007f4338199541 in SidebarMode::loadModule(QModelIndex const&, QStringList const&) (args=..., activeModule=<optimized out>, this=0x55743a7d65f0) at /usr/include/qt5/QtCore/qabstractitemmodel.h:76
#40 SidebarMode::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (_o=0x55743a7d65f0, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at /usr/src/debug/plasma-systemsettings-5.20.3-1.fc33.x86_64/x86_64-redhat-linux-gnu/sidebar/systemsettings_sidebar_mode_autogen/EWIEGA46WW/moc_SidebarMode.cpp:464
#41 0x00007f4338199b33 in SidebarMode::qt_metacall(QMetaObject::Call, int, void**) (this=0x55743a7d65f0, _c=QMetaObject::InvokeMetaMethod, _id=19, _a=0x7ffe13660eb0) at /usr/src/debug/plasma-systemsettings-5.20.3-1.fc33.x86_64/x86_64-redhat-linux-gnu/sidebar/systemsettings_sidebar_mode_autogen/EWIEGA46WW/moc_SidebarMode.cpp:591
#42 0x00007f434c2cb71d in QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const (this=0x7ffe13661150, type=QMetaObject::InvokeMetaMethod, index=<optimized out>, argv=<optimized out>) at qml/qqmlobjectorgadget.cpp:51
#43 0x00007f434c1d6739 in CallMethod (callType=<optimized out>, callArgs=0x7ffe13660f38, engine=<optimized out>, argTypes=<optimized out>, argCount=<optimized out>, returnType=<optimized out>, index=<optimized out>, object=...) at /usr/include/qt5/QtCore/qvarlengtharray.h:201
#44 CallPrecise(QQmlObjectOrGadget const&, QQmlPropertyData const&, QV4::ExecutionEngine*, QV4::CallData*, QMetaObject::Call) (object=..., data=..., engine=engine@entry=0x55743a6a6440, callArgs=callArgs@entry=0x7f432c2165b8, callType=callType@entry=QMetaObject::InvokeMetaMethod) at jsruntime/qv4qobjectwrapper.cpp:1569
#45 0x00007f434c1d7b6b in CallOverloaded (callType=QMetaObject::InvokeMetaMethod, propertyCache=0x55743aa2c200, callArgs=0x7f432c2165b8, engine=0x55743a6a6440, data=..., object=...) at jsruntime/qv4qobjectwrapper.cpp:1645
#46 QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const (this=<optimized out>, thisObject=0x7ffe13661220, argv=<optimized out>, argc=<optimized out>) at jsruntime/qv4qobjectwrapper.cpp:2133
#47 0x00007f434c1fd80a in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const (argc=1, argv=0x7f432c216558, thisObject=0x7f432c216540, this=0x7ffe136612a8) at jsruntime/qv4functionobject_p.h:172
#48 QV4::Runtime::CallPropertyLookup::call(QV4::ExecutionEngine*, QV4::Value const&, unsigned int, QV4::Value*, int) (engine=0x55743a6a6440, base=..., index=<optimized out>, argv=0x7f432c216558, argc=1) at jsruntime/qv4runtime.cpp:1460
#49 0x00007f42ca5e544c in  ()
#50 0x00007ffe136614e0 in  ()
#51 0x0000000000000000 in  ()
[Inferior 1 (process 10609) detached]

The reporter indicates this bug may be a duplicate of or related to bug 428170.

Possible duplicates by query: bug 428170, bug 417802.

Reported using DrKonqi
Comment 1 Nate Graham 2020-11-13 15:21:32 UTC 
The relevant part of the backtrace is here:


#32 0x00007f434e6f3ae4 in KCModuleProxyPrivate::loadModule() (this=this@entry=0x55743c6fae40) at /usr/src/debug/kf5-kcmutils-5.75.0-1.fc33.x86_64/src/kcmoduleproxy.cpp:83
#33 0x00007f434e6f4178 in KCModuleProxy::realModule() const (this=<optimized out>) at /usr/src/debug/kf5-kcmutils-5.75.0-1.fc33.x86_64/src/kcmoduleproxy.cpp:56
#34 0x00007f434e731439 in ModuleView::updatePageIconHeader(KPageWidgetItem*, bool) (this=<optimized out>, page=0x55743c88da40, light=<optimized out>) at /usr/src/debug/plasma-systemsettings-5.20.3-1.fc33.x86_64/core/ModuleView.cpp:224
#35 0x00007f434e732072 in ModuleView::addModule(KCModuleInfo*, QStringList const&) (this=0x55743a825a00, module=0x55743a839428, args=<optimized out>) at /usr/src/debug/plasma-systemsettings-5.20.3-1.fc33.x86_64/core/ModuleView.cpp:201
#36 0x00007f434e732620 in ModuleView::loadModule(QModelIndex const&, QStringList const&) (args=..., menuItem=<optimized out>, this=0x55743a825a00) at /usr/src/debug/plasma-systemsettings-5.20.3-1.fc33.x86_64/core/ModuleView.cpp:156
#37 ModuleView::loadModule(QModelIndex const&, QStringList const&) (this=0x55743a825a00, menuItem=<optimized out>, args=...) at /usr/src/debug/plasma-systemsettings-5.20.3-1.fc33.x86_64/core/ModuleView.cpp:140
#38 0x00007f4338195915 in SidebarMode::loadModule(QModelIndex const&, QStringList const&) (this=0x55743a7d65f0, activeModule=..., args=...) at /usr/src/debug/plasma-systemsettings-5.20.3-1.fc33.x86_64/sidebar/SidebarMode.cpp:473
#39 0x00007f4338199541 in SidebarMode::loadModule(QModelIndex const&, QStringList const&) (args=..., activeModule=<optimized out>, this=0x55743a7d65f0) at /usr/include/qt5/QtCore/qabstractitemmodel.h:76
Comment 2 Nate Graham 2021-01-11 22:54:29 UTC 
*** Bug 431418 has been marked as a duplicate of this bug. ***
Comment 3 Nate Graham 2021-01-26 21:24:31 UTC 
*** Bug 431515 has been marked as a duplicate of this bug. ***
Comment 4 Nate Graham 2021-02-06 21:46:06 UTC 
*** Bug 432564 has been marked as a duplicate of this bug. ***
Comment 5 Tony 2021-02-22 12:53:14 UTC 
*** Bug 428170 has been marked as a duplicate of this bug. ***
Comment 6 Nate Graham 2021-02-22 18:19:56 UTC 
Number of dupes piling up; raising priority.
Comment 7 Marco Martin 2021-03-16 11:03:22 UTC 
that's the part that seems more relevant to me
#11 0x00007f434d205005 in QObject::connectImpl(QObject const*, void**, QObject const*, void**, QtPrivate::QSlotObjectBase*, Qt::ConnectionType, int const*, QMetaObject const*) (sender=0x55743d481e40, signal=<optimized out>, receiver=0x55743c17c8f0, slot=0x0, slotObj=0x55743c796c90, type=Qt::AutoConnection, types=0x0, senderMetaObject=<optimized out>) at kernel/qobject.cpp:5001
#12 0x00007f432438dd64 in QObject::connect<void (QmlComponentsPool::*)(), ColumnView::classBegin()::<lambda()> > (type=Qt::AutoConnection, slot=..., context=0x55743c17c8f0, signal=(void (QmlComponentsPool::*)(class QmlComponentsPool * const)) 0x7f432437b170 <QmlComponentsPool::gridUnitChanged()>, sender=0x55743d481e40) at /usr/include/qt5/QtCore/qobject.h:347
#13 ColumnView::classBegin() (this=0x55743c17c8f0) at /usr/src/debug/kf5-kirigami2-5.75.0-1.fc33.x86_64/src/columnview.cpp:1406
#14 0x00007f434c2fbe6d in QQmlObjectCreator::createInstance(int, QObject*, bool) (this=0x7ffe1365fc30, index=38, parent=<optimized out>, isContextObject=<optimized out>) at qml/qqmlobjectcreator.cpp:1291
#15 0x00007f434c2fe1fe in QQmlObjectCreator::setPropertyBinding(QQmlPropertyData const*, QV4::CompiledData::Binding const*) (this=this@entry=0x7ffe1365fc30, bindingProperty=bindingProperty@entry=0x7f42f40c93a8, binding=binding@entry=0x7f42b3b4abc8) at /usr/include/qt5/QtCore/qendian.h:288
#16 0x00007f434c2fe7cf in QQmlObjectCreator::setupBindings(bool) (this=0x7ffe1365fc30, applyDeferredBindings=false) at qml/qqmlobjectcreator.cpp:798
#17 0x00007f434c2fb57e in QQmlObjectCreator::populateInstance(int, QObject*, QObject*, QQmlPropertyData const*) (this=this@entry=0x7ffe1365fc30, index=-1, index@entry=0, instance=0x0, bindingTarget=0x0, valueTypeProperty=valueTypeProperty@entry=0x0) at qml/qqmlobjectcreator.cpp:1555
#18 0x00007f434c2fc0db in QQmlObjectCreator::createInstance(int, QObject*, bool) (this=0x7ffe1365fc30, index=0, parent=<optimized out>, isContextObject=<optimized out>) at qml/qqmlobjectcreator.cpp:1348
Comment 8 Marco Martin 2021-03-16 12:14:33 UTC 
in this and all duplicates the last line before  going in qobject core is
connect(QmlComponentsPoolSingleton::instance(qmlEngine(this)), &QmlComponentsPool::gridUnitChanged, this, syncColumnWidth);

in columnview of kirigami.

in qobject::connectImpl:
return QObjectPrivate::connectImpl(sender, signal_index, receiver, slot, slotObj, type, types, senderMetaObject);
Comment 9 Nate Graham 2021-03-22 02:11:36 UTC 
*** Bug 434732 has been marked as a duplicate of this bug. ***
Comment 10 Nate Graham 2021-03-31 16:11:37 UTC 
*** Bug 435025 has been marked as a duplicate of this bug. ***
Comment 11 Nate Graham 2021-03-31 16:12:25 UTC 
*** Bug 433194 has been marked as a duplicate of this bug. ***
Comment 12 Nate Graham 2021-03-31 16:12:30 UTC 
*** Bug 427609 has been marked as a duplicate of this bug. ***
Comment 13 Nate Graham 2021-04-05 23:47:38 UTC 
*** Bug 435312 has been marked as a duplicate of this bug. ***
Comment 14 Nate Graham 2021-04-09 02:12:16 UTC 
*** Bug 435526 has been marked as a duplicate of this bug. ***
Comment 15 Nate Graham 2021-04-13 14:21:56 UTC 
*** Bug 435437 has been marked as a duplicate of this bug. ***
Comment 16 Nate Graham 2021-04-13 14:22:03 UTC 
*** Bug 435662 has been marked as a duplicate of this bug. ***
Comment 17 Nate Graham 2021-04-21 20:47:37 UTC 
*** Bug 435842 has been marked as a duplicate of this bug. ***
Comment 18 Nate Graham 2021-04-30 16:23:07 UTC 
*** Bug 436353 has been marked as a duplicate of this bug. ***
Comment 19 Nate Graham 2021-05-05 22:50:55 UTC 
*** Bug 436659 has been marked as a duplicate of this bug. ***
Comment 20 David Edmundson 2021-05-05 23:51:02 UTC 
It's difficult without being able to reproduce.

If someone can give me reliable steps to reproduce from a clean VM image, I would be extremely grateful.
Comment 21 guimarcalsilva 2021-05-06 05:15:35 UTC 
(In reply to David Edmundson from comment #20)
> It's difficult without being able to reproduce.
> 
> If someone can give me reliable steps to reproduce from a clean VM image, I
> would be extremely grateful.

I'm afraid there's no clear way of reproducing it other than randomly clicking between many categories for a few minutes before triggering the bug. I managed to crash system settings twice in the span of about 5-7 minutes by just clicking randomly between categories really fast (not even giving it enough time for loading before clicking on another category).
Comment 22 David Edmundson 2021-05-06 10:26:12 UTC 
Can we reproduce it in "valgrind systemsettings5" and attach any output?

it will be super slow, but potentially that might make it more trigger-able
Comment 23 guimarcalsilva 2021-05-06 22:24:42 UTC 
Created attachment 138204 [details]
Log - Clicking through every System Settings category - No crash

(In reply to David Edmundson from comment #22)
> Can we reproduce it in "valgrind systemsettings5" and attach any output?
> 
> it will be super slow, but potentially that might make it more trigger-able

I tried for more than 30 minutes to reproduce it while using Valgrind with NO success, however, what I did manage to do was to click through every category with it running and output everything to a log file. This is probably not useful and I don't code so I don't know how to interpret the results, however, I hope this can at least give you some clues.


Full log is attached, but I wanna reiterate I could NOT reproduce the crash with Valgrind in this log.
Comment 24 Matt Fagnani 2021-05-13 23:45:47 UTC 
Created attachment 138403 [details]
New crash information added by DrKonqi

systemsettings5 (5.21.5) using Qt 5.15.2

- What I was doing when the application crashed:

I tried to reproduce the System Settings crash in #429027 by selecting all the items from Startup and Shutdown down to Regional Settings in the sidebar menu on the left quickly so that sometimes the kcm screens didn't load before I selected the next one. I was using Plasma 5.21.5 on Wayland with KF 5.81.0 and Qt 5.15.2 in a Fedora 34 KDE Plasma installation. System Settings segmentation faulted in std::__atomic_base<QObjectPrivate::SignalVector*>::store(QObjectPrivate::SignalVector*, std::memory_order) at /usr/include/c++/11/bits/atomic_base.h:811 in libstdc++-devel-11.1.1-1.fc34.x86_64. The first crash was in std::__atomic_base<QObjectPrivate::ConnectionData*>::load(std::memory_order), but the traces look similar otherwise. I remember this type of crash happening for me just these two times.

-- Backtrace (Reduced):
#4  std::__atomic_base<QObjectPrivate::SignalVector*>::store(QObjectPrivate::SignalVector*, std::memory_order) (__m=std::memory_order_relaxed, __p=0x55ce07c03990, this=0x7f4330f8f888 <QQuickBasePositioner::staticMetaObject+8>) at /usr/include/c++/11/bits/atomic_base.h:811
#5  std::atomic<QObjectPrivate::SignalVector*>::store(QObjectPrivate::SignalVector*, std::memory_order) (__m=std::memory_order_relaxed, __p=0x55ce07c03990, this=0x7f4330f8f888 <QQuickBasePositioner::staticMetaObject+8>) at /usr/include/c++/11/atomic:568
#6  QAtomicOps<QObjectPrivate::SignalVector*>::storeRelaxed<QObjectPrivate::SignalVector*>(std::atomic<QObjectPrivate::SignalVector*>&, QObjectPrivate::SignalVector*) (newValue=0x55ce07c03990, _q_value=...) at ../../include/QtCore/../../src/corelib/thread/qatomic_cxx11.h:269
#7  QBasicAtomicPointer<QObjectPrivate::SignalVector>::storeRelaxed(QObjectPrivate::SignalVector*) (newValue=0x55ce07c03990, this=0x7f4330f8f888 <QQuickBasePositioner::staticMetaObject+8>) at ../../include/QtCore/../../src/corelib/thread/qbasicatomic.h:249
#8  QObjectPrivate::ConnectionData::resizeSignalVector(unsigned int) (this=this@entry=0x7f4330f8f880 <QQuickBasePositioner::staticMetaObject>, size=<optimized out>) at kernel/qobject_p.h:308
Comment 25 Nate Graham 2021-05-19 02:27:13 UTC 
*** Bug 437281 has been marked as a duplicate of this bug. ***
Comment 26 Nate Graham 2021-05-26 17:25:10 UTC 
*** Bug 437540 has been marked as a duplicate of this bug. ***
Comment 27 Nate Graham 2021-06-10 16:04:31 UTC 
*** Bug 438410 has been marked as a duplicate of this bug. ***
Comment 28 Nate Graham 2021-06-15 22:03:00 UTC 
*** Bug 438684 has been marked as a duplicate of this bug. ***
Comment 29 Nate Graham 2021-06-16 16:39:11 UTC 
*** Bug 438734 has been marked as a duplicate of this bug. ***
Comment 30 Prabhav Agrawal 2021-06-20 14:36:43 UTC 
Created attachment 139543 [details]
New crash information added by DrKonqi

systemsettings5 (5.21.4) using Qt 5.15.2

- What I was doing when the application crashed:

I was changing the asthetics when the application got crashed, dw why :( please fix it

-- Backtrace (Reduced):
#4  0x00007fde0fcd66b8 in QObjectPrivate::addConnection(int, QObjectPrivate::Connection*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007fde0fcdb320 in QObjectPrivate::connectImpl(QObject const*, int, QObject const*, void**, QtPrivate::QSlotObjectBase*, Qt::ConnectionType, int const*, QMetaObject const*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007fde0fcdb7fd in QObject::connectImpl(QObject const*, void**, QObject const*, void**, QtPrivate::QSlotObjectBase*, Qt::ConnectionType, int const*, QMetaObject const*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
[...]
#8  0x00007fde0eed195e in QQmlObjectCreator::createInstance(int, QObject*, bool) () from /lib/x86_64-linux-gnu/libQt5Qml.so.5
#9  0x00007fde0eed4ae8 in QQmlObjectCreator::setPropertyBinding(QQmlPropertyData const*, QV4::CompiledData::Binding const*) () from /lib/x86_64-linux-gnu/libQt5Qml.so.5
Comment 31 Marco Martin 2021-06-25 10:48:45 UTC 
can you run systemsettings with the failing kcm in valgrind?
Comment 32 Nate Graham 2021-07-30 17:13:23 UTC 
*** Bug 439558 has been marked as a duplicate of this bug. ***
Comment 33 Nate Graham 2021-08-04 19:28:52 UTC 
*** Bug 440133 has been marked as a duplicate of this bug. ***
Comment 34 Nate Graham 2021-08-23 19:29:50 UTC 
*** Bug 441311 has been marked as a duplicate of this bug. ***
Comment 35 Nate Graham 2021-08-23 20:27:14 UTC 
*** Bug 432196 has been marked as a duplicate of this bug. ***
Comment 36 Nate Graham 2021-09-21 21:37:08 UTC 
*** Bug 442689 has been marked as a duplicate of this bug. ***
Comment 37 Nate Graham 2021-09-21 23:12:06 UTC 
*** Bug 442559 has been marked as a duplicate of this bug. ***
Comment 38 Nate Graham 2021-10-07 16:14:48 UTC 
*** Bug 443421 has been marked as a duplicate of this bug. ***
Comment 39 Nate Graham 2021-10-14 22:57:12 UTC 
*** Bug 443722 has been marked as a duplicate of this bug. ***
Comment 40 Nate Graham 2021-10-14 23:35:09 UTC 
*** Bug 443671 has been marked as a duplicate of this bug. ***
Comment 41 Harald Sitter 2021-10-22 11:40:14 UTC 
*** Bug 430954 has been marked as a duplicate of this bug. ***
Comment 42 Harald Sitter 2021-10-22 11:40:23 UTC 
*** Bug 434719 has been marked as a duplicate of this bug. ***
Comment 43 Harald Sitter 2021-10-22 11:40:29 UTC 
*** Bug 444232 has been marked as a duplicate of this bug. ***
Comment 44 Harald Sitter 2021-10-22 11:41:41 UTC 
Moving to kirigami. QmlComponentsPoolSingleton has dodgy entry management.
Comment 45 Bug Janitor Service 2021-10-22 11:43:15 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/kirigami/-/merge_requests/404
Comment 46 Harald Sitter 2021-10-31 08:11:55 UTC 
Git commit 5ee8b2888fe092b2228ff410e2ee88e1ec558fb0 by Harald Sitter.
Committed on 31/10/2021 at 08:09.
Pushed by sitter into branch 'master'.

reliably drop component pools

previously this was extra wrong.

we had connected the componentPool (sender) to the engine (receiver),
but the engine is the parent of the componentPool, so the engine was
already disconnected by the time componentPool emitted destroyed and as
such never receive the destroyed signal, never remove the pool entry,
and then eventually crash if that engine address got reused

fix this aggressively since technically either the key or the
value may get destroyed and that'd constitute removal from the pool. one
shouldn't really be deleted without the other, but let's be explicit
here:

a) scope the previous connection from componentPool to componentPool so
it definitely runs and disappearance of the hash value results in
removal (this scenario may run with a dangling engine* in the lambda)

b) add another connection from engine to engine so hash key
disappearance also results in removal

this reliably fixes the random crashes to do with classBegin (where we
would eventually deference the dangling pointers from the hash)
FIXED-IN: 5.88.0

M  +6    -2    src/columnview.cpp

https://invent.kde.org/frameworks/kirigami/commit/5ee8b2888fe092b2228ff410e2ee88e1ec558fb0
Comment 47 Nate Graham 2021-12-07 04:00:29 UTC 
*** Bug 446598 has been marked as a duplicate of this bug. ***
Comment 48 Nate Graham 2021-12-07 04:02:14 UTC 
Duplicate bug 446598 is from someone using Frameworks 5.88 and they have the same backtrace. Re-opening. :(
Comment 49 David Edmundson 2021-12-07 05:54:18 UTC 
>Duplicate bug 446598 is from someone using Frameworks 5.88 and they have the same backtrace. Re-opening. :(

That's not the same backtrace. 

This explicitly has ColumnView::classBegin. The other does not. It looks more like: https://bugs.kde.org/show_bug.cgi?id=446555 I'll adjust that and reclose this
Comment 50 Nate Graham 2021-12-07 15:59:57 UTC 
Oh ok, sorry
Comment 51 Frank Graziano 2022-01-09 13:41:08 UTC 
Created attachment 145263 [details]
New crash information added by DrKonqi

systemsettings5 (5.23.4) using Qt 5.15.2

- What I was doing when the application crashed:
It crashes when I try to open any settings applet.

-- Backtrace (Reduced):
#6  0x00007f2fe7e97bea in QPixmapStyle::scrollBarSubControlRect (this=<optimized out>, option=0x55d5170c7f60, sc=QStyle::SC_ScrollBarGroove) at styles/qpixmapstyle.cpp:1139
#7  0x00007f2f9ad10f31 in KQuickStyleItem::subControlRect (subcontrolString=..., this=0x55d5170c4480) at /usr/src/debug/qqc2-desktop-style-5.89.0-1.2.x86_64/plugin/kquickstyleitem.cpp:1494
#8  KQuickStyleItem::qt_static_metacall (_o=0x55d5170c4480, _c=<optimized out>, _id=<optimized out>, _a=0x7fff6cdc2e20) at /usr/src/debug/qqc2-desktop-style-5.89.0-1.2.x86_64/build/plugin/qqc2desktopstyleplugin_autogen/include/moc_kquickstyleitem_p.cpp:400
#9  0x00007f2f9ad13a0b in KQuickStyleItem::qt_metacall (this=0x55d5170c4480, _c=QMetaObject::InvokeMetaMethod, _id=39, _a=0x7fff6cdc2e20) at /usr/src/debug/qqc2-desktop-style-5.89.0-1.2.x86_64/build/plugin/qqc2desktopstyleplugin_autogen/include/moc_kquickstyleitem_p.cpp:776
#10 0x00007f2fe5f5fead in QQmlObjectOrGadget::metacall (this=this@entry=0x7fff6cdc30b0, type=type@entry=QMetaObject::InvokeMetaMethod, index=<optimized out>, index@entry=86, argv=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde36-1.3.x86_64/src/qml/qml/qqmlobjectorgadget.cpp:51