Created attachment 121807 [details] valgrind log of plasmashell on wayland when logging in and logging out SUMMARY I booted into an installation of the Fedora Rawhide/31 KDE Plasma spin image Fedora-KDE-Live-x86_64-Rawhide-20190724.n.0.iso at https://koji.fedoraproject.org/koji/buildinfo?buildID=1319740 I logged into Plasma 5.16.2 on Wayland from sddm. I ran sudo dnf install x*amd* kwin*way* pla*way* to install kwayland-integration-5.16.2-1.fc31.x86_64 kwin-wayland-5.16.2-1.fc31.x86_64 plasma-workspace-wayland-5.16.2-2.fc31.x86_64 xorg-x11-drv-amdgpu-19.0.1-1.fc31.x86_64 xorg-x11-server-Xwayland-1.20.5-5.fc31.x86_64 I updated using sudo dnf upgrade --refresh. I logged out of Plasma. After I logged back into Plasma on Wayland, coredumpctl showed that plasmashell and drkonqi had aborted during the log out process. The drkonqi command line indicated a plasmashell segmentation fault. /usr/libexec/drkonqi -platform wayland --appname plasmashell --apppath /usr/bin --signal 11 --pid 10618 --appversion 5.16.2 --programname Plasma --bugaddress submit@bugs.kde.org --startupid 0 --restarted The drkonqi abort and trace from coredumpctl gdb were the following. Core was generated by `/usr/libexec/drkonqi -platform wayland --appname plasmashell --apppath /usr/bin'. Program terminated with signal SIGABRT, Aborted. #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 return ret; (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007f90200a28d9 in __GI_abort () at abort.c:79 #2 0x00007f90204d4b05 in qt_message_fatal (context=..., message=<synthetic pointer>...) at global/qlogging.cpp:1904 #3 QMessageLogger::fatal (this=this@entry=0x7fff7d7f5920, msg=msg@entry=0x7f9020dc4737 "%s") at global/qlogging.cpp:888 #4 0x00007f9020a7e765 in init_platform (argv=<optimized out>, argc=@0x7fff7d7f5bbc: 18, platformThemeName=..., platformPluginPath=..., pluginNamesWithArguments=...) at ../../include/QtCore/../../src/corelib/tools/qarraydata.h:208 #5 QGuiApplicationPrivate::createPlatformIntegration (this=0x561f4bdafaf0) at kernel/qguiapplication.cpp:1385 #6 0x00007f9020a7eef8 in QGuiApplicationPrivate::createEventDispatcher (this=<optimized out>) at kernel/qguiapplication.cpp:1402 #7 0x00007f90206b80a5 in QCoreApplicationPrivate::init (this=this@entry=0x561f4bdafaf0) at kernel/qcoreapplication.cpp:858 #8 0x00007f9020a806b3 in QGuiApplicationPrivate::init (this=this@entry=0x561f4bdafaf0) at kernel/qguiapplication.cpp:1431 #9 0x00007f902101b12d in QApplicationPrivate::init (this=0x561f4bdafaf0) at kernel/qapplication.cpp:566 #10 0x0000561f49e28707 in main (argc=<optimized out>, argv=0x7fff7d7f5db8) at /usr/src/debug/plasma-drkonqi-5.16.2-1.fc31.x86_64/src/main.cpp:65 plasmashell aborted with the following information from coredumpctl gdb. Core was generated by `/usr/bin/plasmashell'. Program terminated with signal SIGABRT, Aborted. #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 return ret; #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007f9b283b28d9 in __GI_abort () at abort.c:79 #2 0x00007f9b287e4b05 in qt_message_fatal (context=..., message=<synthetic pointer>...) at global/qlogging.cpp:1904 #3 QMessageLogger::fatal (this=this@entry=0x7ffced9a4ef0, msg=msg@entry=0x7f9b290d4737 "%s") at global/qlogging.cpp:888 #4 0x00007f9b28d8e765 in init_platform (argv=<optimized out>, argc=@0x7ffced9a514c: 1, platformThemeName=..., platformPluginPath=..., pluginNamesWithArguments=...) at ../../include/QtCore/../../src/corelib/tools/qarraydata.h:208 #5 QGuiApplicationPrivate::createPlatformIntegration (this=0x55a8cab5fe80) at kernel/qguiapplication.cpp:1385 #6 0x00007f9b28d8eef8 in QGuiApplicationPrivate::createEventDispatcher (this=<optimized out>) at kernel/qguiapplication.cpp:1402 #7 0x00007f9b289c80a5 in QCoreApplicationPrivate::init (this=this@entry=0x55a8cab5fe80) at kernel/qcoreapplication.cpp:858 #8 0x00007f9b28d906b3 in QGuiApplicationPrivate::init (this=this@entry=0x55a8cab5fe80) at kernel/qguiapplication.cpp:1431 #9 0x00007f9b294c312d in QApplicationPrivate::init (this=0x55a8cab5fe80) at kernel/qapplication.cpp:566 #10 0x000055a8c8b5ad34 in main (argc=<optimized out>, argv=0x7ffced9a5318) at /usr/src/debug/plasma-workspace-5.16.2-2.fc31.x86_64/shell/main.cpp:68 plasmashell had restarted and drkonqi started after the Wayland compositor connection had been broken during the log out process, and so they aborted with the errors shown in the following from the journal. Jul 28 14:28:32 plasmashell[11257]: Failed to create wl_display (No such file or directory) Jul 28 14:28:32 plasmashell[11257]: qt.qpa.plugin: Could not load the Qt platform plugin "wayland" in "" even though it was found. Jul 28 14:28:32 audit[11257]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=11257 comm="plasmashell" exe="/usr/bin/plasmashell" sig=6 res=1 Jul 28 14:28:32 audit[11259]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=11259 comm="drkonqi" exe="/usr/libexec/drkonqi" sig=6 res=1 Jul 28 14:28:32 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@12-11262-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Jul 28 14:28:32 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@13-11263-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Jul 28 14:28:32 plasmashell[11257]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. Available platform plugins are: wayland-org.kde.kwin.qpa, eglfs, linuxfb, minimal, minimalegl, offscreen, vnc, wayland-egl, wayland, wayland-xcomposite-egl, wayland-xcomposite-glx, xcb. Jul 28 14:28:32 drkonqi[11259]: Failed to create wl_display (No such file or directory) Jul 28 14:28:32 drkonqi[11259]: qt.qpa.plugin: Could not load the Qt platform plugin "wayland" in "" even though it was found. Jul 28 14:28:32 drkonqi[11259]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. Available platform plugins are: wayland-org.kde.kwin.qpa, eglfs, linuxfb, minimal, minimalegl, offscreen, vnc, wayland-egl, wayland, wayland-xcomposite-egl, wayland-xcomposite-glx, xcb. I switched to VT4 in which I ran gdb -p <pid of plasmashell>. I continued the plasmashell with c in gdb. I switched back to Plasma and logged out. gdb showed a segmentation fault in wl_proxy_marshal_constructor at wayland-client.c:819 in libwayland-client-0:1.17.0-1.fc30.x86_64. The full trace of the crashing thread showed that the wayland proxy pointer was null in wl_proxy_marshal_constructor and inaccessible memory errors like s = 0x3f693637c38ae00 <error: Cannot access memory at address 0x3f693637c38ae00> s = 0xc <error: Cannot access memory at address 0xc> s = 0x1 <error: Cannot access memory at address 0x1> s = 0xa <error: Cannot access memory at address 0xa> (gdb) bt full #0 wl_proxy_marshal_constructor (proxy=0x0, opcode=opcode@entry=0, interface=0x7f96f16330e0 <org_kde_kwin_blur_interface>) at src/wayland-client.c:819 args = {{i = -278739360, u = 4016227936, f = -278739360, s = 0x7f96ef62c660 "\001", o = 0x7f96ef62c660, n = 4016227936, a = 0x7f96ef62c660, h = -278739360}, {i = 1880875328, u = 1880875328, f = 1880875328, s = 0x55f3701be140 "\350xc\361\226\177", o = 0x55f3701be140, n = 1880875328, a = 0x55f3701be140, h = 1880875328}, {i = 1566035744, u = 1566035744, f = 1566035744, s = 0x7fff5d57cf20 "p\234b\357\226\177", o = 0x7fff5d57cf20, n = 1566035744, a = 0x7fff5d57cf20, h = 1566035744}, {i = 1881849208, u = 1881849208, f = 1881849208, s = 0x55f3702abd78 "", o = 0x55f3702abd78, n = 1881849208, a = 0x55f3702abd78, h = 1881849208}, {i = 1874443600, u = 1874443600, f = 1874443600, s = 0x55f36fb9bd50 "\260s,p\363U", o = 0x55f36fb9bd50, n = 1874443600, a = 0x55f36fb9bd50, h = 1874443600}, {i = -243106372, u = 4051860924, f = -243106372, s = 0x7f96f1827dbc <update_get_addr+12> "dL\213\004%\b", o = 0x7f96f1827dbc <update_get_addr+12>, n = 4051860924, a = 0x7f96f1827dbc <update_get_addr+12>, h = -243106372}, {i = 1566035552, u = 1566035552, f = 1566035552, s = 0x7fff5d57ce60 "@\341\033p\363U", o = 0x7fff5d57ce60, n = 1566035552, a = 0x7fff5d57ce60, h = 1566035552}, {i = -243085460, u = 4051881836, f = -243085460, s = 0x7f96f182cf6c <__tls_get_addr+60> "H\211\354]\303f.\017\037\204", o = 0x7f96f182cf6c <__tls_get_addr+60>, n = 4051881836, a = 0x7f96f182cf6c <__tls_get_addr+60>, h = -243085460}, {i = 1880875328, u = 1880875328, f = 1880875328, s = 0x55f3701be140 "\350xc\361\226\177", o = 0x55f3701be140, n = 1880875328, a = 0x55f3701be140, h = 1880875328}, {i = 2084089344, u = 2084089344, f = 2084089344, s = 0x3f693637c38ae00 <error: Cannot access memory at address 0x3f693637c38ae00>, o = 0x3f693637c38ae00, n = 2084089344, a = 0x3f693637c38ae00, h = 2084089344}, {i = 12, --Type <RET> for more, q to quit, c to continue without paging--c u = 12, f = 12, s = 0xc <error: Cannot access memory at address 0xc>, o = 0xc, n = 12, a = 0xc, h = 12}, {i = 1, u = 1, f = 1, s = 0x1 <error: Cannot access memory at address 0x1>, o = 0x1, n = 1, a = 0x1, h = 1}, {i = 1880875328, u = 1880875328, f = 1880875328, s = 0x55f3701be140 "\350xc\361\226\177", o = 0x55f3701be140, n = 1880875328, a = 0x55f3701be140, h = 1880875328}, {i = 1873533840, u = 1873533840, f = 1873533840, s = 0x55f36fabdb90 "\257:", o = 0x55f36fabdb90, n = 1873533840, a = 0x55f36fabdb90, h = 1873533840}, {i = 1566035744, u = 1566035744, f = 1566035744, s = 0x7fff5d57cf20 "p\234b\357\226\177", o = 0x7fff5d57cf20, n = 1566035744, a = 0x7fff5d57cf20, h = 1566035744}, {i = -278728600, u = 4016238696, f = -278728600, s = 0x7f96ef62f068 <QCoreApplication::self> "\300\372W]\377\177", o = 0x7f96ef62f068 <QCoreApplication::self>, n = 4016238696, a = 0x7f96ef62f068 <QCoreApplication::self>, h = -278728600}, {i = 1874443600, u = 1874443600, f = 1874443600, s = 0x55f36fb9bd50 "\260s,p\363U", o = 0x55f36fb9bd50, n = 1874443600, a = 0x55f36fb9bd50, h = 1874443600}, {i = -281568552, u = 4013398744, f = -281568552, s = 0x7f96ef379ad8 <QCoreApplication::notifyInternal2(QObject*, QEvent*)+136> "A\203l$\b\001H\213L$(dH3\f%(", o = 0x7f96ef379ad8 <QCoreApplication::notifyInternal2(QObject*, QEvent*)+136>, n = 4013398744, a = 0x7f96ef379ad8 <QCoreApplication::notifyInternal2(QObject*, QEvent*)+136>, h = -281568552}, {i = 10, u = 10, f = 10, s = 0xa <error: Cannot access memory at address 0xa>, o = 0xa, n = 10, a = 0xa, h = 10}, {i = -1, u = 4294967295, f = -1, s = 0xffffffff <error: Cannot access memory at address 0xffffffff>, o = 0xffffffff, n = 4294967295, a = 0xffffffff, h = -1}} ap = {{gp_offset = 0, fp_offset = 0, overflow_arg_area = 0x0, reg_save_area = 0x0}} #1 0x00007f96f15bf974 in org_kde_kwin_blur_manager_create (surface=<optimized out>, org_kde_kwin_blur_manager=<optimized out>) at /usr/src/debug/kf5-kwayland-5.59.0-2.fc31.x86_64/x86_64-redhat-linux-gnu/src/client/wayland-blur-client-protocol.h:111 id = <optimized out> id = <optimized out> #2 KWayland::Client::BlurManager::createBlur (this=0x55f3702c73f0, surface=0x55f3701be140, parent=0x55f3701be140) at /usr/src/debug/kf5-kwayland-5.59.0-2.fc31.x86_64/src/client/blur.cpp:91 s = 0x55f370d0f950 w = <optimized out> #3 0x00007f96dcbddb33 in WindowEffects::enableBlurBehind (this=<optimized out>, region=..., enable=true, window=<optimized out>) at /usr/src/debug/kwayland-integration-5.16.2-1.fc31.x86_64/src/windowsystem/windoweffects.cpp:224 blur = <optimized out> surface = 0x55f3701be140 surface = <optimized out> blur = <optimized out> #4 WindowEffects::enableBlurBehind (this=<optimized out>, window=<optimized out>, enable=<optimized out>, region=...) at /usr/src/debug/kwayland-integration-5.16.2-1.fc31.x86_64/src/windowsystem/windoweffects.cpp:215 surface = <optimized out> blur = <optimized out> #5 0x00007f96dcbde41d in WindowEffects::enableBlurBehind (this=0x55f36fb9bd30, winId=<optimized out>, enable=<optimized out>, region=...) at /usr/src/debug/kwayland-integration-5.16.2-1.fc31.x86_64/src/windowsystem/windoweffects.cpp:212 window = 0x55f37013f640 #6 0x00007f96f17b78b0 in PlasmaQuick::DialogPrivate::updateTheme (this=this@entry=0x55f3701e3c40) at /usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/plasmaquick/dialog.cpp:244 No locals. #7 0x00007f96f17b8187 in PlasmaQuick::DialogPrivate::syncToMainItemSize (this=0x55f3701e3c40) at /usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/plasmaquick/dialog.cpp:604 s = {wd = -675552000, ht = 32662} min = {wd = 1882450992, ht = 22003} max = {wd = -670699728, ht = 32662} #8 0x00007f96f17b9b9e in PlasmaQuick::DialogPrivate::slotMainItemSizeChanged (this=<optimized out>) at /usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/plasmaquick/dialog.cpp:840 No locals. #9 PlasmaQuick::Dialog::qt_static_metacall (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at /usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/x86_64-redhat-linux-gnu/src/plasmaquick/KF5PlasmaQuick_autogen/include/moc_dialog.cpp:235 _t = <optimized out> #10 0x00007f96ef3a3d5b in QMetaObject::activate (sender=0x55f3701d59b0, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3801 methodIndex = <optimized out> method_relative = <optimized out> callFunction = 0x7f96f17b9900 <PlasmaQuick::Dialog::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)> receiver = 0x55f37013f640 receiverInSameThread = <optimized out> sw = {receiver = 0x55f37013f640, previousSender = 0x0, currentSender = {sender = 0x55f3701d59b0, signal = 25, ref = 1}, switched = true} c = 0x55f3701ca030 last = 0x55f3701ca030 locker = {val = 140286238069552} connectionLists = {connectionLists = 0x55f3701ca000} list = <optimized out> currentThreadId = 0x7f96f07cbd00 signal_index = 25 empty_argv = {0x0} #11 0x00007f96f0fe1a9c in QQuickItem::geometryChanged (this=0x55f3701d59b0, newGeometry=..., oldGeometry=...) at items/qquickitem.cpp:3810 d = <optimized out> change = <optimized out> #12 0x00007f96f0fdb2a8 in QQuickItem::setHeight (this=0x55f3701d59b0, h=<optimized out>) at /usr/include/qt5/QtCore/qrect.h:644 d = 0x55f370193310 oldHeight = 720 #13 0x00007f96f0fec64a in QQuickItem::qt_static_metacall (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=0x7fff5d57d5a0) at .moc/moc_qquickitem.cpp:961 _t = <optimized out> _v = <optimized out> #14 0x00007f96f0c021ae in QQmlPropertyData::writeProperty (flags=..., value=0x7fff5d57d578, target=<optimized out>, this=<optimized out>) at ../../include/QtQml/5.12.4/QtQml/private/../../../../../src/qml/qml/qqmlpropertycache_p.h:346 status = -1 argv = {0x7fff5d57d578, 0x0, 0x7fff5d57d56c, 0x7fff5d57d568} status = <optimized out> argv = <optimized out> #15 GenericBinding<6>::doStore<double> (flags=..., pd=<optimized out>, value=<optimized out>, this=0x55f3701c97d0) at qml/qqmlbinding.cpp:332 o = 0x7fff5d57d578 o = <optimized out> #16 GenericBinding<6>::write (this=0x55f3701c97d0, result=..., isUndefined=<optimized out>, flags=...) at qml/qqmlbinding.cpp:305 pd = 0x7f96d0043b18 vpd = {<QQmlPropertyRawData> = {_flags = {_otherBits = 0, isConstant = 0, isWritable = 0, isResettable = 0, isAlias = 0, isFinal = 0, isOverridden = 0, isDirect = 0, type = 0, isVMEFunction = 0, hasArguments = 0, isSignal = 0, isVMESignal = 0, isV4Function = 0, isSignalHandler = 0, isOverload = 0, isCloned = 0, isConstructor = 0, notFullyResolved = 0, overrideIndexIsProperty = 0}, _coreIndex = -1, _propType = 0, _notifyIndex = -1, _overrideIndex = -1, _revision = 0 '\000', _typeMinorVersion = 0 '\000', _metaObjectOffset = -1, _arguments = 0x0, _staticMetaCallFunction = 0x0}, <No data fields>} vtw = <optimized out> #17 0x00007f96f0c02ef0 in QQmlNonbindingBinding::doUpdate (this=0x55f3701c97d0, watcher=..., flags=..., scope=...) at ../../include/QtQml/5.12.4/QtQml/private/../../../../../src/qml/jsruntime/qv4scopedvalue_p.h:239 ep = 0x55f36fb57370 isUndefined = false result = {ptr = 0x7f96d7bbe4c8} error = false #18 0x00007f96f0bff644 in QQmlBinding::update (this=0x55f3701c97d0, flags=...) at qml/qqmlbinding.cpp:185 watcher = {_c = 0x55f3701d59b0, _w = 0x7fff5d57d6e0, _s = 0x55f3701c97d0} engine = 0x55f36fb9ae60 scope = {engine = 0x55f36fc688f0, mark = 0x7f96d7bbe4c8} prof = {<QQmlProfilerHelper> = {<QQmlProfilerDefinitions> = {<No data fields>}, profiler = 0x0}, <No data fields>} #19 0x00007f96f0bdb86d in QQmlNotifier::emitNotify (endpoint=<optimized out>, a=a@entry=0x0) at qml/qqmlnotifier.cpp:104 data = @0x7fff5d57d808: {originalSenderPtr = 0, disconnectWatch = 0x7fff5d57d808, endpoint = 0x55f370222c28} stack = {a = 256, s = 8, ptr = 0x7fff5d57d790, {array = "\360\263\035p\363U\000\000\220\327W]\377\177\000\000\370#\323o\363U\000\000\360\263\035p\363U\000\000\250\327W]\377\177\000\000P#\323o\363U\000\000\000\000\000\000\000\000\000\000\300\327W]\377\177\000\000\000\"\323o\363U\000\000\360\263\035p\363U\000\000\330\327W]\377\177\000\000\260-\"p\363U\000\000\360\263\035p\363U\000\000\360\327W]\377\177\000\000\b-\"p\363U\000\000\000\000\000\000\000\000\000\000\b\330W]\377\177\000\000(,\"p\363U\000\000\000\000\000\000\000\000\000\000 \330W]\377\177\000\000\200+\"p\363U\000\000\000\000\000\000\000\000\000\000\070\330W]\377\177\000\000\000\245\034p\363U\000\000\377\377\377\377\000\000\000\000"..., q_for_alignment_1 = 94504046408688, q_for_alignment_2 = 4.6691202723519573e-310}} i = 5 #20 0x00007f96f0b77d85 in QQmlData::signalEmitted (object=0x55f3701db3f0, index=30, a=0x0) at qml/qqmlengine.cpp:883 ep = <optimized out> ddata = 0x55f3701db410 m = <optimized out> parameterTypes = <optimized out> types = <optimized out> args = <optimized out> ev = <optimized out> mpo = <optimized out> ii = <optimized out> typeName = <optimized out> #21 0x00007f96ef3a3763 in QMetaObject::activate (sender=0x55f3701db3f0, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.h:121 signal_index = 30 empty_argv = {0x55f3702f2f20} #22 0x00007f96f0b79b20 in QQmlData::destroyed (this=0x55f3702f4c60, object=0x55f36fd11e00) at qml/qqmlengine.cpp:1982 guard = <optimized out> binding = <optimized out> signalHandler = <optimized out> #23 0x00007f96ef3ab72d in QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>) at kernel/qobject.cpp:920 d = <optimized out> sharedRefcount = 0x55f3702c8420 d = <optimized out> sharedRefcount = <optimized out> signalSlotMutex = <optimized out> locker = <optimized out> node = <optimized out> connectionListsCount = <optimized out> signal = <optimized out> connectionList = <optimized out> c = <optimized out> m = <optimized out> needToUnlock = <optimized out> sender = <optimized out> m = <optimized out> needToUnlock = <optimized out> senderLists = <optimized out> slotObj = <optimized out> #24 0x00007f96f0fe97e8 in QQuickItem::~QQuickItem (this=0x55f36fd11e00, __in_chrg=<optimized out>) at items/qquickitem.cpp:2443 d = <optimized out> listeners = <optimized out> change = <optimized out> __for_range = <optimized out> __for_begin = <optimized out> __for_end = <optimized out> anchor = <optimized out> change = <optimized out> __for_range = <optimized out> __for_begin = <optimized out> __for_end = <optimized out> anchor = <optimized out> change = <optimized out> __for_range = <optimized out> __for_begin = <optimized out> __for_end = <optimized out> ii = <optimized out> t = <optimized out> tp = <optimized out> #25 0x00007f96f17b1f94 in PlasmaQuick::AppletQuickItem::~AppletQuickItem (this=0x55f36fd11e00, __in_chrg=<optimized out>) at /usr/include/c++/9/bits/atomic_base.h:326 No locals. #26 0x00007f96dc16d5f0 in ContainmentInterface::~ContainmentInterface (this=0x55f36fd11e00, __in_chrg=<optimized out>) at /usr/include/c++/9/bits/atomic_base.h:326 No locals. #27 ContainmentInterface::~ContainmentInterface (this=0x55f36fd11e00, __in_chrg=<optimized out>) at /usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/scriptengines/qml/plasmoid/containmentinterface.h:51 No locals. #28 0x00007f96ef3aacfc in QObjectPrivate::deleteChildren (this=this@entry=0x55f36fd129d0) at kernel/qobject.cpp:2016 i = 0 #29 0x00007f96ef3abc4f in QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>) at kernel/qobject.cpp:1032 d = <optimized out> sharedRefcount = <optimized out> d = <optimized out> sharedRefcount = <optimized out> signalSlotMutex = <optimized out> locker = <optimized out> node = <optimized out> connectionListsCount = <optimized out> signal = <optimized out> connectionList = <optimized out> c = <optimized out> m = <optimized out> needToUnlock = <optimized out> sender = <optimized out> m = <optimized out> needToUnlock = <optimized out> senderLists = <optimized out> slotObj = <optimized out> #30 0x00007f96dc155948 in DeclarativeAppletScript::~DeclarativeAppletScript (this=0x55f36fd0b7d0, __in_chrg=<optimized out>) at /usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/scriptengines/qml/plasmoid/declarativeappletscript.cpp:69 No locals. #31 DeclarativeAppletScript::~DeclarativeAppletScript (this=0x55f36fd0b7d0, __in_chrg=<optimized out>) at /usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/scriptengines/qml/plasmoid/declarativeappletscript.cpp:71 No locals. #32 0x00007f96f130ff9f in Plasma::AppletPrivate::~AppletPrivate (this=0x55f36fba4da0, __in_chrg=<optimized out>) at /usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/plasma/private/applet_p.cpp:107 No locals. #33 0x00007f96f13101ad in Plasma::AppletPrivate::~AppletPrivate (this=0x55f36fba4da0, __in_chrg=<optimized out>) at /usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/plasma/private/applet_p.cpp:96 No locals. #34 0x00007f96f12f961d in Plasma::Applet::~Applet (this=0x55f36fd137f0, __in_chrg=<optimized out>) at /usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/plasma/applet.cpp:144 No locals. #35 0x00007f96f12fec4d in Plasma::Containment::~Containment (this=0x55f36fd137f0, __in_chrg=<optimized out>) at /usr/src/debug/kf5-plasma-5.59.0-1.fc31.x86_64/src/plasma/containment.cpp:84 No locals. #36 0x000055f36f383209 in ShellCorona::~ShellCorona (this=0x55f36fb5f110, __in_chrg=<optimized out>) at /usr/include/qt5/QtCore/qlist.h:235 No locals. #37 0x000055f36f3834ed in ShellCorona::~ShellCorona (this=0x55f36fb5f110, __in_chrg=<optimized out>) at /usr/src/debug/plasma-workspace-5.16.2-2.fc31.x86_64/shell/shellcorona.cpp:233 No locals. #38 0x00007f96ef3aacfc in QObjectPrivate::deleteChildren (this=this@entry=0x55f36fae6dc0) at kernel/qobject.cpp:2016 i = 0 #39 0x00007f96ef3abc4f in QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>) at kernel/qobject.cpp:1032 d = <optimized out> sharedRefcount = <optimized out> d = <optimized out> sharedRefcount = <optimized out> signalSlotMutex = <optimized out> locker = <optimized out> node = <optimized out> connectionListsCount = <optimized out> signal = <optimized out> connectionList = <optimized out> c = <optimized out> m = <optimized out> needToUnlock = <optimized out> sender = <optimized out> m = <optimized out> needToUnlock = <optimized out> senderLists = <optimized out> slotObj = <optimized out> #40 0x000055f36f38f0a7 in ShellManager::~ShellManager (this=0x55f36fb0be00, __in_chrg=<optimized out>) at /usr/src/debug/plasma-workspace-5.16.2-2.fc31.x86_64/shell/shellmanager.cpp:57 No locals. #41 ShellManager::~ShellManager (this=0x55f36fb0be00, __in_chrg=<optimized out>) at /usr/src/debug/plasma-workspace-5.16.2-2.fc31.x86_64/shell/shellmanager.cpp:86 No locals. #42 0x00007f96ef3a4a04 in QObject::event (this=0x55f36fb0be00, e=<optimized out>) at kernel/qobject.cpp:1251 No locals. #43 0x00007f96efe74af6 in QApplicationPrivate::notify_helper (this=this@entry=0x55f36fab7e80, receiver=receiver@entry=0x55f36fb0be00, e=e@entry=0x55f372c0e740) at kernel/qapplication.cpp:3737 consumed = false filtered = false #44 0x00007f96efe7de80 in QApplication::notify (this=0x7fff5d57fac0, receiver=0x55f36fb0be00, e=0x55f372c0e740) at kernel/qapplication.cpp:3483 w = <optimized out> extra = <optimized out> isProxyWidget = <optimized out> d = <optimized out> res = false me = <optimized out> #45 0x00007f96ef379ad8 in QCoreApplication::notifyInternal2 (receiver=0x55f36fb0be00, event=0x55f372c0e740) at kernel/qcoreapplication.cpp:1084 selfRequired = true result = false cbdata = {0x55f36fb0be00, 0x55f372c0e740, 0x7fff5d57f8bf} d = <optimized out> threadData = 0x55f36fabdb90 scopeLevelCounter = {threadData = 0x55f36fabdb90} #46 0x00007f96ef37ca7b in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=52, data=0x55f36fabdb90) at kernel/qcoreapplication.cpp:1821 e = 0x55f372c0e740 pe = <optimized out> r = <optimized out> unlocker = {m = <synthetic pointer><error reading variable>} event_deleter = {d = 0x55f372c0e740} locker = {val = 94504038947776} startOffset = 3 i = @0x7fff5d57f93c: 3 cleanup = {receiver = 0x0, event_type = 52, data = 0x55f36fabdb90, exceptionCaught = true} #47 0x00007f96ef38071f in QCoreApplication::exec () at kernel/qcoreapplication.h:86 threadData = 0x55f36fabdb90 eventLoop = {<QObject> = {_vptr.QObject = 0x7f96ef629a28 <vtable for QEventLoop+16>, static staticMetaObject = {d = {superdata = 0x0, stringdata = 0x7f96ef519300 <qt_meta_stringdata_QObject>, data = 0x7f96ef5191e0 <qt_meta_data_QObject>, static_metacall = 0x7f96ef3abfc0 <QObject::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}, d_ptr = {d = 0x55f36fb3f8e0}, static staticQtMetaObject = {d = {superdata = 0x0, stringdata = 0x7f96ef51c220 <qt_meta_stringdata_Qt>, data = 0x7f96ef519420 <qt_meta_data_Qt>, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}}, static staticMetaObject = {d = {superdata = 0x7f96ef621fe0 <QObject::staticMetaObject>, stringdata = 0x7f96ef5136a0 <qt_meta_stringdata_QEventLoop>, data = 0x7f96ef513640 <qt_meta_data_QEventLoop>, static_metacall = 0x7f96ef3786f0 <QEventLoop::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}} returnCode = 0 #48 0x000055f36f3557e4 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/plasma-workspace-5.16.2-2.fc31.x86_64/shell/main.cpp:215 qpaVariable = <optimized out> app = {<QGuiApplication> = {<QCoreApplication> = {<QObject> = {_vptr.QObject = 0x7f96f0374f78 <vtable for QApplication+16>, static staticMetaObject = {d = {superdata = 0x0, stringdata = 0x7f96ef519300 <qt_meta_stringdata_QObject>, data = 0x7f96ef5191e0 <qt_meta_data_QObject>, static_metacall = 0x7f96ef3abfc0 <QObject::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}, d_ptr = {d = 0x55f36fab7e80}, static staticQtMetaObject = {d = {superdata = 0x0, stringdata = 0x7f96ef51c220 <qt_meta_stringdata_Qt>, data = 0x7f96ef519420 <qt_meta_data_Qt>, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}}, static staticMetaObject = {d = {superdata = 0x7f96ef621fe0 <QObject::staticMetaObject>, stringdata = 0x7f96ef513d40 <qt_meta_stringdata_QCoreApplication>, data = 0x7f96ef513c20 <qt_meta_data_QCoreApplication>, static_metacall = 0x7f96ef37b570 <QCoreApplication::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}, static self = 0x7fff5d57fac0}, static staticMetaObject = {d = {superdata = 0x7f96ef629bc0 <QCoreApplication::staticMetaObject>, stringdata = 0x7f96efa7cde0 <qt_meta_stringdata_QGuiApplication>, data = 0x7f96efa7cb60 <qt_meta_data_QGuiApplication>, static_metacall = 0x7f96ef743de0 <QGuiApplication::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}}, static staticMetaObject = {d = {superdata = 0x7f96efb55de0 <QGuiApplication::staticMetaObject>, stringdata = 0x7f96f021ba40 <qt_meta_stringdata_QApplication>, data = 0x7f96f021b8c0 <qt_meta_data_QApplication>, static_metacall = 0x7f96efe7b2b0 <QApplication::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}} aboutData = {static staticMetaObject = {d = {superdata = 0x0, stringdata = 0x7f96f059c160, data = 0x7f96f059c060, static_metacall = 0x7f96f053cbe0 <KAboutData::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}, d = 0x55f36faf7890} service = <incomplete type> The wl_proxy_marshal_constructor function dereferenced proxy with proxy->object.interface->methods[opcode].signature without checking if it was null at line 820. (gdb) list 814 const struct wl_interface *interface, ...) 815 { 816 union wl_argument args[WL_CLOSURE_MAX_ARGS]; 817 va_list ap; 818 819 va_start(ap, interface); 820 wl_argument_from_va_list(proxy->object.interface->methods[opcode].signature, 821 args, WL_CLOSURE_MAX_ARGS, ap); 822 va_end(ap); (gdb) p proxy $3 = (struct wl_proxy *) 0x0 (gdb) p proxy->object.interface->methods[opcode].signature Cannot access memory at address 0x0 I changed /etc/xdg/autostart/org.kde.plasmashell.desktop at line 2 with kate to run plasmashell under valgrind like Exec=valgrind --log-file=valgrind-plasmashell-logout-crash-2.txt --track-origins=yes plasmashell I logged out and back into Plasma on Wayland. I changed /etc/xdg/autostart/org.kde.plasmashell.desktop at line 2 back to Exec=plasmashell I checked the valgrind log file and then logged out. The valgrind log file showed invalid read and write in wl_proxy_unref at wayland-client.c:229-230 which appeared to be use-after-free errors due to the lines like "Address 0xac3e20c is 44 bytes inside a block of size 72 free'd" ==10618== Invalid read of size 4 ==10618== at 0x7370BB4: wl_proxy_unref (wayland-client.c:229) ==10618== by 0x7370CB3: destroy_queued_closure (wayland-client.c:291) ==10618== by 0x7370EC7: dispatch_event.isra.0 (wayland-client.c:1436) ==10618== by 0x737246B: dispatch_queue (wayland-client.c:1576) ==10618== by 0x737246B: wl_display_dispatch_queue_pending (wayland-client.c:1818) ==10618== by 0x73728AA: wl_display_roundtrip_queue (wayland-client.c:1241) ==10618== by 0x4A7BB73: KWayland::Client::ConnectionThread::roundtrip() (connection_thread.cpp:290) ==10618== by 0x1809AEE9: KWaylandIntegration::init() (kwaylandintegration.cpp:67) ==10618== by 0x18080FA0: KdePlatformTheme::KdePlatformTheme() (kdeplatformtheme.cpp:84) ==10618== by 0x1809D65A: KdePlatformThemePlugin::create(QString const&, QStringList const&) (main.cpp:37) ==10618== by 0x659E418: QPlatformTheme* qLoadPlugin<QPlatformTheme, QPlatformThemePlugin, QStringList&>(QFactoryLoader const*, QString const&, QStringList&) (qfactoryloader_p.h:108) ==10618== by 0x659DDB5: QPlatformThemeFactory::create(QString const&, QString const&) (qplatformthemefactory.cpp:73) ==10618== by 0x65A6847: init_platform (qguiapplication.cpp:1247) ==10618== by 0x65A6847: QGuiApplicationPrivate::createPlatformIntegration() (qguiapplication.cpp:1385) ==10618== Address 0xac3e20c is 44 bytes inside a block of size 72 free'd ==10618== at 0x4839A0C: free (vg_replace_malloc.c:540) ==10618== by 0x4A92C14: destroy (wayland_pointer_p.h:63) ==10618== by 0x4A92C14: KWayland::Client::Registry::Private::globalSync(void*, wl_callback*, unsigned int) (registry.cpp:539) ==10618== by 0x857BAA7: ffi_call_unix64 (unix64.S:76) ==10618== by 0x857B2A3: ffi_call (ffi64.c:525) ==10618== by 0x7374606: wl_closure_invoke (connection.c:1014) ==10618== by 0x7370F17: dispatch_event.isra.0 (wayland-client.c:1430) ==10618== by 0x737246B: dispatch_queue (wayland-client.c:1576) ==10618== by 0x737246B: wl_display_dispatch_queue_pending (wayland-client.c:1818) ==10618== by 0x73728AA: wl_display_roundtrip_queue (wayland-client.c:1241) ==10618== by 0x4A7BB73: KWayland::Client::ConnectionThread::roundtrip() (connection_thread.cpp:290) ==10618== by 0x1809AEE9: KWaylandIntegration::init() (kwaylandintegration.cpp:67) ==10618== by 0x18080FA0: KdePlatformTheme::KdePlatformTheme() (kdeplatformtheme.cpp:84) ==10618== by 0x1809D65A: KdePlatformThemePlugin::create(QString const&, QStringList const&) (main.cpp:37) ==10618== Block was alloc'd at ==10618== at 0x483AB1A: calloc (vg_replace_malloc.c:762) ==10618== by 0x7370D42: UnknownInlinedFun (wayland-private.h:236) ==10618== by 0x7370D42: proxy_create.isra.0 (wayland-client.c:421) ==10618== by 0x737142B: create_outgoing_proxy (wayland-client.c:650) ==10618== by 0x737142B: wl_proxy_marshal_array_constructor_versioned (wayland-client.c:735) ==10618== by 0x7371782: wl_proxy_marshal_constructor (wayland-client.c:824) ==10618== by 0x4A930BD: wl_display_sync (wayland-client-protocol.h:958) ==10618== by 0x4A930BD: KWayland::Client::Registry::create(wl_display*) (registry.cpp:470) ==10618== by 0x4A9313A: KWayland::Client::Registry::create(KWayland::Client::ConnectionThread*) (registry.cpp:479) ==10618== by 0x1809AE6D: KWaylandIntegration::init() (kwaylandintegration.cpp:55) ==10618== by 0x18080FA0: KdePlatformTheme::KdePlatformTheme() (kdeplatformtheme.cpp:84) ==10618== by 0x1809D65A: KdePlatformThemePlugin::create(QString const&, QStringList const&) (main.cpp:37) ==10618== by 0x659E418: QPlatformTheme* qLoadPlugin<QPlatformTheme, QPlatformThemePlugin, QStringList&>(QFactoryLoader const*, QString const&, QStringList&) (qfactoryloader_p.h:108) ==10618== by 0x659DDB5: QPlatformThemeFactory::create(QString const&, QString const&) (qplatformthemefactory.cpp:73) ==10618== by 0x65A6847: init_platform (qguiapplication.cpp:1247) ==10618== by 0x65A6847: QGuiApplicationPrivate::createPlatformIntegration() (qguiapplication.cpp:1385) ==10618== ==10618== Invalid write of size 4 ==10618== at 0x7370BBE: wl_proxy_unref (wayland-client.c:230) ==10618== by 0x7370CB3: destroy_queued_closure (wayland-client.c:291) ==10618== by 0x7370EC7: dispatch_event.isra.0 (wayland-client.c:1436) ==10618== by 0x737246B: dispatch_queue (wayland-client.c:1576) ==10618== by 0x737246B: wl_display_dispatch_queue_pending (wayland-client.c:1818) ==10618== by 0x73728AA: wl_display_roundtrip_queue (wayland-client.c:1241) ==10618== by 0x4A7BB73: KWayland::Client::ConnectionThread::roundtrip() (connection_thread.cpp:290) ==10618== by 0x1809AEE9: KWaylandIntegration::init() (kwaylandintegration.cpp:67) ==10618== by 0x18080FA0: KdePlatformTheme::KdePlatformTheme() (kdeplatformtheme.cpp:84) ==10618== by 0x1809D65A: KdePlatformThemePlugin::create(QString const&, QStringList const&) (main.cpp:37) ==10618== by 0x659E418: QPlatformTheme* qLoadPlugin<QPlatformTheme, QPlatformThemePlugin, QStringList&>(QFactoryLoader const*, QString const&, QStringList&) (qfactoryloader_p.h:108) ==10618== by 0x659DDB5: QPlatformThemeFactory::create(QString const&, QString const&) (qplatformthemefactory.cpp:73) ==10618== by 0x65A6847: init_platform (qguiapplication.cpp:1247) ==10618== by 0x65A6847: QGuiApplicationPrivate::createPlatformIntegration() (qguiapplication.cpp:1385) ==10618== Address 0xac3e20c is 44 bytes inside a block of size 72 free'd ==10618== at 0x4839A0C: free (vg_replace_malloc.c:540) ==10618== by 0x4A92C14: destroy (wayland_pointer_p.h:63) ==10618== by 0x4A92C14: KWayland::Client::Registry::Private::globalSync(void*, wl_callback*, unsigned int) (registry.cpp:539) ==10618== by 0x857BAA7: ffi_call_unix64 (unix64.S:76) ==10618== by 0x857B2A3: ffi_call (ffi64.c:525) ==10618== by 0x7374606: wl_closure_invoke (connection.c:1014) ==10618== by 0x7370F17: dispatch_event.isra.0 (wayland-client.c:1430) ==10618== by 0x737246B: dispatch_queue (wayland-client.c:1576) ==10618== by 0x737246B: wl_display_dispatch_queue_pending (wayland-client.c:1818) ==10618== by 0x73728AA: wl_display_roundtrip_queue (wayland-client.c:1241) ==10618== by 0x4A7BB73: KWayland::Client::ConnectionThread::roundtrip() (connection_thread.cpp:290) ==10618== by 0x1809AEE9: KWaylandIntegration::init() (kwaylandintegration.cpp:67) ==10618== by 0x18080FA0: KdePlatformTheme::KdePlatformTheme() (kdeplatformtheme.cpp:84) ==10618== by 0x1809D65A: KdePlatformThemePlugin::create(QString const&, QStringList const&) (main.cpp:37) ==10618== Block was alloc'd at ==10618== at 0x483AB1A: calloc (vg_replace_malloc.c:762) ==10618== by 0x7370D42: UnknownInlinedFun (wayland-private.h:236) ==10618== by 0x7370D42: proxy_create.isra.0 (wayland-client.c:421) ==10618== by 0x737142B: create_outgoing_proxy (wayland-client.c:650) ==10618== by 0x737142B: wl_proxy_marshal_array_constructor_versioned (wayland-client.c:735) ==10618== by 0x7371782: wl_proxy_marshal_constructor (wayland-client.c:824) ==10618== by 0x4A930BD: wl_display_sync (wayland-client-protocol.h:958) ==10618== by 0x4A930BD: KWayland::Client::Registry::create(wl_display*) (registry.cpp:470) ==10618== by 0x4A9313A: KWayland::Client::Registry::create(KWayland::Client::ConnectionThread*) (registry.cpp:479) ==10618== by 0x1809AE6D: KWaylandIntegration::init() (kwaylandintegration.cpp:55) ==10618== by 0x18080FA0: KdePlatformTheme::KdePlatformTheme() (kdeplatformtheme.cpp:84) ==10618== by 0x1809D65A: KdePlatformThemePlugin::create(QString const&, QStringList const&) (main.cpp:37) ==10618== by 0x659E418: QPlatformTheme* qLoadPlugin<QPlatformTheme, QPlatformThemePlugin, QStringList&>(QFactoryLoader const*, QString const&, QStringList&) (qfactoryloader_p.h:108) ==10618== by 0x659DDB5: QPlatformThemeFactory::create(QString const&, QString const&) (qplatformthemefactory.cpp:73) ==10618== by 0x65A6847: init_platform (qguiapplication.cpp:1247) ==10618== by 0x65A6847: QGuiApplicationPrivate::createPlatformIntegration() (qguiapplication.cpp:1385) ==10618== Ten conditional jumps or moves based on uninitialized variables created by were shown starting with ==10618== Thread 3 QQmlThread: ==10618== Conditional jump or move depends on uninitialised value(s) ==10618== at 0x1A2A20DC: ??? ==10618== by 0x1A1DCD57: ??? ==10618== Uninitialised value was created by a heap allocation ==10618== at 0x483AD19: realloc (vg_replace_malloc.c:836) ==10618== by 0x6A963FF: reallocateData (qarraydata.cpp:83) ==10618== by 0x6A963FF: QArrayData::reallocateUnaligned(QArrayData*, unsigned long, unsigned long, QFlags<QArrayData::AllocationOption>) (qarraydata.cpp:146) ==10618== by 0x6B05EA9: UnknownInlinedFun (qarraydata.h:232) ==10618== by 0x6B05EA9: QString::reallocData(unsigned int, bool) (qstring.cpp:2388) ==10618== by 0x6B05F1B: QString::resize(int) (qstring.cpp:2296) ==10618== by 0x6B0ED48: append (qstring.cpp:10971) ==10618== by 0x6B0ED48: QString::append(QStringRef const&) (qstring.cpp:10965) ==10618== by 0x6BA42DE: operator+= (qstring.h:484) ==10618== by 0x6BA42DE: appendToUser (qurl.cpp:846) ==10618== by 0x6BA42DE: appendPath (qurl.cpp:949) ==10618== by 0x6BA42DE: QUrl::toString(QUrlTwoFlags<QUrl::UrlFormattingOption, QUrl::ComponentFormattingOption>) const (qurl.cpp:3362) ==10618== by 0x48A5B07: PlasmaQuick::PackageUrlInterceptor::intercept(QUrl const&, QQmlAbstractUrlInterceptor::DataType) (packageurlinterceptor.cpp:102) ==10618== by 0x55262F1: QQmlDataBlob::QQmlDataBlob(QUrl const&, QQmlDataBlob::Type, QQmlTypeLoader*) (qqmltypeloader.cpp:263) ==10618== by 0x5526574: QQmlTypeLoader::Blob::Blob(QUrl const&, QQmlDataBlob::Type, QQmlTypeLoader*) (qqmltypeloader.cpp:1342) ==10618== by 0x5527E01: QQmlScriptBlob::QQmlScriptBlob(QUrl const&, QQmlTypeLoader*) (qqmltypeloader.cpp:2998) ==10618== by 0x552D80A: QQmlTypeLoader::getScript(QUrl const&) (qqmltypeloader.cpp:1748) ==10618== by 0x552E21A: QQmlTypeData::resolveTypes() (qqmltypeloader.cpp:2676) ==1 An invalid read at 0x0 in wl_proxy_marshal_constructor at wayland-client.c:820 was shown with a trace like that shown by gdb for the segmentation fault. This invalid read might be a null pointer dereference of proxy. ==10618== Invalid read of size 8 ==10618== at 0x737171A: wl_proxy_marshal_constructor (wayland-client.c:820) ==10618== by 0x4A7A973: org_kde_kwin_blur_manager_create (wayland-blur-client-protocol.h:111) ==10618== by 0x4A7A973: KWayland::Client::BlurManager::createBlur(KWayland::Client::Surface*, QObject*) (blur.cpp:91) ==10618== by 0x19E76B32: enableBlurBehind (windoweffects.cpp:224) ==10618== by 0x19E76B32: WindowEffects::enableBlurBehind(QWindow*, bool, QRegion const&) (windoweffects.cpp:215) ==10618== by 0x19E7741C: WindowEffects::enableBlurBehind(unsigned long long, bool, QRegion const&) (windoweffects.cpp:212) ==10618== by 0x488D8AF: PlasmaQuick::DialogPrivate::updateTheme() (dialog.cpp:244) ==10618== by 0x488E186: PlasmaQuick::DialogPrivate::syncToMainItemSize() (dialog.cpp:604) ==10618== by 0x488FB9D: slotMainItemSizeChanged (dialog.cpp:840) ==10618== by 0x488FB9D: PlasmaQuick::Dialog::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (moc_dialog.cpp:235) ==10618== by 0x6C5CD5A: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3801) ==10618== by 0x4FA0A9B: QQuickItem::geometryChanged(QRectF const&, QRectF const&) (qquickitem.cpp:3810) ==10618== by 0x4F9A2A7: QQuickItem::setHeight(double) (qquickitem.cpp:6826) ==10618== by 0x4FAB649: QQuickItem::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (moc_qquickitem.cpp:961) ==10618== by 0x55771AD: writeProperty (qqmlpropertycache_p.h:346) ==10618== by 0x55771AD: doStore<double> (qqmlbinding.cpp:332) ==10618== by 0x55771AD: GenericBinding<6>::write(QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) (qqmlbinding.cpp:305) ==10618== Address 0x0 is not stack'd, malloc'd or (recently) free'd coredumpctl showed that plasmashell and drkonqi aborts due to the plasmashell segmentation fault have happened nine times in the last day which are most of the times I've logged out of Plasma on Wayland. STEPS TO REPRODUCE 1. boot into an installation of the Fedora Rawhide/31 KDE Plasma spin image Fedora-KDE-Live-x86_64-Rawhide-20190724.n.0.iso at https://koji.fedoraproject.org/koji/buildinfo?buildID=1319740 2. logg into Plasma 5.16.2 on Wayland from sddm 3. sudo dnf install x*amd* kwin*way* pla*way* (in konsole) 4. sudo dnf upgrade --refresh 5. log out of Plasma. 6. log back into Plasma on Wayland 7. coredumpctl OBSERVED RESULT plasmashell 5.16.2 segmentation faults in wl_proxy_marshal_constructor at wayland-client.c:819 in libwayland-client when logging out of Plasma on Wayland with plasmashell restarting and aborting and drkonqi aborte EXPECTED RESULT No plasmashell crashes SOFTWARE/OS VERSIONS Linux/KDE Plasma: Fedora Rawhide/31 (available in About System) KDE Plasma Version: 5.16.2 KDE Frameworks Version: 5.59.0 Qt Version: 5.12.4 ADDITIONAL INFORMATION The plasmashell segmentation faults reported at https://bugs.kde.org/show_bug.cgi?id=408847 were also in wl_proxy_marshal_constructor at wayland-client.c:819-820 and proxy was null. Those crashes occurred when logging in or within a few minutes after, or clicking many times on the apps launcher. The other parts of the trace are different as they involve functions like org_kde_kwin_blur_manager_create and KWayland::Client::BlurManager::createBlur from kf5-kwayland-5.59.0-2.fc31.x86_64. The underlying problem might involve org_kde_kwin_blur_manager_create in kwayland calling wl_proxy_marshal_constructor with proxy being null. If wl_proxy_marshal_constructor were to check if proxy was null before it was dereferenced in line 820, the crash might also be avoided.
Created attachment 121808 [details] gdb full trace of all threads and other output from the plasmashell segmentation fault core file on logging out of Plasma on Wayland
*** This bug has been marked as a duplicate of bug 414834 ***