Application: kinfocenter (5.17.2) Qt Version: 5.13.1 Frameworks Version: 5.64.0 Operating System: Linux 5.3.9-1-default x86_64 Distribution: "openSUSE Tumbleweed" -- Information about the crash: - What I was doing when the application crashed: Looking at energy information. Clicked the close button in the window bar. Crash. The crash can be reproduced sometimes. -- Backtrace: Application: Info Centre (kinfocenter), signal: Segmentation fault Using host libthread_db library "/lib64/libthread_db.so.1". 29 return SYSCALL_CANCEL (poll, fds, nfds, timeout); [Current thread is 1 (Thread 0x7f036a568800 (LWP 6767))] Thread 4 (Thread 0x7f036502a700 (LWP 6771)): #0 futex_wait_cancelable (private=0, expected=0, futex_word=0x55e1c59cb208) at ../sysdeps/unix/sysv/linux/futex-internal.h:80 #1 __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55e1c59cb1b8, cond=0x55e1c59cb1e0) at pthread_cond_wait.c:508 #2 __pthread_cond_wait (cond=0x55e1c59cb1e0, mutex=0x55e1c59cb1b8) at pthread_cond_wait.c:638 #3 0x00007f036568724b in cnd_wait (mtx=0x55e1c59cb1b8, cond=0x55e1c59cb1e0) at ../include/c11/threads_posix.h:155 #4 util_queue_thread_func (input=input@entry=0x55e1c5ad74b0) at ../src/util/u_queue.c:272 #5 0x00007f0365687147 in impl_thrd_routine (p=<optimized out>) at ../include/c11/threads_posix.h:87 #6 0x00007f036bad8f2a in start_thread (arg=<optimized out>) at pthread_create.c:479 #7 0x00007f036e8714af in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Thread 3 (Thread 0x7f03675ce700 (LWP 6770)): #0 0x00007f036e866bdf in __GI___poll (fds=0x7f03580029e0, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29 #1 0x00007f036b1ce27e in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x7f03580029e0, timeout=<optimized out>, context=0x7f0358000c30) at ../glib/gmain.c:4216 #2 g_main_context_iterate (context=context@entry=0x7f0358000c30, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:3912 #3 0x00007f036b1ce39f in g_main_context_iteration (context=0x7f0358000c30, may_block=may_block@entry=1) at ../glib/gmain.c:3978 #4 0x00007f036d2a699b in QEventDispatcherGlib::processEvents (this=0x7f0358000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:425 #5 0x00007f036d24f0db in QEventLoop::exec (this=this@entry=0x7f03675cdd70, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:140 #6 0x00007f036d087021 in QThread::exec (this=this@entry=0x7f036c310d80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at ../../include/QtCore/../../src/corelib/global/qflags.h:120 #7 0x00007f036c28e4f6 in QDBusConnectionManager::run (this=0x7f036c310d80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:178 #8 0x00007f036d0881a2 in QThreadPrivate::start (arg=0x7f036c310d80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:360 #9 0x00007f036bad8f2a in start_thread (arg=<optimized out>) at pthread_create.c:479 #10 0x00007f036e8714af in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Thread 2 (Thread 0x7f0368502700 (LWP 6769)): #0 0x00007f036e866bdf in __GI___poll (fds=fds@entry=0x7f0368501ca8, nfds=nfds@entry=1, timeout=timeout@entry=-1) at ../sysdeps/unix/sysv/linux/poll.c:29 #1 0x00007f036bb14742 in poll (__timeout=-1, __nfds=1, __fds=0x7f0368501ca8) at /usr/include/bits/poll2.h:46 #2 _xcb_conn_wait (cond=<optimized out>, count=<optimized out>, vector=<optimized out>, c=<optimized out>) at xcb_conn.c:479 #3 _xcb_conn_wait (c=0x55e1c579a900, cond=<optimized out>, vector=0x0, count=0x0) at xcb_conn.c:435 #4 0x00007f036bb153fa in xcb_wait_for_event (c=c@entry=0x55e1c579a900) at xcb_in.c:697 #5 0x00007f0368719f90 in QXcbEventQueue::run (this=0x55e1c57a7210) at qxcbeventqueue.cpp:228 #6 0x00007f036d0881a2 in QThreadPrivate::start (arg=0x55e1c57a7210) at thread/qthread_unix.cpp:360 #7 0x00007f036bad8f2a in start_thread (arg=<optimized out>) at pthread_create.c:479 #8 0x00007f036e8714af in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Thread 1 (Thread 0x7f036a568800 (LWP 6767)): [KCrash Handler] #7 QPointer<QObject>::data (this=0x28) at /usr/include/qt5/QtCore/qpointer.h:85 #8 Solid::DeviceInterfacePrivate::backendObject (this=0x20) at /usr/src/debug/solid-5.64.0-1.1.x86_64/src/solid/devices/frontend/deviceinterface.cpp:110 #9 0x00007f0367793b55 in Solid::DevicePrivate::~DevicePrivate (this=0x55e1c59d3d70, __in_chrg=<optimized out>) at /usr/src/debug/solid-5.64.0-1.1.x86_64/src/solid/devices/frontend/device.cpp:222 #10 0x00007f0367793cc9 in Solid::DevicePrivate::~DevicePrivate (this=0x55e1c59d3d70, __in_chrg=<optimized out>) at /usr/src/debug/solid-5.64.0-1.1.x86_64/src/solid/devices/frontend/device.cpp:219 #11 0x00007f03677952af in Solid::DeviceManagerPrivate::~DeviceManagerPrivate (this=0x55e1c59b6460, __in_chrg=<optimized out>) at /usr/include/c++/9/bits/atomic_base.h:413 #12 0x00007f0367796f29 in Solid::DeviceManagerPrivate::~DeviceManagerPrivate (this=0x55e1c59b6460, __in_chrg=<optimized out>) at /usr/src/debug/solid-5.64.0-1.1.x86_64/src/solid/devices/frontend/devicemanager.cpp:49 #13 0x00007f036d08d6b0 in QThreadStorageData::finish (p=0x55e1c5781ab0) at thread/qthreadstorage.cpp:200 #14 0x00007f036d2528b9 in QCoreApplicationPrivate::cleanupThreadData (this=this@entry=0x55e1c57826b0) at kernel/qcoreapplication.cpp:521 #15 0x00007f036d644e64 in QGuiApplicationPrivate::~QGuiApplicationPrivate (this=0x55e1c57826b0, __in_chrg=<optimized out>) at kernel/qguiapplication.cpp:1622 #16 0x00007f036dc815f9 in QApplicationPrivate::~QApplicationPrivate (this=0x55e1c57826b0, __in_chrg=<optimized out>) at kernel/qapplication.cpp:177 #17 0x00007f036d2834d7 in QScopedPointerDeleter<QObjectData>::cleanup (pointer=<optimized out>) at ../../include/QtCore/../../src/corelib/tools/qscopedpointer.h:52 #18 QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::~QScopedPointer (this=0x7ffc5b426788, __in_chrg=<optimized out>) at ../../include/QtCore/../../src/corelib/tools/qscopedpointer.h:107 #19 QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>) at kernel/qobject.cpp:891 #20 0x00007f036d25267a in QCoreApplication::~QCoreApplication (this=0x7ffc5b426780, __in_chrg=<optimized out>) at ../../include/QtCore/../../src/corelib/tools/qstringlist.h:99 #21 0x00007f036dc8366e in QApplication::~QApplication (this=0x7ffc5b426780, __in_chrg=<optimized out>) at kernel/qapplication.cpp:841 #22 0x000055e1c511d001 in KicApp::~KicApp (this=<optimized out>, this=<optimized out>) at /usr/src/debug/kinfocenter5-5.17.2-1.1.x86_64/main.h:34 #23 main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kinfocenter5-5.17.2-1.1.x86_64/main.cpp:75 [Inferior 1 (process 6767) detached] Possible duplicates by query: bug 381200, bug 361527, bug 361464, bug 357931, bug 357211. Reported using DrKonqi
Created attachment 124102 [details] New crash information added by DrKonqi kcmshell5 (5.17.3) using Qt 5.13.2 - What I was doing when the application crashed: Was viewing energy information. The application crashed on either clicking the close button on the titlebar or on clicking the OK button below. -- Backtrace (Reduced): #6 0x00007fc94f848090 in () at /usr/lib/libKF5Solid.so.5 #7 0x00007fc94f83d766 in () at /usr/lib/libKF5Solid.so.5 #8 0x00007fc94f83d8d9 in () at /usr/lib/libKF5Solid.so.5 #9 0x00007fc94f83ef2f in () at /usr/lib/libKF5Solid.so.5 #10 0x00007fc94f840c29 in () at /usr/lib/libKF5Solid.so.5
Created attachment 124236 [details] New crash information added by DrKonqi kinfocenter (5.17.3) using Qt 5.12.5 - What I was doing when the application crashed: I was running Plasma 5.17.3 on Wayland in Fedora 31. I started kinfocenter. I clicked Energy Information. I closed kinfocenter. Dr. Konqi showed a segmentation fault in QPointer<QObject>::data (this=0x28) at /usr/include/qt5/QtCore/qpointer.h:85. The pointer this=0x28 might've been invalid. -- Backtrace (Reduced): #6 QPointer<QObject>::data (this=0x28) at /usr/include/qt5/QtCore/qpointer.h:85 #7 Solid::DeviceInterfacePrivate::backendObject (this=0x20) at /usr/src/debug/kf5-solid-5.64.0-1.fc31.x86_64/src/solid/devices/frontend/deviceinterface.cpp:110 #8 0x00007f752345be8d in Solid::DevicePrivate::~DevicePrivate (this=0x55cf51c995b0, __in_chrg=<optimized out>) at /usr/src/debug/kf5-solid-5.64.0-1.fc31.x86_64/src/solid/devices/frontend/device.cpp:222 #9 0x00007f752345bffd in Solid::DevicePrivate::~DevicePrivate (this=0x55cf51c995b0, __in_chrg=<optimized out>) at /usr/src/debug/kf5-solid-5.64.0-1.fc31.x86_64/src/solid/devices/frontend/device.cpp:219 #10 0x00007f752345d607 in Solid::DeviceManagerPrivate::~DeviceManagerPrivate (this=0x55cf5189d5c0, __in_chrg=<optimized out>) at /usr/include/c++/9/bits/atomic_base.h:413
Created attachment 124237 [details] valgrind log from kinfocenter run when clicking Energy Information then closing I ran valgrind --log-file=valgrind-kinfocenter-energy-close-2.txt --track-origins=yes kinfocenter & I reproduced the crash in the same way as in my previous comment. The valgrind log showed an invalid read in wl_proxy_unref at wayland-client.c:229 and an invalid write in wl_proxy_unref at wayland-client.c:230 in libwayland-client. They appeared to be use-after-free errors like those I've previously reported for kwin_wayland, plasmashell, konsole, powerdevil, etc. ( https://bugs.kde.org/show_bug.cgi?id=409688 ) Several Conditional jump or move depends on uninitialised value(s) messages were shown. An invalid read in Solid::DevicePrivate::~DevicePrivate() at device.cpp:222 occurred within freed memory. An invalid read at the address 0x8 in data at qpointer.h:86 was like the trace of the crashing thread. The use-after-free error in Solid::DevicePrivate::~DevicePrivate() might have led to the invalid pointer being used with the segmentation fault as a result. ==3962== Invalid read of size 8 ==3962== at 0x1801AE84: Solid::DevicePrivate::~DevicePrivate() (device.cpp:222) ==3962== by 0x1801AFFC: Solid::DevicePrivate::~DevicePrivate() (device.cpp:225) ==3962== by 0x1801C606: Solid::DeviceManagerPrivate::~DeviceManagerPrivate() (devicemanager.cpp:58) ==3962== by 0x1801E27C: Solid::DeviceManagerPrivate::~DeviceManagerPrivate() (devicemanager.cpp:63) ==3962== by 0x5AFC390: QThreadStorageData::finish(void**) (qthreadstorage.cpp:200) ==3962== by 0x5CA1500: QCoreApplicationPrivate::cleanupThreadData() (qcoreapplication.cpp:520) ==3962== by 0x560E7B4: QGuiApplicationPrivate::~QGuiApplicationPrivate() (qguiapplication.cpp:1611) ==3962== by 0x4FCC3BC: QApplicationPrivate::~QApplicationPrivate() (qapplication.cpp:181) ==3962== by 0x5CD0D46: cleanup (qscopedpointer.h:60) ==3962== by 0x5CD0D46: ~QScopedPointer (qscopedpointer.h:107) ==3962== by 0x5CD0D46: QObject::~QObject() (qobject.cpp:891) ==3962== by 0x5CA113D: QCoreApplication::~QCoreApplication() (qcoreapplication.cpp:892) ==3962== by 0x560EE20: QGuiApplication::~QGuiApplication() (qguiapplication.cpp:649) ==3962== by 0x4FCE50D: QApplication::~QApplication() (qapplication.cpp:773) ==3962== Address 0x1a7bd5d0 is 16 bytes inside a block of size 24 free'd ==3962== at 0x483AEFC: operator delete(void*) (vg_replace_malloc.c:586) ==3962== by 0x6903688: QV4::MemoryManager::sweep(bool, void (*)(char const*)) (qv4mm.cpp:926) ==3962== by 0x6903708: QV4::MemoryManager::~MemoryManager() (qv4mm.cpp:1173) ==3962== by 0x6A89059: QV4::ExecutionEngine::~ExecutionEngine() (qv4engine.cpp:659) ==3962== by 0x6987517: QJSEngine::~QJSEngine() (qjsengine.cpp:379) ==3962== by 0x6AC7F39: QQmlEngine::~QQmlEngine() (qqmlengine.cpp:1072) ==3962== by 0x635A94A: _M_release (shared_ptr_base.h:155) ==3962== by 0x635A94A: _M_release (shared_ptr_base.h:148) ==3962== by 0x635A94A: ~__shared_count (shared_ptr_base.h:730) ==3962== by 0x635A94A: ~__shared_ptr (shared_ptr_base.h:1169) ==3962== by 0x635A94A: ~shared_ptr (shared_ptr.h:103) ==3962== by 0x635A94A: ~QmlObjectSharedEnginePrivate (qmlobjectsharedengine.cpp:41) ==3962== by 0x635A94A: operator() (unique_ptr.h:81) ==3962== by 0x635A94A: ~unique_ptr (unique_ptr.h:284) ==3962== by 0x635A94A: KDeclarative::QmlObjectSharedEngine::~QmlObjectSharedEngine() (qmlobjectsharedengine.cpp:74) ==3962== by 0x635AA7C: KDeclarative::QmlObjectSharedEngine::~QmlObjectSharedEngine() (qmlobjectsharedengine.cpp:76) ==3962== by 0x5CCFDAB: QObjectPrivate::deleteChildren() (qobject.cpp:2016) ==3962== by 0x500BD58: QWidget::~QWidget() (qwidget.cpp:1696) ==3962== by 0x4A93BE5: KCModule::~KCModule() (in /usr/lib64/libKF5ConfigWidgets.so.5.64.0) ==3962== by 0x488C92C: KCModuleQml::~KCModuleQml() (kcmoduleqml.cpp:208) ==3962== Block was alloc'd at ==3962== at 0x4839E86: operator new(unsigned long) (vg_replace_malloc.c:344) ==3962== by 0x1801B4DB: Solid::Device::asDeviceInterface(Solid::DeviceInterface::Type const&) const (device.cpp:189) ==3962== by 0x2877DACE: as<Solid::Battery> (device.h:232) ==3962== by 0x2877DACE: BatteryModel::data(QModelIndex const&, int) const (batterymodel.cpp:75) ==3962== by 0x68F874A: data (qabstractitemmodel.h:458) ==3962== by 0x68F874A: value (qqmladaptormodel.cpp:414) ==3962== by 0x68F874A: QQmlDMCachedModelData::metaCall(QMetaObject::Call, int, void**) (qqmladaptormodel.cpp:282) ==3962== by 0x6A0A043: readProperty (qqmlpropertycache_p.h:328) ==3962== by 0x6A0A043: loadProperty(QV4::ExecutionEngine*, QObject*, QQmlPropertyData const&) (qv4qobjectwrapper.cpp:178) ==3962== by 0x6A0BB3B: QV4::QObjectWrapper::virtualResolveLookupGetter(QV4::Object const*, QV4::ExecutionEngine*, QV4::Lookup*) (qv4qobjectwrapper.cpp:877) ==3962== by 0x6A2A714: QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) (qv4vme_moth.cpp:621) ==3962== by 0x6A2F556: QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) (qv4vme_moth.cpp:447) ==3962== by 0x69BC8FE: QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext const*) (qv4function.cpp:68) ==3962== by 0x6B45C06: QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) (qqmljavascriptexpression.cpp:211) ==3962== by 0x6B4B9B2: QQmlBinding::evaluate(bool*) (qqmlbinding.cpp:209) ==3962== by 0x6B504E9: QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) (qqmlbinding.cpp:245) ==3962== ==3962== Invalid read of size 8 ==3962== at 0x180256B4: data (qpointer.h:86) ==3962== by 0x180256B4: Solid::DeviceInterfacePrivate::backendObject() const (deviceinterface.cpp:110) ==3962== by 0x1801AE8C: Solid::DevicePrivate::~DevicePrivate() (device.cpp:222) ==3962== by 0x1801AFFC: Solid::DevicePrivate::~DevicePrivate() (device.cpp:225) ==3962== by 0x1801C606: Solid::DeviceManagerPrivate::~DeviceManagerPrivate() (devicemanager.cpp:58) ==3962== by 0x1801E27C: Solid::DeviceManagerPrivate::~DeviceManagerPrivate() (devicemanager.cpp:63) ==3962== by 0x5AFC390: QThreadStorageData::finish(void**) (qthreadstorage.cpp:200) ==3962== by 0x5CA1500: QCoreApplicationPrivate::cleanupThreadData() (qcoreapplication.cpp:520) ==3962== by 0x560E7B4: QGuiApplicationPrivate::~QGuiApplicationPrivate() (qguiapplication.cpp:1611) ==3962== by 0x4FCC3BC: QApplicationPrivate::~QApplicationPrivate() (qapplication.cpp:181) ==3962== by 0x5CD0D46: cleanup (qscopedpointer.h:60) ==3962== by 0x5CD0D46: ~QScopedPointer (qscopedpointer.h:107) ==3962== by 0x5CD0D46: QObject::~QObject() (qobject.cpp:891) ==3962== by 0x5CA113D: QCoreApplication::~QCoreApplication() (qcoreapplication.cpp:892) ==3962== by 0x560EE20: QGuiApplication::~QGuiApplication() (qguiapplication.cpp:649) ==3962== Address 0x8 is not stack'd, malloc'd or (recently) free'd Two further invalid reads were shown in socketNotifierSourceCheck at qeventdispatcher_glib.cpp:88 and 79 which looked like use-after-free errors. Those errors might be side-effects of the segmentation fault. I've seen this crash 5/5 times. I'm attaching the full valgrind log.
*** Bug 414483 has been marked as a duplicate of this bug. ***
*** Bug 414594 has been marked as a duplicate of this bug. ***
Created attachment 124412 [details] New crash information added by DrKonqi kinfocenter (5.17.4) using Qt 5.13.2 - What I was doing when the application crashed: Looking at the info page. Closed the app. Got a crash message. -- Backtrace (Reduced): #6 QWeakPointer<QObject>::data (this=0x138) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qsharedpointer_impl.h:569 #7 QPointer<QObject>::data (this=0x138) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qpointer.h:86 #8 Solid::DeviceInterfacePrivate::backendObject (this=0x130) at ./src/solid/devices/frontend/deviceinterface.cpp:110 #9 0x00007f75d4394d08 in Solid::DevicePrivate::~DevicePrivate (this=0x55791ef101c0, __in_chrg=<optimized out>) at ./src/solid/devices/frontend/device.cpp:222 #10 0x00007f75d4394e89 in Solid::DevicePrivate::~DevicePrivate (this=0x55791ef101c0, __in_chrg=<optimized out>) at ./src/solid/devices/frontend/device.cpp:225
*** Bug 415532 has been marked as a duplicate of this bug. ***
*** Bug 414915 has been marked as a duplicate of this bug. ***
*** Bug 414842 has been marked as a duplicate of this bug. ***
*** Bug 415618 has been marked as a duplicate of this bug. ***
Created attachment 124821 [details] New crash information added by DrKonqi kinfocenter (5.17.4) using Qt 5.13.2 - What I was doing when the application crashed: просмотр информации о батарее моего пк. ИБП подключён через usb -- Backtrace (Reduced): #6 QWeakPointer<QObject>::data (this=0x8) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qsharedpointer_impl.h:569 #7 QPointer<QObject>::data (this=0x8) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qpointer.h:86 #8 Solid::DeviceInterfacePrivate::backendObject (this=0x0) at ./src/solid/devices/frontend/deviceinterface.cpp:110 #9 0x00007f83bd0a4d08 in Solid::DevicePrivate::~DevicePrivate (this=0x5654ca197370, __in_chrg=<optimized out>) at ./src/solid/devices/frontend/device.cpp:222 #10 0x00007f83bd0a4e89 in Solid::DevicePrivate::~DevicePrivate (this=0x5654ca197370, __in_chrg=<optimized out>) at ./src/solid/devices/frontend/device.cpp:225
*** Bug 416015 has been marked as a duplicate of this bug. ***
Git commit 3ff3aaa6640c0fb14bba5430110b20237105c203 by Anthony Fieroni. Committed on 10/01/2020 at 08:36. Pushed by anthonyfieroni into branch 'master'. Clarify referencing of DeviceInterface https://phabricator.kde.org/D26117 Signed-off-by: Anthony Fieroni <bvbfan@abv.bg> M +0 -3 src/solid/devices/frontend/device.cpp M +1 -1 src/solid/devices/frontend/device_p.h M +1 -0 src/solid/devices/frontend/deviceinterface.cpp https://commits.kde.org/solid/3ff3aaa6640c0fb14bba5430110b20237105c203
This is almost certainly a side effect of bug 413003. When kinfocenter doesn't crash because you opened the energy info twice, it would crash on exit when solid tries to clean up its internal pointers only to find that some were deleted already. There are no other modules using solid in the way energy does, so it's a fairly safe bet that this is a duplicate of 413003. *** This bug has been marked as a duplicate of bug 413003 ***