Description of problem: testing kscreenlocker_greet with /usr/libexec/kscreenlocker_greet --testing Version-Release number of selected component: kscreenlocker-6.4.1-1.fc42 Additional info: reporter: libreport-2.17.15 type: CCpp reason: kscreenlocker_greet killed by SIGSEGV journald_cursor: s=0c6577fb49f94c89ad5a0e6efa8cd54a;i=28ab87;b=b478606391104b0d8cb9ba99dc814c85;m=1d331eeb2;t=638b66a6e4a83;x=d3acc5e73bc3cdc3 executable: /usr/libexec/kscreenlocker_greet cmdline: /usr/libexec/kscreenlocker_greet --testing cgroup: 0::/user.slice/user-1000.slice/user/app.slice/app-org.kde.konsole rootdir: / uid: 1000 kernel: 6.15.3-200.fc42.x86_64 package: kscreenlocker-6.4.1-1.fc42 runlevel: N 5 backtrace_rating: 4 crash_function: QtWayland::wl_seat::object comment: testing kscreenlocker_greet with /usr/libexec/kscreenlocker_greet --testing Truncated backtrace: Thread no. 1 (16 frames) #0 QtWayland::wl_seat::object at /usr/include/qt6/QtWaylandClient/6.9.1/QtWaylandClient/private/qwayland-wayland.h:789 #1 QtWaylandClient::QWaylandInputDevice::wl_seat at /usr/include/qt6/QtWaylandClient/6.9.1/QtWaylandClient/private/qwaylandinputdevice_p.h:96 #2 QWaylandXdgActivationV1::requestXdgActivationToken at /usr/src/debug/layer-shell-qt-6.4.1-1.fc42.x86_64/src/qwaylandxdgactivationv1.cpp:38 #3 LayerShellQt::QWaylandLayerSurface::requestActivate at /usr/include/qt6/QtWaylandClient/6.9.1/QtWaylandClient/private/qwaylandwindow_p.h:141 #4 QObject::event at /usr/src/debug/qt6-qtbase-6.9.1-1.fc42.x86_64/src/corelib/kernel/qobject.cpp:1431 #5 QCoreApplication::notifyInternal2 at /usr/src/debug/qt6-qtbase-6.9.1-1.fc42.x86_64/src/corelib/kernel/qcoreapplication.cpp:1106 #6 QCoreApplication::sendEvent at /usr/src/debug/qt6-qtbase-6.9.1-1.fc42.x86_64/src/corelib/kernel/qcoreapplication.cpp:1546 #7 QCoreApplicationPrivate::sendPostedEvents at /usr/src/debug/qt6-qtbase-6.9.1-1.fc42.x86_64/src/corelib/kernel/qcoreapplication.cpp:1879 #8 postEventSourceDispatch at /usr/src/debug/qt6-qtbase-6.9.1-1.fc42.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:246 #10 g_main_context_dispatch_unlocked at ../glib/gmain.c:4249 #11 g_main_context_iterate_unlocked at ../glib/gmain.c:4314 #12 g_main_context_iteration at ../glib/gmain.c:4379 #13 QEventDispatcherGlib::processEvents at /usr/src/debug/qt6-qtbase-6.9.1-1.fc42.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:399 #14 QEventLoop::exec at /usr/src/debug/qt6-qtbase-6.9.1-1.fc42.x86_64/src/corelib/global/qflags.h:77 #15 QCoreApplication::exec at /usr/src/debug/qt6-qtbase-6.9.1-1.fc42.x86_64/src/corelib/kernel/qcoreapplication.cpp:1449 #16 QGuiApplication::exec at /usr/src/debug/qt6-qtbase-6.9.1-1.fc42.x86_64/src/gui/kernel/qguiapplication.cpp:1986
Created attachment 2095664 [details] File: proc_pid_status
Created attachment 2095665 [details] File: limits
Created attachment 2095666 [details] File: mountinfo
Created attachment 2095667 [details] File: os_info
Created attachment 2095668 [details] File: cpuinfo
Created attachment 2095669 [details] File: core_backtrace
Created attachment 2095670 [details] File: exploitable
Created attachment 2095671 [details] File: dso_list
Created attachment 2095672 [details] File: backtrace
Created attachment 2095673 [details] File: open_fds
Created attachment 2095674 [details] File: maps
Created attachment 2095675 [details] File: environ
This is what happens: /usr/libexec/kscreenlocker_greet --testing Locked at 1751206701 file:///usr/share/plasma/shells/org.kde.plasma.desktop/contents/lockscreen/LockOsd.qml:10:1: "../osd": no such directory Segmentation fault (core dumped)
valgrind: ==23332== Memcheck, a memory error detector ==23332== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al. ==23332== Using Valgrind-3.25.1 and LibVEX; rerun with -h for copyright info ==23332== Command: /usr/libexec/kscreenlocker_greet --testing ==23332== ==23332== Conditional jump or move depends on uninitialised value(s) ==23332== at 0x346B0E24: ??? ==23332== by 0x32E32341: ??? ==23332== ==23332== Conditional jump or move depends on uninitialised value(s) ==23332== at 0x346B0B62: ??? ==23332== by 0x3310177F: ??? ==23332== ==23332== Invalid read of size 16 ==23332== at 0x346B0A79: ??? ==23332== by 0x3462BC0F: ??? ==23332== Address 0x34636bfe is 45,054 bytes inside a block of size 45,060 alloc'd ==23332== at 0x4876B26: malloc (vg_replace_malloc.c:446) ==23332== by 0x6CFFF98: UnknownInlinedFun (qarraydata.cpp:139) ==23332== by 0x6CFFF98: allocateHelper (qarraydata.cpp:181) ==23332== by 0x6CFFF98: allocateHelper (qarraydata.cpp:157) ==23332== by 0x6CFFF98: QArrayData::allocate2(QArrayData**, long long, QArrayData::AllocationOption) (qarraydata.cpp:220) ==23332== by 0x6CC3F98: allocate (qarraydata.h:139) ==23332== by 0x6CC3F98: QArrayDataPointer (qarraydatapointer.h:58) ==23332== by 0x6CC3F98: QString::fromLatin1(QByteArrayView) (qstring.cpp:5916) ==23332== by 0x77934DF: UnknownInlinedFun (qstring.h:727) ==23332== by 0x77934DF: KSvg::SharedSvgRenderer::load(QByteArray const&, QString const&, QHash<QString, QRectF>&) [clone .isra.0] (svg.cpp:142) ==23332== by 0x77971AD: UnknownInlinedFun (svg.cpp:89) ==23332== by 0x77971AD: KSvg::SvgPrivate::createRenderer() (svg.cpp:681) ==23332== by 0x77A76C1: UnknownInlinedFun (svg.cpp:767) ==23332== by 0x77A76C1: KSvg::SvgPrivate::elementRect(QStringView) (svg.cpp:756) ==23332== by 0x77A7DFC: KSvg::Svg::hasElement(QStringView) const (svg.cpp:1020) ==23332== by 0x32E1BCE3: UnknownInlinedFun (framesvgitem.cpp:495) ==23332== by 0x32E1BCE3: KSvg::FrameSvgItem::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (moc_framesvgitem.cpp:307) ==23332== by 0x32E1EB16: KSvg::FrameSvgItem::qt_metacall(QMetaObject::Call, int, void**) (moc_framesvgitem.cpp:391) ==23332== by 0x5654781: QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const (qqmlobjectorgadget.cpp:14) ==23332== by 0x54DD0B2: CallMethod (qv4qobjectwrapper.cpp:1704) ==23332== by 0x54DD0B2: QV4::QObjectMethod::callPrecise(QQmlObjectOrGadget const&, QQmlPropertyData const&, QV4::ExecutionEngine*, QV4::CallData*, QMetaObject::Call) (qv4qobjectwrapper.cpp:2076) ==23332== by 0x54DF990: operator() (qv4qobjectwrapper.cpp:3078) ==23332== by 0x54DF990: operator()<QV4::QObjectMethod::callInternal(const QV4::Value*, const QV4::Value*, int) const::<lambda()> > (qv4qobjectwrapper.cpp:3055) ==23332== by 0x54DF990: QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const (qv4qobjectwrapper.cpp:3078) ==23332== ==23332== Invalid read of size 16 ==23332== at 0x346B0A79: ??? ==23332== by 0x3466823F: ??? ==23332== Address 0x3467322e is 45,054 bytes inside a block of size 45,060 alloc'd ==23332== at 0x4876B26: malloc (vg_replace_malloc.c:446) ==23332== by 0x6CFFF98: UnknownInlinedFun (qarraydata.cpp:139) ==23332== by 0x6CFFF98: allocateHelper (qarraydata.cpp:181) ==23332== by 0x6CFFF98: allocateHelper (qarraydata.cpp:157) ==23332== by 0x6CFFF98: QArrayData::allocate2(QArrayData**, long long, QArrayData::AllocationOption) (qarraydata.cpp:220) ==23332== by 0x6CC3F98: allocate (qarraydata.h:139) ==23332== by 0x6CC3F98: QArrayDataPointer (qarraydatapointer.h:58) ==23332== by 0x6CC3F98: QString::fromLatin1(QByteArrayView) (qstring.cpp:5916) ==23332== by 0x77934DF: UnknownInlinedFun (qstring.h:727) ==23332== by 0x77934DF: KSvg::SharedSvgRenderer::load(QByteArray const&, QString const&, QHash<QString, QRectF>&) [clone .isra.0] (svg.cpp:142) ==23332== by 0x77971AD: UnknownInlinedFun (svg.cpp:89) ==23332== by 0x77971AD: KSvg::SvgPrivate::createRenderer() (svg.cpp:681) ==23332== by 0x77A76C1: UnknownInlinedFun (svg.cpp:767) ==23332== by 0x77A76C1: KSvg::SvgPrivate::elementRect(QStringView) (svg.cpp:756) ==23332== by 0x77A7CDF: KSvg::Svg::elementSize(QStringView) const (svg.cpp:995) ==23332== by 0x778C7C2: KSvg::FrameSvgPrivate::updateSizes(KSvg::FrameData*) const (framesvg.cpp:887) ==23332== by 0x778ECD0: UnknownInlinedFun (framesvg_p.h:153) ==23332== by 0x778ECD0: UnknownInlinedFun (framesvg.cpp:1004) ==23332== by 0x778ECD0: KSvg::FrameSvgPrivate::updateFrameData(unsigned int, KSvg::FrameSvgPrivate::UpdateType) (framesvg.cpp:725) ==23332== by 0x32E1E4C1: KSvg::FrameSvgItem::componentComplete() (framesvgitem.cpp:723) ==23332== by 0x563E1D0: QQmlObjectCreator::finalize(QQmlInstantiationInterrupt&) (qqmlobjectcreator.cpp:1597) ==23332== by 0x55B1544: QQmlComponentPrivate::complete(QQmlEnginePrivate*, QQmlComponentPrivate::ConstructionState*) (qqmlcomponent.cpp:1208) ==23332== Locked at 1751237644 ==23332== Invalid read of size 16 ==23332== at 0x346B0A79: ??? ==23332== by 0x327C063F: ??? ==23332== Address 0x327cb62e is 45,054 bytes inside a block of size 45,060 alloc'd ==23332== at 0x4876B26: malloc (vg_replace_malloc.c:446) ==23332== by 0x6CFFF98: UnknownInlinedFun (qarraydata.cpp:139) ==23332== by 0x6CFFF98: allocateHelper (qarraydata.cpp:181) ==23332== by 0x6CFFF98: allocateHelper (qarraydata.cpp:157) ==23332== by 0x6CFFF98: QArrayData::allocate2(QArrayData**, long long, QArrayData::AllocationOption) (qarraydata.cpp:220) ==23332== by 0x6CC3F98: allocate (qarraydata.h:139) ==23332== by 0x6CC3F98: QArrayDataPointer (qarraydatapointer.h:58) ==23332== by 0x6CC3F98: QString::fromLatin1(QByteArrayView) (qstring.cpp:5916) ==23332== by 0x77934DF: UnknownInlinedFun (qstring.h:727) ==23332== by 0x77934DF: KSvg::SharedSvgRenderer::load(QByteArray const&, QString const&, QHash<QString, QRectF>&) [clone .isra.0] (svg.cpp:142) ==23332== by 0x77971AD: UnknownInlinedFun (svg.cpp:89) ==23332== by 0x77971AD: KSvg::SvgPrivate::createRenderer() (svg.cpp:681) ==23332== by 0x77A76C1: UnknownInlinedFun (svg.cpp:767) ==23332== by 0x77A76C1: KSvg::SvgPrivate::elementRect(QStringView) (svg.cpp:756) ==23332== by 0x77A7DFC: KSvg::Svg::hasElement(QStringView) const (svg.cpp:1020) ==23332== by 0x778F32E: KSvg::FrameSvg::setElementPrefix(QString const&) (framesvg.cpp:113) ==23332== by 0x778F41C: KSvg::FrameSvgPrivate::updateNeeded() (framesvg.cpp:989) ==23332== by 0x6C237B9: call (qobjectdefs_impl.h:461) ==23332== by 0x6C237B9: void doActivate<false>(QObject*, int, void**) (qobject.cpp:4146) ==23332== by 0x32E18B54: KSvg::FrameSvgItem::updateDevicePixelRatio() (framesvgitem.cpp:731) ==23332== by 0x32E1E8E5: KSvg::FrameSvgItem::itemChange(QQuickItem::ItemChange, QQuickItem::ItemChangeData const&) (framesvgitem.cpp:772) ==23332== ==23332== Conditional jump or move depends on uninitialised value(s) ==23332== at 0x346B0B62: ??? ==23332== by 0x328BDF1F: ??? ==23332== file:///usr/share/plasma/shells/org.kde.plasma.desktop/contents/lockscreen/LockOsd.qml:10:1: "../osd": no such directory ==23332== Conditional jump or move depends on uninitialised value(s) ==23332== at 0x346B0B62: ??? ==23332== by 0x3764CA3F: ??? ==23332== ==23332== Thread 16 QSGRenderThread: ==23332== Invalid read of size 16 ==23332== at 0x346B0A79: ??? ==23332== by 0x3279B0CF: ??? ==23332== Address 0x327a60be is 45,054 bytes inside a block of size 45,060 alloc'd ==23332== at 0x4876B26: malloc (vg_replace_malloc.c:446) ==23332== by 0x6CFFF98: UnknownInlinedFun (qarraydata.cpp:139) ==23332== by 0x6CFFF98: allocateHelper (qarraydata.cpp:181) ==23332== by 0x6CFFF98: allocateHelper (qarraydata.cpp:157) ==23332== by 0x6CFFF98: QArrayData::allocate2(QArrayData**, long long, QArrayData::AllocationOption) (qarraydata.cpp:220) ==23332== by 0x6CC3F98: allocate (qarraydata.h:139) ==23332== by 0x6CC3F98: QArrayDataPointer (qarraydatapointer.h:58) ==23332== by 0x6CC3F98: QString::fromLatin1(QByteArrayView) (qstring.cpp:5916) ==23332== by 0x77934DF: UnknownInlinedFun (qstring.h:727) ==23332== by 0x77934DF: KSvg::SharedSvgRenderer::load(QByteArray const&, QString const&, QHash<QString, QRectF>&) [clone .isra.0] (svg.cpp:142) ==23332== by 0x77971AD: UnknownInlinedFun (svg.cpp:89) ==23332== by 0x77971AD: KSvg::SvgPrivate::createRenderer() (svg.cpp:681) ==23332== by 0x779BCB8: KSvg::SvgPrivate::findInCache(QString const&, double, QSizeF const&) (svg.cpp:607) ==23332== by 0x779FBB9: KSvg::Svg::image(QSize const&, QString const&) (svg.cpp:914) ==23332== by 0x32E1D821: KSvg::FrameItemNode::updateTexture(QSize const&, QString const&) (framesvgitem.cpp:120) ==23332== by 0x32E1DCB5: KSvg::FrameItemNode::FrameItemNode(KSvg::FrameSvgItem*, QFlags<KSvg::FrameSvg::EnabledBorder>, KSvg::FrameItemNode::FitMode, QSGNode*) (framesvgitem.cpp:110) ==23332== by 0x32E1EDC4: KSvg::FrameSvgItem::updatePaintNode(QSGNode*, QQuickItem::UpdatePaintNodeData*) (framesvgitem.cpp:606) ==23332== by 0x4CA928B: QQuickWindowPrivate::updateDirtyNode(QQuickItem*) (qquickwindow.cpp:2291) ==23332== by 0x4CA9ACB: QQuickWindowPrivate::updateDirtyNodes() (qquickwindow.cpp:2033) ==23332== ==23332== Thread 1: ==23332== Use of uninitialised value of size 8 ==23332== at 0x4AA319D: UnknownInlinedFun (qwayland-wayland.h:789) ==23332== by 0x4AA319D: UnknownInlinedFun (qwaylandinputdevice_p.h:96) ==23332== by 0x4AA319D: QWaylandXdgActivationV1::requestXdgActivationToken(QtWaylandClient::QWaylandDisplay*, wl_surface*, std::optional<unsigned int>, QString const&) [clone .constprop.0] (qwaylandxdgactivationv1.cpp:38) ==23332== by 0x4AA398F: LayerShellQt::QWaylandLayerSurface::requestActivate() (qwaylandlayersurface.cpp:218) ==23332== by 0x6C1462B: QObject::event(QEvent*) (qobject.cpp:1431) ==23332== by 0x6BB7F37: QCoreApplication::notifyInternal2(QObject*, QEvent*) (qcoreapplication.cpp:1106) ==23332== by 0x6BBBD25: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.cpp:1879) ==23332== by 0x6ECE16E: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (qeventdispatcher_glib.cpp:246) ==23332== by 0x8FAF87F: UnknownInlinedFun (gmain.c:3398) ==23332== by 0x8FAF87F: g_main_context_dispatch_unlocked.lto_priv.0 (gmain.c:4249) ==23332== by 0x8FB87A7: g_main_context_iterate_unlocked.isra.0 (gmain.c:4314) ==23332== by 0x8FB8952: g_main_context_iteration (gmain.c:4379) ==23332== by 0x6ECD9AC: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_glib.cpp:399) ==23332== by 0x6BC5B02: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:186) ==23332== by 0x6BC1418: QCoreApplication::exec() (qcoreapplication.cpp:1449) ==23332== ==23332== Invalid read of size 8 ==23332== at 0x4AA319D: UnknownInlinedFun (qwayland-wayland.h:789) ==23332== by 0x4AA319D: UnknownInlinedFun (qwaylandinputdevice_p.h:96) ==23332== by 0x4AA319D: QWaylandXdgActivationV1::requestXdgActivationToken(QtWaylandClient::QWaylandDisplay*, wl_surface*, std::optional<unsigned int>, QString const&) [clone .constprop.0] (qwaylandxdgactivationv1.cpp:38) ==23332== by 0x4AA398F: LayerShellQt::QWaylandLayerSurface::requestActivate() (qwaylandlayersurface.cpp:218) ==23332== by 0x6C1462B: QObject::event(QEvent*) (qobject.cpp:1431) ==23332== by 0x6BB7F37: QCoreApplication::notifyInternal2(QObject*, QEvent*) (qcoreapplication.cpp:1106) ==23332== by 0x6BBBD25: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.cpp:1879) ==23332== by 0x6ECE16E: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (qeventdispatcher_glib.cpp:246) ==23332== by 0x8FAF87F: UnknownInlinedFun (gmain.c:3398) ==23332== by 0x8FAF87F: g_main_context_dispatch_unlocked.lto_priv.0 (gmain.c:4249) ==23332== by 0x8FB87A7: g_main_context_iterate_unlocked.isra.0 (gmain.c:4314) ==23332== by 0x8FB8952: g_main_context_iteration (gmain.c:4379) ==23332== by 0x6ECD9AC: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_glib.cpp:399) ==23332== by 0x6BC5B02: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:186) ==23332== by 0x6BC1418: QCoreApplication::exec() (qcoreapplication.cpp:1449) ==23332== Address 0x6b96 is not stack'd, malloc'd or (recently) free'd ==23332== ==23332== ==23332== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==23332== Access not within mapped region at address 0x6B96 ==23332== at 0x4AA319D: UnknownInlinedFun (qwayland-wayland.h:789) ==23332== by 0x4AA319D: UnknownInlinedFun (qwaylandinputdevice_p.h:96) ==23332== by 0x4AA319D: QWaylandXdgActivationV1::requestXdgActivationToken(QtWaylandClient::QWaylandDisplay*, wl_surface*, std::optional<unsigned int>, QString const&) [clone .constprop.0] (qwaylandxdgactivationv1.cpp:38) ==23332== by 0x4AA398F: LayerShellQt::QWaylandLayerSurface::requestActivate() (qwaylandlayersurface.cpp:218) ==23332== by 0x6C1462B: QObject::event(QEvent*) (qobject.cpp:1431) ==23332== by 0x6BB7F37: QCoreApplication::notifyInternal2(QObject*, QEvent*) (qcoreapplication.cpp:1106) ==23332== by 0x6BBBD25: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.cpp:1879) ==23332== by 0x6ECE16E: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (qeventdispatcher_glib.cpp:246) ==23332== by 0x8FAF87F: UnknownInlinedFun (gmain.c:3398) ==23332== by 0x8FAF87F: g_main_context_dispatch_unlocked.lto_priv.0 (gmain.c:4249) ==23332== by 0x8FB87A7: g_main_context_iterate_unlocked.isra.0 (gmain.c:4314) ==23332== by 0x8FB8952: g_main_context_iteration (gmain.c:4379) ==23332== by 0x6ECD9AC: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_glib.cpp:399) ==23332== by 0x6BC5B02: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:186) ==23332== by 0x6BC1418: QCoreApplication::exec() (qcoreapplication.cpp:1449) ==23332== If you believe this happened as a result of a stack ==23332== overflow in your program's main thread (unlikely but ==23332== possible), you can try to increase the size of the ==23332== main thread stack using the --main-stacksize= flag. ==23332== The main thread stack size used in this run was 8388608. ==23332== ==23332== HEAP SUMMARY: ==23332== in use at exit: 84,554,947 bytes in 159,361 blocks ==23332== total heap usage: 737,620 allocs, 578,259 frees, 188,462,210 bytes allocated ==23332== ==23332== LEAK SUMMARY: ==23332== definitely lost: 1,008 bytes in 125 blocks ==23332== indirectly lost: 0 bytes in 0 blocks ==23332== possibly lost: 1,884,958 bytes in 16,640 blocks ==23332== still reachable: 82,667,133 bytes in 142,575 blocks ==23332== of which reachable via heuristic: ==23332== length64 : 32 bytes in 1 blocks ==23332== newarray : 701,688 bytes in 1,003 blocks ==23332== multipleinheritance: 155,408 bytes in 125 blocks ==23332== suppressed: 0 bytes in 0 blocks ==23332== Rerun with --leak-check=full to see details of leaked memory ==23332== ==23332== Use --track-origins=yes to see where uninitialised values come from ==23332== For lists of detected and suppressed errors, rerun with: -s ==23332== ERROR SUMMARY: 11 errors from 10 contexts (suppressed: 0 from 0) Segmentation fault (core dumped)
*** This bug has been marked as a duplicate of bug 2375356 ***