https://bugs.kde.org/show_bug.cgi?id=462841
--- Comment #1 from Matt Fagnani <[email protected]> --- Created attachment 154508 --> https://bugs.kde.org/attachment.cgi?id=154508&action=edit Log of System Monitor run under valgrind when killing aide I ran System Monitor under valgrind with valgrind --log-file=valgrind-plasma-systemmonitor-kill-aide-1.txt --enable-debuginfod=no plasma-systemmonitor I ran aide with sudo /usr/sbin/aide --check I killed aide with System Monitor as described. System Monitor didn't crash. The valgrind log showed 259 invalid reads which looked like overreads or out-out-bounds reads such as the following. The invalid reads of size 16 looked to be the last 257 or so. ==2417== Invalid read of size 4 ==2417== at 0x606F413: QSortFilterProxyModelPrivate::_q_sourceDataChanged(QModelIndex const&, QModelIndex const&, QVector<int> const&) (qsortfilterproxymodel.cpp:1527) ==2417== by 0x60C0DAE: void doActivate<false>(QObject*, int, void**) (qobject.cpp:3931) ==2417== by 0x603DA4F: QAbstractItemModel::dataChanged(QModelIndex const&, QModelIndex const&, QVector<int> const&) (moc_qabstractitemmodel.cpp:557) ==2417== by 0x6061330: QIdentityProxyModelPrivate::_q_sourceDataChanged(QModelIndex const&, QModelIndex const&, QVector<int> const&) (qidentityproxymodel.cpp:507) ==2417== by 0x60C0DAE: void doActivate<false>(QObject*, int, void**) (qobject.cpp:3931) ==2417== by 0x603DA4F: QAbstractItemModel::dataChanged(QModelIndex const&, QModelIndex const&, QVector<int> const&) (moc_qabstractitemmodel.cpp:557) ==2417== by 0x6061330: QIdentityProxyModelPrivate::_q_sourceDataChanged(QModelIndex const&, QModelIndex const&, QVector<int> const&) (qidentityproxymodel.cpp:507) ==2417== by 0x60C0DAE: void doActivate<false>(QObject*, int, void**) (qobject.cpp:3931) ==2417== by 0x603DA4F: QAbstractItemModel::dataChanged(QModelIndex const&, QModelIndex const&, QVector<int> const&) (moc_qabstractitemmodel.cpp:557) ==2417== by 0x323245BB: ??? (in /usr/lib64/libprocesscore.so.5.26.4) ==2417== by 0x60C0C25: call (qobjectdefs_impl.h:398) ==2417== by 0x60C0C25: void doActivate<false>(QObject*, int, void**) (qobject.cpp:3919) ==2417== by 0x32303712: KSysGuard::ProcessAttribute::dataChanged(KSysGuard::Process*) (in /usr/lib64/libprocesscore.so.5.26.4) ==2417== Address 0x2a236054 is 4 bytes after a block of size 64 alloc'd ==2417== at 0x484386F: malloc (vg_replace_malloc.c:393) ==2417== by 0x5ED8581: QArrayData::allocate(unsigned long, unsigned long, unsigned long, QFlags<QArrayData::AllocationOption>) (qarraydata.cpp:218) ==2417== by 0x5EBE455: allocate (qarraydata.h:225) ==2417== by 0x5EBE455: QVector<int>::realloc(int, QFlags<QArrayData::AllocationOption>) (qvector.h:699) ==2417== by 0x5F125DE: QVector<int>::resize(int) (qvector.h:431) ==2417== by 0x606920C: QSortFilterProxyModelPrivate::create_mapping(QModelIndex const&) const (qsortfilterproxymodel.cpp:519) ==2417== by 0x606BE92: QSortFilterProxyModel::hasChildren(QModelIndex const&) const (qsortfilterproxymodel.cpp:2281) ==2417== by 0x2924180E: KDescendantsProxyModel::setSourceModel(QAbstractItemModel*) (in /usr/lib64/libKF5ItemModels.so.5.100.0) ==2417== by 0x605C60A: QAbstractProxyModel::qt_metacall(QMetaObject::Call, int, void**) (moc_qabstractproxymodel.cpp:209) ==2417== by 0x29241918: KDescendantsProxyModel::qt_metacall(QMetaObject::Call, int, void**) (in /usr/lib64/libKF5ItemModels.so.5.100.0) ==2417== by 0x291FE9B8: ??? (in /usr/lib64/qt5/qml/org/kde/kitemmodels/libitemmodelsplugin.so) ==2417== by 0x4BA014D: writeProperty (qqmlpropertydata_p.h:393) ==2417== by 0x4BA014D: QObjectPointerBinding::write(QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) (qqmlbinding.cpp:714) ==2417== by 0x4BA1C45: QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) (qqmlbinding.cpp:258) ==2417== ... ==2417== Invalid read of size 16 ==2417== at 0x2B6AE9B0: ??? ==2417== by 0x29812367: ??? ==2417== Address 0x2981237e is 46 bytes inside a block of size 58 alloc'd ==2417== at 0x484386F: malloc (vg_replace_malloc.c:393) ==2417== by 0x5ED8581: QArrayData::allocate(unsigned long, unsigned long, unsigned long, QFlags<QArrayData::AllocationOption>) (qarraydata.cpp:218) ==2417== by 0x5F5A25D: allocate (qarraydata.h:225) ==2417== by 0x5F5A25D: QString::fromLatin1_helper(char const*, int) (qstring.cpp:5464) ==2417== by 0x6102141: UnknownInlinedFun (qstring.h:1067) ==2417== by 0x6102141: stringAt (qcborvalue_p.h:294) ==2417== by 0x6102141: QJsonValue::toString() const (qjsonvalue.cpp:698) ==2417== by 0x29178D1A: KSysGuard::SensorFaceControllerPrivate::readSensors(KConfigGroup const&, QString const&) (in /usr/lib64/libKSysGuardSensorFaces.so.5.26.4) ==2417== by 0x2917907D: KSysGuard::SensorFaceControllerPrivate::readAndUpdateSensors(KConfigGroup&, QString const&) (in /usr/lib64/libKSysGuardSensorFaces.so.5.26.4) ==2417== by 0x2917FF67: KSysGuard::SensorFaceController::SensorFaceController(KConfigGroup&, QQmlEngine*) (in /usr/lib64/libKSysGuardSensorFaces.so.5.26.4) ==2417== by 0x291500A0: UnknownInlinedFun (FaceLoader.cpp:64) ==2417== by 0x291500A0: FaceLoader::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (moc_FaceLoader.cpp:135) ==2417== by 0x291509E2: FaceLoader::qt_metacall(QMetaObject::Call, int, void**) (moc_FaceLoader.cpp:183) ==2417== by 0x4BA014D: writeProperty (qqmlpropertydata_p.h:393) ==2417== by 0x4BA014D: QObjectPointerBinding::write(QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) (qqmlbinding.cpp:714) ==2417== by 0x4BA1C45: QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) (qqmlbinding.cpp:258) ==2417== by 0x4B9F5B3: QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) (qqmlbinding.cpp:194) ==2417== There were also many Conditional jump or move depends on uninitialised value(s). I don't know if those memory management problems might've been invloved in the crash. I'm attaching the full valgrind log. I tried to kill aide a few other times and the crash didn't happen so the problem might be infrequent. The problem looks more likely to be in Qt since most of the top of the trace had Qt functions. That aide cronjob was created by a SCAP Workbench remediation script run as root after I ran a scan with the Standard System Security Profile for Fedora profile in 2020. The line in /etc/crontab that ran aide was 05 4 * * * root /usr/sbin/aide --check I doubt that the problem is related to the specific program being killed maybe other than it being run as root. -- You are receiving this mail because: You are watching all bug changes.
