Bug#1026062: kded5: kded crashes with signal 11
Dear Maintainer,
I was able to reproduce this issue inside a minimal
amd64 qemu VM running Bookworm/testing.
By editing the kded service unit [1] I could get valgrind have a look
at this issue and it produced a matching use-after-free [2].
By further editing the service unit I was also able to record
such a crash with rr-debugger, that allows debugging in
reverse execution direction.
So I guess these are the relevant events:
- A object of PackageKit::Transaction gets created [3] (0x562777928e00)
- Inside its constructor also a QDeferredDeleteEvent
gets created [4] (0x562777885690)
- The PackageKit::Transaction object gets stored in the
m_transactions container [5]
- Qt reaches its event loop and processes the QDeferredDeleteEvent
and deletes the PackageKit::Transaction [6]
- In TransactionWatcher::watchTransaction the member m_transactions
still holds a reference to the already deleted object and gets
found because a matching "tid" gets processed.
"Unfortunately" the memory of the PackageKit::Transaction was
already modified therefore the segmentation fault follows. [7]
For comparision the matching systemd-coredump
report with mangled symbols in [8].
There are some reports in bugs.kde.org [9].
But in 462706 it is mentioned that this is an issue
in packagekit-qt, unfortunately could not yet
find a report there.
Kind regards,
Bernhard
[1]
/usr/lib/systemd/user/plasma-kded.service
-ExecStart=/usr/bin/kded5
+ExecStart=/usr/bin/valgrind /usr/bin/kded5
or
+ExecStart=/usr/bin/rr record /usr/bin/kded5
systemctl --user daemon-reload
systemctl --user start plasma-kded
Then trigger in Discover a package list update.
[2]
==12351== Invalid read of size 8
==12351== at 0x27458BA0: PackageKit::Transaction::role() const (transaction.cpp:297)
==12351== by 0x273B6AAD: TransactionWatcher::watchTransaction(QDBusObjectPath const&, bool) (TransactionWatcher.cpp:104)
==12351== by 0x273B6B98: TransactionWatcher::transactionListChanged(QStringList const&) (TransactionWatcher.cpp:85)
==12351== by 0x5B59FCE: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x2744C094: PackageKit::Daemon::transactionListChanged(QStringList const&) (moc_daemon.cpp:419)
==12351== by 0x5B59FFB: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x27464B37: TransactionListChanged (daemonproxy.moc:331)
==12351== by 0x27464B37: OrgFreedesktopPackageKitInterface::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (daemonproxy.moc:178)
==12351== by 0x27465D72: OrgFreedesktopPackageKitInterface::qt_metacall(QMetaObject::Call, int, void**) (daemonproxy.moc:288)
==12351== by 0x580361A: ??? (in /usr/lib/x86_64-linux-gnu/libQt5DBus.so.5.15.7)
==12351== by 0x5B4E76F: QObject::event(QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x49CAF5D: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.15.7)
==12351== by 0x5B227C7: QCoreApplication::notifyInternal2(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== Address 0x1a6a2a10 is 16 bytes inside a block of size 24 free'd
==12351== at 0x484371B: operator delete(void*) (vg_replace_malloc.c:923)
==12351== by 0x5B4E53E: QObject::event(QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x49CAF5D: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.15.7)
==12351== by 0x5B227C7: QCoreApplication::notifyInternal2(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x5B25760: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x5B7B1D2: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x6E1B7A8: g_main_context_dispatch (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7400.4)
==12351== by 0x6E1BA37: ??? (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7400.4)
==12351== by 0x6E1BACB: g_main_context_iteration (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7400.4)
==12351== by 0x5B7A8B5: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x5B2124A: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x5B293B5: QCoreApplication::exec() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== Block was alloc'd at
==12351== at 0x4840F2F: operator new(unsigned long) (vg_replace_malloc.c:422)
==12351== by 0x273B693B: TransactionWatcher::watchTransaction(QDBusObjectPath const&, bool) (TransactionWatcher.cpp:95)
==12351== by 0x273B6B98: TransactionWatcher::transactionListChanged(QStringList const&) (TransactionWatcher.cpp:85)
==12351== by 0x5B59FCE: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x2744C094: PackageKit::Daemon::transactionListChanged(QStringList const&) (moc_daemon.cpp:419)
==12351== by 0x5B59FFB: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x27464B37: TransactionListChanged (daemonproxy.moc:331)
==12351== by 0x27464B37: OrgFreedesktopPackageKitInterface::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (daemonproxy.moc:178)
==12351== by 0x27465D72: OrgFreedesktopPackageKitInterface::qt_metacall(QMetaObject::Call, int, void**) (daemonproxy.moc:288)
==12351== by 0x580361A: ??? (in /usr/lib/x86_64-linux-gnu/libQt5DBus.so.5.15.7)
==12351== by 0x5B4E76F: QObject::event(QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x49CAF5D: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.15.7)
==12351== by 0x5B227C7: QCoreApplication::notifyInternal2(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351==
[3]
Thread 1 hit Breakpoint 1, PackageKit::Transaction::Transaction (this=0x562777928e00, tid=...) at ./src/transaction.cpp:63
63 Transaction::Transaction(const QDBusObjectPath &tid)
(rr) bt
#0 PackageKit::Transaction::Transaction (this=0x562777928e00, tid=...) at ./src/transaction.cpp:63
#1 0x00007f4a2402294a in TransactionWatcher::watchTransaction (this=this@entry=0x562777a3dd30, tid=..., interactive=interactive@entry=false) at ./apperd/TransactionWatcher.cpp:95
#2 0x00007f4a24022b99 in TransactionWatcher::transactionListChanged (this=0x562777a3dd30, tids=...) at ./apperd/TransactionWatcher.cpp:85
#3 0x00007f4a4cae8fcf in QtPrivate::QSlotObjectBase::call (a=0x7fffb2efd390, r=0x562777a3dd30, this=0x7f4a2803cd40) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#4 doActivate<false> (sender=0x5627778e42b0, signal_index=8, argv=0x7fffb2efd390) at kernel/qobject.cpp:3919
#5 0x00007f4a4cae226f in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7f4a17ec87c0 <PackageKit::Daemon::staticMetaObject>, local_signal_index=local_signal_index@entry=5, argv=argv@entry=0x7fffb2efd390) at kernel/qobject.cpp:3979
#6 0x00007f4a17e92095 in PackageKit::Daemon::transactionListChanged (this=<optimized out>, _t1=...) at ./obj-x86_64-linux-gnu/src/packagekitqt5_autogen/include/moc_daemon.cpp:419
#7 0x00007f4a4cae8ffc in doActivate<false> (sender=0x5627778e7900, signal_index=5, argv=0x7fffb2efd4b0) at kernel/qobject.cpp:3931
#8 0x00007f4a4cae226f in QMetaObject::activate (sender=sender@entry=0x5627778e7900, m=m@entry=0x7f4a17ec8b00 <OrgFreedesktopPackageKitInterface::staticMetaObject>, local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x7fffb2efd4b0) at kernel/qobject.cpp:3979
#9 0x00007f4a17eaab38 in OrgFreedesktopPackageKitInterface::TransactionListChanged (_t1=..., this=0x5627778e7900) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:331
#10 OrgFreedesktopPackageKitInterface::qt_static_metacall (_o=0x5627778e7900, _c=<optimized out>, _id=<optimized out>, _a=0x7fffb2efd600) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:178
#11 0x00007f4a17eabd73 in OrgFreedesktopPackageKitInterface::qt_metacall (this=0x5627778e7900, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0x7fffb2efd600) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:288
#12 0x00007f4a4d72661b in ?? () from /lib/x86_64-linux-gnu/libQt5DBus.so.5
#13 0x00007f4a4cadd770 in QObject::event (this=0x5627778e7900, e=0x7f4a28039770) at kernel/qobject.cpp:1347
#14 0x00007f4a4d962f5e in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x5627778e7900, e=0x7f4a28039770) at kernel/qapplication.cpp:3637
#15 0x00007f4a4cab17c8 in QCoreApplication::notifyInternal2 (receiver=0x5627778e7900, event=0x7f4a28039770) at kernel/qcoreapplication.cpp:1064
#16 0x00007f4a4cab4761 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5627771b14f0) at kernel/qcoreapplication.cpp:1821
#17 0x00007f4a4cb0a1d3 in postEventSourceDispatch (s=0x5627772a7720) at kernel/qeventdispatcher_glib.cpp:277
#18 0x00007f4a4b91e7a9 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#19 0x00007f4a4b91ea38 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007f4a4b91eacc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007f4a4cb098b6 in QEventDispatcherGlib::processEvents (this=0x5627772ad1f0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#22 0x00007f4a4cab024b in QEventLoop::exec (this=this@entry=0x7fffb2efda40, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#23 0x00007f4a4cab83b6 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#24 0x000056277582e3d9 in main (argc=<optimized out>, argv=<optimized out>) at ./src/kded.cpp:785
(rr) when
Current event: 241163
[4]
Thread 1 hit Breakpoint 4, QDeferredDeleteEvent::QDeferredDeleteEvent (this=this@entry=0x562777885690) at kernel/qcoreevent.cpp:647
647 QDeferredDeleteEvent::QDeferredDeleteEvent()
(rr) bt
#0 QDeferredDeleteEvent::QDeferredDeleteEvent (this=this@entry=0x562777885690) at kernel/qcoreevent.cpp:647
#1 0x00007f4a4cadb44e in QObject::deleteLater (this=0x562777928e00) at kernel/qobject.cpp:2336
#2 0x00007f4a17ea294e in PackageKit::TransactionPrivate::finished (runtime=0, exitCode=2, this=0x562777a2ebe0) at ./src/transactionprivate.cpp:245
#3 PackageKit::TransactionPrivate::runQueuedTransaction (this=0x562777a2ebe0) at ./src/transactionprivate.cpp:193
#4 0x00007f4a17ea5582 in PackageKit::TransactionPrivate::setup (this=this@entry=0x562777a2ebe0, transactionId=...) at ./src/transactionprivate.cpp:82
#5 0x00007f4a17e9db7b in PackageKit::Transaction::Transaction (this=0x562777928e00, tid=...) at ./src/transaction.cpp:69
#6 0x00007f4a2402294a in TransactionWatcher::watchTransaction (this=this@entry=0x562777a3dd30, tid=..., interactive=interactive@entry=false) at ./apperd/TransactionWatcher.cpp:95
#7 0x00007f4a24022b99 in TransactionWatcher::transactionListChanged (this=0x562777a3dd30, tids=...) at ./apperd/TransactionWatcher.cpp:85
#8 0x00007f4a4cae8fcf in QtPrivate::QSlotObjectBase::call (a=0x7fffb2efd390, r=0x562777a3dd30, this=0x7f4a2803cd40) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#9 doActivate<false> (sender=0x5627778e42b0, signal_index=8, argv=0x7fffb2efd390) at kernel/qobject.cpp:3919
#10 0x00007f4a4cae226f in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7f4a17ec87c0 <PackageKit::Daemon::staticMetaObject>, local_signal_index=local_signal_index@entry=5, argv=argv@entry=0x7fffb2efd390) at kernel/qobject.cpp:3979
#11 0x00007f4a17e92095 in PackageKit::Daemon::transactionListChanged (this=<optimized out>, _t1=...) at ./obj-x86_64-linux-gnu/src/packagekitqt5_autogen/include/moc_daemon.cpp:419
#12 0x00007f4a4cae8ffc in doActivate<false> (sender=0x5627778e7900, signal_index=5, argv=0x7fffb2efd4b0) at kernel/qobject.cpp:3931
#13 0x00007f4a4cae226f in QMetaObject::activate (sender=sender@entry=0x5627778e7900, m=m@entry=0x7f4a17ec8b00 <OrgFreedesktopPackageKitInterface::staticMetaObject>, local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x7fffb2efd4b0) at kernel/qobject.cpp:3979
#14 0x00007f4a17eaab38 in OrgFreedesktopPackageKitInterface::TransactionListChanged (_t1=..., this=0x5627778e7900) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:331
#15 OrgFreedesktopPackageKitInterface::qt_static_metacall (_o=0x5627778e7900, _c=<optimized out>, _id=<optimized out>, _a=0x7fffb2efd600) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:178
#16 0x00007f4a17eabd73 in OrgFreedesktopPackageKitInterface::qt_metacall (this=0x5627778e7900, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0x7fffb2efd600) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:288
#17 0x00007f4a4d72661b in ?? () from /lib/x86_64-linux-gnu/libQt5DBus.so.5
#18 0x00007f4a4cadd770 in QObject::event (this=0x5627778e7900, e=0x7f4a28039770) at kernel/qobject.cpp:1347
#19 0x00007f4a4d962f5e in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x5627778e7900, e=0x7f4a28039770) at kernel/qapplication.cpp:3637
#20 0x00007f4a4cab17c8 in QCoreApplication::notifyInternal2 (receiver=0x5627778e7900, event=0x7f4a28039770) at kernel/qcoreapplication.cpp:1064
#21 0x00007f4a4cab4761 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5627771b14f0) at kernel/qcoreapplication.cpp:1821
#22 0x00007f4a4cb0a1d3 in postEventSourceDispatch (s=0x5627772a7720) at kernel/qeventdispatcher_glib.cpp:277
#23 0x00007f4a4b91e7a9 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#24 0x00007f4a4b91ea38 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#25 0x00007f4a4b91eacc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#26 0x00007f4a4cb098b6 in QEventDispatcherGlib::processEvents (this=0x5627772ad1f0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#27 0x00007f4a4cab024b in QEventLoop::exec (this=this@entry=0x7fffb2efda40, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#28 0x00007f4a4cab83b6 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#29 0x000056277582e3d9 in main (argc=<optimized out>, argv=<optimized out>) at ./src/kded.cpp:785
(rr) when
Current event: 241187
[5]
Thread 1 hit Breakpoint 6, TransactionWatcher::watchTransaction (this=this@entry=0x562777a3dd30, tid=..., interactive=interactive@entry=false) at ./apperd/TransactionWatcher.cpp:100
100 m_transactions[tid] = transaction;
1: x/i $pc
=> 0x7f4a24022a63 <_ZN18TransactionWatcher16watchTransactionERK15QDBusObjectPathb+403>: mov %rbp,%rsi
(rr) bt
#0 TransactionWatcher::watchTransaction (this=this@entry=0x562777a3dd30, tid=..., interactive=interactive@entry=false) at ./apperd/TransactionWatcher.cpp:100
#1 0x00007f4a24022b99 in TransactionWatcher::transactionListChanged (this=0x562777a3dd30, tids=...) at ./apperd/TransactionWatcher.cpp:85
#2 0x00007f4a4cae8fcf in QtPrivate::QSlotObjectBase::call (a=0x7fffb2efd390, r=0x562777a3dd30, this=0x7f4a2803cd40) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#3 doActivate<false> (sender=0x5627778e42b0, signal_index=8, argv=0x7fffb2efd390) at kernel/qobject.cpp:3919
#4 0x00007f4a4cae226f in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7f4a17ec87c0 <PackageKit::Daemon::staticMetaObject>, local_signal_index=local_signal_index@entry=5, argv=argv@entry=0x7fffb2efd390) at kernel/qobject.cpp:3979
#5 0x00007f4a17e92095 in PackageKit::Daemon::transactionListChanged (this=<optimized out>, _t1=...) at ./obj-x86_64-linux-gnu/src/packagekitqt5_autogen/include/moc_daemon.cpp:419
#6 0x00007f4a4cae8ffc in doActivate<false> (sender=0x5627778e7900, signal_index=5, argv=0x7fffb2efd4b0) at kernel/qobject.cpp:3931
#7 0x00007f4a4cae226f in QMetaObject::activate (sender=sender@entry=0x5627778e7900, m=m@entry=0x7f4a17ec8b00 <OrgFreedesktopPackageKitInterface::staticMetaObject>, local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x7fffb2efd4b0) at kernel/qobject.cpp:3979
#8 0x00007f4a17eaab38 in OrgFreedesktopPackageKitInterface::TransactionListChanged (_t1=..., this=0x5627778e7900) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:331
#9 OrgFreedesktopPackageKitInterface::qt_static_metacall (_o=0x5627778e7900, _c=<optimized out>, _id=<optimized out>, _a=0x7fffb2efd600) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:178
#10 0x00007f4a17eabd73 in OrgFreedesktopPackageKitInterface::qt_metacall (this=0x5627778e7900, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0x7fffb2efd600) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:288
#11 0x00007f4a4d72661b in ?? () from /lib/x86_64-linux-gnu/libQt5DBus.so.5
#12 0x00007f4a4cadd770 in QObject::event (this=0x5627778e7900, e=0x7f4a28039770) at kernel/qobject.cpp:1347
#13 0x00007f4a4d962f5e in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x5627778e7900, e=0x7f4a28039770) at kernel/qapplication.cpp:3637
#14 0x00007f4a4cab17c8 in QCoreApplication::notifyInternal2 (receiver=0x5627778e7900, event=0x7f4a28039770) at kernel/qcoreapplication.cpp:1064
#15 0x00007f4a4cab4761 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5627771b14f0) at kernel/qcoreapplication.cpp:1821
#16 0x00007f4a4cb0a1d3 in postEventSourceDispatch (s=0x5627772a7720) at kernel/qeventdispatcher_glib.cpp:277
#17 0x00007f4a4b91e7a9 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#18 0x00007f4a4b91ea38 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#19 0x00007f4a4b91eacc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007f4a4cb098b6 in QEventDispatcherGlib::processEvents (this=0x5627772ad1f0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#21 0x00007f4a4cab024b in QEventLoop::exec (this=this@entry=0x7fffb2efda40, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#22 0x00007f4a4cab83b6 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#23 0x000056277582e3d9 in main (argc=<optimized out>, argv=<optimized out>) at ./src/kded.cpp:785
(rr) when
Current event: 241195
[6]
Thread 1 hit Breakpoint 2, PackageKit::Transaction::~Transaction (this=0x562777928e00, __in_chrg=<optimized out>) at ./src/transaction.cpp:162
162 Transaction::~Transaction()
1: x/i $pc
=> 0x7f4a17e9c9d0 <_ZN10PackageKit11TransactionD2Ev>: mov 0x2c5d9(%rip),%rax # 0x7f4a17ec8fb0
(rr) bt
#0 PackageKit::Transaction::~Transaction (this=0x562777928e00, __in_chrg=<optimized out>) at ./src/transaction.cpp:162
#1 0x00007f4a17e9ca09 in PackageKit::Transaction::~Transaction (this=0x562777928e00, __in_chrg=<optimized out>) at ./src/transaction.cpp:166
#2 0x00007f4a4cadd53f in QObject::event (this=0x562777928e00, e=0x562777885690) at kernel/qobject.cpp:1334
#3 0x00007f4a4d962f5e in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x562777928e00, e=0x562777885690) at kernel/qapplication.cpp:3637
#4 0x00007f4a4cab17c8 in QCoreApplication::notifyInternal2 (receiver=0x562777928e00, event=0x562777885690) at kernel/qcoreapplication.cpp:1064
#5 0x00007f4a4cab4761 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5627771b14f0) at kernel/qcoreapplication.cpp:1821
#6 0x00007f4a4cb0a1d3 in postEventSourceDispatch (s=0x5627772a7720) at kernel/qeventdispatcher_glib.cpp:277
#7 0x00007f4a4b91e7a9 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#8 0x00007f4a4b91ea38 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#9 0x00007f4a4b91eacc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#10 0x00007f4a4cb098b6 in QEventDispatcherGlib::processEvents (this=0x5627772ad1f0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#11 0x00007f4a4cab024b in QEventLoop::exec (this=this@entry=0x7fffb2efda40, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#12 0x00007f4a4cab83b6 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#13 0x000056277582e3d9 in main (argc=<optimized out>, argv=<optimized out>) at ./src/kded.cpp:785
(rr) when
Current event: 241215
[7]
Thread 1 received signal SIGSEGV, Segmentation fault.
0x00007f4a17e9eba4 in PackageKit::Transaction::role (this=this@entry=0x562777928e00) at ./src/transaction.cpp:297
297 return d->role;
1: x/i $pc
=> 0x7f4a17e9eba4 <_ZNK10PackageKit11Transaction4roleEv+4>: mov 0x50(%rax),%eax
(rr) bt
#0 0x00007f4a17e9eba4 in PackageKit::Transaction::role (this=this@entry=0x562777928e00) at ./src/transaction.cpp:297
#1 0x00007f4a24022aae in TransactionWatcher::watchTransaction (this=this@entry=0x562777a3dd30, tid=..., interactive=interactive@entry=false) at ./apperd/TransactionWatcher.cpp:104
#2 0x00007f4a24022b99 in TransactionWatcher::transactionListChanged (this=0x562777a3dd30, tids=...) at ./apperd/TransactionWatcher.cpp:85
#3 0x00007f4a4cae8fcf in QtPrivate::QSlotObjectBase::call (a=0x7fffb2efd390, r=0x562777a3dd30, this=0x7f4a2803cd40) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#4 doActivate<false> (sender=0x5627778e42b0, signal_index=8, argv=0x7fffb2efd390) at kernel/qobject.cpp:3919
#5 0x00007f4a4cae226f in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7f4a17ec87c0 <PackageKit::Daemon::staticMetaObject>, local_signal_index=local_signal_index@entry=5, argv=argv@entry=0x7fffb2efd390) at kernel/qobject.cpp:3979
#6 0x00007f4a17e92095 in PackageKit::Daemon::transactionListChanged (this=<optimized out>, _t1=...) at ./obj-x86_64-linux-gnu/src/packagekitqt5_autogen/include/moc_daemon.cpp:419
#7 0x00007f4a4cae8ffc in doActivate<false> (sender=0x5627778e7900, signal_index=5, argv=0x7fffb2efd4b0) at kernel/qobject.cpp:3931
#8 0x00007f4a4cae226f in QMetaObject::activate (sender=sender@entry=0x5627778e7900, m=m@entry=0x7f4a17ec8b00 <OrgFreedesktopPackageKitInterface::staticMetaObject>, local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x7fffb2efd4b0) at kernel/qobject.cpp:3979
#9 0x00007f4a17eaab38 in OrgFreedesktopPackageKitInterface::TransactionListChanged (_t1=..., this=0x5627778e7900) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:331
#10 OrgFreedesktopPackageKitInterface::qt_static_metacall (_o=0x5627778e7900, _c=<optimized out>, _id=<optimized out>, _a=0x7fffb2efd600) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:178
#11 0x00007f4a17eabd73 in OrgFreedesktopPackageKitInterface::qt_metacall (this=0x5627778e7900, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0x7fffb2efd600) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:288
#12 0x00007f4a4d72661b in ?? () from /lib/x86_64-linux-gnu/libQt5DBus.so.5
#13 0x00007f4a4cadd770 in QObject::event (this=0x5627778e7900, e=0x7f4a280109d0) at kernel/qobject.cpp:1347
#14 0x00007f4a4d962f5e in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x5627778e7900, e=0x7f4a280109d0) at kernel/qapplication.cpp:3637
#15 0x00007f4a4cab17c8 in QCoreApplication::notifyInternal2 (receiver=0x5627778e7900, event=0x7f4a280109d0) at kernel/qcoreapplication.cpp:1064
#16 0x00007f4a4cab4761 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5627771b14f0) at kernel/qcoreapplication.cpp:1821
#17 0x00007f4a4cb0a1d3 in postEventSourceDispatch (s=0x5627772a7720) at kernel/qeventdispatcher_glib.cpp:277
#18 0x00007f4a4b91e7a9 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#19 0x00007f4a4b91ea38 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007f4a4b91eacc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007f4a4cb098b6 in QEventDispatcherGlib::processEvents (this=0x5627772ad1f0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#22 0x00007f4a4cab024b in QEventLoop::exec (this=this@entry=0x7fffb2efda40, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#23 0x00007f4a4cab83b6 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#24 0x000056277582e3d9 in main (argc=<optimized out>, argv=<optimized out>) at ./src/kded.cpp:785
(rr) when
Current event: 241323
(rr) up
#1 0x00007f4a24022aae in TransactionWatcher::watchTransaction (this=this@entry=0x562777a3dd30, tid=..., interactive=interactive@entry=false) at ./apperd/TransactionWatcher.cpp:104
104 if (transaction->role() != Transaction::RoleUnknown) {
(rr) list
99 // Store the transaction id
100 m_transactions[tid] = transaction;
101 } else {
102 transaction = m_transactions[tid];
103
104 if (transaction->role() != Transaction::RoleUnknown) {
105 // force the first changed or create a TransactionJob
106 transactionChanged(transaction, interactive);
107 }
108 }
(rr) print m_transactions
$6 = QHash<QDBusObjectPath, PackageKit::Transaction *> (size = 5) = {
[{
m_path = "/158_ebedcedc"
}] = 0x562777928e00,
[{
m_path = "/156_eebeadbe"
}] = 0x7f4a2801d720,
[{
m_path = "/160_eadddbcc"
}] = 0x56277772ef60,
[{
m_path = "/154_baeeadae"
}] = 0x562777a91bc0,
[{
m_path = "/157_cbbecede"
}] = 0x7f4a28034090
}
[8]
Jan 03 22:42:13 debian systemd-coredump[10321]: [🡕] Process 9882 (kded5) of user 1000 dumped core.
Module libudev.so.1 from deb systemd-252.4-1.amd64
Module libsystemd.so.0 from deb systemd-252.4-1.amd64
Stack trace of thread 9882:
#0 0x00007fe97f9e0ccc __pthread_kill_implementation (libc.so.6 + 0x8accc)
#1 0x00007fe97f991ef2 __GI_raise (libc.so.6 + 0x3bef2)
#2 0x00007fe9803f986d _ZN6KCrash19defaultCrashHandlerEi (libKF5Crash.so.5 + 0x586d)
#3 0x00007fe97f991f90 __restore_rt (libc.so.6 + 0x3bf90)
#4 0x00007fe952a7bba4 _ZNK10PackageKit11Transaction4roleEv (libpackagekitqt5.so.1 + 0x1aba4)
#5 0x00007fe952b28aae _ZN18TransactionWatcher16watchTransactionERK15QDBusObjectPathb (kded_apperd.so + 0xeaae)
#6 0x00007fe952b28b99 _ZN18TransactionWatcher22transactionListChangedERK11QStringList (kded_apperd.so + 0xeb99)
#7 0x00007fe97f6e8fcf n/a (libQt5Core.so.5 + 0x2e8fcf)
#8 0x00007fe952a6f095 _ZN10PackageKit6Daemon22transactionListChangedERK11QStringList (libpackagekitqt5.so.1 + 0xe095)
#9 0x00007fe97f6e8ffc n/a (libQt5Core.so.5 + 0x2e8ffc)
#10 0x00007fe952a87b38 _ZN33OrgFreedesktopPackageKitInterface22TransactionListChangedERK11QStringList (libpackagekitqt5.so.1 + 0x26b38)
#11 0x00007fe952a88d73 _ZN33OrgFreedesktopPackageKitInterface11qt_metacallEN11QMetaObject4CallEiPPv (libpackagekitqt5.so.1 + 0x27d73)
#12 0x00007fe98031a61b n/a (libQt5DBus.so.5 + 0x2361b)
#13 0x00007fe97f6dd770 _ZN7QObject5eventEP6QEvent (libQt5Core.so.5 + 0x2dd770)
#14 0x00007fe980562f5e _ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent (libQt5Widgets.so.5 + 0x162f5e)
#15 0x00007fe97f6b17c8 _ZN16QCoreApplication15notifyInternal2EP7QObjectP6QEvent (libQt5Core.so.5 + 0x2b17c8)
#16 0x00007fe97f6b4761 _ZN23QCoreApplicationPrivate16sendPostedEventsEP7QObjectiP11QThreadData (libQt5Core.so.5 + 0x2b4761)
#17 0x00007fe97f70a1d3 n/a (libQt5Core.so.5 + 0x30a1d3)
#18 0x00007fe97e51e7a9 g_main_context_dispatch (libglib-2.0.so.0 + 0x547a9)
#19 0x00007fe97e51ea38 n/a (libglib-2.0.so.0 + 0x54a38)
#20 0x00007fe97e51eacc g_main_context_iteration (libglib-2.0.so.0 + 0x54acc)
#21 0x00007fe97f7098b6 _ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE (libQt5Core.so.5 + 0x3098b6)
#22 0x00007fe97f6b024b _ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE (libQt5Core.so.5 + 0x2b024b)
#23 0x00007fe97f6b83b6 _ZN16QCoreApplication4execEv (libQt5Core.so.5 + 0x2b83b6)
#24 0x000055800ab1b3d9 n/a (kded5 + 0x73d9)
#25 0x00007fe97f97d18a __libc_start_call_main (libc.so.6 + 0x2718a)
#26 0x00007fe97f97d245 __libc_start_main_impl (libc.so.6 + 0x27245)
#27 0x000055800ab1b5c1 n/a (kded5 + 0x75c1)
[9]
https://bugs.kde.org/show_bug.cgi?id=463626
https://bugs.kde.org/show_bug.cgi?id=462706
https://github.com/PackageKit/PackageKit-Qt
[misc]
apt install task-kde-desktop task-german-kde-desktop gdb systemd-coredump valgrind mc gdb rr kdevelop-data libpackagekitqt5-1-dbgsym libqt5core5a-dbgsym libqt5widgets5-dbgsym apper-dbgsym kded5-dbgsym
Pretty printer for Qt in kdevelop-data: https://stackoverflow.com/questions/23176216/enable-pretty-printing-in-kdevelop-c/23548981#23548981
Reply to: