Bug 360946

Summary:	Baloo should handle lmdb corruption - Query::exec() should be fail-safe (and all things called inside)
Product:	[Frameworks and Libraries] frameworks-baloo	Reporter:	Fabian <0inkane>
Component:	Engine	Assignee:	Pinak Ahuja <pinak.ahuja>
Status:	RESOLVED FIXED
Severity:	crash	CC:	alexminder, amaury.deganseman, andysem, anthoney84, arhangel64, arnaudfrezet, arthur.marsh, axora, barnabas.sudy, bluej100, bugzilla, christoph, cquiros, cribari, dsoto, exclipit, felsvorsprung, georgemrc, gilbertoca, heiko.becker, hhgn32, ibukun, jirislaby, johnjaylward, kdebt45328, kdebugs.81do7, lucianomario58, ludvig.boklin, mail, malin.hidro, michal.lacko, mtrm0ep2z, nate, nicola.urbani1, patrick.rudolph, paul, pedron.alexandre, phani.vajjha, pinak.ahuja, pstrong, rafaelnunes737, reuben_p, rod, solerman.kaplon, taskin.new, tinkde, tobias.teichmann, vljubovic, vmatare+kdebug, wheel, xwissen+kde, yagorbunov
Priority:	NOR
Version:	unspecified
Target Milestone:	---
Platform:	Chakra
OS:	Linux
Latest Commit:		Version Fixed In:
Sentry Crash Report:
Attachments:	New crash information added by DrKonqi New crash information added by DrKonqi New crash information added by DrKonqi

Description Fabian 2016-03-24 17:46:54 UTC

When ~/.local/share/baloo/index, baloo will crash. The reason for this is that in both positiondb.cpp and postingdb.cpp mdb_get is expected to either return MDB_SUCCESS (0) or  to return MDB_NOTFOUND. However, in case of database corruption mdb_get returns MDB_PAGE_NOTFOUND, as can be seen in the backtrace below. Note that silently ignoring this error will not work, as further database operations will yield MDB_BAD_TXN (Transaction cannot recover - it must be aborted).


ASSERT failure in PositionDB::iter: "MDB_PAGE_NOTFOUND: Requested page not found", file /home/fabian/projects/baloo/src/engine/positiondb.cpp, line 173

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffc00aa700 (LWP 15679)]
0x00007ffff457f5f8 in raise () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff457f5f8 in raise () from /usr/lib/libc.so.6
#1  0x00007ffff4580a7a in abort () from /usr/lib/libc.so.6
#2  0x00007ffff4d07391 in qt_message_fatal (context=..., message=<synthetic pointer>) at global/qlogging.cpp:1610
#3  QMessageLogger::fatal (this=this@entry=0x7fffc00a8b60, 
    msg=msg@entry=0x7ffff4fb5fa0 "ASSERT failure in %s: \"%s\", file %s, line %d") at global/qlogging.cpp:784
#4  0x00007ffff4d02721 in qt_assert_x (where=<optimized out>, what=<optimized out>, file=<optimized out>, 
    line=<optimized out>) at global/qglobal.cpp:3002
#5  0x00007fffc02df51c in Baloo::PositionDB::iter (this=0x7fffc00a8c60, term=...)
    at /home/fabian/projects/baloo/src/engine/positiondb.cpp:173
#6  0x00007fffc02e84fa in Baloo::Transaction::postingIterator (this=0x7fffc00a98b0, query=...)
    at /home/fabian/projects/baloo/src/engine/transaction.cpp:312
#7  0x00007fffc07449f3 in Baloo::SearchStore::constructQuery (this=0x7fffc00a99c0, tr=0x7fffc00a98b0, term=...)
    at /home/fabian/projects/baloo/src/lib/searchstore.cpp:283
#8  0x00007fffc0743cc7 in Baloo::SearchStore::constructQuery (this=0x7fffc00a99c0, tr=0x7fffc00a98b0, term=...)
    at /home/fabian/projects/baloo/src/lib/searchstore.cpp:163
#9  0x00007fffc0743cc7 in Baloo::SearchStore::constructQuery (this=0x7fffc00a99c0, tr=0x7fffc00a98b0, term=...)
    at /home/fabian/projects/baloo/src/lib/searchstore.cpp:163
#10 0x00007fffc074346d in Baloo::SearchStore::exec (this=0x7fffc00a99c0, term=..., offset=0, limit=10, 
    sortResults=true) at /home/fabian/projects/baloo/src/lib/searchstore.cpp:75
#11 0x00007fffc0731466 in Baloo::Query::exec (this=0x7fffc00a9b40)
    at /home/fabian/projects/baloo/src/lib/query.cpp:210
#12 0x00007fffc0963710 in SearchRunner::match (this=this@entry=0x10aa080, context=..., type=..., category=...)
    at /chakra/core/plasma-workspace/src/plasma-workspace-5.6.0/runners/baloo/baloosearchrunner.cpp:99
#13 0x00007fffc09644c9 in SearchRunner::match (this=0x10aa080, context=...)
    at /chakra/core/plasma-workspace/src/plasma-workspace-5.6.0/runners/baloo/baloosearchrunner.cpp:164
#14 0x00007fffd802b2d8 in Plasma::AbstractRunner::performMatch (this=0x10aa080, localContext=...)
    at /chakra/core/krunner/src/krunner-5.20.0/src/abstractrunner.cpp:131
#15 0x00007fffcfdeffd0 in ThreadWeaver::Executor::run(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) () from /usr/lib/libKF5ThreadWeaver.so.5
#16 0x00007fffcfdeeb70 in ThreadWeaver::Job::execute(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) () from /usr/lib/libKF5ThreadWeaver.so.5
#17 0x00007fffcfdee67a in ThreadWeaver::Thread::run() () from /usr/lib/libKF5ThreadWeaver.so.5
#18 0x00007ffff4d1f238 in QThreadPrivate::start (arg=0x10bbef0) at thread/qthread_unix.cpp:340
#19 0x00007ffff2884464 in start_thread () from /usr/lib/libpthread.so.0
#20 0x00007ffff463512d in clone () from /usr/lib/libc.so.6


Reproducible: Always

Steps to Reproduce:
1. Corrupt your database
2. Cause a query
3.

Actual Results:  
In debug mode, the assertion is triggered. In release mode,  the cast will be UB. This manifests in a traceback similar to #355280, as the data is corrupted.

Expected Results:  
Baloo handles the crash gracefully. Ideally, it would try to repair the database or at least evict the bad data.

Comment 1 Fabian 2016-03-24 20:05:49 UTC

I should add that starting konsole from krunner is a very easy way to trigger that code path, which might be an explanation for those bugs (360754, 360727, etc.)

Comment 2 Christoph Cullmann 2016-09-11 18:21:54 UTC

*** Bug 364360 has been marked as a duplicate of this bug. ***

Comment 3 Christoph Cullmann 2016-09-11 18:25:10 UTC

*** Bug 359488 has been marked as a duplicate of this bug. ***

Comment 4 Christoph Cullmann 2016-09-11 18:43:47 UTC

*** Bug 362200 has been marked as a duplicate of this bug. ***

Comment 5 Christoph Cullmann 2016-09-11 20:58:49 UTC

*** Bug 366437 has been marked as a duplicate of this bug. ***

Comment 6 Christoph Cullmann 2016-09-11 20:58:54 UTC

*** Bug 362621 has been marked as a duplicate of this bug. ***

Comment 7 Christoph Cullmann 2016-09-11 20:59:00 UTC

*** Bug 359667 has been marked as a duplicate of this bug. ***

Comment 8 Christoph Cullmann 2016-09-11 20:59:26 UTC

*** Bug 356009 has been marked as a duplicate of this bug. ***

Comment 9 Christoph Cullmann 2016-09-11 21:32:51 UTC

*** Bug 353342 has been marked as a duplicate of this bug. ***

Comment 10 Christoph Cullmann 2016-09-11 21:33:16 UTC

*** Bug 366005 has been marked as a duplicate of this bug. ***

Comment 11 Christoph Cullmann 2016-09-11 21:33:27 UTC

*** Bug 359996 has been marked as a duplicate of this bug. ***

Comment 12 Christoph Cullmann 2016-09-11 21:34:01 UTC

*** Bug 359839 has been marked as a duplicate of this bug. ***

Comment 13 Christoph Cullmann 2016-09-11 21:34:12 UTC

*** Bug 359692 has been marked as a duplicate of this bug. ***

Comment 14 Christoph Cullmann 2016-09-11 21:34:33 UTC

*** Bug 366011 has been marked as a duplicate of this bug. ***

Comment 15 Christoph Cullmann 2016-09-11 21:34:53 UTC

*** Bug 366038 has been marked as a duplicate of this bug. ***

Comment 16 Christoph Cullmann 2016-09-11 21:35:09 UTC

*** Bug 367769 has been marked as a duplicate of this bug. ***

Comment 17 Christoph Cullmann 2016-09-11 21:35:33 UTC

*** Bug 368446 has been marked as a duplicate of this bug. ***

Comment 18 Christoph Cullmann 2016-09-11 21:36:04 UTC

*** Bug 357344 has been marked as a duplicate of this bug. ***

Comment 19 Francisco Cribari 2016-09-20 03:17:33 UTC

I believe this bug is related to https://bugs.kde.org/show_bug.cgi?id=366022 and https://bugs.kde.org/show_bug.cgi?id=366190. See also this video: https://www.youtube.com/watch?v=u-aGfU-whhA

Comment 20 Christoph Cullmann 2016-10-07 16:16:10 UTC

*** Bug 369076 has been marked as a duplicate of this bug. ***

Comment 21 Christoph Cullmann 2016-10-07 16:16:50 UTC

*** Bug 368946 has been marked as a duplicate of this bug. ***

Comment 22 Christoph Cullmann 2016-10-07 16:17:17 UTC

*** Bug 368991 has been marked as a duplicate of this bug. ***

Comment 23 Christoph Cullmann 2016-10-07 16:17:43 UTC

*** Bug 368761 has been marked as a duplicate of this bug. ***

Comment 24 Christoph Cullmann 2016-10-07 16:18:04 UTC

*** Bug 368699 has been marked as a duplicate of this bug. ***

Comment 25 Nate Graham 2017-10-27 17:00:34 UTC

*** Bug 371813 has been marked as a duplicate of this bug. ***

Comment 26 Nate Graham 2017-10-27 17:02:20 UTC

*** Bug 376403 has been marked as a duplicate of this bug. ***

Comment 27 Nate Graham 2017-10-27 17:02:27 UTC

*** Bug 380882 has been marked as a duplicate of this bug. ***

Comment 28 Nate Graham 2017-10-27 17:03:46 UTC

*** Bug 370347 has been marked as a duplicate of this bug. ***

Comment 29 Nate Graham 2017-10-27 17:04:35 UTC

*** Bug 364520 has been marked as a duplicate of this bug. ***

Comment 30 Nate Graham 2017-10-27 17:10:08 UTC

*** Bug 363491 has been marked as a duplicate of this bug. ***

Comment 31 Nate Graham 2017-10-27 17:13:25 UTC

*** Bug 354705 has been marked as a duplicate of this bug. ***

Comment 32 Nate Graham 2017-10-27 17:14:50 UTC

*** Bug 358657 has been marked as a duplicate of this bug. ***

Comment 33 Nate Graham 2017-10-27 17:21:17 UTC

*** Bug 368442 has been marked as a duplicate of this bug. ***

Comment 34 Nate Graham 2017-10-27 17:21:22 UTC

*** Bug 368519 has been marked as a duplicate of this bug. ***

Comment 35 Nate Graham 2017-10-27 17:21:26 UTC

*** Bug 364013 has been marked as a duplicate of this bug. ***

Comment 36 Nate Graham 2017-10-27 17:21:31 UTC

*** Bug 363511 has been marked as a duplicate of this bug. ***

Comment 37 Nate Graham 2017-10-27 17:21:39 UTC

*** Bug 366293 has been marked as a duplicate of this bug. ***

Comment 38 Nate Graham 2017-10-27 17:22:52 UTC

*** Bug 376525 has been marked as a duplicate of this bug. ***

Comment 39 Nate Graham 2017-10-27 18:33:46 UTC

*** Bug 384505 has been marked as a duplicate of this bug. ***

Comment 40 Nate Graham 2017-10-27 18:36:12 UTC

*** Bug 382610 has been marked as a duplicate of this bug. ***

Comment 41 Nate Graham 2017-10-27 18:37:07 UTC

*** Bug 381213 has been marked as a duplicate of this bug. ***

Comment 42 Nate Graham 2017-10-27 18:37:38 UTC

*** Bug 379788 has been marked as a duplicate of this bug. ***

Comment 43 Nate Graham 2017-10-27 18:38:46 UTC

*** Bug 370622 has been marked as a duplicate of this bug. ***

Comment 44 Nate Graham 2017-10-27 18:40:07 UTC

*** Bug 377311 has been marked as a duplicate of this bug. ***

Comment 45 Nate Graham 2017-10-27 18:53:31 UTC

*** Bug 373006 has been marked as a duplicate of this bug. ***

Comment 46 Nate Graham 2017-10-27 18:54:32 UTC

*** Bug 372549 has been marked as a duplicate of this bug. ***

Comment 47 Nate Graham 2017-10-27 19:47:49 UTC

I'm willing to bet that Christoph Cullman's work that went into 5.28 (especially https://cgit.kde.org/baloo.git/commit/?id=e34da150d82a57cf417a59b8b632b2fecb32a6f7) has fixed this. There isn't a single report of this crash happening when using a KDE Frameworks version later than 5.26.

Comment 48 Nate Graham 2017-10-27 19:49:53 UTC

*** Bug 368809 has been marked as a duplicate of this bug. ***

Comment 49 Nate Graham 2017-10-27 19:52:34 UTC

*** Bug 375293 has been marked as a duplicate of this bug. ***

Comment 50 Nate Graham 2017-10-27 20:02:35 UTC

*** Bug 364521 has been marked as a duplicate of this bug. ***

Comment 51 Nate Graham 2017-10-27 20:03:03 UTC

*** Bug 376932 has been marked as a duplicate of this bug. ***

Comment 52 Nate Graham 2017-10-27 20:04:05 UTC

*** Bug 369092 has been marked as a duplicate of this bug. ***

Comment 53 John Aylward 2017-10-27 20:10:22 UTC

How is this resolved if crashes keep getting reported as duplicates? What version of KDE was this fixed in?

Comment 54 Nate Graham 2017-10-27 20:12:25 UTC

All the crashes I'm marking as duplicates were reported against versions of KDE Frameworks 5.26 and lower. It was fixed in KDE Frameworks 5.28. I haven't run into a crash with the same characteristics on KF 5.28 or later, and if I do, it's likely a different crash.

Comment 55 John Aylward 2017-10-27 20:20:52 UTC

Created attachment 108591 [details]
New crash information added by DrKonqi

plasmashell (5.10.5) using Qt 5.7.1

- What I was doing when the application crashed:

When I was querying from the "start menu" the search results appeared and then the desktop crashed and restarted.

-- Backtrace (Reduced):
#7  0x00007fab4086a4c0 in QByteArray::QByteArray(char const*, int) () from /usr/lib64/libQt5Core.so.5
#8  0x00007faa3a54aa77 in DBPostingIterator::DBPostingIterator(void*, unsigned int) () from /usr/lib64/libKF5BalooEngine.so.5
#9  0x00007faa3a54ade4 in Baloo::PostingDB::prefixIter(QByteArray const&) () from /usr/lib64/libKF5BalooEngine.so.5
#10 0x00007faa3a55535f in Baloo::Transaction::postingIterator(Baloo::EngineQuery const&) const () from /usr/lib64/libKF5BalooEngine.so.5
#11 0x00007faa3a9ada2a in Baloo::SearchStore::constructQuery(Baloo::Transaction*, Baloo::Term const&) () from /usr/lib64/libKF5Baloo.so.5

Comment 56 Nate Graham 2017-10-27 20:23:04 UTC

That looks like a different crash; your backtrace isn't showing a crash in Query::exec(). I didn't say that *everything* had been fixed (I wish) :). Please feel free to report that as in new bug report!

Comment 57 John Aylward 2017-10-27 20:24:29 UTC

Thanks. I'll do that.

Comment 58 John Aylward 2017-10-27 20:28:58 UTC

Created attachment 108592 [details]
New crash information added by DrKonqi

krunner (5.10.5) using Qt 5.7.1

When searching from the desktop search (ALT+space), the query results are returned and then the desktop crashes and restarts.

This trace does show a call to Baloo::Query::exec(). So I decided to add it here. Let me know if I should open a seprate ticket for this as well.

-- Backtrace (Reduced):
#7  0x00007fd6a675c4c0 in QByteArray::QByteArray(char const*, int) () from /usr/lib64/libQt5Core.so.5
#8  0x00007fd66be26a77 in DBPostingIterator::DBPostingIterator(void*, unsigned int) () from /usr/lib64/libKF5BalooEngine.so.5
#9  0x00007fd66be26de4 in Baloo::PostingDB::prefixIter(QByteArray const&) () from /usr/lib64/libKF5BalooEngine.so.5
#10 0x00007fd66be3135f in Baloo::Transaction::postingIterator(Baloo::EngineQuery const&) const () from /usr/lib64/libKF5BalooEngine.so.5
#11 0x00007fd66c289a2a in Baloo::SearchStore::constructQuery(Baloo::Transaction*, Baloo::Term const&) () from /usr/lib64/libKF5Baloo.so.5

Comment 59 Nate Graham 2017-10-27 20:30:14 UTC

Can you file a whole new ticket, with a full backtrace? That's just another comment on this bug report (and all 52 people CCd on it are getting spammed).

Comment 60 Yury Gubich 2020-03-04 13:49:52 UTC

Created attachment 126594 [details]
New crash information added by DrKonqi

dolphin (19.12.2) using Qt 5.14.1

- What I was doing when the application crashed:
It always crashes when I select icons in dolphin. It doesn't matter which way it's done - it crashes with ctrl selection, with shift selection, with rectangle selection, with little plus button on top of the icon. 
It doesn't matter which kind of icon - it crashes on folders on textfiles on images.

- Custom settings of the application:
I have detailed info panel opened in Dolphin (F11 button). As soon as I close that panel i can select as many items as I wish without crashing

-- Backtrace (Reduced):
#8  0x00007f20faea6bd0 in mdb_get () from /usr/lib/liblmdb.so
#9  0x00007f20fcd24f53 in Baloo::DocumentDataDB::get(unsigned long long) () from /usr/lib/libKF5BalooEngine.so.5
#10 0x00007f20fcd45684 in Baloo::Transaction::documentData(unsigned long long) const () from /usr/lib/libKF5BalooEngine.so.5
#11 0x00007f20ff1bdc32 in Baloo::File::load() () from /usr/lib/libKF5Baloo.so.5
[...]
#13 0x00007f20fd8b826a in QObject::event(QEvent*) () from /usr/lib/libQt5Core.so.5