Bug 394176

Summary: plasma-discover 5.12.5 crashes when opening the flatpak metadatas of one of my games.
Product: [Applications] Discover Reporter: guillaume+bugs.kde
Component: discoverAssignee: Aleix Pol <aleixpol>
Status: RESOLVED UPSTREAM    
Severity: crash CC: guillaume+bugs.kde
Priority: NOR Keywords: drkonqi
Version First Reported In: 5.12.5   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: Flatpak files that trigger a crash

Description guillaume+bugs.kde 2018-05-12 20:14:35 UTC 
Application: plasma-discover (5.12.5)

Qt Version: 5.10.1
Frameworks Version: 5.45.0
Operating System: Linux 4.16.8-1-ARCH x86_64
Distribution: "Arch Linux"

-- Information about the crash:
- What I was doing when the application crashed:
I clicked on my flatpak package, which opens with discover.
Discover immediately crashes.

There is nothing too fancy inside the appdata.xml file, what is really different from my other packages is its size : Over 9000MB (9 651 121 440 bytes exactly).

- Custom settings of the application:
Nothing particular.

The crash can be reproduced every time.

-- Backtrace:
Application: Découvrir (plasma-discover), signal: Segmentation fault
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f133e033800 (LWP 1557))]

Thread 12 (Thread 0x7f12e17fa700 (LWP 1587)):
#0  0x00007f1335cc13f6 in pthread_cond_timedwait@@GLIBC_2.3.2 () at /usr/lib/libpthread.so.0
#1  0x00007f1339c94e51 in QWaitCondition::wait(QMutex*, unsigned long) () at /usr/lib/libQt5Core.so.5
#2  0x00007f1339c90d21 in  () at /usr/lib/libQt5Core.so.5
#3  0x00007f1339c93abd in  () at /usr/lib/libQt5Core.so.5
#4  0x00007f1335cbb075 in start_thread () at /usr/lib/libpthread.so.0
#5  0x00007f133959753f in clone () at /usr/lib/libc.so.6

Thread 11 (Thread 0x7f12e0ff9700 (LWP 1586)):
#0  0x00007f1335cc0ffc in pthread_cond_wait@@GLIBC_2.3.2 () at /usr/lib/libpthread.so.0
#1  0x00007f1339c94f9c in QWaitCondition::wait(QMutex*, unsigned long) () at /usr/lib/libQt5Core.so.5
#2  0x00007f1339c8cfec in QSemaphore::acquire(int) () at /usr/lib/libQt5Core.so.5
#3  0x00007f1339eb192a in QMetaObject::activate(QObject*, int, int, void**) () at /usr/lib/libQt5Core.so.5
#4  0x00007f1337470a9f in  () at /usr/lib/libQt5Network.so.5
#5  0x00007f133751fd76 in  () at /usr/lib/libQt5Network.so.5
#6  0x00007f1339eb1606 in QMetaObject::activate(QObject*, int, int, void**) () at /usr/lib/libQt5Core.so.5
#7  0x00007f1337437a8a in  () at /usr/lib/libQt5Network.so.5
#8  0x00007f13374382e5 in  () at /usr/lib/libQt5Network.so.5
#9  0x00007f1339eb1606 in QMetaObject::activate(QObject*, int, int, void**) () at /usr/lib/libQt5Core.so.5
#10 0x00007f133751a026 in  () at /usr/lib/libQt5Network.so.5
#11 0x00007f1337517bb7 in  () at /usr/lib/libQt5Network.so.5
#12 0x00007f1337517f68 in  () at /usr/lib/libQt5Network.so.5
#13 0x00007f1337504fd1 in  () at /usr/lib/libQt5Network.so.5
#14 0x00007f1339eb1606 in QMetaObject::activate(QObject*, int, int, void**) () at /usr/lib/libQt5Core.so.5
#15 0x00007f13374d19d4 in  () at /usr/lib/libQt5Network.so.5
#16 0x00007f13374d1a84 in  () at /usr/lib/libQt5Network.so.5
#17 0x00007f13374e2912 in  () at /usr/lib/libQt5Network.so.5
#18 0x00007f133b4c7fec in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/libQt5Widgets.so.5
#19 0x00007f133b4cf9c6 in QApplication::notify(QObject*, QEvent*) () at /usr/lib/libQt5Widgets.so.5
#20 0x00007f1339e80ce0 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/libQt5Core.so.5
#21 0x00007f1339eddece in  () at /usr/lib/libQt5Core.so.5
#22 0x00007f1333a7f368 in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#23 0x00007f1333a7f5b1 in  () at /usr/lib/libglib-2.0.so.0
#24 0x00007f1333a7f63e in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#25 0x00007f1339edd254 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#26 0x00007f1339e7f31b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#27 0x00007f1339c8e71e in QThread::exec() () at /usr/lib/libQt5Core.so.5
#28 0x00007f1339c93abd in  () at /usr/lib/libQt5Core.so.5
#29 0x00007f1335cbb075 in start_thread () at /usr/lib/libpthread.so.0
#30 0x00007f133959753f in clone () at /usr/lib/libc.so.6

Thread 10 (Thread 0x7f1301f31700 (LWP 1573)):
#0  0x00007f1335cc13f6 in pthread_cond_timedwait@@GLIBC_2.3.2 () at /usr/lib/libpthread.so.0
#1  0x00007f1339c94e51 in QWaitCondition::wait(QMutex*, unsigned long) () at /usr/lib/libQt5Core.so.5
#2  0x00007f1339c90d21 in  () at /usr/lib/libQt5Core.so.5
#3  0x00007f1339c93abd in  () at /usr/lib/libQt5Core.so.5
#4  0x00007f1335cbb075 in start_thread () at /usr/lib/libpthread.so.0
#5  0x00007f133959753f in clone () at /usr/lib/libc.so.6

Thread 9 (Thread 0x7f1302732700 (LWP 1572)):
#0  0x00007f1335cc13f6 in pthread_cond_timedwait@@GLIBC_2.3.2 () at /usr/lib/libpthread.so.0
#1  0x00007f1339c94e51 in QWaitCondition::wait(QMutex*, unsigned long) () at /usr/lib/libQt5Core.so.5
#2  0x00007f1339c90d21 in  () at /usr/lib/libQt5Core.so.5
#3  0x00007f1339c93abd in  () at /usr/lib/libQt5Core.so.5
#4  0x00007f1335cbb075 in start_thread () at /usr/lib/libpthread.so.0
#5  0x00007f133959753f in clone () at /usr/lib/libc.so.6

Thread 8 (Thread 0x7f1302f33700 (LWP 1570)):
#0  0x00007f1339588934 in read () at /usr/lib/libc.so.6
#1  0x00007f1333ac4ed1 in  () at /usr/lib/libglib-2.0.so.0
#2  0x00007f1333a7eff8 in g_main_context_check () at /usr/lib/libglib-2.0.so.0
#3  0x00007f1333a7f4c6 in  () at /usr/lib/libglib-2.0.so.0
#4  0x00007f1333a7f8e2 in g_main_loop_run () at /usr/lib/libglib-2.0.so.0
#5  0x00007f13107eb348 in  () at /usr/lib/libgio-2.0.so.0
#6  0x00007f1333aa7a2a in  () at /usr/lib/libglib-2.0.so.0
#7  0x00007f1335cbb075 in start_thread () at /usr/lib/libpthread.so.0
#8  0x00007f133959753f in clone () at /usr/lib/libc.so.6

Thread 7 (Thread 0x7f1303734700 (LWP 1568)):
#0  0x00007f133958cea9 in poll () at /usr/lib/libc.so.6
#1  0x00007f1333a7f523 in  () at /usr/lib/libglib-2.0.so.0
#2  0x00007f1333a7f63e in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#3  0x00007f1333a7f692 in  () at /usr/lib/libglib-2.0.so.0
#4  0x00007f1333aa7a2a in  () at /usr/lib/libglib-2.0.so.0
#5  0x00007f1335cbb075 in start_thread () at /usr/lib/libpthread.so.0
#6  0x00007f133959753f in clone () at /usr/lib/libc.so.6

Thread 6 (Thread 0x7f1308bf3700 (LWP 1567)):
#0  0x00007f1333ac62f0 in g_mutex_unlock () at /usr/lib/libglib-2.0.so.0
#1  0x00007f1333a7ea39 in g_main_context_prepare () at /usr/lib/libglib-2.0.so.0
#2  0x00007f1333a7f44e in  () at /usr/lib/libglib-2.0.so.0
#3  0x00007f1333a7f63e in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#4  0x00007f1339edd254 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#5  0x00007f1339e7f31b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#6  0x00007f1339c8e71e in QThread::exec() () at /usr/lib/libQt5Core.so.5
#7  0x00007f1339c93abd in  () at /usr/lib/libQt5Core.so.5
#8  0x00007f1335cbb075 in start_thread () at /usr/lib/libpthread.so.0
#9  0x00007f133959753f in clone () at /usr/lib/libc.so.6

Thread 5 (Thread 0x7f1312436700 (LWP 1566)):
#0  0x00007f1339588934 in read () at /usr/lib/libc.so.6
#1  0x00007f1333ac4ed1 in  () at /usr/lib/libglib-2.0.so.0
#2  0x00007f1333a7eff8 in g_main_context_check () at /usr/lib/libglib-2.0.so.0
#3  0x00007f1333a7f4c6 in  () at /usr/lib/libglib-2.0.so.0
#4  0x00007f1333a7f63e in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#5  0x00007f1339edd254 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#6  0x00007f1339e7f31b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#7  0x00007f1339c8e71e in QThread::exec() () at /usr/lib/libQt5Core.so.5
#8  0x00007f133d0da50b in  () at /usr/lib/libQt5Quick.so.5
#9  0x00007f1339c93abd in  () at /usr/lib/libQt5Core.so.5
#10 0x00007f1335cbb075 in start_thread () at /usr/lib/libpthread.so.0
#11 0x00007f133959753f in clone () at /usr/lib/libc.so.6

Thread 4 (Thread 0x7f13210d2700 (LWP 1565)):
#0  0x00007f1333ac62f4 in g_mutex_unlock () at /usr/lib/libglib-2.0.so.0
#1  0x00007f1333a7ea39 in g_main_context_prepare () at /usr/lib/libglib-2.0.so.0
#2  0x00007f1333a7f44e in  () at /usr/lib/libglib-2.0.so.0
#3  0x00007f1333a7f63e in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#4  0x00007f1339edd254 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#5  0x00007f1339e7f31b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#6  0x00007f1339c8e71e in QThread::exec() () at /usr/lib/libQt5Core.so.5
#7  0x00007f133a88e319 in  () at /usr/lib/libQt5Qml.so.5
#8  0x00007f1339c93abd in  () at /usr/lib/libQt5Core.so.5
#9  0x00007f1335cbb075 in start_thread () at /usr/lib/libpthread.so.0
#10 0x00007f133959753f in clone () at /usr/lib/libc.so.6

Thread 3 (Thread 0x7f13222e3700 (LWP 1564)):
#0  0x00007f133958cea9 in poll () at /usr/lib/libc.so.6
#1  0x00007f1333a7f523 in  () at /usr/lib/libglib-2.0.so.0
#2  0x00007f1333a7f63e in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#3  0x00007f1339edd254 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#4  0x00007f1339e7f31b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#5  0x00007f1339c8e71e in QThread::exec() () at /usr/lib/libQt5Core.so.5
#6  0x00007f133bbe4416 in  () at /usr/lib/libQt5DBus.so.5
#7  0x00007f1339c93abd in  () at /usr/lib/libQt5Core.so.5
#8  0x00007f1335cbb075 in start_thread () at /usr/lib/libpthread.so.0
#9  0x00007f133959753f in clone () at /usr/lib/libc.so.6

Thread 2 (Thread 0x7f132b385700 (LWP 1563)):
#0  0x00007f133958cea9 in poll () at /usr/lib/libc.so.6
#1  0x00007f1333816180 in  () at /usr/lib/libxcb.so.1
#2  0x00007f1333817e4b in xcb_wait_for_event () at /usr/lib/libxcb.so.1
#3  0x00007f132e13082a in  () at /usr/lib/libQt5XcbQpa.so.5
#4  0x00007f1339c93abd in  () at /usr/lib/libQt5Core.so.5
#5  0x00007f1335cbb075 in start_thread () at /usr/lib/libpthread.so.0
#6  0x00007f133959753f in clone () at /usr/lib/libc.so.6

Thread 1 (Thread 0x7f133e033800 (LWP 1557)):
[KCrash Handler]
#6  0x00007f1333ac105a in g_variant_serialised_n_children () at /usr/lib/libglib-2.0.so.0
#7  0x00007f1333abca0d in g_variant_n_children () at /usr/lib/libglib-2.0.so.0
#8  0x00007f1333ab8339 in g_variant_iter_init () at /usr/lib/libglib-2.0.so.0
#9  0x00007f1333ab859d in g_variant_lookup_value () at /usr/lib/libglib-2.0.so.0
#10 0x00007f1310ad2190 in flatpak_bundle_ref_new () at /usr/lib/libflatpak.so.0
#11 0x00007f1310f9723b in  () at /usr/lib/qt/plugins/discover/flatpak-backend.so
#12 0x00007f1310f97dcb in  () at /usr/lib/qt/plugins/discover/flatpak-backend.so
#13 0x00007f133cd6c7b3 in ResourcesModel::resourceForFile(QUrl const&) () at /usr/lib/plasma-discover/libDiscoverCommon.so
#14 0x000055ef6872e27b in  ()
#15 0x000055ef687313c2 in  ()
#16 0x00007f1339eb172f in QMetaObject::activate(QObject*, int, int, void**) () at /usr/lib/libQt5Core.so.5
#17 0x00007f133cd6daf1 in ResourcesModel::registerAllBackends() () at /usr/lib/plasma-discover/libDiscoverCommon.so
#18 0x00007f133cd92e46 in  () at /usr/lib/plasma-discover/libDiscoverCommon.so
#19 0x00007f1339eb2052 in QObject::event(QEvent*) () at /usr/lib/libQt5Core.so.5
#20 0x00007f133b4c7fec in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/libQt5Widgets.so.5
#21 0x00007f133b4cf9c6 in QApplication::notify(QObject*, QEvent*) () at /usr/lib/libQt5Widgets.so.5
#22 0x00007f1339e80ce0 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/libQt5Core.so.5
#23 0x00007f1339e83946 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () at /usr/lib/libQt5Core.so.5
#24 0x00007f1339eddc44 in  () at /usr/lib/libQt5Core.so.5
#25 0x00007f1333a7f368 in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#26 0x00007f1333a7f5b1 in  () at /usr/lib/libglib-2.0.so.0
#27 0x00007f1333a7f63e in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#28 0x00007f1339edd231 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#29 0x00007f132e1b8482 in  () at /usr/lib/libQt5XcbQpa.so.5
#30 0x00007f1339e7f31b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#31 0x00007f1339e88718 in QCoreApplication::exec() () at /usr/lib/libQt5Core.so.5
#32 0x000055ef6872ad6f in  ()
#33 0x00007f13394c206b in __libc_start_main () at /usr/lib/libc.so.6
#34 0x000055ef6872affa in _start ()

Reported using DrKonqi
Comment 1 Aleix Pol 2018-05-14 12:38:30 UTC 
Having a proper backtrace with debug symbols would help and being able to try the flatpak file couldn't hurt. The fact that it's over 9GiB will certainly make it harder to test.
Comment 2 guillaume+bugs.kde 2018-05-14 13:13:00 UTC 
Hello, i am sorry for the missing debug symbols, its only installed from archlinux, using repository packages.

Unfortunately, i can't send you the .flatpak file for two reasons :
1/ It's size, and the fact that i use internet through 4G connection with monthly quota. Sending you the file would be a nice cut to this quota.
2/ I am currently packaging my linux (proprietary) games, and i can't publish the content ... Best i could do, is providing all the files used to build the package, but for the game itself ...

I guess that for 1/, you would expect me to have debug symbols for both plasma-discover and Qt, which would be a huge task for me to do :x
Comment 3 guillaume+bugs.kde 2018-05-14 13:15:58 UTC 
Maybe it would be possible to reproduce with a dummy package that would contain random files of big size, that may help...

Do you need me to do that ?
like a flatpak JSON file that creates multiple GB files from reading /dev/urandom, create the .flatpak file, then trying to open it with discover.

That maybe help you to get a repeatable crash.
Comment 4 Aleix Pol 2018-05-15 10:43:32 UTC 
Having a small flatpak file that reproduces the crash would be ideal.
Comment 5 guillaume+bugs.kde 2018-05-16 06:02:45 UTC 
Created attachment 112681 [details]
Flatpak files that trigger a crash

Here is what creates a .flatpak file that will make plasma-discover to crash.

What you need to do to build the .flatpak file :
dd if=/dev/urandom bs=1M count=2000 of=file.0
dd if=/dev/urandom bs=1M count=2000 of=file.1
dd if=/dev/urandom bs=1M count=2000 of=file.2
dd if=/dev/urandom bs=1M count=2000 of=file.3
dd if=/dev/urandom bs=1M count=2000 of=file.4

flatpak-builder -v --user --force-clean --arch=i386 --repo=test com.DiscoverCrash.Base DiscoverCrash.json
flatpak build-bundle --arch=i386 test Discover.Crash.flatpak com.DiscoverCrash.Base


Then open Discover.Crash.flatpak with plasma-discover.
There is a thing that seems strange to me : Before crashing, it will allocate a lot of ram (that maybe be the cause of the crash), while we only expect to show the metadata of the package. Is flatpak forcing to map into memory the whole package only to read a small file ? There may have a design problem here
Comment 6 Christoph Feck 2018-06-06 20:30:28 UTC 
Thanks for the update; changing status.
Comment 7 Aleix Pol 2018-06-08 14:50:21 UTC 
It's a bug in libflatpak, also Gnome Software has the issue.
I reported it upstream:
https://github.com/flatpak/flatpak/issues/1765