Bug 503325

Summary: Apparent heap corruption
Product: [Frameworks and Libraries] frameworks-solid Reporter: aprilkahny
Component: generalAssignee: Unassigned bugs <unassigned-bugs-null>
Status: REPORTED ---    
Severity: crash CC: kdelibs-bugs-null, lukas, nate
Priority: NOR Keywords: drkonqi
Version First Reported In: 6.13.0   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report: https://crash-reports.kde.org/organizations/kde/issues/168495/events/2e07600639244fef89b89c1db41c8ef6/
Attachments: New crash information added by DrKonqi

Description aprilkahny 2025-04-25 05:27:22 UTC 
Application: plasmashell (6.3.4)

ApplicationNotResponding [ANR]: false
Qt Version: 6.9.0
Frameworks Version: 6.13.0
Operating System: Linux 6.14.3-arch1-1 x86_64
Windowing System: Wayland
Distribution: "Arch Linux"
DrKonqi: 6.3.4 [CoredumpBackend]

-- Information about the crash:
I unplugged my USB and it caused the system to crash. I can't know for sure what caused it. I was running WoeUSB on it, which stalled at some point and ^C didn't kill it so I did it myself. I was playing TF2 and decided to unplug it, when it brought down plasma shell with it.

Looking at the stack trace, there was some heap corruption at some point that caused a malloc to freak out and kill plasmashell, and I believe the trace shows it was running the detach code at the time so it isn't some coincidence. I don't know for sure where the heap corruption came from.

The reporter is unsure if this crash is reproducible.

-- Backtrace (Reduced):
#5  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#6  0x0000761438aa56d3 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:89
#7  0x0000761438a4bba0 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#8  0x0000761438a33582 in __GI_abort () at abort.c:73
#9  0x0000761438a343bf in __libc_message_impl (fmt=fmt@entry=0x761438bc131f "%s\n") at ../sysdeps/posix/libc_fatal.c:134


Reported using DrKonqi
Comment 1 aprilkahny 2025-04-25 05:27:24 UTC 
Created attachment 180628 [details]
New crash information added by DrKonqi

DrKonqi auto-attaching complete backtrace.
Comment 2 aprilkahny 2025-04-25 05:42:09 UTC 
unplugging the USB while running WoeUSB again did not recreate the crash.
Comment 3 Nate Graham 2025-04-25 11:41:30 UTC 
Thread 1 (Thread 0x7612e97f06c0 (LWP 9476)):
[KCrash Handler]
#5  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#6  0x0000761438aa56d3 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:89
#7  0x0000761438a4bba0 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#8  0x0000761438a33582 in __GI_abort () at abort.c:73
#9  0x0000761438a343bf in __libc_message_impl (fmt=fmt@entry=0x761438bc131f "%s\n") at ../sysdeps/posix/libc_fatal.c:134
#10 0x0000761438aaf765 in malloc_printerr (str=str@entry=0x761438bc4ac8 "malloc(): unaligned tcache chunk detected") at malloc.c:5829
#11 0x0000761438ab448c in tcache_get_n (tc_idx=<optimized out>, ep=<optimized out>) at malloc.c:3185
#12 tcache_get (tc_idx=<optimized out>) at malloc.c:3201
#13 tcache_try_malloc (bytes=60, memptr=<synthetic pointer>) at malloc.c:3364
#14 __GI___libc_malloc (bytes=60) at malloc.c:3395
#15 0x0000761439271f88 in allocateData (allocSize=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/tools/qarraydata.cpp:139
#16 allocateHelper (objectSize=2, alignment=16, capacity=<optimized out>, option=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/tools/qarraydata.cpp:181
#17 allocateHelper (objectSize=2, alignment=16, capacity=<optimized out>, option=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/tools/qarraydata.cpp:157
#18 QArrayData::allocate2 (dptr=0x7612e97eeef0, capacity=<optimized out>, option=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/tools/qarraydata.cpp:220
#19 0x0000761439423fa4 in QTypedArrayData<char16_t>::allocate (capacity=<optimized out>, option=QArrayData::KeepSize) at /usr/src/debug/qt6-base/qtbase/src/corelib/tools/qarraydata.h:139
#20 QArrayDataPointer<char16_t>::QArrayDataPointer (this=<optimized out>, alloc=<optimized out>, n=<optimized out>, option=QArrayData::KeepSize) at /usr/src/debug/qt6-base/qtbase/src/corelib/tools/qarraydatapointer.h:58
#21 QString::QString(long long, Qt::Initialization) [clone .constprop.1] (this=0x7612e97eef60, size=21) at /usr/src/debug/qt6-base/qtbase/src/corelib/text/qstring.cpp:2538
#22 0x000076143923a367 in QUtf8::convertToUnicode (in=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/text/qstringconverter.cpp:804
#23 QString::fromUtf8 (ba=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/text/qstring.cpp:6060
#24 0x000076143a260d82 in QDBusDemarshaller::toStringUnchecked (this=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/dbus/qdbusdemarshaller.cpp:100
#25 QDBusDemarshaller::toString (this=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/dbus/qdbusdemarshaller.cpp:106
#26 QDBusArgument::operator>>(QString&) const [clone .part.0] [clone .isra.0] (arg=..., this=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/dbus/qdbusargument.cpp:697
#27 0x000076143a1ea7b3 in QDBusArgument::operator>> (this=this@entry=0x7612e97ef180, arg=...) at /usr/src/debug/qt6-base/qtbase/src/dbus/qdbusargument.cpp:699
#28 0x000076143bd363f6 in operator>><QMap, QString, QVariant, true>(QDBusArgument const&, QMap<QString, QVariant>&) [clone .isra.0] (arg=..., map=...) at /usr/include/qt6/QtDBus/qdbusargument.h:274
#29 0x000076143bd07054 in qdbus_cast<QMap<QString, QVariant> > (arg=...) at /usr/include/qt6/QtDBus/qdbusargument.h:130
#30 qdbus_cast<QMap<QString, QVariant> > (v=...) at /usr/include/qt6/QtDBus/qdbusargument.h:137
#31 QDBusPendingReply<QMap<QString, QVariant> >::argumentAt<0> (this=0x7612e97ef0d0) at /usr/include/qt6/QtDBus/qdbuspendingreply.h:81
#32 QDBusPendingReply<QMap<QString, QVariant> >::value (this=0x7612e97ef0d0) at /usr/include/qt6/QtDBus/qdbuspendingreply.h:97
#33 Solid::Backends::UDisks2::DeviceBackend::allProperties (this=this@entry=0x7613680923a0) at /usr/src/debug/solid/solid-6.13.0/src/solid/devices/backends/udisks2/udisksdevicebackend.cpp:138
#34 0x000076143bd0a0dc in Solid::Backends::UDisks2::DeviceBackend::slotInterfacesRemoved (object_path=..., this=0x7613680923a0, interfaces=...) at /usr/src/debug/solid/solid-6.13.0/src/solid/devices/backends/udisks2/udisksdevicebackend.cpp:251
#35 Solid::Backends::UDisks2::DeviceBackend::slotInterfacesRemoved (this=0x7613680923a0, object_path=..., interfaces=...) at /usr/src/debug/solid/solid-6.13.0/src/solid/devices/backends/udisks2/udisksdevicebackend.cpp:238
#36 Solid::Backends::UDisks2::DeviceBackend::qt_static_metacall (_o=0x7613680923a0, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at /usr/src/debug/solid/build/src/solid/KF6Solid_autogen/include/moc_udisksdevicebackend.cpp:106
#37 0x000076143bd0a4da in Solid::Backends::UDisks2::DeviceBackend::qt_metacall (this=0x7613680923a0, _c=QMetaObject::InvokeMetaMethod, _id=3, _a=0x7612e97ef498) at /usr/src/debug/solid/build/src/solid/KF6Solid_autogen/include/moc_udisksdevicebackend.cpp:160
#38 0x000076143a203742 in QDBusConnectionPrivate::deliverCall (this=0x76142c00d890, object=0x7613680923a0, msg=..., metaTypes=..., slotIdx=7) at /usr/src/debug/qt6-base/qtbase/src/dbus/qdbusintegrator.cpp:1007
#39 0x00007614391a54aa in QObject::event (this=0x7613680923a0, e=0x76142c068070) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qobject.cpp:1431
#40 0x000076143b4fed9e in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x7613680923a0, e=0x76142c068070) at /usr/src/debug/qt6-base/qtbase/src/widgets/kernel/qapplication.cpp:3301
#41 0x000076143915a018 in QCoreApplication::notifyInternal2 (receiver=0x7613680923a0, event=event@entry=0x76142c068070) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1106
#42 0x000076143915a3f2 in QCoreApplication::sendEvent (receiver=<optimized out>, event=0x76142c068070) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1546
#43 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5def47a57270) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1879
#44 0x00007614393cfea8 in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1733
#45 postEventSourceDispatch (s=s@entry=0x7613680011b0) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:246
#46 0x0000761437ddd1e4 in g_main_dispatch (context=0x761368000ef0) at ../glib/glib/gmain.c:3398
#47 0x0000761437e40e97 in g_main_context_dispatch_unlocked (context=0x761368000ef0) at ../glib/glib/gmain.c:4249
#48 g_main_context_iterate_unlocked.isra.0 (context=context@entry=0x761368000ef0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/glib/gmain.c:4314
#49 0x0000761437ddc615 in g_main_context_iteration (context=0x761368000ef0, may_block=1) at ../glib/glib/gmain.c:4379
#50 0x00007614393cd59d in QEventDispatcherGlib::processEvents (this=0x761368000e00, flags=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:399
#51 0x0000761439165376 in QEventLoop::processEvents (this=0x7612e97efaf0, flags=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventloop.cpp:104
#52 QEventLoop::exec (this=0x7612e97efaf0, flags=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventloop.cpp:186
#53 0x000076143925a629 in QThread::exec (this=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/thread/qthread.cpp:644
#54 QThread::run (this=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/thread/qthread.cpp:765
#55 0x00007614392e44ff in operator() (__closure=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/thread/qthread_unix.cpp:433
#56 (anonymous namespace)::terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > (t=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/thread/qthread_unix.cpp:365
#57 QThreadPrivate::start (arg=0x5def47694760) at /usr/src/debug/qt6-base/qtbase/src/corelib/thread/qthread_unix.cpp:393
#58 0x0000761438aa3708 in start_thread (arg=<optimized out>) at pthread_create.c:448
#59 0x0000761438b27aac in __GI___clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Reported using DrKonqi