Application: plasma-discover (5.26.4) Qt Version: 5.15.7 Frameworks Version: 5.101.0 Operating System: Linux 6.0.0-6-amd64 x86_64 Windowing System: X11 Distribution: Debian GNU/Linux bookworm/sid DrKonqi: 5.26.4 [KCrashBackend] -- Information about the crash: Everytime when I was installing a Flatpak app, Discover crashes. The crash can be reproduced every time. -- Backtrace: Application: Discover (plasma-discover), signal: Segmentation fault [KCrash Handler] #4 0x00007fc3a34e8abd in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5 #5 0x00007fc3a5713db2 in ResultsStream::resourcesFound(QVector<AbstractResource*> const&) () from /usr/lib/x86_64-linux-gnu/plasma-discover/libDiscoverCommon.so #6 0x00007fc3640292f2 in ?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/discover/flatpak-backend.so #7 0x00007fc3a34dd770 in QObject::event(QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 #8 0x00007fc3a4762f5e in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 #9 0x00007fc3a34b17c8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 #10 0x00007fc3a34b4761 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 #11 0x00007fc3a350a1d3 in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5 #12 0x00007fc3a1d1e7a9 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #13 0x00007fc3a1d1ea38 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #14 0x00007fc3a1d1eacc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #15 0x00007fc3a35098b6 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 #16 0x00007fc3a34b024b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 #17 0x00007fc3a34b83b6 in QCoreApplication::exec() () from /lib/x86_64-linux-gnu/libQt5Core.so.5 #18 0x000055b8d3460217 in ?? () #19 0x00007fc3a304618a in __libc_start_call_main (main=main@entry=0x55b8d345f920, argc=argc@entry=1, argv=argv@entry=0x7ffeabc84608) at ../sysdeps/nptl/libc_start_call_main.h:58 #20 0x00007fc3a3046245 in __libc_start_main_impl (main=0x55b8d345f920, argc=1, argv=0x7ffeabc84608, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffeabc845f8) at ../csu/libc-start.c:381 #21 0x000055b8d3460781 in ?? () [Inferior 1 (process 74930) detached] The reporter indicates this bug may be a duplicate of or related to bug 460900, bug 462011. Reported using DrKonqi
Thank you for the bug report! Unfortunately the backtrace is incomplete and missing debug symbols for the following lines that we need to figure out exactly what's going wrong: > #6 0x00007fc3640292f2 in ?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/discover/flatpak-backend.so Could you please install debug symbols for Discover's Flatpak backend package, reproduce the crash, and attach a new symbolicated backtrace? See https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports Thanks again!
This is probably the same use-after-free issue as I encountered and debugged in https://bugs.kde.org/show_bug.cgi?id=464517#c1 in 5.27 Beta.
*** Bug 466955 has been marked as a duplicate of this bug. ***
*** Bug 467027 has been marked as a duplicate of this bug. ***
*** Bug 473611 has been marked as a duplicate of this bug. ***
*** Bug 474068 has been marked as a duplicate of this bug. ***
*** Bug 472673 has been marked as a duplicate of this bug. ***
*** Bug 475602 has been marked as a duplicate of this bug. ***
Hit something in valgrind, it implies memory corruption in unrelated code ==35441== Thread 1: ==35441== Invalid read of size 8 ==35441== at 0x76C2875: get (qscopedpointer.h:112) ==35441== by 0x76C2875: qGetPtrHelper<QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> > > (qtclasshelpermacros.h:79) ==35441== by 0x76C2875: d_func (qobject.h:95) ==35441== by 0x76C2875: get (src/qtbase/src/corelib/kernel/qobject_p.h:153) ==35441== by 0x76C2875: void doActivate<false>(QObject*, int, void**) (src/qtbase/src/corelib/kernel/qobject.cpp:3903) ==35441== by 0x4A85CE2: ResultsStream::resourcesFound(QList<StreamResult> const&) (moc_AbstractResourcesBackend.cpp:187) ==35441== by 0x21D55041: FlatpakBackend::search(AbstractResourcesBackend::Filters const&)::$_2::operator()() const (src/kde/workspace/discover/libdiscover/backends/FlatpakBackend/FlatpakBackend.cpp:1630) ==35441== by 0x21D54855: QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, FlatpakBackend::search(AbstractResourcesBackend::Filters const&)::$_2>::call(FlatpakBackend::search(AbstractResourcesBackend::Filters const&)::$_2&, void**) (qobjectdefs_impl.h:137) ==35441== by 0x21D547F0: void QtPrivate::Functor<FlatpakBackend::search(AbstractResourcesBackend::Filters const&)::$_2, 0>::call<QtPrivate::List<>, void>(FlatpakBackend::search(AbstractResourcesBackend::Filters const&)::$_2&, void*, void**) (qobjectdefs_impl.h:339) ==35441== by 0x21D5473D: QtPrivate::QCallableObject<FlatpakBackend::search(AbstractResourcesBackend::Filters const&)::$_2, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (qobjectdefs_impl.h:522) ==35441== by 0x76B76F6: QObject::event(QEvent*) (src/qtbase/src/corelib/kernel/qobject.cpp:1437) ==35441== by 0x506B8A3: QApplicationPrivate::notify_helper(QObject*, QEvent*) (src/qtbase/src/widgets/kernel/qapplication.cpp:3295) ==35441== by 0x506C734: QApplication::notify(QObject*, QEvent*) (src/qtbase/src/widgets/kernel/qapplication.cpp:0) ==35441== by 0x76717B2: QCoreApplication::notifyInternal2(QObject*, QEvent*) (src/qtbase/src/corelib/kernel/qcoreapplication.cpp:1119) ==35441== by 0x767284B: sendEvent (src/qtbase/src/corelib/kernel/qcoreapplication.cpp:1537) ==35441== by 0x767284B: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (src/qtbase/src/corelib/kernel/qcoreapplication.cpp:1899) ==35441== by 0x78D6E02: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (src/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:243) ==35441== Address 0x1f570f38 is 8 bytes inside a block of size 16 free'd ==35441== at 0x484412F: free (vg_replace_malloc.c:974) ==35441== by 0x88501C6: g_datalist_clear (gdataset.c:277) ==35441== by 0xB2BB05C: as_image_finalize (as-image.c:65) ==35441== by 0xB3508B3: UnknownInlinedFun (gobject.c:3941) ==35441== by 0xB3508B3: g_object_unref (gobject.c:3805) ==35441== by 0x883849D: ptr_array_free (garray.c:1942) ==35441== by 0xB2D3333: as_screenshot_finalize (as-screenshot.c:89) ==35441== by 0xB3508B3: UnknownInlinedFun (gobject.c:3941) ==35441== by 0xB3508B3: g_object_unref (gobject.c:3805) ==35441== by 0x883849D: ptr_array_free (garray.c:1942) ==35441== by 0xB2A73BF: as_component_finalize (as-component.c:491) ==35441== by 0xB3508B3: UnknownInlinedFun (gobject.c:3941) ==35441== by 0xB3508B3: g_object_unref (gobject.c:3805) ==35441== by 0x84BBFFF: AppStream::ComponentData::~ComponentData() (component.cpp:91) ==35441== by 0x84BC416: QSharedDataPointer<AppStream::ComponentData>::~QSharedDataPointer() (qshareddata.h:56) ==35441== Block was alloc'd at ==35441== at 0x4841848: malloc (vg_replace_malloc.c:431) ==35441== by 0x8879712: g_malloc (gmem.c:130) ==35441== by 0xB342B37: g_object_notify_queue_freeze.lto_priv.0 (gobject.c:303) ==35441== by 0xB3507D6: UnknownInlinedFun (gobject.c:3890) ==35441== by 0xB3507D6: g_object_unref (gobject.c:3805) ==35441== by 0x883849D: ptr_array_free (garray.c:1942) ==35441== by 0xB2D3333: as_screenshot_finalize (as-screenshot.c:89) ==35441== by 0xB3508B3: UnknownInlinedFun (gobject.c:3941) ==35441== by 0xB3508B3: g_object_unref (gobject.c:3805) ==35441== by 0x883849D: ptr_array_free (garray.c:1942) ==35441== by 0xB2A73BF: as_component_finalize (as-component.c:491) ==35441== by 0xB3508B3: UnknownInlinedFun (gobject.c:3941) ==35441== by 0xB3508B3: g_object_unref (gobject.c:3805) ==35441== by 0x84BBFFF: AppStream::ComponentData::~ComponentData() (component.cpp:91) ==35441== by 0x84BC416: QSharedDataPointer<AppStream::ComponentData>::~QSharedDataPointer() (qshareddata.h:56)
(In reply to David Edmundson from comment #9) > Hit something in valgrind, it implies memory corruption in unrelated code See comment #2.
Yeah, I found other instances of the network cache being 0 for the same root cause. I've now plugged all of them and have local asserts on my Qt builds. I'll backport those fixes, and we'll consider this closed until new information shows otherwise.
A possibly relevant merge request was started @ https://invent.kde.org/plasma/discover/-/merge_requests/675
*** Bug 476999 has been marked as a duplicate of this bug. ***
*** Bug 478394 has been marked as a duplicate of this bug. ***
*** Bug 478757 has been marked as a duplicate of this bug. ***
*** Bug 479421 has been marked as a duplicate of this bug. ***
*** Bug 480830 has been marked as a duplicate of this bug. ***
(In reply to David Edmundson from comment #11) > I'll backport those fixes, and we'll consider this closed until new > information shows otherwise. I think all those new duplicates require a reopening.
This should be fixed with https://invent.kde.org/plasma/discover/-/merge_requests/751. Unfortunately it was a large refactor and had to be merged for Plasma 6.1 only, not 6.0. We're also investigating targeted fixes we can make for 6.0, but no guarantees on that.
*** Bug 482073 has been marked as a duplicate of this bug. ***