[Discover] [Bug 402848] Discover 5.14.4 crashed when clicking on Checking for updates and about 50 notifications appeared

Fri, 04 Jan 2019 03:18:11 -0800 

https://bugs.kde.org/show_bug.cgi?id=402848

--- Comment #2 from Matt Fagnani <matthew.fagn...@utoronto.ca> ---
I ran valgrind --leak-check=no --log-file=valgrind-discover-5.14.5-1.txt
plasma-discover & The valgrind output following the crash showed an invalid
read of size 4 in QHttpNetworkConnectionChannel::sendRequest() at
qhttpnetworkconnectionchannel.cpp:251 like in the trace of the crashing thread.
The line "Address 0x0 is not stack'd, malloc'd or (recently) free'd" likely
means a null pointer is involved and might be dereferenced leading to the
segmentation fault.

==5133== Thread 9 QNetworkAccessMa:
==5133== Invalid read of size 4
==5133==    at 0x6AA623B: QHttpNetworkConnectionChannel::sendRequest()
(qhttpnetworkconnectionchannel.cpp:251)
==5133==    by 0x6AA4A5A: QHttpNetworkConnectionPrivate::_q_startNextRequest()
(qhttpnetworkconnection.cpp:1044)
==5133==    by 0x6F18FC5: placeMetaCall (qobject.cpp:506)
==5133==    by 0x6F18FC5: QMetaCallEvent::placeMetaCall(QObject*)
(qobject.cpp:501)
==5133==    by 0x6F1C4B2: QObject::event(QEvent*) (qobject.cpp:1251)
==5133==    by 0x59ADD89: QApplicationPrivate::notify_helper(QObject*, QEvent*)
(qapplication.cpp:3726)
==5133==    by 0x59B5E38: QApplication::notify(QObject*, QEvent*)
(qapplication.cpp:3485)
==5133==    by 0x6EF0BB5: QCoreApplication::notifyInternal2(QObject*, QEvent*)
(qcoreapplication.cpp:1047)
==5133==    by 0x6EF4067: sendEvent (qcoreapplication.h:234)
==5133==    by 0x6EF4067: QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) (qcoreapplication.cpp:1744)
==5133==    by 0x6EF447A: QCoreApplication::sendPostedEvents(QObject*, int)
(qcoreapplication.cpp:1598)
==5133==    by 0x6F48166: postEventSourceDispatch(_GSource*, int (*)(void*),
void*) (qeventdispatcher_glib.cpp:276)
==5133==    by 0x9FED3F4: g_main_dispatch (gmain.c:3182)
==5133==    by 0x9FED3F4: g_main_context_dispatch (gmain.c:3847)
==5133==    by 0x9FED7D8: g_main_context_iterate.isra.20 (gmain.c:3920)
==5133==  Address 0x0 is not stack'd, malloc'd or (recently) free'd


Two invalid reads of size 2 in socketNotifierSourceCheck at
qeventdispatcher_glib.cpp:88 and socketNotifierSourceCheck at
qeventdispatcher_glib.cpp:79 appear to be use-after-free errors since they have
lines like "Address 0xcbdff66 is 6 bytes inside a block of size 12 free'd"
Invalid data from those errors might lead to the crash.

==5133== Thread 3 QDBusConnectionM:
==5133== Invalid read of size 2
==5133==    at 0x6F47CCC: socketNotifierSourceCheck(_GSource*)
(qeventdispatcher_glib.cpp:88)
==5133==    by 0x9FED0F1: g_main_context_check (gmain.c:3753)
==5133==    by 0x9FED6E4: g_main_context_iterate.isra.20 (gmain.c:3917)
==5133==    by 0x9FED88A: g_main_context_iteration (gmain.c:3981)
==5133==    by 0x6F47E2C:
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(qeventdispatcher_glib.cpp:422)
==5133==    by 0x6EEF8BE:
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:214)
==5133==    by 0x6D58CB0: QThread::exec() (qthread.cpp:525)
==5133==    by 0x580C0CF: QDBusConnectionManager::run()
(qdbusconnection.cpp:178)
==5133==    by 0x6D637E8: QThreadPrivate::start(void*) (qthread_unix.cpp:367)
==5133==    by 0x78FD5DD: start_thread (pthread_create.c:486)
==5133==    by 0x7527979: clone (clone.S:108)
==5133==  Address 0xcbdff66 is 6 bytes inside a block of size 12 free'd
==5133==    at 0x4836D85: operator delete(void*, unsigned int)
(vg_replace_malloc.c:591)
==5133==    by 0x6F485DF:
QEventDispatcherGlib::unregisterSocketNotifier(QSocketNotifier*)
(qeventdispatcher_glib.cpp:503)
==5133==    by 0x6F27AF1: QSocketNotifier::setEnabled(bool)
(qsocketnotifier.cpp:246)
==5133==    by 0x6F47CC4: socketNotifierSourceCheck(_GSource*)
(qeventdispatcher_glib.cpp:88)
==5133==    by 0x9FED0F1: g_main_context_check (gmain.c:3753)
==5133==    by 0x9FED6E4: g_main_context_iterate.isra.20 (gmain.c:3917)
==5133==    by 0x9FED88A: g_main_context_iteration (gmain.c:3981)
==5133==    by 0x6F47E2C:
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(qeventdispatcher_glib.cpp:422)
==5133==    by 0x6EEF8BE:
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:214)
==5133==    by 0x6D58CB0: QThread::exec() (qthread.cpp:525)
==5133==    by 0x580C0CF: QDBusConnectionManager::run()
(qdbusconnection.cpp:178)
==5133==    by 0x6D637E8: QThreadPrivate::start(void*) (qthread_unix.cpp:367)
==5133==  Block was alloc'd at
==5133==    at 0x4835C89: operator new(unsigned int) (vg_replace_malloc.c:338)
==5133==    by 0x6F484AC:
QEventDispatcherGlib::registerSocketNotifier(QSocketNotifier*)
(qeventdispatcher_glib.cpp:459)
==5133==    by 0x6F279E5: QSocketNotifier::QSocketNotifier(int,
QSocketNotifier::Type, QObject*) (qsocketnotifier.cpp:155)
==5133==    by 0x58174F8: qDBusAddWatch (qdbusintegrator.cpp:213)
==5133==    by 0x7B41688: _dbus_watch_list_set_functions (in
/usr/lib/libdbus-1.so.3.19.8)
==5133==    by 0x7B25219: dbus_connection_set_watch_functions (in
/usr/lib/libdbus-1.so.3.19.8)
==5133==    by 0x581A00A: q_dbus_connection_set_watch_functions
(qdbus_symbols_p.h:229)
==5133==    by 0x581A00A:
QDBusConnectionPrivate::setConnection(DBusConnection*, QDBusErrorInternal
const&) (qdbusintegrator.cpp:1794)
==5133==    by 0x580E6F7:
QDBusConnectionManager::executeConnectionRequest(QDBusConnectionManager::ConnectionRequestData*)
(qdbusconnection.cpp:289)
==5133==    by 0x6F18F63: call (qobjectdefs_impl.h:376)
==5133==    by 0x6F18F63: QMetaCallEvent::placeMetaCall(QObject*)
(qobject.cpp:504)
==5133==    by 0x6F1C4B2: QObject::event(QEvent*) (qobject.cpp:1251)
==5133==    by 0x6D58DDA: QThread::event(QEvent*) (qthread.cpp:832)
==5133==    by 0x6EF0B11: doNotify(QObject*, QEvent*)
(qcoreapplication.cpp:1137)
==5133== 
==5133== Invalid read of size 2
==5133==    at 0x6F47C30: socketNotifierSourceCheck(_GSource*)
(qeventdispatcher_glib.cpp:79)
==5133==    by 0x9FED0F1: g_main_context_check (gmain.c:3753)
==5133==    by 0x9FED6E4: g_main_context_iterate.isra.20 (gmain.c:3917)
==5133==    by 0x9FED88A: g_main_context_iteration (gmain.c:3981)
==5133==    by 0x6F47E2C:
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(qeventdispatcher_glib.cpp:422)
==5133==    by 0x6EEF8BE:
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:214)
==5133==    by 0x6D58CB0: QThread::exec() (qthread.cpp:525)
==5133==    by 0x580C0CF: QDBusConnectionManager::run()
(qdbusconnection.cpp:178)
==5133==    by 0x6D637E8: QThreadPrivate::start(void*) (qthread_unix.cpp:367)
==5133==    by 0x78FD5DD: start_thread (pthread_create.c:486)
==5133==    by 0x7527979: clone (clone.S:108)
==5133==  Address 0xcbdff64 is 4 bytes inside a block of size 12 free'd
==5133==    at 0x4836D85: operator delete(void*, unsigned int)
(vg_replace_malloc.c:591)
==5133==    by 0x6F485DF:
QEventDispatcherGlib::unregisterSocketNotifier(QSocketNotifier*)
(qeventdispatcher_glib.cpp:503)
==5133==    by 0x6F27AF1: QSocketNotifier::setEnabled(bool)
(qsocketnotifier.cpp:246)
==5133==    by 0x6F47CC4: socketNotifierSourceCheck(_GSource*)
(qeventdispatcher_glib.cpp:88)
==5133==    by 0x9FED0F1: g_main_context_check (gmain.c:3753)
==5133==    by 0x9FED6E4: g_main_context_iterate.isra.20 (gmain.c:3917)
==5133==    by 0x9FED88A: g_main_context_iteration (gmain.c:3981)
==5133==    by 0x6F47E2C:
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(qeventdispatcher_glib.cpp:422)
==5133==    by 0x6EEF8BE:
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:214)
==5133==    by 0x6D58CB0: QThread::exec() (qthread.cpp:525)
==5133==    by 0x580C0CF: QDBusConnectionManager::run()
(qdbusconnection.cpp:178)
==5133==    by 0x6D637E8: QThreadPrivate::start(void*) (qthread_unix.cpp:367)
==5133==  Block was alloc'd at
==5133==    at 0x4835C89: operator new(unsigned int) (vg_replace_malloc.c:338)
==5133==    by 0x6F484AC:
QEventDispatcherGlib::registerSocketNotifier(QSocketNotifier*)
(qeventdispatcher_glib.cpp:459)
==5133==    by 0x6F279E5: QSocketNotifier::QSocketNotifier(int,
QSocketNotifier::Type, QObject*) (qsocketnotifier.cpp:155)
==5133==    by 0x58174F8: qDBusAddWatch (qdbusintegrator.cpp:213)
==5133==    by 0x7B41688: _dbus_watch_list_set_functions (in
/usr/lib/libdbus-1.so.3.19.8)
==5133==    by 0x7B25219: dbus_connection_set_watch_functions (in
/usr/lib/libdbus-1.so.3.19.8)
==5133==    by 0x581A00A: q_dbus_connection_set_watch_functions
(qdbus_symbols_p.h:229)
==5133==    by 0x581A00A:
QDBusConnectionPrivate::setConnection(DBusConnection*, QDBusErrorInternal
const&) (qdbusintegrator.cpp:1794)
==5133==    by 0x580E6F7:
QDBusConnectionManager::executeConnectionRequest(QDBusConnectionManager::ConnectionRequestData*)
(qdbusconnection.cpp:289)
==5133==    by 0x6F18F63: call (qobjectdefs_impl.h:376)
==5133==    by 0x6F18F63: QMetaCallEvent::placeMetaCall(QObject*)
(qobject.cpp:504)
==5133==    by 0x6F1C4B2: QObject::event(QEvent*) (qobject.cpp:1251)
==5133==    by 0x6D58DDA: QThread::event(QEvent*) (qthread.cpp:832)
==5133==    by 0x6EF0B11: doNotify(QObject*, QEvent*)
(qcoreapplication.cpp:1137)

The packagekit daemon crashed right before discover crashed as shown in the
following output.

Transaction error:  PackageKit::Transaction::Error(ErrorProcessKill) "The
PackageKit daemon has crashed" PackageKit::Transaction(0xc30c550)
Transaction error:  "The PackageKit daemon has crashed"
PackageKit::Transaction(0x1e2268a8)
failed PackageKit::Transaction::Exit(ExitKilled)
PackageKit::Transaction(0x1e2268a8)
Transaction error:  "The PackageKit daemon has crashed"
PackageKit::Transaction(0xc1aa0b8)
failed PackageKit::Transaction::Exit(ExitKilled)
PackageKit::Transaction(0xc1aa0b8)
PackageKit stopped running!
Transaction error:  PackageKit::Transaction::Error(ErrorInternalError) "No such
interface “org.freedesktop.PackageKit.Transaction” on object at path
/29621_bbdbecad" PackageKit::Transaction(0xc30c550)
Transaction error:  "No such interface “org.freedesktop.PackageKit.Transaction”
on object at path /29674_edacebda" PackageKit::Transaction(0x1e2268a8)
failed PackageKit::Transaction::Exit(ExitFailed)
PackageKit::Transaction(0x1e2268a8)
Transaction error:  "No such interface “org.freedesktop.PackageKit.Transaction”
on object at path /29675_eeeedbaa" PackageKit::Transaction(0xc1aa0b8)
failed PackageKit::Transaction::Exit(ExitFailed)
PackageKit::Transaction(0xc1aa0b8)
KCrash: Application 'plasma-discover' crashing...
KCrash: Attempting to start /usr/libexec/drkonqi from kdeinit

The packagekitd crash was not shown in the error messages of the previous crash
I reported. I'll attach the output files.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to