https://bugs.kde.org/show_bug.cgi?id=478287
Bug ID: 478287
Summary: drkonqi, kioslave5, and gdb crashed when creating
traces of plasmashell crashes
Classification: Applications
Product: drkonqi
Version: 5.27.9
Platform: Fedora RPMs
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: plasma-b...@kde.org
Reporter: matt.fagn...@bell.net
Target Milestone: ---
Created attachment 164029
--> https://bugs.kde.org/attachment.cgi?id=164029&action=edit
Journal for the drkonqi, kioslave, gdb crashes when creating a plasmashell
crash trace
SUMMARY
I was using Firefox 122.0a1 (2023-11-30) on Wayland in Plasma 5.27.9 in a
Fedora 39 KDE Plasma installation. I logged into my Instagram account in
Firefox. I played various Instagram stories. As one Instagram story video ended
and another began, plasmashell crashed. drkonqi appeared for reporting the
plasmashell crash. I pressed Developer Information in drkonqi. drkonqi crashed
while gdb from gdb-headless-13.2-11.fc39 was creating a trace. Another drkonqi
window appeared for the drkonqi trace. I pressed Developer Information again in
drkonqi. drkonqi crashed again. An abrt notification was shown. A gdb crash was
shown in abrt and coredumpctl. gdb aborted in iter_match_first_hashed in frame
5 at ../../gdb/dictionary.c:586. There were errors in reading the name variable
at that line like m_demangled_name = <error: Cannot access memory at address
0xf435c9f3d929f800>
Core was generated by `/usr/bin/gdb -nw -n -batch -x /tmp/drkonqi.QVBqyR -x
/tmp/drkonqi.JalXhn -p 224'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6,
no_tid=no_tid@entry=0) at pthread_kill.c:44
44 return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO
(ret) : 0;
[Current thread is 1 (Thread 0x7f2f20913080 (LWP 31417))]
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6,
no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007f2f1faa78a3 in __pthread_kill_internal (signo=6, threadid=<optimized
out>)
at pthread_kill.c:78
#2 0x00007f2f1fa558ee in __GI_raise (sig=6) at ../sysdeps/posix/raise.c:26
#3 0x000055dc80b80aca in handle_fatal_signal (sig=6) at
../../gdb/event-top.c:985
#4 <signal handler called>
#5 0x000055dc80ae97e7 in iter_match_first_hashed (dict=0x55dca15bb2a0,
name=...,
iterator=0x7ffe3d29d858) at ../../gdb/dictionary.c:586
#6 0x000055dc80ae9edf in dict_iter_match_first (iterator=0x7ffe3d29d858,
name=...,
dict=<optimized out>) at ../../gdb/dictionary.c:490
#7 mdict_iter_match_first (mdict=0x55dca15bb280, name=...,
miterator=miterator@entry=0x7ffe3d29d850)
at ../../gdb/dictionary.c:1229
#8 0x000055dc80a13c31 in block_iter_match_step (first=<optimized out>,
name=...,
iterator=<optimized out>) at ../../gdb/block.c:615
#9 block_iter_match_step (iterator=0x7ffe3d29d840, name=..., first=<optimized
out>)
at ../../gdb/block.c:594
#10 0x000055dc80a14e28 in block_iter_match_first (iterator=0x7ffe3d29d840,
name=...,
block=0x55dcb2eeefb0) at ../../gdb/block.c:645
#11 block_find_symbol (block=0x55dcb2eeefb0, name=name@entry=0x55dca24eda70
"QObject",
domain=domain@entry=STRUCT_DOMAIN,
matcher=matcher@entry=0x55dc80a15050 <block_find_non_opaque_type(symbol*,
void*)>,
data=data@entry=0x0) at ../../gdb/block.c:842
--Type <RET> for more, q to quit, c to continue without paging--c
#12 0x000055dc80e363d8 in basic_lookup_transparent_type_1 (objfile=<optimized
out>,
block_index=block_index@entry=STATIC_BLOCK, name=name@entry=0x55dca24eda70
"QObject")
at ../../gdb/symtab.c:2720
#13 0x000055dc80e3a53b in basic_lookup_transparent_type (name=0x55dca24eda70
"QObject")
at ../../gdb/symtab.c:2771
#14 basic_lookup_transparent_type (name=0x55dca24eda70 "QObject") at
../../gdb/symtab.c:2739
#15 0x000055dc80bbad9d in check_typedef (type=<optimized out>) at
../../gdb/gdbtypes.c:3096
#16 0x000055dc80d3581d in type_to_type_object (type=0x55dca253c9b0)
at ../../gdb/python/py-type.c:1389
#17 0x00007f2f20110bef in _PyEval_EvalFrameDefault.cold () from
/lib64/libpython3.12.so.1.0
#18 0x00007f2f20287876 in PyEval_EvalCode () from /lib64/libpython3.12.so.1.0
#19 0x00007f2f202aad9a in run_eval_code_obj () from /lib64/libpython3.12.so.1.0
#20 0x00007f2f202a5ebe in run_mod () from /lib64/libpython3.12.so.1.0
#21 0x00007f2f202980f6 in PyRun_StringFlags () from /lib64/libpython3.12.so.1.0
#22 0x00007f2f20297bb4 in PyRun_SimpleStringFlags () from
/lib64/libpython3.12.so.1.0
#23 0x000055dc80d4406a in python_command (arg=<optimized out>,
from_tty=<optimized out>)
at ../../gdb/python/python.c:451
#24 0x000055dc80a7f185 in cmd_func (cmd=<optimized out>, args=<optimized out>,
from_tty=<optimized out>) at ../../gdb/cli/cli-decode.c:2543
#25 0x000055dc80e81fd5 in execute_command (p=<optimized out>,
p@entry=0x55dc9a55ed60 "py print_preamble()", from_tty=<optimized out>) at
../../gdb/top.c:690
#26 0x000055dc80b8131f in command_handler (command=0x55dc9a55ed60 "py
print_preamble()")
at ../../gdb/event-top.c:619
#27 0x000055dc80e80b9d in read_command_file
(stream=stream@entry=0x55dc9a838ee0)
at ../../gdb/top.c:457
#28 0x000055dc80a8fe79 in script_from_file (stream=stream@entry=0x55dc9a838ee0,
file=file@entry=0x7ffe3d29f732 "/tmp/drkonqi.QVBqyR") at
../../gdb/cli/cli-script.c:1641
#29 0x000055dc80a7d2cb in source_script_from_stream (
file_to_open=0x55dc9a1f0c60 "/tmp/drkonqi.QVBqyR", file=0x7ffe3d29f732
"/tmp/drkonqi.QVBqyR",
stream=0x55dc9a838ee0) at ../../gdb/cli/cli-cmds.c:728
#30 source_script_with_search (file=0x7ffe3d29f732 "/tmp/drkonqi.QVBqyR",
file@entry=<error reading variable: value has been optimized out>,
from_tty=<error reading variable: value has been optimized out>,
search_path=<error reading variable: value has been optimized out>)
at ../../gdb/cli/cli-cmds.c:773
#31 0x000055dc80c6705a in catch_command_errors (command=<optimized out>,
arg=<optimized out>,
from_tty=<optimized out>, do_bp_actions=do_bp_actions@entry=false) at
../../gdb/main.c:513
#32 0x000055dc80c67108 in execute_cmdargs
(cmdarg_vec=cmdarg_vec@entry=0x7ffe3d29e3b0,
file_type=file_type@entry=CMDARG_FILE,
cmd_type=cmd_type@entry=CMDARG_COMMAND,
ret=ret@entry=0x7ffe3d29e3a4) at ../../gdb/main.c:605
#33 0x000055dc80c69449 in captured_main_1
(context=context@entry=0x7ffe3d29e5c0)
at ../../gdb/main.c:1299
#34 0x000055dc80c6a000 in captured_main (data=0x7ffe3d29e5c0) at
../../gdb/main.c:1320
#35 gdb_main (args=args@entry=0x7ffe3d29e5f0) at ../../gdb/main.c:1345
#36 0x000055dc80955abf in main (argc=<optimized out>, argv=<optimized out>) at
../../gdb/gdb.c:40
(gdb) frame 5
#5 0x000055dc80ae97e7 in iter_match_first_hashed (dict=0x55dca15bb2a0,
name=...,
iterator=0x7ffe3d29d858) at ../../gdb/dictionary.c:586
586 = lang->get_symbol_name_matcher (name);
(gdb) p lang
$1 = <optimized out>
(gdb) p name
$2 = (const lookup_name_info &) @0x7ffe3d29d880: {m_match_type =
symbol_name_match_type::FULL,
m_completion_mode = false, m_ignore_parameters = false, m_name = "QObject",
m_ada = {{
m_dummy = {<No data fields>}, m_item = {m_encoded_name = "", m_encoded_p
= true,
m_wild_match_p = true, m_verbatim_p = true, m_standard_p = true},
dont_use = 16 '\020'},
m_instantiated = false}, m_cplus = {{m_dummy = {<No data fields>}, m_item =
{
m_demangled_name = "QObject"}, dont_use = -40 '\330'}, m_instantiated =
true}, m_d = {{
m_dummy = {<No data fields>}, m_item = {
m_demangled_name = <error reading variable: Cannot create a lazy string
with address 0x0, and a non-zero length.>}, dont_use = 0 '\000'},
m_instantiated = false}, m_go = {{
m_dummy = {<No data fields>}, m_item = {
m_demangled_name = <error: Cannot access memory at address
0xf435c9f3d929f800>},
dont_use = 0 '\000'}, m_instantiated = false}, m_demangled_hashes =
{_M_elems = {0, 0,
1290290123, 32559, 1290290123, 0, 3643406336, 4097165811, 2851925232,
1290290123, 2170300608,
21980, 543009376, 32559, 4275458032}}, m_demangled_hashes_p = {_M_elems =
{false, false,
false, false, true, false, false, false, false, false, false, false,
false, false, false}}}
/usr/libexec/kf5/kioslave5 also crashed around the time of this gdb crash. The
trace showed that each thread was polling/waiting.
Core was generated by `/usr/libexec/kf5/kioslave5
/usr/lib64/qt5/plugins/kf5/kio/kio_http.so https lo'.
Program terminated with signal SIGABRT, Aborted.
#0 0x00007fe9d051f0c0 in __GI_ppoll (fds=fds@entry=0x7ffd55919668,
nfds=nfds@entry=1,
timeout=<optimized out>, timeout@entry=0x0, sigmask=sigmask@entry=0x0)
at ../sysdeps/unix/sysv/linux/ppoll.c:42
42 return SYSCALL_CANCEL (ppoll_time64, fds, nfds, timeout, sigmask,
[Current thread is 1 (Thread 0x7fe9d01eca00 (LWP 31405))]
(gdb) bt
#0 0x00007fe9d051f0c0 in __GI_ppoll
(fds=fds@entry=0x7ffd55919668, nfds=nfds@entry=1, timeout=<optimized out>,
timeout@entry=0x0, sigmask=sigmask@entry=0x0) at
../sysdeps/unix/sysv/linux/ppoll.c:42
#1 0x00007fe9d09029fd in ppoll
(__ss=<optimized out>, __timeout=<optimized out>, __nfds=<optimized out>,
__fds=<optimized out>)
at kernel/qcore_unix.cpp:129
#2 qt_ppoll (timeout_ts=0x0, nfds=1, fds=0x7ffd55919668) at
kernel/qcore_unix.cpp:132
#3 qt_ppoll (timeout_ts=0x0, nfds=1, fds=0x7ffd55919668) at
kernel/qcore_unix.cpp:129
#4 qt_safe_poll(pollfd*, unsigned long, timespec const*)
(fds=fds@entry=0x7ffd55919668, nfds=nfds@entry=1, timeout_ts=<optimized
out>)
at kernel/qcore_unix.cpp:155
#5 0x00007fe9d0373ad3 in qt_poll_msecs (nfds=1, timeout=<optimized out>,
fds=0x7ffd55919668)
at
../../include/QtCore/5.15.11/QtCore/private/../../../../../src/corelib/kernel/qcore_unix_p.h:381
#6 QNativeSocketEnginePrivate::nativeSelect(int, bool, bool, bool*, bool*)
const
(this=this@entry=0x55b6865d7c10, timeout=<optimized out>,
checkRead=checkRead@entry=true, checkWrite=checkWrite@entry=false,
selectForRead=0x7ffd55919766, selectForWrite=0x7ffd55919767)
at socket/qnativesocketengine_unix.cpp:1436
#7 0x00007fe9d0371635 in QNativeSocketEngine::waitForReadOrWrite(bool*, bool*,
bool, bool, int, bool*)
(this=0x55b6865d8bd0, readyToRead=<optimized out>, readyToWrite=<optimized
out>, checkRead=true, checkWrite=false, msecs=<optimized out>, timedOut=0x0) at
socket/qnativesocketengine.cpp:1120
#8 0x00007fe9d035f271 in QAbstractSocket::waitForReadyRead(int)
(this=0x55b6865d6d60, msecs=-1)
--Type <RET> for more, q to quit, c to continue without paging--c
at socket/qabstractsocket.cpp:2293
#9 0x00007fe9d0cd49c2 in KIO::ConnectionBackend::waitForIncomingTask(int)
(this=0x55b6865d8600, ms=-1)
at
/usr/src/debug/kf5-kio-5.111.0-1.fc39.x86_64/src/core/connectionbackend.cpp:155
#10 0x00007fe9d0d0780a in KIO::Connection::waitForIncomingTask(int) (ms=-1,
this=<optimized out>)
at /usr/src/debug/kf5-kio-5.111.0-1.fc39.x86_64/src/core/connection.cpp:201
#11 KIO::SlaveBase::dispatchLoop() (this=0x55b6865d0ad0)
at /usr/src/debug/kf5-kio-5.111.0-1.fc39.x86_64/src/core/slavebase.cpp:332
#12 0x00007fe9be1c8223 in kdemain(int, char**) (argc=<optimized out>,
argv=<optimized out>)
at
/usr/src/debug/kf5-kio-5.111.0-1.fc39.x86_64/src/kioworkers/http/http.cpp:108
#13 0x000055b6854174dc in main(int, char**) (argc=5, argv=0x7ffd55919e18)
at
/usr/src/debug/kf5-kio-5.111.0-1.fc39.x86_64/src/kioslave/kioslave.cpp:145
Since the plasmashell crashes when watching videos in Firefox were infrequent
as I reported at https://bugzilla.redhat.com/show_bug.cgi?id=2216067 and
https://bugzilla.redhat.com/show_bug.cgi?id=2250389 I found a way to reproduce
the plasmashell crash and gdb crash in drkonqi such that plasmashell will crash
every time at least by attaching gdb to plasmashell and running pkill -6
plasmashell as I describe in the steps to reproduce. When I used those steps
the first time, gdb aborted with a similar trace with three extra frames 5-7
above iter_match_first_hashed in frame 8. The plasmashell crash from pkill -6
plasmashell will be different from the one I saw before of course.
Core was generated by `/usr/bin/gdb -nw -n -batch -x /tmp/drkonqi.IZfCGG -x
/tmp/drkonqi.glsMdj -p 789'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6,
no_tid=no_tid@entry=0) at pthread_kill.c:44
44 return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO
(ret) : 0;
[Current thread is 1 (Thread 0x7faac4d28080 (LWP 9988))]
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6,
no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007faac3eac8a3 in __pthread_kill_internal (signo=6, threadid=<optimized
out>)
at pthread_kill.c:78
#2 0x00007faac3e5a8ee in __GI_raise (sig=6) at ../sysdeps/posix/raise.c:26
#3 0x0000559d5bad0aca in handle_fatal_signal (sig=6) at
../../gdb/event-top.c:985
#4 <signal handler called>
#5 0x0000559d5be3c93a in skip_ws (
string1=@0x7ffed94630f8: 0x559d65f1c4f0 "ConversionCheck::supported",
string2=@0x7ffed94630f0: 0x7ffed94632e8 "QThread",
end_str2=end_str2@entry=0x7ffed94632ef "")
at ../../gdb/utils.c:2049
#6 0x0000559d5be3ed80 in strncmp_iw_with_mode (string1=<optimized out>,
string1@entry=0x559d65f1c4f0 "ConversionCheck::supported",
string2=<optimized out>,
string2_len=<optimized out>, mode=strncmp_iw_mode::MATCH_PARAMS,
language=language@entry=language_cplus,
match_for_lcd=match_for_lcd@entry=0x0,
ignore_template_params=false) at ../../gdb/utils.c:2148
#7 0x0000559d5ba1f1e7 in cp_fq_symbol_name_matches (
symbol_search_name=0x559d65f1c4f0 "ConversionCheck::supported",
lookup_name=...,
comp_match_res=0x0) at /usr/include/c++/13/bits/basic_string.h:222
#8 0x0000559d5ba3982c in iter_match_first_hashed (dict=<optimized out>,
name=...,
iterator=0x7ffed9463268) at ../../gdb/dictionary.c:600
#9 0x0000559d5ba39edf in dict_iter_match_first (iterator=0x7ffed9463268,
name=...,
--Type <RET> for more, q to quit, c to continue without paging--c
dict=<optimized out>) at ../../gdb/dictionary.c:490
#10 mdict_iter_match_first (mdict=0x559d65fbbd90, name=...,
miterator=miterator@entry=0x7ffed9463260)
at ../../gdb/dictionary.c:1229
#11 0x0000559d5b963c31 in block_iter_match_step (first=<optimized out>,
name=...,
iterator=<optimized out>) at ../../gdb/block.c:615
#12 block_iter_match_step (iterator=0x7ffed9463250, name=..., first=<optimized
out>)
at ../../gdb/block.c:594
#13 0x0000559d5b964e28 in block_iter_match_first (iterator=0x7ffed9463250,
name=...,
block=0x559d6641d720) at ../../gdb/block.c:645
#14 block_find_symbol (block=0x559d6641d720, name=name@entry=0x559d7dd70a10
"QThread",
domain=domain@entry=STRUCT_DOMAIN,
matcher=matcher@entry=0x559d5b965050 <block_find_non_opaque_type(symbol*,
void*)>,
data=data@entry=0x0) at ../../gdb/block.c:842
#15 0x0000559d5bd863d8 in basic_lookup_transparent_type_1 (objfile=<optimized
out>,
block_index=block_index@entry=GLOBAL_BLOCK, name=name@entry=0x559d7dd70a10
"QThread")
at ../../gdb/symtab.c:2720
#16 0x0000559d5bd8a4a8 in basic_lookup_transparent_type (name=0x559d7dd70a10
"QThread")
at ../../gdb/symtab.c:2750
#17 0x0000559d5bb0ad9d in check_typedef (type=<optimized out>) at
../../gdb/gdbtypes.c:3096
#18 0x0000559d5bc8581d in type_to_type_object (type=0x559d8050e3c0)
at ../../gdb/python/py-type.c:1389
#19 0x00007faac4510bef in _PyEval_EvalFrameDefault.cold () from
/lib64/libpython3.12.so.1.0
#20 0x00007faac4687876 in PyEval_EvalCode () from /lib64/libpython3.12.so.1.0
#21 0x00007faac46aad9a in run_eval_code_obj () from /lib64/libpython3.12.so.1.0
#22 0x00007faac46a5ebe in run_mod () from /lib64/libpython3.12.so.1.0
#23 0x00007faac46980f6 in PyRun_StringFlags () from /lib64/libpython3.12.so.1.0
#24 0x00007faac4697bb4 in PyRun_SimpleStringFlags () from
/lib64/libpython3.12.so.1.0
#25 0x0000559d5bc9406a in python_command (arg=<optimized out>,
from_tty=<optimized out>)
at ../../gdb/python/python.c:451
#26 0x0000559d5b9cf185 in cmd_func (cmd=<optimized out>, args=<optimized out>,
from_tty=<optimized out>) at ../../gdb/cli/cli-decode.c:2543
#27 0x0000559d5bdd1fd5 in execute_command (p=<optimized out>,
p@entry=0x559d7c4ffe80 "py print_preamble()", from_tty=<optimized out>) at
../../gdb/top.c:690
#28 0x0000559d5bad131f in command_handler (command=0x559d7c4ffe80 "py
print_preamble()")
at ../../gdb/event-top.c:619
#29 0x0000559d5bdd0b9d in read_command_file
(stream=stream@entry=0x559d7c6eef60)
at ../../gdb/top.c:457
#30 0x0000559d5b9dfe79 in script_from_file (stream=stream@entry=0x559d7c6eef60,
file=file@entry=0x7ffed9464739 "/tmp/drkonqi.IZfCGG") at
../../gdb/cli/cli-script.c:1641
#31 0x0000559d5b9cd2cb in source_script_from_stream (
file_to_open=0x559d7bea6120 "/tmp/drkonqi.IZfCGG", file=0x7ffed9464739
"/tmp/drkonqi.IZfCGG",
stream=0x559d7c6eef60) at ../../gdb/cli/cli-cmds.c:728
#32 source_script_with_search (file=0x7ffed9464739 "/tmp/drkonqi.IZfCGG",
file@entry=<error reading variable: value has been optimized out>,
from_tty=<error reading variable: value has been optimized out>,
search_path=<error reading variable: value has been optimized out>)
at ../../gdb/cli/cli-cmds.c:773
#33 0x0000559d5bbb705a in catch_command_errors (command=<optimized out>,
arg=<optimized out>,
from_tty=<optimized out>, do_bp_actions=do_bp_actions@entry=false) at
../../gdb/main.c:513
#34 0x0000559d5bbb7108 in execute_cmdargs
(cmdarg_vec=cmdarg_vec@entry=0x7ffed9463dc0,
file_type=file_type@entry=CMDARG_FILE,
cmd_type=cmd_type@entry=CMDARG_COMMAND,
ret=ret@entry=0x7ffed9463db4) at ../../gdb/main.c:605
#35 0x0000559d5bbb9449 in captured_main_1
(context=context@entry=0x7ffed9463fd0)
at ../../gdb/main.c:1299
#36 0x0000559d5bbba000 in captured_main (data=0x7ffed9463fd0) at
../../gdb/main.c:1320
#37 gdb_main (args=args@entry=0x7ffed9464000) at ../../gdb/main.c:1345
#38 0x0000559d5b8a5abf in main (argc=<optimized out>, argv=<optimized out>) at
../../gdb/gdb.c:40
The name variable had m_demangled_name = <error reading variable: Cannot create
a lazy string with address 0x0, and a non-zero length.>} like in the first
crash.
(gdb) frame 8
#8 0x0000559d5ba3982c in iter_match_first_hashed (dict=<optimized out>,
name=...,
iterator=0x7ffed9463268) at ../../gdb/dictionary.c:600
600 if (matches_name (sym->search_name (), name, NULL))
(gdb) p name
$1 = (const lookup_name_info &) @0x7ffed9463290: {m_match_type =
symbol_name_match_type::FULL,
m_completion_mode = false, m_ignore_parameters = false, m_name = "QThread",
m_ada = {{
m_dummy = {<No data fields>}, m_item = {m_encoded_name = "", m_encoded_p
= true,
m_wild_match_p = true, m_verbatim_p = true, m_standard_p = true},
dont_use = -16 '\360'},
m_instantiated = false}, m_cplus = {{m_dummy = {<No data fields>}, m_item =
{
m_demangled_name = "QThread"}, dont_use = -24 '\350'}, m_instantiated =
true}, m_d = {{
m_dummy = {<No data fields>}, m_item = {
m_demangled_name = <error reading variable: Cannot create a lazy string
with address 0x0, and a non-zero length.>}, dont_use = 0 '\000'},
m_instantiated = false}, m_go = {{
m_dummy = {<No data fields>}, m_item = {m_demangled_name = ""}, dont_use
= 0 '\000'},
m_instantiated = false}, m_demangled_hashes = {_M_elems = {0, 0,
3869261042, 32682, 3869261042,
0, 3489280768, 3701942453, 2414602096, 21917, 1548822720, 21917,
3298667104, 32682,
2637544560}}, m_demangled_hashes_p = {_M_elems = {false, false, false,
false, true, false,
false, false, false, false, false, false, false, false, false}}}
(gdb) p sym
$2 = (symbol *) 0x559d65fbbca0
The /tmp/drkonqi* files in the command line /usr/bin/gdb -nw -n -batch -x
/tmp/drkonqi.QVBqyR -x /tmp/drkonqi.JalXhn -p 22478 /usr/bin/plasmashell when
this crash happened had the following lines which drkonqi presumably ran in gdb
when creating traces, and at least some of the traces had the Python program
drkonqi ran in them.
thread
thread apply all bt
set width 200
source /usr/share/drkonqi/gdb/preamble.py
py print_preamble()
I reported this problem at https://bugzilla.redhat.com/show_bug.cgi?id=2252382
which contains the full traces of all threads and other data. I reported a
similar gdb crash which happened in the same way as the first one but had a
different trace at https://bugzilla.redhat.com/show_bug.cgi?id=2252514 That
crash had thread 1 trace which appeared to be waiting.
Core was generated by `/usr/bin/gdb -nw -n -batch -x /tmp/drkonqi.cwGjyw -x
/tmp/drkonqi.uZPVDQ -p 583'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6,
no_tid=no_tid@entry=0) at pthread_kill.c:44
44 return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO
(ret) : 0;
[Current thread is 1 (Thread 0x7f49fcc4b6c0 (LWP 60357))]
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6,
no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007f4a000ac8a3 in __pthread_kill_internal (signo=6, threadid=<optimized
out>)
at pthread_kill.c:78
#2 0x00007f4a0005a8ee in __GI_raise (sig=6) at ../sysdeps/posix/raise.c:26
#3 0x000055e3c6410aca in handle_fatal_signal (sig=6) at
../../gdb/event-top.c:985
#4 <signal handler called>
#5 0x00007f4a000a7167 in __futex_abstimed_wait_common64 (private=0,
cancel=true, abstime=0x0,
op=393, expected=0, futex_word=0x55e3c73d6e84) at futex-internal.c:57
#6 __futex_abstimed_wait_common (futex_word=futex_word@entry=0x55e3c73d6e84,
expected=expected@entry=0, clockid=clockid@entry=0,
abstime=abstime@entry=0x0,
private=private@entry=0, cancel=cancel@entry=true) at futex-internal.c:87
#7 0x00007f4a000a71ef in __GI___futex_abstimed_wait_cancelable64 (
futex_word=futex_word@entry=0x55e3c73d6e84, expected=expected@entry=0,
clockid=clockid@entry=0,
abstime=abstime@entry=0x0, private=private@entry=0) at futex-internal.c:139
#8 0x00007f4a000a9b09 in __pthread_cond_wait_common (abstime=0x0, clockid=0,
mutex=<optimized out>,
cond=0x55e3c73d6e58) at pthread_cond_wait.c:503
#9 ___pthread_cond_wait (cond=0x55e3c73d6e58, mutex=<optimized out>) at
pthread_cond_wait.c:618
#10 0x00007f4a002dc180 in
std::condition_variable::wait(std::unique_lock<std::mutex>&) ()
from /lib64/libstdc++.so.6
#11 0x000055e3c697e92b in gdb::thread_pool::thread_function
(this=0x55e3c73d6e00)
at ../../gdbsupport/thread-pool.cc:235
#12 0x00007f4a002e31b3 in execute_native_thread_routine () from
/lib64/libstdc++.so.6
--Type <RET> for more, q to quit, c to continue without paging--c
#13 0x00007f4a000aa897 in start_thread (arg=<optimized out>) at
pthread_create.c:444
#14 0x00007f4a001316bc in clone3 () at
../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
The problem appeared to be in thread 2 which had the following at the top of
its trace.
#0 0x000055e3c63ba0a3 in std::_Hashtable<dwarf2_per_cu_data*,
std::pair<dwarf2_per_cu_data* const, std::unique_ptr<dwarf2_cu,
std::default_delete<dwarf2_cu> > >,
std::allocator<std::pair<dwarf2_per_cu_data* const, std::unique_ptr<dwarf2_cu,
std::default_delete<dwarf2_cu> > > >, std::__detail::_Select1st,
std::equal_to<dwarf2_per_cu_data*>, std::hash<dwarf2_per_cu_data*>,
std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash,
std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false,
false, true> >::find (this=this@entry=0x55e3ccb4bac8, __k=<optimized out>) at
/usr/include/c++/13/bits/hashtable_policy.h:528
#1 0x000055e3c63c207a in std::unordered_map<dwarf2_per_cu_data*,
std::unique_ptr<dwarf2_cu, std::default_delete<dwarf2_cu> >,
std::hash<dwarf2_per_cu_data*>, std::equal_to<dwarf2_per_cu_data*>,
std::allocator<std::pair<dwarf2_per_cu_data* const, std::unique_ptr<dwarf2_cu,
std::default_delete<dwarf2_cu> > > > >::find (__x=<synthetic pointer>:
0x55e3c9cc5390, this=0x55e3ccb4bac8) at
/usr/include/c++/13/bits/unordered_map.h:875
#2 dwarf2_per_objfile::get_cu (per_cu=0x55e3c9cc5390, this=0x55e3ccb4b9c0) at
../../gdb/dwarf2/read.c:23787
#3 maybe_queue_comp_unit (dependent_cu=dependent_cu@entry=0x55e3e98917a0,
per_cu=per_cu@entry=0x55e3c9cc5390,
per_objfile=per_objfile@entry=0x55e3ccb4b9c0, pretend_language=language_cplus)
at ../../gdb/dwarf2/read.c:7634
#4 0x000055e3c63cfddd in follow_die_offset (sect_off=sect_off@entry=(unknown:
0xaab87), offset_in_dwz=<optimized out>, ref_cu=ref_cu@entry=0x7ffcb5075520) at
../../gdb/dwarf2/read.c:22427
#5 0x000055e3c63d0009 in follow_die_ref (src_die=0x55e3f7a19c30,
attr=0x55e3f7a19c58, ref_cu=ref_cu@entry=0x7ffcb5075520) at
../../gdb/dwarf2/read.c:22462
#6 0x000055e3c63d5380 in dwarf2_attr (cu=0x55e3e98917a0, name=85,
die=<optimized out>) at ../../gdb/dwarf2/read.c:19724
#7 dwarf2_get_pc_bounds (die=die@entry=0x55e3f7a19c30,
lowpc=lowpc@entry=0x7ffcb5075578, highpc=highpc@entry=0x7ffcb5075580,
cu=cu@entry=0x55e3e98917a0, map=map@entry=0x0, datum=datum@entry=0x0) at
../../gdb/dwarf2/read.c:13137
#8 0x000055e3c63d55f0 in dwarf2_get_subprogram_pc_bounds
(die=die@entry=0x55e3f7a19c30, lowpc=lowpc@entry=0x7ffcb50755e8,
highpc=highpc@entry=0x7ffcb50755f0, cu=cu@entry=0x55e3e98917a0) at
../../gdb/dwarf2/read.c:13195
#9 0x000055e3c63d57e3 in get_scope_pc_bounds (die=die@entry=0x55e3f7a19a80,
lowpc=lowpc@entry=0x7ffcb50756b8, highpc=highpc@entry=0x7ffcb50756c0,
cu=cu@entry=0x55e3e98917a0) at ../../gdb/dwarf2/read.c:13248
#10 0x000055e3c63ebe83 in read_file_scope (die=0x55e3f7a19a80,
cu=0x55e3e98917a0) at ../../gdb/dwarf2/read.c:9657
#11 0x000055e3c63e903b in process_die (die=0x55e3f7a19a80,
cu=cu@entry=0x55e3e98917a0) at ../../gdb/dwarf2/read.c:8678
#12 0x000055e3c63f0ba0 in process_full_comp_unit (pretend_language=<optimized
out>, cu=0x55e3e98917a0) at ../../gdb/dwarf2/read.c:8447
#13 process_queue (per_objfile=0x55e3ccb4b9c0) at ../../gdb/dwarf2/read.c:7693
#14 dw2_do_instantiate_symtab (skip_partial=false, per_objfile=0x55e3ccb4b9c0,
per_cu=0x55e3c9cc5190) at ../../gdb/dwarf2/read.c:2063
#15 dw2_instantiate_symtab (per_cu=0x55e3c9cc5190, per_objfile=0x55e3ccb4b9c0,
skip_partial=skip_partial@entry=false) at ../../gdb/dwarf2/read.c:2085
#16 0x000055e3c63f1d7d in dw2_expand_symtabs_matching_one(dwarf2_per_cu_data *,
dwarf2_per_objfile *, gdb::function_view<bool(compunit_symtab*)>,
gdb::function_view<bool(char const*, bool)>) (per_cu=<optimized out>,
per_objfile=<optimized out>, expansion_notify=..., file_matcher=...) at
../../gdb/dwarf2/read.c:3983
#17 0x000055e3c63f1eb0 in gdb::function_view<bool (unsigned
int)>::bind<dwarf2_gdb_index::expand_symtabs_matching(objfile*,
gdb::function_view<bool (char const*, bool)>, lookup_name_info const*,
gdb::function_view<bool (char const*)>, gdb::function_view<bool
(compunit_symtab*)>, enum_flags<block_search_flag_values>, domain_enum,
search_domain)::{lambda(unsigned
int)#1}>(dwarf2_gdb_index::expand_symtabs_matching(objfile*,
gdb::function_view<bool (char const*, bool)>, lookup_name_info const*,
gdb::function_view<bool (char const*)>, gdb::function_view<bool
(compunit_symtab*)>, enum_flags<block_search_flag_values>, domain_enum,
search_domain)::{lambda(unsigned
int)#1}&)::{lambda(gdb::fv_detail::erased_callable, unsigned
int)#1}::_FUN(gdb::fv_detail::erased_callable, unsigned int) () at
../../gdb/dwarf2/read.c:4086
...
I reproduced this problem using the steps above with gdb 14.1. The gdb trace
was different from previous ones.
Core was generated by `/usr/bin/gdb -nw -n -batch -x /tmp/drkonqi.LASZxn -x
/tmp/drkonqi.wgSYFo -p 347'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6,
no_tid=no_tid@entry=0) at pthread_kill.c:44
44 return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO
(ret) : 0;
[Current thread is 1 (Thread 0x7f9e34dfc080 (LWP 3581))]
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6,
no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007f9e33fc68a3 in __pthread_kill_internal (signo=6, threadid=<optimized
out>)
at pthread_kill.c:78
#2 0x00007f9e33f748ee in __GI_raise (sig=6) at ../sysdeps/posix/raise.c:26
#3 0x000055b173a311ff in handle_fatal_signal (sig=6) at
../../gdb/event-top.c:918
#4 <signal handler called>
#5 block::start (this=0x55b1970fef30) at ../../gdb/block.h:112
#6 find_pc_sect_compunit_symtab (pc=pc@entry=140201518274090, section=0x0)
at ../../gdb/symtab.c:2863
#7 0x000055b1738c13ae in blockvector_for_pc_sect (cust=0x0, pblock=<synthetic
pointer>,
section=<optimized out>, pc=140201518274090) at ../../gdb/block.c:188
#8 block_for_pc_sect (section=<optimized out>, pc=140201518274090) at
../../gdb/block.c:266
#9 block_for_pc (pc=140201518274090) at ../../gdb/block.c:278
#10 0x000055b1738c2a88 in get_frame_block (frame=...,
addr_in_block=addr_in_block@entry=0x0)
at ../../gdb/blockframe.c:67
#11 0x000055b173bd04e0 in frapy_block (self=<optimized out>, args=<optimized
out>)
at ../../gdb/python/py-frame.c:290
#12 0x00007f9e34710bef in _PyEval_EvalFrameDefault.cold () from
/lib64/libpython3.12.so.1.0
#13 0x00007f9e34887876 in PyEval_EvalCode () from /lib64/libpython3.12.so.1.0
#14 0x00007f9e348aad9a in run_eval_code_obj () from /lib64/libpython3.12.so.1.0
#15 0x00007f9e348a5ebe in run_mod () from /lib64/libpython3.12.so.1.0
--Type <RET> for more, q to quit, c to continue without paging--c
#16 0x00007f9e348980f6 in PyRun_StringFlags () from /lib64/libpython3.12.so.1.0
#17 0x00007f9e34897bb4 in PyRun_SimpleStringFlags () from
/lib64/libpython3.12.so.1.0
#18 0x000055b173c032da in python_command (arg=<optimized out>,
from_tty=<optimized out>)
at ../../gdb/python/python.c:453
#19 0x000055b173930795 in cmd_func (cmd=<optimized out>, args=<optimized out>,
from_tty=<optimized out>) at ../../gdb/cli/cli-decode.c:2735
#20 0x000055b173d40b25 in execute_command (p=<optimized out>,
p@entry=0x55b1959106c0 "py print_preamble()", from_tty=<optimized out>) at
../../gdb/top.c:575
#21 0x000055b173a31ab2 in command_handler (command=0x55b1959106c0 "py
print_preamble()")
at ../../gdb/event-top.c:555
#22 0x000055b173d41525 in read_command_file
(stream=stream@entry=0x55b195c899e0)
at ../../gdb/top.c:342
#23 0x000055b17393e0e9 in script_from_file (stream=stream@entry=0x55b195c899e0,
file=file@entry=0x7ffe3c9a9739 "/tmp/drkonqi.LASZxn") at
../../gdb/cli/cli-script.c:1642
#24 0x000055b17392e45b in source_script_from_stream (
file_to_open=0x55b195492e70 "/tmp/drkonqi.LASZxn", file=0x7ffe3c9a9739
"/tmp/drkonqi.LASZxn",
stream=0x55b195c899e0) at ../../gdb/cli/cli-cmds.c:730
#25 source_script_with_search (file=0x7ffe3c9a9739 "/tmp/drkonqi.LASZxn",
file@entry=<error reading variable: value has been optimized out>,
from_tty=<error reading variable: value has been optimized out>,
search_path=<error reading variable: value has been optimized out>)
at ../../gdb/cli/cli-cmds.c:775
#26 0x000055b173b1e90a in catch_command_errors (command=<optimized out>,
arg=<optimized out>,
from_tty=<optimized out>, do_bp_actions=do_bp_actions@entry=false) at
../../gdb/main.c:513
#27 0x000055b173b1e9b8 in execute_cmdargs
(cmdarg_vec=cmdarg_vec@entry=0x7ffe3c9a7040,
file_type=file_type@entry=CMDARG_FILE,
cmd_type=cmd_type@entry=CMDARG_COMMAND,
ret=ret@entry=0x7ffe3c9a7034) at ../../gdb/main.c:609
#28 0x000055b173b20e49 in captured_main_1
(context=context@entry=0x7ffe3c9a7240)
at ../../gdb/main.c:1293
#29 0x000055b173b21870 in captured_main (data=0x7ffe3c9a7240) at
../../gdb/main.c:1314
#30 gdb_main (args=args@entry=0x7ffe3c9a7280) at ../../gdb/main.c:1343
#31 0x000055b1737f1bb0 in main (argc=11, argv=0x7ffe3c9a73d8) at
../../gdb/gdb.c:47
The journal at the time of these crashes showed that plasma-plasmashell.service
sent SIGABRT to plasmashell, drkonqi, kioslave5, and gdb. I'm attaching the
journal around the time of these crashes.
Dec 08 05:42:28 systemd[1444]: plasma-plasmashell.service: State 'stop-sigterm'
timed out. Aborting.
Dec 08 05:42:28 audit[3571]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=3
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=3571
comm="kioslave5" exe="/usr/libexec/kf5/kioslave5" sig=6 res=1
Dec 08 05:42:28 plasmashell[3581]: Fatal signal: Aborted
Dec 08 05:42:28 plasmashell[3581]: ----- Backtrace -----
Dec 08 05:42:28 systemd[1444]: plasma-plasmashell.service: Killing process 3472
(plasmashell) with signal SIGABRT.
Dec 08 05:42:28 plasmashell[3556]: KCrash: Application 'drkonqi' crashing...
Dec 08 05:42:28 plasmashell[3556]: KCrash: Attempting to start
/usr/libexec/drkonqi
Dec 08 05:42:28 systemd[1444]: plasma-plasmashell.service: Killing process 3556
(drkonqi) with signal SIGABRT.
Dec 08 05:42:28 systemd[1444]: plasma-plasmashell.service: Killing process 3571
(kioslave5) with signal SIGABRT.
Dec 08 05:42:28 systemd[1444]: plasma-plasmashell.service: Killing process 3581
(gdb) with signal SIGABRT.
Dec 08 05:42:28 systemd[1]: Created slice system-systemd\x2dcoredump.slice -
Slice /system/systemd-coredump.
There was a trace in the journal involving the drkonqi Python program
/usr/share/drkonqi/gdb/preamble.py though I'm not sure if it was for the first
or second drkonqi crash on plasmashell or drkonqi.
Dec 08 05:42:53 plasmashell[3633]: Traceback (most recent call last):
Dec 08 05:42:53 plasmashell[3633]: File "<string>", line 1, in <module>
Dec 08 05:42:53 plasmashell[3633]: File "/usr/share/drkonqi/gdb/preamble.py",
line 620, in print_preamble
Dec 08 05:42:53 plasmashell[3633]: print_qml_trace()
Dec 08 05:42:53 plasmashell[3633]: File "/usr/share/drkonqi/gdb/preamble.py",
line 578, in print_qml_trace
Dec 08 05:42:53 plasmashell[3633]: ret = qml_trace_frame(frame)
Dec 08 05:42:53 plasmashell[3633]: ^^^^^^^^^^^^^^^^^^^^^^
Dec 08 05:42:53 plasmashell[3633]: File "/usr/share/drkonqi/gdb/preamble.py",
line 518, in qml_trace_frame
Dec 08 05:42:53 plasmashell[3633]: dereferenced_type =
typeobj.target().unqualified()
Dec 08 05:42:53 plasmashell[3633]: ^^^^^^^^^^^^^^^^
Dec 08 05:42:53 plasmashell[3633]: KeyboardInterrupt
Dec 08 05:42:53 plasmashell[3633]: /tmp/drkonqi.wHnfVC:3: Error in sourced
command file:
Dec 08 05:42:53 plasmashell[3633]: Error while executing Python code.
STEPS TO REPRODUCE
1. Log in to Plasma 5.27.9 on Wayland
2. Start Konsole
3. gdb -p $(pidof plasmashell)
4. In gdb, continue plasmashell by running c
5. Open a new tab in Konsole
6. In the new Konsole tab, pkill -6 plasmashell
7. In gdb, you can generate a core dump if you want with gcore plasmashell.core
8. in gdb, run q
9. if the plasmashell crash notification appears, select Report Bug before it
disappears
10. Select Developer Information in drkonqi
OBSERVED RESULT
drkonqi, kioslave5, and gdb crashed when creating traces on plasmashell crashes
EXPECTED RESULT
drkonqi would show the plasmashell crashes' traces
SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora 39
(available in About System)
KDE Plasma Version: 5.27.9
KDE Frameworks Version: 5.111.0
Qt Version: 5.15.11
ADDITIONAL INFORMATION
I reported this problem at
https://sourceware.org/bugzilla/show_bug.cgi?id=31122
--
You are receiving this mail because:
You are watching all bug changes.
