Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Bug#1026062: kded5: kded crashes with signal 11

323 views
Skip to first unread message

Tim Sattarov

unread,
Dec 15, 2022, 2:30:03 PM12/15/22
to
I've just did a little test and can reproduce this by checking for updates in the Discover interface.

Is there anything I can do to help fixing this? So far it keeps crippling my workflow and the only
way to fix it is to restart the kded service.

Thanks
Tim

On 12/13/22 19:58, Tim Sattarov wrote:
> Package: kded5
> Version: 5.100.0-1
> Severity: normal
> X-Debbugs-Cc: sti...@gmail.com
>
> Dear Maintainer,
>
> Starting with version 5.100.0-1 my local kded process started to crash and the
> only way to restore it is to restart the service
>
> systemctl --user restart plasma-kded.service
>
> It works for some time after restart and then crashes again.
>
> Please see the logs from the crash attached.
>
>
>
>
> -- System Information:
> Debian Release: bookworm/sid
> APT prefers testing
> APT policy: (500, 'testing'), (50, 'unstable')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 6.0.0-5-amd64 (SMP w/16 CPU threads; PREEMPT)
> Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
>
> Versions of packages kded5 depends on:
> ii libc6 2.36-6
> ii libkf5configcore5 5.100.1-1
> ii libkf5coreaddons5 5.100.0-1
> ii libkf5crash5 5.100.0-1
> ii libkf5dbusaddons5 5.100.0-1
> ii libkf5service-bin 5.100.0-1
> ii libkf5service5 5.100.0-1
> ii libqt5core5a 5.15.6+dfsg-5
> ii libqt5dbus5 5.15.6+dfsg-5
> ii libqt5gui5 5.15.6+dfsg-5
> ii libqt5widgets5 5.15.6+dfsg-5
> ii libstdc++6 12.2.0-9
>
> kded5 recommends no packages.
>
> kded5 suggests no packages.
>
> -- no debconf information

Tim Sattarov

unread,
Dec 20, 2022, 10:40:04 AM12/20/22
to
Hello

After upgrade to 5.101.0-1 I am still seeing this error. It looks like the problem is in the apper/packagekit

Logs just before the crash:


Dec 20 08:16:44 arda kded5[1955]: apper.daemon: System is not ready, application should conserve resources
Dec 20 08:16:44 arda kded5[1955]: packagekitqt.transaction: Unknown Transaction property: "Sender" QVariant(QString, ":1.65")
Dec 20 08:16:44 arda kded5[1955]: packagekitqt.transaction: Unknown Transaction property: "Sender" QVariant(QString, ":1.65")
Dec 20 08:16:44 arda kded5[1955]: apper.daemon: System is not ready, application should conserve resources
Dec 20 08:16:44 arda kded5[1955]: packagekitqt.transaction: Unknown Transaction property: "Sender" QVariant(QString, ":1.65")
Dec 20 08:16:46 arda kded5[1955]: KCrash: Attempting to start /usr/bin/kded5
Dec 20 08:16:46 arda kded5[1955]: 19 -- exe=/usr/bin/kded5
Dec 20 08:16:46 arda kded5[1955]: 13 -- platform=xcb
Dec 20 08:16:46 arda kded5[1955]: 11 -- display=:0
Dec 20 08:16:46 arda kded5[1955]: 14 -- appname=kded5
Dec 20 08:16:46 arda kded5[1955]: 17 -- apppath=/usr/bin
Dec 20 08:16:46 arda kded5[1955]: 10 -- signal=11
Dec 20 08:16:46 arda kded5[1955]: 9 -- pid=1955
Dec 20 08:16:46 arda kded5[1955]: 12 -- startupid=0
Dec 20 08:16:46 arda kded5[1955]: 15 -- restarted=true
Dec 20 08:16:46 arda kded5[1955]: KCrash: crashing... crashRecursionCounter = 2
Dec 20 08:16:46 arda kded5[1955]: KCrash: Application Name = kded5 path = /usr/bin pid = 1955
Dec 20 08:16:46 arda kded5[1955]: KCrash: Arguments: /usr/bin/kded5
Dec 20 08:16:46 arda kded5[1955]: KCrash: Attempting to start /usr/lib/x86_64-linux-gnu/libexec/drkonqi
Dec 20 08:16:46 arda kded5[1955]: QSocketNotifier: Invalid socket 8 and type 'Read', disabling...
Dec 20 08:16:46 arda kded5[1955]: QSocketNotifier: Invalid socket 13 and type 'Read', disabling...
Dec 20 08:16:46 arda kded5[1955]: QSocketNotifier: Invalid socket 19 and type 'Read', disabling...
Dec 20 08:16:46 arda kded5[1955]: QSocketNotifier: Invalid socket 44 and type 'Read', disabling...
Dec 20 08:16:46 arda kded5[1955]: QSocketNotifier: Invalid socket 49 and type 'Read', disabling...
Dec 20 08:16:47 arda kded5[1955]: Unable to start Dr. Konqi
Dec 20 08:16:47 arda kded5[1955]: Re-raising signal for core dump handling.

backtrace from the core dump:

#0  0x00007f238e4aebb4 in pthread_sigmask () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007f238e45b179 in sigprocmask () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007f238fb7eeab in KCrash::setCrashHandler(void (*)(int)) () from /lib/x86_64-linux-gnu/libKF5Crash.so.5
#3  0x00007f238fb7fbd9 in KCrash::defaultCrashHandler(int) () from /lib/x86_64-linux-gnu/libKF5Crash.so.5
#4  <signal handler called>
#5  0x00007f2316177ba4 in PackageKit::Transaction::role() const () from /lib/x86_64-linux-gnu/libpackagekitqt5.so.1
#6  0x00007f23164b4aae in ?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/kded_apperd.so
#7  0x00007f23164b4b99 in ?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/kded_apperd.so
#8  0x00007f238e8e8caf in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#9  0x00007f231616b095 in PackageKit::Daemon::transactionListChanged(QStringList const&) () from /lib/x86_64-linux-gnu/libpackagekitqt5.so.1
#10 0x00007f238e8e8cdc in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#11 0x00007f2316183b38 in ?? () from /lib/x86_64-linux-gnu/libpackagekitqt5.so.1
#12 0x00007f2316184d73 in ?? () from /lib/x86_64-linux-gnu/libpackagekitqt5.so.1
#13 0x00007f238eb9261b in ?? () from /lib/x86_64-linux-gnu/libQt5DBus.so.5
#14 0x00007f238e8dd450 in QObject::event(QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#15 0x00007f238f562f5e in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#16 0x00007f238e8b1718 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#17 0x00007f238e8b46b1 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#18 0x00007f238e909dd3 in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#19 0x00007f238d5d87a9 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007f238d5d8a38 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007f238d5d8acc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#22 0x00007f238e9094b6 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#23 0x00007f238e8b019b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#24 0x00007f238e8b8306 in QCoreApplication::exec() () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#25 0x000055c98eac33d9 in ?? ()
#26 0x00007f238e44618a in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#27 0x00007f238e446245 in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#28 0x000055c98eac35c1 in ?? ()



Logs from Dr Konqi:

           PID: 1955 (kded5)
           UID: 1000 (tumyp)
           GID: 1000 (tumyp)
        Signal: 11 (SEGV)
     Timestamp: Tue 2022-12-20 08:16:47 EST (2h 9min ago)
  Command Line: /usr/bin/kded5
    Executable: /usr/bin/kded5
 Control Group: /user.slice/user-1000.slice/us...@1000.service/session.slice/plasma-kded.service
          Unit: us...@1000.service
     User Unit: plasma-kded.service
         Slice: user-1000.slice
     Owner UID: 1000 (tumyp)
       Boot ID: 754dc8216cd84db9b9b298f2c7e5135a
    Machine ID: 8730bbc326bd4356b968fefe61e22eeb
      Hostname: arda
       Storage: /var/lib/systemd/coredump/core.kded5.1000.754dc8216cd84db9b9b298f2c7e5135a.1955.1671542207000000.zst (present)

  Size on Disk: 5.0M
       Message: Process 1955 (kded5) of user 1000 dumped core.
               
                Module libudev.so.1 from deb systemd-252.2-2.amd64
                Module libsystemd.so.0 from deb systemd-252.2-2.amd64

                Stack trace of thread 1955:
                #0  0x00007f238e4aebb4 pthread_sigmask (libc.so.6 + 0x8fbb4)
                #1  0x00007f238e45b179 sigprocmask (libc.so.6 + 0x3c179)
                #2  0x00007f238fb7eeab _ZN6KCrash15setCrashHandlerEPFviE (libKF5Crash.so.5 + 0x4eab)
                #3  0x00007f238fb7fbd9 _ZN6KCrash19defaultCrashHandlerEi (libKF5Crash.so.5 + 0x5bd9)
                #4  0x00007f238e45af90 n/a (libc.so.6 + 0x3bf90)
                #5  0x00007f2316177ba4 _ZNK10PackageKit11Transaction4roleEv (libpackagekitqt5.so.1 + 0x1aba4)
                #6  0x00007f23164b4aae n/a (kded_apperd.so + 0xeaae)
                #7  0x00007f23164b4b99 n/a (kded_apperd.so + 0xeb99)
                #8  0x00007f238e8e8caf n/a (libQt5Core.so.5 + 0x2e8caf)
                #9  0x00007f231616b095 _ZN10PackageKit6Daemon22transactionListChangedERK11QStringList (libpackagekitqt5.so.1 + 0xe095)
                #10 0x00007f238e8e8cdc n/a (libQt5Core.so.5 + 0x2e8cdc)
                #11 0x00007f2316183b38 n/a (libpackagekitqt5.so.1 + 0x26b38)
                #12 0x00007f2316184d73 n/a (libpackagekitqt5.so.1 + 0x27d73)
                #13 0x00007f238eb9261b n/a (libQt5DBus.so.5 + 0x2361b)
                #14 0x00007f238e8dd450 _ZN7QObject5eventEP6QEvent (libQt5Core.so.5 + 0x2dd450)
                #15 0x00007f238f562f5e _ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent (libQt5Widgets.so.5 + 0x162f5e)
                #16 0x00007f238e8b1718 _ZN16QCoreApplication15notifyInternal2EP7QObjectP6QEvent (libQt5Core.so.5 + 0x2b1718)
                #17 0x00007f238e8b46b1 _ZN23QCoreApplicationPrivate16sendPostedEventsEP7QObjectiP11QThreadData (libQt5Core.so.5 + 0x2b46b1)
                #18 0x00007f238e909dd3 n/a (libQt5Core.so.5 + 0x309dd3)
                #19 0x00007f238d5d87a9 g_main_context_dispatch (libglib-2.0.so.0 + 0x547a9)
                #20 0x00007f238d5d8a38 n/a (libglib-2.0.so.0 + 0x54a38)
                #21 0x00007f238d5d8acc g_main_context_iteration (libglib-2.0.so.0 + 0x54acc)
                #22 0x00007f238e9094b6 _ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE (libQt5Core.so.5 + 0x3094b6)
                #23 0x00007f238e8b019b _ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE (libQt5Core.so.5 + 0x2b019b)
                #24 0x00007f238e8b8306 _ZN16QCoreApplication4execEv (libQt5Core.so.5 + 0x2b8306)
                #25 0x000055c98eac33d9 n/a (kded5 + 0x73d9)
                #26 0x00007f238e44618a n/a (libc.so.6 + 0x2718a)
                #27 0x00007f238e446245 __libc_start_main (libc.so.6 + 0x27245)
                #28 0x000055c98eac35c1 n/a (kded5 + 0x75c1)
               
                Stack trace of thread 1980:
                #0  0x00007f238e51b0af __poll (libc.so.6 + 0xfc0af)
                #1  0x00007f238d5d89ae n/a (libglib-2.0.so.0 + 0x549ae)
                #2  0x00007f238d5d8acc g_main_context_iteration (libglib-2.0.so.0 + 0x54acc)
                #3  0x00007f238e9094ce _ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE (libQt5Core.so.5 + 0x3094ce)
                #4  0x00007f238e8b019b _ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE (libQt5Core.so.5 + 0x2b019b)
                #5  0x00007f238e6cab17 _ZN7QThread4execEv (libQt5Core.so.5 + 0xcab17)
                #6  0x00007f238eb86487 n/a (libQt5DBus.so.5 + 0x17487)
                #7  0x00007f238e6cbcd1 n/a (libQt5Core.so.5 + 0xcbcd1)
                #8  0x00007f238e4a7fd4 n/a (libc.so.6 + 0x88fd4)
                #9  0x00007f238e52866c n/a (libc.so.6 + 0x10966c)
               
                Stack trace of thread 1997:
                #0  0x00007f238e4a4d36 n/a (libc.so.6 + 0x85d36)
                #1  0x00007f238e4a73f8 pthread_cond_wait (libc.so.6 + 0x883f8)
                #2  0x00007f2381107699 n/a (radeonsi_dri.so + 0x107699)
                #3  0x00007f23810bc74b n/a (radeonsi_dri.so + 0xbc74b)
                #4  0x00007f23811075d7 n/a (radeonsi_dri.so + 0x1075d7)
                #5  0x00007f238e4a7fd4 n/a (libc.so.6 + 0x88fd4)
                #6  0x00007f238e52866c n/a (libc.so.6 + 0x10966c)
               
                Stack trace of thread 1985:
                #0  0x00007f238e4a4d36 n/a (libc.so.6 + 0x85d36)
                #1  0x00007f238e4a73f8 pthread_cond_wait (libc.so.6 + 0x883f8)
                #2  0x00007f2381107699 n/a (radeonsi_dri.so + 0x107699)
                #3  0x00007f23810bc74b n/a (radeonsi_dri.so + 0xbc74b)
                #4  0x00007f23811075d7 n/a (radeonsi_dri.so + 0x1075d7)
                #5  0x00007f238e4a7fd4 n/a (libc.so.6 + 0x88fd4)
                #6  0x00007f238e52866c n/a (libc.so.6 + 0x10966c)
               
                Stack trace of thread 1988:
                #0  0x00007f238e4a4d36 n/a (libc.so.6 + 0x85d36)
                #1  0x00007f238e4a73f8 pthread_cond_wait (libc.so.6 + 0x883f8)
                #2  0x00007f2381107699 n/a (radeonsi_dri.so + 0x107699)
                #3  0x00007f23810bc74b n/a (radeonsi_dri.so + 0xbc74b)
                #4  0x00007f23811075d7 n/a (radeonsi_dri.so + 0x1075d7)
                #5  0x00007f238e4a7fd4 n/a (libc.so.6 + 0x88fd4)
                #6  0x00007f238e52866c n/a (libc.so.6 + 0x10966c)
               
                Stack trace of thread 1996:
                #0  0x00007f238e4a4d36 n/a (libc.so.6 + 0x85d36)
                #1  0x00007f238e4a73f8 pthread_cond_wait (libc.so.6 + 0x883f8)
                #2  0x00007f2381107699 n/a (radeonsi_dri.so + 0x107699)
                #3  0x00007f23810bc74b n/a (radeonsi_dri.so + 0xbc74b)
                #4  0x00007f23811075d7 n/a (radeonsi_dri.so + 0x1075d7)
                #5  0x00007f238e4a7fd4 n/a (libc.so.6 + 0x88fd4)
                #6  0x00007f238e52866c n/a (libc.so.6 + 0x10966c)
               
                Stack trace of thread 2016:
                #0  0x00007f238e51b0af __poll (libc.so.6 + 0xfc0af)
                #1  0x00007f238d5d89ae n/a (libglib-2.0.so.0 + 0x549ae)
                #2  0x00007f238d5d8acc g_main_context_iteration (libglib-2.0.so.0 + 0x54acc)
                #3  0x00007f238e9094b6 _ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE (libQt5Core.so.5 + 0x3094b6)
                #4  0x00007f238e8b019b _ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE (libQt5Core.so.5 + 0x2b019b)
                #5  0x00007f238e6cab17 _ZN7QThread4execEv (libQt5Core.so.5 + 0xcab17)
                #6  0x00007f238e6cbcd1 n/a (libQt5Core.so.5 + 0xcbcd1)
                #7  0x00007f238e4a7fd4 n/a (libc.so.6 + 0x88fd4)
                #8  0x00007f238e52866c n/a (libc.so.6 + 0x10966c)
               
                Stack trace of thread 2152:
                #0  0x00007f238e51d991 pselect (libc.so.6 + 0xfe991)
                #1  0x00007f238807aa62 n/a (libusbmuxd-2.0.so.6 + 0x2a62)
                #2  0x00007f238807be60 n/a (libusbmuxd-2.0.so.6 + 0x3e60)
                #3  0x00007f238e4a7fd4 n/a (libc.so.6 + 0x88fd4)
                #4  0x00007f238e52866c n/a (libc.so.6 + 0x10966c)
               
                Stack trace of thread 2050:
                #0  0x00007f238e51b0af __poll (libc.so.6 + 0xfc0af)
                #1  0x00007f238d5d89ae n/a (libglib-2.0.so.0 + 0x549ae)
                #2  0x00007f238d5d8acc g_main_context_iteration (libglib-2.0.so.0 + 0x54acc)
                #3  0x00007f238d5d8b11 n/a (libglib-2.0.so.0 + 0x54b11)
                #4  0x00007f238d602d0d n/a (libglib-2.0.so.0 + 0x7ed0d)
                #5  0x00007f238e4a7fd4 n/a (libc.so.6 + 0x88fd4)
                #6  0x00007f238e52866c n/a (libc.so.6 + 0x10966c)
               
                Stack trace of thread 2051:
                #0  0x00007f238e51b0af __poll (libc.so.6 + 0xfc0af)
                #1  0x00007f238d5d89ae n/a (libglib-2.0.so.0 + 0x549ae)
                #2  0x00007f238d5d8acc g_main_context_iteration (libglib-2.0.so.0 + 0x54acc)
                #3  0x00007f23700284bd n/a (libdconfsettings.so + 0xb4bd)
                #4  0x00007f238d602d0d n/a (libglib-2.0.so.0 + 0x7ed0d)
                #5  0x00007f238e4a7fd4 n/a (libc.so.6 + 0x88fd4)
                #6  0x00007f238e52866c n/a (libc.so.6 + 0x10966c)
               
                Stack trace of thread 2190:
                #0  0x00007f238e51b0af __poll (libc.so.6 + 0xfc0af)
                #1  0x00007f238d5d89ae n/a (libglib-2.0.so.0 + 0x549ae)
                #2  0x00007f238d5d8acc g_main_context_iteration (libglib-2.0.so.0 + 0x54acc)
                #3  0x00007f238e9094b6 _ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE (libQt5Core.so.5 + 0x3094b6)
                #4  0x00007f238e8b019b _ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE (libQt5Core.so.5 + 0x2b019b)
                #5  0x00007f238e6cab17 _ZN7QThread4execEv (libQt5Core.so.5 + 0xcab17)
                #6  0x00007f238e6cbcd1 n/a (libQt5Core.so.5 + 0xcbcd1)
                #7  0x00007f238e4a7fd4 n/a (libc.so.6 + 0x88fd4)
                #8  0x00007f238e52866c n/a (libc.so.6 + 0x10966c)
               
                Stack trace of thread 2052:
                #0  0x00007f238e51b0af __poll (libc.so.6 + 0xfc0af)
                #1  0x00007f238d5d89ae n/a (libglib-2.0.so.0 + 0x549ae)
                #2  0x00007f238d5d8cef g_main_loop_run (libglib-2.0.so.0 + 0x54cef)
                #3  0x00007f2370155296 n/a (libgio-2.0.so.0 + 0x118296)
                #4  0x00007f238d602d0d n/a (libglib-2.0.so.0 + 0x7ed0d)
                #5  0x00007f238e4a7fd4 n/a (libc.so.6 + 0x88fd4)
                #6  0x00007f238e52866c n/a (libc.so.6 + 0x10966c)
                ELF object binary architecture: AMD x86-64



Max Görner

unread,
Dec 22, 2022, 4:40:03 AM12/22/22
to
Package: kded5
Version: 5.101.0-1
Followup-For: Bug #1026062

Dear Maintainer,

I just wanted to confirm that I am affected too. I experience the issue
since 5.100 and now with 5.101.0-1. Also, checking for updates in
Discover reproduces the bug for me too. However, kded5 crashes in other
situations too but I couldn't really see a clear pattern so far.


-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.0.0-6-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de:en_GB
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kded5 depends on:
ii libc6 2.36-6
ii libkf5configcore5 5.101.0-1
ii libkf5coreaddons5 5.101.0-1
ii libkf5crash5 5.101.0-1
ii libkf5dbusaddons5 5.101.0-1
ii libkf5service-bin 5.101.0-1
ii libkf5service5 5.101.0-1
ii libqt5core5a 5.15.6+dfsg-5
ii libqt5dbus5 5.15.6+dfsg-5
ii libqt5gui5 5.15.6+dfsg-5
ii libqt5widgets5 5.15.6+dfsg-5
ii libstdc++6 12.2.0-10

Bernhard Übelacker

unread,
Jan 3, 2023, 7:40:04 PM1/3/23
to
Dear Maintainer,
I was able to reproduce this issue inside a minimal
amd64 qemu VM running Bookworm/testing.

By editing the kded service unit [1] I could get valgrind have a look
at this issue and it produced a matching use-after-free [2].

By further editing the service unit I was also able to record
such a crash with rr-debugger, that allows debugging in
reverse execution direction.


So I guess these are the relevant events:

- A object of PackageKit::Transaction gets created [3] (0x562777928e00)

- Inside its constructor also a QDeferredDeleteEvent
gets created [4] (0x562777885690)

- The PackageKit::Transaction object gets stored in the
m_transactions container [5]

- Qt reaches its event loop and processes the QDeferredDeleteEvent
and deletes the PackageKit::Transaction [6]

- In TransactionWatcher::watchTransaction the member m_transactions
still holds a reference to the already deleted object and gets
found because a matching "tid" gets processed.
"Unfortunately" the memory of the PackageKit::Transaction was
already modified therefore the segmentation fault follows. [7]


For comparision the matching systemd-coredump
report with mangled symbols in [8].

There are some reports in bugs.kde.org [9].
But in 462706 it is mentioned that this is an issue
in packagekit-qt, unfortunately could not yet
find a report there.


Kind regards,
Bernhard






[1]
/usr/lib/systemd/user/plasma-kded.service
-ExecStart=/usr/bin/kded5
+ExecStart=/usr/bin/valgrind /usr/bin/kded5
or
+ExecStart=/usr/bin/rr record /usr/bin/kded5

systemctl --user daemon-reload
systemctl --user start plasma-kded

Then trigger in Discover a package list update.




[2]
==12351== Invalid read of size 8
==12351== at 0x27458BA0: PackageKit::Transaction::role() const (transaction.cpp:297)
==12351== by 0x273B6AAD: TransactionWatcher::watchTransaction(QDBusObjectPath const&, bool) (TransactionWatcher.cpp:104)
==12351== by 0x273B6B98: TransactionWatcher::transactionListChanged(QStringList const&) (TransactionWatcher.cpp:85)
==12351== by 0x5B59FCE: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x2744C094: PackageKit::Daemon::transactionListChanged(QStringList const&) (moc_daemon.cpp:419)
==12351== by 0x5B59FFB: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x27464B37: TransactionListChanged (daemonproxy.moc:331)
==12351== by 0x27464B37: OrgFreedesktopPackageKitInterface::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (daemonproxy.moc:178)
==12351== by 0x27465D72: OrgFreedesktopPackageKitInterface::qt_metacall(QMetaObject::Call, int, void**) (daemonproxy.moc:288)
==12351== by 0x580361A: ??? (in /usr/lib/x86_64-linux-gnu/libQt5DBus.so.5.15.7)
==12351== by 0x5B4E76F: QObject::event(QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x49CAF5D: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.15.7)
==12351== by 0x5B227C7: QCoreApplication::notifyInternal2(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== Address 0x1a6a2a10 is 16 bytes inside a block of size 24 free'd
==12351== at 0x484371B: operator delete(void*) (vg_replace_malloc.c:923)
==12351== by 0x5B4E53E: QObject::event(QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x49CAF5D: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.15.7)
==12351== by 0x5B227C7: QCoreApplication::notifyInternal2(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x5B25760: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x5B7B1D2: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x6E1B7A8: g_main_context_dispatch (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7400.4)
==12351== by 0x6E1BA37: ??? (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7400.4)
==12351== by 0x6E1BACB: g_main_context_iteration (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7400.4)
==12351== by 0x5B7A8B5: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x5B2124A: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x5B293B5: QCoreApplication::exec() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== Block was alloc'd at
==12351== at 0x4840F2F: operator new(unsigned long) (vg_replace_malloc.c:422)
==12351== by 0x273B693B: TransactionWatcher::watchTransaction(QDBusObjectPath const&, bool) (TransactionWatcher.cpp:95)
==12351== by 0x273B6B98: TransactionWatcher::transactionListChanged(QStringList const&) (TransactionWatcher.cpp:85)
==12351== by 0x5B59FCE: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x2744C094: PackageKit::Daemon::transactionListChanged(QStringList const&) (moc_daemon.cpp:419)
==12351== by 0x5B59FFB: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x27464B37: TransactionListChanged (daemonproxy.moc:331)
==12351== by 0x27464B37: OrgFreedesktopPackageKitInterface::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (daemonproxy.moc:178)
==12351== by 0x27465D72: OrgFreedesktopPackageKitInterface::qt_metacall(QMetaObject::Call, int, void**) (daemonproxy.moc:288)
==12351== by 0x580361A: ??? (in /usr/lib/x86_64-linux-gnu/libQt5DBus.so.5.15.7)
==12351== by 0x5B4E76F: QObject::event(QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351== by 0x49CAF5D: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.15.7)
==12351== by 0x5B227C7: QCoreApplication::notifyInternal2(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.7)
==12351==





[3]
Thread 1 hit Breakpoint 1, PackageKit::Transaction::Transaction (this=0x562777928e00, tid=...) at ./src/transaction.cpp:63
63 Transaction::Transaction(const QDBusObjectPath &tid)
(rr) bt
#0 PackageKit::Transaction::Transaction (this=0x562777928e00, tid=...) at ./src/transaction.cpp:63
#1 0x00007f4a2402294a in TransactionWatcher::watchTransaction (this=this@entry=0x562777a3dd30, tid=..., interactive=interactive@entry=false) at ./apperd/TransactionWatcher.cpp:95
#2 0x00007f4a24022b99 in TransactionWatcher::transactionListChanged (this=0x562777a3dd30, tids=...) at ./apperd/TransactionWatcher.cpp:85
#3 0x00007f4a4cae8fcf in QtPrivate::QSlotObjectBase::call (a=0x7fffb2efd390, r=0x562777a3dd30, this=0x7f4a2803cd40) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#4 doActivate<false> (sender=0x5627778e42b0, signal_index=8, argv=0x7fffb2efd390) at kernel/qobject.cpp:3919
#5 0x00007f4a4cae226f in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7f4a17ec87c0 <PackageKit::Daemon::staticMetaObject>, local_signal_index=local_signal_index@entry=5, argv=argv@entry=0x7fffb2efd390) at kernel/qobject.cpp:3979
#6 0x00007f4a17e92095 in PackageKit::Daemon::transactionListChanged (this=<optimized out>, _t1=...) at ./obj-x86_64-linux-gnu/src/packagekitqt5_autogen/include/moc_daemon.cpp:419
#7 0x00007f4a4cae8ffc in doActivate<false> (sender=0x5627778e7900, signal_index=5, argv=0x7fffb2efd4b0) at kernel/qobject.cpp:3931
#8 0x00007f4a4cae226f in QMetaObject::activate (sender=sender@entry=0x5627778e7900, m=m@entry=0x7f4a17ec8b00 <OrgFreedesktopPackageKitInterface::staticMetaObject>, local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x7fffb2efd4b0) at kernel/qobject.cpp:3979
#9 0x00007f4a17eaab38 in OrgFreedesktopPackageKitInterface::TransactionListChanged (_t1=..., this=0x5627778e7900) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:331
#10 OrgFreedesktopPackageKitInterface::qt_static_metacall (_o=0x5627778e7900, _c=<optimized out>, _id=<optimized out>, _a=0x7fffb2efd600) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:178
#11 0x00007f4a17eabd73 in OrgFreedesktopPackageKitInterface::qt_metacall (this=0x5627778e7900, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0x7fffb2efd600) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:288
#12 0x00007f4a4d72661b in ?? () from /lib/x86_64-linux-gnu/libQt5DBus.so.5
#13 0x00007f4a4cadd770 in QObject::event (this=0x5627778e7900, e=0x7f4a28039770) at kernel/qobject.cpp:1347
#14 0x00007f4a4d962f5e in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x5627778e7900, e=0x7f4a28039770) at kernel/qapplication.cpp:3637
#15 0x00007f4a4cab17c8 in QCoreApplication::notifyInternal2 (receiver=0x5627778e7900, event=0x7f4a28039770) at kernel/qcoreapplication.cpp:1064
#16 0x00007f4a4cab4761 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5627771b14f0) at kernel/qcoreapplication.cpp:1821
#17 0x00007f4a4cb0a1d3 in postEventSourceDispatch (s=0x5627772a7720) at kernel/qeventdispatcher_glib.cpp:277
#18 0x00007f4a4b91e7a9 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#19 0x00007f4a4b91ea38 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007f4a4b91eacc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007f4a4cb098b6 in QEventDispatcherGlib::processEvents (this=0x5627772ad1f0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#22 0x00007f4a4cab024b in QEventLoop::exec (this=this@entry=0x7fffb2efda40, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#23 0x00007f4a4cab83b6 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#24 0x000056277582e3d9 in main (argc=<optimized out>, argv=<optimized out>) at ./src/kded.cpp:785
(rr) when
Current event: 241163





[4]
Thread 1 hit Breakpoint 4, QDeferredDeleteEvent::QDeferredDeleteEvent (this=this@entry=0x562777885690) at kernel/qcoreevent.cpp:647
647 QDeferredDeleteEvent::QDeferredDeleteEvent()
(rr) bt
#0 QDeferredDeleteEvent::QDeferredDeleteEvent (this=this@entry=0x562777885690) at kernel/qcoreevent.cpp:647
#1 0x00007f4a4cadb44e in QObject::deleteLater (this=0x562777928e00) at kernel/qobject.cpp:2336
#2 0x00007f4a17ea294e in PackageKit::TransactionPrivate::finished (runtime=0, exitCode=2, this=0x562777a2ebe0) at ./src/transactionprivate.cpp:245
#3 PackageKit::TransactionPrivate::runQueuedTransaction (this=0x562777a2ebe0) at ./src/transactionprivate.cpp:193
#4 0x00007f4a17ea5582 in PackageKit::TransactionPrivate::setup (this=this@entry=0x562777a2ebe0, transactionId=...) at ./src/transactionprivate.cpp:82
#5 0x00007f4a17e9db7b in PackageKit::Transaction::Transaction (this=0x562777928e00, tid=...) at ./src/transaction.cpp:69
#6 0x00007f4a2402294a in TransactionWatcher::watchTransaction (this=this@entry=0x562777a3dd30, tid=..., interactive=interactive@entry=false) at ./apperd/TransactionWatcher.cpp:95
#7 0x00007f4a24022b99 in TransactionWatcher::transactionListChanged (this=0x562777a3dd30, tids=...) at ./apperd/TransactionWatcher.cpp:85
#8 0x00007f4a4cae8fcf in QtPrivate::QSlotObjectBase::call (a=0x7fffb2efd390, r=0x562777a3dd30, this=0x7f4a2803cd40) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#9 doActivate<false> (sender=0x5627778e42b0, signal_index=8, argv=0x7fffb2efd390) at kernel/qobject.cpp:3919
#10 0x00007f4a4cae226f in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7f4a17ec87c0 <PackageKit::Daemon::staticMetaObject>, local_signal_index=local_signal_index@entry=5, argv=argv@entry=0x7fffb2efd390) at kernel/qobject.cpp:3979
#11 0x00007f4a17e92095 in PackageKit::Daemon::transactionListChanged (this=<optimized out>, _t1=...) at ./obj-x86_64-linux-gnu/src/packagekitqt5_autogen/include/moc_daemon.cpp:419
#12 0x00007f4a4cae8ffc in doActivate<false> (sender=0x5627778e7900, signal_index=5, argv=0x7fffb2efd4b0) at kernel/qobject.cpp:3931
#13 0x00007f4a4cae226f in QMetaObject::activate (sender=sender@entry=0x5627778e7900, m=m@entry=0x7f4a17ec8b00 <OrgFreedesktopPackageKitInterface::staticMetaObject>, local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x7fffb2efd4b0) at kernel/qobject.cpp:3979
#14 0x00007f4a17eaab38 in OrgFreedesktopPackageKitInterface::TransactionListChanged (_t1=..., this=0x5627778e7900) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:331
#15 OrgFreedesktopPackageKitInterface::qt_static_metacall (_o=0x5627778e7900, _c=<optimized out>, _id=<optimized out>, _a=0x7fffb2efd600) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:178
#16 0x00007f4a17eabd73 in OrgFreedesktopPackageKitInterface::qt_metacall (this=0x5627778e7900, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0x7fffb2efd600) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:288
#17 0x00007f4a4d72661b in ?? () from /lib/x86_64-linux-gnu/libQt5DBus.so.5
#18 0x00007f4a4cadd770 in QObject::event (this=0x5627778e7900, e=0x7f4a28039770) at kernel/qobject.cpp:1347
#19 0x00007f4a4d962f5e in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x5627778e7900, e=0x7f4a28039770) at kernel/qapplication.cpp:3637
#20 0x00007f4a4cab17c8 in QCoreApplication::notifyInternal2 (receiver=0x5627778e7900, event=0x7f4a28039770) at kernel/qcoreapplication.cpp:1064
#21 0x00007f4a4cab4761 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5627771b14f0) at kernel/qcoreapplication.cpp:1821
#22 0x00007f4a4cb0a1d3 in postEventSourceDispatch (s=0x5627772a7720) at kernel/qeventdispatcher_glib.cpp:277
#23 0x00007f4a4b91e7a9 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#24 0x00007f4a4b91ea38 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#25 0x00007f4a4b91eacc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#26 0x00007f4a4cb098b6 in QEventDispatcherGlib::processEvents (this=0x5627772ad1f0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#27 0x00007f4a4cab024b in QEventLoop::exec (this=this@entry=0x7fffb2efda40, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#28 0x00007f4a4cab83b6 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#29 0x000056277582e3d9 in main (argc=<optimized out>, argv=<optimized out>) at ./src/kded.cpp:785
(rr) when
Current event: 241187







[5]
Thread 1 hit Breakpoint 6, TransactionWatcher::watchTransaction (this=this@entry=0x562777a3dd30, tid=..., interactive=interactive@entry=false) at ./apperd/TransactionWatcher.cpp:100
100 m_transactions[tid] = transaction;
1: x/i $pc
=> 0x7f4a24022a63 <_ZN18TransactionWatcher16watchTransactionERK15QDBusObjectPathb+403>: mov %rbp,%rsi
(rr) bt
#0 TransactionWatcher::watchTransaction (this=this@entry=0x562777a3dd30, tid=..., interactive=interactive@entry=false) at ./apperd/TransactionWatcher.cpp:100
#1 0x00007f4a24022b99 in TransactionWatcher::transactionListChanged (this=0x562777a3dd30, tids=...) at ./apperd/TransactionWatcher.cpp:85
#2 0x00007f4a4cae8fcf in QtPrivate::QSlotObjectBase::call (a=0x7fffb2efd390, r=0x562777a3dd30, this=0x7f4a2803cd40) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#3 doActivate<false> (sender=0x5627778e42b0, signal_index=8, argv=0x7fffb2efd390) at kernel/qobject.cpp:3919
#4 0x00007f4a4cae226f in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7f4a17ec87c0 <PackageKit::Daemon::staticMetaObject>, local_signal_index=local_signal_index@entry=5, argv=argv@entry=0x7fffb2efd390) at kernel/qobject.cpp:3979
#5 0x00007f4a17e92095 in PackageKit::Daemon::transactionListChanged (this=<optimized out>, _t1=...) at ./obj-x86_64-linux-gnu/src/packagekitqt5_autogen/include/moc_daemon.cpp:419
#6 0x00007f4a4cae8ffc in doActivate<false> (sender=0x5627778e7900, signal_index=5, argv=0x7fffb2efd4b0) at kernel/qobject.cpp:3931
#7 0x00007f4a4cae226f in QMetaObject::activate (sender=sender@entry=0x5627778e7900, m=m@entry=0x7f4a17ec8b00 <OrgFreedesktopPackageKitInterface::staticMetaObject>, local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x7fffb2efd4b0) at kernel/qobject.cpp:3979
#8 0x00007f4a17eaab38 in OrgFreedesktopPackageKitInterface::TransactionListChanged (_t1=..., this=0x5627778e7900) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:331
#9 OrgFreedesktopPackageKitInterface::qt_static_metacall (_o=0x5627778e7900, _c=<optimized out>, _id=<optimized out>, _a=0x7fffb2efd600) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:178
#10 0x00007f4a17eabd73 in OrgFreedesktopPackageKitInterface::qt_metacall (this=0x5627778e7900, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0x7fffb2efd600) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:288
#11 0x00007f4a4d72661b in ?? () from /lib/x86_64-linux-gnu/libQt5DBus.so.5
#12 0x00007f4a4cadd770 in QObject::event (this=0x5627778e7900, e=0x7f4a28039770) at kernel/qobject.cpp:1347
#13 0x00007f4a4d962f5e in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x5627778e7900, e=0x7f4a28039770) at kernel/qapplication.cpp:3637
#14 0x00007f4a4cab17c8 in QCoreApplication::notifyInternal2 (receiver=0x5627778e7900, event=0x7f4a28039770) at kernel/qcoreapplication.cpp:1064
#15 0x00007f4a4cab4761 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5627771b14f0) at kernel/qcoreapplication.cpp:1821
#16 0x00007f4a4cb0a1d3 in postEventSourceDispatch (s=0x5627772a7720) at kernel/qeventdispatcher_glib.cpp:277
#17 0x00007f4a4b91e7a9 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#18 0x00007f4a4b91ea38 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#19 0x00007f4a4b91eacc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007f4a4cb098b6 in QEventDispatcherGlib::processEvents (this=0x5627772ad1f0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#21 0x00007f4a4cab024b in QEventLoop::exec (this=this@entry=0x7fffb2efda40, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#22 0x00007f4a4cab83b6 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#23 0x000056277582e3d9 in main (argc=<optimized out>, argv=<optimized out>) at ./src/kded.cpp:785
(rr) when
Current event: 241195








[6]
Thread 1 hit Breakpoint 2, PackageKit::Transaction::~Transaction (this=0x562777928e00, __in_chrg=<optimized out>) at ./src/transaction.cpp:162
162 Transaction::~Transaction()
1: x/i $pc
=> 0x7f4a17e9c9d0 <_ZN10PackageKit11TransactionD2Ev>: mov 0x2c5d9(%rip),%rax # 0x7f4a17ec8fb0
(rr) bt
#0 PackageKit::Transaction::~Transaction (this=0x562777928e00, __in_chrg=<optimized out>) at ./src/transaction.cpp:162
#1 0x00007f4a17e9ca09 in PackageKit::Transaction::~Transaction (this=0x562777928e00, __in_chrg=<optimized out>) at ./src/transaction.cpp:166
#2 0x00007f4a4cadd53f in QObject::event (this=0x562777928e00, e=0x562777885690) at kernel/qobject.cpp:1334
#3 0x00007f4a4d962f5e in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x562777928e00, e=0x562777885690) at kernel/qapplication.cpp:3637
#4 0x00007f4a4cab17c8 in QCoreApplication::notifyInternal2 (receiver=0x562777928e00, event=0x562777885690) at kernel/qcoreapplication.cpp:1064
#5 0x00007f4a4cab4761 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5627771b14f0) at kernel/qcoreapplication.cpp:1821
#6 0x00007f4a4cb0a1d3 in postEventSourceDispatch (s=0x5627772a7720) at kernel/qeventdispatcher_glib.cpp:277
#7 0x00007f4a4b91e7a9 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#8 0x00007f4a4b91ea38 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#9 0x00007f4a4b91eacc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#10 0x00007f4a4cb098b6 in QEventDispatcherGlib::processEvents (this=0x5627772ad1f0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#11 0x00007f4a4cab024b in QEventLoop::exec (this=this@entry=0x7fffb2efda40, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#12 0x00007f4a4cab83b6 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#13 0x000056277582e3d9 in main (argc=<optimized out>, argv=<optimized out>) at ./src/kded.cpp:785
(rr) when
Current event: 241215







[7]
Thread 1 received signal SIGSEGV, Segmentation fault.
0x00007f4a17e9eba4 in PackageKit::Transaction::role (this=this@entry=0x562777928e00) at ./src/transaction.cpp:297
297 return d->role;
1: x/i $pc
=> 0x7f4a17e9eba4 <_ZNK10PackageKit11Transaction4roleEv+4>: mov 0x50(%rax),%eax
(rr) bt
#0 0x00007f4a17e9eba4 in PackageKit::Transaction::role (this=this@entry=0x562777928e00) at ./src/transaction.cpp:297
#1 0x00007f4a24022aae in TransactionWatcher::watchTransaction (this=this@entry=0x562777a3dd30, tid=..., interactive=interactive@entry=false) at ./apperd/TransactionWatcher.cpp:104
#2 0x00007f4a24022b99 in TransactionWatcher::transactionListChanged (this=0x562777a3dd30, tids=...) at ./apperd/TransactionWatcher.cpp:85
#3 0x00007f4a4cae8fcf in QtPrivate::QSlotObjectBase::call (a=0x7fffb2efd390, r=0x562777a3dd30, this=0x7f4a2803cd40) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#4 doActivate<false> (sender=0x5627778e42b0, signal_index=8, argv=0x7fffb2efd390) at kernel/qobject.cpp:3919
#5 0x00007f4a4cae226f in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7f4a17ec87c0 <PackageKit::Daemon::staticMetaObject>, local_signal_index=local_signal_index@entry=5, argv=argv@entry=0x7fffb2efd390) at kernel/qobject.cpp:3979
#6 0x00007f4a17e92095 in PackageKit::Daemon::transactionListChanged (this=<optimized out>, _t1=...) at ./obj-x86_64-linux-gnu/src/packagekitqt5_autogen/include/moc_daemon.cpp:419
#7 0x00007f4a4cae8ffc in doActivate<false> (sender=0x5627778e7900, signal_index=5, argv=0x7fffb2efd4b0) at kernel/qobject.cpp:3931
#8 0x00007f4a4cae226f in QMetaObject::activate (sender=sender@entry=0x5627778e7900, m=m@entry=0x7f4a17ec8b00 <OrgFreedesktopPackageKitInterface::staticMetaObject>, local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x7fffb2efd4b0) at kernel/qobject.cpp:3979
#9 0x00007f4a17eaab38 in OrgFreedesktopPackageKitInterface::TransactionListChanged (_t1=..., this=0x5627778e7900) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:331
#10 OrgFreedesktopPackageKitInterface::qt_static_metacall (_o=0x5627778e7900, _c=<optimized out>, _id=<optimized out>, _a=0x7fffb2efd600) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:178
#11 0x00007f4a17eabd73 in OrgFreedesktopPackageKitInterface::qt_metacall (this=0x5627778e7900, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0x7fffb2efd600) at ./obj-x86_64-linux-gnu/src/daemonproxy.moc:288
#12 0x00007f4a4d72661b in ?? () from /lib/x86_64-linux-gnu/libQt5DBus.so.5
#13 0x00007f4a4cadd770 in QObject::event (this=0x5627778e7900, e=0x7f4a280109d0) at kernel/qobject.cpp:1347
#14 0x00007f4a4d962f5e in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x5627778e7900, e=0x7f4a280109d0) at kernel/qapplication.cpp:3637
#15 0x00007f4a4cab17c8 in QCoreApplication::notifyInternal2 (receiver=0x5627778e7900, event=0x7f4a280109d0) at kernel/qcoreapplication.cpp:1064
#16 0x00007f4a4cab4761 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5627771b14f0) at kernel/qcoreapplication.cpp:1821
#17 0x00007f4a4cb0a1d3 in postEventSourceDispatch (s=0x5627772a7720) at kernel/qeventdispatcher_glib.cpp:277
#18 0x00007f4a4b91e7a9 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#19 0x00007f4a4b91ea38 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007f4a4b91eacc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007f4a4cb098b6 in QEventDispatcherGlib::processEvents (this=0x5627772ad1f0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#22 0x00007f4a4cab024b in QEventLoop::exec (this=this@entry=0x7fffb2efda40, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#23 0x00007f4a4cab83b6 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#24 0x000056277582e3d9 in main (argc=<optimized out>, argv=<optimized out>) at ./src/kded.cpp:785
(rr) when
Current event: 241323
(rr) up
#1 0x00007f4a24022aae in TransactionWatcher::watchTransaction (this=this@entry=0x562777a3dd30, tid=..., interactive=interactive@entry=false) at ./apperd/TransactionWatcher.cpp:104
104 if (transaction->role() != Transaction::RoleUnknown) {
(rr) list
99 // Store the transaction id
100 m_transactions[tid] = transaction;
101 } else {
102 transaction = m_transactions[tid];
103
104 if (transaction->role() != Transaction::RoleUnknown) {
105 // force the first changed or create a TransactionJob
106 transactionChanged(transaction, interactive);
107 }
108 }
(rr) print m_transactions
$6 = QHash<QDBusObjectPath, PackageKit::Transaction *> (size = 5) = {
[{
m_path = "/158_ebedcedc"
}] = 0x562777928e00,
[{
m_path = "/156_eebeadbe"
}] = 0x7f4a2801d720,
[{
m_path = "/160_eadddbcc"
}] = 0x56277772ef60,
[{
m_path = "/154_baeeadae"
}] = 0x562777a91bc0,
[{
m_path = "/157_cbbecede"
}] = 0x7f4a28034090
}






[8]
Jan 03 22:42:13 debian systemd-coredump[10321]: [🡕] Process 9882 (kded5) of user 1000 dumped core.
Module libudev.so.1 from deb systemd-252.4-1.amd64
Module libsystemd.so.0 from deb systemd-252.4-1.amd64
Stack trace of thread 9882:
#0 0x00007fe97f9e0ccc __pthread_kill_implementation (libc.so.6 + 0x8accc)
#1 0x00007fe97f991ef2 __GI_raise (libc.so.6 + 0x3bef2)
#2 0x00007fe9803f986d _ZN6KCrash19defaultCrashHandlerEi (libKF5Crash.so.5 + 0x586d)
#3 0x00007fe97f991f90 __restore_rt (libc.so.6 + 0x3bf90)
#4 0x00007fe952a7bba4 _ZNK10PackageKit11Transaction4roleEv (libpackagekitqt5.so.1 + 0x1aba4)
#5 0x00007fe952b28aae _ZN18TransactionWatcher16watchTransactionERK15QDBusObjectPathb (kded_apperd.so + 0xeaae)
#6 0x00007fe952b28b99 _ZN18TransactionWatcher22transactionListChangedERK11QStringList (kded_apperd.so + 0xeb99)
#7 0x00007fe97f6e8fcf n/a (libQt5Core.so.5 + 0x2e8fcf)
#8 0x00007fe952a6f095 _ZN10PackageKit6Daemon22transactionListChangedERK11QStringList (libpackagekitqt5.so.1 + 0xe095)
#9 0x00007fe97f6e8ffc n/a (libQt5Core.so.5 + 0x2e8ffc)
#10 0x00007fe952a87b38 _ZN33OrgFreedesktopPackageKitInterface22TransactionListChangedERK11QStringList (libpackagekitqt5.so.1 + 0x26b38)
#11 0x00007fe952a88d73 _ZN33OrgFreedesktopPackageKitInterface11qt_metacallEN11QMetaObject4CallEiPPv (libpackagekitqt5.so.1 + 0x27d73)
#12 0x00007fe98031a61b n/a (libQt5DBus.so.5 + 0x2361b)
#13 0x00007fe97f6dd770 _ZN7QObject5eventEP6QEvent (libQt5Core.so.5 + 0x2dd770)
#14 0x00007fe980562f5e _ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent (libQt5Widgets.so.5 + 0x162f5e)
#15 0x00007fe97f6b17c8 _ZN16QCoreApplication15notifyInternal2EP7QObjectP6QEvent (libQt5Core.so.5 + 0x2b17c8)
#16 0x00007fe97f6b4761 _ZN23QCoreApplicationPrivate16sendPostedEventsEP7QObjectiP11QThreadData (libQt5Core.so.5 + 0x2b4761)
#17 0x00007fe97f70a1d3 n/a (libQt5Core.so.5 + 0x30a1d3)
#18 0x00007fe97e51e7a9 g_main_context_dispatch (libglib-2.0.so.0 + 0x547a9)
#19 0x00007fe97e51ea38 n/a (libglib-2.0.so.0 + 0x54a38)
#20 0x00007fe97e51eacc g_main_context_iteration (libglib-2.0.so.0 + 0x54acc)
#21 0x00007fe97f7098b6 _ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE (libQt5Core.so.5 + 0x3098b6)
#22 0x00007fe97f6b024b _ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE (libQt5Core.so.5 + 0x2b024b)
#23 0x00007fe97f6b83b6 _ZN16QCoreApplication4execEv (libQt5Core.so.5 + 0x2b83b6)
#24 0x000055800ab1b3d9 n/a (kded5 + 0x73d9)
#25 0x00007fe97f97d18a __libc_start_call_main (libc.so.6 + 0x2718a)
#26 0x00007fe97f97d245 __libc_start_main_impl (libc.so.6 + 0x27245)
#27 0x000055800ab1b5c1 n/a (kded5 + 0x75c1)





[9]
https://bugs.kde.org/show_bug.cgi?id=463626
https://bugs.kde.org/show_bug.cgi?id=462706
https://github.com/PackageKit/PackageKit-Qt




[misc]
apt install task-kde-desktop task-german-kde-desktop gdb systemd-coredump valgrind mc gdb rr kdevelop-data libpackagekitqt5-1-dbgsym libqt5core5a-dbgsym libqt5widgets5-dbgsym apper-dbgsym kded5-dbgsym
Pretty printer for Qt in kdevelop-data: https://stackoverflow.com/questions/23176216/enable-pretty-printing-in-kdevelop-c/23548981#23548981

Bernhard Übelacker

unread,
Jan 4, 2023, 5:40:04 AM1/4/23
to
Short addition:
I tried to bring this to the attention of packagekit-qt
developers in this bug report:
https://github.com/PackageKit/PackageKit-Qt/issues/42

Kind regards,
Bernhard

piorunz

unread,
Jan 7, 2023, 3:30:05 AM1/7/23
to
Package: kded5
Version: 5.101.0-1
Followup-For: Bug #1026062
X-Debbugs-Cc: pio...@gmx.com

Dear Maintainer,

I can also observe this problem. Just booted my computer, first I see in "sudo
coredumpctl list", is freshly crashed kded5:

$ sudo coredumpctl list
Sat 2023-01-07 08:09:54 GMT 5500 1000 1000 SIGSEGV present /usr/bin/kded5
4.2M

service status confirm this:
systemctl --user status plasma-kded
× plasma-kded.service - KDE Daemon
Loaded: loaded (/usr/lib/systemd/user/plasma-kded.service; static)
Active: failed (Result: core-dump) since Sat 2023-01-07 08:09:54 GMT; 6min
ago
Duration: 5min 13.302s
Process: 5500 ExecStart=/usr/bin/kded5 (code=dumped, signal=SEGV)
Main PID: 5500 (code=dumped, signal=SEGV)
CPU: 1.637s

Jan 07 08:09:52 ryzen kded5[5500]: KCrash: Attempting to start
/usr/lib/x86_64-linux-gnu/libexec/drkonqi
Jan 07 08:09:52 ryzen kded5[5500]: QSocketNotifier: Invalid socket 11 and type
'Read', disabling...
Jan 07 08:09:52 ryzen kded5[5500]: QSocketNotifier: Invalid socket 17 and type
'Read', disabling...
Jan 07 08:09:52 ryzen kded5[5500]: QSocketNotifier: Invalid socket 47 and type
'Read', disabling...
Jan 07 08:09:53 ryzen kded5[5500]: Unable to start Dr. Konqi
Jan 07 08:09:53 ryzen kded5[5500]: Re-raising signal for core dump handling.
Jan 07 08:09:54 ryzen systemd-coredump[47140]: [🡕] Process 5500 (kded5) of user
1000 dumped core.

Module libudev.so.1 from deb
systemd-252.4-1.amd64
Module libsystemd.so.0 from deb
systemd-252.4-1.amd64

Stack trace of thread 5500:
#0 0x00007f292a9e5bb4
pthread_sigmask (libc.so.6 + 0x8fbb4)
#1 0x00007f292a992179
sigprocmask (libc.so.6 + 0x3c179)
#2 0x00007f292bb09eab
_ZN6KCrash15setCrashHandlerEPFviE (libKF5Crash.so.5 + 0x4eab)
#3 0x00007f292bb0abd9
_ZN6KCrash19defaultCrashHandlerEi (libKF5Crash.so.5 + 0x5bd9)
#4 0x00007f292a991f90 n/a
(libc.so.6 + 0x3bf90)
#5 0x00007f28b2308ba4
_ZNK10PackageKit11Transaction4roleEv (libpackagekitqt5.so.1 + 0x1aba4)
#6 0x00007f28b23c4aae n/a
(kded_apperd.so + 0xeaae)
#7 0x00007f28b23c4b99 n/a
(kded_apperd.so + 0xeb99)
#8 0x00007f292a6e8fcf n/a
(libQt5Core.so.5 + 0x2e8fcf)
#9 0x00007f28b22fc095
_ZN10PackageKit6Daemon22transactionListChangedERK11QStringList
(libpackagekitqt5.so.1 + 0xe095)
#10 0x00007f292a6e8ffc n/a
(libQt5Core.so.5 + 0x2e8ffc)
#11 0x00007f28b2314b38 n/a
(libpackagekitqt5.so.1 + 0x26b38)
#12 0x00007f28b2315d73 n/a
(libpackagekitqt5.so.1 + 0x27d73)
#13 0x00007f292b32661b n/a
(libQt5DBus.so.5 + 0x2361b)
#14 0x00007f292a6dd770
_ZN7QObject5eventEP6QEvent (libQt5Core.so.5 + 0x2dd770)
#15 0x00007f292b562f5e
_ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent (libQt5Widgets.so.5 +
0x162f5e)
#16 0x00007f292a6b17c8
_ZN16QCoreApplication15notifyInternal2EP7QObjectP6QEvent (libQt5Core.so.5 +
0x2b17c8)
#17 0x00007f292a6b4761
_ZN23QCoreApplicationPrivate16sendPostedEventsEP7QObjectiP11QThreadData
(libQt5Core.so.5 + 0x2b4761)
#18 0x00007f292a70a1d3 n/a
(libQt5Core.so.5 + 0x30a1d3)
#19 0x00007f292951e7a9
g_main_context_dispatch (libglib-2.0.so.0 + 0x547a9)


Full gdb coredump and backtrace included in the attachment.


-- System Information:
Debian Release: bookworm/sid
APT prefers testing

APT policy: (500, 'testing')


Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.0.0-6-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en


Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kded5 depends on:

ii libc6 2.36-7


ii libkf5configcore5 5.101.0-1
ii libkf5coreaddons5 5.101.0-1
ii libkf5crash5 5.101.0-1
ii libkf5dbusaddons5 5.101.0-1
ii libkf5service-bin 5.101.0-1
ii libkf5service5 5.101.0-1

ii libqt5core5a 5.15.7+dfsg-2
ii libqt5dbus5 5.15.7+dfsg-2
ii libqt5gui5 5.15.7+dfsg-2
ii libqt5widgets5 5.15.7+dfsg-2
ii libstdc++6 12.2.0-13

coredump & backtrace.txt

Ronald Púpala

unread,
Mar 7, 2023, 2:40:04 PM3/7/23
to
Package: kded5
Version: 5.103.0-1
Followup-For: Bug #1026062

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-5-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=sk_SK.UTF-8, LC_CTYPE=sk_SK.UTF-8 (charmap=UTF-8), LANGUAGE=sk:en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kded5 depends on:
ii libc6 2.36-8
ii libkf5configcore5 5.103.0-1
ii libkf5coreaddons5 5.103.0-1
ii libkf5crash5 5.103.0-1
ii libkf5dbusaddons5 5.103.0-1
ii libkf5service-bin 5.103.0-1
ii libkf5service5 5.103.0-1
ii libqt5core5a 5.15.8+dfsg-2
ii libqt5dbus5 5.15.8+dfsg-2
ii libqt5gui5 5.15.8+dfsg-2
ii libqt5widgets5 5.15.8+dfsg-2
ii libstdc++6 12.2.0-14

kded5 recommends no packages.

kded5 suggests no packages.

-- no debconf information

The bug also appears in kded5 version 5.103.0-1 . After kded5 restart, starting discover permanently crashes kded.

James Addison

unread,
Mar 10, 2023, 8:50:05 AM3/10/23
to
Followup-For: Bug #1026062
Control: reassign -1 libpackagekitqt5-1 1.1.0-1
Control: retitle -1 packagekit-qt: use-after-free in PackageKit::Transaction
Control: affects -1 kded5
Control: forwarded -1 https://github.com/PackageKit/PackageKit-Qt/issues/42
Control: tags -1 fixed-upstream

Aurélien COUDERC

unread,
Mar 11, 2023, 11:10:04 AM3/11/23
to
Many thanks to all for tracking this bug, adding info, coordinating with upstream, following progress, testing the fix, and thanks to Matthias for uploading the fixed upstream version.

@Matthias I think we really shouldn't release without the fix so an upgraded severity to >= serious would be appropriate for this bug. But I'll leave you judge on that.


Happy hacking !
--
Aurélien

Matthias Klumpp

unread,
Mar 11, 2023, 11:20:04 AM3/11/23
to
Am Sa., 11. März 2023 um 17:00 Uhr schrieb Aurélien COUDERC <li...@coucouf.fr>:
>
> Many thanks to all for tracking this bug, adding info, coordinating with upstream, following progress, testing the fix, and thanks to Matthias for uploading the fixed upstream version.
>
> @Matthias I think we really shouldn't release without the fix so an upgraded severity to >= serious would be appropriate for this bug. But I'll leave you judge on that.

Odd, I was sure the bug was already marked as RC, but it looks like it
wasn't. It really should be though, I'll change that.

Cheers,
Matthias

--
I welcome VSRE emails. See http://vsre.info/
0 new messages