https://bugs.kde.org/show_bug.cgi?id=407025
Bug ID: 407025
Summary: xdg-desktop-portal-kde 5.15.4 segmentation faults in
gbm_device_destroy at gbm.c:109 in mesa-libgbm when
logging out of Plasma
Product: xdg-desktop-portal-kde
Version: unspecified
Platform: Fedora RPMs
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: jgrul...@redhat.com
Reporter: matthew.fagn...@utoronto.ca
Target Milestone: ---
SUMMARY
coredumpctl showed drkonqi aborted 6 times since April 12 which occurred when I
logged out of Plasma 5.15.4 on X 1.20.4 in Fedora 30. These crashes had command
lines like
/usr/libexec/drkonqi --appname xdg-desktop-portal-kde --apppath /usr/libexec
--signal 11 --pid 3710 --startupid 0
coredumpctl debug / gdb had the following on the last crash.
Core was generated by `/usr/libexec/drkonqi --appname xdg-desktop-portal-kde
--apppath /usr/libexec --'.
Program terminated with signal SIGABRT, Aborted.
#0 0xb7f7d85d in __kernel_vsyscall ()
(gdb) bt
#0 0xb7f7d85d in __kernel_vsyscall ()
#1 0xb6071786 in __libc_signal_restore_set (set=0xbf85afac)
at ../sysdeps/unix/sysv/linux/internal-signals.h:84
#2 __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:48
#3 0xb605b37b in __GI_abort () at abort.c:79
#4 0xb6449b84 in qt_message_fatal (context=..., message=<synthetic
pointer>...)
at global/qlogging.cpp:1901
#5 QMessageLogger::fatal (this=0xbf85b308, msg=0xb6d95af7 "%s")
at global/qlogging.cpp:887
#6 0xb6a0e153 in init_platform (argv=<optimized out>, argc=@0xbf85b5f0: 11,
platformThemeName=..., platformPluginPath=...,
pluginNamesWithArguments=...)
at ../../include/QtCore/../../src/corelib/tools/qarraydata.h:208
#7 QGuiApplicationPrivate::createPlatformIntegration (this=<optimized out>)
at kernel/qguiapplication.cpp:1384
#8 0xb6a0e9cc in QGuiApplicationPrivate::createEventDispatcher
(this=0x1172db0)
at kernel/qguiapplication.cpp:1401
#9 0xb701ca5c in QApplicationPrivate::createEventDispatcher (this=0x1172db0)
at kernel/qapplication.cpp:185
#10 0xb6635df4 in QCoreApplicationPrivate::init (this=<optimized out>)
at kernel/qcoreapplication.cpp:857
#11 0xb6a10219 in QGuiApplicationPrivate::init (this=0x1172db0)
at kernel/qguiapplication.cpp:1430
#12 0xb701ea2e in QApplicationPrivate::init (this=0x1172db0)
at kernel/qapplication.cpp:566
#13 0xb701eae5 in QApplication::QApplication (this=0xbf85b5ac,
argc=@0xbf85b5f0: 11, argv=0xbf85b684, _internal=330753)
at kernel/qapplication.cpp:554
--Type <RET> for more, q to quit, c to continue without paging--c
#14 0x0048c585 in main (argc=<optimized out>, argv=0xbf85b684) at
/usr/src/debug/plasma-drkonqi-5.15.4-1.fc30.i386/src/main.cpp:63
I ran /usr/libexec/xdg-desktop-portal-kde & in konsole in Plasma which output
xdp-kde-wayland-integration: Cannot open render node: No such file or
directory
I ran gdb -p 3710 in VT2, where 3710 was xdg-desktop-portal-kde's process ID.
I ran c in gdb. I logged out of Plasma. xdg-desktop-portal-kde segmentation
faulted in gbm_device_destroy at gbm.c:109 in mesa-libgbm-19.0.3-1. The
segmentation fault looked like a null pointer dereference since gbm=0x0 and
gbm.c:109 was gbm->refcount--;
Core was generated by `/usr/libexec/xdg-desktop-portal-kde'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0xb7b99b68 in gbm_device_destroy (gbm=0x0) at ../src/gbm/main/gbm.c:109
109 gbm->refcount--;
[Current thread is 1 (Thread 0xb2372780 (LWP 3710))]
(gdb) bt full
#0 0xb7b99b68 in gbm_device_destroy (gbm=0x0) at ../src/gbm/main/gbm.c:109
No locals.
#1 0x0055a733 in
WaylandIntegration::WaylandIntegrationPrivate::~WaylandIntegrationPrivate (
this=0x59a2a0 <(anonymous
namespace)::Q_QGS_globalWaylandIntegration::innerFunction()::holder>,
__in_chrg=<optimized out>)
at
/usr/src/debug/xdg-desktop-portal-kde-5.15.4-1.fc30.i386/src/waylandintegration.cpp:186
No locals.
#2 0x0055a79c in (anonymous
namespace)::Q_QGS_globalWaylandIntegration::Holder::~Holder (
this=0x59a2a0 <(anonymous
namespace)::Q_QGS_globalWaylandIntegration::innerFunction()::holder>,
__in_chrg=<optimized out>)
at
/usr/src/debug/xdg-desktop-portal-kde-5.15.4-1.fc30.i386/src/waylandintegration.cpp:48
No locals.
#3 0xb6103038 in __run_exit_handlers (status=0, listp=0xb62753fc
<__exit_funcs>,
run_list_atexit=true, run_dtors=true) at exit.c:108
atfct = <optimized out>
onfct = <optimized out>
cxafct = <optimized out>
f = <optimized out>
new_exitfn_called = 240
cur = <optimized out>
#4 0xb6103167 in __GI_exit (status=0) at exit.c:139
No locals.
#5 0xb60eb8b5 in __libc_start_main (main=0x501710 <main(int, char**)>, argc=1,
--Type <RET> for more, q to quit, c to continue without paging--c
argv=0xbff17d14, init=0x563ba0 <__libc_csu_init>, fini=0x563c00
<__libc_csu_fini>, rtld_fini=0xb7fa6c30 <_dl_fini>, stack_end=0xbff17d0c) at
../csu/libc-start.c:342
result = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -1238937600, 0, 0,
7279038, -1646675}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0xb7fbffc0,
0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = -1208221760}}}
not_first_call = <optimized out>
#6 0x005019e5 in _start () at /usr/include/qt5/QtCore/qlogging.h:93
No symbol table info available.
(gdb) list
104 * \param gbm The device created using gbm_create_device()
105 */
106 GBM_EXPORT void
107 gbm_device_destroy(struct gbm_device *gbm)
108 {
109 gbm->refcount--;
110 if (gbm->refcount == 0)
111 gbm->destroy(gbm);
112 }
I tried to get a full trace of all threads, but gdb aborted due to what looked
like a failed assertion.
(gdb) thread apply all bt full
Aborted (core dumped)
I'm using the Mesa 19.0.3 llvmpipe driver which doesn't appear to support gbm,
and so a gbm device wasn't created when xdg-desktop-portal-kde started. The
segmentation faults appeared to involve xdg-desktop-portal-kde trying to
destroy a gbm device at waylandintegration.cpp:186 which hadn't been started.
(gdb) list waylandintegration.cpp:186
181 if (m_remoteAccessManager) {
182 m_remoteAccessManager->destroy();
183 }
184
185 if (m_drmFd) {
186 gbm_device_destroy(m_gbmDevice);
187 }
188 }
189
190 bool WaylandIntegration::WaylandIntegrationPrivate::isEGLInitialized()
const
I ran valgrind --log-file=valgrind-xdg-desktop-portal-1.txt
/usr/libexec/xdg-desktop-portal-kde & in konsole in Plasma. Then, I logged out
of Plasma. When I logged back into Plasma, the valgrind log showed an invalid
read in gbm_device_destroy at gbm.c:109 involving the address 0xc. valgrind
didn't crash maybe because xdg-desktop-portal-kde didn't get stopped when
Plasma was logging out while running under valgrind.
==5730== Invalid read of size 4
==5730== at 0x4C2EB68: gbm_device_destroy (gbm.c:109)
==5730== by 0x174732:
WaylandIntegration::WaylandIntegrationPrivate::~WaylandIntegrationPrivate()
(waylandintegration.cpp:186)
==5730== by 0x17479B: (anonymous
namespace)::Q_QGS_globalWaylandIntegration::innerFunction()::Holder::~Holder()
(waylandintegration.cpp:48)
==5730== by 0x658D037: __run_exit_handlers (exit.c:108)
==5730== by 0x658D166: exit (exit.c:139)
==5730== by 0x65758B4: (below main) (libc-start.c:342)
==5730== Address 0xc is not stack'd, malloc'd or (recently) free'd
STEPS TO REPRODUCE
1. Boot Fedora 30 with lightdm enabled as the display manager and llvmpipe
driver used
2. Log in to Plasma on X from lightdm
3. If xdg-desktop-portal-kde isn't running, /usr/libexec/xdg-desktop-portal-kde
& (in konsole)
4. Switch to VT2 and log in
5. gdb -p pid (where pid is xdg-desktop-portal-kde's process id)
6. c (in gdb)
7. Log out of Plasma
8. bt full (in gdb)
9. gcore xdg-desktop-portal-kde-gdb-1.core
10. Log in to Plasma on VT1
11. gdb /usr/libexec/xdg-desktop-portal-kde xdg-desktop-portal-kde-gdb-1.core
(in konsole)
12. bt full (in gdb)
13. q (in gdb)
14. valgrind --log-file=valgrind-xdg-desktop-portal-1.txt
/usr/libexec/xdg-desktop-portal-kde & (in konsole)
15. Log out of Plasma
16. Log in to Plasma
17. Read valgrind-xdg-desktop-portal-1.txt
OBSERVED RESULT
Several segmentation faults occurred in xdg-desktop-portal-kde when logging out
of Plasma on X in Fedora 30.
EXPECTED RESULT
No segmentation faults should have occurred.
SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora 30, 5.0.9-301 kernel
(available in About System)
KDE Plasma Version: 5.15.4
KDE Frameworks Version: 5.57.0
Qt Version: 5.12.1
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are watching all bug changes.
