https://bugs.kde.org/show_bug.cgi?id=504824
Bug ID: 504824
Summary: Sometimes, accessing some directories owned by root
with content accessible to the user causes Dolphin to
crash.
Classification: Applications
Product: dolphin
Version First 25.04.1
Reported In:
Platform: Fedora RPMs
URL: https://retrace.fedoraproject.org/faf/reports/bthash/9
72e2ed5d244d427831b0575fee10e18e147ee9a
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: dolphin-bugs-n...@kde.org
Reporter: 4wy78...@rokejulianlockhart.addy.io
CC: kfm-de...@kde.org
Target Milestone: ---
STEPS TO REPRODUCE
When I invoked `/var/spool/abrt/ccpp-2025-05-26-15:19:20.56527-218721` in
Dolphin via GNOME Abrt's "Open problem data directory" crash-specific context
menu option, it didn't appear for some time.
OBSERVED RESULT
When I eventually attached `strace -Ttr`, I saw some seriously slow calls:
> ~~~CPP
> strace: Process 280469 attached
> 17:19:20 (+ 0.000000) futex(0x7f4cc400aba8,
> FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL,
> FUTEX_BITSET_MATCH_ANY) = 0 <11.201975>
> 17:19:31 (+ 11.202025) futex(0x7f4cc400ab60, FUTEX_WAKE_PRIVATE, 1) = 0
> <0.000009>
> 17:19:31 (+ 0.000052) write(4, "\1\0\0\0\0\0\0\0", 8) = 8 <0.000011>
> 17:19:31 (+ 0.000067) futex(0x7f4cc400aba8,
> FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL,
> FUTEX_BITSET_MATCH_ANY) = 0 <24.999844>
> 17:19:56 (+ 24.999890) futex(0x7f4cc400ab60, FUTEX_WAKE_PRIVATE, 1) = 0
> <0.000016>
> ~~~
Eventually, it crashed:
> ~~~CPP
> 17:20:03 (+ 0.000021) write(3, "\n", 1) = 1 <0.000008>
> 17:20:03 (+ 0.000024) --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR,
> si_addr=NULL} ---
> 17:20:03 (+ 0.291732) +++ killed by SIGSEGV (core dumped) +++
> ~~~
Consequently, I debugged the KCrash. This generated:
> ~~~CPP
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0 0x00007f4ce13a80f5 in KCrash::defaultCrashHandler (sig=11) at
> /usr/src/debug/kf6-kcrash-6.14.0-1.fc42.x86_64/src/kcrash.cpp:538
> 538 if (auto disp =
> qGuiApp->nativeInterface<QNativeInterface::QX11Application>()->display()) {
> --Type <RET> for more, q to quit, c to continue without paging--c
> [Current thread is 1 (Thread 0x7f4cd7e17d80 (LWP 280469))]
> (gdb) bt full
> #0 0x00007f4ce13a80f5 in KCrash::defaultCrashHandler (sig=11) at
> /usr/src/debug/kf6-kcrash-6.14.0-1.fc42.x86_64/src/kcrash.cpp:538
> disp = <optimized out>
> display = 0x0
> data = {<KCrash::MetadataWriter> = {_vptr.MetadataWriter =
> 0x7f4ce13b0808 <vtable for KCrash::Metadata+16>}, argv = {_M_elems = {0x0,
> 0x7f4ce13ae6ed "--qtversion", 0x560e65a779d0 "6.9.0", 0x7f4ce13ae700
> "--kdeframeworksversion",
> 0x7f4ce13ae6f9 "6.14.0", 0x7f4ce13ae738 "--platform",
> 0x560e65d1efe0 "xcb", 0x0 <repeats 31 times>}}, argc = 7, m_writer =
> 0x7ffe3b977ab0}
> platformName = {d = {d = 0x560e65d1efd0, ptr = 0x560e65d1efe0 "xcb",
> size = 3}, static _empty = 0 '\000'}
> about = <optimized out>
> argv = <optimized out>
> ini = {<KCrash::MetadataWriter> = {_vptr.MetadataWriter =
> 0x7f4ce13b0838 <vtable for KCrash::MetadataINIWriter+16>}, writable = true,
> fd = 3}
> sigtxt = "\000\000\340}\227;\376\177\000"
> pidtxt =
> "\240v\225f\016V\000\000\220\023\000xL\177\000\000\000\000\000"
> argc = <optimized out>
> crashRecursionCounter = 2
> #1 <signal handler called>
> No locals.
> #2 unlink_chunk (p=0x560e669c0e00, av=<optimized out>) at malloc.c:1625
> fd = 0x560e66996f00
> bk = 0x560e669b4f30
> #3 0x00007f4cde88bf33 in malloc_consolidate (av=av@entry=0x7f4cde9f6ac0
> <main_arena>) at malloc.c:4933
> fb = 0x7f4cde9f6ad8 <main_arena+24>
> maxfb = 0x7f4cde9f6b18 <main_arena+88>
> p = 0x560e669c0dd0
> nextp = <optimized out>
> unsorted_bin = 0x7f4cde9f6b20 <main_arena+96>
> first_unsorted = <optimized out>
> nextchunk = <optimized out>
> size = 1376
> nextsize = <optimized out>
> prevsize = <optimized out>
> nextinuse = <optimized out>
> #4 0x00007f4cde88d2b0 in _int_free_maybe_consolidate
> (av=av@entry=0x7f4cde9f6ac0 <main_arena>, size=<optimized out>) at
> malloc.c:4836
> --Type <RET> for more, q to quit, c to continue without paging--c
> __PRETTY_FUNCTION__ = "_int_free_maybe_consolidate"
> #5 0x00007f4cde88d5da in _int_free_maybe_consolidate (av=0x7f4cde9f6ac0
> <main_arena>, size=<optimized out>) at malloc.c:4744
> __PRETTY_FUNCTION__ = "_int_free_maybe_consolidate"
> heap = <optimized out>
> #6 0x00007f4cde88d764 in _int_free_chunk (av=0x7f4cde9f6ac0 <main_arena>,
> p=<optimized out>, size=<optimized out>, have_lock=<optimized out>,
> have_lock@entry=0) at malloc.c:4667
> fb = <optimized out>
> #7 0x00007f4cde890592 in _int_free (av=<optimized out>, p=<optimized out>,
> have_lock=0) at malloc.c:4699
> size = <optimized out>
> #8 __GI___libc_free (mem=<optimized out>) at malloc.c:3476
> ar_ptr = <optimized out>
> p = <optimized out>
> err = 11
> #9 0x00007f4ce0f8735b in QHashPrivate::Span<QHashPrivate::Node<QString,
> KCatalog*> >::freeData (this=0x560e66acd138) at
> /usr/include/qt6/QtCore/qhash.h:276
> No locals.
> #10 QHashPrivate::Span<QHashPrivate::Node<QString, KCatalog*> >::~Span
> (this=<optimized out>, this=<optimized out>) at
> /usr/include/qt6/QtCore/qhash.h:265
> No locals.
> #11 QHashPrivate::Data<QHashPrivate::Node<QString, KCatalog*> >::~Data
> (this=<optimized out>, this=<optimized out>) at
> /usr/include/qt6/QtCore/qhash.h:778
> No locals.
> #12 QHash<QString, KCatalog*>::~QHash (this=<optimized out>, this=<optimized
> out>) at /usr/include/qt6/QtCore/qhash.h:868
> No locals.
> #13 QHash<QString, KCatalog*>::~QHash (this=<optimized out>, this=<optimized
> out>) at /usr/include/qt6/QtCore/qhash.h:862
> No locals.
> #14 QHashPrivate::Node<QByteArray, QHash<QString, KCatalog*> >::~Node
> (this=<optimized out>, this=<optimized out>) at
> /usr/include/qt6/QtCore/qhash.h:72
> No locals.
> #15 QHashPrivate::Span<QHashPrivate::Node<QByteArray, QHash<QString,
> KCatalog*> > >::freeData (this=this@entry=0x560e65a74048) at
> /usr/include/qt6/QtCore/qhash.h:273
> o = <optimized out>
> __for_range = @0x560e65a74048: '\377' <repeats 25 times>, "\b",
> '\377' <repeats 22 times>, "\000", '\377' <repeats 12 times>,
> "\006\377\377\377\377\377\377\377\001", '\377' <repeats 18 times>,
> "\n\377\377\377\a", '\377' <repeats 15 times>,
> "\004\t\002\377\377\377\377\377\377\377\377\377\377\005\377\377\377\377\377\003"
> __for_begin = 0x560e65a740a0 "\n\377\377\377\a", '\377' <repeats 15
> times>,
> "\004\t\002\377\377\377\377\377\377\377\377\377\377\005\377\377\377\377\377\003
> ĥe\016V"
> __for_end = 0x560e65a740c8 " ĥe\016V"
> #16 0x00007f4ce0f8dfc4 in QHashPrivate::Span<QHashPrivate::Node<QByteArray,
> QHash<QString, KCatalog*> > >::~Span (this=<optimized out>, this=<optimized
> out>) at /usr/include/qt6/QtCore/qhash.h:263
> No locals.
> #17 QHashPrivate::Data<QHashPrivate::Node<QByteArray, QHash<QString,
> KCatalog*> > >::~Data (this=<optimized out>, this=<optimized out>) at
> /usr/include/qt6/QtCore/qhash.h:778
> No locals.
> #18 QHash<QByteArray, QHash<QString, KCatalog*> >::~QHash (this=<optimized
> out>, this=<optimized out>) at /usr/include/qt6/QtCore/qhash.h:868
> No locals.
> #19 QHash<QByteArray, QHash<QString, KCatalog*> >::~QHash (this=<optimized
> out>, this=<optimized out>) at /usr/include/qt6/QtCore/qhash.h:862
> No locals.
> #20 KLocalizedStringPrivateStatics::~KLocalizedStringPrivateStatics
> (this=<optimized out>, this=<optimized out>) at
> /usr/src/debug/kf6-ki18n-6.14.0-1.fc42.x86_64/src/i18n/klocalizedstring.cpp:302
> languageCatalogs = <optimized out>
> __for_range = <optimized out>
> __for_begin = <optimized out>
> __for_end = <optimized out>
> #21 QtGlobalStatic::Holder<(anonymous namespace)::Q_QGS_staticsKLSP>::~Holder
> (this=<optimized out>, this=<optimized out>) at
> /usr/include/qt6/QtCore/qglobalstatic.h:53
> No locals.
> #22 0x00007f4cde82a2d1 in __run_exit_handlers (status=0, listp=0x7f4cde9f6680
> <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true,
> run_dtors=run_dtors@entry=true) at exit.c:118
> atfct = <optimized out>
> onfct = <optimized out>
> cxafct = <optimized out>
> arg = <optimized out>
> f = <optimized out>
> new_exitfn_called = 3252
> cur = 0x560e65f0f240
> restart = <optimized out>
> #23 0x00007f4cde82a3ae in __GI_exit (status=<optimized out>) at exit.c:148
> No locals.
> #24 0x00007f4cde8115fc in __libc_start_call_main
> (main=main@entry=0x560e3f3cb5c0 <main(int, char**)>, argc=argc@entry=2,
> argv=argv@entry=0x7ffe3b978c88) at ../sysdeps/nptl/libc_start_call_main.h:74
> result = <optimized out>
> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 12306429621036405,
> 140729898208392, 2, 139968181219328, 94619191652792, 12306429400835445,
> 94138591556265333}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0,
> 0x7ffe3b978c88}, data = {
> prev = 0x0, cleanup = 0x0, canceltype = 0}}}
> not_first_call = <optimized out>
> #25 0x00007f4cde8116a8 in __libc_start_main_impl (main=0x560e3f3cb5c0
> <main(int, char**)>, argc=2, argv=0x7ffe3b978c88, init=<optimized out>,
> fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe3b978c78) at
> ../csu/libc-start.c:360
> No locals.
> #26 0x0000560e3f3ce9a5 in _start ()
> No symbol table info available.
> ~~~
This crash is available for P6M at
https://retrace.fedoraproject.org/faf/reports/bthash/972e2ed5d244d427831b0575fee10e18e147ee9a.
SOFTWARE/OS VERSIONS
`dolphin-25.04.1-1` on:
> ~~~
> Operating System: Fedora Linux 42 (KDE Plasma Desktop Edition)
> CPE OS Name: cpe:/o:fedoraproject:fedora:42
> KDE Plasma Version: 6.3.5
> KDE Frameworks Version: 6.14.0
> Qt Version: 6.9.0
> Kernel Version: 6.14.6-300.fc42.x86_64 (64-bit)
> Graphics Platform: Wayland
> ~~~
ADDITIONAL INFORMATION
Undermentioned is the KCrash, although I've removed the module declarations for
conciseness:
> ~~~CPP
> PID: 280469 (dolphin)
> UID: 1000 (RokeJulianLockhart)
> GID: 1000 (RokeJulianLockhart)
> Signal: 11 (SEGV)
> Timestamp: Mon 2025-05-26 17:20:03 BST (1min 25s ago)
> Command Line: /usr/bin/dolphin
> /var/spool/abrt/ccpp-2025-05-26-15:19:20.56527-218721
> Executable: /usr/bin/dolphin
> Control Group:
> /user.slice/user-1000.slice/user@1000.service/app.slice/app-org.kde.konsole-280469.scope
> Unit: user@1000.service
> User Unit: app-org.kde.konsole-280469.scope
> Slice: user-1000.slice
> Owner UID: 1000 (RokeJulianLockhart)
> Boot ID: 8801149266ad47bf839c195c08fa3228
> Machine ID: b4f0bef5ffd640fba0ab31fdaa2820b8
> Hostname: Beedell.RokeJulianLockhart.desktop.SSV2AY
> Storage:
> /var/lib/systemd/coredump/core.dolphin.1000.8801149266ad47bf839c195c08fa3228.280469.1748276403000000.zst
> (present)
> Size on Disk: 5.8M
> Package: dolphin/25.04.1-1.fc42
> build-id: 65449035f4ef787371ed1dd755dc2e837fd64f89
> Message: Process 280469 (dolphin) of user 1000 dumped core.
>
> Stack trace of thread 280469:
> #0 0x00007f4ce13a80f5 _ZN6KCrash19defaultCrashHandlerEi
> (libKF6Crash.so.6 + 0x50f5)
> #1 0x00007f4cde827c30 __restore_rt (libc.so.6 + 0x19c30)
> #2 0x00007f4cde88bd37 unlink_chunk.isra.0 (libc.so.6 +
> 0x7dd37)
> #3 0x00007f4cde88bf33 malloc_consolidate (libc.so.6 +
> 0x7df33)
> #4 0x00007f4cde88d2b0 _int_free_maybe_consolidate.part.0
> (libc.so.6 + 0x7f2b0)
> #5 0x00007f4cde88d764 _int_free_chunk (libc.so.6 + 0x7f764)
> #6 0x00007f4cde890592 free (libc.so.6 + 0x82592)
> #7 0x00007f4ce0f8735b
> _ZN12QHashPrivate4SpanINS_4NodeI10QByteArray5QHashI7QStringP8KCatalogEEEE8freeDataEv
> (libKF6I18n.so.6 + 0x1535b)
> #8 0x00007f4ce0f8dfc4
> _ZN14QtGlobalStatic6HolderIN12_GLOBAL__N_117Q_QGS_staticsKLSPEED2Ev.lto_priv.0
> (libKF6I18n.so.6 + 0x1bfc4)
> #9 0x00007f4cde82a2d1 __run_exit_handlers (libc.so.6 +
> 0x1c2d1)
> #10 0x00007f4cde82a3ae exit (libc.so.6 + 0x1c3ae)
> #11 0x00007f4cde8115fc __libc_start_call_main (libc.so.6 +
> 0x35fc)
> #12 0x00007f4cde8116a8 __libc_start_main@@GLIBC_2.34
> (libc.so.6 + 0x36a8)
> #13 0x0000560e3f3ce9a5 _start (/usr/bin/dolphin + 0x109a5)
>
> Stack trace of thread 280471:
> #0 0x00007f4cde8876c2 __syscall_cancel_arch (libc.so.6 +
> 0x796c2)
> #1 0x00007f4cde87b9da __internal_syscall_cancel (libc.so.6 +
> 0x6d9da)
> #2 0x00007f4cde87ba24 __syscall_cancel (libc.so.6 + 0x6da24)
> #3 0x00007f4cde8f5176 ppoll (libc.so.6 + 0xe7176)
> #4 0x00007f4cdc397890 g_main_context_iterate_unlocked.isra.0
> (libglib-2.0.so.0 + 0x49890)
> #5 0x00007f4cdc397953 g_main_context_iteration
> (libglib-2.0.so.0 + 0x49953)
> #6 0x00007f4cdf1ff56d
> _ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE
> (libQt6Core.so.6 + 0x3ff56d)
> #7 0x00007f4cdef03783
> _ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE (libQt6Core.so.6 +
> 0x103783)
> #8 0x00007f4cdf0217fd _ZN7QThread4execEv (libQt6Core.so.6 +
> 0x2217fd)
> #9 0x00007f4ce0874901 _ZN22QDBusConnectionManager3runEv
> (libQt6DBus.so.6 + 0x20901)
> #10 0x00007f4cdf0bdde4 _ZN14QThreadPrivate5startEPv
> (libQt6Core.so.6 + 0x2bdde4)
> #11 0x00007f4cde87f1d4 start_thread (libc.so.6 + 0x711d4)
> #12 0x00007f4cde901cec __clone3 (libc.so.6 + 0xf3cec)
>
> Stack trace of thread 280896:
> #0 0x00007f4cde8876c2 __syscall_cancel_arch (libc.so.6 +
> 0x796c2)
> #1 0x00007f4cde87b9da __internal_syscall_cancel (libc.so.6 +
> 0x6d9da)
> #2 0x00007f4cde87ba24 __syscall_cancel (libc.so.6 + 0x6da24)
> #3 0x00007f4cde8f5176 ppoll (libc.so.6 + 0xe7176)
> #4 0x00007f4cdc397890 g_main_context_iterate_unlocked.isra.0
> (libglib-2.0.so.0 + 0x49890)
> #5 0x00007f4cdc397953 g_main_context_iteration
> (libglib-2.0.so.0 + 0x49953)
> #6 0x00007f4cdf1ff56d
> _ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE
> (libQt6Core.so.6 + 0x3ff56d)
> #7 0x00007f4cdef03783
> _ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE (libQt6Core.so.6 +
> 0x103783)
> #8 0x00007f4cdf0217fd _ZN7QThread4execEv (libQt6Core.so.6 +
> 0x2217fd)
> #9 0x00007f4cdf0bdde4 _ZN14QThreadPrivate5startEPv
> (libQt6Core.so.6 + 0x2bdde4)
> #10 0x00007f4cde87f1d4 start_thread (libc.so.6 + 0x711d4)
> #11 0x00007f4cde901cec __clone3 (libc.so.6 + 0xf3cec)
> ELF object binary architecture: AMD x86-64
> ~~~
--
You are receiving this mail because:
You are watching all bug changes.
