[dolphin] [Bug 504824] New: Sometimes, accessing some directories owned by root with content accessible to the user causes Dolphin to crash.
    Roke Julian Lockhart Beedell 
    bugzilla_noreply at kde.org
       
    Mon May 26 17:53:03 BST 2025
    
    
  
https://bugs.kde.org/show_bug.cgi?id=504824
            Bug ID: 504824
           Summary: Sometimes, accessing some directories owned by root
                    with content accessible to the user causes Dolphin to
                    crash.
    Classification: Applications
           Product: dolphin
      Version First 25.04.1
       Reported In:
          Platform: Fedora RPMs
               URL: https://retrace.fedoraproject.org/faf/reports/bthash/9
                    72e2ed5d244d427831b0575fee10e18e147ee9a
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: dolphin-bugs-null at kde.org
          Reporter: 4wy78uwh at rokejulianlockhart.addy.io
                CC: kfm-devel at kde.org
  Target Milestone: ---
STEPS TO REPRODUCE
When I invoked `/var/spool/abrt/ccpp-2025-05-26-15:19:20.56527-218721` in
Dolphin via GNOME Abrt's "Open problem data directory" crash-specific context
menu option, it didn't appear for some time.
OBSERVED RESULT
When I eventually attached `strace -Ttr`, I saw some seriously slow calls:
> ~~~CPP
> strace: Process 280469 attached
> 17:19:20 (+     0.000000) futex(0x7f4cc400aba8, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL, FUTEX_BITSET_MATCH_ANY) = 0 <11.201975>
> 17:19:31 (+    11.202025) futex(0x7f4cc400ab60, FUTEX_WAKE_PRIVATE, 1) = 0 <0.000009>
> 17:19:31 (+     0.000052) write(4, "\1\0\0\0\0\0\0\0", 8) = 8 <0.000011>
> 17:19:31 (+     0.000067) futex(0x7f4cc400aba8, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL, FUTEX_BITSET_MATCH_ANY) = 0 <24.999844>
> 17:19:56 (+    24.999890) futex(0x7f4cc400ab60, FUTEX_WAKE_PRIVATE, 1) = 0 <0.000016>
> ~~~
Eventually, it crashed:
> ~~~CPP
> 17:20:03 (+     0.000021) write(3, "\n", 1) = 1 <0.000008>
> 17:20:03 (+     0.000024) --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
> 17:20:03 (+     0.291732) +++ killed by SIGSEGV (core dumped) +++
> ~~~
Consequently, I debugged the KCrash. This generated:
> ~~~CPP
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x00007f4ce13a80f5 in KCrash::defaultCrashHandler (sig=11) at /usr/src/debug/kf6-kcrash-6.14.0-1.fc42.x86_64/src/kcrash.cpp:538
> 538                 if (auto disp = qGuiApp->nativeInterface<QNativeInterface::QX11Application>()->display()) {
> --Type <RET> for more, q to quit, c to continue without paging--c
> [Current thread is 1 (Thread 0x7f4cd7e17d80 (LWP 280469))]
> (gdb) bt full
> #0  0x00007f4ce13a80f5 in KCrash::defaultCrashHandler (sig=11) at /usr/src/debug/kf6-kcrash-6.14.0-1.fc42.x86_64/src/kcrash.cpp:538
>         disp = <optimized out>
>         display = 0x0
>         data = {<KCrash::MetadataWriter> = {_vptr.MetadataWriter = 0x7f4ce13b0808 <vtable for KCrash::Metadata+16>}, argv = {_M_elems = {0x0, 0x7f4ce13ae6ed "--qtversion", 0x560e65a779d0 "6.9.0", 0x7f4ce13ae700 "--kdeframeworksversion", 
>               0x7f4ce13ae6f9 "6.14.0", 0x7f4ce13ae738 "--platform", 0x560e65d1efe0 "xcb", 0x0 <repeats 31 times>}}, argc = 7, m_writer = 0x7ffe3b977ab0}
>         platformName = {d = {d = 0x560e65d1efd0, ptr = 0x560e65d1efe0 "xcb", size = 3}, static _empty = 0 '\000'}
>         about = <optimized out>
>         argv = <optimized out>
>         ini = {<KCrash::MetadataWriter> = {_vptr.MetadataWriter = 0x7f4ce13b0838 <vtable for KCrash::MetadataINIWriter+16>}, writable = true, fd = 3}
>         sigtxt = "\000\000\340}\227;\376\177\000"
>         pidtxt = "\240v\225f\016V\000\000\220\023\000xL\177\000\000\000\000\000"
>         argc = <optimized out>
>         crashRecursionCounter = 2
> #1  <signal handler called>
> No locals.
> #2  unlink_chunk (p=0x560e669c0e00, av=<optimized out>) at malloc.c:1625
>         fd = 0x560e66996f00
>         bk = 0x560e669b4f30
> #3  0x00007f4cde88bf33 in malloc_consolidate (av=av at entry=0x7f4cde9f6ac0 <main_arena>) at malloc.c:4933
>         fb = 0x7f4cde9f6ad8 <main_arena+24>
>         maxfb = 0x7f4cde9f6b18 <main_arena+88>
>         p = 0x560e669c0dd0
>         nextp = <optimized out>
>         unsorted_bin = 0x7f4cde9f6b20 <main_arena+96>
>         first_unsorted = <optimized out>
>         nextchunk = <optimized out>
>         size = 1376
>         nextsize = <optimized out>
>         prevsize = <optimized out>
>         nextinuse = <optimized out>
> #4  0x00007f4cde88d2b0 in _int_free_maybe_consolidate (av=av at entry=0x7f4cde9f6ac0 <main_arena>, size=<optimized out>) at malloc.c:4836
> --Type <RET> for more, q to quit, c to continue without paging--c
>         __PRETTY_FUNCTION__ = "_int_free_maybe_consolidate"
> #5  0x00007f4cde88d5da in _int_free_maybe_consolidate (av=0x7f4cde9f6ac0 <main_arena>, size=<optimized out>) at malloc.c:4744
>         __PRETTY_FUNCTION__ = "_int_free_maybe_consolidate"
>         heap = <optimized out>
> #6  0x00007f4cde88d764 in _int_free_chunk (av=0x7f4cde9f6ac0 <main_arena>, p=<optimized out>, size=<optimized out>, have_lock=<optimized out>, have_lock at entry=0) at malloc.c:4667
>         fb = <optimized out>
> #7  0x00007f4cde890592 in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:4699
>         size = <optimized out>
> #8  __GI___libc_free (mem=<optimized out>) at malloc.c:3476
>         ar_ptr = <optimized out>
>         p = <optimized out>
>         err = 11
> #9  0x00007f4ce0f8735b in QHashPrivate::Span<QHashPrivate::Node<QString, KCatalog*> >::freeData (this=0x560e66acd138) at /usr/include/qt6/QtCore/qhash.h:276
> No locals.
> #10 QHashPrivate::Span<QHashPrivate::Node<QString, KCatalog*> >::~Span (this=<optimized out>, this=<optimized out>) at /usr/include/qt6/QtCore/qhash.h:265
> No locals.
> #11 QHashPrivate::Data<QHashPrivate::Node<QString, KCatalog*> >::~Data (this=<optimized out>, this=<optimized out>) at /usr/include/qt6/QtCore/qhash.h:778
> No locals.
> #12 QHash<QString, KCatalog*>::~QHash (this=<optimized out>, this=<optimized out>) at /usr/include/qt6/QtCore/qhash.h:868
> No locals.
> #13 QHash<QString, KCatalog*>::~QHash (this=<optimized out>, this=<optimized out>) at /usr/include/qt6/QtCore/qhash.h:862
> No locals.
> #14 QHashPrivate::Node<QByteArray, QHash<QString, KCatalog*> >::~Node (this=<optimized out>, this=<optimized out>) at /usr/include/qt6/QtCore/qhash.h:72
> No locals.
> #15 QHashPrivate::Span<QHashPrivate::Node<QByteArray, QHash<QString, KCatalog*> > >::freeData (this=this at entry=0x560e65a74048) at /usr/include/qt6/QtCore/qhash.h:273
>         o = <optimized out>
>         __for_range = @0x560e65a74048: '\377' <repeats 25 times>, "\b", '\377' <repeats 22 times>, "\000", '\377' <repeats 12 times>, "\006\377\377\377\377\377\377\377\001", '\377' <repeats 18 times>, "\n\377\377\377\a", '\377' <repeats 15 times>, "\004\t\002\377\377\377\377\377\377\377\377\377\377\005\377\377\377\377\377\003"
>         __for_begin = 0x560e65a740a0 "\n\377\377\377\a", '\377' <repeats 15 times>, "\004\t\002\377\377\377\377\377\377\377\377\377\377\005\377\377\377\377\377\003 ĥe\016V"
>         __for_end = 0x560e65a740c8 " ĥe\016V"
> #16 0x00007f4ce0f8dfc4 in QHashPrivate::Span<QHashPrivate::Node<QByteArray, QHash<QString, KCatalog*> > >::~Span (this=<optimized out>, this=<optimized out>) at /usr/include/qt6/QtCore/qhash.h:263
> No locals.
> #17 QHashPrivate::Data<QHashPrivate::Node<QByteArray, QHash<QString, KCatalog*> > >::~Data (this=<optimized out>, this=<optimized out>) at /usr/include/qt6/QtCore/qhash.h:778
> No locals.
> #18 QHash<QByteArray, QHash<QString, KCatalog*> >::~QHash (this=<optimized out>, this=<optimized out>) at /usr/include/qt6/QtCore/qhash.h:868
> No locals.
> #19 QHash<QByteArray, QHash<QString, KCatalog*> >::~QHash (this=<optimized out>, this=<optimized out>) at /usr/include/qt6/QtCore/qhash.h:862
> No locals.
> #20 KLocalizedStringPrivateStatics::~KLocalizedStringPrivateStatics (this=<optimized out>, this=<optimized out>) at /usr/src/debug/kf6-ki18n-6.14.0-1.fc42.x86_64/src/i18n/klocalizedstring.cpp:302
>         languageCatalogs = <optimized out>
>         __for_range = <optimized out>
>         __for_begin = <optimized out>
>         __for_end = <optimized out>
> #21 QtGlobalStatic::Holder<(anonymous namespace)::Q_QGS_staticsKLSP>::~Holder (this=<optimized out>, this=<optimized out>) at /usr/include/qt6/QtCore/qglobalstatic.h:53
> No locals.
> #22 0x00007f4cde82a2d1 in __run_exit_handlers (status=0, listp=0x7f4cde9f6680 <__exit_funcs>, run_list_atexit=run_list_atexit at entry=true, run_dtors=run_dtors at entry=true) at exit.c:118
>         atfct = <optimized out>
>         onfct = <optimized out>
>         cxafct = <optimized out>
>         arg = <optimized out>
>         f = <optimized out>
>         new_exitfn_called = 3252
>         cur = 0x560e65f0f240
>         restart = <optimized out>
> #23 0x00007f4cde82a3ae in __GI_exit (status=<optimized out>) at exit.c:148
> No locals.
> #24 0x00007f4cde8115fc in __libc_start_call_main (main=main at entry=0x560e3f3cb5c0 <main(int, char**)>, argc=argc at entry=2, argv=argv at entry=0x7ffe3b978c88) at ../sysdeps/nptl/libc_start_call_main.h:74
>         result = <optimized out>
>         unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 12306429621036405, 140729898208392, 2, 139968181219328, 94619191652792, 12306429400835445, 94138591556265333}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x7ffe3b978c88}, data = {
>               prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>         not_first_call = <optimized out>
> #25 0x00007f4cde8116a8 in __libc_start_main_impl (main=0x560e3f3cb5c0 <main(int, char**)>, argc=2, argv=0x7ffe3b978c88, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe3b978c78) at ../csu/libc-start.c:360
> No locals.
> #26 0x0000560e3f3ce9a5 in _start ()
> No symbol table info available.
> ~~~
This crash is available for P6M at
https://retrace.fedoraproject.org/faf/reports/bthash/972e2ed5d244d427831b0575fee10e18e147ee9a.
SOFTWARE/OS VERSIONS
`dolphin-25.04.1-1` on:
> ~~~
> Operating System: Fedora Linux 42 (KDE Plasma Desktop Edition)
> CPE OS Name: cpe:/o:fedoraproject:fedora:42
> KDE Plasma Version: 6.3.5
> KDE Frameworks Version: 6.14.0
> Qt Version: 6.9.0
> Kernel Version: 6.14.6-300.fc42.x86_64 (64-bit)
> Graphics Platform: Wayland
> ~~~
ADDITIONAL INFORMATION
Undermentioned is the KCrash, although I've removed the module declarations for
conciseness:
> ~~~CPP
>            PID: 280469 (dolphin)
>            UID: 1000 (RokeJulianLockhart)
>            GID: 1000 (RokeJulianLockhart)
>         Signal: 11 (SEGV)
>      Timestamp: Mon 2025-05-26 17:20:03 BST (1min 25s ago)
>   Command Line: /usr/bin/dolphin /var/spool/abrt/ccpp-2025-05-26-15:19:20.56527-218721
>     Executable: /usr/bin/dolphin
>  Control Group: /user.slice/user-1000.slice/user at 1000.service/app.slice/app-org.kde.konsole-280469.scope
>           Unit: user at 1000.service
>      User Unit: app-org.kde.konsole-280469.scope
>          Slice: user-1000.slice
>      Owner UID: 1000 (RokeJulianLockhart)
>        Boot ID: 8801149266ad47bf839c195c08fa3228
>     Machine ID: b4f0bef5ffd640fba0ab31fdaa2820b8
>       Hostname: Beedell.RokeJulianLockhart.desktop.SSV2AY
>        Storage: /var/lib/systemd/coredump/core.dolphin.1000.8801149266ad47bf839c195c08fa3228.280469.1748276403000000.zst (present)
>   Size on Disk: 5.8M
>        Package: dolphin/25.04.1-1.fc42
>       build-id: 65449035f4ef787371ed1dd755dc2e837fd64f89
>        Message: Process 280469 (dolphin) of user 1000 dumped core.
>                 
>                 Stack trace of thread 280469:
>                 #0  0x00007f4ce13a80f5 _ZN6KCrash19defaultCrashHandlerEi (libKF6Crash.so.6 + 0x50f5)
>                 #1  0x00007f4cde827c30 __restore_rt (libc.so.6 + 0x19c30)
>                 #2  0x00007f4cde88bd37 unlink_chunk.isra.0 (libc.so.6 + 0x7dd37)
>                 #3  0x00007f4cde88bf33 malloc_consolidate (libc.so.6 + 0x7df33)
>                 #4  0x00007f4cde88d2b0 _int_free_maybe_consolidate.part.0 (libc.so.6 + 0x7f2b0)
>                 #5  0x00007f4cde88d764 _int_free_chunk (libc.so.6 + 0x7f764)
>                 #6  0x00007f4cde890592 free (libc.so.6 + 0x82592)
>                 #7  0x00007f4ce0f8735b _ZN12QHashPrivate4SpanINS_4NodeI10QByteArray5QHashI7QStringP8KCatalogEEEE8freeDataEv (libKF6I18n.so.6 + 0x1535b)
>                 #8  0x00007f4ce0f8dfc4 _ZN14QtGlobalStatic6HolderIN12_GLOBAL__N_117Q_QGS_staticsKLSPEED2Ev.lto_priv.0 (libKF6I18n.so.6 + 0x1bfc4)
>                 #9  0x00007f4cde82a2d1 __run_exit_handlers (libc.so.6 + 0x1c2d1)
>                 #10 0x00007f4cde82a3ae exit (libc.so.6 + 0x1c3ae)
>                 #11 0x00007f4cde8115fc __libc_start_call_main (libc.so.6 + 0x35fc)
>                 #12 0x00007f4cde8116a8 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x36a8)
>                 #13 0x0000560e3f3ce9a5 _start (/usr/bin/dolphin + 0x109a5)
>                 
>                 Stack trace of thread 280471:
>                 #0  0x00007f4cde8876c2 __syscall_cancel_arch (libc.so.6 + 0x796c2)
>                 #1  0x00007f4cde87b9da __internal_syscall_cancel (libc.so.6 + 0x6d9da)
>                 #2  0x00007f4cde87ba24 __syscall_cancel (libc.so.6 + 0x6da24)
>                 #3  0x00007f4cde8f5176 ppoll (libc.so.6 + 0xe7176)
>                 #4  0x00007f4cdc397890 g_main_context_iterate_unlocked.isra.0 (libglib-2.0.so.0 + 0x49890)
>                 #5  0x00007f4cdc397953 g_main_context_iteration (libglib-2.0.so.0 + 0x49953)
>                 #6  0x00007f4cdf1ff56d _ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE (libQt6Core.so.6 + 0x3ff56d)
>                 #7  0x00007f4cdef03783 _ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE (libQt6Core.so.6 + 0x103783)
>                 #8  0x00007f4cdf0217fd _ZN7QThread4execEv (libQt6Core.so.6 + 0x2217fd)
>                 #9  0x00007f4ce0874901 _ZN22QDBusConnectionManager3runEv (libQt6DBus.so.6 + 0x20901)
>                 #10 0x00007f4cdf0bdde4 _ZN14QThreadPrivate5startEPv (libQt6Core.so.6 + 0x2bdde4)
>                 #11 0x00007f4cde87f1d4 start_thread (libc.so.6 + 0x711d4)
>                 #12 0x00007f4cde901cec __clone3 (libc.so.6 + 0xf3cec)
>                 
>                 Stack trace of thread 280896:
>                 #0  0x00007f4cde8876c2 __syscall_cancel_arch (libc.so.6 + 0x796c2)
>                 #1  0x00007f4cde87b9da __internal_syscall_cancel (libc.so.6 + 0x6d9da)
>                 #2  0x00007f4cde87ba24 __syscall_cancel (libc.so.6 + 0x6da24)
>                 #3  0x00007f4cde8f5176 ppoll (libc.so.6 + 0xe7176)
>                 #4  0x00007f4cdc397890 g_main_context_iterate_unlocked.isra.0 (libglib-2.0.so.0 + 0x49890)
>                 #5  0x00007f4cdc397953 g_main_context_iteration (libglib-2.0.so.0 + 0x49953)
>                 #6  0x00007f4cdf1ff56d _ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE (libQt6Core.so.6 + 0x3ff56d)
>                 #7  0x00007f4cdef03783 _ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE (libQt6Core.so.6 + 0x103783)
>                 #8  0x00007f4cdf0217fd _ZN7QThread4execEv (libQt6Core.so.6 + 0x2217fd)
>                 #9  0x00007f4cdf0bdde4 _ZN14QThreadPrivate5startEPv (libQt6Core.so.6 + 0x2bdde4)
>                 #10 0x00007f4cde87f1d4 start_thread (libc.so.6 + 0x711d4)
>                 #11 0x00007f4cde901cec __clone3 (libc.so.6 + 0xf3cec)
>                 ELF object binary architecture: AMD x86-64
> ~~~
-- 
You are receiving this mail because:
You are on the CC list for the bug.
    
    
More information about the kfm-devel
mailing list