Hi,

After a recent system update, I saw many KDE things stopped working with segment violations (SIGSEGV).

After some debugging with gdb, I found the issue happens in libKF5Solid.so while trying to read fstab:

Code: Select all

Thread 1 "kioslave5" received signal SIGSEGV, Segmentation fault.
0x0000ffffab38d364 in __aarch64_ldadd4_acq_rel () from /usr/lib64/libQt5Core.so.5
(gdb) bt
#0  0x0000ffffab38d364 in __aarch64_ldadd4_acq_rel () from /usr/lib64/libQt5Core.so.5
#1  0x0000ffffab171348 in std::__atomic_base<int>::operator-- (this=<optimized out>) at /usr/lib/gcc/aarch64-unknown-linux-gnu/11.3.0/include/g++-v11/bits/atomic_base.h:386
#2  QAtomicOps<int>::deref<int> (_q_value=...) at /usr/src/debug/dev-qt/qtcore-5.15.5-r2/qtbase-everywhere-src-5.15.5/include/QtCore/../../src/corelib/thread/qatomic_cxx11.h:289
#3  QBasicAtomicInteger<int>::deref (this=<optimized out>) at /usr/src/debug/dev-qt/qtcore-5.15.5-r2/qtbase-everywhere-src-5.15.5/include/QtCore/../../src/corelib/thread/qbasicatomic.h:119
#4  QtPrivate::RefCount::deref (this=<optimized out>) at /usr/src/debug/dev-qt/qtcore-5.15.5-r2/qtbase-everywhere-src-5.15.5/include/QtCore/../../src/corelib/tools/qrefcount.h:73
#5  QString::operator= (this=this@entry=0xffffa00152e8, other=...) at /usr/src/debug/dev-qt/qtcore-5.15.5-r2/qtbase-everywhere-src-5.15.5/src/corelib/text/qstring.cpp:2404
#6  0x0000ffffa6a07030 in Solid::Backends::Fstab::FstabDevice::FstabDevice (this=this@entry=0xffffa00152d0, uid=...) at /usr/src/debug/kde-frameworks/solid-5.96.0/solid-5.96.0/src/solid/devices/backends/fstab/fstabdevice.cpp:22
#7  0x0000ffffa6a04c18 in Solid::Backends::Fstab::FstabManager::createDevice (this=0xcde56a0, udi=...) at /usr/src/debug/kde-frameworks/solid-5.96.0/solid-5.96.0/src/solid/devices/backends/fstab/fstabmanager.cpp:94
#8  0x0000ffffa69b0fd4 in Solid::DeviceManagerPrivate::createBackendObject (this=this@entry=0xcde5f80, udi=...) at /usr/src/debug/kde-frameworks/solid-5.96.0/solid-5.96.0/src/solid/devices/frontend/devicemanager.cpp:290
#9  0x0000ffffa69b3094 in Solid::DeviceManagerPrivate::findRegisteredDevice (this=0xcde5f80, udi=...) at /usr/src/debug/kde-frameworks/solid-5.96.0/solid-5.96.0/src/solid/devices/frontend/devicemanager.cpp:259
#10 0x0000ffffa69af57c in Solid::Device::Device (this=this@entry=0xffffe596f110, udi=...) at /usr/src/debug/kde-frameworks/solid-5.96.0/solid-5.96.0/src/solid/devices/frontend/device.cpp:45
#11 0x0000ffffa69b2914 in Solid::Device::listFromQuery (predicate=..., parentUdi=...) at /usr/src/debug/kde-frameworks/solid-5.96.0/solid-5.96.0/src/solid/devices/frontend/devicemanager.cpp:150
#12 0x0000ffffa69b2b9c in Solid::Device::listFromQuery (predicate=..., parentUdi=...) at /usr/src/debug/kde-frameworks/solid-5.96.0/solid-5.96.0/src/solid/devices/frontend/devicemanager.cpp:86
#13 0x0000ffffa6a769f4 in TrashImpl::scanTrashDirectories (this=0xffffe596f5e0) at /usr/src/debug/kde-frameworks/kio-5.96.0-r3/kio-5.96.0/src/ioslaves/trash/trashimpl.cpp:1055
#14 0x0000ffffa6a76e98 in TrashImpl::isEmpty (this=this@entry=0xffffe596f5e0) at /usr/src/debug/kde-frameworks/kio-5.96.0-r3/kio-5.96.0/src/ioslaves/trash/trashimpl.cpp:818
#15 0x0000ffffa6a6cb40 in TrashProtocol::createTopLevelDirEntry (this=this@entry=0xffffe596f5a8, entry=...) at /usr/src/debug/kde-frameworks/kio-5.96.0-r3/kio-5.96.0/src/ioslaves/trash/kio_trash.cpp:292
#16 0x0000ffffa6a6d7f8 in TrashProtocol::stat (this=0xffffe596f5a8, url=...) at /usr/src/debug/kde-frameworks/kio-5.96.0-r3/kio-5.96.0/src/ioslaves/trash/kio_trash.cpp:325
#17 0x0000ffffab63b178 in KIO::SlaveBase::dispatch (this=0xffffe596f5b8, command=69, data=...) at /usr/src/debug/kde-frameworks/kio-5.96.0-r3/kio-5.96.0/src/core/slavebase.cpp:1267
#18 0x0000ffffab63bb04 in KIO::SlaveBase::dispatchLoop (this=0xffffe596f5b8) at /usr/src/debug/kde-frameworks/kio-5.96.0-r3/kio-5.96.0/src/core/slavebase.cpp:337
#19 0x0000ffffa6a70b00 in kdemain (argc=<optimized out>, argv=0xffffe596f710) at /usr/src/debug/kde-frameworks/kio-5.96.0-r3/kio-5.96.0/src/ioslaves/trash/kio_trash.cpp:47
#20 0x0000000000401084 in main (argc=5, argv=0xffffe596f8b8) at /usr/src/debug/kde-frameworks/kio-5.96.0-r3/kio-5.96.0/src/kioslave/kioslave.cpp:149

As seen in line #6, the issue happens in Solid::Backends::Fstab::FstabDevice::FstabDevice. Specifically, this line:

Code: Select all

m_device = m_uid;

I guess that makes sense given that NFS mounts don't really have a "physical" device?

Going up in the backtrace takes me to the second line in the overloaded = operator in QString (if (!d->ref.deref()))

Code: Select all

QString &QString::operator=(const QString &other) noexcept
{
    other.d->ref.ref();
    if (!d->ref.deref())
        Data::deallocate(d);
    d = other.d;
    return *this;
}

But this is too low-level for me to debug it.

The backtrace above shows kioslave5 process crashing, but this happens with any other process causing KF5Solid to read fstab:

Code: Select all

Thread 1 "index" received signal SIGSEGV, Segmentation fault.
0x0000fffff646d364 in __aarch64_ldadd4_acq_rel () from /usr/lib64/libQt5Core.so.5
(gdb) bt
#0  0x0000fffff646d364 in __aarch64_ldadd4_acq_rel () from /usr/lib64/libQt5Core.so.5
#1  0x0000fffff6251348 in std::__atomic_base<int>::operator-- (this=<optimized out>) at /usr/lib/gcc/aarch64-unknown-linux-gnu/11.3.0/include/g++-v11/bits/atomic_base.h:386
#2  QAtomicOps<int>::deref<int> (_q_value=...) at /usr/src/debug/dev-qt/qtcore-5.15.5-r2/qtbase-everywhere-src-5.15.5/include/QtCore/../../src/corelib/thread/qatomic_cxx11.h:289
#3  QBasicAtomicInteger<int>::deref (this=<optimized out>) at /usr/src/debug/dev-qt/qtcore-5.15.5-r2/qtbase-everywhere-src-5.15.5/include/QtCore/../../src/corelib/thread/qbasicatomic.h:119
#4  QtPrivate::RefCount::deref (this=<optimized out>) at /usr/src/debug/dev-qt/qtcore-5.15.5-r2/qtbase-everywhere-src-5.15.5/include/QtCore/../../src/corelib/tools/qrefcount.h:73
#5  QString::operator= (this=this@entry=0x166d638, other=...) at /usr/src/debug/dev-qt/qtcore-5.15.5-r2/qtbase-everywhere-src-5.15.5/src/corelib/text/qstring.cpp:2404
#6  0x0000fffff5337030 in Solid::Backends::Fstab::FstabDevice::FstabDevice (this=this@entry=0x166d620, uid=...) at /usr/src/debug/kde-frameworks/solid-5.96.0/solid-5.96.0/src/solid/devices/backends/fstab/fstabdevice.cpp:22
#7  0x0000fffff5334c18 in Solid::Backends::Fstab::FstabManager::createDevice (this=0x7c7e50, udi=...) at /usr/src/debug/kde-frameworks/solid-5.96.0/solid-5.96.0/src/solid/devices/backends/fstab/fstabmanager.cpp:94
#8  0x0000fffff52e0fd4 in Solid::DeviceManagerPrivate::createBackendObject (this=this@entry=0x7bc030, udi=...) at /usr/src/debug/kde-frameworks/solid-5.96.0/solid-5.96.0/src/solid/devices/frontend/devicemanager.cpp:290
#9  0x0000fffff52e3094 in Solid::DeviceManagerPrivate::findRegisteredDevice (this=0x7bc030, udi=...) at /usr/src/debug/kde-frameworks/solid-5.96.0/solid-5.96.0/src/solid/devices/frontend/devicemanager.cpp:259
#10 0x0000fffff52df57c in Solid::Device::Device (this=this@entry=0xffffffffdbf0, udi=...) at /usr/src/debug/kde-frameworks/solid-5.96.0/solid-5.96.0/src/solid/devices/frontend/device.cpp:45
#11 0x0000fffff52e2914 in Solid::Device::listFromQuery (predicate=..., parentUdi=...) at /usr/src/debug/kde-frameworks/solid-5.96.0/solid-5.96.0/src/solid/devices/frontend/devicemanager.cpp:150
#12 0x0000fffff5cb9938 in KFilePlacesModelPrivate::initDeviceList (this=0x7a39c0) at /usr/src/debug/kde-frameworks/kio-5.96.0-r3/kio-5.96.0/src/filewidgets/kfileplacesmodel.cpp:774
#13 0x0000fffff63c4990 in QObject::event (this=0x7a1b50, e=0x7e31d0) at /usr/src/debug/dev-qt/qtcore-5.15.5-r2/qtbase-everywhere-src-5.15.5/src/corelib/kernel/qobject.cpp:1314
#14 0x0000fffff744be60 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x7a1b50, e=0x7e31d0) at /usr/src/debug/dev-qt/qtwidgets-5.15.5-r1/qtbase-everywhere-src-5.15.5/src/widgets/kernel/qapplication.cpp:3637
#15 0x0000fffff6396380 in QCoreApplication::notifyInternal2 (receiver=0x7a1b50, event=0x7e31d0) at /usr/src/debug/dev-qt/qtcore-5.15.5-r2/qtbase-everywhere-src-5.15.5/src/corelib/kernel/qcoreapplication.cpp:1064
#16 0x0000fffff63965b4 in QCoreApplication::sendEvent (receiver=receiver@entry=0x7a1b50, event=event@entry=0x7e31d0) at /usr/src/debug/dev-qt/qtcore-5.15.5-r2/qtbase-everywhere-src-5.15.5/src/corelib/kernel/qcoreapplication.cpp:1462
#17 0x0000fffff6399bc8 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x504530) at /usr/src/debug/dev-qt/qtcore-5.15.5-r2/qtbase-everywhere-src-5.15.5/src/corelib/kernel/qcoreapplication.cpp:1821
#18 0x0000fffff6399f44 in QCoreApplication::sendPostedEvents (receiver=<optimized out>, event_type=<optimized out>) at /usr/src/debug/dev-qt/qtcore-5.15.5-r2/qtbase-everywhere-src-5.15.5/src/corelib/kernel/qcoreapplication.cpp:1680
#19 0x0000fffff63eded8 in postEventSourceDispatch (s=0x5f7240) at /usr/src/debug/dev-qt/qtcore-5.15.5-r2/qtbase-everywhere-src-5.15.5/src/corelib/kernel/qeventdispatcher_glib.cpp:277
#20 0x0000fffff4105068 in g_main_dispatch (context=0x5fa470) at ../glib-2.72.3/glib/gmain.c:3417
#21 g_main_context_dispatch (context=0x5fa470) at ../glib-2.72.3/glib/gmain.c:4135
#22 0x0000fffff41052f8 in g_main_context_iterate (context=context@entry=0x5fa470, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib-2.72.3/glib/gmain.c:4211
#23 0x0000fffff41053c4 in g_main_context_iteration (context=0x5fa470, may_block=1) at ../glib-2.72.3/glib/gmain.c:4276
#24 0x0000fffff63ed8f4 in QEventDispatcherGlib::processEvents (this=0x5f8d00, flags=...) at /usr/src/debug/dev-qt/qtcore-5.15.5-r2/qtbase-everywhere-src-5.15.5/src/corelib/kernel/qeventdispatcher_glib.cpp:423
#25 0x0000fffff63948ac in QEventLoop::exec (this=this@entry=0xffffffffe128, flags=flags@entry=...) at /usr/src/debug/dev-qt/qtcore-5.15.5-r2/qtbase-everywhere-src-5.15.5/include/QtCore/../../src/corelib/global/qflags.h:69
#26 0x0000fffff639d66c in QCoreApplication::exec () at /usr/src/debug/dev-qt/qtcore-5.15.5-r2/qtbase-everywhere-src-5.15.5/include/QtCore/../../src/corelib/global/qflags.h:121
#27 0x00000000004135b4 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/maui-apps/index-2.1.2/index-fm-2.1.2/src/main.cpp:122

Fortunately, my fstab file was quite simple with only one NFS line and commenting the NFS line fixed it.

I continued testing it and found that any line having nfs in the type column will cause the crash, for example:

Code: Select all

foo   bar   nfs   defaults   0 0

will cause a crash, but changing nfs there to anything else, will not.

I have a similar NFS line in other system with the same versions of KDE and Qt and the segv is not happening.

Any idea of what may be causing this?