[frameworks-baloo] [Bug 405284] baloo_file_extractor crashes in Baloo::DocumentDB::del() / mdb_cursor_del()

Aaron Williams Tue, 05 Jan 2021 20:18:37 -0800

https://bugs.kde.org/show_bug.cgi?id=405284


--- Comment #11 from Aaron Williams <aar...@doofus.org> ---
I am seeing this same crash:

#0  0x00007f97d31b66db in __GI___poll (fds=fds@entry=0x7ffd4647c4b8,
nfds=nfds@entry=1, 
    timeout=timeout@entry=1000) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f97d4dd7f50 in poll (__timeout=1000, __nfds=1, __fds=0x7ffd4647c4b8)
    at /usr/include/bits/poll2.h:46
#2  pollDrKonqiSocket (sockfd=3, pid=112635)
    at /usr/src/debug/kcrash-5.77.0-lp152.212.1.x86_64/src/kcrash.cpp:802
#3  KCrash::startProcess (argc=argc@entry=15, argv=argv@entry=0x7ffd4647c5a0, 
    waitAndExit=waitAndExit@entry=true)
    at /usr/src/debug/kcrash-5.77.0-lp152.212.1.x86_64/src/kcrash.cpp:663
#4  0x00007f97d4dd8725 in KCrash::defaultCrashHandler (sig=6)
    at /usr/src/debug/kcrash-5.77.0-lp152.212.1.x86_64/src/kcrash.cpp:545
#5  <signal handler called>
#6  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#7  0x00007f97d30ffb01 in __GI_abort () at abort.c:79
#8  0x00007f97d3141957 in __libc_message (action=action@entry=(do_abort |
do_backtrace), 
    fmt=fmt@entry=0x7f97d324abd0 "*** Error in `%s': %s: 0x%s ***\n") at
../sysdeps/posix/libc_fatal.c:181
#9  0x00007f97d3148173 in malloc_printerr (action=<optimized out>, 
    str=0x7f97d3247692 "realloc(): invalid pointer", ptr=<optimized out>,
ar_ptr=<optimized out>)
    at malloc.c:5428
#10 0x00007f97d314cc24 in realloc_check (oldmem=0x7f57c3294010, bytes=2097152,
caller=<optimized out>)
    at hooks.c:353
#11 0x00007f97d222a295 in mdb_midl_grow (idp=idp@entry=0x55e145cda4f8,
num=num@entry=131071) at midl.c:134
#12 0x00007f97d222a554 in mdb_midl_append_range (idp=idp@entry=0x55e145cda4f8,
id=id@entry=373460, 
    n=n@entry=1) at midl.c:189
#13 0x00007f97d222094c in mdb_ovpage_free (mp=<optimized out>, mc=<optimized
out>, mc=<optimized out>)
    at mdb.c:5548
#14 0x00007f97d22281ae in mdb_cursor_del (mc=0x7ffd4647d440, flags=<optimized
out>) at mdb.c:6942
#15 0x00007f97d2228d95 in mdb_freelist_save (txn=0x55e145cda4d0) at mdb.c:3105
#16 mdb_txn_commit (txn=0x55e145cda4d0) at mdb.c:3592
#17 0x00007f97d5005923 in Baloo::Transaction::commit (this=0x55e14b5c73a0)
    at
/usr/src/debug/baloo5-5.77.0-lp152.250.1.x86_64/src/engine/transaction.cpp:276
#18 0x000055e144f9b50c in Baloo::App::processNextFile (this=0x7ffd4647db30)
    at
/usr/src/debug/baloo5-5.77.0-lp152.250.1.x86_64/src/file/extractor/app.cpp:123
#19 0x00007f97d3b717d4 in QtPrivate::QSlotObjectBase::call (a=0x7ffd4647d710,
r=<optimized out>, 
    this=<optimized out>) at
../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#20 QSingleShotTimer::timerEvent (this=0x55e148785b40) at kernel/qtimer.cpp:320
#21 0x00007f97d3b635a3 in QObject::event (this=0x55e148785b40,
e=0x7ffd4647d840) at kernel/qobject.cpp:1336
#22 0x00007f97d3b2f443 in QCoreApplication::notifyInternal2
(receiver=0x55e148785b40, event=0x7ffd4647d840)
    at kernel/qcoreapplication.cpp:1063
#23 0x00007f97d3b91059 in QTimerInfoList::activateTimers (this=0x55e145c10b10)
    at kernel/qtimerinfo_unix.cpp:643
#24 0x00007f97d3b91859 in timerSourceDispatch (source=<optimized out>)
    at kernel/qeventdispatcher_glib.cpp:183
#25 idleTimerSourceDispatch (source=<optimized out>) at
kernel/qeventdispatcher_glib.cpp:230
#26 0x00007f97cf2994a4 in g_main_dispatch (context=0x55e145b039c0) at
../glib/gmain.c:3216
#27 g_main_context_dispatch (context=context@entry=0x55e145b039c0) at
../glib/gmain.c:3881
#28 0x00007f97cf299840 in g_main_context_iterate
(context=context@entry=0x55e145b039c0, 
--Type <RET> for more, q to quit, c to continue without paging--
    block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at
../glib/gmain.c:3954
#29 0x00007f97cf2998cc in g_main_context_iteration (context=0x55e145b039c0,
may_block=may_block@entry=1)
    at ../glib/gmain.c:4015
#30 0x00007f97d3b91bcc in QEventDispatcherGlib::processEvents
(this=0x55e145ae6c30, flags=...)
    at kernel/qeventdispatcher_glib.cpp:423
#31 0x00007f97d3b2dcca in QEventLoop::exec (this=this@entry=0x7ffd4647da90,
flags=..., flags@entry=...)
    at kernel/qeventloop.cpp:232
#32 0x00007f97d3b374c7 in QCoreApplication::exec () at
kernel/qcoreapplication.cpp:1371
#33 0x00007f97d4179e2c in QGuiApplication::exec () at
kernel/qguiapplication.cpp:1867
#34 0x000055e144f993f5 in main (argc=<optimized out>, argv=<optimized out>)
    at
/usr/src/debug/baloo5-5.77.0-lp152.250.1.x86_64/src/file/extractor/main.cpp:37

#10 0x00007f97d314cc24 in realloc_check (oldmem=0x7f57c3294010, bytes=2097152,
caller=<optimized out>)
    at hooks.c:353
353           malloc_printerr (check_action, "realloc(): invalid pointer",
oldmem,
(gdb) up
#11 0x00007f97d222a295 in mdb_midl_grow (idp=idp@entry=0x55e145cda4f8,
num=num@entry=131071) at midl.c:134
134             idn = realloc(idn, (*idn + num + 2) * sizeof(MDB_ID));
(gdb) list
129
130     static int mdb_midl_grow( MDB_IDL *idp, int num )
131     {
132             MDB_IDL idn = *idp-1;
133             /* grow it */
134             idn = realloc(idn, (*idn + num + 2) * sizeof(MDB_ID));
135             if (!idn)
136                     return ENOMEM;
137             *idn++ += num;
138             *idp = idn;
(gdb) p num
$1 = 131071
(gdb) p idn
$2 = <optimized out>
(gdb) p *idn
value has been optimized out
(gdb) down
#10 0x00007f97d314cc24 in realloc_check (oldmem=0x7f57c3294010, bytes=2097152,
caller=<optimized out>)
    at hooks.c:353
353           malloc_printerr (check_action, "realloc(): invalid pointer",
oldmem,
(gdb) list
348       __libc_lock_lock (main_arena.mutex);
349       const mchunkptr oldp = mem2chunk_check (oldmem, &magic_p);
350       __libc_lock_unlock (main_arena.mutex);
351       if (!oldp)
352         {
353           malloc_printerr (check_action, "realloc(): invalid pointer",
oldmem,
354                            &main_arena);
355           return malloc_check (bytes, NULL);
356         }
357       const INTERNAL_SIZE_T oldsize = chunksize (oldp);

#15 0x00007f97d2228d95 in mdb_freelist_save (txn=0x55e145cda4d0) at mdb.c:3105
3105                            rc = mdb_cursor_del(&mc, 0);
(gdb) up
#16 mdb_txn_commit (txn=0x55e145cda4d0) at mdb.c:3592
3592            rc = mdb_freelist_save(txn);
(gdb) p txn
$3 = (MDB_txn *) 0x55e145cda4d0
(gdb) p *txn
$4 = {mt_parent = 0x0, mt_child = 0x0, mt_next_pgno = 5336964, mt_txnid =
903381, mt_env = 0x55e145cd8ff0,
  mt_free_pgs = 0x7f57c3294018, mt_loose_pgs = 0x0, mt_loose_count = 0,
mt_spill_pgs = 0x0, mt_u = {
    dirty_list = 0x7f97c3761010, reader = 0x7f97c3761010}, mt_dbxs =
0x55e145cd9210,
  mt_dbs = 0x55e145cda558, mt_dbiseqs = 0x55e145cda868, mt_cursors =
0x55e145cda7f8,
  mt_dbflags = 0x55e145cda8a0
"\b\030\031\031\031\032\032\032\030\032\031\031\032\032,", mt_numdbs = 14,
  mt_flags = 0, mt_dirty_room = 130270}
(gdb)

-- 
You are receiving this mail because:
You are watching all bug changes.

[frameworks-baloo] [Bug 405284] baloo_file_extractor crashes in Baloo::DocumentDB::del() / mdb_cursor_del()

Reply via email to