Bug 1228292

Summary: kwalletd constantly crashes after upgrade to openSUSE 15.6
Product: [openSUSE] openSUSE Distribution Reporter: Vadim Krevs <vkrevs>
Component: KDE Workspace (Plasma)Assignee: E-Mail List <opensuse-kde-bugs>
Status: NEW --- QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: fabian, fvogt, vkrevs
Version: Leap 15.6   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: gdb stack trace from the core file

Description Vadim Krevs 2024-07-24 18:06:58 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Build Identifier: 

Just noticed lots of core files from kwalletd5 after upgrading to openSUSE 15.6. Still using plasma5. Stack trace from one of the core files is below.

$ rpm -qf /usr/bin/kwalletd5
kwalletd5-5.116.0-lp156.312.2.x86_64

$ l core*
-rw------- 1 xxxxxx users 4043593 Jul 22 15:36 core_kwalletd5_1000.16142
-rw------- 1 xxxxxx users 4064931 Jul 23 09:07 core_kwalletd5_1000.17532
-rw------- 1 xxxxxx users 4044984 Jul 21 12:41 core_kwalletd5_1000.3237
-rw------- 1 xxxxxx users 4072690 Jul 22 09:04 core_kwalletd5_1000.3258
-rw------- 1 xxxxxx users 4049659 Jul 24 09:24 core_kwalletd5_1000.9293


$ file core_kwalletd5_1000.*
core_kwalletd5_1000.16142: ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from '/usr/bin/kwalletd5 --pam-login 13 14', real uid: 1000, effective uid: 1000, real gid: 100, effective gid: 100, execfn: '/usr/bin/kwalletd5', platform: 'x86_64'
core_kwalletd5_1000.17532: ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from '/usr/bin/kwalletd5 --pam-login 13 14', real uid: 1000, effective uid: 1000, real gid: 100, effective gid: 100, execfn: '/usr/bin/kwalletd5', platform: 'x86_64'
core_kwalletd5_1000.3237:  ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from '/usr/bin/kwalletd5 --pam-login 13 14', real uid: 1000, effective uid: 1000, real gid: 100, effective gid: 100, execfn: '/usr/bin/kwalletd5', platform: 'x86_64'
core_kwalletd5_1000.3258:  ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from '/usr/bin/kwalletd5 --pam-login 13 14', real uid: 1000, effective uid: 1000, real gid: 100, effective gid: 100, execfn: '/usr/bin/kwalletd5', platform: 'x86_64'
core_kwalletd5_1000.9293:  ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from '/usr/bin/kwalletd5 --pam-login 13 14', real uid: 1000, effective uid: 1000, real gid: 100, effective gid: 100, execfn: '/usr/bin/kwalletd5', platform: 'x86_64'


$ gdb /usr/bin/kwalletd5 core_kwalletd5_1000.16142
GNU gdb (GDB; SUSE Linux Enterprise 15) 13.2
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-suse-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://bugs.opensuse.org/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/kwalletd5...
Reading symbols from /usr/lib/debug/usr/bin/kwalletd5-5.116.0-lp156.312.2.x86_64.debug...

warning: Can't open file /memfd:/.nvidia_drv.XXXXXX (deleted) during file-backed mapping note processing
[New LWP 16142]
[New LWP 16499]
[New LWP 16500]

warning: Section `.reg-xstate/16142' in core file too small.
Missing separate debuginfo for /usr/lib64/libicui18n.so.73
Try: zypper install -C "debuginfo(build-id)=f024113e06da5825ee381178685bb9045b97ff0d"
Missing separate debuginfo for /usr/lib64/libicuuc.so.73
Try: zypper install -C "debuginfo(build-id)=044dbf70f1dc7b1debbf8f80bbcba1d63f8825d3"
Missing separate debuginfo for /usr/lib64/libicudata.so.73
Try: zypper install -C "debuginfo(build-id)=aa515130c05287cc6a9bd9e35d765e337057cd1f"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/bin/kwalletd5 --pam-login 13 14'.
Program terminated with signal SIGSEGV, Segmentation fault.

warning: Section `.reg-xstate/16142' in core file too small.
#0  0x00007fd9ee9ef0a7 in QCA::Botan::MemoryRegion<unsigned char>::deallocate (this=0x562bf2619a60, n=17, p=0x562bf26054d0 "") at /usr/src/debug/qca-qt5-2.3.9-lp156.33.1.x86_64/src/botantools/botan/botan/secmem.h:188
188             alloc->deallocate(p, sizeof(T) * n);
[Current thread is 1 (Thread 0x7fd9ec43ad00 (LWP 16142))]
Missing separate debuginfos, use: zypper install breeze5-style-debuginfo-5.27.11-lp156.425.1.x86_64 kimageformats-debuginfo-5.115.0-bp156.1.1.x86_64 kio-core-debuginfo-5.116.0-lp156.410.3.x86_64 kio-debuginfo-5.116.0-lp156.410.3.x86_64 krb5-debuginfo-1.20.1-150600.11.3.1.x86_64 kservice-debuginfo-5.115.0-150600.1.3.x86_64 libHalf23-debuginfo-2.2.1-150000.3.3.1.x86_64 libICE6-debuginfo-1.0.9-1.25.x86_64 libIex-2_2-23-debuginfo-2.2.1-150000.3.3.1.x86_64 libIlmImf-2_2-23-debuginfo-2.2.1-150000.3.43.1.x86_64 libKF5Archive5-debuginfo-5.115.0-150600.1.2.x86_64 libKF5AuthCore5-debuginfo-5.115.0-150600.1.3.x86_64 libKF5Bookmarks5-debuginfo-5.115.0-150600.1.2.x86_64 libKF5Codecs5-debuginfo-5.115.0-150600.1.2.x86_64 libKF5Completion5-debuginfo-5.116.0-lp156.292.2.x86_64 libKF5ConfigCore5-debuginfo-5.115.0-150600.1.3.x86_64 libKF5ConfigGui5-debuginfo-5.115.0-150600.1.3.x86_64 libKF5ConfigWidgets5-debuginfo-5.115.0-150600.1.2.x86_64 libKF5CoreAddons5-debuginfo-5.115.0-150600.1.3.x86_64 libKF5Crash5-debuginfo-5.116.0-lp156.284.2.x86_64 libKF5DBusAddons5-debuginfo-5.115.0-150600.1.3.x86_64 libKF5GlobalAccel5-debuginfo-5.115.0-150600.1.3.x86_64 libKF5GuiAddons5-debuginfo-5.115.0-150600.1.3.x86_64 libKF5IconThemes5-debuginfo-5.115.0-150600.1.3.x86_64 libKF5ItemViews5-debuginfo-5.115.0-150600.1.2.x86_64 libKF5Notifications5-debuginfo-5.116.0-lp156.307.2.x86_64 libKF5Solid5-debuginfo-5.116.0-lp156.306.2.x86_64 libKF5Style5-debuginfo-5.116.0-lp156.316.2.x86_64 libKF5Wallet5-debuginfo-5.116.0-lp156.312.2.x86_64 libKF5WidgetsAddons5-debuginfo-5.115.0-150600.1.2.x86_64 libKF5WindowSystem5-debuginfo-5.115.0-150600.1.2.x86_64 libKF5XmlGui5-debuginfo-5.115.0-150600.1.5.x86_64 libQt5Core5-debuginfo-5.15.12+kde151-150600.1.5.x86_64 libQt5DBus5-debuginfo-5.15.12+kde151-150600.1.5.x86_64 libQt5Gui5-debuginfo-5.15.12+kde151-150600.1.5.x86_64 libQt5Network5-debuginfo-5.15.12+kde151-150600.1.5.x86_64 libQt5PrintSupport5-debuginfo-5.15.12+kde151-150600.1.5.x86_64 libQt5QuickControls2-5-debuginfo-5.15.12+kde5-150600.1.6.x86_64 libQt5WaylandClient5-debuginfo-5.15.12+kde60-150600.1.7.x86_64 libQt5Widgets5-debuginfo-5.15.12+kde151-150600.1.5.x86_64 libQt5X11Extras5-debuginfo-5.15.12+kde0-150600.1.3.x86_64 libQt5Xml5-debuginfo-5.15.12+kde151-150600.1.5.x86_64 libSM6-debuginfo-1.2.2-1.23.x86_64 libX11-6-debuginfo-1.8.7-150600.1.2.x86_64 libX11-xcb1-debuginfo-1.8.7-150600.1.2.x86_64 libXau6-debuginfo-1.0.8-1.26.x86_64 libXext6-debuginfo-1.3.3-1.30.x86_64 libXrender1-debuginfo-0.9.10-1.30.x86_64 libbrotlicommon1-debuginfo-1.0.7-3.3.1.x86_64 libbz2-1-debuginfo-1.0.8-150400.1.122.x86_64 libcanberra0-debuginfo-0.30-150600.21.3.x86_64 libcom_err2-debuginfo-1.47.0-150600.4.3.2.x86_64 libdbus-1-3-debuginfo-1.12.2-150400.18.8.1.x86_64 libdbusmenu-qt5-2-debuginfo-0.9.3+16.04.20160218-150300.3.3.1.x86_64 libduktape206-debuginfo-2.6.0-150500.4.5.1.x86_64 libexpat1-debuginfo-2.4.4-150400.3.17.1.x86_64 libfontconfig1-debuginfo-2.14.2-150600.1.3.x86_64 libgpgme11-debuginfo-1.23.2-lp156.215.62.x86_64 libgpgmepp6-debuginfo-1.23.2-lp156.215.62.x86_64 libgraphite2-3-debuginfo-1.3.14-150600.1.5.x86_64 libharfbuzz0-debuginfo-8.3.0-150600.1.3.x86_64 libheif1-debuginfo-1.17.6-150600.5.pm.3.x86_64 libjxl0_8-debuginfo-0.8.2-bp156.2.5.x86_64 libkeyutils1-debuginfo-1.6.3-5.6.1.x86_64 libkwalletbackend5-5-debuginfo-5.116.0-lp156.312.2.x86_64 liblcms2-2-debuginfo-2.15-150600.1.5.x86_64 libldap-2_4-2-debuginfo-2.4.46-150600.23.21.x86_64 libltdl7-debuginfo-2.4.6-150000.3.8.1.x86_64 libnghttp2-14-debuginfo-1.40.0-150600.23.2.x86_64 libogg0-debuginfo-1.3.2-150000.3.4.1.x86_64 libpcre2-16-0-debuginfo-10.42-150600.1.26.x86_64 libpkcs11-helper1-debuginfo-1.29.0-150600.1.2.x86_64 libplist-2_0-3-debuginfo-2.2.0-150400.5.4.x86_64 libpng16-16-debuginfo-1.6.40-150600.1.3.x86_64 libpxbackend-1_0-debuginfo-0.5.3-150600.2.1.x86_64 librav1e0_6-debuginfo-0.6.6-150600.1.6.x86_64 libvorbis0-debuginfo-1.3.6-150000.4.5.2.x86_64 libvorbisfile3-debuginfo-1.3.6-150000.4.5.2.x86_64 libwayland-cursor0-debuginfo-1.22.0-150600.1.6.x86_64 libwebpdemux2-debuginfo-1.0.3-150200.3.10.1.x86_64 libwebpmux3-debuginfo-1.0.3-150200.3.10.1.x86_64 libxcb-keysyms1-debuginfo-0.4.0-1.23.x86_64 libxcb-randr0-debuginfo-1.13-150000.3.9.1.x86_64 libxcb-render-util0-debuginfo-0.3.9-1.23.x86_64 libxcb-render0-debuginfo-1.13-150000.3.9.1.x86_64 libxcb-res0-debuginfo-1.13-150000.3.9.1.x86_64 libxcb-shm0-debuginfo-1.13-150000.3.9.1.x86_64 libxcb-util1-debuginfo-0.4.0-1.23.x86_64 libxcb-xfixes0-debuginfo-1.13-150000.3.9.1.x86_64 libxcb-xinerama0-debuginfo-1.13-150000.3.9.1.x86_64 libxcb-xinput0-debuginfo-1.13-150000.3.9.1.x86_64 mozilla-nspr-debuginfo-4.35-lp156.1.1.x86_64 nvidia-gl-G06-debuginfo-550.100-lp156.25.1.x86_64 qca-qt5-plugins-debuginfo-2.3.9-lp156.33.1.x86_64
(gdb) thread apply all bt

Thread 3 (Thread 0x7fd9e25fe6c0 (LWP 16500)):
warning: Section `.reg-xstate/16500' in core file too small.
#0  0x00007fd9ecb2055f in __GI___poll (fds=0x7fd9e25fdc08, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fd9ec20d387 in  () at /usr/lib64/libxcb.so.1
#2  0x00007fd9ec20efba in xcb_wait_for_event () at /usr/lib64/libxcb.so.1
#3  0x00007fd9ea8ead70 in  () at /usr/lib64/libQt5XcbQpa.so.5
#4  0x00007fd9ed2ddf1c in  () at /usr/lib64/libQt5Core.so.5
#5  0x00007fd9ecaa761c in start_thread (arg=<optimized out>) at pthread_create.c:444
#6  0x00007fd9ecb2eaa8 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Thread 2 (Thread 0x7fd9e2dff6c0 (LWP 16499)):
warning: Section `.reg-xstate/16499' in core file too small.
#0  0x00007fd9ecb2055f in __GI___poll (fds=0x7fd9dc0015a0, nfds=3, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fd9eb717b61 in g_main_context_poll_unlocked (priority=<optimized out>, n_fds=3, fds=0x7fd9dc0015a0, timeout=<optimized out>, context=0x7fd9dc000c50) at ../glib/gmain.c:4653
#2  g_main_context_iterate_unlocked (context=context@entry=0x7fd9dc000c50, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4344
#3  0x00007fd9eb7181cc in g_main_context_iteration (context=0x7fd9dc000c50, may_block=1) at ../glib/gmain.c:4414
#4  0x00007fd9ed53a17c in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib64/libQt5Core.so.5
#5  0x00007fd9ed4d65ba in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib64/libQt5Core.so.5
#6  0x00007fd9ed2dc927 in QThread::exec() () at /usr/lib64/libQt5Core.so.5
#7  0x00007fd9edf85525 in  () at /usr/lib64/libQt5DBus.so.5
#8  0x00007fd9ed2ddf1c in  () at /usr/lib64/libQt5Core.so.5
#9  0x00007fd9ecaa761c in start_thread (arg=<optimized out>) at pthread_create.c:444
#10 0x00007fd9ecb2eaa8 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Thread 1 (Thread 0x7fd9ec43ad00 (LWP 16142)):
#0  0x00007fd9ee9ef0a7 in QCA::Botan::MemoryRegion<unsigned char>::deallocate(unsigned char*, unsigned int) const (this=0x562bf2619a60, n=17, p=0x562bf26054d0 "") at /usr/src/debug/qca-qt5-2.3.9-lp156.33.1.x86_64/src/botantools/botan/botan/secmem.h:188
#1  QCA::Botan::MemoryRegion<unsigned char>::~MemoryRegion() (this=0x562bf2619a60, __in_chrg=<optimized out>) at /usr/src/debug/qca-qt5-2.3.9-lp156.33.1.x86_64/src/botantools/botan/botan/secmem.h:157
#2  QCA::Botan::SecureVector<unsigned char>::~SecureVector() (this=0x562bf2619a60, __in_chrg=<optimized out>) at /usr/src/debug/qca-qt5-2.3.9-lp156.33.1.x86_64/src/botantools/botan/botan/secmem.h:299
#3  QCA::ai_delete(QCA::alloc_info*) (ai=<optimized out>) at /usr/src/debug/qca-qt5-2.3.9-lp156.33.1.x86_64/src/qca_tools.cpp:335
#4  0x00007fd9ee9f1bf0 in QCA::MemoryRegion::Private::~Private() (this=0x562bf2619a20, __in_chrg=<optimized out>) at /usr/src/debug/qca-qt5-2.3.9-lp156.33.1.x86_64/src/qca_tools.cpp:370
#5  QSharedDataPointer<QCA::MemoryRegion::Private>::~QSharedDataPointer() (this=<optimized out>, __in_chrg=<optimized out>) at /usr/include/qt5/QtCore/qshareddata.h:93
#6  0x0000562bf2202308 in QCA::SymmetricKey::~SymmetricKey() (this=<optimized out>, __in_chrg=<optimized out>) at /usr/include/qt5/Qca-qt5/QtCrypto/qca_core.h:1263
#7  KWalletFreedesktopSessionAlgorithmDhAes::~KWalletFreedesktopSessionAlgorithmDhAes() (this=0x562bf26198e0, __in_chrg=<optimized out>) at /usr/src/debug/kwallet-5.116.0-lp156.312.2.x86_64/src/runtime/kwalletd/kwalletfreedesktopsession.h:79
#8  KWalletFreedesktopSessionAlgorithmDhAes::~KWalletFreedesktopSessionAlgorithmDhAes() (this=0x562bf26198e0, __in_chrg=<optimized out>) at /usr/src/debug/kwallet-5.116.0-lp156.312.2.x86_64/src/runtime/kwalletd/kwalletfreedesktopsession.h:79
#9  0x0000562bf2202261 in std::default_delete<KWalletFreedesktopSessionAlgorithm>::operator()(KWalletFreedesktopSessionAlgorithm*) const (this=<optimized out>, __ptr=<optimized out>) at /usr/include/c++/7/bits/unique_ptr.h:78
#10 std::unique_ptr<KWalletFreedesktopSessionAlgorithm, std::default_delete<KWalletFreedesktopSessionAlgorithm> >::~unique_ptr() (this=0x562bf26053c0, __in_chrg=<optimized out>) at /usr/include/c++/7/bits/unique_ptr.h:263
#11 KWalletFreedesktopSession::~KWalletFreedesktopSession() (this=0x562bf26053a0, __in_chrg=<optimized out>) at /usr/src/debug/kwallet-5.116.0-lp156.312.2.x86_64/src/runtime/kwalletd/kwalletfreedesktopsession.h:29
#12 KWalletFreedesktopSession::~KWalletFreedesktopSession() (this=0x562bf26053a0, __in_chrg=<optimized out>) at /usr/src/debug/kwallet-5.116.0-lp156.312.2.x86_64/src/runtime/kwalletd/kwalletfreedesktopsession.h:29
#13 0x0000562bf21fd8b8 in std::default_delete<KWalletFreedesktopSession>::operator()(KWalletFreedesktopSession*) const (this=<optimized out>, __ptr=<optimized out>) at /usr/include/c++/7/bits/unique_ptr.h:78
#14 std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> >::~unique_ptr() (this=0x562bf2616c58, __in_chrg=<optimized out>) at /usr/include/c++/7/bits/unique_ptr.h:263
#15 std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > >::~pair() (this=0x562bf2616c50, __in_chrg=<optimized out>) at /usr/include/c++/7/bits/stl_pair.h:208
#16 __gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > > >::destroy<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > >(std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > >*) (this=<optimized out>, __p=<optimized out>) at /usr/include/c++/7/ext/new_allocator.h:140
#17 std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > > > >::destroy<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > >(std::allocator<std::_Rb_tree_node<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > > >&, std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > >*) (__a=<optimized out>, __p=<optimized out>) at /usr/include/c++/7/bits/alloc_traits.h:487
#18 std::_Rb_tree<QString, std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > >, std::_Select1st<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > >, std::less<QString>, std::allocator<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > > >::_M_destroy_node(std::_Rb_tree_node<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > >*) (this=0x562bf29db4c8, __p=0x562bf2616c30) at /usr/include/c++/7/bits/stl_tree.h:650
#19 std::_Rb_tree<QString, std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > >, std::_Select1st<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > >, std::less<QString>, std::allocator<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > > >::_M_drop_node(std::_Rb_tree_node<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > >*) (this=0x562bf29db4c8, __p=0x562bf2616c30) at /usr/include/c++/7/bits/stl_tree.h:658
#20 std::_Rb_tree<QString, std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > >, std::_Select1st<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > >, std::less<QString>, std::allocator<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > > >::_M_erase(std::_Rb_tree_node<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > >*) (this=this@entry=0x562bf29db4c8, __x=0x562bf2616c30) at /usr/include/c++/7/bits/stl_tree.h:1858
#21 0x0000562bf21fd8a5 in std::_Rb_tree<QString, std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > >, std::_Select1st<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > >, std::less<QString>, std::allocator<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > > >::_M_erase(std::_Rb_tree_node<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > >*) (this=this@entry=0x562bf29db4c8, __x=0x562bf2615c80) at /usr/include/c++/7/bits/stl_tree.h:1856
#22 0x0000562bf21f9b64 in std::_Rb_tree<QString, std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > >, std::_Select1st<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > >, std::less<QString>, std::allocator<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > > >::~_Rb_tree() (this=0x562bf29db4c8, __in_chrg=<optimized out>) at /usr/include/c++/7/bits/stl_tree.h:949
#23 std::map<QString, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> >, std::less<QString>, std::allocator<std::pair<QString const, std::unique_ptr<KWalletFreedesktopSession, std::default_delete<KWalletFreedesktopSession> > > > >::~map() (this=0x562bf29db4c8, __in_chrg=<optimized out>) at /usr/include/c++/7/bits/stl_map.h:294
#24 KWalletFreedesktopService::~KWalletFreedesktopService() (this=0x562bf29db4b0, __in_chrg=<optimized out>) at /usr/src/debug/kwallet-5.116.0-lp156.312.2.x86_64/src/runtime/kwalletd/kwalletfreedesktopservice.h:110
#25 0x0000562bf21f9b89 in KWalletFreedesktopService::~KWalletFreedesktopService() (this=0x562bf29db4b0, __in_chrg=<optimized out>) at /usr/src/debug/kwallet-5.116.0-lp156.312.2.x86_64/src/runtime/kwalletd/kwalletfreedesktopservice.h:110
#26 0x0000562bf21e40c3 in std::default_delete<KWalletFreedesktopService>::operator()(KWalletFreedesktopService*) const (this=<optimized out>, __ptr=<optimized out>) at /usr/include/c++/7/bits/unique_ptr.h:78
#27 std::unique_ptr<KWalletFreedesktopService, std::default_delete<KWalletFreedesktopService> >::~unique_ptr() (this=0x7ffcff8f0248, __in_chrg=<optimized out>) at /usr/include/c++/7/bits/unique_ptr.h:263
#28 KWalletD::~KWalletD() (this=0x7ffcff8f0190, __in_chrg=<optimized out>) at /usr/src/debug/kwallet-5.116.0-lp156.312.2.x86_64/src/runtime/kwalletd/kwalletd.cpp:195
#29 0x0000562bf21dbaf4 in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kwallet-5.116.0-lp156.312.2.x86_64/src/runtime/kwalletd/main.cpp:205
Warning: the current language does not match this frame.
(gdb) quit


Reproducible: Always

Actual Results:  
crashes with core files

Expected Results:  
no crashes, no core files
Comment 1 Vadim Krevs 2024-07-24 18:07:30 UTC 
Created attachment 876244 [details]
gdb stack trace from the core file
Comment 2 Vadim Krevs 2024-07-24 18:07:49 UTC 
See also https://bugs.kde.org/show_bug.cgi?id=490788
Comment 3 Fabian Vogt 2024-07-24 19:01:25 UTC 
Looks like it crashes on exit due to memory corruption. Do the crash timestamps line up with logouts?

Please try

qdbus-qt5 org.kde.kwalletd5 /MainApplication org.qtproject.Qt.QCoreApplication.exit

then start kwalletd5 in valgrind:

valgrind kwalletd5

When it started up, use kwalletmanager5 to confirm that it's working and use

qdbus-qt5 org.kde.kwalletd5 /MainApplication org.qtproject.Qt.QCoreApplication.exit

to cause it to exit. valgrind should have useful complaints.
Comment 4 Vadim Krevs 2024-07-25 07:09:42 UTC 
Hmm...
$ qdbus-qt5 org.kde.kwalletd5 /MainApplication org.qtproject.Qt.QCoreApplication.exit
Error: org.freedesktop.DBus.Error.UnknownMethod
No such method 'exit' in interface 'org.qtproject.Qt.QCoreApplication' at object path '/MainApplication' (signature '')
Comment 5 Vadim Krevs 2024-07-25 07:14:43 UTC 
qdbus-qt5 org.kde.kwalletd5 /MainApplication org.qtproject.Qt.QCoreApplication.quit - this works.

$ valgrind --tool=memcheck --num-callers=30 --leak-check=full --leak-resolution=med --trace-children=yes  kwalletd5 
==3287== Memcheck, a memory error detector
==3287== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==3287== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info
==3287== Command: kwalletd5
==3287== 
kf.wallet.kwalletd: Lacking a socket, pipe: 0 env: 0
==3287== realloc() with size 0
==3287==    at 0x48489BC: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3287==    by 0x16A0FC1F: ??? (in /usr/lib64/libnvidia-glcore.so.550.100)
==3287==    by 0xE455986: ??? (in /usr/lib64/libGLX_nvidia.so.550.100)
==3287==    by 0xE4AF6D1: ??? (in /usr/lib64/libGLX_nvidia.so.550.100)
==3287==    by 0xE455012: ??? (in /usr/lib64/libGLX_nvidia.so.550.100)
==3287==  Address 0xa463090 is 0 bytes after a block of size 0 alloc'd
==3287==    at 0x4841744: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3287==    by 0x16A0FC0F: ??? (in /usr/lib64/libnvidia-glcore.so.550.100)
==3287==    by 0xE455986: ??? (in /usr/lib64/libGLX_nvidia.so.550.100)
==3287==    by 0xE4AF6D1: ??? (in /usr/lib64/libGLX_nvidia.so.550.100)
==3287==    by 0xE455012: ??? (in /usr/lib64/libGLX_nvidia.so.550.100)
==3287== 
==3287== posix_memalign() invalid size value: 0
==3287==    at 0x4849127: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3287==    by 0x16A0FC55: ??? (in /usr/lib64/libnvidia-glcore.so.550.100)
==3287==    by 0xE455986: ??? (in /usr/lib64/libGLX_nvidia.so.550.100)
==3287==    by 0xE4AF6D1: ??? (in /usr/lib64/libGLX_nvidia.so.550.100)
==3287==    by 0xE455012: ??? (in /usr/lib64/libGLX_nvidia.so.550.100)
==3287== 
==3287== Conditional jump or move depends on uninitialised value(s)
==3287==    at 0xE0F8B1C: ???
==3287==    by 0x1217ADD7: ???
==3287== 
==3287== Conditional jump or move depends on uninitialised value(s)
==3287==    at 0xE0F8B1C: ???
==3287==    by 0x12053657: ???
==3287== 
==3287== Conditional jump or move depends on uninitialised value(s)
==3287==    at 0xE0F8B1C: ???
==3287==    by 0x12053837: ???
==3287== 
==3287== 
==3287== HEAP SUMMARY:
==3287==     in use at exit: 366,268 bytes in 1,801 blocks
==3287==   total heap usage: 417,462 allocs, 415,661 frees, 8,090,189,624 bytes allocated
==3287== 
==3287== 1,687 (184 direct, 1,503 indirect) bytes in 1 blocks are definitely lost in loss record 357 of 382
==3287==    at 0x4848791: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3287==    by 0x6FB65B4: ??? (in /usr/lib64/libdbus-1.so.3.19.4)
==3287==    by 0x6FBB55A: _dbus_message_loader_queue_messages (in /usr/lib64/libdbus-1.so.3.19.4)
==3287==    by 0x6FC406F: ??? (in /usr/lib64/libdbus-1.so.3.19.4)
==3287==    by 0x6FC4165: ??? (in /usr/lib64/libdbus-1.so.3.19.4)
==3287==    by 0x6FC4C9E: ??? (in /usr/lib64/libdbus-1.so.3.19.4)
==3287==    by 0x6FC5407: ??? (in /usr/lib64/libdbus-1.so.3.19.4)
==3287==    by 0x6FC3EBC: ??? (in /usr/lib64/libdbus-1.so.3.19.4)
==3287==    by 0x6FAC4BB: ??? (in /usr/lib64/libdbus-1.so.3.19.4)
==3287==    by 0x6FACE6C: ??? (in /usr/lib64/libdbus-1.so.3.19.4)
==3287==    by 0x6FAD42D: dbus_connection_send_with_reply_and_block (in /usr/lib64/libdbus-1.so.3.19.4)
==3287==    by 0x6FA929A: dbus_bus_register (in /usr/lib64/libdbus-1.so.3.19.4)
==3287==    by 0x6FA94CA: ??? (in /usr/lib64/libdbus-1.so.3.19.4)
==3287==    by 0x16A79B0E: ???
==3287==    by 0x16A8C512: ???
==3287==    by 0x16A8CB07: ???
==3287==    by 0x16F7045C: ???
==3287==    by 0x16A17723: ???
==3287==    by 0x16A1F76A: ???
==3287==    by 0xE459143: ???
==3287==    by 0xE459287: ???
==3287==    by 0xE483F07: ???
==3287==    by 0xE478785: ???
==3287==    by 0x80B7B5B: ??? (in /usr/lib64/libGLX.so.0.0.0)
==3287==    by 0xD9CBF65: ??? (in /usr/lib64/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
==3287==    by 0xD9C9426: ??? (in /usr/lib64/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
==3287==    by 0x8C52E0A: QXcbIntegration::createPlatformOpenGLContext(QOpenGLContext*) const (in /usr/lib64/libQt5XcbQpa.so.5.15.12)
==3287==    by 0x5650CAE: QOpenGLContext::create() (in /usr/lib64/libQt5Gui.so.5.15.12)
==3287==    by 0x8979CEF: ??? (in /usr/lib64/qt5/plugins/platformthemes/KDEPlasmaPlatformTheme.so)
==3287==    by 0x60AD9A6: QCoreApplicationPrivate::init() (in /usr/lib64/libQt5Core.so.5.15.12)
==3287== 
==3287== LEAK SUMMARY:
==3287==    definitely lost: 184 bytes in 1 blocks
==3287==    indirectly lost: 1,503 bytes in 2 blocks
==3287==      possibly lost: 0 bytes in 0 blocks
==3287==    still reachable: 362,565 bytes in 1,777 blocks
==3287==         suppressed: 0 bytes in 0 blocks
==3287== Reachable blocks (those to which a pointer was found) are not shown.
==3287== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==3287== 
==3287== Use --track-origins=yes to see where uninitialised values come from
==3287== For lists of detected and suppressed errors, rerun with: -s
==3287== ERROR SUMMARY: 8 errors from 6 contexts (suppressed: 0 from 0)
Comment 6 Vadim Krevs 2024-07-25 07:24:31 UTC 
Logging out does not seem to trigger the crash.
Comment 7 Fabian Vogt 2024-07-25 08:31:46 UTC 
That valgrind report looks harmless, no crash there.

Unfortunately there's not much that can be done here until we get a proper valgrind report with a proper error. It would be helpful if you figure out a way to get it to crash more reliably.
Comment 8 Vadim Krevs 2024-07-25 17:09:38 UTC 
(In reply to Vadim Krevs from comment #6)
> Logging out does not seem to trigger the crash.

Actually, I was wrong. Almost every other logout triggers this crash. Curiously, another user account on the same machine can logout without dumping core. Logging into each user account auto-launches skype, which stores its password in the kwallet but logging out causes a crash only from one user account.

I have attempted to rename kwalletd5 and replace it with a shell script that launches the renamed executable under valgrind passing all parameters, etc and redirecting output to a temp file. No more core files (as it usually happens when running things under valgrind obviously) and valgrind logs do not contain anything useful.

Fabian - is there anything else you can think of to try to investigate this further?
Comment 9 Fabian Vogt 2024-07-25 17:23:00 UTC 
(In reply to Vadim Krevs from comment #8)
> (In reply to Vadim Krevs from comment #6)
> > Logging out does not seem to trigger the crash.
> 
> Actually, I was wrong. Almost every other logout triggers this crash.
> Curiously, another user account on the same machine can logout without
> dumping core. Logging into each user account auto-launches skype, which
> stores its password in the kwallet but logging out causes a crash only from
> one user account.
> 
> I have attempted to rename kwalletd5 and replace it with a shell script that
> launches the renamed executable under valgrind passing all parameters, etc
> and redirecting output to a temp file. No more core files (as it usually
> happens when running things under valgrind obviously) and valgrind logs do
> not contain anything useful.
>
> Fabian - is there anything else you can think of to try to investigate this
> further?

Not much. Do the various crashes have different backtraces?

What the cause of a crash, is it a wild or null pointer? ("p *this" in gdb should show)
Comment 10 Vadim Krevs 2024-07-25 18:27:59 UTC 
(In reply to Fabian Vogt from comment #9)
> (In reply to Vadim Krevs from comment #8)
> > (In reply to Vadim Krevs from comment #6)
> > > Logging out does not seem to trigger the crash.
> > 
> > Actually, I was wrong. Almost every other logout triggers this crash.
> > Curiously, another user account on the same machine can logout without
> > dumping core. Logging into each user account auto-launches skype, which
> > stores its password in the kwallet but logging out causes a crash only from
> > one user account.
> > 
> > I have attempted to rename kwalletd5 and replace it with a shell script that
> > launches the renamed executable under valgrind passing all parameters, etc
> > and redirecting output to a temp file. No more core files (as it usually
> > happens when running things under valgrind obviously) and valgrind logs do
> > not contain anything useful.
> >
> > Fabian - is there anything else you can think of to try to investigate this
> > further?
> 
> Not much. Do the various crashes have different backtraces?
> 
> What the cause of a crash, is it a wild or null pointer? ("p *this" in gdb
> should show)

Same backtraces in all dumps.

(gdb) where
#0  0x00007f23b73e10a7 in QCA::Botan::MemoryRegion<unsigned char>::deallocate(unsigned char*, unsigned int) const (this=0x557c0c46a930, n=17, p=0x557c0c35a590 "") at /usr/src/debug/qca-qt5-2.3.9-lp156.33.1.x86_64/src/botantools/botan/botan/secmem.h:188
...
(gdb) p this
$1 = (const QCA::Botan::MemoryRegion<unsigned char> * const) 0x557c0c46a930
(gdb) p *this
$2 = {buf = 0x557c0c35a590 "", used = 17, allocated = 17, alloc = 0x557c0c4e1370}
(gdb)
Comment 11 Fabian Vogt 2024-07-25 18:54:54 UTC 
(In reply to Vadim Krevs from comment #10)
> (In reply to Fabian Vogt from comment #9)
> > (In reply to Vadim Krevs from comment #8)
> > > (In reply to Vadim Krevs from comment #6)
> > > > Logging out does not seem to trigger the crash.
> > > 
> > > Actually, I was wrong. Almost every other logout triggers this crash.
> > > Curiously, another user account on the same machine can logout without
> > > dumping core. Logging into each user account auto-launches skype, which
> > > stores its password in the kwallet but logging out causes a crash only from
> > > one user account.
> > > 
> > > I have attempted to rename kwalletd5 and replace it with a shell script that
> > > launches the renamed executable under valgrind passing all parameters, etc
> > > and redirecting output to a temp file. No more core files (as it usually
> > > happens when running things under valgrind obviously) and valgrind logs do
> > > not contain anything useful.
> > >
> > > Fabian - is there anything else you can think of to try to investigate this
> > > further?
> > 
> > Not much. Do the various crashes have different backtraces?
> > 
> > What the cause of a crash, is it a wild or null pointer? ("p *this" in gdb
> > should show)
> 
> Same backtraces in all dumps.
> 
> (gdb) where
> #0  0x00007f23b73e10a7 in QCA::Botan::MemoryRegion<unsigned
> char>::deallocate(unsigned char*, unsigned int) const (this=0x557c0c46a930,
> n=17, p=0x557c0c35a590 "") at
> /usr/src/debug/qca-qt5-2.3.9-lp156.33.1.x86_64/src/botantools/botan/botan/
> secmem.h:188
> ...
> (gdb) p this
> $1 = (const QCA::Botan::MemoryRegion<unsigned char> * const) 0x557c0c46a930
> (gdb) p *this
> $2 = {buf = 0x557c0c35a590 "", used = 17, allocated = 17, alloc =
> 0x557c0c4e1370}
> (gdb)

What's *this->alloc in that case? Does it fault or return null or invalid pointers?
Comment 12 Vadim Krevs 2024-07-25 19:50:17 UTC 
(In reply to Fabian Vogt from comment #11)
> (In reply to Vadim Krevs from comment #10)
> > (In reply to Fabian Vogt from comment #9)
> > > (In reply to Vadim Krevs from comment #8)
> > > > (In reply to Vadim Krevs from comment #6)
> > > > > Logging out does not seem to trigger the crash.
> > > > 
> > > > Actually, I was wrong. Almost every other logout triggers this crash.
> > > > Curiously, another user account on the same machine can logout without
> > > > dumping core. Logging into each user account auto-launches skype, which
> > > > stores its password in the kwallet but logging out causes a crash only from
> > > > one user account.
> > > > 
> > > > I have attempted to rename kwalletd5 and replace it with a shell script that
> > > > launches the renamed executable under valgrind passing all parameters, etc
> > > > and redirecting output to a temp file. No more core files (as it usually
> > > > happens when running things under valgrind obviously) and valgrind logs do
> > > > not contain anything useful.
> > > >
> > > > Fabian - is there anything else you can think of to try to investigate this
> > > > further?
> > > 
> > > Not much. Do the various crashes have different backtraces?
> > > 
> > > What the cause of a crash, is it a wild or null pointer? ("p *this" in gdb
> > > should show)
> > 
> > Same backtraces in all dumps.
> > 
> > (gdb) where
> > #0  0x00007f23b73e10a7 in QCA::Botan::MemoryRegion<unsigned
> > char>::deallocate(unsigned char*, unsigned int) const (this=0x557c0c46a930,
> > n=17, p=0x557c0c35a590 "") at
> > /usr/src/debug/qca-qt5-2.3.9-lp156.33.1.x86_64/src/botantools/botan/botan/
> > secmem.h:188
> > ...
> > (gdb) p this
> > $1 = (const QCA::Botan::MemoryRegion<unsigned char> * const) 0x557c0c46a930
> > (gdb) p *this
> > $2 = {buf = 0x557c0c35a590 "", used = 17, allocated = 17, alloc =
> > 0x557c0c4e1370}
> > (gdb)
> 
> What's *this->alloc in that case? Does it fault or return null or invalid
> pointers?

(gdb) p *this->alloc
$4 = {_vptr.Allocator = 0x562bf278c}