Bug 142940

Summary: Callgrind: context.c:289 (vgCallgrind_push_cxt): Assertion 'cs->entry[cs->sp].cxt == 0' failed.
Product: [Developer tools] valgrind Reporter: Bill King <bill.king>
Component: callgrindAssignee: Josef Weidendorfer <josef.weidendorfer>
Status: RESOLVED WORKSFORME    
Severity: crash CC: njn
Priority: NOR Keywords: investigated, triaged
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: Last 1000 lines of callgrind output

Description Bill King 2007-03-14 04:06:54 UTC 
Version:           valgrind-3.2.1 (using KDE KDE 3.5.5)
Installed from:    SuSE RPMs
Compiler:          gcc version 4.1.2 20061115 (prerelease) (SUSE Linux) 
OS:                Linux

uname -a
Linux heracles 2.6.18.2-34-default #1 SMP Mon Nov 27 11:46:27 UTC 2006 i686 i686 i386 GNU/Linux
(OpenSuse 10.2)

valgrind --tool=callgrind -v bin/qpe
==27131== Callgrind, a call-graph generating cache profiler.
==27131== Copyright (C) 2002-2006, and GNU GPL'd, by Josef Weidendorfer et al.
==27131== Using LibVEX rev 1658, a library for dynamic binary translation.
==27131== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP.
==27131== Using valgrind-3.2.2.SVN, a dynamic binary instrumentation framework.
==27131== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al.
==27131==
--27131-- Command line
--27131--    bin/qpe
--27131-- Startup, with flags:
--27131--    --tool=callgrind
--27131--    -v
--27131-- Contents of /proc/version:
--27131--   Linux version 2.6.18.2-34-default (geeko@buildhost) (gcc version 4.1.2 20061115 (prerelease) (SUSE Linux)) #1 SMP Mon Nov 27 11:46:27 UTC 2006
--27131-- Arch and hwcaps: X86, x86-sse1-sse2
--27131-- Valgrind library directory: /usr/lib/valgrind
==27131== For interactive control, run 'callgrind_control -h'.
--27131-- Reading syms from /lib/ld-2.5.so (0x4000000)
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/bin/qpe (0x8048000)
--27131-- Reading syms from /usr/lib/valgrind/x86-linux/callgrind (0x38000000)
--27131--    object doesn't have a symbol table
--27131--    object doesn't have a dynamic symbol table
--27131-- Code check found runtime_resolve: ld-2.5.so +0x13350=0x4013350, length 24
--27131-- Reading syms from /usr/lib/valgrind/x86-linux/vgpreload_core.so (0x401E000)
--27131--    object doesn't have a symbol table
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/lib/libQtSvg.so.4.4.0 (0x4021000)
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/lib/libQtSql.so.4.4.0 (0x4081000)
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/lib/libQtXml.so.4.4.0 (0x4122000)
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/lib/libQtGui.so.4.4.0 (0x4196000)
--27131-- Reading syms from /usr/lib/libpng12.so.0.12.0 (0x4A0B000)
--27131--    object doesn't have a symbol table
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/lib/libQtNetwork.so.4.4.0 (0x4A2F000)
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/lib/libQtCore.so.4.4.0 (0x4A8F000)
--27131-- Reading syms from /lib/libz.so.1.2.3 (0x4CC9000)
--27131--    object doesn't have a symbol table
--27131-- Reading syms from /lib/librt-2.5.so (0x4CDC000)
--27131-- Reading syms from /lib/libpthread-2.5.so (0x4CE6000)
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/lib/libqtopiabase.so.4.3.0 (0x4CFE000)
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/lib/libqtopia.so.4.0.0 (0x4DC3000)
--27131-- Reading syms from /usr/lib/libasound.so.2.0.0 (0x50B4000)
--27131--    object doesn't have a symbol table
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/lib/libqtopiaphone.so.4.3.0 (0x5168000)
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/lib/libqtopiapim.so.4.0.0 (0x5223000)
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/lib/libopenobex.so.1.0.0 (0x534A000)
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/lib/libqtopiacomm.so.4.3.0 (0x5354000)
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/lib/libqtopiaphonemodem.so.4.3.0 (0x5439000)
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/lib/libqtopiasecurity.so.4.0.0 (0x54B4000)
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/lib/libmd5.so.1.0.0 (0x54D4000)
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/lib/libinputmatch.so.4.3.0 (0x54D7000)
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/lib/libssl.so.0.9.8 (0x5502000)
--27131-- Reading syms from /lib/libdl-2.5.so (0x5548000)
--27131-- Reading syms from /home/bking/build/qtopia/main-phone/image/lib/libcrypto.so.0.9.8 (0x554C000)
--27131-- Reading syms from /usr/lib/libstdc++.so.6.0.8 (0x56A3000)
--27131--    object doesn't have a symbol table
--27131-- Reading syms from /lib/libm-2.5.so (0x5787000)
--27131-- Reading syms from /lib/libgcc_s.so.1 (0x57AD000)
--27131--    object doesn't have a symbol table
--27131-- Reading syms from /lib/libc-2.5.so (0x57B9000)
--27131-- Symbol match: found runtime_resolve: ld-2.5.so +0x13350=0x4013350

(none)
BB# 38988294

Callgrind: context.c:289 (vgCallgrind_push_cxt): Assertion 'cs->entry[cs->sp].cxt == 0' failed.
==27131==    at 0x38019C05: (within /usr/lib/valgrind/x86-linux/callgrind)
==27131==    by 0x38019F2F: (within /usr/lib/valgrind/x86-linux/callgrind)
==27131==    by 0x38012AD1: (within /usr/lib/valgrind/x86-linux/callgrind)
==27131==    by 0x38017F84: (within /usr/lib/valgrind/x86-linux/callgrind)
==27131==    by 0x38026539: (within /usr/lib/valgrind/x86-linux/callgrind)
==27131==    by 0x380279D3: (within /usr/lib/valgrind/x86-linux/callgrind)
==27131==    by 0x380253FF: (within /usr/lib/valgrind/x86-linux/callgrind)
==27131==    by 0x626913CB: ???

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable
==27131==    at 0x5879D7B: semop (in /lib/libc-2.5.so)
==27131==    by 0x4D7DC05: QSystemReadWriteLock::lockForRead(int) (qsystemlock.cpp:216)
==27131==    by 0x4D51996: ApplicationLayer::item(unsigned, QByteArray const&) (applayer.cpp:2698)
==27131==    by 0x4D852E7: QValueSpaceItemPrivateData::QValueSpaceItemPrivateData(QByteArray const&) (qvaluespace.cpp:499)
==27131==    by 0x4D80F79: QValueSpaceItem::QValueSpaceItem(char const*, QObject*) (qvaluespace.cpp:1072)
==27131==    by 0x81B8EA8: DeviceButtonTask::DeviceButtonTask() (devicebuttontask.cpp:41)
==27131==    by 0x81B8FCD: _task_install_create_DeviceButton(void*) (devicebuttontask.cpp:122)
==27131==    by 0x81A9E9D: QtopiaServerTasksPrivate::startTask(QtopiaServerTasksPrivate::Task*, bool) (qtopiaserverapplication.cpp:1056)
==27131==    by 0x81ACFDD: QtopiaServerApplication::startup(int&, char**, QList<QByteArray> const&) (qtopiaserverapplication.cpp:1181)
==27131==    by 0x817E3FF: initApplication(int, char**) (main.cpp:460)
==27131==    by 0x817F17D: main (main.cpp:581)

Thread 2: status = VgTs_WaitSys
==27131==    at 0x5871A41: (within /lib/libc-2.5.so)
==27131==    by 0x4BC1EC4: QEventDispatcherUNIXPrivate::doSelect(QFlags<QEventLoop::ProcessEventsFlag>, timeval*) (qeventdispatcher_unix.cpp:118)
==27131==    by 0x4BC24D3: QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_unix.cpp:850)
==27131==    by 0x4B91E43: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:116)
==27131==    by 0x4B91FC5: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:158)
==27131==    by 0x4AC8DC2: QThread::exec() (qthread.cpp:407)
==27131==    by 0x4F578EA: QContentStoreServerTask::run() (qcontentstoreserver.cpp:459)
==27131==    by 0x4ACD146: QThreadPrivate::start(void*) (qthread_unix.cpp:154)
==27131==    by 0x4CEB111: start_thread (in /lib/libpthread-2.5.so)
==27131==    by 0x58782ED: clone (in /lib/libc-2.5.so)

Thread 3: status = VgTs_WaitSys
==27131==    at 0x5871A41: (within /lib/libc-2.5.so)
==27131==    by 0x4BC1EC4: QEventDispatcherUNIXPrivate::doSelect(QFlags<QEventLoop::ProcessEventsFlag>, timeval*) (qeventdispatcher_unix.cpp:118)
==27131==    by 0x4BC24D3: QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_unix.cpp:850)
==27131==    by 0x4B91E43: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:116)
==27131==    by 0x4B91FC5: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:158)
==27131==    by 0x4AC8DC2: QThread::exec() (qthread.cpp:407)
==27131==    by 0x4F4E4AC: QCategoryStoreServerTask::run() (qcategorystoreserver.cpp:142)
==27131==    by 0x4ACD146: QThreadPrivate::start(void*) (qthread_unix.cpp:154)
==27131==    by 0x4CEB111: start_thread (in /lib/libpthread-2.5.so)
==27131==    by 0x58782ED: clone (in /lib/libc-2.5.so)

Thread 4: status = VgTs_WaitSys
==27131==    at 0x5871A41: (within /lib/libc-2.5.so)
==27131==    by 0x4BC1EC4: QEventDispatcherUNIXPrivate::doSelect(QFlags<QEventLoop::ProcessEventsFlag>, timeval*) (qeventdispatcher_unix.cpp:118)
==27131==    by 0x4BC24D3: QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_unix.cpp:850)
==27131==    by 0x4B91E43: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:116)
==27131==    by 0x4B91FC5: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:158)
==27131==    by 0x4AC8DC2: QThread::exec() (qthread.cpp:407)
==27131==    by 0x4B792EB: QInotifyFileSystemWatcherEngine::run() (qfilesystemwatcher_inotify.cpp:169)
==27131==    by 0x4ACD146: QThreadPrivate::start(void*) (qthread_unix.cpp:154)
==27131==    by 0x4CEB111: start_thread (in /lib/libpthread-2.5.so)
==27131==    by 0x58782ED: clone (in /lib/libc-2.5.so)

Thread 5: status = VgTs_WaitSys
==27131==    at 0x5871A41: (within /lib/libc-2.5.so)
==27131==    by 0x4ACD146: QThreadPrivate::start(void*) (qthread_unix.cpp:154)
==27131==    by 0x4CEB111: start_thread (in /lib/libpthread-2.5.so)
==27131==    by 0x58782ED: clone (in /lib/libc-2.5.so)

Thread 6: status = VgTs_WaitSys
==27131==    at 0x5871A41: (within /lib/libc-2.5.so)
==27131==    by 0x4BC1EC4: QEventDispatcherUNIXPrivate::doSelect(QFlags<QEventLoop::ProcessEventsFlag>, timeval*) (qeventdispatcher_unix.cpp:118)
==27131==    by 0x4BC24D3: QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_unix.cpp:850)
==27131==    by 0x4B91E43: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:116)
==27131==    by 0x4B91FC5: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:158)
==27131==    by 0x4AC8DC2: QThread::exec() (qthread.cpp:407)
==27131==    by 0x54BFB6F: SecurityMonitor::run() (monitor.cpp:154)
==27131==    by 0x4ACD146: QThreadPrivate::start(void*) (qthread_unix.cpp:154)
==27131==    by 0x4CEB111: start_thread (in /lib/libpthread-2.5.so)
==27131==    by 0x58782ED: clone (in /lib/libc-2.5.so)

Thread 8: status = VgTs_Runnable
==27131==    at 0x58782D8: clone (in /lib/libc-2.5.so)

Also happens with valgrind 3.2.3 source from website. tool=memcheck runs fine over the same code.
Comment 1 Josef Weidendorfer 2007-03-14 18:07:30 UTC 
This means that there is something wrong about the logic
generating a new execution context (with e.g. the call chain).
Event counters to collect are attached to these contexts.

Looking at your case, it could be that there is a problem when
a lot of thread switching is involved. However, this needs more
details.

Can you try to come up with the last few hundred lines of debug output
you get with

  valgrind --tool=callgrind --ct-verbose=6 --ct-vstart=38500000 ...

The 38500000 talks about when to start with the debug output, it is
the number of basic blocks (BB) already executed, and the assertion
in your case failed at BB 38988294. However, this only works if your
code is roughly deterministic; and expect _huge_ quantities of
output :-)

Of course, it would be even better if you can come up with a small
test case. A binary to send me in private would be enough, but I
suspect I also would need all the .so's?
Comment 2 Bill King 2007-03-15 01:17:44 UTC 
Yep, all sorts of pain getting the environment set up. I'm not sure it could actually be pulled off in our sdk environment either. Seems to be an opensuse/version of libc/version of gcc bug, as suse9.3 wasn't suffering from the same issues on the same codebase. Will attach the last 1000 lines, have about 5.2G of output if you want more :)
Comment 3 Bill King 2007-03-15 01:19:02 UTC 
Created attachment 19980 [details]
Last 1000 lines of callgrind output
Comment 4 Josef Weidendorfer 2007-03-15 19:31:41 UTC 
> ...
> - get_bbcc(BB 0x40008B0): BBCC 0x68A3C0C0
> >> pre_signal(TID 1, sig 11, alt_st no)
>   cxtinfo_save(sig 0): collect Yes, jmps_passed 1

Oh. There is a segmentation fault happening in setup_bbcc(), after
the call to get_bbcc().
I think I have to come up with a patch adding a few assertions and
debug output at this place ...

It is really bad that you can not use a debugger for a valgrind tool,
as valgrind itself uses segfaults itself quite often :-(

BTW, this can not be some corruption done by your code? Ie, memcheck
runs cleanly?
Comment 5 Bill King 2007-03-15 23:13:32 UTC 
Aye, memcheck and cachegrind run through cleanly.
Comment 6 Nicholas Nethercote 2009-06-30 04:28:04 UTC 
Josef, any ideas here?
Comment 7 Josef Weidendorfer 2009-06-30 12:05:19 UTC 
Unfortunately not. It would be a lot easier if I could reproduce it.
Remote printf-Debugging is difficult.
Comment 8 Nicholas Nethercote 2009-07-01 03:56:48 UTC 
I'm closing crashing and similar bugs that are more than two years old.  If
you still see this problem with Valgrind 3.4.1 please reopen the bug report.
Thanks.
Comment 9 Bill King 2009-07-01 04:05:35 UTC 
The qtopia product, while open source now, has been discontinued. So, it's up to you guys :) I can direct whoever wants to the source code, if they feel inclined, but I'd be sure I'm unable to replicate this any more (code has moved on, as has valgrind).
Comment 10 Andrew Crouthamel 2018-09-19 04:39:17 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information.

For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please mark the bug as REPORTED so that the KDE team knows that the bug is ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 11 Bug Janitor Service 2018-11-12 16:03:01 UTC 
This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!