Bug 304148

Summary: Konsole 4.8.4 crashed in CompactHistoryLine
Product: [Applications] konsole Reporter: Matt Whitlock <kde>
Component: historyAssignee: Konsole Developer <konsole-devel>
Status: RESOLVED WORKSFORME    
Severity: crash CC: andrew.crouthamel, ciaran.gillespie, cpigat242
Priority: NOR    
Version: 2.8.4   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Patch for History.h in Konsole to fix Bus Error on SPARCv8 and v9

Description Matt Whitlock 2012-07-27 16:14:03 UTC 
Application: konsole (2.8.4)
KDE Platform Version: 4.8.4 (4.8.4) (Compiled from sources)
Qt Version: 4.8.2
Operating System: Linux 3.3.8-gentoo x86_64
Distribution (Platform): Gentoo Packages

-- Information about the crash:
- What I was doing when the application crashed:

I was compiling Chromium in a Konsole session.  Konsole crashed spontaneously, apparently not due to any user input from me.  Apparently my compile job ran out of memory, and Konsole was processing the reception of the error message (which included a terminal escape sequence) at the moment it crashed.  I hope the attached backtrace is helpful because that's all I can say about this crash.

-- Backtrace:
Application: Konsole (kdeinit4), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
[KCrash Handler]
#6  0x00007f903766bc3c in Konsole::CompactHistoryLine::CompactHistoryLine (this=0x7f902bdfff3a, line=..., bList=...) at /var/tmp/portage/kde-base/konsole-4.8.4/work/konsole-4.8.4/src/History.cpp:638
#7  0x00007f903766be04 in Konsole::CompactHistoryScroll::addCellsVector (this=0x3f10370, cells=...) at /var/tmp/portage/kde-base/konsole-4.8.4/work/konsole-4.8.4/src/History.cpp:697
#8  0x00007f903768f679 in Konsole::Screen::addHistLine (this=0x19eb520) at /var/tmp/portage/kde-base/konsole-4.8.4/work/konsole-4.8.4/src/Screen.cpp:1323
#9  0x00007f90376927e9 in addHistLine (this=0x19eb520) at /var/tmp/portage/kde-base/konsole-4.8.4/work/konsole-4.8.4/src/Screen.cpp:1319
#10 scrollUp (this=0x19eb520, n=<optimized out>) at /var/tmp/portage/kde-base/konsole-4.8.4/work/konsole-4.8.4/src/Screen.cpp:767
#11 index (this=0x19eb520) at /var/tmp/portage/kde-base/konsole-4.8.4/work/konsole-4.8.4/src/Screen.cpp:165
#12 Konsole::Screen::newLine (this=0x19eb520) at /var/tmp/portage/kde-base/konsole-4.8.4/work/konsole-4.8.4/src/Screen.cpp:612
#13 0x00007f90376d5b46 in Konsole::Vt102Emulation::processToken (this=0x3145610, token=<optimized out>, p=0, q=<optimized out>) at /var/tmp/portage/kde-base/konsole-4.8.4/work/konsole-4.8.4/src/Vt102Emulation.cpp:485
#14 0x00007f903766511b in Konsole::Emulation::receiveData (this=0x3145610, text=0x3920fc8 " \033[31;01m*\033[0m ../../sandbox-2.6/libsbutil/sb_write_fd.c:sb_copy_file_to_fd():22: failure (Cannot allocate memory):\r\n", length=117) at /var/tmp/portage/kde-base/konsole-4.8.4/work/konsole-4.8.4/src/Emulation.cpp:250
#15 0x00007f90376990a5 in Konsole::Session::onReceiveBlock (this=0x27eb480, buf=0x3920fc8 " \033[31;01m*\033[0m ../../sandbox-2.6/libsbutil/sb_write_fd.c:sb_copy_file_to_fd():22: failure (Cannot allocate memory):\r\n", len=117) at /var/tmp/portage/kde-base/konsole-4.8.4/work/konsole-4.8.4/src/Session.cpp:1297
#16 0x00007f903769b9e7 in Konsole::Session::qt_static_metacall (_o=<optimized out>, _id=<optimized out>, _a=0x7fffe4fbad10, _c=<optimized out>) at /var/tmp/portage/kde-base/konsole-4.8.4/work/konsole-4.8.4_build/src/Session.moc:217
#17 0x00007f9049279523 in QMetaObject::activate (sender=0x2827d80, m=<optimized out>, local_signal_index=<optimized out>, argv=0x7fffe4fbad10) at kernel/qobject.cpp:3547
#18 0x00007f903768dd7d in Konsole::Pty::receivedData (this=<optimized out>, _t1=0x3920fc8 " \033[31;01m*\033[0m ../../sandbox-2.6/libsbutil/sb_write_fd.c:sb_copy_file_to_fd():22: failure (Cannot allocate memory):\r\n", _t2=117) at /var/tmp/portage/kde-base/konsole-4.8.4/work/konsole-4.8.4_build/src/Pty.moc:111
#19 0x00007f903768ddbb in Konsole::Pty::dataReceived (this=0x2827d80) at /var/tmp/portage/kde-base/konsole-4.8.4/work/konsole-4.8.4/src/Pty.cpp:304
#20 0x00007f9049279523 in QMetaObject::activate (sender=0x209d0e0, m=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3547
#21 0x00007f90371e6c16 in KPtyDevicePrivate::_k_canRead (this=0x36491c0) at /var/tmp/portage/kde-base/kdelibs-4.8.4-r1/work/kdelibs-4.8.4/kpty/kptydevice.cpp:335
#22 0x00007f90371e70b6 in qt_static_metacall (_a=<optimized out>, _o=<optimized out>, _c=<optimized out>, _id=<optimized out>) at /var/tmp/portage/kde-base/kdelibs-4.8.4-r1/work/kdelibs-4.8.4_build/kpty/kptydevice.moc:55
#23 KPtyDevice::qt_static_metacall (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at /var/tmp/portage/kde-base/kdelibs-4.8.4-r1/work/kdelibs-4.8.4_build/kpty/kptydevice.moc:48
#24 0x00007f9049279523 in QMetaObject::activate (sender=0x33350b0, m=<optimized out>, local_signal_index=<optimized out>, argv=0x7fffe4fbb0a0) at kernel/qobject.cpp:3547
#25 0x00007f90492c50ee in QSocketNotifier::activated (this=<optimized out>, _t1=19) at .moc/release-shared/moc_qsocketnotifier.cpp:103
#26 0x00007f904928137b in QSocketNotifier::event (this=0x33350b0, e=0x7fffe4fbb750) at kernel/qsocketnotifier.cpp:317
#27 0x00007f90483e22e4 in QApplicationPrivate::notify_helper (this=0xa233b0, receiver=0x33350b0, e=0x7fffe4fbb750) at kernel/qapplication.cpp:4551
#28 0x00007f90483e6dbf in QApplication::notify (this=<optimized out>, receiver=0x33350b0, e=0x7fffe4fbb750) at kernel/qapplication.cpp:4412
#29 0x00007f904a0b5f46 in KApplication::notify (this=0x7fffe4fbba10, receiver=0x33350b0, event=0x7fffe4fbb750) at /var/tmp/portage/kde-base/kdelibs-4.8.4-r1/work/kdelibs-4.8.4/kdeui/kernel/kapplication.cpp:311
#30 0x00007f9049263cdb in QCoreApplication::notifyInternal (this=0x7fffe4fbba10, receiver=0x33350b0, event=0x7fffe4fbb750) at kernel/qcoreapplication.cpp:915
#31 0x00007f90492927e8 in sendEvent (event=0x7fffe4fbb750, receiver=<optimized out>) at kernel/qcoreapplication.h:231
#32 socketNotifierSourceDispatch (source=0xa235b0) at kernel/qeventdispatcher_glib.cpp:110
#33 0x00007f90448f2842 in g_key_file_set_group_comment (key_file=<optimized out>, group_name=0x0, comment=0x21 <Address 0x21 out of bounds>, error=<optimized out>) at gkeyfile.c:3161
#34 0x0000000000000000 in ?? ()

Reported using DrKonqi
Comment 1 Ciaran Gillespie 2013-09-05 01:27:52 UTC 
I have a similar problem with that function as well. Not sure if it's related, it on a SPARC64 system running Debian Wheezy with Konsole 4.8.4 as well. This is the back trace from the system.

Program received signal SIGBUS, Bus error.
0xf7bfa928 in Konsole::CompactHistoryLine::CompactHistoryLine (this=0xf1610056, line=..., bList=...) at /home/ciaran/Documents/konsole-4.8.4/src/History.cpp:586
586           formatLength(0)
(gdb) backtrace
#0  0xf7bfa928 in Konsole::CompactHistoryLine::CompactHistoryLine (this=0xf1610056, line=..., bList=...) at /home/ciaran/Documents/konsole-4.8.4/src/History.cpp:586
#1  0xf7bfade8 in Konsole::CompactHistoryScroll::addCellsVector (this=0x1937c8, cells=...) at /home/ciaran/Documents/konsole-4.8.4/src/History.cpp:697
#2  0xf7c23b54 in addHistLine (this=0x18e090) at /home/ciaran/Documents/konsole-4.8.4/src/Screen.cpp:1323
#3  Konsole::Screen::addHistLine (this=0x18e090) at /home/ciaran/Documents/konsole-4.8.4/src/Screen.cpp:1314
#4  0xf7c247f0 in Konsole::Screen::scrollUp (this=0x18e090, n=1) at /home/ciaran/Documents/konsole-4.8.4/src/Screen.cpp:767
#5  0xf7bf3714 in Konsole::Emulation::receiveData (this=0x18d978, text=0x35f200 "\r\n>>> ", length=6) at /home/ciaran/Documents/konsole-4.8.4/src/Emulation.cpp:250
#6  0xf7c2bdd8 in Konsole::Session::onReceiveBlock (this=0x18d528, buf=0x35f200 "\r\n>>> ", len=6) at /home/ciaran/Documents/konsole-4.8.4/src/Session.cpp:1302
#7  0xf7c2f7c8 in qt_static_metacall (_a=0xff88266c, _id=<optimized out>, _o=0x18d528, _c=<optimized out>) at /home/ciaran/Documents/konsole-4.8.4/src/Session.moc:216
#8  Konsole::Session::qt_static_metacall (_o=0x18d528, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0xff88266c) at /home/ciaran/Documents/konsole-4.8.4/src/Session.moc:154
#9  0xf6e53c30 in QMetaObject::activate (sender=0x18e9b0, m=<optimized out>, local_signal_index=<optimized out>, argv=0xff88266c) at kernel/qobject.cpp:3547
#10 0xf7c20568 in Konsole::Pty::receivedData (this=0x18e9b0, _t1=0x35f200 "\r\n>>> ", _t2=6) at /home/ciaran/Documents/konsole-4.8.4/src/Pty.moc:111
#11 0xf7c205b4 in Konsole::Pty::dataReceived (this=0x18e9b0) at /home/ciaran/Documents/konsole-4.8.4/src/Pty.cpp:304
#12 0xf6e53c30 in QMetaObject::activate (sender=0x16a2d0, m=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3547
#13 0xf7b748bc in KPtyDevicePrivate::_k_canRead (this=0x18efc8) at ../../kpty/kptydevice.cpp:335
#14 0xf7b74e3c in qt_static_metacall (_a=0xff882980, _o=0x16a2d0, _c=<optimized out>, _id=<optimized out>) at ./kptydevice.moc:55
#15 KPtyDevice::qt_static_metacall (_o=0x16a2d0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0xff882980) at ./kptydevice.moc:48
#16 0xf6e53c30 in QMetaObject::activate (sender=0x18f170, m=<optimized out>, local_signal_index=<optimized out>, argv=0xff882980) at kernel/qobject.cpp:3547
#17 0xf6ead45c in QSocketNotifier::activated (this=0x18f170, _t1=10) at .moc/release-shared/moc_qsocketnotifier.cpp:103
#18 0xf6e5d72c in QSocketNotifier::event (this=0x18f170, e=0xff882f64) at kernel/qsocketnotifier.cpp:317
#19 0xf62e2ef4 in notify_helper (e=0xff882f64, receiver=0x18f170, this=0x4ac30) at kernel/qapplication.cpp:4556
#20 QApplicationPrivate::notify_helper (this=0x4ac30, receiver=0x18f170, e=0xff882f64) at kernel/qapplication.cpp:4528
#21 0xf62e8e3c in QApplication::notify (this=0xff883330, receiver=0x18f170, e=0xff882f64) at kernel/qapplication.cpp:4417
#22 0xf74e9730 in KApplication::notify (this=0xff883330, receiver=0x18f170, event=0xff882f64) at ../../kdeui/kernel/kapplication.cpp:311
#23 0xf6e39488 in QCoreApplication::notifyInternal (this=0xff883330, receiver=0x18f170, event=0xff882f64) at kernel/qcoreapplication.cpp:915
#24 0xf6e72ee0 in sendEvent (event=0xff882f64, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#25 socketNotifierSourceDispatch (source=0x4d440) at kernel/qeventdispatcher_glib.cpp:110
#26 0xf562d2e0 in g_main_context_dispatch () from /lib/sparc-linux-gnu/libglib-2.0.so.0
#27 0xf562d6c0 in ?? () from /lib/sparc-linux-gnu/libglib-2.0.so.0
#28 0xf562d6c0 in ?? () from /lib/sparc-linux-gnu/libglib-2.0.so.0
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
Comment 2 Ciaran Gillespie 2013-09-05 01:49:11 UTC 
In my case of the SPARC64 I simply removed all the code involved in keeping track of all previous lines of output, so now I can't scroll up in konsole, and it no longer crashes, this is no fix but it helps isolate the problem for me anyways. I can begin to figure out why the call to CompactHistoryLines causes the Bus Error.
Comment 3 Ciaran Gillespie 2013-09-05 23:19:47 UTC 
I checked out the latest sources for Konsole from git, and for my case it's looking like the custom new operator to allocate HistoryLines using CompactHistoryBlockList is running over the execution stack. If I simply have the allocation for new lines occur using the heap this issue goes away. Going to try to debug the CompactHistoryBlockList more.
Comment 4 Ciaran Gillespie 2013-09-06 00:11:50 UTC 
Ah I think I found the problem!

So in the constructor for CompactHistoryBlock it tries to use mmap and cast it into an incremental  quint8* pointer. Now when CompactHistoryBlock tries to iterator over the pointers that are quint8 it will do so in 8-bit steps. This will cause a major issue for SPARCv8-9 and possibly other architectures as the memory must be either half-word aligned (16-bit) or word (32-bit). I'm guessing this works fine on x86_64 and i386 as 8-bit memory alignment is safe.

Here is the diff of my changes, I would like to know if this solves Matt W.'s issue though I am unsure if this in fact the same problem we are having, if not I will have to create a new ticket with my bug and the patch.

diff --git a/src/History.h b/src/History.h
index b4070fb..d2417df 100644
--- a/src/History.h
+++ b/src/History.h
@@ -202,7 +202,7 @@ class CompactHistoryBlock
 public:
     CompactHistoryBlock() {
         _blockLength = 4096 * 64; // 256kb
-        _head = (quint8*) mmap(0, _blockLength, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0);
+        _head = (quint32*) mmap(NULL, _blockLength, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0);
         //_head = (quint8*) malloc(_blockLength);
         Q_ASSERT(_head != MAP_FAILED);
         _tail = _blockStart = _head;
@@ -231,9 +231,9 @@ public:
 
 private:
     size_t _blockLength;
-    quint8* _head;
-    quint8* _tail;
-    quint8* _blockStart;
+    quint32* _head;
+    quint32* _tail;
+    quint32* _blockStart;
     int _allocCount;
 };
Comment 5 Ciaran Gillespie 2013-09-06 00:13:10 UTC 
Created attachment 82182 [details]
Patch for History.h in Konsole to fix Bus Error on SPARCv8 and v9

This changes the memory alignment for the CompactHistoryBlock class from 8-bit, which causes a bus error on SPARCv8-9, and changes it to 32-bit alignment.
Comment 6 Andrew Crouthamel 2018-11-01 13:44:00 UTC 
Dear Bug Submitter,

This bug has been stagnant for a long time. Could you help us out and re-test if the bug is valid in the latest version? I am setting the status to NEEDSINFO pending your response, please change the Status back to REPORTED when you respond.

Thank you for helping us make KDE software even better for everyone!
Comment 7 Matt Whitlock 2018-11-01 20:26:44 UTC 
(In reply to Andrew Crouthamel from comment #6)
> re-test if the bug is valid

I have no means of reproducing this crash on demand, and I have not experienced it again.
Comment 8 Andrew Crouthamel 2018-11-01 23:25:10 UTC 
Thanks for the update!