Bug 325075

Summary: konqueror-4.10.5 bad free() in QThread::start from KApplication::notify / idleTimer (may be libnvidia-tls.so)
Product: [Applications] konqueror Reporter: steveL <slong>
Component: generalAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED WORKSFORME    
Severity: crash CC: adawit
Priority: NOR    
Version: 4.10.5   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description steveL 2013-09-19 00:20:46 UTC 
KDE Platform Version: 4.10.5 (Compiled from sources)
Qt Version: 4.8.4
Operating System: Linux 3.10.7-gentoo-gnu x86_64
Distribution: "Gentoo Base System release 2.2"

-- Information about the crash:
- What I was doing when the application crashed:
  Nothing: I'd minimised konqui a few seconds previously, and was just considering what work I needed to do next, and what could wait.

  Using proprietary nvidia driver, as you can see from the tls call. This has just been recompiled, after a kernel upgrade, and linux-headers (as well as the rest of toolchain) before the whole of kde-4.5.10 (gentoo: -r1) was built. I've had a few konqui crashes since the upgrade; before that I was on 4.5.9 for 8 months, which was rock-solid.
  As an aside, I'd suggest valgrind's relatively recent drd, if it's not already in use on your test rigs. [http://valgrind.org/docs/manual/drd-manual.html]. I haven't yet played with it though it did help someone I advised to try it.

  Unless you can see the issue from the backtrace of course: I don't do C++, so I wouldn't know where to begin; nor am I in a position to rebuild the whole of kde to run under valgrind.

Looking at my build log:
Mon Jul  1 07:34:21 2013 >>> x11-drivers/nvidia-drivers-319.23
Wed Sep 11 04:15:49 2013 >>> x11-drivers/nvidia-drivers-319.49
Tue Sep 17 21:03:37 2013 >>> x11-drivers/nvidia-drivers-319.49

So I'll rollback to a new build of the previous version, and report back in a week or so. I figured others might be hitting the same issue so if we can send it upstream instead, great.


Reproducible: Sometimes




-- Backtrace:
Application: Konqueror (kdeinit4), signal: Aborted
Using host libthread_db library "/lib64/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f5b1eb36780 (LWP 2341))]

Thread 3 (Thread 0x7f5b064d6700 (LWP 2342)):
#0  0x00007f5b18f6a7c0 in g_mutex_get_impl () from /usr/lib64/libglib-2.0.so.0
#1  0x00007f5b18f6ab29 in g_mutex_unlock () from /usr/lib64/libglib-2.0.so.0
#2  0x00007f5b18f3c590 in ?? () from /usr/lib64/libglib-2.0.so.0
#3  0x00007f5b18f2dfdd in g_main_context_iterate.clone.6 () from /usr/lib64/libglib-2.0.so.0
#4  0x0000000000000020 in ?? ()
#5  0x00000001000009c0 in ?? ()
#6  0x0000000000000001 in ?? ()
#7  0x00007f5b000008e0 in ?? ()
#8  0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7f5b05cd5700 (LWP 2540)):
#0  syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:39
#1  0x00007f5b1d6fd48b in _q_futex (val2=0, addr2=0x0, timeout=0x0, val=2, op=0, addr=0x467a970) at thread/qmutex_unix.cpp:99
#2  QMutexPrivate::wait (this=0x467a970, timeout=<optimized out>) at thread/qmutex_unix.cpp:113
#3  0x00007f5b1d6f92cd in QMutex::lockInternal (this=<optimized out>) at thread/qmutex.cpp:450
#4  0x00007f5b1d6fea35 in lockInline (this=0x47910a8) at ../../include/QtCore/../../src/corelib/thread/qmutex.h:190
#5  QMutexLocker (m=0x47910a8, this=<synthetic pointer>) at ../../include/QtCore/../../src/corelib/thread/qmutex.h:109
#6  QThreadPrivate::start (arg=0x47e2860) at thread/qthread_unix.cpp:317
#7  0x00007f5b1d46efb6 in start_thread (arg=0x7f5b05cd5700) at pthread_create.c:305
#8  0x00007f5b1c21768d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 1 (Thread 0x7f5b1eb36780 (LWP 2341)):
[KCrash Handler]
#6  0x00007f5b1c1649b5 in __GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#7  0x00007f5b1c165e2b in __GI_abort () at abort.c:91
#8  0x00007f5b1c1a448e in __libc_message (do_abort=2, fmt=0x7f5b1c297ea8 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198
#9  0x00007f5b1c1aa206 in malloc_printerr (action=3, str=0x7f5b1c297fb8 "double free or corruption (!prev)", ptr=<optimized out>) at malloc.c:5007
#10 0x00007f5b0efbc0ac in ?? () from /usr/lib64/libGL.so.1
#11 0x00007f5b0e49617a in ?? () from /usr/lib64/libnvidia-tls.so.319.49
#12 0x00007f5b1d6fe174 in QThread::start (this=0x47e2860, priority=<optimized out>) at thread/qthread_unix.cpp:640
#13 0x00007f5b1d6f2ac0 in tryStart (task=0x9ebce70, this=0x41152a0) at concurrent/qthreadpool.cpp:203
#14 QThreadPoolPrivate::tryStart (this=0x41152a0, task=0x9ebce70) at concurrent/qthreadpool.cpp:174
#15 0x00007f5b1d6f2cf3 in QThreadPool::start (this=<optimized out>, runnable=0x9ebce70, priority=0) at concurrent/qthreadpool.cpp:474
#16 0x00007f5b15bad67a in start (this=0x9ebce60) at /usr/include/qt4/QtCore/qtconcurrentrunbase.h:85
#17 QtConcurrent::run<QHostInfo, QString const&, QString> (functionPointer=<optimized out>, arg1=...) at /usr/include/qt4/QtCore/qtconcurrentrun.h:79
#18 0x00007f5b15bac76b in start (hostName=..., this=0x9ebcea0) at /var/tmp/portage/kde-base/kdelibs-4.10.5-r1/work/kdelibs-4.10.5/kio/kio/hostinfo.cpp:99
#19 KIO::HostInfoAgentPrivate::lookupHost (this=0x1981de0, hostName=..., receiver=0x0, member=0x0) at /var/tmp/portage/kde-base/kdelibs-4.10.5-r1/work/kdelibs-4.10.5/kio/kio/hostinfo.cpp:353
#20 0x00007f5aff8a56bb in KHTMLPart::timerEvent (this=0x35b9ec0, e=<optimized out>) at /var/tmp/portage/kde-base/kdelibs-4.10.5-r1/work/kdelibs-4.10.5/khtml/khtml_part.cpp:3446
#21 0x00007f5b1d8142b9 in QObject::event (this=0x35b9ec0, e=<optimized out>) at kernel/qobject.cpp:1156
#22 0x00007f5b1c9a09d4 in notify_helper (e=0x7fff199c7b90, receiver=0x35b9ec0, this=0x17d1c90) at kernel/qapplication.cpp:4562
#23 QApplicationPrivate::notify_helper (this=0x17d1c90, receiver=0x35b9ec0, e=0x7fff199c7b90) at kernel/qapplication.cpp:4534
#24 0x00007f5b1c9a56d3 in QApplication::notify (this=0x7fff199c7ff0, receiver=0x35b9ec0, e=0x7fff199c7b90) at kernel/qapplication.cpp:4423
#25 0x00007f5b1e584586 in KApplication::notify (this=0x7fff199c7ff0, receiver=0x35b9ec0, event=0x7fff199c7b90) at /var/tmp/portage/kde-base/kdelibs-4.10.5-r1/work/kdelibs-4.10.5/kdeui/kernel/kapplication.cpp:311
#26 0x00007f5b1d7fb8f4 in QCoreApplication::notifyInternal (this=0x7fff199c7ff0, receiver=0x35b9ec0, event=0x7fff199c7b90) at kernel/qcoreapplication.cpp:946
#27 0x00007f5b1d82c03a in sendEvent (event=0x7fff199c7b90, receiver=<optimized out>) at kernel/qcoreapplication.h:231
#28 QTimerInfoList::activateTimers (this=0x17d3900) at kernel/qeventdispatcher_unix.cpp:621
#29 0x00007f5b1d8299ed in timerSourceDispatch (source=<optimized out>) at kernel/qeventdispatcher_glib.cpp:186
#30 timerSourceDispatch (source=<optimized out>) at kernel/qeventdispatcher_glib.cpp:180
#31 0x00007f5b1d829a11 in idleTimerSourceDispatch (source=<optimized out>) at kernel/qeventdispatcher_glib.cpp:233
#32 0x00007f5b18f2de3a in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#33 0x0000000000000000 in ?? ()

Possible duplicates by query: bug 324099, bug 322518, bug 321764, bug 321465, bug 320526.
Comment 1 Dawit Alemayehu 2013-12-31 14:10:36 UTC 
Can you still reproduce this crash in the current stable versions of KDE? If you can this ticket needs to go to kdelibs/kio.
Comment 2 Dawit Alemayehu 2014-01-01 13:16:08 UTC 
See comment#1. For the record I personally have never encountered this crash.
Comment 3 steveL 2014-03-17 05:44:20 UTC 
Hi Dawit,
  sorry missed the bug mail, saw it other day, and am still getting locks with later version of nvidia-drivers, but I do need to upgrade so might as well do that now.

I'll close this as there's no point in it, and reopen if things go awry with latest.

Thanks for your help,
Steve.