Bug 384316

Summary: Crash on SIGTERM related to threading issues
Product: [Unmaintained] ksmserver Reporter: Jiri Palecek <jpalecek>
Component: generalAssignee: Lubos Lunak <l.lunak>
Status: RESOLVED WORKSFORME    
Severity: normal    
Priority: NOR    
Version: 5.8.7   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Proposed patch

Description Jiri Palecek 2017-09-03 15:27:13 UTC 
Created attachment 107666 [details]
Proposed patch

Hello

I got an odd crash from ksmserver with this backtrace:

Core was generated by `/usr/bin/ksmserver'.
#0  0xb770dcf9 in __kernel_vsyscall ()
[Current thread is 1 (Thread 0xaf2bfb40 (LWP 2170))]
(gdb) bt
#0  0xb770dcf9 in __kernel_vsyscall ()
#1  0xb758308f in waitpid () at ../sysdeps/unix/syscall-template.S:84
#2  0xb49b0b6e in ?? () from /usr/lib/i386-linux-gnu/libKF5Crash.so.5
#3  0xb49b1860 in KCrash::defaultCrashHandler(int) () from /usr/lib/i386-linux-gnu/libKF5Crash.so.5
#4  <signal handler called>
#5  0xb770dcf9 in __kernel_vsyscall ()
#6  0xb74fddc0 in __libc_signal_restore_set (set=0xaf2be080) at ../sysdeps/unix/sysv/linux/nptl-signals.h:79
#7  __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:48
#8  0xb74ff287 in __GI_abort () at abort.c:89
#9  0xb4d100d3 in qt_message_fatal (context=..., message=<synthetic pointer>...) at global/qlogging.cpp:1682
#10 QMessageLogger::fatal (this=0xaf2be338, msg=0xb4f94f40 "ASSERT failure in %s: \"%s\", file %s, line %d") at global/qlogging.cpp:793
#11 0xb4d0b06a in qt_assert_x (where=0xb504aced "QCoreApplication::sendEvent", what=0xae902e38 "Cannot send events to objects owned by a different thread. Current thread 804b9708. Receiver '' (of type 'QProcess') was created in thread 804869f8",
    file=0xb504ac98 "kernel/qcoreapplication.cpp", line=541) at global/qglobal.cpp:3089
#12 0xb4edd18a in QCoreApplicationPrivate::checkReceiverThread (receiver=<optimized out>) at kernel/qcoreapplication.cpp:533
#13 0xb582d1f2 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/i386-linux-gnu/libQt5Widgets.so.5
#14 0xb4eddab2 in QCoreApplication::notifyInternal2 (receiver=0x80505a38, event=0xaf2be6e8) at kernel/qcoreapplication.cpp:988
#15 0xb4f15644 in QCoreApplication::sendEvent (event=0xaf2be6e8, receiver=<optimized out>) at kernel/qcoreapplication.h:231
#16 QObjectPrivate::setParent_helper (this=0x804fdea8, o=<optimized out>) at kernel/qobject.cpp:1996
#17 0xb4f15b2c in QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>) at kernel/qobject.cpp:1048
#18 0xb4f1b7ff in QSocketNotifier::~QSocketNotifier (this=0x804fdf70, __in_chrg=<optimized out>) at kernel/qsocketnotifier.cpp:162
#19 0xb4f1b82a in QSocketNotifier::~QSocketNotifier (this=0x804fdf70, __in_chrg=<optimized out>) at kernel/qsocketnotifier.cpp:165
#20 0xb4e6f19d in QProcessPrivate::waitForDeadChild (this=0x804fd878) at io/qprocess_unix.cpp:919
#21 0xb4e17c21 in QProcessPrivate::_q_processDied (this=0x804fd878) at io/qprocess.cpp:1128
#22 0xb4e6effd in QProcessPrivate::waitForFinished (this=<optimized out>, msecs=<optimized out>) at io/qprocess_unix.cpp:895
#23 0xb4e111f1 in QProcess::waitForFinished (this=0x80505a38, msecs=30000) at io/qprocess.cpp:1922
#24 0xb4e11a3d in QProcess::~QProcess (this=<optimized out>, __in_chrg=<optimized out>) at io/qprocess.cpp:1261
#25 0xb611493d in KProcess::~KProcess() () from /usr/lib/i386-linux-gnu/libKF5CoreAddons.so.5
#26 0xb611497a in KProcess::~KProcess() () from /usr/lib/i386-linux-gnu/libKF5CoreAddons.so.5
#27 0xb4f14b13 in QObjectPrivate::deleteChildren (this=0x804ecc60) at kernel/qobject.cpp:1970
#28 0xb4f15af3 in QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>) at kernel/qobject.cpp:1041
#29 0xb769c6d3 in KSMServer::~KSMServer (this=0x804f0998, __in_chrg=<optimized out>) at ./ksmserver/server.cpp:728
#30 0xb769f01a in KSMServer::~KSMServer (this=0x804f0998, __in_chrg=<optimized out>) at ./ksmserver/server.cpp:733
#31 0xb769adba in sighandler (sig=15) at ./ksmserver/server.cpp:539
#32 <signal handler called>

Apparently, ksmserver got a SIGTERM signal which resulted in a SIGABRT due to the SIGTERM being received in another thread than the main thread (or, more importantly, the thread where the objects that are subsequently destroyed live), as we can see from the assertion message.

Also, the code doesn't seem safe - in a signal handler, only a limited number of functions can be called, and I'm pretty sure this doesn't include QObject functions.

To remedy both issues, I propose to use the self-pipe trick - alert the main loop in the signal handler by writing to a pipe (or, in this case, socket), and terminate ksmserver gracefully. See the attached patch.
Comment 1 Christoph Feck 2017-09-27 14:47:16 UTC 
Thanks for your patch! Please add it to https://phabricator.kde.org/differential/diff/create/ where Plasma developers review it.
Comment 2 Christoph Feck 2017-10-12 19:07:37 UTC 
Any luck with the link from comment #1?
Comment 3 Justin Zobel 2022-11-10 08:51:59 UTC 
Thank you for reporting this issue in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version?

If you can reproduce the issue, please change the status to "REPORTED" when replying. Thank you!
Comment 4 Bug Janitor Service 2022-11-25 05:17:17 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 5 Bug Janitor Service 2022-12-10 05:14:26 UTC 
This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!