Bug 187769 - glibc double free while restarting kwin
Summary: glibc double free while restarting kwin
Status: RESOLVED UPSTREAM
Alias: None
Product: kwin
Classification: Plasma
Component: general (show other bugs)
Version: unspecified
Platform: Fedora RPMs Linux
: NOR crash
Target Milestone: ---
Assignee: KWin default assignee
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-03-21 08:33 UTC by Gilboa Davara
Modified: 2009-09-06 15:33 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Gilboa Davara 2009-03-21 08:33:21 UTC 
Version:           kdebase-workspace-4.2.1-3.fc10.x86_64 (using KDE 4.2.1)
Compiler:          gcc-4.3.2-7.x86_64 
OS:                Linux
Installed from:    Fedora RPMs

Console log:

*** glibc detected *** kwin: double free or corruption (!prev): 0x00007fead7627740 ***
======= Backtrace: =========                                                                                      
/lib64/libc.so.6[0x3176c77ec8]                                                                                    
/lib64/libc.so.6(cfree+0x76)[0x3176c7a486]                                                                        
/usr/lib64/nvidia/libGL.so.1[0x3d7ae80b8a]                                                                        
======= Memory map: ========                                                                                      
00110000-00113000 r-xp 00000000 fd:06 967474                             /usr/lib64/gconv/UTF-16.so               
00113000-00312000 ---p 00003000 fd:06 967474                             /usr/lib64/gconv/UTF-16.so               
00312000-00313000 r--p 00002000 fd:06 967474                             /usr/lib64/gconv/UTF-16.so               
00313000-00314000 rw-p 00003000 fd:06 967474                             /usr/lib64/gconv/UTF-16.so               
00400000-00401000 r-xp 00000000 fd:06 1019168                            /usr/bin/kwin                            
00600000-00604000 rw-p 00000000 fd:06 1019168                            /usr/bin/kwin
00798000-007c8000 r-xp 00000000 fd:06 231015                             /usr/lib64/kde4/plugins/styles/oxygen.so
007c8000-009c7000 ---p 00030000 fd:06 231015                             /usr/lib64/kde4/plugins/styles/oxygen.so
009c7000-009c9000 rw-p 0002f000 fd:06 231015                             /usr/lib64/kde4/plugins/styles/oxygen.so
009c9000-009d5000 r-xp 00000000 fd:06 876909                             /lib64/libnss_files-2.9.so
009d5000-00bd4000 ---p 0000c000 fd:06 876909                             /lib64/libnss_files-2.9.so
00bd4000-00bd5000 r--p 0000b000 fd:06 876909                             /lib64/libnss_files-2.9.so
00bd5000-00bd6000 rw-p 0000c000 fd:06 876909                             /lib64/libnss_files-2.9.so
00c64000-00c79000 r-xp 00000000 fd:06 1028923                            /usr/lib64/kde4/kwin3_oxygen.so
00c79000-00e78000 ---p 00015000 fd:06 1028923                            /usr/lib64/kde4/kwin3_oxygen.so
00e78000-00e79000 rw-p 00014000 fd:06 1028923                            /usr/lib64/kde4/kwin3_oxygen.so
00e79000-00efe000 r-xp 00000000 fd:06 1028929                            /usr/lib64/kde4/kwin4_effect_builtins.so
00efe000-010fe000 ---p 00085000 fd:06 1028929                            /usr/lib64/kde4/kwin4_effect_builtins.so
010fe000-01103000 rw-p 00085000 fd:06 1028929                            /usr/lib64/kde4/kwin4_effect_builtins.so
01103000-01109000 r-xp 00000000 fd:06 229475                             /usr/lib64/qt4/plugins/imageformats/libqico.so
01109000-01309000 ---p 00006000 fd:06 229475                             /usr/lib64/qt4/plugins/imageformats/libqico.so
01309000-0130a000 rw-p 00006000 fd:06 229475                             /usr/lib64/qt4/plugins/imageformats/libqico.so
0130a000-0130f000 r-xp 00000000 fd:06 229477                             /usr/lib64/qt4/plugins/imageformats/libqmng.so
0130f000-0150f000 ---p 00005000 fd:06 229477                             /usr/lib64/qt4/plugins/imageformats/libqmng.so
0150f000-01510000 rw-p 00005000 fd:06 229477                             /usr/lib64/qt4/plugins/imageformats/libqmng.so
01510000-01514000 r-xp 00000000 fd:06 229865                             /usr/lib64/qt4/plugins/imageformats/libqsvg.so
01514000-01713000 ---p 00004000 fd:06 229865                             /usr/lib64/qt4/plugins/imageformats/libqsvg.so
01713000-01714000 rw-p 00003000 fd:06 229865                             /usr/lib64/qt4/plugins/imageformats/libqsvg.so
01714000-0171a000 r-xp 00000000 fd:06 191613                             /usr/lib64/kde4/plugins/imageformats/kimg_dds.so
0171a000-01919000 ---p 00006000 fd:06 191613                             /usr/lib64/kde4/plugins/imageformats/kimg_dds.so
01919000-0191a000 rw-p 00005000 fd:06 191613                             /usr/lib64/kde4/plugins/imageformats/kimg_dds.so
01b1c000-01e3a000 rw-p 01b1c000 00:00 0                                  [heap]
01e3c000-01e42000 r-xp 00000000 fd:06 229474                             /usr/lib64/qt4/plugins/imageformats/libqgif.so
01e42000-02041000 ---p 00006000 fd:06 229474                             /usr/lib64/qt4/plugins/imageformats/libqgif.so
02041000-02042000 rw-p 00005000 fd:06 229474          Application::crashHandler() called with signal 6; recent crashes:1
KCrash: Application 'kwin' crashing...
Fatal Error: Accessed global static 'KGlobalPrivate *globalData()' after destruction. Defined at /builddir/build/BUILD/kdelibs-4.2.1/kdecore/kernel/kglobal.cpp:114
Comment 1 Gilboa Davara 2009-03-21 08:34:46 UTC 
A. I'm using the nVidia binary drivers.
B. The actual interesting part (in this dump) is:

Fatal Error: Accessed global static 'KGlobalPrivate *globalData()' after
destruction. Defined at
/builddir/build/BUILD/kdelibs-4.2.1/kdecore/kernel/kglobal.cpp:114

... I assume it's not nVidia related. (But who knows...)

- Gilboa
Comment 2 Michael Pyne 2009-03-21 15:23:55 UTC 
I'm pretty sure that glibc kills the program as soon as a double free is detected, which would lead to global statics being destroyed, which could be why one is accessed after its destruction.

But the real bug here is the double-free, which occurs in nvidia's libGL.  So it seems to me it's an nvidia issue, unless KWin is running an improper OpenGL sequence or something.
Comment 3 Martin Flöser 2009-09-06 15:33:30 UTC 
in response to comment #2 assuming a upstream bug.