364447 – Random segfault at exit

Bug 364447 - Random segfault at exit

Summary: Random segfault at exit

Status:	REPORTED

Alias:	None

Product:	choqok
Classification:	Applications
Component:	general (show other bugs)
Version:	Git
Platform:	Compiled Sources Linux

Importance:	NOR normal
Target Milestone:	1.6
Assignee:	Mehrdad Momeny

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-06-18 10:08 UTC by Iris Morelle
Modified:	2022-06-24 16:21 UTC (History)
CC List:	2 users (show)

See Also:	400117 455644
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Iris Morelle 2016-06-18 10:08:32 UTC

The Git master version as of 136e9f27f25d85d2573d9f0eede6963818cdba20 sometimes segfaults at exit. This happens silently (the KDE crash handler doesn't appear) other than a line like the following being written to the system log:

[196447.905520] choqok[8551]: segfault at 7fef761fb340 ip 00000000004106cb sp 00007ffd87cb0ac0 error 4 in choqok[400000+23000]

I have not been able to obtain a backtrace from gdb thus far because the bug seems to elude observation when under a debugger, but I was able to get this from Valgrind (using master @ 6b646e86a466bdb92966092826c18a50f4aefe34 for line numbers), which might be related. These are the only invalid memory accesses reported by Valgrind otherwise:

==27682== Invalid read of size 4
==27682==    at 0xA3BAFD0: QCoreApplicationPrivate::deref() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.6.1)
==27682==    by 0xA3B5CA3: QEventLoopLocker::~QEventLoopLocker() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.6.1)
==27682==    by 0x5082703: Choqok::PluginManager::~PluginManager() (pluginmanager.cpp:100)
==27682==    by 0x5085E9C: Choqok::PluginManagerPrivate::~PluginManagerPrivate() (pluginmanager.cpp:49)
==27682==    by 0x50825AB: Choqok::(anonymous namespace)::Q_QGS__kpmp::innerFunction()::Holder::~Holder() (pluginmanager.cpp:87)
==27682==    by 0xAED1DE7: __run_exit_handlers (in /lib/x86_64-linux-gnu/libc-2.22.so)
==27682==    by 0xAED1E34: exit (in /lib/x86_64-linux-gnu/libc-2.22.so)
==27682==    by 0xAEBC5F6: (below main) (in /lib/x86_64-linux-gnu/libc-2.22.so)
==27682==  Address 0x16d32c00 is 112 bytes inside a block of size 352 free'd
==27682==    at 0x4C2B2CB: operator delete(void*) (vg_replace_malloc.c:575)
==27682==    by 0xA3EBF2B: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.6.1)
==27682==    by 0xA3B9B61: QCoreApplication::~QCoreApplication() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.6.1)
==27682==    by 0x939A523: QApplication::~QApplication() (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.6.1)
==27682==    by 0x507E891: Choqok::Application::~Application() (application.cpp:42)
==27682==    by 0x40BD10: ChoqokApplication::~ChoqokApplication() (choqokapplication.cpp:50)
==27682==    by 0x418AA4: main (main.cpp:77)
==27682==  Block was alloc'd at
==27682==    at 0x4C2A16F: operator new(unsigned long) (vg_replace_malloc.c:333)
==27682==    by 0x939F83D: QApplication::QApplication(int&, char**, int) (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.6.1)
==27682==    by 0x507E82C: Choqok::Application::Application(int&, char**) (application.cpp:38)
==27682==    by 0x40BAF8: ChoqokApplication::ChoqokApplication(int&, char**) (choqokapplication.cpp:33)
==27682==    by 0x418907: main (main.cpp:77)
==27682== 
==27682== Invalid read of size 4
==27682==    at 0xA3BAF30: QCoreApplicationPrivate::maybeQuit() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.6.1)
==27682==    by 0xA3B5CA3: QEventLoopLocker::~QEventLoopLocker() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.6.1)
==27682==    by 0x5082703: Choqok::PluginManager::~PluginManager() (pluginmanager.cpp:100)
==27682==    by 0x5085E9C: Choqok::PluginManagerPrivate::~PluginManagerPrivate() (pluginmanager.cpp:49)
==27682==    by 0x50825AB: Choqok::(anonymous namespace)::Q_QGS__kpmp::innerFunction()::Holder::~Holder() (pluginmanager.cpp:87)
==27682==    by 0xAED1DE7: __run_exit_handlers (in /lib/x86_64-linux-gnu/libc-2.22.so)
==27682==    by 0xAED1E34: exit (in /lib/x86_64-linux-gnu/libc-2.22.so)
==27682==    by 0xAEBC5F6: (below main) (in /lib/x86_64-linux-gnu/libc-2.22.so)
==27682==  Address 0x16d32c00 is 112 bytes inside a block of size 352 free'd
==27682==    at 0x4C2B2CB: operator delete(void*) (vg_replace_malloc.c:575)
==27682==    by 0xA3EBF2B: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.6.1)
==27682==    by 0xA3B9B61: QCoreApplication::~QCoreApplication() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.6.1)
==27682==    by 0x939A523: QApplication::~QApplication() (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.6.1)
==27682==    by 0x507E891: Choqok::Application::~Application() (application.cpp:42)
==27682==    by 0x40BD10: ChoqokApplication::~ChoqokApplication() (choqokapplication.cpp:50)
==27682==    by 0x418AA4: main (main.cpp:77)
==27682==  Block was alloc'd at
==27682==    at 0x4C2A16F: operator new(unsigned long) (vg_replace_malloc.c:333)
==27682==    by 0x939F83D: QApplication::QApplication(int&, char**, int) (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.6.1)
==27682==    by 0x507E82C: Choqok::Application::Application(int&, char**) (application.cpp:38)
==27682==    by 0x40BAF8: ChoqokApplication::ChoqokApplication(int&, char**) (choqokapplication.cpp:33)
==27682==    by 0x418907: main (main.cpp:77)
==27682== 
==27682== Invalid read of size 1
==27682==    at 0xA3BAF40: QCoreApplicationPrivate::maybeQuit() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.6.1)
==27682==    by 0xA3B5CA3: QEventLoopLocker::~QEventLoopLocker() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.6.1)
==27682==    by 0x5082703: Choqok::PluginManager::~PluginManager() (pluginmanager.cpp:100)
==27682==    by 0x5085E9C: Choqok::PluginManagerPrivate::~PluginManagerPrivate() (pluginmanager.cpp:49)
==27682==    by 0x50825AB: Choqok::(anonymous namespace)::Q_QGS__kpmp::innerFunction()::Holder::~Holder() (pluginmanager.cpp:87)
==27682==    by 0xAED1DE7: __run_exit_handlers (in /lib/x86_64-linux-gnu/libc-2.22.so)
==27682==    by 0xAED1E34: exit (in /lib/x86_64-linux-gnu/libc-2.22.so)
==27682==    by 0xAEBC5F6: (below main) (in /lib/x86_64-linux-gnu/libc-2.22.so)
==27682==  Address 0x16d32c30 is 160 bytes inside a block of size 352 free'd
==27682==    at 0x4C2B2CB: operator delete(void*) (vg_replace_malloc.c:575)
==27682==    by 0xA3EBF2B: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.6.1)
==27682==    by 0xA3B9B61: QCoreApplication::~QCoreApplication() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.6.1)
==27682==    by 0x939A523: QApplication::~QApplication() (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.6.1)
==27682==    by 0x507E891: Choqok::Application::~Application() (application.cpp:42)
==27682==    by 0x40BD10: ChoqokApplication::~ChoqokApplication() (choqokapplication.cpp:50)
==27682==    by 0x418AA4: main (main.cpp:77)
==27682==  Block was alloc'd at
==27682==    at 0x4C2A16F: operator new(unsigned long) (vg_replace_malloc.c:333)
==27682==    by 0x939F83D: QApplication::QApplication(int&, char**, int) (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.6.1)
==27682==    by 0x507E82C: Choqok::Application::Application(int&, char**) (application.cpp:38)
==27682==    by 0x40BAF8: ChoqokApplication::ChoqokApplication(int&, char**) (choqokapplication.cpp:33)
==27682==    by 0x418907: main (main.cpp:77)
==27682==
==27682==
==27682== HEAP SUMMARY:
==27682==     in use at exit: 923,774 bytes in 10,805 blocks
==27682==   total heap usage: 4,405,581 allocs, 4,394,776 frees, 4,319,524,666 bytes allocated
==27682==
==27682== LEAK SUMMARY:
==27682==    definitely lost: 4,767 bytes in 35 blocks
==27682==    indirectly lost: 690,595 bytes in 9,292 blocks
==27682==      possibly lost: 1,352 bytes in 18 blocks
==27682==    still reachable: 227,060 bytes in 1,460 blocks
==27682==                       of which reachable via heuristic:
==27682==                         newarray           : 1,536 bytes in 16 blocks
==27682==         suppressed: 0 bytes in 0 blocks
==27682== Rerun with --leak-check=full to see details of leaked memory
==27682==
==27682== For counts of detected and suppressed errors, rerun with: -v
==27682== Use --track-origins=yes to see where uninitialised values come from
==27682== ERROR SUMMARY: 7 errors from 4 contexts (suppressed: 0 from 0)


Reproducible: Sometimes

Steps to Reproduce:
1. Run choqok, probably with at least one configured account
2. Exit choqok. The exact activity in between both steps doesn't matter.

Actual Results:  
Roughly half of the time this results in a segfault being reported in the system log (or terminal if Choqok is running from one). The rest of the time Choqok exits without crashing.

Expected Results:  
Exit without crashing.

Built using -DCMAKE_BUILD_TYPE=Debug against KDE Frameworks 5.22.0 on Debian unstable, using GCC 5.4.0.

Comment 1 Frédéric Brière 2022-06-19 16:39:40 UTC

I'd be willing to bet that this is a duplicate of bug 400117, but it's hard to say for certain without a backtrace.  (That bug isn't related to the invalid memory accesses reported here, but that could be a red herring.)

(Technically, bug 418312 can also trigger a segfault when quitting, but only after certain specific steps have been taken, which seems incompatible with a 50% failure rate.)

Comment 2 Frédéric Brière 2022-06-21 06:17:55 UTC

Bug 455644 is also another likely candidate.

That said, the Valgrind log does reveal a bug (AFAICT), which still persists to this day, so maybe this bug report should not be closed as a duplicate just yet.

Comment 3 Frédéric Brière 2022-06-24 16:21:31 UTC

(In reply to Frédéric Brière from comment #2)
> > That said, the Valgrind log does reveal a bug (AFAICT), which still persists
> to this day,

I've now submitted !21, which includes a fix for that.

https://invent.kde.org/network/choqok/-/merge_requests/21