Bug 395624 - Kpat suddenly crashed
Summary: Kpat suddenly crashed
Status: RESOLVED FIXED
Alias: None
Product: kpat
Classification: Applications
Component: general (show other bugs)
Version: 3.6
Platform: Neon Linux
: NOR crash
Target Milestone: ---
Assignee: Stephan Kulow
URL:
Keywords: drkonqi
: 404161 409100 (view as bug list)
Depends on:
Blocks:
 
Reported: 2018-06-19 19:37 UTC by Francesca Silvana Scoppio
Modified: 2019-09-07 18:49 UTC (History)
8 users (show)

See Also:
Latest Commit: https://commits.kde.org/kpat/d7fcc9a0c79f186118e0c20804af1f7467fc4580
Version Fixed In:

Attachments
attachment-16672-0.html (925 bytes, text/html)
2018-06-28 18:25 UTC, Francesca Silvana Scoppio 		Details
New crash information added by DrKonqi (8.15 KB, text/plain)
2018-10-04 12:21 UTC, lars.koraeus 		Details
New crash information added by DrKonqi (5.98 KB, text/plain)
2019-06-26 11:35 UTC, trevorbl 		Details
Valgrind log of the crash (7.23 KB, text/x-log)
2019-08-23 19:52 UTC, Wolfgang Bauer 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Francesca Silvana Scoppio 2018-06-19 19:37:35 UTC 
Application: kpat (3.6)

Qt Version: 5.11.0
Frameworks Version: 5.48.0
Operating System: Linux 4.13.0-45-generic x86_64
Distribution: KDE neon Developer Edition

-- Information about the crash:
- What I was doing when the application crashed:
 I only was using ktorrent and nothing else. Ktorrent still works.

The crash can be reproduced sometimes.

-- Backtrace:
Application: KPatience (kpat), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f946694d8c0 (LWP 5446))]

Thread 2 (Thread 0x7f9449f77700 (LWP 5449)):
#0  0x00007f946205c74d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007f945c24038c in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f945c24049c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f9462c7cbeb in QEventDispatcherGlib::processEvents (this=0x7f94440008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:425
#4  0x00007f9462c241ca in QEventLoop::exec (this=this@entry=0x7f9449f76cc0, flags=..., flags@entry=...) at kernel/qeventloop.cpp:214
#5  0x00007f9462a595e4 in QThread::exec (this=<optimized out>) at thread/qthread.cpp:522
#6  0x00007f945e986f35 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5DBus.so.5
#7  0x00007f9462a64727 in QThreadPrivate::start (arg=0x7f945ebffd60) at thread/qthread_unix.cpp:367
#8  0x00007f945dc506ba in start_thread (arg=0x7f9449f77700) at pthread_create.c:333
#9  0x00007f946206841d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 1 (Thread 0x7f946694d8c0 (LWP 5446)):
[KCrash Handler]
#6  MemoryManager::new_from_block (this=0x1c83f60, s=48) at /workspace/build/patsolve/memory.cpp:165
#7  0x000000000044b717 in Solver<10ul>::pack_position (this=this@entry=0x2139d50) at /workspace/build/patsolve/patsolve.cpp:219
#8  0x000000000044bb9e in Solver<10ul>::insert (this=this@entry=0x2139d50, cluster=cluster@entry=0x7ffce8ca176c, d=0, node=node@entry=0x7ffce8ca1770) at /workspace/build/patsolve/patsolve.cpp:890
#9  0x000000000044bc68 in Solver<10ul>::new_position (this=this@entry=0x2139d50, parent=parent@entry=0x0, m=m@entry=0x7ffce8ca17b0) at /workspace/build/patsolve/patsolve.cpp:922
#10 0x00000000004536ee in Solver<10ul>::doit (this=0x2139d50) at /workspace/build/patsolve/patsolve.cpp:508
#11 0x0000000000453787 in Solver<10ul>::patsolve (this=0x2139d50, _max_positions=<optimized out>) at /workspace/build/patsolve/patsolve.cpp:803
#12 0x000000000042240e in DealerScene::isGameLost (this=0x21a9260) at /workspace/build/dealer.cpp:1737
#13 0x000000000042ab30 in DealerScene::takeState (this=this@entry=0x21a9260) at /workspace/build/dealer.cpp:1328
#14 0x000000000042e5f4 in DealerScene::animationDone (this=0x21a9260) at /workspace/build/dealer.cpp:1544
#15 0x00007f9462c52eb6 in QtPrivate::QSlotObjectBase::call (a=0x7ffce8ca1a60, r=0x21a9260, this=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:376
#16 QMetaObject::activate (sender=0x21a9260, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3754
#17 0x00007f9462c52eb6 in QtPrivate::QSlotObjectBase::call (a=0x7ffce8ca1b70, r=0x21a9260, this=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:376
#18 QMetaObject::activate (sender=0x19d34b0, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3754
#19 0x00007f9462c52eb6 in QtPrivate::QSlotObjectBase::call (a=0x7ffce8ca1cd0, r=0x1b606d0, this=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:376
#20 QMetaObject::activate (sender=sender@entry=0x1b603a0, signalOffset=<optimized out>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffce8ca1cd0) at kernel/qobject.cpp:3754
#21 0x00007f9462c53497 in QMetaObject::activate (sender=sender@entry=0x1b603a0, m=m@entry=0x7f94630a6da0 <QTimer::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffce8ca1cd0) at kernel/qobject.cpp:3633
#22 0x00007f9462c5f717 in QTimer::timeout (this=this@entry=0x1b603a0, _t1=...) at .moc/moc_qtimer.cpp:200
#23 0x00007f9462c5fa18 in QTimer::timerEvent (this=0x1b603a0, e=<optimized out>) at kernel/qtimer.cpp:255
#24 0x00007f9462c53b83 in QObject::event (this=0x1b603a0, e=<optimized out>) at kernel/qobject.cpp:1273
#25 0x00007f94640a729c in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x1b603a0, e=0x7ffce8ca1fc0) at kernel/qapplication.cpp:3713
#26 0x00007f94640ae917 in QApplication::notify (this=0x7ffce8ca23d0, receiver=0x1b603a0, e=0x7ffce8ca1fc0) at kernel/qapplication.cpp:3472
#27 0x00007f9462c25e38 in QCoreApplication::notifyInternal2 (receiver=0x1b603a0, event=event@entry=0x7ffce8ca1fc0) at kernel/qcoreapplication.cpp:1048
#28 0x00007f9462c7bfae in QCoreApplication::sendEvent (event=0x7ffce8ca1fc0, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:234
#29 QTimerInfoList::activateTimers (this=0x16245b0) at kernel/qtimerinfo_unix.cpp:643
#30 0x00007f9462c7c831 in timerSourceDispatch (source=<optimized out>) at kernel/qeventdispatcher_glib.cpp:182
#31 0x00007f945c240197 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#32 0x00007f945c2403f0 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#33 0x00007f945c24049c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#34 0x00007f9462c7cbcf in QEventDispatcherGlib::processEvents (this=this@entry=0x1600870, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#35 0x00007f9454c17c11 in QPAEventDispatcherGlib::processEvents (this=0x1600870, flags=...) at qeventdispatcher_glib.cpp:69
#36 0x00007f9462c241ca in QEventLoop::exec (this=this@entry=0x7ffce8ca2230, flags=..., flags@entry=...) at kernel/qeventloop.cpp:214
#37 0x00007f9462c2d2d4 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1336
#38 0x00007f946341b81c in QGuiApplication::exec () at kernel/qguiapplication.cpp:1751
#39 0x00007f94640a71f5 in QApplication::exec () at kernel/qapplication.cpp:2898
#40 0x000000000041e5c0 in main (argc=1, argv=<optimized out>) at /workspace/build/main.cpp:337

Reported using DrKonqi
Comment 1 Fabian 2018-06-28 09:14:05 UTC 
Thank you for your bug report. Do you recall what kind of patience game you were playing when KPat crashed?
Comment 2 Francesca Silvana Scoppio 2018-06-28 18:25:02 UTC 
Created attachment 113629 [details]
attachment-16672-0.html

Unfortunately no, since I make almost all of them ...

2018-06-28 11:14 GMT+02:00 Fabian <bugzilla_noreply@kde.org>:

> https://bugs.kde.org/show_bug.cgi?id=395624
>
> --- Comment #1 from Fabian <0inkane@googlemail.com> ---
> Thank you for your bug report. Do you recall what kind of patience game you
> were playing when KPat crashed?
>
> --
> You are receiving this mail because:
> You reported the bug.
>
Comment 3 Fabian 2018-08-29 13:51:15 UTC 
I am almost certain that the source of this crash was in the Freecell-Solver. As of applications 18.08, a new solver is used thanks to Shlomi Fish, so this crash should not appear anymore.
Comment 4 lars.koraeus 2018-10-04 12:21:21 UTC 
Created attachment 115409 [details]
New crash information added by DrKonqi

kpat (3.6) using Qt 5.11.1

I had just finished Freecell. When I then selected a new game.Forty & Eight this always happen. But then it work OK when restarted.
I was runnub Icewn during the crash mot KDE.

-- Backtrace (Reduced):
#6  MemoryManager::new_from_block (this=0x556d75914a60, s=48) at /usr/src/debug/kpat-18.08.1-1.1.x86_64/patsolve/memory.cpp:165
#7  0x0000556d74953a37 in Solver<10ul>::pack_position (this=this@entry=0x556d768ec7e0) at /usr/include/c++/8/bits/unique_ptr.h:342
#8  0x0000556d74953eee in Solver<10ul>::insert (this=this@entry=0x556d768ec7e0, cluster=cluster@entry=0x7fff597e936c, d=0, node=node@entry=0x7fff597e9370) at /usr/include/c++/8/bits/unique_ptr.h:342
#9  0x0000556d74953fda in Solver<10ul>::new_position (this=this@entry=0x556d768ec7e0, parent=parent@entry=0x0, m=m@entry=0x7fff597e93b0) at /usr/src/debug/kpat-18.08.1-1.1.x86_64/patsolve/patsolve.cpp:907
#10 0x0000556d7495c0a6 in Solver<10ul>::doit (this=0x556d768ec7e0) at /usr/include/bits/string_fortified.h:71
Comment 5 Albert Astals Cid 2018-10-09 20:41:53 UTC 
Fabian, this is 18.08.1

Can you please have a look?
Comment 6 lars.koraeus 2018-10-12 15:53:34 UTC 
I can add that the resolver slow down the playing. Sometimes it takes 100% of the CPU.
Also it only crashes when I do freecell as the first game and the afterwards select another. If I start with any other it do not crash.

But also referring to another comments here about the solver. Now it works poorly. It do not give the correct answers any more for most of the games.
Comment 7 Fabian 2018-10-12 16:12:28 UTC 
@Lars 
> It do not give the correct answers any more for most of the games.

As the solver being wrong is a different kind of bug than a crash: Could you create a new bug report for this, ideally with a game file for a situation where this occurs?
Comment 8 trevorbl 2019-06-26 11:35:26 UTC 
Created attachment 121157 [details]
New crash information added by DrKonqi

kpat (3.6) using Qt 5.9.7

- What I was doing when the application crashed:

Same as comment 4 for me.   I played fourty&Eight then freecell no problems.   Then switched back to Forty & Eight to get a crash.  Happens every time for me.

-- Backtrace (Reduced):
#6  MemoryManager::new_from_block (this=0x29d21f0, s=48) at /home/trevor/rpmbuild/BUILD/kpat-19.04.1/patsolve/memory.cpp:165
#7  0x00000000004506a7 in Solver<10ul>::pack_position (this=this@entry=0x2b697d0) at /home/trevor/rpmbuild/BUILD/kpat-19.04.1/patsolve/patsolve.cpp:218
#8  0x0000000000450b3a in Solver<10ul>::insert (this=this@entry=0x2b697d0, cluster=cluster@entry=0x7ffe672f90f4, d=0, node=node@entry=0x7ffe672f90f8) at /home/trevor/rpmbuild/BUILD/kpat-19.04.1/patsolve/patsolve.cpp:889
#9  0x0000000000450c0a in Solver<10ul>::new_position (this=this@entry=0x2b697d0, parent=parent@entry=0x0, m=m@entry=0x7ffe672f9130) at /home/trevor/rpmbuild/BUILD/kpat-19.04.1/patsolve/patsolve.cpp:921
#10 0x00000000004587d7 in Solver<10ul>::doit (this=0x2b697d0) at /home/trevor/rpmbuild/BUILD/kpat-19.04.1/patsolve/patsolve.cpp:507
Comment 9 Albert Astals Cid 2019-06-26 20:22:55 UTC 
*** Bug 404161 has been marked as a duplicate of this bug. ***
Comment 10 Albert Astals Cid 2019-06-26 20:23:01 UTC 
*** Bug 409100 has been marked as a duplicate of this bug. ***
Comment 11 Albert Astals Cid 2019-06-26 20:23:38 UTC 
We really need someone reproducing this in valgrind and maybe we'll figure out what's wrong, no develop seems to be able to hit this problem.
Comment 12 Fabian 2019-06-26 20:29:59 UTC 
Maybe I should create an appimage/snap with sanitizers enabled and ask people who hit the bug whether they could try to reproduce it with that one.


Really annoying that I cannot reproduce this locally...
Comment 13 Albert Astals Cid 2019-06-26 20:48:45 UTC 
I've run it with sanitizers and nothing, but yeah maybe they're really doing something different than i do, so if you have time it's worth a try
Comment 14 Brian Kaye 2019-06-28 13:38:19 UTC 
Whar do you mean "run with sanitizers"?
Comment 15 Fabian 2019-06-28 13:51:08 UTC 
@Brian: Sanitizers check the program for certain kind of issues while it is being run. The hope is that this would allow us to find out what exactly is causing the crashes.

However, one needs to compiler the program in a special way to use sanitizers, so that needs to be done first before we can ask anyone to run it.
Comment 16 Wolfgang Bauer 2019-08-23 19:52:19 UTC 
Created attachment 122307 [details]
Valgrind log of the crash

The crash is reliably reproducable here (with kpat 19.08.0) by finishing a FreeCell game and then start a different game (Grandfather's clock).

I attached a valgrind log.
Comment 17 Wolfgang Bauer 2019-08-27 06:41:13 UTC 
More information about the crash:
As can be seen from the valgrind log, Block is 0 in MemoryManager::new_from_block().

The crashes start with https://cgit.kde.org/kpat.git/commit/?h=Applications/18.08&id=fc1d54ced6a727382599d767e55879b6843c3456, I cannot reproduce at all with earlier git snapshots (while it now crashes every time when starting a different game after solving Freecell).

AFAICS, the new Freecell solver code doesn't use MemoryManager, so presumingly it doesn't get initialized properly now in that case.
Comment 18 Wolfgang Bauer 2019-08-27 06:42:14 UTC 
PS: I just saw https://phabricator.kde.org/D23404, I'm going to give it a try.
Comment 19 Fabian 2019-09-07 18:49:00 UTC 
Git commit d7fcc9a0c79f186118e0c20804af1f7467fc4580 by Fabian Kosmale.
Committed on 07/09/2019 at 18:47.
Pushed by fabiank into branch 'master'.

FcSolveSolver: cleanup ressources

The FcSolveSolver did not call its free function in patsolve, leading to
ressource exhaustion.

M  +10   -0    patsolve/abstract_fc_solve_solver.cpp

https://commits.kde.org/kpat/d7fcc9a0c79f186118e0c20804af1f7467fc4580