410844 – Okular segfault

Bug 410844 - Okular segfault

Summary: Okular segfault

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	okular
Classification:	Applications
Component:	general (show other bugs)
Version:	1.7.3
Platform:	Neon Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Okular developers

URL:
Keywords:	drkonqi

Depends on:
Blocks:

Reported:	2019-08-12 10:09 UTC by kristoffer.justad
Modified:	2019-08-27 16:05 UTC (History)
CC List:	6 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
attachment-5093-0.html (3.63 KB, text/html) 2019-08-14 08:44 UTC, kristoffer.justad	Details
attachment-22567-0.html (3.65 KB, text/html) 2019-08-16 10:21 UTC, kristoffer.justad	Details
attachment-23489-0.html (6.99 KB, text/html) 2019-08-16 10:54 UTC, kristoffer.justad	Details
attachment-23606-0.html (16.50 KB, text/html) 2019-08-16 11:00 UTC, kristoffer.justad	Details
New crash information added by DrKonqi (10.32 KB, text/plain) 2019-08-17 11:35 UTC, Till Seifert	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description kristoffer.justad 2019-08-12 10:09:40 UTC

Application: okular (1.7.3)

Qt Version: 5.12.3
Frameworks Version: 5.61.0
Operating System: Linux 4.15.0-55-generic x86_64
Distribution: KDE neon User Edition 5.16

-- Information about the crash:
- What I was doing when the application crashed:

I tried opening a *.mobi file. However, Okular segfaults repeatedly.

The crash can be reproduced every time.

-- Backtrace:
Application: Okular (okular), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7faa6ec5a200 (LWP 8541))]

Thread 4 (Thread 0x7faa42637700 (LWP 8544)):
#0  0x00007faa6765e9f3 in futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x561c35ce2658) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  __pthread_cond_wait_common (abstime=0x0, mutex=0x561c35ce2608, cond=0x561c35ce2630) at pthread_cond_wait.c:502
#2  __pthread_cond_wait (cond=0x561c35ce2630, mutex=0x561c35ce2608) at pthread_cond_wait.c:655
#3  0x00007faa4321a31a in ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#4  0x00007faa4321a047 in ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#5  0x00007faa676586db in start_thread (arg=0x7faa42637700) at pthread_create.c:463
#6  0x00007faa6a8c088f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7faa54217700 (LWP 8543)):
#0  0x00007faa6a8b3c08 in __GI___poll (fds=0x7faa4c004db0, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007faa653265c9 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007faa653266dc in g_main_context_iteration () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007faa6b1f6dcb in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007faa6b19803a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007faa6afbf4ca in QThread::exec() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007faa6b665015 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5DBus.so.5
#7  0x00007faa6afc0c72 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x00007faa676586db in start_thread (arg=0x7faa54217700) at pthread_create.c:463
#9  0x00007faa6a8c088f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7faa5ce43700 (LWP 8542)):
#0  0x00007faa6a8b3bf9 in __GI___poll (fds=0x7faa5ce42ca8, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007faa680d9747 in ?? () from /usr/lib/x86_64-linux-gnu/libxcb.so.1
#2  0x00007faa680db36a in xcb_wait_for_event () from /usr/lib/x86_64-linux-gnu/libxcb.so.1
#3  0x00007faa5fc2a578 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#4  0x00007faa6afc0c72 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007faa676586db in start_thread (arg=0x7faa5ce43700) at pthread_create.c:463
#6  0x00007faa6a8c088f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7faa6ec5a200 (LWP 8541)):
[KCrash Handler]
#6  0x00007faa525bdf3f in std::__atomic_base<int>::load (__m=std::memory_order_relaxed, this=0xc40c758) at /usr/include/c++/7/bits/atomic_base.h:396
#7  QAtomicOps<int>::load<int> (_q_value=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qatomic_cxx11.h:227
#8  QBasicAtomicInteger<int>::load (this=0xc40c758) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qbasicatomic.h:103
#9  QtPrivate::RefCount::isShared (this=0xc40c758) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qrefcount.h:101
#10 QLinkedList<Okular::ObjectRect*>::detach (this=0x7faa6b233be8) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qlinkedlist.h:106
#11 QLinkedList<Okular::ObjectRect*>::append (this=this@entry=0x7faa6b233be8, t=@0x7ffd159660e0: 0x561c360e1730) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qlinkedlist.h:394
#12 0x00007faa525c4398 in Okular::TextDocumentGenerator::loadDocumentWithPassword (this=<optimized out>, fileName=..., pagesVector=..., password=...) at ./core/textdocumentgenerator.cpp:342
#13 0x00007faa5259e0ba in Okular::DocumentPrivate::openDocumentInternal (this=0x7faa58004e00, offer=..., isstdin=isstdin@entry=false, docFile=..., filedata=..., password=...) at ./core/document.cpp:875
#14 0x00007faa5259e75d in Okular::Document::openDocument (this=this@entry=0x561c35b59780, docFile=..., url=..., _mime=..., password=...) at ./core/document.cpp:2446
#15 0x00007faa528cb6db in Okular::Part::doOpenFile (this=this@entry=0x561c35b12550, mimeA=..., fileNameToOpenA=..., isCompressedFile=isCompressedFile@entry=0x7ffd159665c7) at ./part.cpp:1415
#16 0x00007faa528cbd27 in Okular::Part::openFile (this=0x561c35b12550) at ./part.cpp:1549
#17 0x00007faa6e833a56 in KParts::ReadOnlyPartPrivate::openLocalFile (this=this@entry=0x561c35b099d0) at ./src/readonlypart.cpp:190
#18 0x00007faa6e8348e1 in KParts::ReadOnlyPart::openUrl (this=this@entry=0x561c35b12550, url=...) at ./src/readonlypart.cpp:153
#19 0x00007faa528bde06 in Okular::Part::openUrl (this=0x561c35b12550, _url=..., swapInsteadOfOpening=<optimized out>) at ./part.cpp:1755
#20 0x0000561c34dd2ae2 in Shell::openUrl (this=this@entry=0x561c35ac8700, url=..., serializedOptions=...) at ./shell/shell.cpp:280
#21 0x0000561c34dd2d72 in Shell::openDocument (this=this@entry=0x561c35ac8700, url=..., serializedOptions=...) at ./shell/shell.cpp:221
#22 0x0000561c34dd2e16 in Shell::openDocument (this=this@entry=0x561c35ac8700, url=..., serializedOptions=...) at ./shell/shell.cpp:208
#23 0x0000561c34dcc306 in Okular::main (paths=..., serializedOptions=...) at ./shell/okular_main.cpp:176
#24 0x0000561c34dcb955 in main (argc=<optimized out>, argv=<optimized out>) at ./shell/main.cpp:77

Possible duplicates by query: bug 410345, bug 409515, bug 409110, bug 408851, bug 408818.

Reported using DrKonqi

Comment 1 Albert Astals Cid 2019-08-12 22:36:24 UTC

We're going to need the file

Comment 2 Albert Astals Cid 2019-08-13 20:32:17 UTC

The file you sent works fine for me.

Does it crash all the time for you?

Can you run
   valgrind okular thefile.mobi
and attach the output? install valgrind first if you don't have it ;)

Comment 3 kristoffer.justad 2019-08-14 08:44:15 UTC

Created attachment 122110 [details]
attachment-5093-0.html

Hi, this is what I get until KDE announces the application froze and
proposed to terminate it, otherwise it just remains frozen indefinitely

BR Kristoffer

==2411== Memcheck, a memory error detector
==2411== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==2411== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==2411== Command: okular bok.mobi
==2411==
==2411== Conditional jump or move depends on uninitialised value(s)
==2411==    at 0x8EAD5D7: __wmemchr_avx2 (memchr-avx2.S:260)
==2411==    by 0x8E085D8: internal_fnwmatch (fnmatch_loop.c:168)
==2411==    by 0x8E0BA47: fnmatch@@GLIBC_2.2.5 (fnmatch.c:434)
==2411==    by 0x286396D5: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==2411==    by 0x8DFE2F3: __scandir_tail (scandir-tail.c:54)
==2411==    by 0x286399D7: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==2411==    by 0x28633C4F: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==2411==    by 0x28629A1C: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==2411==    by 0x286160AD: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==2411==    by 0x28611753: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==2411==    by 0x28611C8C: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==2411==    by 0x281B872B: ??? (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
==2411==
==2411== Conditional jump or move depends on uninitialised value(s)
==2411==    at 0x8EAD5F7: __wmemchr_avx2 (memchr-avx2.S:271)
==2411==    by 0x8E085D8: internal_fnwmatch (fnmatch_loop.c:168)
==2411==    by 0x8E0BA47: fnmatch@@GLIBC_2.2.5 (fnmatch.c:434)
==2411==    by 0x29D1CAA5: ??? (in
/usr/lib/x86_64-linux-gnu/dri/i965_dri.so)
==2411==    by 0x8DFE2F3: __scandir_tail (scandir-tail.c:54)
==2411==    by 0x29D1CDA7: ??? (in
/usr/lib/x86_64-linux-gnu/dri/i965_dri.so)
==2411==    by 0x29D1A23F: ??? (in
/usr/lib/x86_64-linux-gnu/dri/i965_dri.so)
==2411==    by 0x28629AF6: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==2411==    by 0x286160AD: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==2411==    by 0x28611753: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==2411==    by 0x28611C8C: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==2411==    by 0x281B872B: ??? (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
==2411==
Killed

On Tue, Aug 13, 2019 at 10:32 PM Albert Astals Cid <bugzilla_noreply@kde.org>
wrote:

> https://bugs.kde.org/show_bug.cgi?id=410844
>
> --- Comment #2 from Albert Astals Cid <aacid@kde.org> ---
> The file you sent works fine for me.
>
> Does it crash all the time for you?
>
> Can you run
>    valgrind okular thefile.mobi
> and attach the output? install valgrind first if you don't have it ;)
>
> --
> You are receiving this mail because:
> You reported the bug.

Comment 4 Albert Astals Cid 2019-08-14 22:40:51 UTC

Can you give it some more time?

valgrind makes things be muuuuuuuuuch slower

Comment 5 kristoffer.justad 2019-08-16 10:21:46 UTC

Created attachment 122163 [details]
attachment-22567-0.html

Hi, the full output:

==1959== Memcheck, a memory error detector
==1959== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1959== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==1959== Command: okular bok.mobi
==1959==
==1959== Conditional jump or move depends on uninitialised value(s)
==1959==    at 0x8EAD5D7: __wmemchr_avx2 (memchr-avx2.S:260)
==1959==    by 0x8E085D8: internal_fnwmatch (fnmatch_loop.c:168)
==1959==    by 0x8E0BA47: fnmatch@@GLIBC_2.2.5 (fnmatch.c:434)
==1959==    by 0x286396D5: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==1959==    by 0x8DFE2F3: __scandir_tail (scandir-tail.c:54)
==1959==    by 0x286399D7: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==1959==    by 0x28633C4F: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==1959==    by 0x28629A1C: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==1959==    by 0x286160AD: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==1959==    by 0x28611753: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==1959==    by 0x28611C8C: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==1959==    by 0x281B872B: ??? (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
==1959==
==1959== Conditional jump or move depends on uninitialised value(s)
==1959==    at 0x8EAD5F7: __wmemchr_avx2 (memchr-avx2.S:271)
==1959==    by 0x8E085D8: internal_fnwmatch (fnmatch_loop.c:168)
==1959==    by 0x8E0BA47: fnmatch@@GLIBC_2.2.5 (fnmatch.c:434)
==1959==    by 0x29D1C835: ??? (in
/usr/lib/x86_64-linux-gnu/dri/i965_dri.so)
==1959==    by 0x8DFE2F3: __scandir_tail (scandir-tail.c:54)
==1959==    by 0x29D1CB37: ??? (in
/usr/lib/x86_64-linux-gnu/dri/i965_dri.so)
==1959==    by 0x29D19FCF: ??? (in
/usr/lib/x86_64-linux-gnu/dri/i965_dri.so)
==1959==    by 0x28629AF6: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==1959==    by 0x286160AD: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==1959==    by 0x28611753: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==1959==    by 0x28611C8C: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==1959==    by 0x281B872B: ??? (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
==1959==
KCrash: crashing... crashRecursionCounter = 2
KCrash: Application Name = okular path = /usr/bin pid = 1959
KCrash: Arguments: /usr/bin/okular bok.mobi
KCrash: Attempting to start /usr/lib/x86_64-linux-gnu/libexec/drkonqi from
kdeinit
sock_file=/run/user/1000/kdeinit5__0

[1]+  Stopped                 valgrind okular bok.mobi

On Thu, Aug 15, 2019 at 12:40 AM Albert Astals Cid <bugzilla_noreply@kde.org>
wrote:

> https://bugs.kde.org/show_bug.cgi?id=410844
>
> --- Comment #4 from Albert Astals Cid <aacid@kde.org> ---
> Can you give it some more time?
>
> valgrind makes things be muuuuuuuuuch slower
>
> --
> You are receiving this mail because:
> You reported the bug.

Comment 6 kristoffer.justad 2019-08-16 10:54:16 UTC

Created attachment 122165 [details]
attachment-23489-0.html

Ran it again in case it might produce different output

==3514== Memcheck, a memory error detector
==3514== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==3514== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==3514== Command: okular bok.mobi
==3514==
==3514== Conditional jump or move depends on uninitialised value(s)
==3514==    at 0x8EAD5D7: __wmemchr_avx2 (memchr-avx2.S:260)
==3514==    by 0x8E085D8: internal_fnwmatch (fnmatch_loop.c:168)
==3514==    by 0x8E0BA47: fnmatch@@GLIBC_2.2.5 (fnmatch.c:434)
==3514==    by 0x286396D5: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==3514==    by 0x8DFE2F3: __scandir_tail (scandir-tail.c:54)
==3514==    by 0x286399D7: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==3514==    by 0x28633C4F: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==3514==    by 0x28629A1C: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==3514==    by 0x286160AD: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==3514==    by 0x28611753: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==3514==    by 0x28611C8C: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==3514==    by 0x281B872B: ??? (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
==3514==
==3514== Conditional jump or move depends on uninitialised value(s)
==3514==    at 0x8EAD5F7: __wmemchr_avx2 (memchr-avx2.S:271)
==3514==    by 0x8E085D8: internal_fnwmatch (fnmatch_loop.c:168)
==3514==    by 0x8E0BA47: fnmatch@@GLIBC_2.2.5 (fnmatch.c:434)
==3514==    by 0x29D1C835: ??? (in
/usr/lib/x86_64-linux-gnu/dri/i965_dri.so)
==3514==    by 0x8DFE2F3: __scandir_tail (scandir-tail.c:54)
==3514==    by 0x29D1CB37: ??? (in
/usr/lib/x86_64-linux-gnu/dri/i965_dri.so)
==3514==    by 0x29D19FCF: ??? (in
/usr/lib/x86_64-linux-gnu/dri/i965_dri.so)
==3514==    by 0x28629AF6: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==3514==    by 0x286160AD: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==3514==    by 0x28611753: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==3514==    by 0x28611C8C: ??? (in
/usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
==3514==    by 0x281B872B: ??? (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
==3514==
KCrash: crashing... crashRecursionCounter = 2
KCrash: Application Name = okular path = /usr/bin pid = 3514
KCrash: Arguments: /usr/bin/okular bok.mobi
KCrash: Attempting to start /usr/lib/x86_64-linux-gnu/libexec/drkonqi from
kdeinit
sock_file=/run/user/1000/kdeinit5__0

[1]+  Stopped                 valgrind okular bok.mobi

On Fri, Aug 16, 2019 at 12:21 PM Kristoffer Roheim Justad <
kristoffer.justad@gmail.com> wrote:

> Hi, the full output:
>
> ==1959== Memcheck, a memory error detector
> ==1959== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
> ==1959== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
> ==1959== Command: okular bok.mobi
> ==1959==
> ==1959== Conditional jump or move depends on uninitialised value(s)
> ==1959==    at 0x8EAD5D7: __wmemchr_avx2 (memchr-avx2.S:260)
> ==1959==    by 0x8E085D8: internal_fnwmatch (fnmatch_loop.c:168)
> ==1959==    by 0x8E0BA47: fnmatch@@GLIBC_2.2.5 (fnmatch.c:434)
> ==1959==    by 0x286396D5: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==1959==    by 0x8DFE2F3: __scandir_tail (scandir-tail.c:54)
> ==1959==    by 0x286399D7: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==1959==    by 0x28633C4F: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==1959==    by 0x28629A1C: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==1959==    by 0x286160AD: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==1959==    by 0x28611753: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==1959==    by 0x28611C8C: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==1959==    by 0x281B872B: ??? (in
> /usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
> ==1959==
> ==1959== Conditional jump or move depends on uninitialised value(s)
> ==1959==    at 0x8EAD5F7: __wmemchr_avx2 (memchr-avx2.S:271)
> ==1959==    by 0x8E085D8: internal_fnwmatch (fnmatch_loop.c:168)
> ==1959==    by 0x8E0BA47: fnmatch@@GLIBC_2.2.5 (fnmatch.c:434)
> ==1959==    by 0x29D1C835: ??? (in
> /usr/lib/x86_64-linux-gnu/dri/i965_dri.so)
> ==1959==    by 0x8DFE2F3: __scandir_tail (scandir-tail.c:54)
> ==1959==    by 0x29D1CB37: ??? (in
> /usr/lib/x86_64-linux-gnu/dri/i965_dri.so)
> ==1959==    by 0x29D19FCF: ??? (in
> /usr/lib/x86_64-linux-gnu/dri/i965_dri.so)
> ==1959==    by 0x28629AF6: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==1959==    by 0x286160AD: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==1959==    by 0x28611753: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==1959==    by 0x28611C8C: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==1959==    by 0x281B872B: ??? (in
> /usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
> ==1959==
> KCrash: crashing... crashRecursionCounter = 2
> KCrash: Application Name = okular path = /usr/bin pid = 1959
> KCrash: Arguments: /usr/bin/okular bok.mobi
> KCrash: Attempting to start /usr/lib/x86_64-linux-gnu/libexec/drkonqi from
> kdeinit
> sock_file=/run/user/1000/kdeinit5__0
>
> [1]+  Stopped                 valgrind okular bok.mobi
>
> On Thu, Aug 15, 2019 at 12:40 AM Albert Astals Cid <
> bugzilla_noreply@kde.org> wrote:
>
>> https://bugs.kde.org/show_bug.cgi?id=410844
>>
>> --- Comment #4 from Albert Astals Cid <aacid@kde.org> ---
>> Can you give it some more time?
>>
>> valgrind makes things be muuuuuuuuuch slower
>>
>> --
>> You are receiving this mail because:
>> You reported the bug.
>
>

Comment 7 kristoffer.justad 2019-08-16 11:00:16 UTC

Created attachment 122166 [details]
attachment-23606-0.html

QSocketNotifier: Invalid socket 8 and type 'Read', disabling...
==3514== Thread 3 QDBusConnectionM:
==3514== Invalid read of size 2
==3514==    at 0x853CC56: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0xE308FE0: g_main_context_check (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5600.4)
==3514==    by 0xE30956F: ??? (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5600.4)
==3514==    by 0xE3096DB: g_main_context_iteration (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5600.4)
==3514==    by 0x853CDAE:
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x84DE039:
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x83054C9: QThread::exec() (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x7FE6014: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5DBus.so.5.12.3)
==3514==    by 0x8306C71: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0xC0456DA: start_thread (pthread_create.c:463)
==3514==    by 0x8E3F88E: clone (clone.S:95)
==3514==  Address 0x136c60b4 is 4 bytes inside a block of size 16 free'd
==3514==    at 0x4C3123B: operator delete(void*) (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3514==    by 0x851C3BB: QSocketNotifier::setEnabled(bool) (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x853CC50: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0xE308FE0: g_main_context_check (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5600.4)
==3514==    by 0xE30956F: ??? (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5600.4)
==3514==    by 0xE3096DB: g_main_context_iteration (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5600.4)
==3514==    by 0x853CDAE:
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x84DE039:
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x83054C9: QThread::exec() (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x7FE6014: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5DBus.so.5.12.3)
==3514==    by 0x8306C71: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0xC0456DA: start_thread (pthread_create.c:463)
==3514==  Block was alloc'd at
==3514==    at 0x4C3017F: operator new(unsigned long) (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3514==    by 0x853D8E1:
QEventDispatcherGlib::registerSocketNotifier(QSocketNotifier*) (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x851C237: QSocketNotifier::QSocketNotifier(long long,
QSocketNotifier::Type, QObject*) (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x7FF2CFB: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5DBus.so.5.12.3)
==3514==    by 0xD1B71F1: _dbus_watch_list_set_functions (in
/lib/x86_64-linux-gnu/libdbus-1.so.3.19.4)
==3514==    by 0xD19CE9E: dbus_connection_set_watch_functions (in
/lib/x86_64-linux-gnu/libdbus-1.so.3.19.4)
==3514==    by 0x7FF5580: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5DBus.so.5.12.3)
==3514==    by 0x7FE7D61: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5DBus.so.5.12.3)
==3514==    by 0x85103E1: QObject::event(QEvent*) (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x84DFD00: QCoreApplication::notifyInternal2(QObject*,
QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x84E28D6:
QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x853D792: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==
==3514== Invalid read of size 2
==3514==    at 0x853CC5B: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0xE308FE0: g_main_context_check (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5600.4)
==3514==    by 0xE30956F: ??? (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5600.4)
==3514==    by 0xE3096DB: g_main_context_iteration (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5600.4)
==3514==    by 0x853CDAE:
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x84DE039:
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x83054C9: QThread::exec() (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x7FE6014: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5DBus.so.5.12.3)
==3514==    by 0x8306C71: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0xC0456DA: start_thread (pthread_create.c:463)
==3514==    by 0x8E3F88E: clone (clone.S:95)
==3514==  Address 0x136c60b6 is 6 bytes inside a block of size 16 free'd
==3514==    at 0x4C3123B: operator delete(void*) (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3514==    by 0x851C3BB: QSocketNotifier::setEnabled(bool) (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x853CC50: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0xE308FE0: g_main_context_check (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5600.4)
==3514==    by 0xE30956F: ??? (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5600.4)
==3514==    by 0xE3096DB: g_main_context_iteration (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5600.4)
==3514==    by 0x853CDAE:
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x84DE039:
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x83054C9: QThread::exec() (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x7FE6014: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5DBus.so.5.12.3)
==3514==    by 0x8306C71: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0xC0456DA: start_thread (pthread_create.c:463)
==3514==  Block was alloc'd at
==3514==    at 0x4C3017F: operator new(unsigned long) (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3514==    by 0x853D8E1:
QEventDispatcherGlib::registerSocketNotifier(QSocketNotifier*) (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x851C237: QSocketNotifier::QSocketNotifier(long long,
QSocketNotifier::Type, QObject*) (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x7FF2CFB: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5DBus.so.5.12.3)
==3514==    by 0xD1B71F1: _dbus_watch_list_set_functions (in
/lib/x86_64-linux-gnu/libdbus-1.so.3.19.4)
==3514==    by 0xD19CE9E: dbus_connection_set_watch_functions (in
/lib/x86_64-linux-gnu/libdbus-1.so.3.19.4)
==3514==    by 0x7FF5580: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5DBus.so.5.12.3)
==3514==    by 0x7FE7D61: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5DBus.so.5.12.3)
==3514==    by 0x85103E1: QObject::event(QEvent*) (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x84DFD00: QCoreApplication::notifyInternal2(QObject*,
QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x84E28D6:
QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==    by 0x853D792: ??? (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.3)
==3514==
QSocketNotifier: Invalid socket 9 and type 'Read', disabling...
==3514==
==3514== HEAP SUMMARY:
==3514==     in use at exit: 172,208,419 bytes in 358,253 blocks
==3514==   total heap usage: 4,328,101 allocs, 3,969,848 frees,
1,258,444,205 bytes allocated
==3514==
==3514== LEAK SUMMARY:
==3514==    definitely lost: 89,385 bytes in 179 blocks
==3514==    indirectly lost: 188,916 bytes in 6,787 blocks
==3514==      possibly lost: 1,148,748 bytes in 4,394 blocks
==3514==    still reachable: 170,781,370 bytes in 346,893 blocks
==3514==                       of which reachable via heuristic:
==3514==                         newarray           : 584 bytes in 16 blocks
==3514==                         multipleinheritance: 67,560 bytes in 99
blocks
==3514==         suppressed: 0 bytes in 0 blocks
==3514== Rerun with --leak-check=full to see details of leaked memory
==3514==
==3514== For counts of detected and suppressed errors, rerun with: -v
==3514== Use --track-origins=yes to see where uninitialised values come from
==3514== ERROR SUMMARY: 8 errors from 4 contexts (suppressed: 0 from 0)

[1]+  Exit 253                valgrind okular bok.mobi

On Fri, Aug 16, 2019 at 12:53 PM Kristoffer Roheim Justad <
kristoffer.justad@gmail.com> wrote:

> Ran it again in case it might produce different output
>
> ==3514== Memcheck, a memory error detector
> ==3514== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
> ==3514== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
> ==3514== Command: okular bok.mobi
> ==3514==
> ==3514== Conditional jump or move depends on uninitialised value(s)
> ==3514==    at 0x8EAD5D7: __wmemchr_avx2 (memchr-avx2.S:260)
> ==3514==    by 0x8E085D8: internal_fnwmatch (fnmatch_loop.c:168)
> ==3514==    by 0x8E0BA47: fnmatch@@GLIBC_2.2.5 (fnmatch.c:434)
> ==3514==    by 0x286396D5: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==3514==    by 0x8DFE2F3: __scandir_tail (scandir-tail.c:54)
> ==3514==    by 0x286399D7: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==3514==    by 0x28633C4F: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==3514==    by 0x28629A1C: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==3514==    by 0x286160AD: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==3514==    by 0x28611753: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==3514==    by 0x28611C8C: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==3514==    by 0x281B872B: ??? (in
> /usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
> ==3514==
> ==3514== Conditional jump or move depends on uninitialised value(s)
> ==3514==    at 0x8EAD5F7: __wmemchr_avx2 (memchr-avx2.S:271)
> ==3514==    by 0x8E085D8: internal_fnwmatch (fnmatch_loop.c:168)
> ==3514==    by 0x8E0BA47: fnmatch@@GLIBC_2.2.5 (fnmatch.c:434)
> ==3514==    by 0x29D1C835: ??? (in
> /usr/lib/x86_64-linux-gnu/dri/i965_dri.so)
> ==3514==    by 0x8DFE2F3: __scandir_tail (scandir-tail.c:54)
> ==3514==    by 0x29D1CB37: ??? (in
> /usr/lib/x86_64-linux-gnu/dri/i965_dri.so)
> ==3514==    by 0x29D19FCF: ??? (in
> /usr/lib/x86_64-linux-gnu/dri/i965_dri.so)
> ==3514==    by 0x28629AF6: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==3514==    by 0x286160AD: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==3514==    by 0x28611753: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==3514==    by 0x28611C8C: ??? (in
> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
> ==3514==    by 0x281B872B: ??? (in
> /usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
> ==3514==
> KCrash: crashing... crashRecursionCounter = 2
> KCrash: Application Name = okular path = /usr/bin pid = 3514
> KCrash: Arguments: /usr/bin/okular bok.mobi
> KCrash: Attempting to start /usr/lib/x86_64-linux-gnu/libexec/drkonqi from
> kdeinit
> sock_file=/run/user/1000/kdeinit5__0
>
> [1]+  Stopped                 valgrind okular bok.mobi
>
> On Fri, Aug 16, 2019 at 12:21 PM Kristoffer Roheim Justad <
> kristoffer.justad@gmail.com> wrote:
>
>> Hi, the full output:
>>
>> ==1959== Memcheck, a memory error detector
>> ==1959== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
>> ==1959== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright
>> info
>> ==1959== Command: okular bok.mobi
>> ==1959==
>> ==1959== Conditional jump or move depends on uninitialised value(s)
>> ==1959==    at 0x8EAD5D7: __wmemchr_avx2 (memchr-avx2.S:260)
>> ==1959==    by 0x8E085D8: internal_fnwmatch (fnmatch_loop.c:168)
>> ==1959==    by 0x8E0BA47: fnmatch@@GLIBC_2.2.5 (fnmatch.c:434)
>> ==1959==    by 0x286396D5: ??? (in
>> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
>> ==1959==    by 0x8DFE2F3: __scandir_tail (scandir-tail.c:54)
>> ==1959==    by 0x286399D7: ??? (in
>> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
>> ==1959==    by 0x28633C4F: ??? (in
>> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
>> ==1959==    by 0x28629A1C: ??? (in
>> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
>> ==1959==    by 0x286160AD: ??? (in
>> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
>> ==1959==    by 0x28611753: ??? (in
>> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
>> ==1959==    by 0x28611C8C: ??? (in
>> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
>> ==1959==    by 0x281B872B: ??? (in
>> /usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
>> ==1959==
>> ==1959== Conditional jump or move depends on uninitialised value(s)
>> ==1959==    at 0x8EAD5F7: __wmemchr_avx2 (memchr-avx2.S:271)
>> ==1959==    by 0x8E085D8: internal_fnwmatch (fnmatch_loop.c:168)
>> ==1959==    by 0x8E0BA47: fnmatch@@GLIBC_2.2.5 (fnmatch.c:434)
>> ==1959==    by 0x29D1C835: ??? (in
>> /usr/lib/x86_64-linux-gnu/dri/i965_dri.so)
>> ==1959==    by 0x8DFE2F3: __scandir_tail (scandir-tail.c:54)
>> ==1959==    by 0x29D1CB37: ??? (in
>> /usr/lib/x86_64-linux-gnu/dri/i965_dri.so)
>> ==1959==    by 0x29D19FCF: ??? (in
>> /usr/lib/x86_64-linux-gnu/dri/i965_dri.so)
>> ==1959==    by 0x28629AF6: ??? (in
>> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
>> ==1959==    by 0x286160AD: ??? (in
>> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
>> ==1959==    by 0x28611753: ??? (in
>> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
>> ==1959==    by 0x28611C8C: ??? (in
>> /usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0)
>> ==1959==    by 0x281B872B: ??? (in
>> /usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
>> ==1959==
>> KCrash: crashing... crashRecursionCounter = 2
>> KCrash: Application Name = okular path = /usr/bin pid = 1959
>> KCrash: Arguments: /usr/bin/okular bok.mobi
>> KCrash: Attempting to start /usr/lib/x86_64-linux-gnu/libexec/drkonqi
>> from kdeinit
>> sock_file=/run/user/1000/kdeinit5__0
>>
>> [1]+  Stopped                 valgrind okular bok.mobi
>>
>> On Thu, Aug 15, 2019 at 12:40 AM Albert Astals Cid <
>> bugzilla_noreply@kde.org> wrote:
>>
>>> https://bugs.kde.org/show_bug.cgi?id=410844
>>>
>>> --- Comment #4 from Albert Astals Cid <aacid@kde.org> ---
>>> Can you give it some more time?
>>>
>>> valgrind makes things be muuuuuuuuuch slower
>>>
>>> --
>>> You are receiving this mail because:
>>> You reported the bug.
>>
>>

Comment 8 Till Seifert 2019-08-17 11:35:48 UTC

Created attachment 122199 [details]
New crash information added by DrKonqi

okular (1.8.0) using Qt 5.12.3

- What I was doing when the application crashed:

Opening a mobi file or opening an azw file

happens since last apt dist-upgrade (yesterday)

PDF's work just fine

-- Backtrace (Reduced):
#6  0x00007f062c7eb2ef in std::__atomic_base<int>::load (__m=std::memory_order_relaxed, this=0xffe824e92a894476) at /usr/include/c++/7/bits/atomic_base.h:396
#7  QAtomicOps<int>::load<int> (_q_value=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qatomic_cxx11.h:227
#8  QBasicAtomicInteger<int>::load (this=0xffe824e92a894476) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qbasicatomic.h:103
#9  QtPrivate::RefCount::isShared (this=0xffe824e92a894476) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qrefcount.h:101
[...]
#11 QLinkedList<Okular::ObjectRect*>::append (this=this@entry=0x7f06455c2688 <QTextStreamPrivate::getNumber(unsigned long long*)+7416>, t=@0x7ffce16b5d80: 0x55d933489980) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qlinkedlist.h:394

Comment 9 Albert Astals Cid 2019-08-20 20:52:04 UTC

The backtraces really make no sense :/

Comment 10 Tobias Deiminger 2019-08-20 23:28:06 UTC

(In reply to Albert Astals Cid from comment #9)
> The backtraces really make no sense :/

The only suspicious thing I can spot is the this-pointer of the RefCount object in comment 0 (this=0xc40c758) and comment 8 (this=0xffe824e92a894476). The former is uncommonly low, the latter is too high, because it resides in the hole of non-canonical virtual memory addresses on x86_64. Both traces from two different people show the same kind of oddness, that's something where one could dig deeper.

Such an invalid this-pointer could for example occur if in TextDocumentGenerator::loadDocumentWithPassword, the QVector [] operator in
    objects[ info.page ].append(/*...*/)
does an out of bounds access to the objects array.

There's already some safety implemented
    if ( info.page >= objects.count() )
      continue;
but info.page is a signed int, and the check doesn't catch negative page numbers. So in theory we could fail here, unless info.page >= 0 is ensured in some other place.

It's quite late. Can anybody double check for how much nonsense I've just written?

Comment 11 Tobias Deiminger 2019-08-21 20:52:01 UTC

I was able to reproduce the issue on a KDE neon User Edition 5.16. As assumed in comment 10, the crash is caused by a negative page index.

The negative page value eventually stems from the freshly generated MobiDocument. If we iterate over all QTextBlocks in the MobiDocument, and check newDocument->documentLayout()->blockBoundingRect(nth_QTextBlock), we see there are lots of blocks with negative top and bottom values, like left = 20.000000, top = -33553713.000000, right = 580, bottom = -33553695.000000.

This is not the case if I do the same on my "normal" development machine, where all top/bottom values are positive for the same .mobi file.

The Okular mobi generator seems mostly unchanged for years. Therefore I'd suspect an upstream regression. KDE Neon ships libqmobipocket.so.2.0.0 from kdegraphics-mobipocket 19.08.0, while on my dev machine I have it from kdegraphics-mobipocket 19.04.0.

I'm going to open a merge request to catch negative page indexes, and will further investigate in what's going on upstream.

Comment 12 Albert Astals Cid 2019-08-21 21:12:12 UTC

Bad Qt? Which one has it 5.12.3?

Comment 13 Tobias Deiminger 2019-08-21 22:00:21 UTC

(In reply to Albert Astals Cid from comment #12)
> Bad Qt? Which one has it 5.12.3?

Yes.

$ dpkg -l libqt5gui5:amd
ii  libqt5gui5:amd64    5.12.3+dfsg-1+18.04+bionic+build58

How to go on, should we inform Neon devs?

Comment 14 Tobias Deiminger 2019-08-22 17:11:29 UTC

Git commit b5b273ad6403e7030f6ede264efc0e4579ac89e3 by Tobias Deiminger.
Committed on 22/08/2019 at 07:17.
Pushed by aacid into branch 'Applications/19.08'.

Enhance bounds check in TextDocumentGenerator

There's too much upstream / logic involved to statically prove
info.pages is always >= 0. Better check it at runtime.

M  +1    -1    core/textdocumentgenerator.cpp

https://invent.kde.org/kde/okular/commit/b5b273ad6403e7030f6ede264efc0e4579ac89e3

Comment 15 Albert Astals Cid 2019-08-22 17:13:00 UTC

Jonathan, Harald, can we get 5.12.4 in Neon? I think it contains fixes to the regressions in QTextDocument

Comment 16 Harald Sitter 2019-08-23 13:20:30 UTC

We'll have to look on Monday. Qt upgrades impact the plasma mobile builds, so we need Bhushan to weigh in and he's not around today.

Comment 17 Tobias Deiminger 2019-08-24 16:41:31 UTC

(In reply to Harald Sitter from comment #16)
> We'll have to look on Monday. Qt upgrades impact the plasma mobile builds,
> so we need Bhushan to weigh in and he's not around today.

FWIW, I can confirm 5.12.4 fixes the regression. In particular, bisecting reveals
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=b4cc29434769b1d6c08ab2fc76cdcc2dac5dede9
as the fixing commit.

Comment 18 Jonathan Riddell 2019-08-27 13:58:33 UTC

I've added this patch to qt in neon

Comment 19 Tobias Deiminger 2019-08-27 16:05:26 UTC

(In reply to Jonathan Riddell from comment #18)
> I've added this patch to qt in neon
Thanks, so I'm closing this as "resolved upstream" now.

KDE Neon users should be able to fix the issue by e.g. running pkcon update. For users on other distros, try to get Qt >= 5.12.4.