Bugzilla – Bug 384817
KDE KRDC 4 crashing
Last modified: 2008-09-20 08:34:47 UTC
Just installed openSUSE 11.0 BETA1. KDE 4 KRDC is constantly crashing, when trying to connect to remote VNC systems. NOTE: this bug is similar to bug 384815, but it is different. -Technologov, 29.4.2008.
NOTE: It takes several minutes and several connections to VNC server to crash it. It doesn't crashes "on connect". BTW: I use openSUSE 11.0 BETA1 on x86 platform.
Backtrace?
GDB output: 0xffffe430 in __kernel_vsyscall () (gdb) (gdb) c Continuing. ^C Program received signal SIGINT, Interrupt. [Switching to Thread 0xb6511a70 (LWP 5715)] 0xffffe430 in __kernel_vsyscall () (gdb) c Continuing. [New Thread 0xb2aa0b90 (LWP 22450)] [New Thread 0xb212db90 (LWP 22453)] [New Thread 0xb17a7b90 (LWP 22454)] [New Thread 0xb0c4db90 (LWP 22456)] [Thread 0xb0c4db90 (LWP 22456) exited] [Thread 0xb212db90 (LWP 22453) exited] Program received signal SIGABRT, Aborted. [Switching to Thread 0xb17a7b90 (LWP 22454)] 0xffffe430 in __kernel_vsyscall () (gdb) Continuing. [Thread 0xb4c97b90 (LWP 5717) exited] [Thread 0xb2aa0b90 (LWP 22450) exited] [Thread 0xb35fab90 (LWP 22413) exited] [Thread 0xb3e28b90 (LWP 5791) exited] Program exited with code 0375. (gdb) The program is not being run. (gdb) bt No stack. -Technologov
please type "bt" when the message about SIGABRT comes.
OK, in current case it crashed a bit differently than usual crash. Without the KDE "crash bomb", but the final result is still crash. :( GDB output: (gdb) c Continuing. [New Thread 0xb4b8ab90 (LWP 24669)] (no debugging symbols found) (no debugging symbols found) [Thread 0xb4b8ab90 (LWP 24669) exited] (no debugging symbols found) ---Type <return> to continue, or q <return> to quit--- (no debugging symbols found) [New Thread 0xb4b8ab90 (LWP 24718)] [Thread 0xb4b8ab90 (LWP 24718) exited] [New Thread 0xb4b8ab90 (LWP 24719)] [New Thread 0xb3cdab90 (LWP 24732)] [New Thread 0xb3180b90 (LWP 24737)] [Thread 0xb3180b90 (LWP 24737) exited] [New Thread 0xb3180b90 (LWP 24738)] [New Thread 0xb2927b90 (LWP 24739)] [Thread 0xb3180b90 (LWP 24738) exited] [Thread 0xb2927b90 (LWP 24739) exited] [New Thread 0xb2927b90 (LWP 24740)] [Thread 0xb2927b90 (LWP 24740) exited] [Thread 0xb4b8ab90 (LWP 24719) exited] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb642fa70 (LWP 24650)] 0xb67727a6 in memcpy () from /lib/libc.so.6 (gdb) (gdb) (gdb) (gdb) (gdb) bt #0 0xb67727a6 in memcpy () from /lib/libc.so.6 #1 0x00119400 in ?? () #2 0xb6f50ed8 in QImage::copy () from /usr/lib/libQtGui.so.4 #3 0xb6f51090 in QImage::detach () from /usr/lib/libQtGui.so.4 #4 0xb6f527b8 in QImage::scanLine () from /usr/lib/libQtGui.so.4 #5 0xb703a893 in ?? () from /usr/lib/libQtGui.so.4 #6 0xbff3ee08 in ?? () #7 0x00000000 in ?? () (gdb) This time the app crashed with SIGSEGV, instead of the usual SIGABRT. Is this the same bug, or a different bug? -Technologov
(gdb) bt #0 0xffffe430 in __kernel_vsyscall () #1 0xb6795116 in nanosleep () from /lib/libc.so.6 #2 0xb6794efe in sleep () from /lib/libc.so.6 #3 0xb7a3a418 in ?? () from /usr/lib/libkdeui.so.5 #4 0x00000000 in ?? ()
Now, it looks this way: (gdb) c Continuing. [New LWP 24810] Program received signal SIGSEGV, Segmentation fault. 0xb68e37a6 in std::basic_istream<wchar_t, std::char_traits<wchar_t> >::_M_extract<long double> () from /lib/libc.so.6 (gdb) Continuing. [LWP 24820 exited] Program received signal SIGCONT, Continued. 0xffffe430 in __kernel_vsyscall () (gdb) Continuing. ^C Program received signal SIGINT, Interrupt. 0xffffe430 in __kernel_vsyscall () (gdb) bt #0 0xffffe430 in __kernel_vsyscall () #1 0xb6906116 in std::basic_ostringstream<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::basic_ostringstream () from /lib/libc.so.6 #2 0xb7bab418 in KConfig::deleteGroupImpl () from /usr/lib/libkdeui.so.5 #3 0x00000000 in ?? () -Technologov
I'm getting crashes on logout from a vnc site, valgrind shows: Thread: Destroyed while thread is still running ==28455== ==28455== Invalid read of size 1 ==28455== at 0x4995D6F: QMutex::lock() (in /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x805F7D2: (within /usr/bin/krdc) ==28455== by 0x805F88B: (within /usr/bin/krdc) ==28455== by 0x5544611: HandleRFBServerMessage (in /usr/lib/libvncclient.so.0.0.0) ==28455== by 0x805FF74: (within /usr/bin/krdc) ==28455== by 0x499A9B6: (within /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x4B1A174: start_thread (in /lib/libpthread-2.8.so) ==28455== by 0x57E2DED: clone (in /lib/libc-2.8.so) ==28455== Address 0x88d4710 is 0 bytes inside a block of size 92 free'd ==28455== at 0x402371A: operator delete(void*) (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==28455== by 0x4995E3F: QMutex::~QMutex() (in /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x805F533: (within /usr/bin/krdc) ==28455== by 0x80613C7: (within /usr/bin/krdc) ==28455== by 0x4A818BE: QObjectPrivate::deleteChildren() (in /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x4F42030: QWidget::~QWidget() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x4A818BE: QObjectPrivate::deleteChildren() (in /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x4F42440: QWidget::~QWidget() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x522DEB0: QFrame::~QFrame() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x52B7B19: QAbstractScrollArea::~QAbstractScrollArea() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x52BD224: QScrollArea::~QScrollArea() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x4A8158B: qDeleteInEventHandler(QObject*) (in /usr/lib/libQtCore.so.4.4.0) ==28455== ==28455== Invalid read of size 4 ==28455== at 0x4995D7C: QMutex::lock() (in /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x805F7D2: (within /usr/bin/krdc) ==28455== by 0x805F88B: (within /usr/bin/krdc) ==28455== by 0x5544611: HandleRFBServerMessage (in /usr/lib/libvncclient.so.0.0.0) ==28455== by 0x805FF74: (within /usr/bin/krdc) ==28455== by 0x499A9B6: (within /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x4B1A174: start_thread (in /lib/libpthread-2.8.so) ==28455== by 0x57E2DED: clone (in /lib/libc-2.8.so) ==28455== Address 0x88d4714 is 4 bytes inside a block of size 92 free'd ==28455== at 0x402371A: operator delete(void*) (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==28455== by 0x4995E3F: QMutex::~QMutex() (in /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x805F533: (within /usr/bin/krdc) ==28455== by 0x80613C7: (within /usr/bin/krdc) ==28455== by 0x4A818BE: QObjectPrivate::deleteChildren() (in /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x4F42030: QWidget::~QWidget() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x4A818BE: QObjectPrivate::deleteChildren() (in /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x4F42440: QWidget::~QWidget() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x522DEB0: QFrame::~QFrame() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x52B7B19: QAbstractScrollArea::~QAbstractScrollArea() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x52BD224: QScrollArea::~QScrollArea() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x4A8158B: qDeleteInEventHandler(QObject*) (in /usr/lib/libQtCore.so.4.4.0) ==28455== ==28455== Invalid read of size 4 ==28455== at 0x4F86854: QImage::operator=(QImage const&) (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x805F7E4: (within /usr/bin/krdc) ==28455== by 0x805F88B: (within /usr/bin/krdc) ==28455== by 0x5544611: HandleRFBServerMessage (in /usr/lib/libvncclient.so.0.0.0) ==28455== by 0x805FF74: (within /usr/bin/krdc) ==28455== by 0x499A9B6: (within /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x4B1A174: start_thread (in /lib/libpthread-2.8.so) ==28455== by 0x57E2DED: clone (in /lib/libc-2.8.so) ==28455== Address 0x5dfc638 is 0 bytes inside a block of size 84 free'd ==28455== at 0x402371A: operator delete(void*) (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==28455== by 0x4F8695F: QImage::~QImage() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x805F8B7: (within /usr/bin/krdc) ==28455== by 0x5544611: HandleRFBServerMessage (in /usr/lib/libvncclient.so.0.0.0) ==28455== by 0x805FF74: (within /usr/bin/krdc) ==28455== by 0x499A9B6: (within /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x4B1A174: start_thread (in /lib/libpthread-2.8.so) ==28455== by 0x57E2DED: clone (in /lib/libc-2.8.so) ==28455== ==28455== Invalid read of size 1 ==28455== at 0x4995B6F: QMutex::unlock() (in /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x805F88B: (within /usr/bin/krdc) ==28455== by 0x5544611: HandleRFBServerMessage (in /usr/lib/libvncclient.so.0.0.0) ==28455== by 0x805FF74: (within /usr/bin/krdc) ==28455== by 0x499A9B6: (within /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x4B1A174: start_thread (in /lib/libpthread-2.8.so) ==28455== by 0x57E2DED: clone (in /lib/libc-2.8.so) ==28455== Address 0x88d4710 is 0 bytes inside a block of size 92 free'd ==28455== at 0x402371A: operator delete(void*) (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==28455== by 0x4995E3F: QMutex::~QMutex() (in /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x805F533: (within /usr/bin/krdc) ==28455== by 0x80613C7: (within /usr/bin/krdc) ==28455== by 0x4A818BE: QObjectPrivate::deleteChildren() (in /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x4F42030: QWidget::~QWidget() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x4A818BE: QObjectPrivate::deleteChildren() (in /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x4F42440: QWidget::~QWidget() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x522DEB0: QFrame::~QFrame() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x52B7B19: QAbstractScrollArea::~QAbstractScrollArea() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x52BD224: QScrollArea::~QScrollArea() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x4A8158B: qDeleteInEventHandler(QObject*) (in /usr/lib/libQtCore.so.4.4.0) ==28455== ==28455== Invalid read of size 4 ==28455== at 0x4995BBC: QMutex::unlock() (in /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x805F88B: (within /usr/bin/krdc) ==28455== by 0x5544611: HandleRFBServerMessage (in /usr/lib/libvncclient.so.0.0.0) ==28455== by 0x805FF74: (within /usr/bin/krdc) ==28455== by 0x499A9B6: (within /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x4B1A174: start_thread (in /lib/libpthread-2.8.so) ==28455== by 0x57E2DED: clone (in /lib/libc-2.8.so) ==28455== Address 0x88d4714 is 4 bytes inside a block of size 92 free'd ==28455== at 0x402371A: operator delete(void*) (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==28455== by 0x4995E3F: QMutex::~QMutex() (in /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x805F533: (within /usr/bin/krdc) ==28455== by 0x80613C7: (within /usr/bin/krdc) ==28455== by 0x4A818BE: QObjectPrivate::deleteChildren() (in /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x4F42030: QWidget::~QWidget() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x4A818BE: QObjectPrivate::deleteChildren() (in /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x4F42440: QWidget::~QWidget() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x522DEB0: QFrame::~QFrame() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x52B7B19: QAbstractScrollArea::~QAbstractScrollArea() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x52BD224: QScrollArea::~QScrollArea() (in /usr/lib/libQtGui.so.4.4.0) ==28455== by 0x4A8158B: qDeleteInEventHandler(QObject*) (in /usr/lib/libQtCore.so.4.4.0) ==28455== ==28455== Invalid read of size 4 ==28455== at 0x4A869F1: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x805EF26: (within /usr/bin/krdc) ==28455== by 0x805F8AF: (within /usr/bin/krdc) ==28455== by 0x5544611: HandleRFBServerMessage (in /usr/lib/libvncclient.so.0.0.0) ==28455== by 0x805FF74: (within /usr/bin/krdc) ==28455== by 0x499A9B6: (within /usr/lib/libQtCore.so.4.4.0) ==28455== by 0x4B1A174: start_thread (in /lib/libpthread-2.8.so) ==28455== by 0x57E2DED: clone (in /lib/libc-2.8.so) ==28455== Address 0x30 is not stack'd, malloc'd or (recently) free'd
I've been unable to reproduce any of the reported problems except for comment #8, and the broken backtraces without debuginfo are next to useless. Even runs in Valgrind appear to be (reasonably) clean. Crash from comment #8 is a crash on logout (unrelated to the original issue) and it is caused by a race condition on exit. A trivial fix for it can lead to a deadlock though, and it's probably not a good idea to try a more complicated fix for the multithreaded code at this point. As a probably harmless crash I don't consider it to be of a very high severity. Reporter: Please install all relevant debuginfo/debugsource packages (i.e. for libqt4, kdelibs4 and kdenetwork4) and provide a log from Valgrind (i.e. run as 'valgrind --tool=memcheck --num-callers=100 krdc').
I can also report that I can connect to VNC and RDP servers fine, over my work's VPN no less. Is this bug stale?
not related to the original report, but r810488/r810490 could be helpful
Created attachment 219366 [details] krdc4-crash-valgrind-output.txt - CRASH short log file
OK, provided a crash file - yes it crashes on VNC exit. It looks the same as the guy provided log above. The problem is that since KRDC4 is tabbed, all other sessions/tabs crash also. -Technologov
Just upgraded to openSUSE 11.0 Final. It keeps crashing like crazy. This and KRDC3. -Technologov
works on kde4.1,it was most probably fixed on KDE 4.1 similar bug also reported on upstream for crash on exit https://bugs.kde.org/show_bug.cgi?id=170641