KJob crashes when start() fails

Andreas Pakulat apaku at gmx.de
Tue Oct 14 11:36:38 BST 2008 

Hi,

I've found a problem with KJob::exec() in cases where the job's start()
method already sets an error state. The method is fairly simple, it creates
a QEventLoop, connects the lifetime of the KJob to that eventloop (so the
eventloop is exited when the KJob is finished). The runs the start method
and starts the event loop.

The problem is that the KJob::start() method might call emitResult() in
case of an error, which causes the finished signal to be emitted before the
event loop is executed. This somehow causes a with the deferred
deletion of the KJob when auto-deletion is enabled, or a deadlock if
auto-deletion is disabled (because the finished signal is emitted before
the event loop starts, hence the loop is never exited):
,----
| *** glibc detected ***
| /home/andreas/src/kde4/build/kdelibs/kdecore/tests/kjobtest: free():
| invalid pointer: 0xbfd3cd70 ***
| ======= Backtrace: =========
| /lib/i686/cmov/libc.so.6[0xb77cb614]
| /lib/i686/cmov/libc.so.6(cfree+0x96)[0xb77cd816]
| /usr/lib/libstdc++.so.6(_ZdlPv+0x21)[0xb79a4251]
| /home/andreas/qt-copy/lib/libQtCore.so.4(_ZN10QEventLoopD0Ev+0x3f)[0xb7ca4697]
| /home/andreas/qt-copy/lib/libQtCore.so.4(_ZN14QObjectPrivate14deleteChildrenEv+0x8b)[0xb7cb9571]
| /home/andreas/qt-copy/lib/libQtCore.so.4(_ZN7QObjectD2Ev+0x476)[0xb7cc2744]
| /home/andreas/kde4/lib/libkdecore.so.5(_ZN4KJobD2Ev+0x61)[0xb7f043b1]
| /home/andreas/src/kde4/build/kdelibs/kdecore/tests/kjobtest(_ZN7QObject5eventEP6QEvent+0x4b0)[0x804ae88]
| /home/andreas/qt-copy/lib/libQtCore.so.4(_Z21qDeleteInEventHandlerP7QObject+0x3b)[0xb7cb90d8]
| /home/andreas/qt-copy/lib/libQtCore.so.4(_ZN7QObject5eventEP6QEvent+0xa8)[0xb7cbde9c]
| /home/andreas/qt-copy/lib/libQtCore.so.4(_ZN23QCoreApplicationPrivate13notify_helperEP7QObjectP6QEvent+0x71)[0xb7ca59a1]
| /home/andreas/qt-copy/lib/libQtCore.so.4(_ZN16QCoreApplication6notifyEP7QObjectP6QEvent+0xfa)[0xb7ca90da]
| /home/andreas/qt-copy/lib/libQtCore.so.4(_ZN16QCoreApplication14notifyInternalEP7QObjectP6QEvent+0xe3)[0xb7ca7ce3]
| /home/andreas/qt-copy/lib/libQtCore.so.4(_ZN16QCoreApplication9sendEventEP7QObjectP6QEvent+0x4f)[0xb7cac701]
| /home/andreas/qt-copy/lib/libQtCore.so.4(_ZN23QCoreApplicationPrivate16sendPostedEventsEP7QObjectiP11QThreadData+0x358)[0xb7ca82a6]
| /home/andreas/qt-copy/lib/libQtCore.so.4(_ZN16QCoreApplication16sendPostedEventsEP7QObjecti+0x33)[0xb7ca853b]
| /home/andreas/qt-copy/lib/libQtCore.so.4(_ZN16QCoreApplication16sendPostedEventsEv+0x26)[0xb7cdf93e]
| /home/andreas/qt-copy/lib/libQtCore.so.4[0xb7cdeb2b]
| /usr/lib/libglib-2.0.so.0(g_main_context_dispatch+0x1f1)[0xb76472f1]
| /usr/lib/libglib-2.0.so.0[0xb764a983]
| /usr/lib/libglib-2.0.so.0(g_main_context_iteration+0x71)[0xb764ab41]
| /home/andreas/qt-copy/lib/libQtCore.so.4(_ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE+0xb4)[0xb7cddd42]
| /home/andreas/qt-copy/lib/libQtCore.so.4(_ZN10QEventLoop13processEventsE6QFlagsINS_17ProcessEventsFlagEE+0xb0)[0xb7ca434c]
| /home/andreas/qt-copy/lib/libQtCore.so.4(_ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE+0x10c)[0xb7ca458a]
| /home/andreas/kde4/lib/libkdecore.so.5(_ZN4KJob4execEv+0x86)[0xb7f04236]
| /home/andreas/src/kde4/build/kdelibs/kdecore/tests/kjobtest[0x804b283]
| /home/andreas/src/kde4/build/kdelibs/kdecore/tests/kjobtest[0x804d3cb]
| /home/andreas/qt-copy/lib/libQtCore.so.4(_ZN11QMetaObject12invokeMethodEP7QObjectPKcN2Qt14ConnectionTypeE22QGenericReturnArgument16QGenericArgumentS7_S7_S7_S7_S7_S7_S7_S7_S7_+0x699)[0xb7cb2077]
| /home/andreas/qt-copy/lib/libQtTest.so.4[0xb7af89e3]
| /home/andreas/qt-copy/lib/libQtTest.so.4[0xb7af64f8]
| /home/andreas/qt-copy/lib/libQtTest.so.4(_ZN5QTest5qExecEP7QObjectiPPc+0x681)[0xb7af75fb]
| /home/andreas/src/kde4/build/kdelibs/kdecore/tests/kjobtest[0x804d812]
| /lib/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7773455]
| /home/andreas/src/kde4/build/kdelibs/kdecore/tests/kjobtest(_ZN7QObject5eventEP6QEvent+0xd9)[0x804aab1]
| ======= Memory map: ========
| 08048000-08051000 r-xp 00000000 fe:03 527118
| /home/andreas/src/kde4/build/kdelibs/kdecore/tests/kjobtest
| 08051000-08052000 rw-p 00008000 fe:03 527118
| /home/andreas/src/kde4/build/kdelibs/kdecore/tests/kjobtest
| 08052000-08073000 rw-p 08052000 00:00 0          [heap]
| b7400000-b7421000 rw-p b7400000 00:00 0
| b7421000-b7500000 ---p b7421000 00:00 0
| b75c5000-b75c7000 rw-p b75c5000 00:00 0
| b75c7000-b75ef000 r-xp 00000000 fe:01 376678     /usr/lib/libpcre.so.3.12.1
| b75ef000-b75f0000 rw-p 00027000 fe:01 376678     /usr/lib/libpcre.so.3.12.1
| b75f0000-b7607000 r-xp 00000000 03:05 106635     /lib/libselinux.so.1
| b7607000-b7609000 rw-p 00016000 03:05 106635     /lib/libselinux.so.1
| b7609000-b760a000 rw-p b7609000 00:00 0
| b760a000-b760c000 r-xp 00000000 03:05 108653
| /lib/i686/cmov/libdl-2.7.so
| b760c000-b760e000 rw-p 00001000 03:05 108653
| /lib/i686/cmov/libdl-2.7.so
| b760e000-b76c2000 r-xp 00000000 fe:01 375659
| /usr/lib/libglib-2.0.so.0.1600.4
| b76c2000-b76c3000 rw-p 000b3000 fe:01 375659
| /usr/lib/libglib-2.0.so.0.1600.4
| b76c3000-b76ca000 r-xp 00000000 03:05 108689
| /lib/i686/cmov/librt-2.7.so
| b76ca000-b76cc000 rw-p 00006000 03:05 108689
| /lib/i686/cmov/librt-2.7.so
| b76cc000-b76d0000 r-xp 00000000 fe:01 375665
| /usr/lib/libgthread-2.0.so.0.1600.4
| b76d0000-b76d1000 rw-p 00003000 fe:01 375665
| /usr/lib/libgthread-2.0.so.0.1600.4
| b76d1000-b76e1000 r-xp 00000000 03:05 108687
| /lib/i686/cmov/libresolv-2.7.so
| b76e1000-b76e3000 rw-p 0000f000 03:05 108687
| /lib/i686/cmov/libresolv-2.7.so
| b76e3000-b76e5000 rw-p b76e3000 00:00 0
| b76e5000-b76f4000 r-xp 00000000 03:05 106554     /lib/libbz2.so.1.0.4
| b76f4000-b76f5000 rw-p 0000f000 03:05 106554     /lib/libbz2.so.1.0.4
| b76f5000-b76f6000 rw-p b76f5000 00:00 0
| b76f6000-b770a000 r-xp 00000000 fe:01 375687     /usr/lib/libz.so.1.2.3.3
| b770a000-b770b000 rw-p 00013000 fe:01 375687     /usr/lib/libz.so.1.2.3.3
| b770b000-b775b000 r-xp 00000000 fe:03 3917255
| /home/andreas/qt-copy/lib/libQtXml.so.4.4.1
| b775b000-b775d000 rw-p 0004f000 fe:03 3917255
| /home/andreas/qt-copy/lib/libQtXml.so.4.4.1
| b775d000-b78b2000 r-xp 00000000 03:05 108645     /lib/i686/cmov/libc-2.7.so
| b78b2000-b78b3000 r--p 00155000 03:05 108645     /lib/i686/cmov/libc-2.7.so
| b78b3000-b78b5000 rw-p 00156000 03:05 108645     /lib/i686/cmov/libc-2.7.so
| b78b5000-b78b8000 rw-p b78b5000 00:00 0
| b78b8000-b78c4000 r-xp 00000000 03:05 106583     /lib/libgcc_s.so.1
| b78c4000-b78c5000 rw-p 0000b000 03:05 106583     /lib/libgcc_s.so.1
| b78c5000-b78e9000 r-xp 00000000 03:05 108654     /lib/i686/cmov/libm-2.7.so
| b78e9000-b78eb000 rw-p 00023000 03:05 108654     /lib/i686/cmov/libm-2.7.so
| b78eb000-b78ec000 rw-p b78eb000 00:00 0
| b78ec000-b79cf000 r-xp 00000000 fe:01 375416
| /usr/lib/libstdc++.so.6.0.10
| b79cf000-b79d2000 r--p 000e2000 fe:01 375416
| /usr/lib/libstdc++.so.6.0.10
| b79d2000-b79d4000 rw-p 000e5000 fe:01 375416
| /usr/lib/libstdc++.so.6.0.10
| b79d4000-b79da000 rw-p b79d4000 00:00 0
| b79da000-b7aed000 r-xp 00000000 fe:03 3948554
| /home/andreas/qt-copy/lib/libQtNetwork.so.4.4.1
| b7aed000-b7af1000 rw-p 00112000 fe:03 3948554
| /home/andreas/qt-copy/lib/libQtNetwork.so.4.4.1
| b7af1000-b7b04000 r-xp 00000000 fe:03 5980168
| /home/andreas/qt-copy/lib/libQtTest.so.4.4.1
| b7b04000-b7b05000 rw-p 00012000 fe:03 5980168
| /home/andreas/qt-copy/lib/libQtTest.so.4.4.1
| b7b05000-b7b06000 rw-p b7b05000 00:00 0
| b7b06000-b7b1b000 r-xp 00000000 03:05 108686
| /lib/i686/cmov/libpthread-2.7.so
| b7b1b000-b7b1d000 rw-p 00014000 03:05 108686
| /lib/i686/cmov/libpthread-2.7.so
| b7b1d000-b7b1f000 rw-p b7b1d000 00:00 0
| b7b2b000-b7b2c000 rw-p b7b2b000 00:00 0
| b7b2c000-b7b2e000 r-xp 00000000 fe:01 378911     /usr/lib/gconv/UTF-16.so
| b7b2e000-b7b30000 rw-p 00001000 fe:01 378911     /usr/lib/gconv/UTF-16.so
| b7b30000-b7b37000 r--s 00000000 fe:01 375407
| /usr/lib/gconv/gconv-modules.cache
| b7b37000-b7dad000 r-xp 00000000 fe:03 3917127
| /home/andreas/qt-copy/lib/libQtCore.so.4.4.1
| b7dad000-b7db5000 rw-p 00275000 fe:03 3917127
| /home/andreas/qt-copy/lib/libQtCo
| Program received signal SIGABRT, Aborted.
`----

The attached patch avoids the deadlock by introducing a state variable. I'm
also attaching the code for a testcase for the crash.

As I don't quite understand the event-loop stuff which is shown in the
backtrace I'm posting this for review

Andreas

-- 
You have the body of a 19 year old.  Please return it before it gets wrinkled.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kjob_no_loop_when_finished.diff
Type: text/x-diff
Size: 1320 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20081014/80de38f3/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kjob_no_loop_when_finished_test.diff
Type: text/x-diff
Size: 1822 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20081014/80de38f3/attachment-0001.diff>

More information about the kde-core-devel mailing list