RFC: jemalloc: qdbus sigsegv in malloc_init

David Xu listlog2011 at gmail.com
Sun May 20 06:03:23 UTC 2012

On 2012/4/30 22:13, Gustau Pérez i Querol wrote:
>   Hi,
>   the kde team is seeing some strange problems with the new version
> (4.8.1) of devel/dbus-qt4 with current. It does work with stable. I
> also suspect that the problem described below is affecting the
> experimental cinnamon port (an alternative to gnome3, possible
> replacement of gnome2).
>   The problem happens with both i386 and amd64 with empty
> /etc/malloc.conf and simple /etc/make.conf. Everything compiled with
> base gcc (no clang). The kernel was compiled with no debug support,
> but it can enable if needed. There are reports from avilla at freebsd.org
> of the same behavior with clang compiled world and kernel and with
>  When qdbus starts, it segfauts. The backtrace of the problem with
> r234769 can be found here: http://pastebin.com/ryBXtqGF. When starting
> the qdbus daemon by hand in a X+twm session, we see it calls calloc
> many times and after a fixed number of times segfaults. We see it
> segfaults at rb_gen (a quite large macro defined at
> $SRC_BASE/contrib/jemalloc/include/jemalloc/internal/rb.h).
>  If the daemon is started by hand, I'm able to skip all the calls
> qdbus makes to calloc till the one causing the segfault. At that
> point, at rb_gen, we don't exactly know what is going on or how to
> debug the macro. Ktrace are available, but we were unable to find
> anything new from them.
>   With old versions of current before the jemalloc imports (as of
> March 30th) the daemon segfaulted at malloc.c:2426. With revisions
> during April 20 to 24th (can be more precise, it was during the
> jemalloc imports) the daemon segfaulted at malloc_init. Bts are
> available if needed, and if necessary I can go back to those revision
> and recompile world+kernel to see its behavior.
>   Any help from freebsd-current@ (perhaps Jason Evans can help us)
> will be appreciated. Any additional info, like source revisions, can
> be provided. I would like to stress that the experimental
> devel/dbus-qt4 works fine with recent stable.
qdbus segfaults on my machine too, I tracked it down, and found the 
problem is in QT,
it deleted current_thread_data_key,  but it still uses it in some cxa 
hooks,  I  applied the
following patch,  and it works fine.

--- qthread_unix.cpp    2012-05-20 13:23:09.000000000 +0800
+++ qthread_unix_new.cpp    2012-05-20 13:22:45.000000000 +0800
@@ -156,7 +156,7 @@

  // Utility functions for getting, setting and clearing thread specific 
the Q_DESTRUCTOR_FUNCTION defined global a C++ object, and in its 
it deletes the current_thread_data_key,  but in other cxa hooks, the key 
is still needed.
So, finally the QT library crashed.
I think the bug depends on linking order in QT library ? if the 
qthread_unix.cpp is linked
as lastest module, the key will be deleted after all cxa hooks run, then 
it will be fine,
otherwise, it would crash. This sounds like a bug in QT.

David Xu

More information about the freebsd-current mailing list