Created attachment 290
valgrind trace

I'm getting reproducible crashes on Fedora during Workrave shutdown. It seems that problem is somehow connected to Fedora configuration (./configure --disable-dbus --disable-xml --enable-gnome3 --disable-static) as I was able to get rid of the crashes with a different one. However, I tried to debug it properly.

Valgrind reports double deallocation (relevant part):

==31195== Invalid read of size 8
==31195==    at 0x4CB474: Thread::wait() (GlibThread.cc:72)
==31195==    by 0x4C3E2C: RecordInputMonitor::~RecordInputMonitor() (RecordInputMonitor.cc:121)
==31195==    by 0x4C3F08: RecordInputMonitor::~RecordInputMonitor() (RecordInputMonitor.cc:131)
==31195==    by 0x4B9ABD: ActivityMonitor::~ActivityMonitor() (ActivityMonitor.cc:91)
==31195==    by 0x4B9B48: ActivityMonitor::~ActivityMonitor() (ActivityMonitor.cc:94)
==31195==    by 0x49E9EB: Core::~Core() (Core.cc:137)
==31195==    by 0x49EC58: Core::~Core() (Core.cc:154)
==31195==    by 0x45F816: GUI::~GUI() (GUI.cc:168)
==31195==    by 0x45F9C8: GUI::~GUI() (GUI.cc:181)
==31195==    by 0x480CA8: run (main.cc:70)
==31195==    by 0x3E95A21D64: (below main) (in /usr/lib64/libc-2.18.so)
==31195==  Address 0x528cc38 is 8 bytes inside a block of size 24 free'd
==31195==    at 0x4A07991: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31195==    by 0x4CB506: Thread::thread_handler(void*) (GlibThread.cc:104)
==31195==    by 0x3E9826EA44: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
==31195==    by 0x3E96607F32: start_thread (in /usr/lib64/libpthread-2.18.so)
==31195==    by 0x3E95AF4DEC: clone (in /usr/lib64/libc-2.18.so)

See attachment for full log.

GlibThread.cc:104 (https://github.com/rcaelers/workrave/blob/7d27488bcfa9ef3646afc2a3868f10a8c1a86a2e/common/src/GlibThread.cc) frees the memory and RecordInputMonitor.cc:121 does it probably again. Simple removal of delete at GlibThread.cc:104 fixes the issues however it can probably cause memory leaks in some situation.

I quickly went through code and for example backend/src/unix/XScreenSaverMonitor.cc does not release an allocated thread object. Proposed delete removal will probably require deeper code revision on other places.

Related Redhat bugzilla bugs are:

https://bugzilla.redhat.com/show_bug.cgi?id=1047808
https://bugzilla.redhat.com/show_bug.cgi?id=902291

Errata:

Sorry, I've posted bad Vagrind part. The second deallocation is here:

==31195== Invalid free() / delete / delete[] / realloc()
==31195==    at 0x4A07991: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31195==    by 0x4C3E3B: RecordInputMonitor::~RecordInputMonitor() (RecordInputMonitor.cc:122)
==31195==    by 0x4C3F08: RecordInputMonitor::~RecordInputMonitor() (RecordInputMonitor.cc:131)
==31195==    by 0x4B9ABD: ActivityMonitor::~ActivityMonitor() (ActivityMonitor.cc:91)
==31195==    by 0x4B9B48: ActivityMonitor::~ActivityMonitor() (ActivityMonitor.cc:94)
==31195==    by 0x49E9EB: Core::~Core() (Core.cc:137)
==31195==    by 0x49EC58: Core::~Core() (Core.cc:154)
==31195==    by 0x45F816: GUI::~GUI() (GUI.cc:168)
==31195==    by 0x45F9C8: GUI::~GUI() (GUI.cc:181)
==31195==    by 0x480CA8: run (main.cc:70)
==31195==    by 0x3E95A21D64: (below main) (in /usr/lib64/libc-2.18.so)
==31195==  Address 0x528cc30 is 0 bytes inside a block of size 24 free'd
==31195==    at 0x4A07991: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31195==    by 0x4CB506: Thread::thread_handler(void*) (GlibThread.cc:104)
==31195==    by 0x3E9826EA44: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
==31195==    by 0x3E96607F32: start_thread (in /usr/lib64/libpthread-2.18.so)
==31195==    by 0x3E95AF4DEC: clone (in /usr/lib64/libc-2.18.so)

RecordInputMonitor.cc:121 then changes to RecordInputMonitor.cc:122

Also, the submitted file contains the valgrind output twice. :(

Fixed. Thanks.

(git commit 09407f66a10e42de098c236f72ff0b00f2842df6)

It works for me. Thanks for such a quick fix.