GD terminates unexpectedly

[sikmir]

Steps to reproduce

It's not stable reproducible, but occurs once/twice a day (mostly after system resume from hibernation).

====reading 16384 bytes
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: cHRM chunk does not match sRGB
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: cHRM chunk does not match sRGB
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
getResource: gdlookup://localhost?blank=1
scheme: gdlookup
host: localhost
QObject::disconnect: Unexpected null parameter
fish: “goldendict” terminated by signal SIGSEGV (Address boundary error)

Actual behaviour

GD terminates unexpectedly

Expected behaviour

GD does not terminate unexpectedly

Configuration

GD Version: git latest
Qt: 5.x
Operating System: Linux

[sikmir]

Backtrace:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f8f2fb6fbeb in _int_malloc () from /usr/lib/libc.so.6
[Current thread is 1 (Thread 0x7f8f38b8f340 (LWP 5006))]
(gdb) bt full
#0  0x00007f8f2fb6fbeb in _int_malloc () at /usr/lib/libc.so.6
#1  0x00007f8f2fb71d44 in malloc () at /usr/lib/libc.so.6
#2  0x00007f8f30a0390c in QArrayData::allocate(unsigned long, unsigned long, unsigned long, QFlags<QArrayData::AllocationOption>) ()
    at /usr/lib/libQt5Core.so.5
#3  0x00007f8f30a06236 in QByteArray::reallocData(unsigned int, QFlags<QArrayData::AllocationOption>) () at /usr/lib/libQt5Core.so.5
#4  0x00007f8f30be5b38 in  () at /usr/lib/libQt5Core.so.5
#5  0x00007f8f30be7ae4 in QMetaObject::normalizedSignature(char const*) () at /usr/lib/libQt5Core.so.5
#6  0x00007f8f30c0d2ba in QObject::disconnect(QObject const*, char const*, QObject const*, char const*) () at /usr/lib/libQt5Core.so.5
#7  0x00007f8f310967fb in  () at /usr/lib/libQt5Network.so.5

[ghost]

@sikmir how did you get a full backtrace without missing symbols? Our project has similar errors (mattanger/ckb-next#47) and I would like to have a full backtrace. Do you just leave the app running from console?

In our case the segfault occurs for me when the screen dims out and screen lock turns on (so, just default power management settings). I never used any kind of sleep or hibernation.

I'm on Arch.

[sikmir]

@light2yellow I'm on Arch too. It doesn't matter how to run the app (from console or not), if you have core dump enabled in you system (ulimit -c unlimited). So, what I do:

$ lz4 -d /var/lib/systemd/coredump/core.goldendict.*.lz4 core.goldendict
$ gdb /usr/bin/goldendict core.goldendict -ex 'bt full' -ex quit

That's it.

[ghost]

So, the default Arch qt-base provides debug symbols? Because what I had above was on Ubuntu and it was a mess of ??. Stacktrace top:

QSocketNotifier::setEnabled(bool) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
 ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
 ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
 QProcess::waitForFinished(int) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
 QProcess::~QProcess() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5

And then:

Thread 1 (Thread 0x7f5d3747c280 (LWP 2493)):
 #0  0x00007f5d355e3c03 in QSocketNotifier::setEnabled(bool) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
 No symbol table info available.
 #1  0x00007f5d354dc242 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
 No symbol table info available.
 #2  0x00007f5d3553e325 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
 No symbol table info available.
 #3  0x00007f5d354dd3db in QProcess::waitForFinished(int) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
 No symbol table info available.
 #4  0x00007f5d354de1c5 in QProcess::~QProcess() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
 No symbol table info available.
 #5  0x00007f5d344d22e0 in __run_exit_handlers (status=1, listp=0x7f5d348595d8 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:83
         atfct = <optimized out>
         onfct = <optimized out>
         cxafct = <optimized out>
         f = <optimized out>
 #6  0x00007f5d344d233a in __GI_exit (status=<optimized out>) at exit.c:105
 No locals.
 #7  0x00007f5d337e0fbf in ?? () from /usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0
 No symbol table info available.
 #8  0x00007f5d36efccce in _XIOError () from /usr/lib/x86_64-linux-gnu/libX11.so.6
 No symbol table info available.
 #9  0x00007f5d36efa55d in _XEventsQueued () from /usr/lib/x86_64-linux-gnu/libX11.so.6
 No symbol table info available.
 #10 0x00007f5d36eebf17 in XPending () from /usr/lib/x86_64-linux-gnu/libX11.so.6
 No symbol table info available.
 #11 0x00007f5d337d6e4e in ?? () from /usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0
 No symbol table info available.
 #12 0x00007f5d3311fed9 in g_main_context_prepare () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
 No symbol table info available.
 #13 0x00007f5d331208fb in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
 No symbol table info available.
 #14 0x00007f5d33120aec in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
 No symbol table info available.
 #15 0x00007f5d3560048f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
 No symbol table info available.
 #16 0x00007f5d355a80fa in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
 No symbol table info available.
 #17 0x00007f5d355b090c in QCoreApplication::exec() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
 No symbol table info available.
 #18 0x000055a62957802f in main ()
 No symbol table info available.

Sorry, this is offtop, but since nobody responded for more than a month here... I don't know whom and where to ask.

[sikmir]

Yes, it looks like qt-base provides debug symbols (see 'with debug_info' bellow).

$ pacman -Qo /usr/lib/libQt5Gui.so.5.8.0
/usr/lib/libQt5Gui.so.5.8.0 is owned by qt5-base 5.8.0-7
$ file /usr/lib/libQt5Gui.so.5.8.0
/usr/lib/libQt5Gui.so.5.8.0: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, BuildID[sha1]=b70bf05475814526838ce220fd9b79728b2c2165, stripped, with debug_info

[vitor895]

Hi, this crash happens on resume from suspend in my Arch install. I've got three files when debugging (a chunk below). The full files are attached.

====reading 16384 bytes
request end
request end
request end
done.
request end
"Unexpected reply signature: got \"\", expected \"a{sv}\""
"Unexpected reply signature: got \"\", expected \"a{sv}\""
"Unexpected reply signature: got \"\", expected \"a{sv}\""
[Thread 0x7fff33fff700 (LWP 5373) exited]
[Thread 0x7fff337fe700 (LWP 5374) exited]

Thread 1 "goldendict" received signal SIGSEGV, Segmentation fault.
0x00007fffeeebc54b in _int_malloc () from /usr/lib/libc.so.6
(gdb) 

Thread 48 (Thread 0x7fff327fc700 (LWP 5376)):
#0  0x00007fffefaa5b63 in pthread_cond_timedwait@@GLIBC_2.3.2 () at /usr/lib/libpthread.so.0
#1  0x00007fffefd66536 in QWaitConditionPrivate::wait_relative(unsigned long) (time=30000, this=0x7fff5000b040)
    at thread/qwaitcondition_unix.cpp:133
        ti = {tv_sec = 3484, tv_nsec = 235506784}
        code = <optimized out>
#2  0x00007fffefd66536 in QWaitConditionPrivate::wait(unsigned long) (time=30000, this=0x7fff5000b040)
    at thread/qwaitcondition_unix.cpp:141
        code = <optimized out>
#3  0x00007fffefd66536 in QWaitCondition::wait(QMutex*, unsigned long) (this=this@entry=0x7fff5000ac70, mutex=mutex@entry=0x7fff500051c0, time=30000) at thread/qwaitcondition_unix.cpp:215
#4  0x00007fffefd61c34 in QThreadPoolThread::run() (this=0x7fff5000ac60) at thread/qthreadpool.cpp:133
        r = 0x7fff500c77b0
        expired = <optimized out>
        locker = {val = 140734535586241}
#5  0x00007fffefd65748 in QThreadPrivate::start(void*) (arg=0x7fff5000ac60) at thread/qthread_unix.cpp:368
        __clframe = 
          {__cancel_routine = 0x7fffefd647e0 <QThreadPrivate::finish(void*)>, __cancel_arg = 0x7fff5000ac60, __do_it = 1, __cancel_type = <optimized out>}
        thr = 0x7fff5000ac60
        data = 0x7fff5000afc0
#6  0x00007fffefa9f2e7 in start_thread () at /usr/lib/libpthread.so.0
#7  0x00007fffeef2e54f in clone () at /usr/lib/libc.so.6

Thread 47 (Thread 0x7fff32ffd700 (LWP 5375)):
#0  0x00007fffefaa5b63 in pthread_cond_timedwait@@GLIBC_2.3.2 () at /usr/lib/libpthread.so.0
#1  0x00007fffefd66536 in QWaitConditionPrivate::wait_relative(unsigned long) (time=30000, this=0x7fff5000dc30)
    at thread/qwaitcondition_unix.cpp:133
        ti = {tv_sec = 3484, tv_nsec = 597344907}
        code = <optimized out>
#2  0x00007fffefd66536 in QWaitConditionPrivate::wait(unsigned long) (time=30000, this=0x7fff5000dc30)
    at thread/qwaitcondition_unix.cpp:141
        code = <optimized out>
#3  0x00007fffefd66536 in QWaitCondition::wait(QMutex*, unsigned long) (this=this@entry=0x7fff5000d860, mutex=mutex@entry=0x7fff500051c0, time=30000) at thread/qwaitcondition_unix.cpp:215
#4  0x00007fffefd61c34 in QThreadPoolThread::run() (this=0x7fff5000d850) at thread/qthreadpool.cpp:133
        r = 0x7fff2c07da00
        expired = <optimized out>
        locker = {val = 140734535586241}
#5  0x00007fffefd65748 in QThreadPrivate::start(void*) (arg=0x7fff5000d850) at thread/qthread_unix.cpp:368
        __clframe = 
          {__cancel_routine = 0x7fffefd647e0 <QThreadPrivate::finish(void*)>, __cancel_arg = 0x7fff5000d850, __do_it = 1, __cancel_type = <optimized out>}
        thr = 0x7fff5000d850
        data = 0x7fff5000dbb0
#6  0x00007fffefa9f2e7 in start_thread () at /usr/lib/libpthread.so.0
#7  0x00007fffeef2e54f in clone () at /usr/lib/libc.so.6

Thread 44 (Thread 0x7fff73ffd700 (LWP 5372)):
#0  0x00007fffefaa5b63 in pthread_cond_timedwait@@GLIBC_2.3.2 () at /usr/lib/libpthread.so.0
#1  0x00007fffefd66536 in QWaitConditionPrivate::wait_relative(unsigned long) (time=30000, this=0x11fcc60)
    at thread/qwaitcondition_unix.cpp:133
        ti = {tv_sec = 3483, tv_nsec = 772020860}
        code = <optimized out>
#2  0x00007fffefd66536 in QWaitConditionPrivate::wait(unsigned long) (time=30000, this=0x11fcc60)
    at thread/qwaitcondition_unix.cpp:141
        code = <optimized out>
#3  0x00007fffefd66536 in QWaitCondition::wait(QMutex*, unsigned long) (this=this@entry=0x11fcaa0, mutex=mutex@entry=0xbcbe40, time=30000) at thread/qwaitcondition_unix.cpp:215
#4  0x00007fffefd61c34 in QThreadPoolThread::run() (this=0x11fca90) at thread/qthreadpool.cpp:133
        r = 0x18c2cc0
        expired = <optimized out>
        locker = {val = 12369473}
#5  0x00007fffefd65748 in QThreadPrivate::start(void*) (arg=0x11fca90) at thread/qthread_unix.cpp:368
        __clframe = 
          {__cancel_routine = 0x7fffefd647e0 <QThreadPrivate::finish(void*)>, __cancel_arg = 0x11fca90, __do_it = 1, __cancel_type = <optimized out>}
        thr = 0x11fca90
        data = 0x11fcbe0
#6  0x00007fffefa9f2e7 in start_thread () at /usr/lib/libpthread.so.0
#7  0x00007fffeef2e54f in clone () at /usr/lib/libc.so.6
Quit

#0  0x00007fffeeebc539 in _int_malloc () at /usr/lib/libc.so.6
#1  0x00007fffeeebe674 in malloc () at /usr/lib/libc.so.6
#2  0x00007fffefd6697c in QArrayData::allocate(unsigned long, unsigned long, unsigned long, QFlags<QArrayData::AllocationOption>) (objectSize=objectSize@entry=1, alignment=alignment@entry=8, capacity=capacity@entry=1, options=options@entry=...)
    at tools/qarraydata.cpp:106
        headerSize = <optimized out>
        allocSize = <optimized out>
        header = <optimized out>
#3  0x00007fffefd692a6 in QTypedArrayData<char>::allocate(unsigned long, QFlags<QArrayData::AllocationOption>) (options=..., capacity=1) at ../../include/QtCore/../../src/corelib/tools/qarraydata.h:222
        x = <optimized out>
#4  0x00007fffefd692a6 in QByteArray::reallocData(unsigned int, QFlags<QArrayData::AllocationOption>) (this=this@entry=0x7fffff7ff150, alloc=1, options=..., options@entry=...) at tools/qbytearray.cpp:1701
        x = <optimized out>
#5  0x00007fffeff487d8 in QByteArray::reserve(int) (asize=0, this=0x7fffff7ff150)
    at ../../include/QtCore/../../src/corelib/tools/qbytearray.h:509
        asize = 0
        this = 0x7fffff7ff150
        len = 0
        constbuf = {d = 0x7fffeffeb500 <QArrayData::shared_null>}
        result = {d = 0x7fffeffeb500 <QArrayData::shared_null>}
        star = <optimized out>
#6  0x00007fffeff487d8 in normalizeTypeInternal(char const*, char const*, bool, bool) (t=0x7fffff7ff178 ")", e=e@entry=0x7fffff7ff178 ")", fixScope=fixScope@entry=false, adjustConst=adjustConst@entry=true)
    at ../../include/QtCore/5.8.0/QtCore/private/../../../../../src/corelib/kernel/qmetaobject_moc_p.h:100
        len = 0
        constbuf = {d = 0x7fffeffeb500 <QArrayData::shared_null>}
        result = {d = 0x7fffeffeb500 <QArrayData::shared_null>}
        star = <optimized out>

[...]

#4837 0x00007ffff03fb1d0 in QNetworkAccessManagerPrivate::_q_networkSessionStateChanged(QNetworkSession::State) (this=this@entry=0xbc4790, state=<optimized out>) at access/qnetworkaccessmanager.cpp:1703
        reallyOnline = true
#4838 0x00007ffff03fb55e in QNetworkAccessManagerPrivate::createSession(QNetworkConfiguration const&) (this=this@entry=0xbc4790, config=...) at access/qnetworkaccessmanager.cpp:1642
        newSession = <optimized out>
#4839 0x00007ffff03fb1d0 in QNetworkAccessManagerPrivate::_q_networkSessionStateChanged(QNetworkSession::State) (this=this@entry=0xbc4790, state=<optimized out>) at access/qnetworkaccessmanager.cpp:1703
        reallyOnline = true
#4840 0x00007ffff03fb55e in QNetworkAccessManagerPrivate::createSession(QNetworkConfiguration const&) (this=this@entry=0xbc4790, config=...) at access/qnetworkaccessmanager.cpp:1642
        newSession = <optimized out>
Quit

trace_log.txt
gdb.txt
trace_log2.txt