New periodic segfaults on Linux #45

Open
oconnor663 opened this Issue Sep 16, 2013 · 12 comments

Comments

Projects
None yet
1 participant
Owner

oconnor663 commented Sep 16, 2013

Seems to happen during chat activity. No consistent repro. No helpful error stacktrace either -- just segfault.

Owner

oconnor663 commented Sep 20, 2013

This repros even at rev 06a0e25. I'm beginning to suspect an Arch update of Qt or something.

Owner

oconnor663 commented Sep 20, 2013

And even at d2306b5. Something else must have changed.

Owner

oconnor663 commented Sep 20, 2013

It seems to happen most frequently when I'm sending a message, but I think it can also happen just changing tabs. Always in the chat window though.

Owner

oconnor663 commented Nov 8, 2013

New easiest way to repro, hold Ctrl-Tab to cycle rapidly through open chat tabs. Eventually we crash. Probably not related to MQTT. Hopefully upgrading to Qt5 will magically fix this?

Owner

oconnor663 commented Nov 11, 2013

Nope, Qt5 still repros the crash :(

Owner

oconnor663 commented Dec 13, 2013

Ok, this bug repros on Ubuntu 13.10 (Saucy) but not on Ubuntu 13.04 (Raring). I think I can isolate that to the libqtwebkit4 package. If you downgrade to the Raring version of that package (http://packages.ubuntu.com/raring/libqtwebkit4, sudo dpkg -i $that_file) , the issue stops reproing on 13.10. The difference is between libqtwebkit4 versions 2.3.0 and 2.3.2.

Owner

oconnor663 commented Dec 17, 2013

Built 2.3.3 locally on Arch, linked against it by setting LD_LIBRARY_PATH, and confirmed that the segfault repros. Couldn't build 2.3.0, but successfully built 2.3.1 (902f43186593ba12a19486a9c4917aa7df63d8c1), and could not repro the segfault there. So I should be able to bisect this.

Owner

oconnor663 commented Dec 17, 2013

According to the bisect, the culprit is https://gitorious.org/webkit/qtwebkit-23/commit/236deaba72ee1320f3cb74d286a6737338a8671e

git bisect start
# good: [902f43186593ba12a19486a9c4917aa7df63d8c1] Default to CONFIG+=production_build in this release branch.
git bisect good 902f43186593ba12a19486a9c4917aa7df63d8c1
# bad: [0ec271084626dd70a3d329b7ee4c67d6037b3ff0] Merge branch 'qtwebkit-2.3' into qtwebkit-2.3-release
git bisect bad 0ec271084626dd70a3d329b7ee4c67d6037b3ff0
# bad: [f39ee9a21750b2f3572dd353a20f037943fa7290] [Qt] Fix a crash under ~PingLoader when the QNAM on the page has been destroyed. https://bugs.webkit.org/show_bug.cgi?id=116035
git bisect bad f39ee9a21750b2f3572dd353a20f037943fa7290
# good: [4d06441ca73307e45a05115f109bc8fb52ce31e1] [Qt] Fix the JSC build on Mac
git bisect good 4d06441ca73307e45a05115f109bc8fb52ce31e1
# bad: [e0f422dead82157bad44acba901f1107885dc8e2] Missed Atomics.cpp file.
git bisect bad e0f422dead82157bad44acba901f1107885dc8e2
# skip: [15e854d8f45873353acb25aa4368e5a550de6f7a] offlineasm BaseIndex handling is broken on ARM due to MIPS changes https://bugs.webkit.org/show_bug.cgi?id=108261
git bisect skip 15e854d8f45873353acb25aa4368e5a550de6f7a
# skip: [e02709699bc0268fdefefbd99921f9971688dd76] MIPS DFG implementation. https://bugs.webkit.org/show_bug.cgi?id=101328
git bisect skip e02709699bc0268fdefefbd99921f9971688dd76
# skip: [be2eed45c00fa5fc10ac20e70ca19b20742b21e9] Fix the atomicIncrement implementation for MIPS GCC https://bugs.webkit.org/show_bug.cgi?id=106739
git bisect skip be2eed45c00fa5fc10ac20e70ca19b20742b21e9
# bad: [0eaceacb1d6ad008b6b384ada27efb090aea8326] Missing file from MIPS LLInt
git bisect bad 0eaceacb1d6ad008b6b384ada27efb090aea8326
# skip: [ae8a4c3ca72246863c286cd2ad81ebb9d3094943] MIPS LLInt implementation. https://bugs.webkit.org/show_bug.cgi?id=99706
git bisect skip ae8a4c3ca72246863c286cd2ad81ebb9d3094943
# bad: [1c0299ccd110413f576ff15539f90fb85291a0c1] Fix crash in custom font tests after improved garbage collection
git bisect bad 1c0299ccd110413f576ff15539f90fb85291a0c1
Owner

oconnor663 commented Jan 17, 2014

Here is debugging info from gdb for one of these crashes. The stacktrace is full of ??, even though it's using a version of libQtWebKit.so.4 that I built locally, which isn't stripped. The 'list' output at the bottom seems to suggest that the crash is in cairo-analysis-surface.c.

https://gist.github.com/oconnor663/8483257

Owner

oconnor663 commented Jan 17, 2014

On the next run, 'list' claimed to be inside ./Modules/getbuildinfo.c, which is a CPython source file. So it sounds like that's not a reliable indicator of what's going on.

Owner

oconnor663 commented Jan 17, 2014

More detailed repro info: The segfault only repros after the app has been running for exactly 1 minute. After that, rapidly switching chat tabs for just a second will cause the crash. Before 1 minute, the app does not crash.

oconnor663 referenced this issue Jan 19, 2014

Open

Tray icon #34

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment