110440 – [Qt] REGRESSION(143400): It made all inspector tests crash on Qt 64 bit release.

RESOLVED INVALID 110440

[Qt] REGRESSION(143400): It made all inspector tests crash on Qt 64 bit release.

https://bugs.webkit.org/show_bug.cgi?id=110440

Summary [Qt] REGRESSION(143400): It made all inspector tests crash on Qt 64 bit release.

Ádám Kallai

Reported 2013-02-21 01:52:10 PST

http://build.webkit.sed.hu/results/x86-64%20Linux%20Qt%20Release/r143569%20(48384)/results.html gdb backtrace is here: $ gdb WebKitBuild/Release/bin/DumpRenderTree GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2.1) 7.4-2012.04 Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: <http://bugs.launchpad.net/gdb-linaro/>... Reading symbols from /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree...done. (gdb) run - Starting program: /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree - [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fffe9c7a700 (LWP 10940)] [New Thread 0x7fffe7650700 (LWP 10941)] [New Thread 0x7fffe5fc1700 (LWP 10943)] [Thread 0x7fffe5fc1700 (LWP 10943) exited] [New Thread 0x7fffe5fc1700 (LWP 10946)] LayoutTests/inspector/utilities.html LayoutTests/inspector/version-controller.html [New Thread 0x7fffe4b36700 (LWP 14906)] [New Thread 0x7fff9f45e700 (LWP 14907)] Content-Type: text/plain This test checks Web Inspector utilities. Running: binaryIndexOfTest Running: qselectTest Array: [] Reference: {} Actual: {} Array: [0] Reference: {"min":0,"median":0,"max":0} Actual: {"min":0,"median":0,"max":0} Array: [0,0,0,0,0,0,0,0] Reference: {"min":0,"median":0,"max":0} Actual: {"min":0,"median":0,"max":0} Array: [4,3,2,1] Reference: {"min":1,"median":3,"max":4} Actual: {"min":1,"median":3,"max":4} Array: [1,2,3,4,5] Reference: {"min":1,"median":3,"max":5} Actual: {"min":1,"median":3,"max":5} Array: [-1,3,2,7,7,7,10,12,3,4,-1,2] Reference: {"min":-1,"median":4,"max":12} Actual: {"min":-1,"median":4,"max":12} Running: sortRangeTest #EOF #EOF #EOF 1 0x7ffff6ee3502 /home/oszi/WebKit/WebKitBuild/Release/lib/libQt5WebKit.so.5(_ZN3WTF10fastMallocEm+0x512) [0x7ffff6ee3502] 2 0x7ffff58548e0 /home/oszi/WebKit/WebKitBuild/Release/lib/libQt5WebKit.so.5(+0x4a68e0) [0x7ffff58548e0] 3 0x7ffff5eb3b9e /home/oszi/WebKit/WebKitBuild/Release/lib/libQt5WebKit.so.5(+0xb05b9e) [0x7ffff5eb3b9e] 4 0x418841 /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree() [0x418841] 5 0x418d91 /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree() [0x418d91] 6 0x41a1f1 /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree() [0x41a1f1] 7 0x427115 /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree() [0x427115] 8 0x7ffff3c7473e /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5(_ZN7QObject5eventEP6QEvent+0x34e) [0x7ffff3c7473e] 9 0x7ffff4cf01f4 /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5(_ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent+0xb4) [0x7ffff4cf01f4] 10 0x7ffff4cf35d1 /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5(_ZN12QApplication6notifyEP7QObjectP6QEvent+0x3d1) [0x7ffff4cf35d1] 11 0x7ffff3c4da24 /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5(_ZN16QCoreApplication14notifyInternalEP7QObjectP6QEvent+0x84) [0x7ffff3c4da24] 12 0x7ffff3c4f961 /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5(_ZN23QCoreApplicationPrivate16sendPostedEventsEP7QObjectiP11QThreadData+0x271) [0x7ffff3c4f961] 13 0x7ffff3c951f3 /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5(+0x2691f3) [0x7ffff3c951f3] 14 0x7ffff0a6fd53 /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_dispatch+0x133) [0x7ffff0a6fd53] 15 0x7ffff0a700a0 /lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x480a0) [0x7ffff0a700a0] 16 0x7ffff0a70164 /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_iteration+0x34) [0x7ffff0a70164] 17 0x7ffff3c95634 /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5(_ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE+0x64) [0x7ffff3c95634] 18 0x7ffff3c4c8fb /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5(_ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE+0xcb) [0x7ffff3c4c8fb] 19 0x7ffff3c4fe9e /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5(_ZN16QCoreApplication4execEv+0x7e) [0x7ffff3c4fe9e] 20 0x412582 /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree() [0x412582] 21 0x7ffff317176d /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed) [0x7ffff317176d] 22 0x412781 /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree() [0x412781] Program received signal SIGSEGV, Segmentation fault. 0x00007ffff6ee3509 in Allocate (this=<optimized out>, size=<optimized out>) at /home/oszi/WebKit/Source/WTF/wtf/FastMalloc.cpp:3193 3193 RELEASE_ASSERT(IS_DEFINITELY_POISONED(result, allocationSize)); (gdb) bt #0 0x00007ffff6ee3509 in Allocate (this=<optimized out>, size=<optimized out>) at /home/oszi/WebKit/Source/WTF/wtf/FastMalloc.cpp:3193 #1 do_malloc<true> (size=<optimized out>) at /home/oszi/WebKit/Source/WTF/wtf/FastMalloc.cpp:3935 #2 fastMalloc<true> (size=<optimized out>) at /home/oszi/WebKit/Source/WTF/wtf/FastMalloc.cpp:4147 #3 WTF::fastMalloc (size=<optimized out>) at /home/oszi/WebKit/Source/WTF/wtf/FastMalloc.cpp:4120 #4 0x00007ffff58548e0 in operator new (size=120) at /home/oszi/WebKit/Source/WebCore/inspector/InspectorFrontendClientLocal.h:48 #5 WebCore::InspectorClientQt::openInspectorFrontend (this=0x6710d0, inspectorController=<optimized out>) at /home/oszi/WebKit/Source/WebKit/qt/WebCoreSupport/InspectorClientQt.cpp:198 #6 0x00007ffff5eb3b9e in WebCore::InspectorController::show (this=0x7ffff7ec6dc0) at /home/oszi/WebKit/Source/WebCore/inspector/InspectorController.cpp:279 #7 0x0000000000418841 in WebCore::DumpRenderTree::open (this=0x7fffffffe0e0, url=...) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:605 #8 0x0000000000418d91 in WebCore::DumpRenderTree::processLine (this=0x7fffffffe0e0, input=...) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:719 #9 0x000000000041a1f1 in WebCore::DumpRenderTree::readLine (this=0x7fffffffe0e0) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:652 #10 0x0000000000427115 in WebCore::DumpRenderTree::qt_static_metacall (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at .moc/release-shared/moc_DumpRenderTreeQt.cpp:142 #11 0x00007ffff3c7473e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #12 0x00007ffff4cf01f4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5 #13 0x00007ffff4cf35d1 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5 #14 0x00007ffff3c4da24 in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #15 0x00007ffff3c4f961 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #16 0x00007ffff3c951f3 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #17 0x00007ffff0a6fd53 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #18 0x00007ffff0a700a0 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #19 0x00007ffff0a70164 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #20 0x00007ffff3c95634 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #21 0x00007ffff3c4c8fb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #22 0x00007ffff3c4fe9e in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #23 0x0000000000412582 in main (argc=2, argv=<optimized out>) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeMain.cpp:203 (gdb)

Attachments
Add attachment proposed patch, testcase, etc.

Ádám Kallai

Comment 1 2013-02-21 02:17:36 PST

Skipped in: http://trac.webkit.org/changeset/143575 Please unskip them after the proper fix.

Csaba Osztrogonác

Comment 2 2013-02-21 02:40:28 PST

(In reply to comment #1) > Skipped in: http://trac.webkit.org/changeset/143575 > > Please unskip them after the proper fix. It is a P1/critical bug, because of hundreds of crashes. But I don't think if it is a good idea to paper over this serious bug with skipping all inspector tests ...

Csaba Osztrogonác

Comment 3 2013-02-21 02:43:24 PST

cc inspector guys, maybe they can help debugging it.

Csaba Osztrogonác

Comment 4 2013-02-25 22:15:48 PST

copy/paste from the original bug: Comment #17 From Oliver Hunt 2013-02-21 10:52:53 PST (-) [reply] (In reply to comment #16) > New bug report for this serious regression: https://bugs.webkit.org/show_bug.cgi?id=110440 Can you try disabling FastMalloc and running with guardmalloc or some such? I'm not sure why you would be seeing a failure here unless there's a real bug in DRT or the inspector. But then I'd expect other platforms to be equally unhappy.

Csaba Osztrogonác

Comment 5 2013-02-25 22:17:11 PST

So is there anyone interested in fixing this serious bug? Or is crashing _all_ inspector test a feature and not a bug? :)

Ádám Kallai

Comment 6 2013-02-26 08:43:27 PST

I have started dealing this problem. I will try the recommendations of Oliver.

Oliver Hunt

Comment 7 2013-02-26 09:23:03 PST

Can you do a debug build with FORCE_SYSTEM_MALLOC set to 0 in FastMalloc.cpp:102 ?

Ádám Kallai

Comment 8 2013-02-27 09:07:24 PST

Thank you for the workaround. Unskipp: Committed r144197: <http://trac.webkit.org/changeset/144197> (In reply to comment #7) > Can you do a debug build with FORCE_SYSTEM_MALLOC set to 0 in FastMalloc.cpp:102 ? Of course. I'm checking...

Oliver Hunt

Comment 9 2013-02-27 09:30:15 PST

(In reply to comment #8) > Thank you for the workaround. > Unskipp: Committed r144197: <http://trac.webkit.org/changeset/144197> > > (In reply to comment #7) > > Can you do a debug build with FORCE_SYSTEM_MALLOC set to 0 in FastMalloc.cpp:102 ? > > Of course. I'm checking... You'll also want to enable hardening on qt

Jocelyn Turcotte

Comment 10 2014-02-03 03:25:06 PST

=== Bulk closing of Qt bugs === If you believe that this bug report is still relevant for a non-Qt port of webkit.org, please re-open it and remove [Qt] from the summary. If you believe that this is still an important QtWebKit bug, please fill a new report at https://bugreports.qt-project.org and add a link to this issue. See http://qt-project.org/wiki/ReportingBugsInQt for additional guidelines.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution INVALID

Priority P1

Severity Critical

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component Tools / Tests

Assignee

Nobody

Reported

2013-02-21 01:52 PST

Modified

2014-02-03 03:25 PST History

CC List

9 users Show

URL

Keywords

Depends on

Blocks

79668 110275

Dependencies

tree graph