Bug 110440

Summary: [Qt] REGRESSION(143400): It made all inspector tests crash on Qt 64 bit release.
Product: WebKit Reporter: Ádám Kallai <kadam>
Component: Tools / TestsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Critical CC: abecsi, apavlov, hausmann, jturcotte, mhahnenberg, oliver, ossy, pfeldman, zarvai
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 79668, 110275    

Description Ádám Kallai 2013-02-21 01:52:10 PST 
http://build.webkit.sed.hu/results/x86-64%20Linux%20Qt%20Release/r143569%20(48384)/results.html

gdb backtrace is here:

$ gdb WebKitBuild/Release/bin/DumpRenderTree

GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2.1) 7.4-2012.04
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree...done.
(gdb) run -
Starting program: /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe9c7a700 (LWP 10940)]
[New Thread 0x7fffe7650700 (LWP 10941)]
[New Thread 0x7fffe5fc1700 (LWP 10943)]
[Thread 0x7fffe5fc1700 (LWP 10943) exited]
[New Thread 0x7fffe5fc1700 (LWP 10946)]

LayoutTests/inspector/utilities.html
LayoutTests/inspector/version-controller.html

[New Thread 0x7fffe4b36700 (LWP 14906)]
[New Thread 0x7fff9f45e700 (LWP 14907)]
Content-Type: text/plain
This test checks Web Inspector utilities.


Running: binaryIndexOfTest

Running: qselectTest
Array: []
Reference: {}
Actual:    {}
Array: [0]
Reference: {"min":0,"median":0,"max":0}
Actual:    {"min":0,"median":0,"max":0}
Array: [0,0,0,0,0,0,0,0]
Reference: {"min":0,"median":0,"max":0}
Actual:    {"min":0,"median":0,"max":0}
Array: [4,3,2,1]
Reference: {"min":1,"median":3,"max":4}
Actual:    {"min":1,"median":3,"max":4}
Array: [1,2,3,4,5]
Reference: {"min":1,"median":3,"max":5}
Actual:    {"min":1,"median":3,"max":5}
Array: [-1,3,2,7,7,7,10,12,3,4,-1,2]
Reference: {"min":-1,"median":4,"max":12}
Actual:    {"min":-1,"median":4,"max":12}

Running: sortRangeTest

#EOF
#EOF
#EOF
1   0x7ffff6ee3502 /home/oszi/WebKit/WebKitBuild/Release/lib/libQt5WebKit.so.5(_ZN3WTF10fastMallocEm+0x512) [0x7ffff6ee3502]
2   0x7ffff58548e0 /home/oszi/WebKit/WebKitBuild/Release/lib/libQt5WebKit.so.5(+0x4a68e0) [0x7ffff58548e0]
3   0x7ffff5eb3b9e /home/oszi/WebKit/WebKitBuild/Release/lib/libQt5WebKit.so.5(+0xb05b9e) [0x7ffff5eb3b9e]
4   0x418841 /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree() [0x418841]
5   0x418d91 /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree() [0x418d91]
6   0x41a1f1 /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree() [0x41a1f1]
7   0x427115 /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree() [0x427115]
8   0x7ffff3c7473e /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5(_ZN7QObject5eventEP6QEvent+0x34e) [0x7ffff3c7473e]
9   0x7ffff4cf01f4 /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5(_ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent+0xb4) [0x7ffff4cf01f4]
10  0x7ffff4cf35d1 /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5(_ZN12QApplication6notifyEP7QObjectP6QEvent+0x3d1) [0x7ffff4cf35d1]
11  0x7ffff3c4da24 /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5(_ZN16QCoreApplication14notifyInternalEP7QObjectP6QEvent+0x84) [0x7ffff3c4da24]
12  0x7ffff3c4f961 /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5(_ZN23QCoreApplicationPrivate16sendPostedEventsEP7QObjectiP11QThreadData+0x271) [0x7ffff3c4f961]
13  0x7ffff3c951f3 /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5(+0x2691f3) [0x7ffff3c951f3]
14  0x7ffff0a6fd53 /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_dispatch+0x133) [0x7ffff0a6fd53]
15  0x7ffff0a700a0 /lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x480a0) [0x7ffff0a700a0]
16  0x7ffff0a70164 /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_iteration+0x34) [0x7ffff0a70164]
17  0x7ffff3c95634 /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5(_ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE+0x64) [0x7ffff3c95634]
18  0x7ffff3c4c8fb /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5(_ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE+0xcb) [0x7ffff3c4c8fb]
19  0x7ffff3c4fe9e /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5(_ZN16QCoreApplication4execEv+0x7e) [0x7ffff3c4fe9e]
20  0x412582 /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree() [0x412582]
21  0x7ffff317176d /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed) [0x7ffff317176d]
22  0x412781 /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree() [0x412781]

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6ee3509 in Allocate (this=<optimized out>, size=<optimized out>) at /home/oszi/WebKit/Source/WTF/wtf/FastMalloc.cpp:3193
3193      RELEASE_ASSERT(IS_DEFINITELY_POISONED(result, allocationSize));
(gdb) bt
#0  0x00007ffff6ee3509 in Allocate (this=<optimized out>, size=<optimized out>) at /home/oszi/WebKit/Source/WTF/wtf/FastMalloc.cpp:3193
#1  do_malloc<true> (size=<optimized out>) at /home/oszi/WebKit/Source/WTF/wtf/FastMalloc.cpp:3935
#2  fastMalloc<true> (size=<optimized out>) at /home/oszi/WebKit/Source/WTF/wtf/FastMalloc.cpp:4147
#3  WTF::fastMalloc (size=<optimized out>) at /home/oszi/WebKit/Source/WTF/wtf/FastMalloc.cpp:4120
#4  0x00007ffff58548e0 in operator new (size=120) at /home/oszi/WebKit/Source/WebCore/inspector/InspectorFrontendClientLocal.h:48
#5  WebCore::InspectorClientQt::openInspectorFrontend (this=0x6710d0, inspectorController=<optimized out>)
    at /home/oszi/WebKit/Source/WebKit/qt/WebCoreSupport/InspectorClientQt.cpp:198
#6  0x00007ffff5eb3b9e in WebCore::InspectorController::show (this=0x7ffff7ec6dc0) at /home/oszi/WebKit/Source/WebCore/inspector/InspectorController.cpp:279
#7  0x0000000000418841 in WebCore::DumpRenderTree::open (this=0x7fffffffe0e0, url=...) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:605
#8  0x0000000000418d91 in WebCore::DumpRenderTree::processLine (this=0x7fffffffe0e0, input=...)
    at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:719
#9  0x000000000041a1f1 in WebCore::DumpRenderTree::readLine (this=0x7fffffffe0e0) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:652
#10 0x0000000000427115 in WebCore::DumpRenderTree::qt_static_metacall (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>)
    at .moc/release-shared/moc_DumpRenderTreeQt.cpp:142
#11 0x00007ffff3c7473e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#12 0x00007ffff4cf01f4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5
#13 0x00007ffff4cf35d1 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5
#14 0x00007ffff3c4da24 in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#15 0x00007ffff3c4f961 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#16 0x00007ffff3c951f3 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#17 0x00007ffff0a6fd53 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#18 0x00007ffff0a700a0 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#19 0x00007ffff0a70164 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007ffff3c95634 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#21 0x00007ffff3c4c8fb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#22 0x00007ffff3c4fe9e in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#23 0x0000000000412582 in main (argc=2, argv=<optimized out>) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeMain.cpp:203
(gdb)
Comment 1 Ádám Kallai 2013-02-21 02:17:36 PST 
Skipped in:  http://trac.webkit.org/changeset/143575

Please unskip them after the proper fix.
Comment 2 Csaba Osztrogonác 2013-02-21 02:40:28 PST 
(In reply to comment #1)
> Skipped in:  http://trac.webkit.org/changeset/143575
> 
> Please unskip them after the proper fix.

It is a P1/critical bug, because of hundreds of crashes.

But I don't think if it is a good idea to paper over this
serious bug with skipping all inspector tests ...
Comment 3 Csaba Osztrogonác 2013-02-21 02:43:24 PST 
cc inspector guys, maybe they can help debugging it.
Comment 4 Csaba Osztrogonác 2013-02-25 22:15:48 PST 
copy/paste from the original bug:

Comment #17 From Oliver Hunt 2013-02-21 10:52:53 PST (-) [reply]

(In reply to comment #16)
> New bug report for this serious regression: https://bugs.webkit.org/show_bug.cgi?id=110440

Can you try disabling FastMalloc and running with guardmalloc or some such? I'm not sure why you would be seeing a failure here unless there's a real bug in DRT or the inspector.  But then I'd expect other platforms to be equally unhappy.
Comment 5 Csaba Osztrogonác 2013-02-25 22:17:11 PST 
So is there anyone interested in fixing this serious bug?
Or is crashing _all_ inspector test a feature and not a bug? :)
Comment 6 Ádám Kallai 2013-02-26 08:43:27 PST 
I have started dealing this problem. I will try the recommendations of Oliver.
Comment 7 Oliver Hunt 2013-02-26 09:23:03 PST 
Can you do a debug build with FORCE_SYSTEM_MALLOC set to 0 in FastMalloc.cpp:102 ?
Comment 8 Ádám Kallai 2013-02-27 09:07:24 PST 
Thank you for the workaround. 
Unskipp: Committed r144197: <http://trac.webkit.org/changeset/144197>

(In reply to comment #7)
> Can you do a debug build with FORCE_SYSTEM_MALLOC set to 0 in FastMalloc.cpp:102 ?

Of course. I'm checking...
Comment 9 Oliver Hunt 2013-02-27 09:30:15 PST 
(In reply to comment #8)
> Thank you for the workaround. 
> Unskipp: Committed r144197: <http://trac.webkit.org/changeset/144197>
> 
> (In reply to comment #7)
> > Can you do a debug build with FORCE_SYSTEM_MALLOC set to 0 in FastMalloc.cpp:102 ?
> 
> Of course. I'm checking...

You'll also want to enable hardening on qt
Comment 10 Jocelyn Turcotte 2014-02-03 03:25:06 PST 
=== Bulk closing of Qt bugs ===

If you believe that this bug report is still relevant for a non-Qt port of webkit.org, please re-open it and remove [Qt] from the summary.

If you believe that this is still an important QtWebKit bug, please fill a new report at https://bugreports.qt-project.org and add a link to this issue. See http://qt-project.org/wiki/ReportingBugsInQt for additional guidelines.