Crash on exit in QPA mode

[ariya]

n...@berglondon.com commented:

Which version of PhantomJS are you using? Tip: run 'phantomjs --version'.

Version 1.5.0 (development)

What steps will reproduce the problem?

1. Using Gentoo Linux on EC2 (as part of EngineYard's PaaS Ruby on Rails environment)
2. Build Qt 4.8 headless
3. Run anything

What is the expected output? What do you see instead?

I get a segfault, and this is the backtrace as shown in gdb:

(gdb) set args -platform Minimal examples/rasterize.js http://google.com/ google.png
(gdb) run
... (runs, and successfully makes the PNG) ...
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb56e66d0 (LWP 24430)]
0xb600bdb2 in QEventDispatcherQPAPrivate::~QEventDispatcherQPAPrivate ()
from /home/deploy/phantomjs/deploy/Qt-4.8.0/lib/libQtGui.so.4
(gdb) bt

0 0xb600bdb2 in QEventDispatcherQPAPrivate::~QEventDispatcherQPAPrivate ()

from /home/deploy/phantomjs/deploy/Qt-4.8.0/lib/libQtGui.so.4

1 0xb5b2367d in QObject::~QObject () from /home/deploy/phantomjs/deploy/Qt-4.8.0/lib/libQtCore.so.4

2 0xb5af7c28 in QAbstractEventDispatcher::~QAbstractEventDispatcher ()

from /home/deploy/phantomjs/deploy/Qt-4.8.0/lib/libQtCore.so.4

3 0xb5b3a2e5 in QEventDispatcherUNIX::~QEventDispatcherUNIX ()

from /home/deploy/phantomjs/deploy/Qt-4.8.0/lib/libQtCore.so.4

4 0xb600af8d in QEventDispatcherQPA::~QEventDispatcherQPA ()

from /home/deploy/phantomjs/deploy/Qt-4.8.0/lib/libQtGui.so.4

5 0xb5b1b112 in QObjectPrivate::deleteChildren () from /home/deploy/phantomjs/deploy/Qt-4.8.0/lib/libQtCore.so.4

6 0xb5b23648 in QObject::~QObject () from /home/deploy/phantomjs/deploy/Qt-4.8.0/lib/libQtCore.so.4

7 0xb5b0a232 in QCoreApplication::~QCoreApplication () from /home/deploy/phantomjs/deploy/Qt-4.8.0/lib/libQtCore.so.4

8 0xb5f8fb34 in QApplication::~QApplication () from /home/deploy/phantomjs/deploy/Qt-4.8.0/lib/libQtGui.so.4

9 0x08060599 in main ()

Which operating system are you using?

Gentoo Linux

Did you use binary PhantomJS or did you compile it from source?

Compiled.

Please provide any additional information below.

This seems to be related to the following line within Qt:

http://qt.gitorious.org/qt/qt/blobs/4.8/src/gui/kernel/qeventdispatcher_qpa.cpp#line135

I have put print statements either side, and this is exactly where it seems to segfault, and it's possibly related to another thread keeping hold of a reference to selectWorker.

Disclaimer:
This issue was migrated on 2013-03-15 from the project's former issue tracker on Google Code, Issue #382.
🌟   9 people had starred this issue at the time of migration.

[ariya]

n...@berglondon.com commented:

Oops, the title should read 'crash on exit', not 'edit'!

[fudanchii]

nurahma...@gmail.com commented:

Same issue here.
And yes it seems ~QEventDispatcherQPAPrivate() trying to free uninitialized/already freed memory.
I tried to comment this line out

http://qt.gitorious.org/qt/qt/blobs/4.8/src/gui/kernel/qeventdispatcher_qpa.cpp#line136

And it solved the problem.
Here is possible memory leaks as reported by valgrind. Line 70 and 82 to be highlighted

http://bpaste.net/show/25720/

And this is after I comment line 136 from qeventdispatcher_qpa.cpp

http://bpaste.net/show/25721/

Hope it can help for further check.

[ariya]

n...@berglondon.com commented:

Fantastic, thanks for the update, I'll have a look on my platform today and see if this fixes the crash. Both LEAK SUMMARY sections seem to say roughly the same thing, so do you think this is actually causing a leak?

I personally don't mind a potential leak since we're running phantom in one-shot mode, but I wonder if this is fixed in Qt HEAD. I hear that 4.8 is the last release before 5.0 so I'm not sure how much disruption to the code base that will mean.

[fudanchii]

nurahma...@gmail.com commented:

Yes, it's roughly the same. I just want to highlight that valgrind caught unitialised value at the former (line 70), and it then resolved after delete selectWorker commented out.

And yes, since phantom being used mostly in one-shot mode. In addition that this is actually happen at housekeeping. It should be fine to remove that line out.

Let's hope someone from upstream check this out and confirm with things. ;)

[ariya]

ariya.hi...@gmail.com commented:

Issue 383 has been merged into this issue.

[ariya]

ariya.hi...@gmail.com commented:

Was the test with removing 'delete selectWorker' tested on PhantomJS 1.5 or PhantomJS 1.4 (with the builds script)?

If that is with 1.5, then I'll apply the workaround in the actual 1.5 branch.

 
Metadata Updates

• Label(s) added:
  • Component-Logic
  • Domain-Qt
• Milestone updated: Release1.5 (was: ---)
• Status updated: Accepted
• Title updated: Crash on exit in QPA mode

[ariya]

ariya.hi...@gmail.com commented:

Issue 457 has been merged into this issue.

[fudanchii]

nurahma...@gmail.com commented:

Only with 1.5, built with the provided build script. I can confirm that there's no such problem with 1.4. Thanks for the update.

[ariya]

ariya.hi...@gmail.com commented:

 

 
Metadata Updates

• Merged into: Crash upon exit (Lighthouse/QPA) #10497 (GC-497)
• Status updated: Duplicate