Segfault (sometimes) on Ajax-poller benchmark

[budde377]

When running artemis on ajax-poller i (sometimes) get a segfault.

artemis http://localhost:8001/ajax-poller/ajax-poller.php -i 500

the gdb trace does not reveal where it goes wrong:

#0  0x00007ffff3517dc0 in ?? () from /usr/lib/x86_64-linux-gnu/libQtNetwork.so.4
#1  0x00007ffff355ec9e in ?? () from /usr/lib/x86_64-linux-gnu/libQtNetwork.so.4
#2  0x00007ffff35c6c6d in ?? () from /usr/lib/x86_64-linux-gnu/libQtNetwork.so.4
#3  0x00007ffff3188281 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#4  0x00007ffff35c51a5 in ?? () from /usr/lib/x86_64-linux-gnu/libQtNetwork.so.4
#5  0x00007ffff318d446 in QObject::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#6  0x00007ffff39e2894 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#7  0x00007ffff39e7713 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#8  0x000000000044f976 in ExceptionHandlingQApp::notify (this=<optimized out>, rec=<optimized out>, ev=<optimized out>) at src/exceptionhandlingqapp.cpp:28
#9  0x00007ffff3173e9c in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#10 0x00007ffff3177c6a in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#11 0x00007ffff31a2f93 in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#12 0x00007ffff10c9d53 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#13 0x00007ffff10ca0a0 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#14 0x00007ffff10ca164 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#15 0x00007ffff31a33bf in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#16 0x00007ffff3172c82 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#17 0x00007ffff3172ed7 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#18 0x00007ffff355d798 in ?? () from /usr/lib/x86_64-linux-gnu/libQtNetwork.so.4
#19 0x00007ffff35c6df5 in ?? () from /usr/lib/x86_64-linux-gnu/libQtNetwork.so.4
#20 0x00007ffff318d446 in QObject::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#21 0x00007ffff39e2894 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#22 0x00007ffff39e7713 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#23 0x000000000044f976 in ExceptionHandlingQApp::notify (this=<optimized out>, rec=<optimized out>, ev=<optimized out>) at src/exceptionhandlingqapp.cpp:28
#24 0x00007ffff3173e9c in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#25 0x00007ffff3177c6a in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#26 0x00007ffff31a2f93 in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#27 0x00007ffff10c9d53 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#28 0x00007ffff10ca0a0 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#29 0x00007ffff10ca164 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#30 0x00007ffff31a33bf in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#31 0x00007ffff3172c82 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#32 0x00007ffff3172ed7 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#33 0x00007ffff3071fa7 in QThread::exec() () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#34 0x00007ffff3074fcb in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#35 0x00007ffff2de3e9a in start_thread (arg=0x7fffe1250700) at pthread_create.c:308
#36 0x00007ffff25faccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#37 0x0000000000000000 in ?? ()

can you reproduce this error? This might be caused by ajax-callbacks.

[sema]

I have another segfault where heapReportFactor suddenly becomes 0 and causes and arithmetic exception.

0 0x00007ffff56237c3 in QWebExecutionListener::javascript_called_function

(this=0x959d30, frame=...) at ../../../Source/WebKit/qt/Api/qwebexecutionlistener.cpp:256

1 0x00007ffff56a8611 in inst::ListenerDebugger::callEvent (this=0xa380b0,

frame=..., sourceID=12388976, lineNumber=47) at ../../../../Source/WebCore/instrumentation/listenerdebugger.cpp:29

2 0x00007ffff650becd in JSC::Interpreter::debug (this=0xa52ab0,

callFrame=0x7fffc4249130, debugHookID=JSC::DidEnterCallFrame, firstLine=47, lastLine=48) at ../../../../Source/JavaScriptCore/interpreter/Interpreter.cpp:1768

3 0x00007ffff6520743 in JSC::Interpreter::privateExecute (this=0xa52ab0,

flag=JSC::Interpreter::Normal, registerFile=0xa52ac8, callFrame=0x7fffc4249130) at ../../../../Source/JavaScriptCore/interpreter/Interpreter.cpp:6131

4 0x00007ffff650a1d2 in JSC::Interpreter::executeCall (this=0xa52ab0,

callFrame=0x7fffd815fae0, function=0x7fffd817dc20, callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../../../Source/JavaScriptCore/interpreter/Interpreter.cpp:1434

5 0x00007ffff65a3fcd in JSC::call (exec=0x7fffd815fae0,

functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../../../Source/JavaScriptCore/runtime/CallData.cpp:39

6 0x00007ffff56c5dec in WebCore::JSMainThreadExecState::call

(exec=0x7fffd815fae0, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../../../Source/WebCore/bindings/js/JSMainThreadExecState.h:56

7 0x00007ffff56f57ed in WebCore::JSEventListener::handleEvent

(this=0xbc5cb0, scriptExecutionContext=0xb46ad8, event=0xb6e5f0) at ../../../../Source/WebCore/bindings/js/JSEventListener.cpp:133

8 0x00007ffff59acbe0 in WebCore::EventTarget::fireEventListeners

(this=0xb6be70, event=0xb6e5f0, d=0xb71680, entry=...) at ../../../../Source/WebCore/dom/EventTarget.cpp:246

9 0x00007ffff59ac9de in WebCore::EventTarget::fireEventListeners

(this=0xb6be70, event=0xb6e5f0) at ../../../../Source/WebCore/dom/EventTarget.cpp:209

10 0x00007ffff59c5329 in WebCore::Node::handleLocalEvents (this=0xb6be70,

event=0xb6e5f0) at ../../../../Source/WebCore/dom/Node.cpp:2728

11 0x00007ffff59a25af in WebCore::EventDispatcher::dispatchEvent

(this=0x7fffffff8cb0, event=...) at ../../../../Source/WebCore/dom/EventDispatcher.cpp:304

12 0x00007ffff59a0486 in WebCore::EventDispatchMediator::dispatchEvent

(this=0xb62680, dispatcher=0x7fffffff8cb0) at ../../../../Source/WebCore/dom/EventDispatchMediator.cpp:51

13 0x00007ffff59a0f8a in WebCore::EventDispatcher::dispatchEvent

(node=0xb6be70, mediator=...) at ../../../../Source/WebCore/dom/EventDispatcher.cpp:55

14 0x00007ffff59c5478 in WebCore::Node::dispatchEvent (this=0xb6be70,

event=...) at ../../../../Source/WebCore/dom/Node.cpp:2743

15 0x00007ffff59ac799 in WebCore::EventTarget::dispatchEvent

(this=0xb6be70, event=..., ec=@0x7fffffff8dcc: 0) at ../../../../Source/WebCore/dom/EventTarget.cpp:180

16 0x00007ffff624cf59 in WebCore::jsNodePrototypeFunctionDispatchEvent

(exec=0x7fffc4249080) at generated/JSNode.cpp:739

17 0x00007ffff651d857 in JSC::Interpreter::privateExecute (this=0xa52ab0,

flag=JSC::Interpreter::Normal, registerFile=0xa52ac8, callFrame=0x7fffc4249038) at ../../../../Source/JavaScriptCore/interpreter/Interpreter.cpp:5441

18 0x00007ffff65099e3 in JSC::Interpreter::execute (this=0xa52ab0,

program=0x7fffd811f8e0, callFrame=0x7fffd815fae0, scopeChain=0x7fffd817f160, thisObj=0x7fffd817f2a0) at ../../../../Source/JavaScriptCore/interpreter/Interpreter.cpp:1361

19 0x00007ffff65a57de in JSC::evaluate (exec=0x7fffd815fae0,

scopeChain=0x7fffd817f160, source=..., thisValue=..., returnedException=0x7fffffffc4a0) at ../../../../Source/JavaScriptCore/runtime/Completion.cpp:73

20 0x00007ffff56086da in QWebElement::evaluateJavaScript

(this=0x7fffffffc8d0, scriptSource=..., u=..., hideFromArtemis=false) at ../../../Source/WebKit/qt/Api/qwebelement.cpp:801

21 0x000000000041eb4c in artemis::DomInput::apply (this=,

page=...) at src/runtime/input/dominput.cpp:66

22 0x0000000000429e39 in artemis::WebKitExecutor::slLoadFinished

(this=0x8fde70, ok=) at src/runtime/browser/webkitexecutor.cpp:280

23 0x00000000004afbfc in artemis::WebKitExecutor::qt_static_metacall

(_o=, _c=, _id=, _a=) at build/moc_webkitexecutor.cpp:63

24 0x00007ffff2fa80ef in QMetaObject::activate(QObject*, QMetaObject

const_, int, void_*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4

25 0x00007ffff55f9fc8 in QWebPage::loadFinished (this=0x8fdfb0, _t1=true)

at ./moc_qwebpage.cpp:390

26 0x00007ffff5646cf5 in WebCore::FrameLoaderClientQt::emitLoadFinished

(this=0xa228b0, ok=true) at ../../../Source/WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:1693

27 0x00007ffff563ee29 in

WebCore::FrameLoaderClientQt::dispatchDidFinishLoad (this=0xa228b0) at ../../../Source/WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:535

28 0x00007ffff5d305b5 in

WebCore::FrameLoader::checkLoadCompleteForThisFrame (this=0xa22b60) at ../../../../Source/WebCore/loader/FrameLoader.cpp:2116

29 0x00007ffff5d313d4 in WebCore::FrameLoader::checkLoadComplete

(this=0xa22b60) at ../../../../Source/WebCore/loader/FrameLoader.cpp:2284

[budde377]

I have seen and corrected that error (now pushed). It is however very strange that it should be evaluated since heap dump wasn't enabled?

[sema]

I'm debugging it now. My options object contains a lot of wrong (and impossible) settings, so something in Artemis is writing to some memory when it should not.

[sema]

My problem is now fixed in 9e232e5181e604598d65c1f3d2aae68afdb41a36 and I did not observe the original problem (at least not up until iteration 150...).

Christian, can you check if your problem is still present or is gone?

[budde377]

I still see the segfault. It would however seem that it occurs much later >200.

[sema]

I'm able to run the full 500 iterations.

=== Statistics ===

FormCrawl::Entrypoints: 1000 timers::registered: 2838 WebKit::coverage::covered-unique: 217 timers::fired: 1407 InputGenerator::added-configurations: 4827 Concolic::Solver::ConstraintsNotWritten: 1 WebKit::coverage::covered: 1731725 ajax::fired: 2154