Bug 265989

Summary: cad/qcad: core dumps on -current
Product: Ports & Packages Reporter: Poul-Henning Kamp <phk>
Component: Individual Port(s)Assignee: Michael Reifenberger <mr>
Status: In Progress ---    
Severity: Affects Some People CC: alt2600, fernape, ice, lumiwa, mr, yuri
Priority: --- Flags: fernape: maintainer-feedback? (mr)
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://www.qcad.org/bugtracker/index.php?do=details&task_id=2393
Bug Depends on: 277236    
Bug Blocks:    
Attachments:
Description Flags
LDD on qcad binary
none
disable optimizations none

Description Poul-Henning Kamp freebsd_committer freebsd_triage 2022-08-22 10:13:24 UTC 
qcad-3.27.6.0                  Professional CAD system

FreeBSD 14.0-CURRENT #0: Wed Aug 17 08:48:08 UTC 2022

    critter phk> qcad
    QCAD version  3.27.6
    10:12:25: Debug:    loading plugins...
    10:12:25: Debug:    loading static plugins...
    Segmentation fault (core dumped)

Let me know if there is further info I should collect.
Comment 1 Michael Reifenberger freebsd_committer freebsd_triage 2022-08-27 16:53:32 UTC 
Hi,
before digging deeper please try the latest version 3.27.6.7 which was commited now.
Comment 2 Poul-Henning Kamp freebsd_committer freebsd_triage 2022-08-28 10:44:01 UTC 
I tried 3.27.6.7 on a main-n257645 kernel and it still core-dumps.

Here is the tail end of ktrace(8) output:

   critter phk> kdump | tail -20
    10789 qcad-bin RET   fstatat 0
    10789 qcad-bin CALL  fstatat(AT_FDCWD,0x869ce2a98,0x820cf53a0,0)
    10789 qcad-bin NAMI  "/usr/local/share/qcad/plugins/script"
    10789 qcad-bin STRU  struct stat {dev=75, ino=1533852, mode=040755, nlink=2, uid=0, gid=0, rdev=3089315, atime=1661682864.176922581, mtime=1661682864.868923018, ctime=1661682864.868923018, birthtime=1661682864.176922581, size=2560, blksize=32768, blocks=8, flags=0x0 }
    10789 qcad-bin RET   fstatat 0
    10789 qcad-bin CALL  fstatat(AT_FDCWD,0x869ce2bd8,0x820cf5360,0)
    10789 qcad-bin NAMI  "/usr/local/share/qcad/plugins/script/qt"
    10789 qcad-bin RET   fstatat -1 errno 2 No such file or directory
    10789 qcad-bin CALL  sigprocmask(SIG_BLOCK,0,0x820cf5258)
    10789 qcad-bin RET   sigprocmask 0
    10789 qcad-bin CALL  __sysctlbyname(0x83b7881db,0x15,0x83b7a0e40,0x820cf5158,0,0)
    10789 qcad-bin SCTL  "kern.sched.cpusetsize"
    10789 qcad-bin RET   __sysctlbyname 0
    10789 qcad-bin CALL  cpuset_getaffinity(0x3,0x1,0x18e87,0x20,0x869d22e00)
    10789 qcad-bin STRU  cpuset_t [ 0, 1, 2, 3, 4, 5, 6, 7 ]
    10789 qcad-bin RET   cpuset_getaffinity 0
    10789 qcad-bin PSIG  SIGSEGV SIG_DFL code=SEGV_MAPERR
    10789 qcad-bin RET   _umtx_op -1 errno 4 Interrupted system call
    10789 qcad-bin RET   poll -1 errno 4 Interrupted system call
    10789 qcad-bin NAMI  "/critter/qcad-bin.core"
   critter phk> kdump | grep NAMI | tail -20
    10789 qcad-bin NAMI  "/usr/local"
    10789 qcad-bin NAMI  "/usr/local/share"
    10789 qcad-bin NAMI  "/usr/local/share/qcad"
    10789 qcad-bin NAMI  "/usr/local/share/qcad/plugins"
    10789 qcad-bin NAMI  "/usr/local/share/qcad/plugins/script"
    10789 qcad-bin NAMI  "/usr/local/share/qcad/plugins/script/libqtscript_core.so"
    10789 qcad-bin NAMI  "/usr/local/share/qcad/plugins/script/libqtscript_core.so"
    10789 qcad-bin NAMI  "/usr/local/share/qcad/plugins/script/libqtscript_core.so"
    10789 qcad-bin NAMI  "/usr/local/share/qcad/plugins/script/libqtscript_core.so.1.0.0"
    10789 qcad-bin NAMI  "/usr/local/share/qcad/plugins/script/libqtscript_core.so.1.0.0"
    10789 qcad-bin NAMI  "/usr"
    10789 qcad-bin NAMI  "/usr/local"
    10789 qcad-bin NAMI  "/usr/local/share"
    10789 qcad-bin NAMI  "/usr/local/share/qcad"
    10789 qcad-bin NAMI  "/usr/local/share/qcad/plugins"
    10789 qcad-bin NAMI  "/usr/local/share/qcad/plugins/script"
    10789 qcad-bin NAMI  "/usr/local/share/qcad/plugins/script/libqtscript_core.so.1.0.0"
    10789 qcad-bin NAMI  "/usr/local/share/qcad/plugins/script"
    10789 qcad-bin NAMI  "/usr/local/share/qcad/plugins/script/qt"
    10789 qcad-bin NAMI  "/critter/qcad-bin.core"
Comment 3 Michael Reifenberger freebsd_committer freebsd_triage 2022-08-29 19:28:41 UTC 
Hi,
I don't have a /usr/local/share/qcad/plugins/script/qt either nor a shortdump.

What does ldd /usr/local/share/qcad/plugins/script/libqtscript_core.so.1.0.0 show?

Maybe a missing dependency?
Comment 4 Poul-Henning Kamp freebsd_committer freebsd_triage 2022-08-29 19:42:32 UTC 
Created attachment 236229 [details]
LDD on qcad binary
Comment 5 Poul-Henning Kamp freebsd_committer freebsd_triage 2022-08-29 19:42:50 UTC 
ldd looks good, see attachment.
Comment 6 Poul-Henning Kamp freebsd_committer freebsd_triage 2022-08-29 19:44:23 UTC 
Tried running with lldb, but it's probably not much help:

   critter phk> lldb /usr/local/bin/qcad
   (lldb) target create "/usr/local/bin/qcad"
   Current executable set to '/usr/local/bin/qcad' (x86_64).
   (lldb) run
   Process 75396 launched: '/usr/local/bin/qcad' (x86_64)
   QCAD version  3.27.6.7
   19:43:22: Debug:    loading plugins...
   19:43:22: Debug:    loading static plugins...
   Process 75396 stopped
   * thread #1, name = 'qcad-bin', stop reason = signal SIGSEGV: invalid address (fault address: 0xffffffffffffffc9)
       frame #0: 0x0000000835267da0 libQt5Script.so.5`___lldb_unnamed_symbol3392 + 1472
   libQt5Script.so.5`___lldb_unnamed_symbol3392:
   ->  0x835267da0 <+1472>: movq   -0x38(%r12), %r14
       0x835267da5 <+1477>: jmp    0x835267e13               ; <+1587>
       0x835267da7 <+1479>: movq   -0x30(%rbp), %rax
       0x835267dab <+1483>: movq   0x30(%rax), %r13
   (lldb) bt
   * thread #1, name = 'qcad-bin', stop reason = signal SIGSEGV: invalid address (fault address: 0xffffffffffffffc9)
     * frame #0: 0x0000000835267da0 libQt5Script.so.5`___lldb_unnamed_symbol3392 + 1472
       frame #1: 0x00000008351f1a37 libQt5Script.so.5`___lldb_unnamed_symbol2153 + 503
       frame #2: 0x00000008351f0999 libQt5Script.so.5`___lldb_unnamed_symbol2140 + 121
       frame #3: 0x000000083526fb91 libQt5Script.so.5`___lldb_unnamed_symbol3454 + 65
       frame #4: 0x0000000835271114 libQt5Script.so.5`QScriptEngine::newVariant(QVariant const&) + 68
       frame #5: 0x0000000877e97d7b libqtscript_core.so.1.0.0`qtscript_create_Qt_class(QScriptEngine*) + 23051
       frame #6: 0x0000000877f2e060 libqtscript_core.so.1.0.0`qtscript_initialize_com_trolltech_qt_core_bindings(QScriptValue&) + 144
       frame #7: 0x0000000877d9fa18 libqtscript_core.so.1.0.0`non-virtual thunk to com_trolltech_qt_core_ScriptPlugin::initialize(QString const&, QScriptEngine*) + 104
       frame #8: 0x0000000835276f9c libQt5Script.so.5`QScriptEngine::importExtension(QString const&) + 4636
       frame #9: 0x0000000824d2b3d1 libqcadecmaapi.so`RScriptHandlerEcma::RScriptHandlerEcma() + 913
       frame #10: 0x0000000824d380fc libqcadecmaapi.so`RScriptHandlerEcma::factory() + 28
       frame #11: 0x000000082afb727e libqcadcore.so`RScriptHandlerRegistry::getGlobalScriptHandler(QString const&) + 190
       frame #12: 0x0000000000206e27 qcad`___lldb_unnamed_symbol306 + 3767
       frame #13: 0x0000000000205d80 qcad`___lldb_unnamed_symbol313 + 256
Comment 7 ice 2022-08-31 06:07:50 UTC 
FWIW this started happening after

commit 787e501e3d8fdc162dc019f352b280298b192b0a
Author: Tobias C. Berner <tcberner@FreeBSD.org>
Date:   Tue Jun 28 10:08:18 2022 +0200

    qt5: Update Qt to 5.15.5 (KDE patched)
    
    - update patch-collection diff to be at the highest patch-level
    - update patch-collection diff to be against 5.15.5 instead of 5.15.2
    - update devel/qt5-script to 5.15.10
    - libressl support by Felix Palmen <felix@palmen-it.de>

The curious things is if you compile devel/qt5-script (or was it qt5-scripttools? qt5-script, I think) with debug, the problem seems to go away. I don't remember if I tried rolling back qt5-script itself to the previous one, then again there doesn't seem to be an actual difference between 5.15.2p4 and 5.15.10p0, files/ hadn't changed in ages either (and I gave up looking here).

Oh, I'm on 13.1-RELEASE-p1.
Comment 8 ice 2022-09-10 08:44:10 UTC 
This might be a more general problem with qt5-script or some other parts of Qt though (that is likely to have started with 787e501e).

I have just tested databases/sqlitestudio and emulators/ukncbtl, which both make use of Qt's scripting facilities (fair warning though, I am not a regular user of these packages). As soon as either is triggered to run a QtScript/JavaScript/whatever it is called today script/function, a crash occurs in libQt5Script.so (which had been compiled without debug, as having it compiled with debug seemingly makes the entire problem go away).

On the other hand, were this completely true, one would assume large chunks of KDE to be failing as well, but there doesn't seem to be any obvious noise in that neck of the woods, so take this observation for what it's worth.

(gdb) run
Starting program: /usr/local/bin/sqlitestudio /tmp/baboo.db 
[New LWP 112056 of process 85397]
[New LWP 112057 of process 85397]
[New LWP 112058 of process 85397]
[Detaching after fork from child process 85660]
[New LWP 112059 of process 85397]
[New LWP 112060 of process 85397]

Thread 6 received signal SIGSEGV, Segmentation fault.
Address not mapped to object.
[Switching to LWP 112060 of process 85397]
0x000000080276f038 in ?? () from /usr/local/lib/qt5/libQt5Script.so.5
(gdb) where
#0  0x000000080276f038 in ?? () from /usr/local/lib/qt5/libQt5Script.so.5
#1  0x0000000802772459 in ?? () from /usr/local/lib/qt5/libQt5Script.so.5
#2  0x00000008027a90e6 in ?? () from /usr/local/lib/qt5/libQt5Script.so.5
#3  0x0000000802824d93 in QScriptValue::call(QScriptValue const&, QScriptValue const&) () from /usr/local/lib/qt5/libQt5Script.so.5
#4  0x000000080048f2d3 in ScriptingQt::evaluate(ScriptingQt::ContextQt*, QScriptContext*, QString const&, QList<QVariant> const&, Db*, bool) ()
   from /usr/local/lib/libcoreSQLiteStudio.so.1
#5  0x000000080048f1a9 in ScriptingQt::evaluate(QString const&, QList<QVariant> const&, Db*, bool, QString*) () from /usr/local/lib/libcoreSQLiteStudio.so.1
#6  0x000000080048f57a in non-virtual thunk to ScriptingQt::evaluate(QString const&, QList<QVariant> const&, Db*, bool, QString*) ()
   from /usr/local/lib/libcoreSQLiteStudio.so.1
#7  0x00000008004b8675 in FunctionManagerImpl::evaluateScriptScalar(FunctionManager::ScriptFunction*, QString const&, int, QList<QVariant> const&, Db*, bool&) ()
   from /usr/local/lib/libcoreSQLiteStudio.so.1
#8  0x00000008004b8423 in FunctionManagerImpl::evaluateScalar(QString const&, int, QList<QVariant> const&, Db*, bool&) () from /usr/local/lib/libcoreSQLiteStudio.so.1
#9  0x00000008004b233e in AbstractDb::evaluateScalar(void*, QList<QVariant> const&, bool&) () from /usr/local/lib/libcoreSQLiteStudio.so.1
#10 0x00000008004d602b in AbstractDb3<Sqlite3>::evaluateScalar(sqlite3_context*, int, sqlite3_value**) () from /usr/local/lib/libcoreSQLiteStudio.so.1
#11 0x00000008025b054a in ?? () from /usr/local/lib/libsqlite3.so.0
#12 0x000000080257c151 in sqlite3_step () from /usr/local/lib/libsqlite3.so.0
#13 0x00000008004d50d5 in AbstractDb3<Sqlite3>::Query::fetchNext() () from /usr/local/lib/libcoreSQLiteStudio.so.1
#14 0x00000008004d5e9f in AbstractDb3<Sqlite3>::Query::fetchFirst() () from /usr/local/lib/libcoreSQLiteStudio.so.1
#15 0x00000008004d485d in AbstractDb3<Sqlite3>::Query::execInternal(QHash<QString, QVariant> const&) () from /usr/local/lib/libcoreSQLiteStudio.so.1
#16 0x0000000800501772 in SqlQuery::execute() () from /usr/local/lib/libcoreSQLiteStudio.so.1
#17 0x0000000800462a80 in QueryExecutorExecute::executeQueries() () from /usr/local/lib/libcoreSQLiteStudio.so.1
#18 0x0000000800459afb in QueryExecutor::executeChain() () from /usr/local/lib/libcoreSQLiteStudio.so.1
#19 0x000000080045afd3 in QueryExecutor::execInternal() () from /usr/local/lib/libcoreSQLiteStudio.so.1
#20 0x0000000801e73469 in ?? () from /usr/local/lib/qt5/libQt5Core.so.5
#21 0x0000000801e6f248 in ?? () from /usr/local/lib/qt5/libQt5Core.so.5
#22 0x0000000801b0883a in thread_start (curthread=0x807148a00) at /usr/src/lib/libthr/thread/thr_create.c:292
#23 0x0000000000000000 in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffdf7fa000
Comment 9 Poul-Henning Kamp freebsd_committer freebsd_triage 2022-09-18 13:26:36 UTC 
Just tried, qcad also coredumps on 13.1-R
Comment 10 Yuri Victorovich freebsd_committer freebsd_triage 2022-09-18 23:47:03 UTC 
(In reply to Poul-Henning Kamp from comment #9)

Hi Poul-Henning,


If you just need to use qcad then, as somebody mentioned above, the workaround is to install devel/qt5-script with debug info (WITH_DEBUG=yes).


Yuri
Comment 11 Michael Reifenberger freebsd_committer freebsd_triage 2022-10-09 10:44:52 UTC 
Hi,
just updated qcad to 3.27.7.0
Maybe it does help?
Comment 12 alt2600 2022-11-04 23:14:12 UTC 
(In reply to Michael Reifenberger from comment #11)

QCAD version  3.27.7
19:06:19: Debug:    loading plugins...
19:06:19: Debug:    loading static plugins...
Segmentation fault

not better on 13.1, I have core dumps disabled, but same seg fault
Comment 13 lumiwa 2022-12-03 11:08:37 UTC 
I am using binary package on FreeBSD 13.1-RELEASE (pkg install) and I have the same problem still.

Thank you.
Comment 14 Yuri Pankov freebsd_committer freebsd_triage 2023-06-23 09:40:01 UTC 
Apparently what helps here isn't the debug itself, rather disabling the optimizations, so building qt5-script with e.g. CFLAGS="-pipe" helps as well (could be a "fix" here?).

Anyway, here's a bit better backtrace, qt5-script built with -O2 (so that qcad dumps core), -g, and not stripped (STRIP=""):

#0  0x0000000803da0320 in QScriptEnginePrivate::mark (this=0x805ca7180, markStack=...) at api/qscriptengine.cpp:1320
#1  0x0000000803d316f6 in QTJSC::Heap::markRoots (this=this@entry=0x808c5b9e8)
    at ../3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:1167
#2  0x0000000803d306f7 in QTJSC::Heap::reset (this=0x808c5b9e8)
    at ../3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:1269
#3  QTJSC::Heap::allocate (this=0x808c5b9e8, s=<optimized out>)
    at ../3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:405
#4  0x0000000803da7930 in QTJSC::JSCell::operator new (size=56, exec=<optimized out>)
    at ../3rdparty/javascriptcore/JavaScriptCore/runtime/JSCell.h:167
#5  QScriptEnginePrivate::newVariant (this=this@entry=0x805ca7180, value=...) at api/qscriptengine.cpp:1797
#6  0x0000000803da8c93 in QScriptEngine::newVariant (this=<optimized out>, value=...) at api/qscriptengine.cpp:2233
#7  0x00000008099f15e8 in qtscript_create_Qt_class(QScriptEngine*) ()
   from /usr/local/share/qcad/plugins/script/libqtscript_core.so.1.0.0
#8  0x0000000809a83ab0 in qtscript_initialize_com_trolltech_qt_core_bindings(QScriptValue&) ()
   from /usr/local/share/qcad/plugins/script/libqtscript_core.so.1.0.0
#9  0x00000008099034d8 in non-virtual thunk to com_trolltech_qt_core_ScriptPlugin::initialize(QString const&, QScriptEngine*) () from /usr/local/share/qcad/plugins/script/libqtscript_core.so.1.0.0
#10 0x0000000803dae3b4 in QScriptEngine::importExtension (this=0x805cd9560, extension=...)
    at api/qscriptengine.cpp:3769
#11 0x0000000800ae3410 in RScriptHandlerEcma::RScriptHandlerEcma() () from /usr/local/lib/libqcadecmaapi.so
#12 0x0000000800aeffac in RScriptHandlerEcma::factory() () from /usr/local/lib/libqcadecmaapi.so
#13 0x0000000801db0dee in RScriptHandlerRegistry::getGlobalScriptHandler(QString const&) ()
   from /usr/local/lib/libqcadcore.so
#14 0x00000000002069f5 in ?? ()
#15 0x00000008045b2d1b in __libc_start1 (argc=1, argv=0x7fffffffea10, env=0x7fffffffea20, cleanup=<optimized out>,
    mainX=0x205b40) at /usr/src/lib/libc/csu/libc_start1.c:155
Comment 15 Yuri Pankov freebsd_committer freebsd_triage 2023-06-23 10:05:18 UTC 
Created attachment 242949 [details]
disable optimizations

The following patch seems to help...
Comment 16 ice 2024-02-23 10:02:47 UTC 
See bug #277236 for a seemingly proper fix that works for me
Comment 17 Michael Reifenberger freebsd_committer freebsd_triage 2024-03-26 18:32:43 UTC 
Yes disabling optimization for devel/qt5-script does prevent the dump.
So in the end it seems a devel/qt5-script issue.