Bug report #14176

test -V -R qgis_analyzertest segfaults

Added by Sandro Santilli over 1 year ago. Updated about 1 year ago.

Status:Closed Start Date:01/27/2016
Priority:Normal Due date:
Assigned to:Sandro Santilli % Done:

90%

Category:OGR Data Provider
Target version:Version 2.14
Platform: Pull Request or Patch supplied:Yes
Platform version: Affected version:master
Status info: Causes crash or corruption:Yes
Resolution: Tag:

Description

I get a segfault running test -V -R qgis_analyzertest.
The standalone test is output/bin/qgis_analyzertest, which segfaults on exit:

PASS   : TestQgsVectorAnalyzer::cleanupTestCase()
Totals: 10 passed, 0 failed, 0 skipped
********* Finished testing of TestQgsVectorAnalyzer *********
src/core/layertree/qgslayertreeregistrybridge.cpp: 78: (layersWillBeRemoved) [12ms] 0 layers will be removed, enabled:1
src/providers/postgres/qgspostgresconnpool.cpp: 33: (~QgsPostgresConnPool) [1ms] Entering.
src/providers/postgres/qgspostgresconnpool.cpp: 33: (~QgsPostgresConnPool) [0ms] Leaving.
src/providers/ogr/qgsogrconnpool.cpp: 33: (~QgsOgrConnPool) [0ms] Entering.
src/providers/ogr/qgsogrconnpool.cpp: 33: (~QgsOgrConnPool) [0ms] Leaving.

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000141 in ?? ()
(gdb) bt
#0  0x0000000000000141 in ?? ()
#1  0x00007fffbfbc71ad in qgsConnectionPool_ConnectionDestroy (c=0x954500) at /usr/src/qgis/qgis-master/src/providers/ogr/qgsogrconnpool.h:45
#2  0x00007fffbfbc7fca in QgsConnectionPoolGroup<QgsOgrConn*>::~QgsConnectionPoolGroup (this=0x90c410, __in_chrg=<optimized out>)
    at /usr/src/qgis/qgis-master/src/providers/ogr/../../core/qgsconnectionpool.h:77
#3  0x00007fffbfbd973c in QgsOgrConnPoolGroup::~QgsOgrConnPoolGroup (this=0x90c400, __in_chrg=<optimized out>)
    at /usr/src/qgis/build/master/src/providers/ogr/../../../../../qgis-master/src/providers/ogr/qgsogrconnpool.h:59
#4  0x00007fffbfbd9778 in QgsOgrConnPoolGroup::~QgsOgrConnPoolGroup (this=0x90c400, __in_chrg=<optimized out>)
    at /usr/src/qgis/build/master/src/providers/ogr/../../../../../qgis-master/src/providers/ogr/qgsogrconnpool.h:59
#5  0x00007fffbfbd75d4 in QgsConnectionPool<QgsOgrConn*, QgsOgrConnPoolGroup>::~QgsConnectionPool (
    this=0x7fffbfdeb300 <QgsOgrConnPool::sInstance>, __in_chrg=<optimized out>)
    at /usr/src/qgis/qgis-master/src/providers/ogr/../../core/qgsconnectionpool.h:238
#6  0x00007fffbfbd726d in QgsOgrConnPool::~QgsOgrConnPool (this=0x7fffbfdeb300 <QgsOgrConnPool::sInstance>, __in_chrg=<optimized out>)
    at /usr/src/qgis/qgis-master/src/providers/ogr/qgsogrconnpool.cpp:31
#7  0x00007ffff5328259 in __run_exit_handlers (status=0, listp=0x7ffff56aa6c8 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true)
    at exit.c:82

Happens to me as of commit 80e3f8fc749e31d19667665fb90c9fb1a64d7f3f

Associated revisions

Revision 051253888810b06f6b055bfea57a7c6a009e3fdc
Added by Sandro Santilli about 1 year ago

Ensure GDAL deinitialization runs after last possible use

Closes #14176

History

Updated by Sandro Santilli about 1 year ago

Still happening as of today. Any idea ?

Updated by Sandro Santilli about 1 year ago

Valgrind view on the matter:

src/providers/postgres/qgspostgresconnpool.cpp: 33: (~QgsPostgresConnPool) [36ms] Entering.
src/providers/postgres/qgspostgresconnpool.cpp: 33: (~QgsPostgresConnPool) [1ms] Leaving.
src/providers/ogr/qgsogrconnpool.cpp: 33: (~QgsOgrConnPool) [14ms] Entering.
src/providers/ogr/qgsogrconnpool.cpp: 33: (~QgsOgrConnPool) [1ms] Leaving.
==17630== Invalid read of size 8
==17630==    at 0x95CF5A5: OGR_DS_Destroy (ogrdatasource.cpp:69)
==17630==    by 0x2E1EB54C: qgsConnectionPool_ConnectionDestroy(QgsOgrConn*) (qgsogrconnpool.h:45)
==17630==    by 0x2E1EC369: QgsConnectionPoolGroup<QgsOgrConn*>::~QgsConnectionPoolGroup() (qgsconnectionpool.h:77)
==17630==    by 0x2E1FDB89: QgsOgrConnPoolGroup::~QgsOgrConnPoolGroup() (in /usr/src/qgis/build/0-master/output/lib/qgis/plugins/libogrprovider.so)
==17630==    by 0x2E1FDBC5: QgsOgrConnPoolGroup::~QgsOgrConnPoolGroup() (qgsogrconnpool.h:59)
==17630==    by 0x2E1FBA21: QgsConnectionPool<QgsOgrConn*, QgsOgrConnPoolGroup>::~QgsConnectionPool() (qgsconnectionpool.h:238)
==17630==    by 0x2E1FB6BA: QgsOgrConnPool::~QgsOgrConnPool() (qgsogrconnpool.cpp:31)
==17630==    by 0x75A0258: __run_exit_handlers (exit.c:82)
==17630==    by 0x75A02A4: exit (exit.c:104)
==17630==    by 0x7585ECB: (below main) (libc-start.c:321)
==17630==  Address 0x320543c0 is 0 bytes inside a block of size 280 free'd
==17630==    at 0x4C2C131: operator delete(void*) (vg_replace_malloc.c:510)
==17630==    by 0x9379FF5: GDALDriverManager::~GDALDriverManager() (gdaldrivermanager.cpp:183)
==17630==    by 0x937A158: GDALDriverManager::~GDALDriverManager() (gdaldrivermanager.cpp:289)
==17630==    by 0x2BC2EB4D: cleanupProvider (qgsgdalprovider.cpp:3024)
==17630==    by 0x5D0F0F1: QgsProviderRegistry::clean() (qgsproviderregistry.cpp:244)
==17630==    by 0x5D0F205: QgsProviderRegistry::~QgsProviderRegistry() (qgsproviderregistry.cpp:253)
==17630==    by 0x5D0F2A5: QgsProviderRegistry::~QgsProviderRegistry() (qgsproviderregistry.cpp:254)
==17630==    by 0x5AF7EA2: QgsApplication::exitQgis() (qgsapplication.cpp:868)
==17630==    by 0x406064: TestQgsVectorAnalyzer::cleanupTestCase() (testqgsvectoranalyzer.cpp:89)
==17630==    by 0x406566: TestQgsVectorAnalyzer::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (testqgsvectoranalyzer.moc:64)
==17630==    by 0x4FBB907: QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==17630==    by 0x532408E: ??? (in /usr/lib/x86_64-linux-gnu/libQtTest.so.4.8.6)
==17630== 

Updated by Nyall Dawson about 1 year ago

  • Status changed from Open to Feedback

I'm not seeing that locally, and it works on Travis under Linux/OSX and appveyor under windows.

Maybe try fully deleting your build folder and rebuilding?

The only tests with issues (that I'm aware of) are:

- QgsBlendModes - occasionally fails on Windows. I'm having a hard time tracking this down.
- PyQgsComposerMap - as above, likely same issue
- PyQgsRuleBasedRenderer - occasionally crashes on exit.

Updated by Sandro Santilli about 1 year ago

My build configuration (while I clearn-rebuild):

cmake \
  -D CMAKE_BUILD_TYPE=Debug \
  -D WITH_SERVER=ON \
  -D WITH_STAGED_PLUGINS=ON \
  -D WITH_PYSPATIALITE=ON \
  -D ENABLE_TESTS=1 \
  -D CMAKE_CXX_COMPILER:FILEPATH=/usr/lib/ccache/g++ \
  -D WITH_ASTYLE=1 \
  -D WITH_INTERNAL_QWTPOLAR=1 

Updated by Sandro Santilli about 1 year ago

Still happens on a clean rebuild. GDAL version is 2.1.0. Segfault is on exit, so might be related to how the compiler chooses to order deinizialization:

(gdb) bt
#0  0x0000000000000161 in ?? ()
#1  0x00007fadcac66577 in qgsConnectionPool_ConnectionDestroy (c=0x16fad60) at /usr/src/qgis/qgis-master/src/providers/ogr/qgsogrconnpool.h:45
#2  0x00007fadcac67394 in QgsConnectionPoolGroup<QgsOgrConn*>::~QgsConnectionPoolGroup (this=0x15fde30, __in_chrg=<optimized out>)
    at /usr/src/qgis/qgis-master/src/providers/ogr/../../core/qgsconnectionpool.h:77
#3  0x00007fadcac78bb4 in QgsOgrConnPoolGroup::~QgsOgrConnPoolGroup (this=0x15fde20, __in_chrg=<optimized out>)
    at /usr/src/qgis/build/master/src/providers/ogr/../../../../../qgis-master/src/providers/ogr/qgsogrconnpool.h:59
#4  0x00007fadcac78bf0 in QgsOgrConnPoolGroup::~QgsOgrConnPoolGroup (this=0x15fde20, __in_chrg=<optimized out>)
    at /usr/src/qgis/build/master/src/providers/ogr/../../../../../qgis-master/src/providers/ogr/qgsogrconnpool.h:59
#5  0x00007fadcac76a4c in QgsConnectionPool<QgsOgrConn*, QgsOgrConnPoolGroup>::~QgsConnectionPool (
    this=0x7fadcae8b310 <QgsOgrConnPool::sInstance>, __in_chrg=<optimized out>)
    at /usr/src/qgis/qgis-master/src/providers/ogr/../../core/qgsconnectionpool.h:238
#6  0x00007fadcac766e5 in QgsOgrConnPool::~QgsOgrConnPool (this=0x7fadcae8b310 <QgsOgrConnPool::sInstance>, __in_chrg=<optimized out>)
    at /usr/src/qgis/qgis-master/src/providers/ogr/qgsogrconnpool.cpp:31
#7  0x00007fae0044c259 in __run_exit_handlers (status=0, listp=0x7fae007ce6c8 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true)
    at exit.c:82
#8  0x00007fae0044c2a5 in __GI_exit (status=<optimized out>) at exit.c:104
#9  0x00007fae00431ecc in __libc_start_main (main=0x406440 <main(int, char**)>, argc=1, argv=0x7fff95784758, init=<optimized out>, 
    fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff95784748) at libc-start.c:321
#10 0x0000000000404619 in _start ()

Compiler is g++ (Ubuntu 4.8.4-2ubuntu1~14.04) 4.8.4

Updated by Sandro Santilli about 1 year ago

I see code in QgsOgrConnPool class that seem to protect against a call to ::instance() happening after a call to the destructor, and it surprises me such an occurrence may actually happen (why should it?).

Allocating the singleton on the heap and letting it leak fixes the segfault for me, see https://github.com/qgis/QGIS/pull/2754

Updated by Sandro Santilli about 1 year ago

  • Category set to OGR Data Provider
  • Status changed from Feedback to In Progress
  • Assigned to set to Sandro Santilli
  • Target version set to Version 2.14
  • % Done changed from 0 to 90
  • Pull Request or Patch supplied changed from No to Yes

Updated by Nyall Dawson about 1 year ago

Nice catch.

For completeness - there is one other test with issues. QgsLegendRenderer fails occasionally under windows.

Updated by Sandro Santilli about 1 year ago

There is also output/bin/qgis_diagramtest (#14212) which seems to be another symptom of the same bug

Updated by Sandro Santilli about 1 year ago

  • Status changed from In Progress to Closed

Also available in: Atom