search

onivim / oni2

Native, lightweight modal code editor
https://v2.onivim.io
MIT License
7.84k stars 282 forks source link

Crash with `corrupted size vs. prev_size` #2344

Open despairblue opened 4 years ago

despairblue commented 4 years ago

Partial logs: https://gist.github.com/despairblue/d311df71532b10e4d60ea44f9be847aa

Full logs were to big to upload as a gist. I think I'll pipe them to a file from now on and upload them as a zip.

bryphe commented 4 years ago

Thanks for including the logs, @despairblue !

Here's the very end of the logs:

[INFO]     +1ms Oni2.Store.dispatch : dispatch: (QuickmenuCommandlineUpdated ("conso", 5))
[WARN]     +0ms Oni2.Core.Config : Missing default value for `editor.lineHeight`
[DEBUG]    +0ms Oni2.Store.dispatch : After: (QuickmenuCommandlineUpdated ("conso", 5))
[INFO]     +0ms Oni2.Store.dispatch : dispatch: (SearchSetHighlights (3, []))
[WARN]     +0ms Oni2.Core.Config : Missing default value for `editor.lineHeight`
[DEBUG]    +0ms Oni2.Store.dispatch : After: (SearchSetHighlights (3, []))
[INFO]     +0ms Oni2.Store.dispatch : dispatch: Editor {scope = (EditorScope.Editor 1); msg = (ScrollToLine 0)}
[WARN]     +0ms Oni2.Core.Config : Missing default value for `editor.lineHeight`
[DEBUG]    +0ms Oni2.Store.dispatch : After: Editor {scope = (EditorScope.Editor 1); msg = (ScrollToLine 0)}
[INFO]     +0ms Oni2.Store.dispatch : dispatch: Editor {scope = (EditorScope.Editor 1); msg = (ScrollToColumn 0)}
[WARN]     +0ms Oni2.Core.Config : Missing default value for `editor.lineHeight`
[DEBUG]    +0ms Oni2.Store.dispatch : After: Editor {scope = (EditorScope.Editor 1); msg = (ScrollToColumn 0)}
[INFO]     +0ms Oni2.Store.dispatch : dispatch: Editor {scope = (EditorScope.Editor 1); msg = (CursorsChanged <opaque>)}
[WARN]     +0ms Oni2.Core.Config : Missing default value for `editor.lineHeight`
[DEBUG]    +0ms Oni2.Store.dispatch : After: Editor {scope = (EditorScope.Editor 1); msg = (CursorsChanged <opaque>)}
[DEBUG]    +0ms Oni2.Store.Vim : handled key: o
[DEBUG]    +0ms Oni2.Store.StoreThread : Effect complete: Batch:
 vim.input

[DEBUG]    +0ms Oni2.Store.StoreThread : Effect complete: Batch:
 input.immediateDispatch

[INFO]    +11ms Oni2.Store.dispatch : dispatch: (KeyUp (<opaque>, <opaque>))
[WARN]     +0ms Oni2.Core.Config : Missing default value for `editor.lineHeight`
[DEBUG]    +0ms Oni2.Store.dispatch : After: (KeyUp (<opaque>, <opaque>))
[DEBUG]    +0ms Oni2.Store.StoreThread : Running effect: Batch:
 input.immediateDispatch

[DEBUG]    +0ms Oni2.Store.StoreThread : Effect complete: Batch:
 input.immediateDispatch

[INFO]     +0ms Oni2.Store.dispatch : dispatch: (LanguageSupport
   (Feature_LanguageSupport.Definition Definition.DefinitionNotAvailable))
[WARN]     +0ms Oni2.Core.Config : Missing default value for `editor.lineHeight`
[DEBUG]    +0ms Oni2.Store.dispatch : After: (LanguageSupport
   (Feature_LanguageSupport.Definition Definition.DefinitionNotAvailable))
[INFO]     +0ms Oni2.Store.dispatch : dispatch: (LanguageSupport
   (Feature_LanguageSupport.DocumentHighlights
      DocumentHighlights.DocumentHighlighted {bufferId = 3; ranges = []}))
[WARN]     +0ms Oni2.Core.Config : Missing default value for `editor.lineHeight`
[DEBUG]    +0ms Oni2.Store.dispatch : After: (LanguageSupport
   (Feature_LanguageSupport.DocumentHighlights
      DocumentHighlights.DocumentHighlighted {bufferId = 3; ranges = []}))
[INFO]    +83ms Oni2.Store.dispatch : dispatch: (KeyUp (<opaque>, <opaque>))
[WARN]     +1ms Oni2.Core.Config : Missing default value for `editor.lineHeight`
[DEBUG]    +0ms Oni2.Store.dispatch : After: (KeyUp (<opaque>, <opaque>))
[DEBUG]    +1ms Oni2.Store.StoreThread : Running effect: Batch:
 input.immediateDispatch

[DEBUG]    +0ms Oni2.Store.StoreThread : Effect complete: Batch:
 input.immediateDispatch

corrupted size vs. prev_size
bryphe commented 4 years ago

This final log - corrupted size vs. prev_size is interesting... it looks like a heap corruption - potentially from memory mismanagement in a C binding somewhere.

By chance, do you have a setup for automatic core dumps? https://wiki.archlinux.org/index.php/Core_dump

If there happened to be a core dump associated with this - might helps us track down the callstack

despairblue commented 4 years ago

@bryphe Sure thing. Hope this helps:

Info

$ coredumpctl info 2293897
           PID: 2293897 (Oni2_editor)
           UID: 1000 (despairblue)
           GID: 1000 (despairblue)
        Signal: 11 (SEGV)
     Timestamp: Fri 2020-08-21 16:34:54 CEST (1 day 19h ago)
  Command Line: /home/despairblue/git/reason/oni2/_esy/default/store/i/oni2-186d5dfb/bin/Oni2_editor --force-device-scale-factor 2 -f --debug .
    Executable: /home/despairblue/git/reason/oni2/_esy/default/store/b/oni2-186d5dfb/default/src/bin_editor/Oni2_editor.exe
 Control Group: /user.slice/user-1000.slice/user@1000.service/apps.slice/apps-org.gnome.Terminal.slice/vte-spawn-9c80685b-06f0-45e3-9320-f0b04203fea7.scope
          Unit: user@1000.service
     User Unit: vte-spawn-9c80685b-06f0-45e3-9320-f0b04203fea7.scope
         Slice: user-1000.slice
     Owner UID: 1000 (despairblue)
       Boot ID: 1b22f94e90b147fdb4243768c5fafd28
    Machine ID: ada481824ea646adb9c23f15507c0210
      Hostname: serenity-2
       Storage: /var/lib/systemd/coredump/core.Oni2_editor.1000.1b22f94e90b147fdb4243768c5fafd28.2293897.1598020494000000000000.zst
       Message: Process 2293897 (Oni2_editor) of user 1000 dumped core.

                Stack trace of thread 2293897:
                #0  0x000055e0e3b50262 n/a (/home/despairblue/git/reason/oni2/_esy/default/store/b/oni2-186d5dfb/default/src/bin_editor/Oni2_editor.exe + 0xec5262)

Backtrace from the GDB session:

Reading symbols from /home/despairblue/git/reason/oni2/_esy/default/store/b/oni2-186d5dfb/default/src/bin_editor/Oni2_editor.exe...
[New LWP 2293897]
[New LWP 2293919]
[New LWP 2293901]
[New LWP 2293905]
[New LWP 2293922]
[New LWP 2293928]
[New LWP 2293902]
[New LWP 2293900]
[New LWP 2293903]
[New LWP 2293917]
[New LWP 2293921]
[New LWP 2293926]
[New LWP 2293920]
[New LWP 2293923]
[New LWP 2293929]
[New LWP 2293918]
[New LWP 2293927]
[New LWP 2293930]
[New LWP 2293924]
[New LWP 2293932]
[New LWP 2293931]
[New LWP 2293925]
[New LWP 2293934]
[New LWP 2293933]
[New LWP 2293935]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `/home/despairblue/git/reason/oni2/_esy/default/store/i/oni2-186d5dfb/bin/Oni2_e'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  GrIORef<GrGpuResource>::internalHasRef (this=0x10009) at ../../include/gpu/GrGpuResource.h:93
93      bool internalHasRef() const { return SkToBool(fRefCnt); }
[Current thread is 1 (Thread 0x7fbf645b60c0 (LWP 2293897))]
(gdb) bt
#0  GrIORef<GrGpuResource>::internalHasRef() const (this=0x10009) at ../../include/gpu/GrGpuResource.h:93
#1  GrResourceCache::AvailableForScratchUse::operator()(GrGpuResource const*) const (this=<optimized out>, resource=0x10001) at ../../src/gpu/GrResourceCache.cpp:235
#2  SkTMultiMap<GrGpuResource, GrScratchKey, GrResourceCache::ScratchMapTraits>::find<GrResourceCache::AvailableForScratchUse>(GrScratchKey const&, GrResourceCache::AvailableForScratchUse)
    (this=<optimized out>, key=..., f=...) at ../../src/core/SkTMultiMap.h:88
#3  0x000055e0e3b500bf in GrResourceCache::findAndRefScratchResource(GrScratchKey const&, unsigned long, unsigned int) (this=0x55e0e53804c0, scratchKey=..., resourceSize=<optimized out>, flags=0)
    at ../../src/gpu/GrResourceCache.cpp:269
#4  0x000055e0e3b52c0a in GrResourceProvider::refScratchTexture(GrSurfaceDesc const&, unsigned int) (this=<optimized out>, desc=..., flags=<optimized out>) at ../../src/gpu/GrResourceProvider.cpp:225
#5  0x000055e0e3b53223 in GrResourceProvider::createApproxTexture(GrSurfaceDesc const&, unsigned int) (this=0x55e0e5380690, desc=..., flags=0) at ../../src/gpu/GrResourceProvider.cpp:197
#6  0x000055e0e3b5b517 in GrSurfaceProxy::createSurfaceImpl(GrResourceProvider*, int, bool, GrSurfaceFlags, GrMipMapped) const
    (this=0x55e0e895de50, resourceProvider=0x55e0e5380690, sampleCnt=<optimized out>, needsStencil=false, descFlags=<optimized out>, mipMapped=GrMipMapped::kYes)
    at ../../src/gpu/GrSurfaceProxy.cpp:164
#7  0x000055e0e3b601d6 in virtual thunk to GrTextureRenderTargetProxy::createSurface(GrResourceProvider*) const () at ../../src/gpu/GrTextureRenderTargetProxy.cpp:101
#8  0x000055e0e3b4df69 in GrSurfaceProxyPriv::createSurface(GrResourceProvider*) const (this=<optimized out>, resourceProvider=0x1f) at ../../src/gpu/GrSurfaceProxyPriv.h:55
#9  GrResourceAllocator::findSurfaceFor(GrSurfaceProxy const*, bool) (this=<optimized out>, proxy=0x55e0e895de50, needsStencil=<optimized out>) at ../../src/gpu/GrResourceAllocator.cpp:185
#10 0x000055e0e3b4e3f9 in GrResourceAllocator::assign(int*, int*, GrUninstantiateProxyTracker*, GrResourceAllocator::AssignError*)
    (this=0x7ffeda7c3da0, startIndex=<optimized out>, stopIndex=0x7ffeda7c3d70, uninstantiateTracker=<optimized out>, outError=0x7ffeda7c3d6c) at ../../src/gpu/GrResourceAllocator.cpp:264
#11 0x000055e0e3b32477 in GrDrawingManager::internalFlush(GrSurfaceProxy*, GrResourceCache::FlushType, int, GrBackendSemaphore*)
    (this=0x55e0e5022b70, type=GrResourceCache::kExternal, numSemaphores=0, backendSemaphores=0x0) at ../../src/gpu/GrDrawingManager.cpp:212
#12 0x000055e0e3b32cf6 in GrDrawingManager::flush(GrSurfaceProxy*, int, GrBackendSemaphore*) (this=0x55e0e5022b70, proxy=0x55e0e5132db0, numSemaphores=0, backendSemaphores=0xc)
    at ../../src/gpu/GrDrawingManager.h:101
#13 GrDrawingManager::prepareSurfaceForExternalIO(GrSurfaceProxy*, int, GrBackendSemaphore*) (this=0x55e0e5022b70, proxy=0x55e0e5132db0, numSemaphores=0, backendSemaphores=0xc)
    at ../../src/gpu/GrDrawingManager.cpp:359
#14 0x000055e0e3b49b7b in GrRenderTargetContext::prepareForExternalIO(int, GrBackendSemaphore*) (this=0x55e0e5390a30, numSemaphores=0, backendSemaphores=0x0)
    at ../../src/gpu/GrRenderTargetContext.cpp:1385
#15 0x000055e0e3a4c1f1 in skia_wrapped_stub_152_sk_canvas_flush (x1318=<optimized out>) at skia_generated_stubs.c:1438
#16 0x000055e0e37bcb23 in camlSkiaWrapped__Skia_generated_stubs__fun_3634 ()
#17 0x00007fbeee4bebd8 in  ()
#18 0x000055e0e373f56d in camlRevery_UI__Render__render_inner_2403 ()
#19 0x0000000000000001 in  ()
#20 0x00007fbeee59f500 in  ()
#21 0x00007fbeee59e768 in  ()
#22 0x0000000000000f01 in  ()
#23 0x000000000000093b in  ()
#24 0x8000000000000001 in  ()
#25 0x0000000000000001 in  ()
#26 0x8000000000000001 in  ()
#27 0x8000000000000001 in  ()
#28 0x0000000000000001 in  ()
#29 0x0000000000000009 in  ()
#30 0x0000000000000001 in  ()
#31 0x0000000000000001 in  ()
#32 0x0000000000000001 in  ()
#33 0x8000000000000001 in  ()
#34 0x8000000000000001 in  ()
#35 0x8000000000000001 in  ()
#36 0x8000000000000001 in  ()
#37 0x000055e0e46b81b8 in camlRevery_UI__Style__6 ()
#38 0x0000000000000003 in  ()
#39 0x8000000000000001 in  ()
#40 0x8000000000000001 in  ()
#41 0x8000000000000001 in  ()
#42 0x8000000000000001 in  ()
#43 0x8000000000000001 in  ()
#44 0x8000000000000001 in  ()
#45 0x8000000000000001 in  ()
#46 0x8000000000000001 in  ()
#47 0x8000000000000001 in  ()
#48 0x8000000000000001 in  ()
#49 0x8000000000000001 in  ()
#50 0x8000000000000001 in  ()
#51 0x8000000000000001 in  ()
--Type <RET> for more, q to quit, c to continue without paging--
#52 0x8000000000000001 in  ()
#53 0x8000000000000001 in  ()
#54 0x8000000000000001 in  ()
#55 0x8000000000000001 in  ()
#56 0x8000000000000001 in  ()
#57 0x0000000000000001 in  ()
#58 0x00007fbf64341cc0 in  ()
#59 0x00007fbf64341ca8 in  ()
#60 0x00007fbf64341c90 in  ()
#61 0x00007fbf64341c78 in  ()
#62 0x00007fbf64341c60 in  ()
#63 0x00007fbf64341c48 in  ()
#64 0x00007fbf64341c30 in  ()
#65 0x000055e0e46b81e0 in camlRevery_UI__Style__3 ()
#66 0x0000000000000001 in  ()
#67 0x000055e0e46b81d0 in camlRevery_UI__Style__4 ()
#68 0x0000000000000001 in  ()
#69 0x0000000000000001 in  ()
#70 0x00007fbeee4bebd8 in  ()
#71 0x00007fbeee4c9e60 in  ()
#72 0x0000000000000f01 in  ()
#73 0x00007fbeee4be7b8 in  ()
#74 0x0000000000000001 in  ()
#75 0x4000000000000000 in  ()
#76 0x000055e0e3763287 in camlRevery_Core__Window__render_1451 ()
#77 0x00007fbeee4c9e60 in  ()
#78 0x000055e0e39ab9b1 in camlStdlib__list__iter_258 ()
#79 0x000055e0e79eaa40 in  ()
#80 0x000055e0e46e26b8 in camlRevery_Core__App__147 ()
#81 0x0000000000000001 in  ()
#82 0x000055e0e37674f5 in camlRevery_Core__App__appLoop_1298 ()
#83 0x0000000000000001 in  ()
#84 0x00007fbeee2fafc8 in  ()
#85 0x00007fbf64372e58 in  ()
#86 0x000055e0e37dffe6 in camlSdl2___nativeLoop_1314 ()
#87 0x00007fbeee2fafc8 in  ()
#88 0x000055e0e42240b4 in caml_start_program ()
#89 0x00007ffeda7c4a60 in  ()
#90 0x000055e0e42240e5 in caml_start_program ()
#91 0x00007ffeda7c4a10 in  ()
#92 0x000055e0e37df439 in camlSdl2__main_792 ()
#93 0x00007ffeda7c49c0 in  ()
#94 0x00007fbf64372ed0 in  ()
#95 0x00007fbf65148300 in __GI__IO_file_jumps () at /usr/lib/libc.so.6
#96 0x00007fbf64372e60 in  ()
#97 0x000055e0e4f967d0 in  ()
#98 0x000055e0e39d0eb0 in camlCamlinternalFormat__fun_6411 ()
#99 0x00007fbf64372f58 in  ()
#100 0x00007ffeda7c4a00 in  ()
#101 0x00007fbf64374f40 in  ()
#102 0x000055e0e421b87a in caml_callback_exn (arg=<optimized out>, closure=<optimized out>) at callback.c:145
#103 caml_callback (closure=<optimized out>, arg=<optimized out>) at callback.c:199
#104 0x000055e0e3fc5827 in resdl_SDL_main(value, value, value) (ml_argc=94424393285264, ml_argv=94424393285240, closure=94424393285216) at sdl2_wrapper.cpp:1640
bryphe commented 4 years ago

Thanks @despairblue , this is very helpful!

It looks like an error is occurring when we're trying to flush the canvas during a render frame... it suggests there might be a case where we're unreferencing or garbage collecting an asset too early, and it's still being used somewhere... I imagine the culprit is our Skia bindings: https://github.com/revery-ui/revery/tree/master/packages/reason-skia

despairblue commented 4 years ago

I got another one:

Info

coredumpctl info 912758
           PID: 912758 (Oni2_editor)
           UID: 1000 (despairblue)
           GID: 1000 (despairblue)
        Signal: 6 (ABRT)
     Timestamp: Thu 2020-09-03 13:00:17 CEST (1 day 7h ago)
  Command Line: /home/despairblue/git/reason/oni2/_esy/default/store/i/oni2-22a390c6/bin/Oni2_editor --force-device-scale-factor 2 .
    Executable: /home/despairblue/git/reason/oni2/_esy/default/store/b/oni2-22a390c6/default/src/bin_editor/Oni2_editor.exe
 Control Group: /user.slice/user-1000.slice/user@1000.service/apps.slice/apps-org.gnome.Terminal.slice/vte-spawn-bf8e56d8-d867-4a63-9f4f-ed2e3a3e7dba.scope
          Unit: user@1000.service
     User Unit: vte-spawn-bf8e56d8-d867-4a63-9f4f-ed2e3a3e7dba.scope
         Slice: user-1000.slice
     Owner UID: 1000 (despairblue)
       Boot ID: 0e4f67fe96b44aef852cdd29d266d772
    Machine ID: ada481824ea646adb9c23f15507c0210
      Hostname: serenity-2
       Storage: /var/lib/systemd/coredump/core.Oni2_editor.1000.0e4f67fe96b44aef852cdd29d266d772.912758.1599130817000000000000.zst
       Message: Process 912758 (Oni2_editor) of user 1000 dumped core.

                Stack trace of thread 912758:
                #0  0x00007f64ef537615 raise (libc.so.6 + 0x3d615)
                #1  0x00007f64ef520862 abort (libc.so.6 + 0x26862)
                #2  0x00007f64ef5795e8 __libc_message (libc.so.6 + 0x7f5e8)
                #3  0x00007f64ef58127a malloc_printerr (libc.so.6 + 0x8727a)
                #4  0x00007f64ef58265c _int_free (libc.so.6 + 0x8865c)
                #5  0x000055b8718457fa n/a (/home/despairblue/git/reason/oni2/_esy/default/store/b/oni2-22a390c6/default/src/bin_editor/Oni2_editor.exe + 0x15867fa)

Backtrace from the GDB session:

Reading symbols from /home/despairblue/git/reason/oni2/_esy/default/store/b/oni2-22a390c6/default/src/bin_editor/Oni2_editor.exe...
[New LWP 912758]
[New LWP 912803]
[New LWP 912786]
[New LWP 912805]
[New LWP 912806]
[New LWP 912811]
[New LWP 912813]
[New LWP 912802]
[New LWP 912784]
[New LWP 912812]
[New LWP 912807]
[New LWP 912814]
[New LWP 912804]
[New LWP 912808]
[New LWP 912787]
[New LWP 912809]
[New LWP 912801]
[New LWP 912789]
[New LWP 912817]
[New LWP 912810]
[New LWP 912815]
[New LWP 912785]
[New LWP 912816]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `/home/despairblue/git/reason/oni2/_esy/default/store/i/oni2-22a390c6/bin/Oni2_e'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007f64ef537615 in raise () from /usr/lib/libc.so.6
[Current thread is 1 (Thread 0x7f64eeb290c0 (LWP 912758))]
(gdb) bt
#0  0x00007f64ef537615 in raise () at /usr/lib/libc.so.6
#1  0x00007f64ef520862 in abort () at /usr/lib/libc.so.6
#2  0x00007f64ef5795e8 in __libc_message () at /usr/lib/libc.so.6
#3  0x00007f64ef58127a in  () at /usr/lib/libc.so.6
#4  0x00007f64ef58265c in _int_free () at /usr/lib/libc.so.6
#5  0x000055b8718457fa in nf_merge_block (bp=94250711372832, limit=<optimized out>) at freelist.c:269
#6  0x000055b87184771a in caml_fl_merge_block (limit=<optimized out>, bp=<optimized out>) at caml/freelist.h:50
#7  sweep_slice (work=56243, work@entry=74677) at major_gc.c:565
#8  0x000055b871848399 in caml_major_collection_slice (howmuch=howmuch@entry=-1) at major_gc.c:801
#9  0x000055b871849959 in caml_gc_dispatch () at minor_gc.c:473
#10 0x000055b871844ed9 in caml_garbage_collection () at signals_nat.c:85
#11 0x000055b87186314a in caml_call_gc ()
#12 0x0000000000000000 in  ()
(gdb)
despairblue commented 4 years ago

Another one:

Info

           PID: 108122 (Oni2_editor)
           UID: 1000 (despairblue)
           GID: 1000 (despairblue)
        Signal: 6 (ABRT)
     Timestamp: Fri 2020-09-11 17:31:31 CEST (2min 37s ago)
  Command Line: /home/despairblue/git/reason/oni2/_esy/default/store/i/oni2-9706d317/bin/Oni2_editor --force-device-scale-factor 2 .
    Executable: /home/despairblue/git/reason/oni2/_esy/default/store/b/oni2-9706d317/default/src/bin_editor/Oni2_editor.exe
 Control Group: /user.slice/user-1000.slice/user@1000.service/apps.slice/apps-org.gnome.Terminal.slice/vte-spawn-c9491456-e392-4e14-9253-bf5a2ee00e23.scope
          Unit: user@1000.service
     User Unit: vte-spawn-c9491456-e392-4e14-9253-bf5a2ee00e23.scope
         Slice: user-1000.slice
     Owner UID: 1000 (despairblue)
       Boot ID: fb054c5ab1414393a69a5acd73cbed1f
    Machine ID: ada481824ea646adb9c23f15507c0210
      Hostname: serenity-2
       Storage: /var/lib/systemd/coredump/core.Oni2_editor.1000.fb054c5ab1414393a69a5acd73cbed1f.108122.1599838291000000.zst
       Message: Process 108122 (Oni2_editor) of user 1000 dumped core.

                Stack trace of thread 108122:
                #0  0x00007f362eb7d615 raise (libc.so.6 + 0x3d615)
                #1  0x00007f362eb66862 abort (libc.so.6 + 0x26862)
                #2  0x00007f362ebbf5e8 __libc_message (libc.so.6 + 0x7f5e8)
                #3  0x00007f362ebc727a malloc_printerr (libc.so.6 + 0x8727a)
                #4  0x00007f362ebc76ac munmap_chunk (libc.so.6 + 0x876ac)
                #5  0x000055db49a51e61 n/a (/home/despairblue/git/reason/oni2/_esy/default/store/b/oni2-9706d317/default/src/bin_editor/Oni2_editor.exe + 0xddce61)

Backtrace

(gdb) bt
#0  0x00007f362eb7d615 in raise () at /usr/lib/libc.so.6
#1  0x00007f362eb66862 in abort () at /usr/lib/libc.so.6
#2  0x00007f362ebbf5e8 in __libc_message () at /usr/lib/libc.so.6
#3  0x00007f362ebc727a in  () at /usr/lib/libc.so.6
#4  0x00007f362ebc76ac in munmap_chunk () at /usr/lib/libc.so.6
#5  0x000055db49a51e61 in skia_wrapped_stub_68_sk_matrix44_destroy (x429=<optimized out>) at skia_generated_stubs.c:575
#6  0x000055db497c0653 in camlSkiaWrapped__Skia_generated_stubs__fun_3660 ()
#7  0x0000000000000003 in  ()
#8  0x000055db4a22ba84 in caml_start_program ()
#9  0x00007ffc2b9bccd0 in  ()
#10 0x000055db4a22bab5 in caml_start_program ()
#11 0x00007ffc2b9bcc50 in  ()
#12 0x000055db49737978 in camlRevery_UI__Style__applyStyle_2022 ()
#13 0x00007ffc2b9bcbe0 in  ()
#14 0x000055db4caf0300 in  ()
#15 0x00007f35f5173f88 in  ()
#16 0x00007f362de67188 in  ()
#17 0x000055db4c55a7d0 in  ()
#18 0x00007f362de67890 in  ()
#19 0x00007f362de67878 in  ()
#20 0x00007f362de67830 in  ()
#21 0x000055db4a4d9e88 in camlOni_UI__FileTreeView__8 ()
#22 0x000055db4a222f5d in caml_callback_exn (closure=<optimized out>, arg=<optimized out>) at callback.c:145
#23 0x000055db4a2262be in caml_final_do_calls_exn () at finalise.c:199
#24 0x000055db4a20cfae in caml_do_pending_actions_exn () at signals.c:313
#25 0x000055db4a20d60e in caml_garbage_collection () at signals_nat.c:94
#26 0x000055db4a22b87a in caml_call_gc ()
#27 0x0000000000000000 in  ()
bryphe commented 4 years ago

Thanks for logging these issues, @despairblue !

It seems like there might be a class of issues around the disposable of some of the Skia primitives - given that we see:

#5  0x000055db49a51e61 in skia_wrapped_stub_68_sk_matrix44_destroy (x429=<optimized out>) at skia_generated_stubs.c:575

With this latest call stack - it seems like the matrix44 might be double-freed - this is coming from either here or here - calling into this: https://github.com/revery-ui/revery/blob/d2e614a6ba3c3e48c713c0f1217ac5f9f92a5905/packages/reason-skia/src/wrapped/bindings/SkiaWrappedBindings.re#L529

and #2435 here:

#5  0x000055f0ea0e8ece in sk_paint_delete(sk_paint_t*) (cpaint=0x55f0ecc37660) at ../../src/c/sk_paint.cpp:31

Not clear to me at the moment why it would be reproducing for you, but not on my OSX or other machines (I've tried to reproduce a crash like this in my CentOS box, as well).

Likely also related to this initial stack at the beginning: 

#15 0x000055e0e3a4c1f1 in skia_wrapped_stub_152_sk_canvas_flush (x1318=<optimized out>) at skia_generated_stubs.c:1438

I'm working on getting an Arch machine up to try and reproduce - maybe there is some different due to compiler version, libc version, or other.

In the meantime, some things we could try:

Just some ideas while I'm working on my arch machine. But I think there's a general problem here that's manifesting via these Skia crashes in various ways.

bryphe commented 4 years ago

One other data point that might be interested - did these crashes start occurring recently (last month or so)? Or have they always been occurring?

bryphe commented 4 years ago

I'll take a pass through with Valgrind next week and see if I can get any clues... there's a few Conditional jump or move depends on uninitialised value(s) that we need to fix. Once we have a clean slate - might be interesting to try running and see if there are some obvious things that valgrind flags beyond that.

despairblue commented 4 years ago

Wow, that's a lot of info. Thanks ^^

Does this crash reproduce with the published AppImage? Would be interesting if it didn't - that would suggest a difference in the compiler version / libc version could be to blame..

I downloaded it an will use it for a while.

Are you able to build and run revery? Especially esy '@examples' x SkiaCli - that's run with ASAN, so it might give a clue if something is busted in the skia bindings.

Wen I try to run it:

$ esy '@examples' x SkiaCli
Done: 0/0 (jobs: 0)/home/despairblue/git/reason/revery/_esy/examples/store/i/revery-276ce7f7/bin/SkiaCli: error while loading shared libraries: libasan.so.5: cannot open shared object file: No such file or directory

I think the problem is that I don't have the gcc-libs for my gcc version installed. I had to downgrade gcc to 8 a while ago because Arch upgraded to 10 and that broke all of ocaml. gcc 10 turned some warnings into errors and the ocaml compiler still had those I think. Either that or skia was the issue. Not sure anymore.

So maybe the crashes are related to me building oni2 with gcc 8 while the rest of the system uses gcc 10? :thinking:

I'll try to remove gcc 8 again and see if now everything compiles with gcc 10.

despairblue commented 4 years ago

When recompiling with gcc 10 (which oddly only took 3 seconds :confused: ) I get now this:

$ esy '@examples' x SkiaCli
Done: 0/0 (jobs: 0)Loading font: /home/despairblue/git/reason/revery/packages/reason-skia/examples/skia-cli/Orbitron Medium.ttf
File "packages/reason-skia/examples/skia-cli/SkiaCli.re", line 80, characters 18-25: we will set.
File "packages/reason-skia/examples/skia-cli/SkiaCli.re", line 82, characters 18-25: setTypeface is OK.
-- Top: -29.6700000763
-- Bottom: 6.90000009537
-- Underline position: 2.25
-- Underline thickness: 1.5
-- Ret: 30.
File "packages/reason-skia/examples/skia-cli/SkiaCli.re", line 103, characters 18-25: We return.
Measured text: 205.
Large measured text: 340.
Got None for file that doesn't exist.
Loading image: /home/despairblue/git/reason/revery/assets/uv.png
Bytes loaded: 9665
Got image!
/home/despairblue/git/reason/revery/assets/uv.png Image dimensions: 512x512
Loading font: /home/despairblue/git/reason/revery/packages/reason-skia/examples/skia-cli/FiraCode-Regular.ttf
Done!