Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: P1: Critical
Fix Version/s: 6.5.5, 6.6.2, 6.7.0
Affects Version/s: 6.5.2, 6.5.3, 6.6.0, 6.6.1
Component/s: WebEngine
Labels:
None

Commits:
3c6056d06 (dev), 0aad55db5 (6.6), 6c7ddcfd6 (6.5),3c6056d06 (6.7)

Description

I've gotten ~50 crash reports from qutebrowser users since August, where they get a segfault when I call QWebEngineDownloadItem::page(). Some (but not all!) say it was when retrying a download. However, even with various scenarios (e.g. closing a tab a download was made from, disconnecting my connection so it fails, and then retrying it), I never was able to reproduce.

Upstream report: https://github.com/qutebrowser/qutebrowser/issues/7854

Relevant parts of the stacktrace:

Core was generated by `/usr/bin/python3 /usr/bin/qutebrowser'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=11, no_tid=no_tid@entry=0) at pthread_kill.c:44
Downloading source file /usr/src/debug/glibc/glibc/nptl/pthread_kill.c
44            return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;
[Current thread is 1 (Thread 0x7fcf5f24d740 (LWP 972774))]
(gdb) bt full
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=11, no_tid=no_tid@entry=0) at pthread_kill.c:44
        tid = <optimized out>
        ret = 0
        pd = <optimized out>
        old_mask = {__val = {0}}
        ret = <optimized out>
#1  0x00007fcf5e88e8a3 in __pthread_kill_internal (signo=11, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007fcf5e83e668 in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26
        ret = <optimized out>
#3  0x00007fcf5e83e710 in <signal handler called> () at /usr/lib/libc.so.6
#4  0x00007fcf50d453e7 in QWebEngineDownloadRequest::page() const (this=<optimized out>)
    at /usr/src/debug/qt6-webengine/qtwebengine-everywhere-src-6.5.2/src/core/api/qwebenginedownloadrequest.cpp:604
#5  0x00007fcf3da26450 in meth_QWebEngineDownloadRequest_page(PyObject*, PyObject*) (sipSelf=<optimized out>, sipArgs=<optimized out>)
    at /usr/src/debug/pyqt6-webengine/PyQt6_WebEngine-6.5.0/build/QtWebEngineCore/sipQtWebEngineCoreQWebEngineDownloadRequest.cpp:545
        sipRes = <optimized out>
        sipCpp = 0x7fceec2c6820
        sipParseErr = 0x0
[Python / PyQt internals]
#20 0x00007fcf50d61978 in QWebEngineProfile::downloadRequested(QWebEngineDownloadRequest*) (_t1=0x7fceec2c6820, this=0x558dfba2b0e0)
    at /usr/src/debug/qt6-webengine/build/src/core/api/WebEngineCore_autogen/include/moc_qwebengineprofile.cpp:213
        _a = {0x0, 0x7ffd9a680cb0}
        q = 0x558dfba2b0e0
        itemPrivate = <optimized out>
        download = 0x7fceec2c6820
        state = <optimized out>
#21 QWebEngineProfilePrivate::downloadRequested(QtWebEngineCore::ProfileAdapterClient::DownloadItemInfo&) (this=0x558dfba2c090, info=...)
    at /usr/src/debug/qt6-webengine/qtwebengine-everywhere-src-6.5.2/src/core/api/qwebengineprofile.cpp:213
        q = 0x558dfba2b0e0
        itemPrivate = <optimized out>
        download = 0x7fceec2c6820
        state = <optimized out>
#22 0x00007fcf4d72ad95 in QtWebEngineCore::DownloadManagerDelegateQt::DetermineDownloadTarget(download::DownloadItem*, base::OnceCallback<void (base::FilePath const&, download::DownloadItem::TargetDisposition, download::DownloadDangerType, download::DownloadItem::MixedContentStatus, base::FilePath const&, base::FilePath const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, download::DownloadInterruptReason)>*) ()
    at /usr/src/debug/qt6-webengine/qtwebengine-everywhere-src-6.5.2/src/core/download_manager_delegate_qt.cpp:161
#23 0x00007fcf4f9fe40b in content::DownloadManagerImpl::DetermineDownloadTarget(download::DownloadItemImpl*, base::OnceCallback<void (base::FilePath const&, download::DownloadItem::TargetDisposition, download::DownloadDangerType, download::DownloadItem::MixedContentStatus, base::FilePath const&, base::FilePath const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, download::DownloadInterruptReason)>) ()
    at ../../../../../qtwebengine-everywhere-src-6.5.2/src/3rdparty/chromium/content/browser/download/download_manager_impl.cc:496
#24 0x00007fcf4f602c3f in download::DownloadItemImpl::DetermineDownloadTarget() ()
    at ../../../../../qtwebengine-everywhere-src-6.5.2/src/3rdparty/chromium/components/download/internal/common/download_item_impl.cc:1699
#25 0x00007fcf4f60fb71 in base::RepeatingCallback<void (download::DownloadInterruptReason, long)>::Run(download::DownloadInterruptReason, long) && ()
    at ../../../../../qtwebengine-everywhere-src-6.5.2/src/3rdparty/chromium/base/functional/callback.h:278
#26 download::DownloadJob::OnDownloadFileInitialized(base::RepeatingCallback<void (download::DownloadInterruptReason, long)>, download::DownloadInterruptReason, long) ()
    at ../../../../../qtwebengine-everywhere-src-6.5.2/src/3rdparty/chromium/components/download/internal/common/download_job.cc:75
[Chromium internals]

From IRC:

09:04 <carewolf_home> right, so page might be null?
09:33 <mibrunin> carewolf_home: I looking at the trace,  it might be a segfault because the adapterClient in QWebEnginePagePrivate is null for some reason
09:34 <mibrunin> sorry, in QWebEngineDownloadRequest
09:39 <mibrunin> we're accessing it without checking for null even though there are cases where it gets initialised to nullptr
09:40 <mibrunin> The-Compiler: I think it would make sense to file a bug - we can insert a null check as a speculative fix