Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-138544

Crash when destroying QWebEnginePage

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P1: Critical P1: Critical
    • 6.10.0 RC
    • 6.9.1
    • WebEngine
    • None
    • Arch Linux
    • Linux/X11
    • 68a4908a6 (134-based), 35738530f (130-based), cacf11b9a (134-based-refactor)

      Sometimes qutebrowser will crash when closing a page. Looking at the stack, I believe this crash is entirely inside QtWebEngine, not the python wrapper or the qutebrowser code. Here is the stack trace from the crash:

      #0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
      #1  0x00007ffff76a7813 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:89
      #2  0x00007ffff764ddc0 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
      #3  0x00007ffff763557a in __GI_abort () at abort.c:73
      #4  0x00007ffff4e9a421 in std::__glibcxx_assert_fail (file=<optimized out>, line=<optimized out>, function=<optimized out>, condition=<optimized out>) at /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/assert_fail.cc:41
      #5  0x00007fffe3d17313 in std::optional<content::DocumentAssociatedData>::operator-> () at /usr/include/c++/15.1.1/optional:1172
      #6  0x00007fffe3d17607 in std::optional<content::DocumentAssociatedData>::operator-> () at /usr/lib/libQt6WebEngineCore.so.6
      #7  content::RenderFrameHostImpl::GetPage () at ../../../../../qtwebengine/src/3rdparty/chromium/content/browser/renderer_host/render_frame_host_impl.cc:2580
      #8  0x00007fffe7826f23 in content::FederatedAuthRequestImpl::CompleteRequest () at ../../../../../qtwebengine/src/3rdparty/chromium/content/browser/webid/federated_auth_request_impl.cc:2787
      #9  0x00007fffe7827a2b in content::FederatedAuthRequestImpl::CompleteRequestWithError () at ../../../../../qtwebengine/src/3rdparty/chromium/content/browser/webid/federated_auth_request_impl.cc:2719
      #10 0x00007fffe7827c21 in content::FederatedAuthRequestImpl::~FederatedAuthRequestImpl () at ../../../../../qtwebengine/src/3rdparty/chromium/content/browser/webid/federated_auth_request_impl.cc:583
      #11 0x00007fffe78284f1 in content::FederatedAuthRequestImpl::~FederatedAuthRequestImpl () at ../../../../../qtwebengine/src/3rdparty/chromium/content/browser/webid/federated_auth_request_impl.cc:607
      #12 0x00007fffe73d6cd3 in content::DocumentAssociatedData::~DocumentAssociatedData () at ../../../../../qtwebengine/src/3rdparty/chromium/content/browser/renderer_host/document_associated_data.cc:62
      #13 0x00007fffe753e4b9 in std::_Optional_payload_base<content::DocumentAssociatedData>::_M_destroy () at /usr/include/c++/15.1.1/optional:307
      #14 std::_Optional_payload_base<content::DocumentAssociatedData>::_M_reset () at /usr/include/c++/15.1.1/optional:338
      #15 std::_Optional_base<content::DocumentAssociatedData, false, false>::_M_reset () at /usr/include/c++/15.1.1/optional:560
      #16 std::optional<content::DocumentAssociatedData>::reset () at /usr/include/c++/15.1.1/optional:1402
      #17 content::RenderFrameHostImpl::~RenderFrameHostImpl () at ../../../../../qtwebengine/src/3rdparty/chromium/content/browser/renderer_host/render_frame_host_impl.cc:2279
      #18 0x00007fffe753eb51 in content::RenderFrameHostImpl::~RenderFrameHostImpl () at ../../../../../qtwebengine/src/3rdparty/chromium/content/browser/renderer_host/render_frame_host_impl.cc:2388
      #19 0x00007fffe754a031 in std::default_delete<content::RenderFrameHostImpl>::operator() () at /usr/include/c++/15.1.1/bits/unique_ptr.h:93
      #20 std::unique_ptr<content::RenderFrameHostImpl, std::default_delete<content::RenderFrameHostImpl> >::~unique_ptr () at /usr/include/c++/15.1.1/bits/unique_ptr.h:399
      #21 content::RenderFrameHostManager::~RenderFrameHostManager () at ../../../../../qtwebengine/src/3rdparty/chromium/content/browser/renderer_host/render_frame_host_manager.cc:568
      #22 0x00007fffe73e7db7 in content::FrameTreeNode::~FrameTreeNode () at ../../../../../qtwebengine/src/3rdparty/chromium/content/browser/renderer_host/frame_tree_node.cc:305
      #23 0x00007fffe73e04ba in content::FrameTree::~FrameTree () at ../../../../../qtwebengine/src/3rdparty/chromium/content/browser/renderer_host/frame_tree.cc:229
      #24 0x00007fffe77e7107 in content::WebContentsImpl::~WebContentsImpl () at ../../../../../qtwebengine/src/3rdparty/chromium/content/browser/web_contents/web_contents_impl.cc:1418
      #25 0x00007fffe77e7731 in content::WebContentsImpl::~WebContentsImpl () at ../../../../../qtwebengine/src/3rdparty/chromium/content/browser/web_contents/web_contents_impl.cc:1418
      #26 0x00007fffe3ebac73 in std::default_delete<content::WebContents>::operator() () at /usr/include/c++/15.1.1/bits/unique_ptr.h:93
      #27 std::unique_ptr<content::WebContents, std::default_delete<content::WebContents> >::~unique_ptr () at /usr/include/c++/15.1.1/bits/unique_ptr.h:399
      #28 QtWebEngineCore::WebContentsAdapter::~WebContentsAdapter () at /usr/src/debug/qt6-webengine/qtwebengine/src/core/web_contents_adapter.cpp:438
      #29 0x00007fffe886a3da in QtSharedPointer::ExternalRefCountData::destroy (this=0x55555ba98df0) at /usr/include/qt6/QtCore/qsharedpointer_impl.h:124
      #30 QSharedPointer<QtWebEngineCore::CertificateErrorController>::deref(QtSharedPointer::ExternalRefCountData*) [clone .part.0] [clone .lto_priv.0] (dd=0x55555ba98df0) at /usr/include/qt6/QtCore/qsharedpointer_impl.h:515
      #31 0x00007fffe888505e in QWebEnginePagePrivate::~QWebEnginePagePrivate (this=0x55555ae02920, this=<optimized out>) at /usr/src/debug/qt6-webengine/qtwebengine/src/core/api/qwebenginepage.cpp:129
      #32 QScopedPointerDeleter<QWebEnginePagePrivate>::cleanup (pointer=0x55555ae02920) at /usr/include/qt6/QtCore/qscopedpointer.h:24
      #33 QScopedPointer<QWebEnginePagePrivate, QScopedPointerDeleter<QWebEnginePagePrivate> >::~QScopedPointer (this=<optimized out>, this=<optimized out>) at /usr/include/qt6/QtCore/qscopedpointer.h:81
      #34 QWebEnginePage::~QWebEnginePage (this=this@entry=0x55555de00220, this=<optimized out>) at /usr/src/debug/qt6-webengine/qtwebengine/src/core/api/qwebenginepage.cpp:1065
      #35 0x00007fffd2bb5705 in sipQWebEnginePage::~sipQWebEnginePage (this=0x55555de00220, this=<optimized out>) at /usr/src/debug/pyqt6-webengine/pyqt6_webengine-6.9.0/build/QtWebEngineCore/sipQtWebEngineCoreQWebEnginePage.cpp:248
      #36 sipQWebEnginePage::~sipQWebEnginePage (this=0x55555de00220, this=<optimized out>) at /usr/src/debug/pyqt6-webengine/pyqt6_webengine-6.9.0/build/QtWebEngineCore/sipQtWebEngineCoreQWebEnginePage.cpp:248
      #37 0x00007ffff53b8fe2 in QObjectPrivate::deleteChildren (this=this@entry=0x55555d91aec0) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qobject.cpp:2223
      #38 0x00007ffff19444b1 in QWidget::~QWidget (this=this@entry=0x55555dd0f410, this=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/widgets/kernel/qwidget.cpp:1569
      #39 0x00007ffff0c907b4 in QWebEngineView::~QWebEngineView (this=this@entry=0x55555dd0f410, this=<optimized out>) at /usr/src/debug/qt6-webengine/qtwebengine/src/webenginewidgets/api/qwebengineview.cpp:1040
      #40 0x00007ffff24c431f in sipQWebEngineView::~sipQWebEngineView (this=0x55555dd0f410, this=<optimized out>) at /usr/src/debug/pyqt6-webengine/pyqt6_webengine-6.9.0/build/QtWebEngineWidgets/sipQtWebEngineWidgetsQWebEngineView.cpp:389
      #41 sipQWebEngineView::~sipQWebEngineView (this=0x55555dd0f410, this=<optimized out>) at /usr/src/debug/pyqt6-webengine/pyqt6_webengine-6.9.0/build/QtWebEngineWidgets/sipQtWebEngineWidgetsQWebEngineView.cpp:389
      #42 0x00007ffff53b8fe2 in QObjectPrivate::deleteChildren (this=this@entry=0x55555a88df80) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qobject.cpp:2223
      #43 0x00007ffff19444b1 in QWidget::~QWidget (this=0x555559aab8c0, this=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/widgets/kernel/qwidget.cpp:1569
      #44 0x00007ffff21353df in sipQSplitter::~sipQSplitter (this=0x555559aab8c0, this=<optimized out>) at /usr/src/debug/pyqt6/pyqt6-6.9.1/build/QtWidgets/sipQtWidgetsQSplitter.cpp:352
      #45 sipQSplitter::~sipQSplitter (this=0x555559aab8c0, this=<optimized out>) at /usr/src/debug/pyqt6/pyqt6-6.9.1/build/QtWidgets/sipQtWidgetsQSplitter.cpp:352
      #46 0x00007ffff53b8fe2 in QObjectPrivate::deleteChildren (this=this@entry=0x55555a7ee000) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qobject.cpp:2223
      #47 0x00007ffff19444b1 in QWidget::~QWidget (this=this@entry=0x55555aec35b0, this=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/widgets/kernel/qwidget.cpp:1569
      #48 0x00007ffff22e931f in sipQWidget::~sipQWidget (this=0x55555aec35b0, this=<optimized out>) at /usr/src/debug/pyqt6/pyqt6-6.9.1/build/QtWidgets/sipQtWidgetsQWidget.cpp:369
      #49 sipQWidget::~sipQWidget (this=0x55555aec35b0, this=<optimized out>) at /usr/src/debug/pyqt6/pyqt6-6.9.1/build/QtWidgets/sipQtWidgetsQWidget.cpp:369
      #50 0x00007ffff53c0d3c in QObject::event (this=this@entry=0x55555aec35b0, e=e@entry=0x5555595c9b10) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qobject.cpp:1416
      #51 0x00007ffff195ab50 in QWidget::event (this=this@entry=0x55555aec35b0, event=event@entry=0x5555595c9b10) at /usr/src/debug/qt6-base/qtbase/src/widgets/kernel/qwidget.cpp:9426
      #52 0x00007ffff22f1c9c in sipQWidget::event (this=0x55555aec35b0, a0=0x5555595c9b10) at /usr/src/debug/pyqt6/pyqt6-6.9.1/build/QtWidgets/sipQtWidgetsQWidget.cpp:1077
      #53 0x00007ffff1901c70 in QApplicationPrivate::notify_helper (this=this@entry=0x5555556ed948, receiver=0x55555aec35b0, e=0x5555595c9b10) at /usr/src/debug/qt6-base/qtbase/src/widgets/kernel/qapplication.cpp:3303
      #54 0x00007ffff1904f83 in QApplication::notify (this=this@entry=0x555555ef4040, receiver=receiver@entry=0x55555aec35b0, e=e@entry=0x5555595c9b10) at /usr/src/debug/qt6-base/qtbase/src/widgets/kernel/qapplication.cpp:3064
      #55 0x00007ffff22c5c37 in sipQApplication::notify (this=0x555555ef4040, a0=0x55555aec35b0, a1=0x5555595c9b10) at /usr/src/debug/pyqt6/pyqt6-6.9.1/build/QtWidgets/sipQtWidgetsQApplication.cpp:249
      #56 0x00007ffff5368118 in QCoreApplication::notifyInternal2 (receiver=0x55555aec35b0, event=event@entry=0x5555595c9b10) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1106
      #57 0x00007ffff53684fb in QCoreApplication::sendEvent (receiver=<optimized out>, event=0x5555595c9b10) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1546
      #58 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5555556ed900) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1879
      #59 0x00007ffff563fcf8 in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1733
      #60 postEventSourceDispatch (s=0x555555f76ce0) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:246
      #61 0x00007ffff5fde87d in g_main_dispatch (context=0x7fffcc000fb0) at ../glib/glib/gmain.c:3398
      #62 0x00007ffff5fdfcd7 in g_main_context_dispatch_unlocked (context=0x7fffcc000fb0) at ../glib/glib/gmain.c:4249
      #63 g_main_context_iterate_unlocked (context=context@entry=0x7fffcc000fb0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/glib/gmain.c:4314
      #64 0x00007ffff5fdfee5 in g_main_context_iteration (context=0x7fffcc000fb0, may_block=1) at ../glib/glib/gmain.c:4379
      #65 0x00007ffff563c5e2 in QEventDispatcherGlib::processEvents (this=0x555555f725a0, flags=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:399
      #66 0x00007ffff53744b6 in QEventLoop::processEvents (this=0x7fffffffdf90, flags=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventloop.cpp:104
      #67 QEventLoop::exec (this=0x7fffffffdf90, flags=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventloop.cpp:186
      #68 0x00007ffff536c7c1 in QCoreApplication::exec () at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1449
      #69 0x00007ffff18fc6aa in QApplication::exec () at /usr/src/debug/qt6-base/qtbase/src/widgets/kernel/qapplication.cpp:2570
      #70 0x00007ffff22c20ac in meth_QApplication_exec (sipSelf=<optimized out>, sipArgs=<optimized out>) at /usr/src/debug/pyqt6/pyqt6-6.9.1/build/QtWidgets/sipQtWidgetsQApplication.cpp:1289
      #71 0x00007ffff7994c03 in cfunction_call (func=0x7fffa41a6ac0, args=0x7ffff7d01548 <_PyRuntime+88296>, kwargs=0x0) at Objects/methodobject.c:551
      #72 0x00007ffff7960e3b in _PyObject_MakeTpCall (tstate=0x7ffff7d30df0 <_PyRuntime+283024>, callable=0x7fffa41a6ac0, args=0x7ffff7e51210, nargs=<optimized out>, keywords=<optimized out>) at Objects/call.c:242
      #73 0x00007ffff79752be in _PyEval_EvalFrameDefault (tstate=<optimized out>, frame=<optimized out>, throwflag=<optimized out>) at Python/generated_cases.c.h:813
      #74 0x00007ffff7a4c8b9 in PyEval_EvalCode (co=0x55555561e9e0, globals=<optimized out>, locals=0x7ffff6e30380) at Python/ceval.c:604
      #75 0x00007ffff7a8af5c in run_eval_code_obj (tstate=tstate@entry=0x7ffff7d30df0 <_PyRuntime+283024>, co=co@entry=0x55555561e9e0, globals=globals@entry=0x7ffff6e30380, locals=locals@entry=0x7ffff6e30380) at Python/pythonrun.c:1381
      #76 0x00007ffff7a8801b in run_mod (mod=mod@entry=0x5555556850a8, filename=filename@entry=0x7ffff6e304b0, globals=globals@entry=0x7ffff6e30380, locals=locals@entry=0x7ffff6e30380, flags=flags@entry=0x7fffffffe518, arena=arena@entry=0x7ffff6f1bd50, interactive_src=0x0, generate_new_source=0) at Python/pythonrun.c:1466
      #77 0x00007ffff7a85718 in pyrun_file (fp=fp@entry=0x5555555a97f0, filename=filename@entry=0x7ffff6e304b0, start=start@entry=257, globals=globals@entry=0x7ffff6e30380, locals=locals@entry=0x7ffff6e30380, closeit=closeit@entry=1, flags=0x7fffffffe518) at Python/pythonrun.c:1295
      #78 0x00007ffff7a849d2 in _PyRun_SimpleFileObject (fp=fp@entry=0x5555555a97f0, filename=filename@entry=0x7ffff6e304b0, closeit=closeit@entry=1, flags=flags@entry=0x7fffffffe518) at Python/pythonrun.c:517
      #79 0x00007ffff7a84343 in _PyRun_AnyFileObject (fp=fp@entry=0x5555555a97f0, filename=filename@entry=0x7ffff6e304b0, closeit=closeit@entry=1, flags=flags@entry=0x7fffffffe518) at Python/pythonrun.c:77
      #80 0x00007ffff7a8248b in pymain_run_file_obj (program_name=0x7ffff6e304f0, filename=0x7ffff6e304b0, skip_source_first_line=0) at Modules/main.c:410
      #81 pymain_run_file (config=0x7ffff7d034e8 <_PyRuntime+96392>) at Modules/main.c:429
      #82 pymain_run_python (exitcode=0x7fffffffe50c) at Modules/main.c:696
      #83 Py_RunMain () at Modules/main.c:775
      #84 0x00007ffff7a39dcb in Py_BytesMain (argc=<optimized out>, argv=<optimized out>) at Modules/main.c:829
      #85 0x00007ffff76376b5 in __libc_start_call_main (main=main@entry=0x555555555120, argc=argc@entry=4, argv=argv@entry=0x7fffffffe778) at ../sysdeps/nptl/libc_start_call_main.h:58
      #86 0x00007ffff7637769 in __libc_start_main_impl (main=0x555555555120, argc=4, argv=0x7fffffffe778, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe768) at ../csu/libc-start.c:360
      

      The relevant part starts at frame 17, where ~RenderFrameHostImpl calls document_associated_data_.reset(). This eventually calls ~DocumentAssociatedData (frame 12). This destroys a FederatedAuthRequestImpl instance, which has a valid auth_request_token_callback_. This causes a call to CompleteRequestWithError, which calls CompleteRequest, which calls render_frame_host().GetPage() (frame 7). GetPage tries to call document_associated_data_->owned_page(), but document_associated_data_ was reset in frame 17 and is now empty. This fails a libstdc++ assert, which crashes the program.

      The final cause (using document_associated_data_ after it has been reset) is the same as QTBUG-136131, but the fix for that bug does not fix this issue, since this crash is not caused by audio logging.

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            allan.jensen Allan Sandfeld Jensen
            m42a Marc Aldorasi
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes