Description
When running my PyQt application with QtWebEngine, about once in 20 runs I get one of the following on exit:
*** Error in `/opt/python-valgrind/bin/python': free(): invalid pointer: 0x0000558d3143e2a0 *** ======= Backtrace: ========= /usr/lib/libc.so.6(+0x6ed4b)[0x7f3ea614ad4b] /usr/lib/libc.so.6(+0x74546)[0x7f3ea6150546] /usr/lib/libc.so.6(+0x74d1e)[0x7f3ea6150d1e] /usr/lib/libQt5WebEngineCore.so.5(+0x68b8e6)[0x7f3e8a30a8e6] /usr/lib/libc.so.6(+0x35be8)[0x7f3ea6111be8] /usr/lib/libc.so.6(+0x35c35)[0x7f3ea6111c35] /opt/python-valgrind/lib/libpython3.5d.so.1.0(+0x19ce52)[0x7f3ea6836e52] /opt/python-valgrind/lib/libpython3.5d.so.1.0(+0x1a0c42)[0x7f3ea683ac42] /opt/python-valgrind/lib/libpython3.5d.so.1.0(PyErr_PrintEx+0x20d)[0x7f3ea683b0ed] /opt/python-valgrind/lib/libpython3.5d.so.1.0(+0x1bccdd)[0x7f3ea6856cdd] /opt/python-valgrind/lib/libpython3.5d.so.1.0(Py_Main+0x5eb)[0x7f3ea685752b] /opt/python-valgrind/bin/python(main+0x187)[0x558d2def0be7] /usr/lib/libc.so.6(__libc_start_main+0xf1)[0x7f3ea60fc741] /opt/python-valgrind/bin/python(_start+0x29)[0x558d2def0c89]
*** Error in `./.venv/bin/python': corrupted double-linked list: 0x0000000002adb6c0 ***
======= Backtrace: =========
/usr/lib/libc.so.6(+0x6ed4b)[0x7f002cbe2d4b]
/usr/lib/libc.so.6(+0x74546)[0x7f002cbe8546]
/usr/lib/libc.so.6(+0x748cc)[0x7f002cbe88cc]
/usr/lib/libc.so.6(+0x75390)[0x7f002cbe9390]
/usr/lib/libnspr4.so(+0x29f61)[0x7f0015113f61]
/usr/lib/libnspr4.so(+0xd45a)[0x7f00150f745a]
/lib64/ld-linux-x86-64.so.2(+0xfa7a)[0x7f002d60fa7a]
/usr/lib/libc.so.6(+0x35be8)[0x7f002cba9be8]
/usr/lib/libc.so.6(+0x35c35)[0x7f002cba9c35]
/usr/lib/libpython3.5m.so.1.0(+0x14586f)[0x7f002d27786f]
/usr/lib/libpython3.5m.so.1.0(+0x1485a8)[0x7f002d27a5a8]
/usr/lib/libpython3.5m.so.1.0(PyErr_PrintEx+0x1bd)[0x7f002d27a98d]
/usr/lib/libpython3.5m.so.1.0(+0x15f66d)[0x7f002d29166d]
/usr/lib/libpython3.5m.so.1.0(Py_Main+0x5b1)[0x7f002d291d71]
./.venv/bin/python(main+0x170)[0x400af0]
/usr/lib/libc.so.6(__libc_start_main+0xf1)[0x7f002cb94741]
./.venv/bin/python(_start+0x29)[0x400b99]
When showing the backtrace with gdb on the double-linked list message:
#0 0x00007ffff7380295 in raise () from /usr/lib/libc.so.6 #1 0x00007ffff73816da in abort () from /usr/lib/libc.so.6 #2 0x00007ffff73bbd50 in __libc_message () from /usr/lib/libc.so.6 #3 0x00007ffff73c1546 in malloc_printerr () from /usr/lib/libc.so.6 #4 0x00007ffff73c18cc in malloc_consolidate () from /usr/lib/libc.so.6 #5 0x00007ffff73c2390 in _int_free () from /usr/lib/libc.so.6 #6 0x00007fffdf8ecf61 in ?? () from /usr/lib/libnspr4.so #7 0x00007fffdf8d045a in ?? () from /usr/lib/libnspr4.so #8 0x00007ffff7de8a7a in _dl_fini () from /lib64/ld-linux-x86-64.so.2 #9 0x00007ffff7382be8 in __run_exit_handlers () from /usr/lib/libc.so.6 #10 0x00007ffff7382c35 in exit () from /usr/lib/libc.so.6 #11 0x00007ffff7a5086f in Py_Exit () from /usr/lib/libpython3.5m.so.1.0 #12 0x00007ffff7a535a8 in ?? () from /usr/lib/libpython3.5m.so.1.0 #13 0x00007ffff7a5398d in PyErr_PrintEx () from /usr/lib/libpython3.5m.so.1.0 #14 0x00007ffff7a6a66d in ?? () from /usr/lib/libpython3.5m.so.1.0 #15 0x00007ffff7a6ad71 in Py_Main () from /usr/lib/libpython3.5m.so.1.0 #16 0x0000000000400af0 in main ()
Running with valgrind I get a lot of warnings like this:
==6006== Invalid read of size 8 ==6006== at 0x21C3A843: reset (scoped_ptr.h:174) ==6006== by 0x21C3A843: ~scoped_ptr_impl (scoped_ptr.h:166) ==6006== by 0x21C3A843: ~scoped_ptr (scoped_ptr.h:240) ==6006== by 0x21C3A843: QtWebEngineCore::WebEngineContext::~WebEngineContext() (web_engine_context.cpp:187) ==6006== by 0x21C3A8E5: Release (ref_counted.h:134) ==6006== by 0x21C3A8E5: Release (ref_counted.h:409) ==6006== by 0x21C3A8E5: scoped_refptr<QtWebEngineCore::WebEngineContext>::~scoped_refptr() (ref_counted.h:304) ==6006== by 0x55E0BE7: __run_exit_handlers (in /usr/lib/libc-2.23.so) ==6006== by 0x55E0C34: exit (in /usr/lib/libc-2.23.so) ==6006== by 0x4FD2E51: Py_Exit (in /opt/python-valgrind/lib/libpython3.5d.so.1.0) ==6006== by 0x4FD6C41: ??? (in /opt/python-valgrind/lib/libpython3.5d.so.1.0) ==6006== by 0x4FD70EC: PyErr_PrintEx (in /opt/python-valgrind/lib/libpython3.5d.so.1.0) ==6006== by 0x4FF2CDC: ??? (in /opt/python-valgrind/lib/libpython3.5d.so.1.0) ==6006== by 0x4FF352A: Py_Main (in /opt/python-valgrind/lib/libpython3.5d.so.1.0) ==6006== by 0x108BE6: main (in /opt/python-valgrind/bin/python3.5) ==6006== Address 0xfdea818 is 24 bytes inside a block of size 80 free'd ==6006== at 0x4C2C104: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==6006== by 0x21BEF61F: Release (ref_counted.h:134) ==6006== by 0x21BEF61F: Release (ref_counted.h:409) ==6006== by 0x21BEF61F: ~scoped_refptr (ref_counted.h:304) ==6006== by 0x21BEF61F: QtWebEngineCore::BrowserMainPartsQt::PostMainMessageLoopRun() (content_browser_client_qt.cpp:241) ==6006== by 0x2297817F: content::BrowserMainLoop::ShutdownThreadsAndCleanUp() (browser_main_loop.cc:983) ==6006== by 0x2279EC0E: Shutdown (browser_main_runner.cc:293) ==6006== by 0x2279EC0E: ~BrowserMainRunnerImpl (browser_main_runner.cc:141) ==6006== by 0x2279EC0E: content::BrowserMainRunnerImpl::~BrowserMainRunnerImpl() (browser_main_runner.cc:142) ==6006== by 0x21C3A842: operator() (unique_ptr.h:76) ==6006== by 0x21C3A842: reset (scoped_ptr.h:177) ==6006== by 0x21C3A842: ~scoped_ptr_impl (scoped_ptr.h:166) ==6006== by 0x21C3A842: ~scoped_ptr (scoped_ptr.h:240) ==6006== by 0x21C3A842: QtWebEngineCore::WebEngineContext::~WebEngineContext() (web_engine_context.cpp:187) ==6006== by 0x21C3A8E5: Release (ref_counted.h:134) ==6006== by 0x21C3A8E5: Release (ref_counted.h:409) ==6006== by 0x21C3A8E5: scoped_refptr<QtWebEngineCore::WebEngineContext>::~scoped_refptr() (ref_counted.h:304) ==6006== by 0x55E0BE7: __run_exit_handlers (in /usr/lib/libc-2.23.so) ==6006== by 0x55E0C34: exit (in /usr/lib/libc-2.23.so) ==6006== by 0x4FD2E51: Py_Exit (in /opt/python-valgrind/lib/libpython3.5d.so.1.0) ==6006== by 0x4FD6C41: ??? (in /opt/python-valgrind/lib/libpython3.5d.so.1.0) ==6006== by 0x4FD70EC: PyErr_PrintEx (in /opt/python-valgrind/lib/libpython3.5d.so.1.0) ==6006== by 0x4FF2CDC: ??? (in /opt/python-valgrind/lib/libpython3.5d.so.1.0) ==6006== Block was alloc'd at ==6006== at 0x4C2B0D8: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==6006== by 0x21C3D261: QtWebEngineCore::WebEngineContext::current() (web_engine_context.cpp:194) ==6006== by 0x21C2DFDD: QtWebEngineCore::WebContentsAdapterPrivate::WebContentsAdapterPrivate() (web_contents_adapter.cpp:341) ==6006== by 0x21C30EE4: QtWebEngineCore::WebContentsAdapter::WebContentsAdapter(content::WebContents*) (web_contents_adapter.cpp:380) ==6006== by 0x213925B4: QWebEnginePagePrivate::QWebEnginePagePrivate(QWebEngineProfile*) (qwebenginepage.cpp:107) ==6006== by 0x21392BE3: QWebEnginePage::QWebEnginePage(QObject*) (qwebenginepage.cpp:499) ==6006== by 0x21151605: sipQWebEnginePage::sipQWebEnginePage(QObject*) (sipQtWebEngineWidgetsQWebEnginePage.cpp:171) ==6006== by 0x21156E2F: init_type_QWebEnginePage (sipQtWebEngineWidgetsQWebEnginePage.cpp:1806) ==6006== by 0xF9E87AA: ??? (in /opt/python-valgrind/lib/python3.5/site-packages/sip.so) ==6006== by 0x4F1EC0C: ??? (in /opt/python-valgrind/lib/libpython3.5d.so.1.0) ==6006== by 0x4EA15B4: PyObject_Call (in /opt/python-valgrind/lib/libpython3.5d.so.1.0) ==6006== by 0x4FA0B86: PyEval_EvalFrameEx (in /opt/python-valgrind/lib/libpython3.5d.so.1.0)
valgrind commandline:
LD_PRELOAD=/opt/python-valgrind/lib/libpython3.5d.so.1.0 valgrind --suppressions=/opt/python-valgrind/valgrind-python.supp --leak-check=no --smc-check=all /opt/python-valgrind/bin/python -m qutebrowser --backend webengine --temp-basedir heise.de ':later 2000 quit' 2>&1 | tee valgrindlog
(with a debug python build without custom memory allocator in /opt/python-valgrind)
Unfortunately I didn't find a straightforward way to reproduce it (short of installing PyQt5 and qutebrowser and running that), but I can follow up with more information and test patches.
Attachments
Issue Links
- is duplicated by
-
QTBUG-58117 Hung eating CPU in QtWebEngineCore around malloc
- Closed
For Gerrit Dashboard: QTBUG-54769 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
168385,7 | Ensure WebEngineContext::destroy() is called before the destructor | 5.7 | qt/qtwebengine | Status: MERGED | +2 | 0 |
182977,2 | Ensure WebEngineContext::destroy() is called before the destructor | 5.6 | qt/qtwebengine | Status: ABANDONED | -1 | 0 |