Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-58563

[REG] Segfault in didFindText callback when closing tab while search is active

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 5.9.0 Beta 2
    • 5.8.0
    • WebEngine
    • None
    • 19a45f7eb3525bcf923f03ae52d83228f17da16d

    Description

      With the Qt 5.8.0 demobrowser, when searching for a text (e.g. on qt.io) and then closing the tab or application, with a ~90% chance I get a segfault here:

      #0  0x00007ffff7bc0e75 in QHash<unsigned long long, QtWebEngineCore::CallbackDirectory::CallbackSharedDataPointerBase*>::duplicateNode(QHashData::Node*, void*) (node=0x40, newNode=0x555557a5fc80) at /usr/include/qt/QtCore/qhash.h:541
#1  0x00007fffef56c497 in QHashData::detach_helper(void (*)(QHashData::Node*, void*), void (*)(QHashData::Node*), int, int) (this=0x55555753cfb0, node_duplicate=node_duplicate@entry=
    0x7ffff7bc0e70 <QHash<unsigned long long, QtWebEngineCore::CallbackDirectory::CallbackSharedDataPointerBase*>::duplicateNode(QHashData::Node*, void*)>, node_delete=node_delete@entry=0x7ffff7bc0e60 <QHash<unsigned long long, QtWebEngineCore::CallbackDirectory::CallbackSharedDataPointerBase*>::deleteNode2(QHashData::Node*)>, nodeSize=nodeSize@entry=32, nodeAlign=nodeAlign@entry=8) at tools/qhash.cpp:559
#2  0x00007ffff7bc171a in QHash<unsigned long long, QtWebEngineCore::CallbackDirectory::CallbackSharedDataPointerBase*>::detach_helper() (this=this@entry=0x555555d88698) at /usr/include/qt/QtCore/qhash.h:585
#3  0x00007ffff7bc1999 in QHash<unsigned long long, QtWebEngineCore::CallbackDirectory::CallbackSharedDataPointerBase*>::detach() (this=0x555555d88698) at /usr/include/qt/QtCore/qhash.h:273
#4  0x00007ffff7bc1999 in QHash<unsigned long long, QtWebEngineCore::CallbackDirectory::CallbackSharedDataPointerBase*>::take(unsigned long long const&) (this=0x555555d88698, akey=@0x7fffffffd120: 5, akey@entry=@0x7fffffffd120: <optimized out>) at /usr/include/qt/QtCore/qhash.h:812
#5  0x00007ffff7bbfa6f in QtWebEngineCore::CallbackDirectory::invokeInternal<bool>(unsigned long long, bool) (result=<optimized out>, callbackId=<optimized out>, this=<optimized out>) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.8.0/src/core/api/qwebenginecallback_p.h:167
#6  0x00007ffff7bbfa6f in QtWebEngineCore::CallbackDirectory::invoke(unsigned long long, bool) (result=<optimized out>, callbackId=<optimized out>, this=<optimized out>) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.8.0/src/core/api/qwebenginecallback_p.h:113
#7  0x00007ffff7bbfa6f in QWebEnginePagePrivate::didFindText(unsigned long long, int) (this=<optimized out>, requestId=<optimized out>, matchCount=<optimized out>) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.8.0/src/webenginewidgets/api/qwebenginepage.cpp:475
#8  0x00007ffff3093758 in content::WebContentsImpl::NotifyFindReply(int, int, gfx::Rect const&, int, bool) (this=<optimized out>, request_id=<optimized out>, number_of_matches=<optimized out>, selection_rect=..., active_match_ordinal=<optimized out>, final_update=<optimized out>)
    at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.8.0/src/3rdparty/chromium/content/browser/web_contents/web_contents_impl.cc:5081
#9  0x00007ffff3194c28 in content::FindRequestManager::NotifyFindReply(int, bool) const (this=this@entry=0x555557541090, request_id=<optimized out>, final_update=<optimized out>) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.8.0/src/3rdparty/chromium/content/browser/find_request_manager.cc:416
#10 0x00007ffff319727b in content::FindRequestManager::NotifyFindReply(int, bool) const (final_update=<optimized out>, request_id=<optimized out>, this=0x555557541090) at /usr/include/c++/6.3.1/bits/hashtable.h:512
#11 0x00007ffff319727b in content::FindRequestManager::RemoveFrame(content::RenderFrameHost*) (this=0x555557541090, rfh=<optimized out>) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.8.0/src/3rdparty/chromium/content/browser/find_request_manager.cc:252
#12 0x00007ffff3097eec in content::WebContentsImpl::OnFrameRemoved(content::RenderFrameHost*) (this=<optimized out>, render_frame_host=0x555557515240) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.8.0/src/3rdparty/chromium/content/browser/web_contents/web_contents_impl.cc:5024
#13 0x00007ffff319ca1a in base::Callback<void (content::RenderFrameHost*), (base::internal::CopyMode)1>::Run(content::RenderFrameHost*) const (args#0=<optimized out>, this=0x555555d89038) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.8.0/src/3rdparty/chromium/base/callback.h:389
#14 0x00007ffff319ca1a in content::FrameTree::FrameRemoved(content::FrameTreeNode*) (this=0x555555d88fd0, frame=frame@entry=0x555557514fa0) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.8.0/src/3rdparty/chromium/content/browser/frame_host/frame_tree.cc:370
#15 0x00007ffff31a0952 in content::FrameTreeNode::~FrameTreeNode() (this=0x555557514fa0, __in_chrg=<optimized out>) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.8.0/src/3rdparty/chromium/content/browser/frame_host/frame_tree_node.cc:124
#16 0x00007ffff31a10f8 in std::default_delete<content::FrameTreeNode>::operator()(content::FrameTreeNode*) const (this=<optimized out>, __ptr=0x555557514fa0) at /usr/include/c++/6.3.1/bits/unique_ptr.h:76
#17 0x00007ffff31a10f8 in std::unique_ptr<content::FrameTreeNode, std::default_delete<content::FrameTreeNode> >::~unique_ptr() (this=0x555557515978, __in_chrg=<optimized out>) at /usr/include/c++/6.3.1/bits/unique_ptr.h:239
#18 0x00007ffff31a10f8 in std::_Destroy<std::unique_ptr<content::FrameTreeNode, std::default_delete<content::FrameTreeNode> > >(std::unique_ptr<content::FrameTreeNode, std::default_delete<content::FrameTreeNode> >*) (__pointer=<optimized out>) at /usr/include/c++/6.3.1/bits/stl_construct.h:93
#19 0x00007ffff31a10f8 in std::_Destroy_aux<false>::__destroy<std::unique_ptr<content::FrameTreeNode, std::default_delete<content::FrameTreeNode> >*>(std::unique_ptr<content::FrameTreeNode, std::default_delete<content::FrameTreeNode> >*, std::unique_ptr<content::FrameTreeNode, std::default_delete<content::FrameTreeNode> >*) (__last=<optimized out>, __first=0x555557515978) at /usr/include/c++/6.3.1/bits/stl_construct.h:103
#20 0x00007ffff31a10f8 in std::_Destroy<std::unique_ptr<content::FrameTreeNode, std::default_delete<content::FrameTreeNode> >*>(std::unique_ptr<content::FrameTreeNode, std::default_delete<content::FrameTreeNode> >*, std::unique_ptr<content::FrameTreeNode, std::default_delete<content::FrameTreeNode> >*) (__last=<optimized out>, __first=<optimized out>) at /usr/include/c++/6.3.1/bits/stl_construct.h:126
#21 0x00007ffff31a10f8 in std::_Destroy<std::unique_ptr<content::FrameTreeNode, std::default_delete<content::FrameTreeNode> >*, std::unique_ptr<content::FrameTreeNode, std::default_delete<content::FrameTreeNode> > >(std::unique_ptr<content::FrameTreeNode, std::default_delete<content::FrameTreeNode> >*, std::unique_ptr<content::FrameTreeNode, std::default_delete<content::FrameTreeNode> >*, std::allocator<std::unique_ptr<content::FrameTreeNode, std::default_delete<content::FrameTreeNode> > >&) (__last=0x555557515990, __first=0x555557515970) at /usr/include/c++/6.3.1/bits/stl_construct.h:151
#22 0x00007ffff31a10f8 in std::vector<std::unique_ptr<content::FrameTreeNode, std::default_delete<content::FrameTreeNode> >, std::allocator<std::unique_ptr<content::FrameTreeNode, std::default_delete<content::FrameTreeNode> > > >::~vector() (this=<optimized out>, __in_chrg=<optimized out>)
    at /usr/include/c++/6.3.1/bits/stl_vector.h:426
#23 0x00007ffff31a10f8 in content::FrameTreeNode::ResetForNewProcess() (this=<optimized out>) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.8.0/src/3rdparty/chromium/content/browser/frame_host/frame_tree_node.cc:190
#24 0x00007ffff309cefa in content::WebContentsImpl::~WebContentsImpl() (this=0x555555d88d90, __in_chrg=<optimized out>) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.8.0/src/3rdparty/chromium/content/browser/web_contents/web_contents_impl.cc:468
#25 0x00007ffff309d639 in content::WebContentsImpl::~WebContentsImpl() (this=0x555555d88d90, __in_chrg=<optimized out>) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.8.0/src/3rdparty/chromium/content/browser/web_contents/web_contents_impl.cc:523
#26 0x00007ffff283b6ce in std::default_delete<content::WebContents>::operator()(content::WebContents*) const (this=<optimized out>, __ptr=<optimized out>) at /usr/include/c++/6.3.1/bits/unique_ptr.h:76
#27 0x00007ffff283b6ce in std::unique_ptr<content::WebContents, std::default_delete<content::WebContents> >::reset(content::WebContents*) (__p=<optimized out>, this=0x555555d882d8) at /usr/include/c++/6.3.1/bits/unique_ptr.h:347
#28 0x00007ffff283b6ce in QtWebEngineCore::WebContentsAdapterPrivate::~WebContentsAdapterPrivate() (this=0x555555d882c0, __in_chrg=<optimized out>) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.8.0/src/core/web_contents_adapter.cpp:348
#29 0x00007ffff283b92a in QScopedPointerDeleter<QtWebEngineCore::WebContentsAdapterPrivate>::cleanup(QtWebEngineCore::WebContentsAdapterPrivate*) (pointer=0x555555d882c0) at /usr/include/qt/QtCore/qscopedpointer.h:60
#30 0x00007ffff283b92a in QScopedPointer<QtWebEngineCore::WebContentsAdapterPrivate, QScopedPointerDeleter<QtWebEngineCore::WebContentsAdapterPrivate> >::~QScopedPointer() (this=0x555555d86950, __in_chrg=<optimized out>) at /usr/include/qt/QtCore/qscopedpointer.h:107
#31 0x00007ffff283b92a in QtWebEngineCore::WebContentsAdapter::~WebContentsAdapter() (this=0x555555d86940, __in_chrg=<optimized out>) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.8.0/src/core/web_contents_adapter.cpp:387
#32 0x00007ffff7bbe586 in QtSharedPointer::ExternalRefCountData::destroy() (this=0x555555d86930) at /usr/include/qt/QtCore/qsharedpointer_impl.h:157
#33 0x00007ffff7bbe586 in QSharedPointer<QtWebEngineCore::WebContentsAdapter>::deref(QtSharedPointer::ExternalRefCountData*) (dd=0x555555d86930) at /usr/include/qt/QtCore/qsharedpointer_impl.h:458
#34 0x00007ffff7bbe586 in QSharedPointer<QtWebEngineCore::WebContentsAdapter>::deref() (this=0x555555d88610) at /usr/include/qt/QtCore/qsharedpointer_impl.h:453
#35 0x00007ffff7bbe586 in QSharedPointer<QtWebEngineCore::WebContentsAdapter>::~QSharedPointer() (this=0x555555d88610, __in_chrg=<optimized out>) at /usr/include/qt/QtCore/qsharedpointer_impl.h:312
#36 0x00007ffff7bbe586 in QWebEnginePagePrivate::~QWebEnginePagePrivate() (this=0x555555d88600, __in_chrg=<optimized out>) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.8.0/src/webenginewidgets/api/qwebenginepage.cpp:237
#37 0x00007ffff7bbe599 in QWebEnginePagePrivate::~QWebEnginePagePrivate() (this=0x555555d88600, __in_chrg=<optimized out>) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.8.0/src/webenginewidgets/api/qwebenginepage.cpp:241
#38 0x00007ffff7bb8cd0 in QScopedPointerDeleter<QWebEnginePagePrivate>::cleanup(QWebEnginePagePrivate*) (pointer=<optimized out>) at /usr/include/qt/QtCore/qscopedpointer.h:60
#39 0x00007ffff7bb8cd0 in QScopedPointer<QWebEnginePagePrivate, QScopedPointerDeleter<QWebEnginePagePrivate> >::~QScopedPointer() (this=0x555555d86910, __in_chrg=<optimized out>) at /usr/include/qt/QtCore/qscopedpointer.h:107
#40 0x00007ffff7bb8cd0 in QWebEnginePage::~QWebEnginePage() (this=0x555555d86900, __in_chrg=<optimized out>) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.8.0/src/webenginewidgets/api/qwebenginepage.cpp:802
#41 0x00005555555d29ea in WebPage::~WebPage() (this=0x555555d86900, __in_chrg=<optimized out>) at .moc/../webview.h:66
#42 0x00005555555d29ea in WebPage::~WebPage() (this=0x555555d86900, __in_chrg=<optimized out>) at .moc/../webview.h:66
#43 0x00007fffef71a881 in QObjectPrivate::deleteChildren() (this=this@entry=0x555555d87ec0) at kernel/qobject.cpp:1970
#44 0x00007ffff120a6cb in QWidget::~QWidget() (this=0x555555d87e60, __in_chrg=<optimized out>) at kernel/qwidget.cpp:1694
#45 0x00005555555d2a56 in WebView::~WebView() (this=0x555555d87e60, __in_chrg=<optimized out>) at .moc/../webview.h:94
#46 0x00005555555d2a56 in WebView::~WebView() (this=0x555555d87e60, __in_chrg=<optimized out>) at .moc/../webview.h:94
#47 0x00007fffef71d050 in QObject::event(QEvent*) (this=this@entry=0x555555d87e60, e=e@entry=0x55555917ba10) at kernel/qobject.cpp:1254
#48 0x00007ffff120ef5b in QWidget::event(QEvent*) (this=0x555555d87e60, event=0x55555917ba10) at kernel/qwidget.cpp:9220
#49 0x00007ffff11c73dc in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x555555d87e60, e=0x55555917ba10) at kernel/qapplication.cpp:3745
#50 0x00007ffff11cebf1 in QApplication::notify(QObject*, QEvent*) (this=0x7fffffffde90, receiver=0x555555d87e60, e=0x55555917ba10) at kernel/qapplication.cpp:3502
#51 0x00007fffef6f08b0 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x555555d87e60, event=event@entry=0x55555917ba10) at kernel/qcoreapplication.cpp:988
#52 0x00007fffef6f303d in QCoreApplication::sendEvent(QObject*, QEvent*) (event=0x55555917ba10, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#53 0x00007fffef6f303d in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x5555558a40a0) at kernel/qcoreapplication.cpp:1648
#54 0x00007fffef6f34a8 in QCoreApplication::sendPostedEvents(QObject*, int) (receiver=receiver@entry=0x0, event_type=event_type@entry=0) at kernel/qcoreapplication.cpp:1502
#55 0x00007fffef7450b3 in postEventSourceDispatch(GSource*, GSourceFunc, gpointer) (s=0x5555558d1fc0) at kernel/qeventdispatcher_glib.cpp:276
#56 0x00007fffedaaf587 in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#57 0x00007fffedaaf7f0 in  () at /usr/lib/libglib-2.0.so.0
#58 0x00007fffedaaf89c in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#59 0x00007fffef7454bf in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x5555558d3270, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#60 0x00007fffef6eed0a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7fffffffde20, flags=..., flags@entry=...) at kernel/qeventloop.cpp:212
#61 0x00007fffef6f7254 in QCoreApplication::exec() () at kernel/qcoreapplication.cpp:1261
#62 0x000055555558ee50 in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at main.cpp:64

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            viengelm Viktor Engelmann
            the compiler Florian Bruhin
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes