Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-75097

QWebEngine segfaults on ARM NXP imx6 dual core

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 5.12.5, 5.13.1
    • 5.12.2
    • WebEngine
    • None
    • 2323dc924a3b107647f9e5f0bdbcfc44b9713195 (qt/qtwebengine-chromium/69-based)

    Description

      Qt 5.12.2 webengine segfault on ARM NXP imx6 dual core

      The Qt 5.12.2 webengine (chromium version 69.0.3497.128) segfaults in even simple browser apps as well as our own. When running the Qt example browser app, examples/webengine/minimal/minimal, the following stack trace is generated:

      (gdb) bt
#0  0xb2739bd8 in __gnu_cxx::new_allocator<std::pair<unsigned long long, long long> >::construct<std::pair<unsigned long long, long long>, std::pair<unsigned long long, long long> >(std::pair<unsigned long long, long long>*, std::pair<unsigned long long, long long>&&) () at /usr/local/arm_a9/arm-navico-linux-gnueabi/include/c++/5.3.0/ext/new_allocator.h:120
#1  std::allocator_traits<std::allocator<std::pair<unsigned long long, long long> > >::_S_construct<std::pair<unsigned long long, long long>, std::pair<unsigned long long, long long> >(std::allocator<std::pair<unsigned long long, long long> >&, std::pair<unsigned long long, long long>*, std::pair<unsigned long long, long long>&&) () at /usr/local/arm_a9/arm-navico-linux-gnueabi/include/c++/5.3.0/bits/alloc_traits.h:256
#2  std::allocator_traits<std::allocator<std::pair<unsigned long long, long long> > >::construct<std::pair<unsigned long long, long long>, std::pair<unsigned long long, long long> >(std::allocator<std::pair<unsigned long long, long long> >&, std::pair<unsigned long long, long long>*, std::pair<unsigned long long, long long>&&) () at /usr/local/arm_a9/arm-navico-linux-gnueabi/include/c++/5.3.0/bits/alloc_traits.h:402
#3  std::vector<std::pair<unsigned long long, long long>, std::allocator<std::pair<unsigned long long, long long> > >::_M_insert_aux<std::pair<unsigned long long, long long> >(__gnu_cxx::__normal_iterator<std::pair<unsigned long long, long long>*, std::vector<std::pair<unsigned long long, long long>, std::allocator<std::pair<unsigned long long, long long> > > >, std::pair<unsigned long long, long long>&&) () at /usr/local/arm_a9/arm-navico-linux-gnueabi/include/c++/5.3.0/bits/vector.tcc:361
#4  0xb419be00 in std::vector<std::pair<unsigned long long, long long>, std::allocator<std::pair<unsigned long long, long long> > >::emplace<std::pair<unsigned long long, long long> >(__gnu_cxx::__normal_iterator<std::pair<unsigned long long, long long> const*, std::vector<std::pair<unsigned long long, long long>, std::allocator<std::pair<unsigned long long, long long> > > >, std::pair<unsigned long long, long long>&&) () at /usr/local/arm_a9/arm-navico-linux-gnueabi/include/c++/5.3.0/bits/vector.tcc:313
#5  base::internal::flat_tree<unsigned long long, std::pair<unsigned long long, long long>, base::internal::GetKeyFromValuePairFirst<unsigned long long, long long>, std::less<void> >::unsafe_emplace<std::pair<unsigned long long, long long> >(__gnu_cxx::__normal_iterator<std::pair<unsigned long long, long long> const*, std::vector<std::pair<unsigned long long, long long>, std::allocator<std::pair<unsigned long long, long long> > > >, std::pair<unsigned long long, long long>&&) () at ../../../../src/3rdparty/chromium/base/containers/flat_tree.h:942
#6  base::internal::flat_tree<unsigned long long, std::pair<unsigned long long, long long>, base::internal::GetKeyFromValuePairFirst<unsigned long long, long long>, std::less<void> >::emplace_key_args<unsigned long long, std::pair<unsigned long long, long long> >(unsigned long long const&, std::pair<unsigned long long, long long>&&) () at ../../../../src/3rdparty/chromium/base/containers/flat_tree.h:952
#7  base::internal::flat_tree<unsigned long long, std::pair<unsigned long long, long long>, base::internal::GetKeyFromValuePairFirst<unsigned long long, long long>, std::less<void> >::insert(std::pair<unsigned long long, long long>&&) () at ../../../../src/3rdparty/chromium/base/containers/flat_tree.h:693
#8  base::internal::flat_tree<unsigned long long, std::pair<unsigned long long, long long>, base::internal::GetKeyFromValuePairFirst<unsigned long long, long long>, std::less<void> >::emplace<unsigned long long&, long long&> () at ../../../../src/3rdparty/chromium/base/containers/flat_tree.h:781
#9  ukm::internal::UkmEntryBuilderBase::SetMetricInternal () at ../../../../src/3rdparty/chromium/services/metrics/public/cpp/ukm_entry_builder_base.cc:26
#10 0xb4921594 in blink::UkmTimeAggregator::Flush(base::TimeTicks) [clone .part.94] () from /tmp/qt5-webengine-5.12.2/build/lib/libQt5WebEngineCore.so.5.12.2
#11 0xb49216bc in blink::UkmTimeAggregator::~UkmTimeAggregator() () from /tmp/qt5-webengine-5.12.2/build/lib/libQt5WebEngineCore.so.5.12.2
#12 0xb4c744bc in blink::LocalFrameView::Dispose() () from /tmp/qt5-webengine-5.12.2/build/lib/libQt5WebEngineCore.so.5.12.2
#13 0xb4ae8994 in blink::Document::Shutdown() () from /tmp/qt5-webengine-5.12.2/build/lib/libQt5WebEngineCore.so.5.12.2
#14 0xb511f704 in blink::FrameLoader::PrepareForCommit() () from /tmp/qt5-webengine-5.12.2/build/lib/libQt5WebEngineCore.so.5.12.2
#15 0xb511fb1c in blink::FrameLoader::CommitProvisionalLoad() () from /tmp/qt5-webengine-5.12.2/build/lib/libQt5WebEngineCore.so.5.12.2
#16 0xb51179e8 in blink::DocumentLoader::CommitNavigation(WTF::AtomicString const&, blink::KURL const&) () from /tmp/qt5-webengine-5.12.2/build/lib/libQt5WebEngineCore.so.5.12.2
#17 0xb5117bbc in blink::DocumentLoader::CommitData(char const*, unsigned int) () from /tmp/qt5-webengine-5.12.2/build/lib/libQt5WebEngineCore.so.5.12.2
#18 0xb5117d1c in blink::DocumentLoader::ProcessData(char const*, unsigned int) () from /tmp/qt5-webengine-5.12.2/build/lib/libQt5WebEngineCore.so.5.12.2
#19 0xb5117f48 in blink::DocumentLoader::DataReceived(blink::Resource*, char const*, unsigned int) () from /tmp/qt5-webengine-5.12.2/build/lib/libQt5WebEngineCore.so.5.12.2
#20 0xb3124464 in blink::Resource::AppendData(char const*, unsigned int) () from /tmp/qt5-webengine-5.12.2/build/lib/libQt5WebEngineCore.so.5.12.2
#21 0xb3128588 in blink::ResourceLoader::DidReceiveData(char const*, int) () from /tmp/qt5-webengine-5.12.2/build/lib/libQt5WebEngineCore.so.5.12.2
#22 0xb5ab2260 in content::WebURLLoaderImpl::Context::OnReceivedData () at ./../../../../src/3rdparty/chromium/content/renderer/loader/web_url_loader_impl.cc:915
#23 0xb5ab2454 in content::WebURLLoaderImpl::RequestPeerImpl::OnReceivedData () at ./../../../../src/3rdparty/chromium/content/renderer/loader/web_url_loader_impl.cc:1110
#24 0xb5ab1708 in content::URLResponseBodyConsumer::OnReadable () at ./../../../../src/3rdparty/chromium/content/renderer/loader/url_response_body_consumer.cc:150
#25 0xb5aacb54 in content::URLLoaderClientImpl::OnStartLoadingResponseBody () at ./../../../../src/3rdparty/chromium/content/renderer/loader/url_loader_client_impl.cc:294
#26 0xb22f5ad8 in network::mojom::URLLoaderClientProxy_OnStartLoadingResponseBody_Message::Dispatch () at ./gen/services/network/public/mojom/url_loader.mojom.cc:1540
#27 network::mojom::URLLoaderClientStubDispatch::Accept () at ./gen/services/network/public/mojom/url_loader.mojom.cc:2096
#28 0xb3bcfe74 in mojo::InterfaceEndpointClient::HandleValidatedMessage () at ../../../../src/3rdparty/chromium/mojo/public/cpp/bindings/lib/interface_endpoint_client.cc:423
#29 0xb3bd3668 in mojo::internal::MultiplexRouter::ProcessIncomingMessage () at ../../../../src/3rdparty/chromium/mojo/public/cpp/bindings/lib/multiplex_router.cc:869
#30 0xb3bd6c58 in mojo::internal::MultiplexRouter::Accept () at ../../../../src/3rdparty/chromium/mojo/public/cpp/bindings/lib/multiplex_router.cc:590
#31 0xb3bcd1a4 in mojo::Connector::ReadSingleMessage () at ../../../../src/3rdparty/chromium/mojo/public/cpp/bindings/lib/connector.cc:457
#32 0xb3bcd56c in mojo::Connector::ReadAllAvailableMessages () at ../../../../src/3rdparty/chromium/mojo/public/cpp/bindings/lib/connector.cc:486
#33 0xb3be9da4 in base::RepeatingCallback<void (unsigned int, mojo::HandleSignalsState const&)>::Run(unsigned int, mojo::HandleSignalsState const&) const & () at ../../../../src/3rdparty/chromium/base/callback.h:129
#34 mojo::SimpleWatcher::OnHandleReady () at ../../../../src/3rdparty/chromium/mojo/public/cpp/system/simple_watcher.cc:273
#35 0xb38f1510 in base::OnceCallback<void ()>::Run() && () at ../../../../src/3rdparty/chromium/base/callback.h:99
#36 base::debug::TaskAnnotator::RunTask () at ./../../../../src/3rdparty/chromium/base/debug/task_annotator.cc:101
#37 0xb39438a4 in base::sequence_manager::internal::ThreadControllerImpl::DoWork () at ./../../../../src/3rdparty/chromium/base/task/sequence_manager/thread_controller_impl.cc:169
#38 0xb38f1510 in base::OnceCallback<void ()>::Run() && () at ../../../../src/3rdparty/chromium/base/callback.h:99
#39 base::debug::TaskAnnotator::RunTask () at ./../../../../src/3rdparty/chromium/base/debug/task_annotator.cc:101
#40 0xb390e558 in base::MessageLoop::RunTask () at ./../../../../src/3rdparty/chromium/base/message_loop/message_loop.cc:422
#41 0xb390f10c in base::MessageLoop::DeferOrRunPendingTask () at ./../../../../src/3rdparty/chromium/base/message_loop/message_loop.cc:432
#42 0xb390f450 in base::MessageLoop::DoWork () at ./../../../../src/3rdparty/chromium/base/message_loop/message_loop.cc:480
#43 0xb3912394 in base::MessagePumpDefault::Run () at ./../../../../src/3rdparty/chromium/base/message_loop/message_pump_default.cc:37
#44 0xb392f96c in base::RunLoop::Run () at ./../../../../src/3rdparty/chromium/base/run_loop.cc:102
#45 0xb3965e58 in base::Thread::Run () at ./../../../../src/3rdparty/chromium/base/threading/thread.cc:255
#46 base::Thread::ThreadMain () at ./../../../../src/3rdparty/chromium/base/threading/thread.cc:337
#47 0xb3998a00 in ThreadFunc () at ./../../../../src/3rdparty/chromium/base/threading/platform_thread_posix.cc:76
#48 0xb0964f00 in start_thread (arg=0x9ec16430) at pthread_create.c:335

      Seems that this is reported by others as well. e.g.

      https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906548
      https://bugs.chromium.org/p/chromium/issues/detail?id=877480

      This problem doesn't appear in the Qt 5.12.1 imx8 build which is also currently in 32-bit mode. The imx6 gcc toolchain is 5.3 and the imx8 gcc is at 8.3.

      On imx6 I compiled and ran the Qt 5.13-beta1 webengine (chromium version 71.0.3578.140) grafted on the 12.2 Qt build and got the same segfault from blink::LocalFrameUkmAggregator::Flush() upwards.

      The Qt 5.11.1 webengine (chromium version 65.0.3325.230) is stable and seems to work fine.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            michal Michal Klocek
            christian_gagneraud_navico Christian Gagneraud
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes