Loading...

Details

Type: Bug
Resolution: Fixed
Priority: P1: Critical
Fix Version/s: 5.15.0
Affects Version/s: 5.14.1, 5.14.2
Component/s: WebEngine
Labels:
None

Description

This might be related to ~~QTBUG-72532~~ in some way, except that it's now (sometimes?) a real browser process crash (in Chrome_IOThread) rather than a renderer process crash.

I'm struggling to get an exact reproducer, but I get reports about crashes from dozens of users, on various pages.

Here's how I currently try to reproduce it:

Open the following pages with Qt 5.13 simplebrowser:

https://web.telegram.im (log in)
https://mail.google.com (log in)
https://drive.google.com
https://g1.globo.com (follow a link to an article or so)

This should cause a couple of service workers to be registered. Then, while keeping the data directory around, open the same pages with a Qt 5.14 simplebrowser.

Sometimes (especially with a non-developer build), this results in a complete segfault. Unfortunately, I've been unable to get a stacktrace so far.

When I try the same with my developer build, I "only" get a renderer process crash, with this output:

[190170:190186:0212/142826.083787:ERROR:legacy_cache_storage_cache.cc(2335)] Cache size: 100352 does not match size from index: 99328
../../3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:**CRASHING**:seccomp-bpf failure in syscall 0230
Received signal 11 SEGV_MAPERR 0000000000e6
[190170:190186:0212/142826.129550:ERROR:legacy_cache_storage_cache.cc(2335)] Cache size: 35584 does not match size from index: 35328
#0 0x7f455d759bc7 base::debug::CollectStackTrace()
#1 0x7f455d5238eb base::debug::StackTrace::StackTrace()
#2 0x7f455d5238a2 base::debug::StackTrace::StackTrace()
#3 0x7f455d758787 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#4 0x7f4565234800 <unknown>
#5 0x7f4560249411 sandbox::CrashSIGSYS_Handler()
#6 0x7f456024eb80 sandbox::Trap::SigSys()
#7 0x7f456024e8af sandbox::Trap::SigSysAction()
#8 0x7f4565234800 <unknown>
#9 0x7f454ec0e2d1 __clock_nanosleep_2
#10 0x7f454ec13bf7 __GI___nanosleep
#11 0x7f455d782c20 base::PlatformThread::Sleep()
#12 0x7f455d792913 base::subtle::SpinLock::LockSlow()
#13 0x7f455a127c93 base::subtle::SpinLock::lock()
#14 0x7f455a128ee6 std::lock_guard<>::lock_guard()
#15 0x7f455a5185ef base::PartitionAllocGenericFlags()
#16 0x7f45619b24ed WTF::HashTable<>::Rehash()
#17 0x7f456199bbc4 blink::(anonymous namespace)::RunEventCallback<>()
#18 0x7f456199f647 blink::ServiceWorkerGlobalScope::DidHandleFetchEvent()
#19 0x7f4561a069f2 blink::WaitUntilObserver::MaybeCompleteEvent()
#20 0x7f45619a1b7d blink::ServiceWorkerGlobalScope::DispatchFetchEventInternal()
#21 0x7f45619a1f3c blink::ServiceWorkerGlobalScope::DispatchFetchEventForSubresource()
#22 0x7f455a13be32 blink::mojom::blink::ControllerServiceWorkerStubDispatch::AcceptWithResponder()
#23 0x7f45619b66e9 blink::mojom::blink::ControllerServiceWorkerStub<>::AcceptWithResponder()
#24 0x7f455def9f4f mojo::InterfaceEndpointClient::HandleValidatedMessage()
#25 0x7f455def7777 [190170:190170:0212/142827.307240:INFO:CONSOLE(8)] "[object Object]", source: https://s3.glbimg.com/v1/AUTH_da787d4f4e8d46e3ad76d5fa568fe786/profiling/profiling.min.js (8)
[190170:190170:0212/142827.309470:INFO:CONSOLE(0)] "Uncaught (in promise) #<Object>", source: https://g1.globo.com/ (0)
mojo::InterfaceEndpointClient::HandleIncomingMessageThunk::Accept()
#26 0x7f455df01482 mojo::FilterChain::Accept()
#27 0x7f455def9164 mojo::InterfaceEndpointClient::HandleIncomingMessage()
#28 0x7f455df0f475 mojo::internal::MultiplexRouter::ProcessIncomingMessage()
#29 0x7f455df0dc97 mojo::internal::MultiplexRouter::Accept()
#30 0x7f455df01482 mojo::FilterChain::Accept()
#31 0x7f455deecb73 mojo::Connector::DispatchMessage()
#32 0x7f455deecd95 mojo::Connector::DispatchNextMessageInQueue()
#33 0x7f455def28f8 base::internal::FunctorTraits<>::Invoke<>()
#34 0x7f455def1f93 base::internal::FunctorTraits<>::Invoke<>()
#35 0x7f455def15e9 base::internal::InvokeHelper<>::MakeItSo<>()
#36 0x7f455def0a5d _ZN4base8internal7InvokerINS0_9BindStateINS0_18IgnoreResultHelperIMN4mojo9ConnectorEFbvEEEJNS_7WeakPtrIS5_EEEEEFvvEE7RunImplIS8_St5tupleIJSA_EEJLm0EEEEvOT_OT0_St16integer_sequenceImJXspT1_EEE
#37 0x7f455deef9a6 base::internal::Invoker<>::RunOnce()
#38 0x7f4557dca818 _ZNO4base12OnceCallbackIFvvEE3RunEv
#39 0x7f455d62df12 base::TaskAnnotator::RunTask()
#40 0x7f455d67d6f8 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl()
#41 0x7f455d67cd82 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoSomeWork()
#42 0x7f455d5718fe base::MessagePumpDefault::Run()
#43 0x7f455d67ded4 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run()
#44 0x7f455d5d8c75 base::RunLoop::RunWithTimeout()
#45 0x7f455d5d893d base::RunLoop::Run()
#46 0x7f455bea17f8 blink::scheduler::WorkerThread::SimpleThreadImpl::Run()
#47 0x7f455d6d54e2 base::SimpleThread::ThreadMain()
#48 0x7f455d78261b base::(anonymous namespace)::ThreadFunc()
#49 0x7f456522946f start_thread
#50 0x7f454ec463d3 __GI___clone
  r8: 00007f452a1f7360  r9: 00007f452a1f7360 r10: 00007f452a1f7360 r11: 0000000000000202
 r12: 0000000000000010 r13: 0000000000000000 r14: 000038bc89242410 r15: 0000000000000020
  di: 0000000000000000  si: 00007f452a1f71b0  bp: 00007f452a1f7410  bx: 0000000000000000
  dx: 000000000000006d  ax: 00000000000000e6  cx: 000000000000006d  sp: 00007f452a1f73f0
  ip: 00007f4560249411 efl: 0000000000010202 cgf: 002b000000000033 erf: 0000000000000006
 trp: 000000000000000e msk: 0000000000000000 cr2: 00000000000000e6
[end of stack trace]
Calling _exit(1). Core file will not be generated.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Service Worker related crashes after 5.14 upgrade

Details

Description

Attachments

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews