[akregator] [Bug 400028] New: akregator segfaults in QtWebEngineCore::NetworkDelegateQt::OnBeforeURLRequest, thread safety issue

Dmitry Shachnev bugzilla_noreply at kde.org
Fri Oct 19 16:42:01 BST 2018


https://bugs.kde.org/show_bug.cgi?id=400028

            Bug ID: 400028
           Summary: akregator segfaults in
                    QtWebEngineCore::NetworkDelegateQt::OnBeforeURLRequest
                    , thread safety issue
           Product: akregator
           Version: unspecified
          Platform: Other
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: internal browser
          Assignee: kdepim-bugs at kde.org
          Reporter: mitya57 at gmail.com
  Target Milestone: ---

Forwarded from https://bugs.debian.org/910852.

Akregator 18.08.1 with Qt 5.11.2 crashes randomly on various feeds.

Qt upstream in https://bugreports.qt.io/browse/QTBUG-71284 says:

> It looks like a thread safety issue in kdepim's WebEngineViewer.
> QtWebEngine executes interceptors[1] on the IO thread, but
> WebEngineViewer's interceptor[2] does not take this into account.
> 
> Since this is a common issue, QtWebEngine 5.13 will have new API[3]
> to allow intercepting requests on the main UI thread, but until
> then WebEngineViewer's interceptor needs to synchronize with the
> UI thread to prevent memory corruption.
> 
> [1] https://doc.qt.io/qt-5/qwebengineurlrequestinterceptor.html#interceptRequest
> [2] https://lxr.kde.org/source/kde/pim/messagelib/webengineviewer/src/urlinterceptor/networkurlinterceptor.cpp
> [3] https://codereview.qt-project.org/235118

Stacktrace:

#0  0x00007fffed21086c in
QtWebEngineCore::NetworkDelegateQt::OnBeforeURLRequest(net::URLRequest*,
base::RepeatingCallback<void (int)> const&, GURL*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#1  0x00007fffeeca82a6 in
net::NetworkDelegate::NotifyBeforeURLRequest(net::URLRequest*,
base::RepeatingCallback<void (int)> const&, GURL*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#2  0x00007fffeedf86eb in net::URLRequest::Start() [clone .part.109] () from
/usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#3  0x00007fffedb13bce in content::ResourceLoader::StartRequestInternal() ()
from /usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#4  0x00007fffedb148ad in content::ResourceLoader::Resume(bool) () from
/usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#5  0x00007fffedb14a9a in content::ResourceLoader::StartRequest() () from
/usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#6  0x00007fffedb0e1de in
content::ResourceDispatcherHostImpl::BeginRequestInternal(std::unique_ptr<net::URLRequest,
std::default_delete<net::URLRequest> >,
std::unique_ptr<content::ResourceHandler,
std::default_delete<content::ResourceHandler> >) () from
/usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#7  0x00007fffedb0faff in
content::ResourceDispatcherHostImpl::BeginNavigationRequest(content::ResourceContext*,
net::URLRequestContext*, storage::FileSystemContext*,
content::NavigationRequestInfo const&,
std::unique_ptr<content::NavigationUIData,
std::default_delete<content::NavigationUIData> >,
content::NavigationURLLoaderImplCore*,
mojo::InterfacePtr<network::mojom::URLLoaderClient>,
mojo::InterfaceRequest<network::mojom::URLLoader>,
content::ServiceWorkerNavigationHandleCore*,
content::AppCacheNavigationHandleCore*, unsigned int,
content::GlobalRequestID*) () from
/usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#8  0x00007fffedafd855 in
content::NavigationURLLoaderImplCore::Start(content::ResourceContext*,
net::URLRequestContextGetter*, storage::FileSystemContext*,
content::ServiceWorkerNavigationHandleCore*,
content::AppCacheNavigationHandleCore*,
std::unique_ptr<content::NavigationRequestInfo,
std::default_delete<content::NavigationRequestInfo> >,
std::unique_ptr<content::NavigationUIData,
std::default_delete<content::NavigationUIData> >) () from
/usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#9  0x00007fffedafd160 in
base::internal::Invoker<base::internal::BindState<void
(content::NavigationURLLoaderImplCore::*)(content::ResourceContext*,
net::URLRequestContextGetter*, storage::FileSystemContext*,
content::ServiceWorkerNavigationHandleCore*,
content::AppCacheNavigationHandleCore*,
std::unique_ptr<content::NavigationRequestInfo,
std::default_delete<content::NavigationRequestInfo> >,
std::unique_ptr<content::NavigationUIData,
std::default_delete<content::NavigationUIData> >),
scoped_refptr<content::NavigationURLLoaderImplCore>, content::ResourceContext*,
base::internal::UnretainedWrapper<net::URLRequestContextGetter>,
base::internal::UnretainedWrapper<storage::FileSystemContext>,
content::ServiceWorkerNavigationHandleCore*,
content::AppCacheNavigationHandleCore*,
base::internal::PassedWrapper<std::unique_ptr<content::NavigationRequestInfo,
std::default_delete<content::NavigationRequestInfo> > >,
base::internal::PassedWrapper<std::unique_ptr<content::NavigationUIData,
std::default_delete<content::NavigationUIData> > > >, void
()>::RunOnce(base::internal::BindStateBase*) () from
/usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#10 0x00007fffee7a47e8 in base::debug::TaskAnnotator::RunTask(char const*,
base::PendingTask*) () from /usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#11 0x00007fffee7c4eea in base::MessageLoop::RunTask(base::PendingTask*) ()
from /usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#12 0x00007fffee7c598f in
base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) () from
/usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#13 0x00007fffee7c5b28 in base::MessageLoop::DoWork() [clone .part.202] () from
/usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#14 0x00007fffee7c8542 in
base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) () from
/usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#15 0x00007fffee7e77cb in base::RunLoop::Run() () from
/usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#16 0x00007fffed8fd3fa in
content::BrowserThreadImpl::IOThreadRun(base::RunLoop*) () from
/usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#17 0x00007fffed8fd8a7 in content::BrowserThreadImpl::Run(base::RunLoop*) ()
from /usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#18 0x00007fffee808bf8 in base::Thread::ThreadMain() () from
/usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#19 0x00007fffee804511 in base::(anonymous namespace)::ThreadFunc(void*) ()
from /usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5
#20 0x00007ffff511af2a in start_thread (arg=0x7fff7ffff700) at
pthread_create.c:463
        pd = 0x7fff7ffff700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140735340869376,
-2672070067541426078, 140737488343086, 140737488343087, 140737488343248, 0,
2671788592052650082, 
                2672055479116054626}, mask_was_saved = 0}}, priv = {pad = {0x0,
0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
#21 0x00007ffff6524edf in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

The original bug report has two other versions of stacktrace, where the first
frame indicates jump to some random and invalid address.

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the Kdepim-bugs mailing list