Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-72532

[REG 5.12] Cache related renderer segfault in v8::internal::Deserializer<>::GetBackReferencedObject()

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 5.12.5
    • 5.12.0
    • WebEngine
    • None
    • Linux/X11, macOS
    • 6f3c15d2319ca11c2e31076292f5733baf64d991 (qt/qtwebengine-chromium/69-based)

    Description

      After updating to Qt 5.12, I got the following renderer process crash when visiting DuckDuckGo search results or Telegram Web in qutebrowser:

      Received signal 11 SEGV_MAPERR 00010000000b
#0 0x7f2a2f1f498e base::debug::StackTrace::StackTrace()
#1 0x7f2a2f1ed713 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7f2a2f1f4905 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x7f2a33a173c0 <unknown>
#4 0x7f2a2e4a94a4 v8::internal::Deserializer<>::GetBackReferencedObject()
#5 0x7f2a2e4aee77 v8::internal::Deserializer<>::ReadData()
#6 0x7f2a2e4ad736 v8::internal::Deserializer<>::ReadObject()
#7 0x7f2a2e4ae561 v8::internal::Deserializer<>::ReadData()
#8 0x7f2a2e4ad736 v8::internal::Deserializer<>::ReadObject()
#9 0x7f2a2e4ae561 v8::internal::Deserializer<>::ReadData()
#10 0x7f2a2e4ad736 v8::internal::Deserializer<>::ReadObject()
#11 0x7f2a2e4ae561 v8::internal::Deserializer<>::ReadData()
#12 0x7f2a2e4ad736 v8::internal::Deserializer<>::ReadObject()
#13 0x7f2a2e4ae561 v8::internal::Deserializer<>::ReadData()
#14 0x7f2a2e4ad736 v8::internal::Deserializer<>::ReadObject()
#15 0x7f2a2e4ae561 v8::internal::Deserializer<>::ReadData()
#16 0x7f2a2e4ad736 v8::internal::Deserializer<>::ReadObject()
#17 0x7f2a2e4ae561 v8::internal::Deserializer<>::ReadData()
#18 0x7f2a2e4ad736 v8::internal::Deserializer<>::ReadObject()
#19 0x7f2a2e4ae561 v8::internal::Deserializer<>::ReadData()
#20 0x7f2a2e4ad736 v8::internal::Deserializer<>::ReadObject()
#21 0x7f2a2e4ae561 v8::internal::Deserializer<>::ReadData()
#22 0x7f2a2e4ad736 v8::internal::Deserializer<>::ReadObject()
#23 0x7f2a2e4ae561 v8::internal::Deserializer<>::ReadData()
#24 0x7f2a2e4ad736 v8::internal::Deserializer<>::ReadObject()
#25 0x7f2a2e4ae561 v8::internal::Deserializer<>::ReadData()
#26 0x7f2a2e4af2f5 v8::internal::ObjectDeserializer::Deserialize()
#27 0x7f2a2e4af6fa v8::internal::ObjectDeserializer::DeserializeSharedFunctionInfo()
#28 0x7f2a2e4a62ae v8::internal::CodeSerializer::Deserialize()
#29 0x7f2a2e0a1526 v8::internal::Compiler::GetSharedFunctionInfoForScript()
#30 0x7f2a2e5d2159 v8::ScriptCompiler::CompileUnboundInternal()
#31 0x7f2a2e5d25b5 v8::ScriptCompiler::Compile()
#32 0x7f2a31aee068 blink::(anonymous namespace)::CompileScriptInternal()
#33 0x7f2a31af35de blink::V8ScriptRunner::CompileScript()
#34 0x7f2a31aca8b5 blink::ScriptController::ExecuteScriptAndReturnValue()
#35 0x7f2a31acb262 blink::ScriptController::EvaluateScriptInMainWorld()
#36 0x7f2a31acb4cf blink::ScriptController::ExecuteScriptInMainWorld()
#37 0x7f2a30a8ff64 blink::PendingScript::ExecuteScriptBlockInternal()
#38 0x7f2a30a90bee blink::PendingScript::ExecuteScriptBlock()
#39 0x7f2a30a8d92a blink::(anonymous namespace)::DoExecuteScript()
#40 0x7f2a30a8da53 blink::HTMLParserScriptRunner::ExecutePendingScriptAndDispatchEvent()
#41 0x7f2a30a8db69 blink::HTMLParserScriptRunner::ExecuteParsingBlockingScripts()
#42 0x7f2a30a8dcd7 blink::HTMLParserScriptRunner::ExecuteScriptsWaitingForLoad()
#43 0x7f2a3062fbe0 blink::HTMLDocumentParser::NotifyScriptLoaded()
#44 0x7f2a30a7ffb3 blink::ClassicPendingScript::AdvanceReadyState()
#45 0x7f2a30a83a02 blink::ClassicPendingScript::NotifyFinished()
#46 0x7f2a2e800892 blink::Resource::NotifyFinished()
#47 0x7f2a2e81a9e9 blink::ResourceFetcher::HandleLoaderFinish()
#48 0x7f2a2e81df6a blink::ResourceLoader::DidFinishLoading()
#49 0x7f2a3146b01d content::WebURLLoaderImpl::Context::OnCompletedRequest()
#50 0x7f2a31463e98 content::ResourceDispatcher::OnRequestComplete()
#51 0x7f2a3146a080 content::URLResponseBodyConsumer::OnReadable()
#52 0x7f2a2f4973e0 mojo::SimpleWatcher::OnHandleReady()
#53 0x7f2a2f164280 base::debug::TaskAnnotator::RunTask()
#54 0x7f2a2f1c5f6d base::sequence_manager::internal::ThreadControllerImpl::DoWork()
#55 0x7f2a2f164280 base::debug::TaskAnnotator::RunTask()
#56 0x7f2a2f187a02 base::MessageLoop::RunTask()
#57 0x7f2a2f18864f base::MessageLoop::DeferOrRunPendingTask()
#58 0x7f2a2f1887d8 base::MessageLoop::DoWork()
#59 0x7f2a2f1848f1 base::MessagePumpDefault::Run()
#60 0x7f2a2f1a863b base::RunLoop::Run()
#61 0x7f2a312e604b content::RendererMain()
  r8: 000000000000c967  r9: 0000000000010000 r10: 0000000000000008 r11: 0000000000000082
 r12: 000002cc0b1aa810 r13: 0000000000000000 r14: 00007f2a323e8a50 r15: 00007ffda681efb0
  di: 0000000000ffffff  si: 00001c3f13e80000  bp: 00007ffda681e470  bx: 00007ffda681efb0
  dx: 0000000100000000  ax: 00001c3f13e86b61  cx: 0000000000006b60  sp: 00007ffda681e460
  ip: 00007f2a2e4a94a4 efl: 0000000000010202 cgf: 002b000000000033 erf: 0000000000000004
 trp: 000000000000000e msk: 0000000000000000 cr2: 000000010000000b
[end of stack trace]
Calling _exit(1). Core file will not be generated.

      Telegram also logs https://web.telegram.im/#/im?p=:0 Adding master entry to Application Cache with manifest https://web.telegram.im/webogram.appcache before the crash.

      After deleting ~/.cache/qutebrowser (which contains the QtWebEngine cache directory), things worked again. However, after some time, the Telegram crash reappeared (but the DuckDuckGo one I haven't seen anymore so far).

      I'd be happy to work on a minimal example, but since this is related to some cache state (I can't immediately reproduce it with qutebrowser --temp-basedir which uses a clean cache/data directory), I'm not sure where to start.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-70755 Render process crashes: v8::internal::Deserializer

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed

          Activity

            People

              allan.jensen Allan Sandfeld Jensen
              the compiler Florian Bruhin
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: