New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SIGTRAP when clicking on sponsored Google search results with content blocking enabled #8172
Comments
I cannot reproduce by doing:
and then clicking the first result leading to LeaseWeb. Can you? If so, a stacktrace would be great indeed. If not, what's different? |
I can reproduce the crash by running your command and clicking on the first sponsored link; it is, however, not a link leading to LeaseWeb, as my local search results differ. Stack trace: https://gist.githubusercontent.com/lfos/1fc54348eb725e51fa74fc627f30863b/raw Some debug symbols might be missing, please let me know if there's anything else that might be helpful to further debug. |
Relevant part: #0 0x00007bc7be02f0b1 base::ImmediateCrash() (libQt6WebEngineCore.so.6 + 0x302f0b1)
#1 0x00007bc7be02f35b content::RenderFrameHostManager::GetSiteInstanceForNavigationRequest(content::NavigationRequest*, content::RenderFrameHostManager::IsSameSiteGetter&, content::BrowsingContextGroupSwap*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*) (libQt6WebEngineCore.so.6 + 0x302f35b)
#2 0x00007bc7be0322b8 content::RenderFrameHostManager::GetFrameHostForNavigation(content::NavigationRequest*, content::BrowsingContextGroupSwap*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*) (libQt6WebEngineCore.so.6 + 0x30322b8)
#3 0x00007bc7bdfa9d7b content::NavigationRequest::SelectFrameHostForOnRequestFailedInternal(bool, bool, absl::optional<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > const&) (libQt6WebEngineCore.so.6 + 0x2fa9d7b)
#4 0x00007bc7bdfacb59 content::NavigationRequest::OnRequestFailedInternal(network::URLLoaderCompletionStatus const&, bool, absl::optional<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > const&, bool) (libQt6WebEngineCore.so.6 + 0x2facb59)
#5 0x00007bc7bdfb3e02 non-virtual thunk to content::NavigationRequest::OnRequestFailed(network::URLLoaderCompletionStatus const&) (libQt6WebEngineCore.so.6 + 0x2fb3e02)
#6 0x00007bc7bf1b79a6 base::OnceCallback<void ()>::Run() && (libQt6WebEngineCore.so.6 + 0x41b79a6)
#7 0x00007bc7bf1d3cdb RunTask<base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*)::<lambda(perfetto::EventContext&)> > (libQt6WebEngineCore.so.6 + 0x41d3cdb)
#8 0x00007bc7bf1d46ee base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() (libQt6WebEngineCore.so.6 + 0x41d46ee)
#9 0x00007bc7bb0ef39d QtWebEngineCore::MessagePumpForUIQt::handleScheduledWork() (libQt6WebEngineCore.so.6 + 0xef39d) Code is around here: though I can't seem to find a call to `base::ImmediateCrash() in there. I'm assuming there is no interesting information in the terminal from Chromium when this happens? |
Possibly related in some way: [QTBUG-108273] Failing CHECK in render_frame_host_manager.cc when reloading Instagram - Qt Bug Tracker Could you make sure
and (with debuginfod enabled in there if asked) see if you can get a better stacktrace that way? |
Sure: https://gist.githubusercontent.com/lfos/348b9a81c12a6faeb2a49fb160331492/raw |
Relevant part: #0 0x00007fffe8e2f0b1 in base::ImmediateCrash () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/base/immediate_crash.h:146
#1 logging::CheckFailure () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/base/check.h:193
#2 content::RenderFrameHostManager::GetSiteInstanceForNavigation () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/content/browser/renderer_host/render_frame_host_manager.cc:2611
#3 0x00007fffe8e2f35b in content::RenderFrameHostManager::GetSiteInstanceForNavigationRequest () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/content/browser/renderer_host/render_frame_host_manager.cc:4154
#4 0x00007fffe8e322b8 in content::RenderFrameHostManager::GetFrameHostForNavigation () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/content/browser/renderer_host/render_frame_host_manager.cc:1542
#5 0x00007fffe8da9d7b in content::NavigationRequest::SelectFrameHostForOnRequestFailedInternal () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/content/browser/renderer_host/navigation_request.cc:4680
#6 0x00007fffe8dacb59 in content::NavigationRequest::OnRequestFailedInternal () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/content/browser/renderer_host/navigation_request.cc:4637
#7 0x00007fffe8db3e02 in non-virtual thunk to content::NavigationRequest::OnRequestFailed(network::URLLoaderCompletionStatus const&) () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/content/browser/renderer_host/navigation_request.h:1393
#8 0x00007fffe9fb79a6 in base::OnceCallback<void ()>::Run() && () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/base/functional/callback.h:152 which boils it down to this No clue why, but doesn't look like anything qutebrowser can fix. I'll see if I can cook up a more minimal example to report this to Qt. |
Thanks for the analysis! Do you have an idea how this could be related to content blocking? As I mentioned in my original bug report, the crashes only occur if |
The stacktrace points to Actually, could you copy the link (via right click -> copy link) and see if it also happens if you paste it here and click on it e.g. in the comment preview? If so, if you post the link, I might be able to reproduce with that. |
Interesting question. Copying and inserting link doesn't result in a crash. Following that, I tested opening in a new tab and in a new window; neither of those seem to result in a crash either. The bug seems to only occur when I click the link to open it in the same tab. |
Another observation: Even copying the exact |
I have the same issue with an unsubscribe url that is routed through awstrack.me and urldefense.com. Opening the awstrack.me url directly does not cause the crash. So it might be related to the 302 response. |
I'm afraid I still can't reproduce. I'm trying:
which just takes me to a |
Yeah sorry, I can't find a way to reproduce it right now either. |
Ah, that tidbit helped! Thanks to the university I teach at, I happen to have Outlook Web up and running - and indeed, pasting the link in there, doing a random change (to make sure to trigger whatever Microsoft does to mangle things even further), and then clicking it reproduces the issue...
And opening the giant Outlook safelinks URL also reproduces the issue directly. Though I have no idea how long it will stay valid. It has a fun URL-encoded base64-encoded cookie in there, but let's hope those aren't my Outlook access credentials or something. So at this point, we have:
Maybe it only triggers if there is a (cross-origin) redirect to a (cross-origin) redirect to the actual page which is blocked?! |
I can't seem to make it crash outside of the Outlook safelinks thing, but no double redirect is necessary. Just blocking C++ reproducer: #include <QApplication>
#include <QtWebEngineWidgets>
#include <QtWebEngineCore>
#include <QUrl>
class Interceptor : public QWebEngineUrlRequestInterceptor {
public:
void interceptRequest(QWebEngineUrlRequestInfo &info) override {
if (info.requestUrl().host() == "example.org") {
info.block(true);
}
}
};
int main(int argc, char *argv[]) {
QApplication app(argc, argv);
Interceptor interceptor;
QWebEngineProfile::defaultProfile()->setUrlRequestInterceptor(&interceptor);
QWebEngineView view;
QObject::connect(view.page(), &QWebEnginePage::newWindowRequested, [&view](QWebEngineNewWindowRequest &request){ request.openIn(view.page()); });
view.load(QUrl("https://outlook.office.com"));
view.show();
return app.exec();
} QT += core webenginewidgets widgets
SOURCES += main.cpp In a train right now so I don't have debugging symbols available, but will report this upstream as soon as I'm back to a stable connection. |
And a Python reproducer: import sys
from PyQt6.QtWebEngineWidgets import QWebEngineView
from PyQt6.QtWebEngineCore import QWebEngineProfile, QWebEngineUrlRequestInterceptor
from PyQt6.QtWidgets import QApplication
from PyQt6.QtCore import QUrl
class Interceptor(QWebEngineUrlRequestInterceptor):
def interceptRequest(self, info):
if info.requestUrl().host() == "example.org":
info.block(True)
app = QApplication(sys.argv)
interceptor = Interceptor()
QWebEngineProfile.defaultProfile().setUrlRequestInterceptor(interceptor)
view = QWebEngineView()
view.page().newWindowRequested.connect(lambda request: request.openIn(view.page()))
view.load(QUrl("https://outlook.office.com"))
view.show()
app.exec() Will need to think about whether a workaround with |
Version info: I am using the qutebrowser package on Arch Linux.
Does the bug happen if you start with
--temp-basedir
?: Yes.Description: When clicking on a sponsored link in Google search results, qutebrowser crashes with
SIGTRAP
.How to reproduce
content.blocking.enabled
is set totrue
. The issue cannot be reproduced if this setting is disabled.Happy to try to enable debugging symbols and obtain a strack trace if needed.
The text was updated successfully, but these errors were encountered: