blink: Crash in GCInfoTable::EnsureGCInfoIndex at startup

[dmik]

Blink is a Chromium web rendering engine (https://www.chromium.org/blink). An attempt to start a Qt WebEngine test case (https://github.com/bitwiseworks/qtwebengine-os2/issues/4) in single process mode via set QTWEBENGINE_CHROMIUM_FLAGS=--single-process (see https://github.com/bitwiseworks/qtwebengine-chromium-os2/issues/12#issuecomment-663745918) crashes like this:

[25 Jul 2020 01:38:41, qt5d tst_qwebenginecookiestore.exe]

[0725/013843.045000:ERROR:content_main_runner_impl.cc(642)] *** 2 3
[24623:1:0725/013843.113000:ERROR:browser_main_runner_impl.cc(71)] *** 
[24623:1:0725/013843.125000:ERROR:network_change_notifier.cc(224)] Not implemented reached in static net::NetworkChangeNotifier* net::NetworkChangeNotifier::Create()
[24623:5:0725/013843.246000:ERROR:network_change_notifier.cc(224)] Not implemented reached in static net::NetworkChangeNotifier* net::NetworkChangeNotifier::Create()
[24623:1:0725/013843.254000:ERROR:process_posix.cc(309)] Not implemented reached in base::Time base::Process::CreationTime() const
[24623:1:0725/013843.307000:ERROR:create_video_capture_device_factory.cc(62)] Not implemented reached in std::unique_ptr<media::VideoCaptureDeviceFactory> media::{anonymous}::CreatePlatformSpecificVideoCaptureDeviceFactory(scoped_refptr<base::SingleThreadTaskRunner>)
********* Start testing of tst_QWebEngineCookieStore *********
Config: Using QtTest library 5.13.1, Qt 5.13.1 (i386-little_endian-ilp32 shared (dynamic) release build; by GCC 9.2.0 20190812 (OS/2 RPM build 9.2.0-1))
PASS   : tst_QWebEngineCookieStore::initTestCase()
[24623:1:0725/013843.996000:ERROR:process_posix.cc(309)] Not implemented reached in base::Time base::Process::CreationTime() const
[24623:1:0725/013844.260000:ERROR:time_zone_monitor_os2.cc(30)] Not implemented reached in static std::unique_ptr<device::TimeZoneMonitor> device::TimeZoneMonitor::Create(scoped_refptr<base::SequencedTaskRunner>)
Creating 602F_0E.TRP
** Secondary exception C0000005 occurred in TID 5 at cs:eip 005B:1D4B269C **
** Exceptq report suppressed - exceptq in use by TID 14 **
[24623:5:0725/013844.877000:ERROR:debugger_posix.cc(176)] Not implemented reached in bool base::debug::BeingDebugged()
Received signal 11 SEGV_ACCERR 0000bdee8000
[end of stack trace]
Calling _exit(1). Core file will not be generated.

[25 Jul 2020 01:38:46, exit code 0, took 4.31s]

According to .TRP, it tries to write to a r/o memory block allocated by LIBCn (via DosAllocMemEx I presume). Here is the .TRP excerpt:

 Failing Instruction
______________________________________________________________________

 0E2F2E15  CMP  [ESI+0x8], EDX    (3956 08)
 0E2F2E18  JBE  0xe2f2e50         (76 36)
 0E2F2E1A  MOV  EDX, [ESI]        (8b16)
 0E2F2E1C  MOV  EAX, [ESP+0x1c]   (8b4424 1c)
 0E2F2E20 >MOV  [EDX+EBX*4], EAX  (89049a)
 0E2F2E23  MOV  [EDI], EBX        (891f)
 0E2F2E25  MOV  [ESP], EBP        (892c24)
 0E2F2E28  CALL 0xfa32b20         (e8 f3fc7301)

______________________________________________________________________

 Registers
______________________________________________________________________

 EAX : 10121754   EBX  : 00000001   ECX : 00000000   EDX  : 3BF70000
 ESI : 16533CC0   EDI  : 1657C3B8
 ESP : 044EF12C   EBP  : 16533CCC   EIP : 0E2F2E20   EFLG : 00010216
 CS  : 005B       CSLIM: FFFFFFFF   SS  : 0053       SSLIM: FFFFFFFF

 EAX : read/exec  memory at 0001:03EF1754 in QT5WEBC
 EBX : not a valid address
 ECX : not a valid address
 EDX : read-only  memory allocated by LIBCN0
 ESI : read/write memory at 0002:01FD3CC0 in QT5WEBC
 EDI : read/write memory at 0002:0201C3B8 in QT5WEBC

______________________________________________________________________

 Stack Info for Thread 0E
______________________________________________________________________

   Size       Base        ESP         Max         Top
 00200000   044F0000 -> 044EF12C -> 044EB000 -> 042F0000

______________________________________________________________________

 Call Stack
______________________________________________________________________

   EBP     Address    Module     Obj:Offset    Nearest Public Symbol
 --------  ---------  --------  -------------  -----------------------
 Trap  ->  0E2F2E20   QT5WEBC   0001:020C2E20   __ZN5blink11GCInfoTable17EnsureGCInfoIndexEPKNS_6GCInfoEPSt6atomicIjE + 60 0001:020C2DC0 (heap_jumbo_1.o)

 16533CCC  00000001   Invalid address: 00000001

Unfortunately, EXCEPTQ doesn't recognize optimized (-O2) GCC 9 stack frames (which don't use EBP at all I guess) and cant follow them. So I can only guess who called GCInfoTable::EnsureGCInfoIndex based on the stack contents from TRP (not putting it here as it's an extremely large list).

I think it has something to with memory permission bits while doing blink heap management (for which we use DosAllocMem APIs).

[dmik]

With the fixed HIGHMEM, I can finally use the debug DLL (Qt5WebCd.dll) which enables VLOG and DCHECK macros. With this DLL, the test case fails much earlier:

[0727/235746.185000:FATAL:sys_info_posix.cc(58)] Check failed: false. 

I will look at this later.

[dmik]

With some fixes I went further, now it crashes in Qt5Core:

 Trap  ->  1D4B269C   QT5CORE   0001:0026269C  qresource.cpp#1401 __ZN19QResourceFileEngine4readEPcx + 8C 0001:00262610 (D:\Coding\qt5\qt5\qtbase\src\corelib\io\qresource.cpp)
 036FF7E4  1D488E3D   QT5CORE   0001:00238E3D  qfiledevice.cpp#463 __ZN11QFileDevice8readDataEPcx + 7D 0001:00238DC0 (D:\Coding\qt5\qt5\qtbase\src\corelib\io\qfiledevice.cpp)
 036FF834  1D495D2E   QT5CORE   0001:00245D2E  qiodevice.cpp#1114 __ZN16QIODevicePrivate4readEPcxb + 1DE 0001:00245B50 (D:\Coding\qt5\qt5\qtbase\src\corelib\io\qiodevice.cpp)
 036FF8C4  1D4964ED   QT5CORE   0001:002464ED  qiodevice.cpp#1063 __ZN9QIODevice4readEPcx + 18D 0001:00246360 (D:\Coding\qt5\qt5\qtbase\src\corelib\io\qiodevice.cpp)
 036FF914  0C2863E9   QT5WEBC   0001:000563E9   __ZN15QtWebEngineCore19URLRequestCustomJob11ReadRawDataEPN3net8IOBufferEi + 49 0001:000563A0 (D:\Coding\qt5\qt5\qtwebengine\src\core\net\url_request_custom_job.cpp)

I guess it tries to read some test URL from a resource file which is missing on OS/2.

[dmik]

The above comment relates to https://github.com/bitwiseworks/qtwebengine-os2/issues/4 actually and this issue is fixed by the above commit. Closing it.