Ubuntu
webbrowser-app package

webbrowser-app crashed with SIGSEGV in erase()

Bug #1241813 reported by Pat McGowan
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
webbrowser-app (Ubuntu)
Fix Released
Critical
Olivier Tilloy

Bug Description

Browsing ubuntu.com, click the phone tab, click the tablet tab, crash every time.
Seems to be in the WebviewThumbnailer

ProblemType: Crash
DistroRelease: Ubuntu 13.10
Package: webbrowser-app 0.22+13.10.20131011.1-0ubuntu1
ProcVersionSignature: Ubuntu 3.11.0-12.19-generic 3.11.3
Uname: Linux 3.11.0-12-generic i686
ApportVersion: 2.12.5-0ubuntu2
Architecture: i386
Date: Fri Oct 18 16:06:47 2013
ExecutablePath: /usr/bin/webbrowser-app
InstallationDate: Installed on 2011-10-11 (738 days ago)
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111011)
MarkForUpload: True
ProcCmdline: webbrowser-app
SegvAnalysis:
 Segfault happened at: 0xb6a233c1 <_ZN7QSGNode15appendChildNodeEPS_+33>: mov %ecx,0x18(%eax)
 PC (0xb6a233c1) ok
 source "%ecx" ok
 destination "0x18(%eax)" (0xb753ebd0) in non-writable VMA region: 0xb7278000-0xb76c5000 r-xp /usr/lib/i386-linux-gnu/libQt5Core.so.5.1.1
 Stack memory exhausted (SP below stack segment)
SegvReason: writing VMA /usr/lib/i386-linux-gnu/libQt5Core.so.5.1.1
Signal: 11
SourcePackage: webbrowser-app
StacktraceTop:
 QSGNode::appendChildNode(QSGNode*) () from /usr/lib/i386-linux-gnu/libQt5Quick.so.5
 WebviewThumbnailer::updatePaintNode(QSGNode*, QQuickItem::UpdatePaintNodeData*) () from /usr/lib/i386-linux-gnu/qt5/qml/Ubuntu/Components/Extras/Browser/libubuntu-ui-extras-browser-plugin.so
 QQuickWindowPrivate::updateDirtyNode(QQuickItem*) () from /usr/lib/i386-linux-gnu/libQt5Quick.so.5
 QQuickWindowPrivate::updateDirtyNodes() () from /usr/lib/i386-linux-gnu/libQt5Quick.so.5
 QQuickWindowPrivate::syncSceneGraph() () from /usr/lib/i386-linux-gnu/libQt5Quick.so.5
Title: webbrowser-app crashed with SIGSEGV in QSGNode::appendChildNode()
UpgradeStatus: Upgraded to saucy on 2013-08-05 (74 days ago)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

Revision history for this message
Pat McGowan (pat-mcgowan) wrote :
information type: Private → Public
Revision history for this message
Pat McGowan (pat-mcgowan) wrote :

Looks a lot like lp:1217693

Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 erase (pos=..., this=<optimized out>) at /usr/include/qt5/QtCore/qlinkedlist.h:461
 removeLast (this=0xa72241b8) at /usr/include/qt5/QtCore/qlinkedlist.h:201
 takeLast (this=0xa72241b8) at /usr/include/qt5/QtCore/qlinkedlist.h:401
 QSGDistanceFieldGlyphNode::~QSGDistanceFieldGlyphNode (this=0xb9085728, __in_chrg=<optimized out>) at scenegraph/qsgdistancefieldglyphnode.cpp:83
 qmlRegisterType<QQuickScaleGrid> () at ../../include/QtQml/../../src/qml/qml/qqml.h:135

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
summary: - webbrowser-app crashed with SIGSEGV in QSGNode::appendChildNode()
+ webbrowser-app crashed with SIGSEGV in erase()
tags: removed: need-i386-retrace
Revision history for this message
Alexandre Abreu (abreu-alexandre) wrote :

I am not able to reproduce this crash on amd64 & on ubuntu.com.

I get another one though (occurs frequently & always w/ gmail on the desktop) and as far as I can tell systematically w/ the following stack trace:

Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `webbrowser-app --app-id=GMailmailgooglecom --webapp=R01haWw= --maximized --enab'.
Program terminated with signal 11, Segmentation fault.
#0 get (this=<optimized out>) at ../WTF/wtf/RefPtr.h:58
58 ../WTF/wtf/RefPtr.h: No such file or directory.
(gdb) bt
#0 get (this=<optimized out>) at ../WTF/wtf/RefPtr.h:58
#1 PassRefPtr<WebCore::TextureMapperBackingStore> (o=..., this=<optimized out>) at ../WTF/wtf/PassRefPtr.h:97
#2 backingStore (this=<optimized out>) at ../WebCore/platform/graphics/texmap/TextureMapperLayer.h:121
#3 WebKit::LayerTreeRenderer::getBackingStore (this=0x7fa4efbaec00, graphicsLayer=<optimized out>) at UIProcess/CoordinatedGraphics/LayerTreeRenderer.cpp:414
#4 0x00007fa4fa21ae5d in WebKit::LayerTreeRenderer::createTile (this=<optimized out>, layerID=<optimized out>, tileID=285, scale=1)
    at UIProcess/CoordinatedGraphics/LayerTreeRenderer.cpp:491
#5 0x00007fa4fa21944b in operator() (this=<optimized out>) at ../WTF/wtf/Functional.h:613
#6 WebKit::LayerTreeRenderer::syncRemoteContent (this=this@entry=0x7fa4efbaec00) at UIProcess/CoordinatedGraphics/LayerTreeRenderer.cpp:647
#7 0x00007fa4fa21a016 in WebKit::LayerTreeRenderer::paintToCurrentGLContext (this=0x7fa4efbaec00, matrix=..., opacity=opacity@entry=1, clipRect=...,
    PaintFlags=PaintFlags@entry=0) at UIProcess/CoordinatedGraphics/LayerTreeRenderer.cpp:107
#8 0x00007fa4fa3226a1 in WebKit::ContentsSGNode::render (this=0x7fa4982d2710, state=...) at UIProcess/qt/QtWebPageSGNode.cpp:59
#9 0x00007fa533916ce4 in QSGDefaultRenderer::renderNodes(QSGNode* const*, int) () from /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5
#10 0x00007fa53391777c in QSGDefaultRenderer::render() () from /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5
#11 0x00007fa53391cef8 in QSGRenderer::renderScene(QSGBindable const&) () from /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5
#12 0x00007fa53391d027 in QSGRenderer::renderScene() () from /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5
#13 0x00007fa533926585 in QSGContext::renderNextFrame(QSGRenderer*, unsigned int) () from /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5
#14 0x00007fa53395352a in QQuickWindowPrivate::renderSceneGraph(QSize const&) () from /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5
#15 0x00007fa533a35b13 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5
#16 0x00007fa5345f9186 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#17 0x00007fa52fe24764 in ?? () from /usr/lib/nvidia-304-updates/libGL.so.1
#18 0x00007fa531fccf6e in start_thread (arg=0x7fa4ae39c700) at pthread_create.c:311
#19 0x00007fa5322dc9cd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Revision history for this message
Timo Jyrinki (timo-jyrinki) wrote :

At least Pat seems to use Qt 5.1.1, is that the difference? The original backtrace looks somewhat similar to other Qt 5.1.1 crashers in the renderer/SceneGraph. The camera app bug #1223042 in particular mentions a workaround of loading an image differently, and that the KDE developers are seeing a similar issue.

Anders (eddiedog988)
Changed in webbrowser-app (Ubuntu):
status: New → Confirmed
Revision history for this message
Olivier Tilloy (osomon) wrote :

Closing now, as this code was removed from webbrowser-app a while ago, and we’re now on Qt 5.3.

Changed in webbrowser-app (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.