Oxide

tst_NavigationRequest triggers renderer crash

Bug #1570255 reported by Chris Coulson on 2016-04-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Oxide	Fix Released	Critical	Chris Coulson	Oxide branch-1.15

Bug Description

The crash happens in test_NavigationRequest7_browser_initiated_reload:

chr1s@farnsworth:~/src/oxide/oxide/objdir$ ./out/bin/run_qmlapp.sh python ../qt/tests/runtests.py --config ./out/test_configs/qml-api-test.conf -- --file tst_NavigationRequest.qml
runtests.py: Running command '/home/chr1s/src/oxide/oxide/objdir/qt/tests/qmltests/qmltest_api --name qml-api-test --qml-import-path /home/chr1s/src/oxide/oxide/objdir/qt/tests/qmltests --qt-plugin-path /home/chr
1s/src/oxide/oxide/objdir/qt/tests/mock --nss-db-path /home/chr1s/src/oxide/oxide/qt/tests/ssldata/nss --tmpdir /tmp/tmp-oxide-runtests82Iiur --file tst_NavigationRequest.qml'
[0414/102127:ERROR:browser_main_loop.cc(219)] Running without the SUID sandbox! See https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md for more information on developin
g with the sandbox on.
[0414/102127:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
********* Start testing of qml-api-test *********
Config: Using QtTest library 5.5.1, Qt 5.5.1 (x86_64-little_endian-lp64 shared (dynamic) release build; by GCC 5.3.1 20160330)
PASS : qml-api-test::NavigationRequest::initTestCase()
127.0.0.1 - - [14/Apr/2016 10:21:28] "GET /tst_NavigationRequest.html HTTP/1.1" 200 -
127.0.0.1 - - [14/Apr/2016 10:21:28] "GET /empty.html HTTP/1.1" 200 -
PASS : qml-api-test::NavigationRequest::test_NavigationRequest1_from_user_gestures(row 0)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest1_from_user_gestures(row 1)
[0414/102128:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest1_from_user_gestures(row 2)
[0414/102128:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest1_from_user_gestures(row 3)
[0414/102129:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
[0414/102129:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest1_from_user_gestures(row 4)
[0414/102129:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest1_from_user_gestures(row 5)
[0414/102129:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest1_from_user_gestures(row 6)
[0414/102130:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest1_from_user_gestures(row 7)
[0414/102130:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest1_from_user_gestures(row 8)
[0414/102130:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest1_from_user_gestures(row 9)
[0414/102130:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest1_from_user_gestures(row 10)
[0414/102131:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest1_from_user_gestures(row 11)
[0414/102131:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest1_from_user_gestures(row 12)
[0414/102131:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest1_from_user_gestures(row 13)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest2_no_user_gesture(row 0)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest2_no_user_gesture(row 1)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest2_no_user_gesture(row 2)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest2_no_user_gesture(row 3)
[0414/102132:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest2_no_user_gesture(row 4)
[0414/102132:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest2_no_user_gesture(row 5)
[0414/102132:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest2_no_user_gesture(row 6)
[0414/102132:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest2_no_user_gesture(row 7)
[0414/102133:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest2_no_user_gesture(row 8)
[0414/102133:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest2_no_user_gesture(row 9)
[0414/102133:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest2_no_user_gesture(row 10)
[0414/102133:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest2_no_user_gesture(row 11)
[0414/102133:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest2_no_user_gesture(row 12)
[0414/102133:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest2_no_user_gesture(row 13)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest3_reject(row 0)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest3_reject(row 1)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest3_reject(row 2)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest3_reject(row 3)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest3_reject(row 4)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest3_reject(row 5)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest3_reject(row 6)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest3_reject(row 7)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest3_reject(row 8)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest3_reject(row 9)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest3_reject(row 10)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest3_reject(row 11)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest3_reject(row 12)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest3_reject(row 13)
127.0.0.1 - - [14/Apr/2016 10:21:38] "GET /tst_NavigationRequest2.html HTTP/1.1" 200 -
PASS : qml-api-test::NavigationRequest::test_NavigationRequest4_subframe(row 0)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest4_subframe(row 1)
[0414/102139:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest4_subframe(row 2)
[0414/102139:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest4_subframe(row 3)
[0414/102139:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
[0414/102139:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest4_subframe(row 4)
[0414/102140:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest4_subframe(row 5)
[0414/102140:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest4_subframe(row 6)
[0414/102140:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest4_subframe(row 7)
[0414/102141:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest4_subframe(row 8)
[0414/102141:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest4_subframe(row 9)
[0414/102141:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest4_subframe(row 10)
[0414/102141:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest4_subframe(row 11)
[0414/102142:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest4_subframe(row 12)
[0414/102142:ERROR:layer_tree_host_impl.cc(2206)] Forcing zero-copy tile initialization as worker context is missing
PASS : qml-api-test::NavigationRequest::test_NavigationRequest4_subframe(row 13)
PASS : qml-api-test::NavigationRequest::test_NavigationRequest5_browser_initiated_url()
PASS : qml-api-test::NavigationRequest::test_NavigationRequest6_browser_initiated_loadHtml()
Received signal 11 SEGV_MAPERR 000000000000
#0 0x7fdf8b5d160e base::debug::StackTrace::StackTrace()
#1 0x7fdf8b5d19c9 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7fdf8a6453e0 <unknown>
#3 0x7fdf8e9cb148 content::RenderFrameImpl::userAgentOverride()
#4 0x7fdf8d12786f blink::FrameLoaderClientImpl::userAgent()
#5 0x7fdf8de1876c blink::FrameLoader::userAgent()
#6 0x7fdf8d714b6a blink::Document::userAgent()
#7 0x7fdf8e1f8771 blink::DocumentWriteEvaluator::DocumentWriteEvaluator()
#8 0x7fdf8d98d493 blink::HTMLDocumentParser::HTMLDocumentParser()
#9 0x7fdf8d71e672 blink::Document::createParser()
#10 0x7fdf8d722152 blink::Document::implicitOpen()
#11 0x7fdf8de0c2cf blink::DocumentWriter::DocumentWriter()
#12 0x7fdf8de0c3f2 blink::DocumentWriter::create()
#13 0x7fdf8ddf8f5f blink::DocumentLoader::ensureWriter()
#14 0x7fdf8ddf912e blink::DocumentLoader::commitData()
#15 0x7fdf8ddf92df blink::DocumentLoader::finishedLoading()
#16 0x7fdf8ddfb267 blink::DocumentLoader::maybeLoadEmpty()
#17 0x7fdf8ddfbb28 blink::DocumentLoader::maybeLoadEmpty()
#18 0x7fdf8ddfbbd8 blink::DocumentLoader::startLoadingMainResource()
#19 0x7fdf8de16ae5 blink::FrameLoader::init()
#20 0x7fdf8d189861 blink::WebLocalFrameImpl::createProvisional()
#21 0x7fdf8d189939 blink::WebLocalFrame::createProvisional()
#22 0x7fdf8e9df7ec content::RenderFrameImpl::CreateFrame()
#23 0x7fdf8e9e7e39 content::RenderThreadImpl::OnCreateNewFrame()
#24 0x7fdf8e9f0dbd content::RenderThreadImpl::OnControlMessageReceived()
#25 0x7fdf8e4d0928 content::ChildThreadImpl::OnMessageReceived()
#26 0x7fdf8c3c3bf6 IPC::ChannelProxy::Context::OnDispatchMessage()
#27 0x7fdf8b5d319d base::debug::TaskAnnotator::RunTask()
#28 0x7fdf8e528bd1 scheduler::TaskQueueManager::ProcessTaskFromWorkQueue()
#29 0x7fdf8e5291c4 scheduler::TaskQueueManager::DoWork()
#30 0x7fdf8e526f37 _ZN4base8internal7InvokerINS_13IndexSequenceIJLm0ELm1ELm2EEEENS0_9BindStateINS0_15RunnableAdapterIMN9scheduler16TaskQueueManagerEFvNS_9TimeTicksEbEEEFvPS7_S8_bEJNS_7WeakPtrIS7_EERS8_bEEENS0_12I
nvokeHelperILb1EvSB_EEFvvEE3RunEPNS0_13BindStateBaseE
#31 0x7fdf8b5d319d base::debug::TaskAnnotator::RunTask()
#32 0x7fdf8b5ef75e base::MessageLoop::RunTask()
#33 0x7fdf8b5efddd base::MessageLoop::DeferOrRunPendingTask()
#34 0x7fdf8b5f00a8 base::MessageLoop::DoWork()
#35 0x7fdf8b5f19b9 base::MessagePumpDefault::Run()
#36 0x7fdf8b605b88 base::RunLoop::Run()
#37 0x7fdf8b5eefd5 base::MessageLoop::Run()
#38 0x7fdf8ea11d88 content::RendererMain()
#39 0x7fdf8e943c24 content::RunZygote()
#40 0x7fdf8e94415c content::ContentMainRunnerImpl::Run()
#41 0x7fdf8e943861 content::ContentMain()
#42 0x7fdf8b5780de oxide::OxideMain()
#43 0x7fdf8b54f697 oxide::qt::OxideMain()
#44 0x7fdf8a28a841 __libc_start_main
#45 0x000000402939 _start
  r8: 0000000000000000 r9: 0000000000000000 r10: 0000000000000000 r11: 0000000000000001
r12: 00007ffc0e219ef0 r13: 00002a66ad791800 r14: 00007ffc0e219db0 r15: 00007fdf8b5b80a0
  di: 00007ffc0e219da0 si: 0000000000000000 bp: 00002a66ad77f630 bx: 00007ffc0e219da0
  dx: 00007ffc0e219f00 ax: 0000000000000000 cx: 000034214f016b3a sp: 00007ffc0e219d80
  ip: 00007fdf8e9cb148 efl: 0000000000010246 cgf: 0000000000000033 erf: 0000000000000004
trp: 000000000000000e msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
FAIL! : qml-api-test::NavigationRequest::test_NavigationRequest7_browser_initiated_reload() 'verify()' returned FALSE. ()
   Loc: [/home/chr1s/src/oxide/oxide/qt/tests/qmltests/api/tst_NavigationRequest.qml(254)]

It's a null pointer dereference in RenderFrameImpl::userAgentOverride because |frame_| isn't initialized yet. This is most likely a regression from https://chromium.googlesource.com/chromium/src.git/+/2e992a17e9c8796de5efc6fed8049b7c8e5693a0 interacting with our customizations for per-URL user-agent string overrides.

See original description

Related branches

lp:~oxide-developers/oxide/oxide.trunk

Chris Coulson (chrisccoulson) on 2016-04-14

Changed in oxide:
importance:	Undecided → Critical
status:	New → Triaged
assignee:	nobody → Chris Coulson (chrisccoulson)
milestone:	none → branch-1.15
description:	updated

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2016-04-14:

https://git.launchpad.net/~oxide-developers/oxide/+git/chromium/commit/?id=0cf2c14b5b35d48091618a182350f3fdfa518701 seems to do the trick

Changed in oxide:
status:	Triaged → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.