online-accounts-ui crashed with SIGSEGV in oxide::CompositorThreadProxy::SendSwapSoftwareFrameOnOwnerThread()

Bug #1381558 reported by Alberto Mardegan on 2014-10-15
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Online Accounts setup for Ubuntu Touch
Undecided
Unassigned
Oxide
High
Chris Coulson
1.4
High
Chris Coulson
ubuntu-system-settings-online-accounts (Ubuntu)
Undecided
Unassigned

Bug Description

To reproduce this bug, edit the file
    /usr/lib/*/ubuntu-system-settings/private/Ubuntu/OnlineAccounts/Plugin/WebView.qml

and comment out line 53 ("visible = false"), then try creating a Twitter account (or any account, for that matter). Just before the account creating has completed, this crash happens.

ProblemType: Crash
DistroRelease: Ubuntu 14.10
Package: ubuntu-system-settings-online-accounts 0.4+14.10.20141006-0ubuntu1 [modified: usr/bin/online-accounts-hooks usr/bin/online-accounts-service usr/bin/online-accounts-ui usr/lib/x86_64-linux-gnu/pkgconfig/OnlineAccountsPlugin.pc usr/lib/x86_64-linux-gnu/ubuntu-system-settings/private/Ubuntu/OnlineAccounts/Plugin/WebView.qml usr/lib/x86_64-linux-gnu/ubuntu-system-settings/private/Ubuntu/OnlineAccounts/Plugin/qmldir]
ProcVersionSignature: Ubuntu 3.16.0-20.27-generic 3.16.3
Uname: Linux 3.16.0-20-generic x86_64
ApportVersion: 2.14.7-0ubuntu6
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Oct 15 17:03:02 2014
ExecutablePath: /usr/bin/online-accounts-ui
InstallationDate: Installed on 2014-09-23 (22 days ago)
InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Alpha amd64 (20140923)
ProcCmdline: /usr/bin/online-accounts-ui --desktop_file_hint=/usr/share/applications/online-accounts-ui.desktop --socket /run/user/1000/online-accounts-ui/ui-5
SegvAnalysis:
 Segfault happened at: 0x7f19ec6bd692 <oxide::CompositorThreadProxy::SendSwapSoftwareFrameOnOwnerThread(unsigned int, gfx::Size const&, float, unsigned int, gfx::Rect const&, gpu::Mailbox const&)+178>: mov 0x8(%rbp),%r13
 PC (0x7f19ec6bd692) ok
 source "0x8(%rbp)" (0x00000008) not located in a known VMA region (needed readable region)!
 destination "%r13" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: ubuntu-system-settings-online-accounts
StacktraceTop:
 oxide::CompositorThreadProxy::SendSwapSoftwareFrameOnOwnerThread (this=0x1923420, surface_id=1, size=..., scale=<optimized out>, id=3, damage_rect=..., bitmap_id=...) at ../../../../shared/browser/compositor/oxide_compositor_thread_proxy.cc:102
 Run (this=0x7fffe91ad3f8) at ../../../../third_party/chromium/src/base/callback.h:401
 base::debug::TaskAnnotator::RunTask (this=this@entry=0x16094b8, queue_function=queue_function@entry=0x7f19ef0753ae "MessageLoop::PostTask", run_function=run_function@entry=0x7f19ef0753cd "MessageLoop::RunTask", pending_task=...) at ../../../../third_party/chromium/src/base/debug/task_annotator.cc:62
 base::MessageLoop::RunTask (this=this@entry=0x1609360, pending_task=...) at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:447
 base::MessageLoop::DeferOrRunPendingTask (this=this@entry=0x1609360, pending_task=...) at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:456
Title: online-accounts-ui crashed with SIGSEGV in oxide::CompositorThreadProxy::SendSwapSoftwareFrameOnOwnerThread()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm autopilot cdrom dip lpadmin plugdev sambashare sudo

Alberto Mardegan (mardy) wrote :
information type: Private → Public

StacktraceTop:
 ?? ()
 ?? ()
 ?? ()
 ?? ()
 ?? ()

Changed in ubuntu-system-settings-online-accounts (Ubuntu):
status: New → Invalid

Thank you for your report!

However, processing it in order to get sufficient information for the
developers failed (it does not generate a useful symbolic stack trace). This
might be caused by some outdated packages which were installed on your system
at the time of the report:

no debug symbol package found for libunity-gtk2-parser0
no debug symbol package found for libasyncns0
no debug symbol package found for libxkbcommon-x11-0
no debug symbol package found for libnih1
no debug symbol package found for libpng12-0
no debug symbol package found for libselinux1
no debug symbol package found for unity-gtk2-module
no debug symbol package found for libqt5network5
no debug symbol package found for libatk1.0-0
no debug symbol package found for libnih-dbus1
no debug symbol package found for libxkbcommon0
no debug symbol package found for libexpat1
no debug symbol package found for qtdeclarative5-ubuntu-ui-toolkit-plugin

Please upgrade your system to the latest package versions. If you still
encounter the crash, please file a new report.

Thank you for your understanding, and sorry for the inconvenience!

tags: removed: need-amd64-retrace
Chris Coulson (chrisccoulson) wrote :

This crash is specific to the software compositing path, which is largely untested. From the trace, it looks like |bitmap| is probably NULL. I'm not entirely sure what would cause that

void CompositorThreadProxy::SendSwapSoftwareFrameOnOwnerThread(
    uint32 surface_id,
    const gfx::Size& size,
    float scale,
    unsigned id,
    const gfx::Rect& damage_rect,
    const cc::SharedBitmapId& bitmap_id) {
  scoped_ptr<cc::SharedBitmap> bitmap(
      content::HostSharedBitmapManager::current()->GetSharedBitmapFromId(
        size, bitmap_id));
  DCHECK(bitmap);

  scoped_refptr<CompositorFrameHandle> frame(
      new CompositorFrameHandle(surface_id, this, size, scale));
  frame->software_frame_data_.reset(
      new SoftwareFrameData(id, damage_rect, bitmap->pixels()));

  if (!owner().compositor) {
    DidSwapCompositorFrame(surface_id, frame);
    return;
  }

  owner().compositor->SendSwapCompositorFrameToClient(surface_id, frame);
}

Chris Coulson (chrisccoulson) wrote :

So, when a webview is hidden, the output surface backbuffers are discarded. But it seems that we also discard the current frontbuffer, which would lead to GetSharedBitmapFromId() failing

Changed in ubuntu-system-settings-online-accounts:
status: New → Invalid
Changed in oxide:
status: New → Triaged
importance: Undecided → High
assignee: nobody → Chris Coulson (chrisccoulson)
milestone: none → branch-1.4
Changed in oxide:
milestone: branch-1.4 → branch-1.5
Changed in oxide:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers