Oxide

crash when deleting a webview (oxide 1.7.3 on arale)

Bug #1449239 reported by Olivier Tilloy on 2015-04-27

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Oxide	Fix Released	Critical	Chris Coulson	Oxide branch-1.8
	1.7	Fix Released	Critical	Chris Coulson	Oxide 1.7.4

Bug Description

I’m seeing this crash when closing an open tab in the browser (which deletes the webview):

#0 0xb5d0c084 in close () from /lib/arm-linux-gnueabihf/libc.so.6
#1 0xad0b9dfc in base::SharedMemory::Close (this=this@entry=0x91548c38) at ../../../../third_party/chromium/src/base/memory/shared_memory_posix.cc:359
#2 0xad0b9eb2 in base::SharedMemory::~SharedMemory (this=0x91548c38, __in_chrg=<optimized out>)
    at ../../../../third_party/chromium/src/base/memory/shared_memory_posix.cc:85
#3 0xad51a502 in operator() (this=0x9159d000, ptr=0x91548c38) at ../../../../third_party/chromium/src/base/memory/scoped_ptr.h:128
#4 reset (p=0x0, this=0x9159d000) at ../../../../third_party/chromium/src/base/memory/scoped_ptr.h:248
#5 reset (p=0x0, this=0x9159d000) at ../../../../third_party/chromium/src/base/memory/scoped_ptr.h:377
#6 gfx::GLImageSharedMemory::Destroy (this=0x9159cfd0, have_context=<optimized out>)
    at ../../../../third_party/chromium/src/ui/gl/gl_image_shared_memory.cc:81
#7 0xad6e8280 in gpu::gles2::ImageManager::RemoveImage (this=this@entry=0x91516438, service_id=service_id@entry=888)
    at ../../../../third_party/chromium/src/gpu/command_buffer/service/image_manager.cc:34
#8 0xad376e8e in content::GpuCommandBufferStub::OnDestroyImage (this=this@entry=0x91510e68, id=888)
    at ../../../../third_party/chromium/src/content/common/gpu/gpu_command_buffer_stub.cc:999
#9 0xad379400 in DispatchToMethodImpl<content::GpuCommandBufferStub, void (content::GpuCommandBufferStub::*)(int), int, 0u> (arg=...,
    method=<optimized out>, obj=0x91510e68) at ../../../../third_party/chromium/src/base/tuple.h:246
#10 DispatchToMethod<content::GpuCommandBufferStub, void (content::GpuCommandBufferStub::*)(int), int> (arg=..., method=
    (void (content::GpuCommandBufferStub::*)(content::GpuCommandBufferStub * const, int)) 0xad376e51 <content::GpuCommandBufferStub::OnDestroyImage(int)>, obj=0x91510e68) at ../../../../third_party/chromium/src/base/tuple.h:253
#11 Dispatch<content::GpuCommandBufferStub, content::GpuCommandBufferStub, void, void (content::GpuCommandBufferStub::*)(int)> (sender=0x91510e68,
    parameter=0x0, func=
    (void (content::GpuCommandBufferStub::*)(content::GpuCommandBufferStub * const, int)) 0xad376e51 <content::GpuCommandBufferStub::OnDestroyImage(int)>, obj=0x91510e68, msg=0x91581c28) at ../../../../third_party/chromium/src/content/common/gpu/gpu_messages.h:612
#12 content::GpuCommandBufferStub::OnMessageReceived (this=0x91510e68, message=...)
    at ../../../../third_party/chromium/src/content/common/gpu/gpu_command_buffer_stub.cc:280
#13 0xad38414c in content::MessageRouter::RouteMessage (this=this@entry=0x91f78a18, msg=...)
    at ../../../../third_party/chromium/src/content/common/message_router.cc:54
#14 0xad374a32 in content::GpuChannel::HandleMessage (this=0x91f789c0) at ../../../../third_party/chromium/src/content/common/gpu/gpu_channel.cc:709
#15 0xad0a4d16 in Run (this=0x9611ed10) at ../../../../third_party/chromium/src/base/callback.h:396
#16 base::debug::TaskAnnotator::RunTask (this=this@entry=0xa7a84ee0, queue_function=0xaee679a4 "MessageLoop::PostTask",
    run_function=0xaee679c8 "MessageLoop::RunTask", pending_task=...) at ../../../../third_party/chromium/src/base/debug/task_annotator.cc:63
#17 0xad0bc57c in base::MessageLoop::RunTask (this=this@entry=0xa7a84e28, pending_task=...)
    at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:445
---Type <return> to continue, or q <return> to quit---
#18 0xad0bc71e in base::MessageLoop::DeferOrRunPendingTask (this=this@entry=0xa7a84e28, pending_task=...)
    at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:454
#19 0xad0bc9e4 in base::MessageLoop::DoWork (this=0xa7a84e28) at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:566
#20 0xad0bce20 in base::MessagePumpDefault::Run (this=0xa7a85588, delegate=0xa7a84e28)
    at ../../../../third_party/chromium/src/base/message_loop/message_pump_default.cc:32
#21 0xad0c82d8 in base::RunLoop::Run (this=this@entry=0x9611ee08) at ../../../../third_party/chromium/src/base/run_loop.cc:55
#22 0xad0baff8 in base::MessageLoop::Run (this=<optimized out>) at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:303
#23 0xad0d92d8 in Run (message_loop=<optimized out>, this=0xab734730) at ../../../../third_party/chromium/src/base/threading/thread.cc:185
#24 base::Thread::ThreadMain (this=0xab734730) at ../../../../third_party/chromium/src/base/threading/thread.cc:239
#25 0xad0d6e5a in base::(anonymous namespace)::ThreadFunc (params=<optimized out>)
    at ../../../../third_party/chromium/src/base/threading/platform_thread_posix.cc:77
#26 0xb5c73490 in start_thread () from /lib/arm-linux-gnueabihf/libpthread.so.0
#27 0xb5d15c4c in ?? () from /lib/arm-linux-gnueabihf/libc.so.6

Related branches

lp:~oxide-developers/oxide/oxide.trunk

lp:oxide/1.7

Olivier Tilloy (osomon) on 2015-04-27

Changed in oxide:
importance:	Undecided → Critical

Revision history for this message

Olivier Tilloy (osomon) wrote on 2015-04-27:

Just reproduced the very same issue, but I’m getting a completely different stacktrace:

#0 0xb6ae4126 in QQmlData::setQueuedForDeletion(QObject*) () from /usr/lib/arm-linux-gnueabihf/libQt5Qml.so.5
#1 0xb6ae4154 in QQmlData::markAsDeleted(QObject*) () from /usr/lib/arm-linux-gnueabihf/libQt5Qml.so.5
#2 0xb6ae41f8 in QQmlData::markAsDeleted(QObject*) () from /usr/lib/arm-linux-gnueabihf/libQt5Qml.so.5
#3 0xb6ae41f8 in QQmlData::markAsDeleted(QObject*) () from /usr/lib/arm-linux-gnueabihf/libQt5Qml.so.5
#4 0xb6ae4c5e in QQmlPrivate::qdeclarativeelement_destructor(QObject*) () from /usr/lib/arm-linux-gnueabihf/libQt5Qml.so.5
#5 0xaf3ccaa0 in QQmlPrivate::QQmlElement<OxideQQuickWebView>::~QQmlElement() ()
from /usr/lib/arm-linux-gnueabihf/qt5/qml/com/canonical/Oxide/libqmloxideplugin.so
#6 0xaf3ccade in QQmlPrivate::QQmlElement<OxideQQuickWebView>::~QQmlElement() ()
from /usr/lib/arm-linux-gnueabihf/qt5/qml/com/canonical/Oxide/libqmloxideplugin.so
#7 0xb6de9726 in QObject::event(QEvent*) () from /usr/lib/arm-linux-gnueabihf/libQt5Core.so.5
#8 0xb6820848 in QQuickItem::event(QEvent*) () from /usr/lib/arm-linux-gnueabihf/libQt5Quick.so.5
#9 0xb63faef4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/arm-linux-gnueabihf/libQt5Widgets.so.5
#10 0xb63fede4 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/arm-linux-gnueabihf/libQt5Widgets.so.5
#11 0xb7583be0 in ?? ()

Revision history for this message

Olivier Tilloy (osomon) wrote on 2015-04-27:

Download full text (3.3 KiB)

And here’s another stacktrace for a crash that happened when creating a new tab:

#0 push_back (__x=<optimized out>, this=<optimized out>) at /usr/include/c++/4.9/bits/stl_vector.h:915
#1 oxide::WebFrame::AddChild (this=0x0, child=0xb83f66c8) at ../../../../shared/browser/oxide_web_frame.cc:92
#2 0xad28a66e in content::WebContentsImpl::RenderFrameCreated (this=0xb876aec0, render_frame_host=0xb843a510)
    at ../../../../third_party/chromium/src/content/browser/web_contents/web_contents_impl.cc:3521
#3 0xad140376 in content::RenderFrameHostImpl::SetRenderFrameCreated (this=0xb843a510, created=created@entry=true)
    at ../../../../third_party/chromium/src/content/browser/frame_host/render_frame_host_impl.cc:625
#4 0xad217f1c in content::RenderViewHostImpl::CreateRenderView (this=0xb841b600, frame_name=..., opener_route_id=<optimized out>,
    proxy_route_id=<optimized out>, max_page_id=-1, window_was_created_with_opener=false)
    at ../../../../third_party/chromium/src/content/browser/renderer_host/render_view_host_impl.cc:311
#5 0xad28eaca in content::WebContentsImpl::CreateRenderViewForRenderManager (this=0xb876aec0, render_view_host=0xb841b600, opener_route_id=-2,
    proxy_routing_id=-2, for_main_frame_navigation=true) at ../../../../third_party/chromium/src/content/browser/web_contents/web_contents_impl.cc:4331
#6 0xad146df2 in content::RenderFrameHostManager::InitRenderView (this=0xb83515a0, render_view_host=<optimized out>, opener_route_id=-2,
    proxy_routing_id=-2, for_main_frame_navigation=true)
    at ../../../../third_party/chromium/src/content/browser/frame_host/render_frame_host_manager.cc:1571
#7 0xad1495fc in content::RenderFrameHostManager::Navigate (this=this@entry=0xb83515a0, entry=...)
    at ../../../../third_party/chromium/src/content/browser/frame_host/render_frame_host_manager.cc:229
#8 0xad13e06c in content::NavigatorImpl::NavigateToEntry (this=0xb8862ed0, frame_tree_node=0xb8351598, entry=..., reload_type=<optimized out>)
    at ../../../../third_party/chromium/src/content/browser/frame_host/navigator_impl.cc:288
#9 0xad1361ee in content::NavigationControllerImpl::NavigateToPendingEntry (this=this@entry=0xb876af08,
    reload_type=reload_type@entry=content::NavigationController::NO_RELOAD)
    at ../../../../third_party/chromium/src/content/browser/frame_host/navigation_controller_impl.cc:1679
#10 0xad1373c4 in LoadEntry (entry=0xb8348330, this=0xb876af08)
    at ../../../../third_party/chromium/src/content/browser/frame_host/navigation_controller_impl.cc:425
#11 content::NavigationControllerImpl::LoadURLWithParams (this=0xb876af08, params=...)
    at ../../../../third_party/chromium/src/content/browser/frame_host/navigation_controller_impl.cc:774
#12 0xad033b34 in oxide::WebView::SetURL (this=this@entry=0xb875b618, url=...) at ../../../../shared/browser/oxide_web_view.cc:1408
#13 0xad011f22 in oxide::qt::WebView::setUrl (this=0xb875b610, url=...) at ../../../../qt/core/browser/oxide_qt_web_view.cc:1034
#14 0xacdc16ae in OxideQQuickWebView::setUrl(QUrl const&) () from /usr/lib/arm-linux-gnueabihf/libOxideQtQuick.so.0
#15 0xacdc3db8 in OxideQQuickWebView::qt_metacall(QMetaObject::Call, int, void**) () f...

And here’s another stacktrace for a crash that happened when creating a new tab:

#0  push_back (__x=<optimized out>, this=<optimized out>) at /usr/include/c++/4.9/bits/stl_vector.h:915
#1  oxide::WebFrame::AddChild (this=0x0, child=0xb83f66c8) at ../../../../shared/browser/oxide_web_frame.cc:92
#2  0xad28a66e in content::WebContentsImpl::RenderFrameCreated (this=0xb876aec0, render_frame_host=0xb843a510)
    at ../../../../third_party/chromium/src/content/browser/web_contents/web_contents_impl.cc:3521
#3  0xad140376 in content::RenderFrameHostImpl::SetRenderFrameCreated (this=0xb843a510, created=created@entry=true)
    at ../../../../third_party/chromium/src/content/browser/frame_host/render_frame_host_impl.cc:625
#4  0xad217f1c in content::RenderViewHostImpl::CreateRenderView (this=0xb841b600, frame_name=..., opener_route_id=<optimized out>, 
    proxy_route_id=<optimized out>, max_page_id=-1, window_was_created_with_opener=false)
    at ../../../../third_party/chromium/src/content/browser/renderer_host/render_view_host_impl.cc:311
#5  0xad28eaca in content::WebContentsImpl::CreateRenderViewForRenderManager (this=0xb876aec0, render_view_host=0xb841b600, opener_route_id=-2, 
    proxy_routing_id=-2, for_main_frame_navigation=true) at ../../../../third_party/chromium/src/content/browser/web_contents/web_contents_impl.cc:4331
#6  0xad146df2 in content::RenderFrameHostManager::InitRenderView (this=0xb83515a0, render_view_host=<optimized out>, opener_route_id=-2, 
    proxy_routing_id=-2, for_main_frame_navigation=true)
    at ../../../../third_party/chromium/src/content/browser/frame_host/render_frame_host_manager.cc:1571
#7  0xad1495fc in content::RenderFrameHostManager::Navigate (this=this@entry=0xb83515a0, entry=...)
    at ../../../../third_party/chromium/src/content/browser/frame_host/render_frame_host_manager.cc:229
#8  0xad13e06c in content::NavigatorImpl::NavigateToEntry (this=0xb8862ed0, frame_tree_node=0xb8351598, entry=..., reload_type=<optimized out>)
    at ../../../../third_party/chromium/src/content/browser/frame_host/navigator_impl.cc:288
#9  0xad1361ee in content::NavigationControllerImpl::NavigateToPendingEntry (this=this@entry=0xb876af08, 
    reload_type=reload_type@entry=content::NavigationController::NO_RELOAD)
    at ../../../../third_party/chromium/src/content/browser/frame_host/navigation_controller_impl.cc:1679
#10 0xad1373c4 in LoadEntry (entry=0xb8348330, this=0xb876af08)
    at ../../../../third_party/chromium/src/content/browser/frame_host/navigation_controller_impl.cc:425
#11 content::NavigationControllerImpl::LoadURLWithParams (this=0xb876af08, params=...)
    at ../../../../third_party/chromium/src/content/browser/frame_host/navigation_controller_impl.cc:774
#12 0xad033b34 in oxide::WebView::SetURL (this=this@entry=0xb875b618, url=...) at ../../../../shared/browser/oxide_web_view.cc:1408
#13 0xad011f22 in oxide::qt::WebView::setUrl (this=0xb875b610, url=...) at ../../../../qt/core/browser/oxide_qt_web_view.cc:1034
#14 0xacdc16ae in OxideQQuickWebView::setUrl(QUrl const&) () from /usr/lib/arm-linux-gnueabihf/libOxideQtQuick.so.0
#15 0xacdc3db8 in OxideQQuickWebView::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/arm-linux-gnueabihf/libOxideQtQuick.so.0
#16 0xb6a2bfb8 in QQmlVMEMetaObject::metaCall(QMetaObject::Call, int, void**) () from /usr/lib/arm-linux-gnueabihf/libQt5Qml.so.5
#17 0xbecf6910 in ?? ()

Revision history for this message

Olivier Tilloy (osomon) wrote on 2015-04-27:

I don’t seem to be able to reproduce those crashes on krillin with oxide 1.7.3.

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2015-04-28:

I suspect these traces are all symptoms of a memory corruption earlier on. We hit this DCHECK when switching tabs:

http://bazaar.launchpad.net/~oxide-developers/oxide/oxide.trunk/view/head:/shared/browser/compositor/oxide_mailbox_buffer_map.cc#L211

Which means in release mode, the following code writes over memory we don't own. I'm not sure yet why this happens, but it would explain why this only happens on arale (that's the only place this code runs)

Chris Coulson (chrisccoulson) on 2015-04-28

Changed in oxide:
assignee:	nobody → Chris Coulson (chrisccoulson)
status:	New → In Progress
milestone:	none → branch-1.8

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2015-04-28:

http://bazaar.launchpad.net/~oxide-developers/oxide/oxide.trunk/revision/1056 should fix this

Changed in oxide:
status:	In Progress → Fix Released

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2015-04-28:

And it seems to do the job here, at least on trunk

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2015-04-28:

Note, the link in comment 4 obviously points to the wrong code now that I've modified it. For context, it was http://bazaar.launchpad.net/~oxide-developers/oxide/oxide.trunk/view/1055/shared/browser/compositor/oxide_mailbox_buffer_map.cc#L211

Revision history for this message

Víctor R. Ruiz (vrruiz) wrote on 2015-04-29:

_usr_bin_webbrowser-app.32011.crash Edit (25.0 MiB, text/plain)

With silo 26 installed, and oxide 1.7.4. Doing this, the webbrowser-app crashes:

Test case.
- Open webbrowser-app.
- Go to the following sites: www.iac.es, www.slashdot.org, www.elpais.com

Expected result.
- Sites are displayed correctly.

Actual result.
- Webbrowser crashes.

Revision history for this message

Olivier Tilloy (osomon) wrote on 2015-04-29:

Download full text (6.2 KiB)

This is the stacktrace extracted from Víctor’s crash file:

This is the stacktrace extracted from Víctor’s crash file:

#0  size (this=0x14, this=0x14) at /usr/include/c++/4.9/bits/stl_vector.h:655
#1  GetChildCount (this=0x0) at ../../../../shared/browser/oxide_web_frame.cc:182
#2  oxide::WebFrame::WillDestroy (this=this@entry=0x0) at ../../../../shared/browser/oxide_web_frame.cc:52
#3  0xad1aa7a4 in oxide::WebFrame::Destroy (frame=0x0) at ../../../../shared/browser/oxide_web_frame.cc:157
#4  0xad404114 in content::WebContentsImpl::OnFrameRemoved (this=<optimized out>, render_frame_host=0xb791c3d8)
    at ../../../../third_party/chromium/src/content/browser/web_contents/web_contents_impl.cc:4504
#5  0xad2ad954 in Run (args#0=@0xbeeeeedc: 0xb791c3d8, this=<optimized out>)
    at ../../../../third_party/chromium/src/base/callback.h:396
#6  content::FrameTree::FrameRemoved (this=<optimized out>, frame=frame@entry=0xb7a11218)
    at ../../../../third_party/chromium/src/content/browser/frame_host/frame_tree.cc:347
#7  0xad2ae5b2 in content::FrameTreeNode::~FrameTreeNode (this=this@entry=0xb7a11218, __in_chrg=<optimized out>)
    at ../../../../third_party/chromium/src/content/browser/frame_host/frame_tree_node.cc:71
#8  0xad2ae84a in STLDeleteContainerPointers<__gnu_cxx::__normal_iterator<content::FrameTreeNode**, std::vector<content::FrameTreeNode*, std::allocator<content::FrameTreeNode*> > > > (end=..., begin=)
    at ../../../../third_party/chromium/src/base/stl_util.h:44
#9  STLDeleteElements<std::vector<content::FrameTreeNode*, std::allocator<content::FrameTreeNode*> > > (
    container=container@entry=0xb78fd5a4) at ../../../../third_party/chromium/src/base/stl_util.h:148
#10 0xad2ae66a in clear (this=0xb78fd5a4) at ../../../../third_party/chromium/src/base/memory/scoped_vector.h:99
#11 ~ScopedVector (this=0xb78fd5a4, __in_chrg=<optimized out>)
    at ../../../../third_party/chromium/src/base/memory/scoped_vector.h:38
#12 content::FrameTreeNode::~FrameTreeNode (this=this@entry=0xb78fd510, __in_chrg=<optimized out>)
    at ../../../../third_party/chromium/src/content/browser/frame_host/frame_tree_node.cc:70
#13 0xad2ae84a in STLDeleteContainerPointers<__gnu_cxx::__normal_iterator<content::FrameTreeNode**, std::vector<content::FrameTreeNode*, std::allocator<content::FrameTreeNode*> > > > (end=..., begin=)
    at ../../../../third_party/chromium/src/base/stl_util.h:44
#14 STLDeleteElements<std::vector<content::FrameTreeNode*, std::allocator<content::FrameTreeNode*> > > (
    container=container@entry=0xbeeef078) at ../../../../third_party/chromium/src/base/stl_util.h:148
#15 0xad2ae8d6 in clear (this=0xbeeef078) at ../../../../third_party/chromium/src/base/memory/scoped_vector.h:99
#16 content::FrameTreeNode::ResetForNewProcess (this=<optimized out>)
    at ../../../../third_party/chromium/src/content/browser/frame_host/frame_tree_node.cc:134
#17 0xad2ad0d2 in content::FrameTree::ResetForMainFrameSwap (this=0xb795d898)
    at ../../../../third_party/chromium/src/content/browser/frame_host/frame_tree.cc:217
#18 0xad3905ae in content::RenderViewHostImpl::AttachToFrameTree (this=<optimized out>)
    at ../../../../third_party/chromium/src/content/browser/renderer_host/render_view_host_impl.cc:1386
---Type <return> to continue, or q <return> to quit---
#19 0xad2c1434 in content::RenderFrameHostManager::CommitPending (this=0xb795e0c8)
    at ../../../../third_party/chromium/src/content/browser/frame_host/render_frame_host_manager.cc:1685
#20 0xad2c15c4 in content::RenderFrameHostManager::DidNavigateFrame (this=0xb795e0c8, 
    render_frame_host=<optimized out>, was_caused_by_user_gesture=<optimized out>)
    at ../../../../third_party/chromium/src/content/browser/frame_host/render_frame_host_manager.cc:448
#21 0xad2b67bc in content::NavigatorImpl::DidNavigate (this=0xb795d2e8, render_frame_host=0xb76127d0, input_params=...)
    at ../../../../third_party/chromium/src/content/browser/frame_host/navigator_impl.cc:404
#22 0xad2ba67c in content::RenderFrameHostImpl::OnDidCommitProvisionalLoad (this=this@entry=0xb76127d0, msg=...)
    at ../../../../third_party/chromium/src/content/browser/frame_host/render_frame_host_impl.cc:839
#23 0xad2bef8c in content::RenderFrameHostImpl::OnMessageReceived (this=0xb76127d0, msg=...)
    at ../../../../third_party/chromium/src/content/browser/frame_host/render_frame_host_impl.cc:348
#24 0xad38a3f0 in content::RenderProcessHostImpl::OnMessageReceived (this=0xb77d4750, msg=...)
    at ../../../../third_party/chromium/src/content/browser/renderer_host/render_process_host_impl.cc:1543
#25 0xad9d72fe in IPC::ChannelProxy::Context::OnDispatchMessage (this=0xb7a64b80, message=...)
    at ../../../../third_party/chromium/src/ipc/ipc_channel_proxy.cc:282
#26 0xad1c7f9e in Run (this=0xbeeefde0) at ../../../../third_party/chromium/src/base/callback.h:396
#27 base::debug::TaskAnnotator::RunTask (this=this@entry=0xb734ee68, 
    queue_function=0xaef8f3a4 "MessageLoop::PostTask", run_function=0xaef8f3c8 "MessageLoop::RunTask", 
    pending_task=...) at ../../../../third_party/chromium/src/base/debug/task_annotator.cc:63
#28 0xad1df804 in base::MessageLoop::RunTask (this=this@entry=0xb734edb0, pending_task=...)
    at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:445
#29 0xad1df9a6 in base::MessageLoop::DeferOrRunPendingTask (this=this@entry=0xb734edb0, pending_task=...)
    at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:454
#30 0xad1dfc6c in base::MessageLoop::DoWork (this=0xb734edb0)
    at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:566
#31 0xad1818b0 in oxide::qt::MessagePump::customEvent (this=0xb78fcd00, event=<optimized out>)
    at ../../../../qt/core/browser/oxide_qt_message_pump.cc:60
#32 0xb6d866da in QObject::event(QEvent*) () from /usr/lib/arm-linux-gnueabihf/libQt5Core.so.5
#33 0xb6397ef4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) ()
   from /usr/lib/arm-linux-gnueabihf/libQt5Widgets.so.5
#34 0xb639bde4 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/arm-linux-gnueabihf/libQt5Widgets.so.5

I can’t reproduce it myself with the steps listed above, and I would venture this is a different issue than the one being addressed here, so  I don’t think this should prevent publication of oxide 1.7.4. Of course we need to look closely at this new crash and fix it.

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2015-04-29:

#10

Yeah, that's definitely a separate issue (and likely not a new one either - this code hasn't changed since January)

Revision history for this message

Olivier Tilloy (osomon) wrote on 2015-04-29:

#11

That separate issue was filed as bug #1450021.