oxide 1.18.3 crashes when running webbrowser-app tests

Bug #1639185 reported by Olivier Tilloy on 2016-11-04
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Oxide
Undecided
Unassigned
1.18
Critical
Unassigned

Bug Description

After upgrading oxide-qt from 1.17.9 to 1.18.3 I’ve started observing consistent crashes when running both autopilot and unit tests for webbrowser-app.

Steps to reproduce, on a system running xenial+overlay:
  $ bzr branch lp:webbrowser-app
  $ cd webbrowser-app
  $ cmake . && make
  $ ./tests/unittests/qml/tst_QmlTests -input tests/unittests/qml/tst_UbuntuWebView02.qml -import src

Here is a stacktrace I get:

#0 0x00007ffff6ffa84a in QV4::Value::as<QV4::Object> (this=0x7fffd8965e40) at jsruntime/qv4managed_p.h:192
#1 QV4::RuntimeHelpers::toPrimitive (typeHint=0, value=...) at jsruntime/qv4runtime_p.h:266
#2 QV4::RuntimeHelpers::addHelper (engine=0x7dd970, left=..., right=...) at jsruntime/qv4runtime.cpp:516
#3 0x00007fffe001f964 in ?? ()
#4 0x00007fffc82101c8 in ?? ()
#5 0x00007ffff7082c45 in QQmlPropertyCapture::registerQmlDependencies (engine=0x7dd970, compiledFunction=<optimized out>) at qml/qqmljavascriptexpression.cpp:328
#6 0x00007ffff6fa0b3b in QV4::SimpleScriptFunction::call (that=<optimized out>, callData=0x7fffd8965d08) at jsruntime/qv4functionobject.cpp:577
#7 0x00007ffff70817d4 in QV4::Object::call (d=0x7fffd8965dc8, this=0x7fffe800de58)
    at ../../include/QtQml/5.6.1/QtQml/private/../../../../../src/qml/jsruntime/qv4object_p.h:324
#8 QQmlJavaScriptExpression::evaluate (this=this@entry=0x1f283c0, callData=callData@entry=0x7fffd8965dc8, isUndefined=isUndefined@entry=0x7fffffff2a2c)
    at qml/qqmljavascriptexpression.cpp:189
#9 0x00007ffff7081c71 in QQmlJavaScriptExpression::evaluate (this=this@entry=0x1f283c0, isUndefined=isUndefined@entry=0x7fffffff2a2c)
    at qml/qqmljavascriptexpression.cpp:149
#10 0x00007ffff708952e in QQmlBinding::update (this=0x1f283c0, flags=...) at qml/qqmlbinding.cpp:187
#11 0x00007ffff7089a3e in QQmlBinding::refresh (this=<optimized out>) at qml/qqmlbinding.cpp:403
#12 0x00007ffff7060b7e in QQmlNotifier::emitNotify (endpoint=<optimized out>, a=a@entry=0x0) at qml/qqmlnotifier.cpp:94
#13 0x00007ffff700c55c in QQmlData::signalEmitted (object=0x1f27e70, index=52, a=0x0) at qml/qqmlengine.cpp:773
#14 0x00007ffff6a3d2c0 in QMetaObject::activate (sender=0x1f27e70, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=argv@entry=0x0)
    at kernel/qobject.cpp:3616
#15 0x00007ffff7006d25 in QQmlVMEMetaObject::activate (this=this@entry=0x1f28150, object=<optimized out>, index=<optimized out>, args=args@entry=0x0)
    at qml/qqmlvmemetaobject.cpp:1196
#16 0x00007ffff7008229 in QQmlVMEMetaObject::metaCall (this=0x1f28150, o=<optimized out>, c=<optimized out>, _id=<optimized out>, a=<optimized out>)
    at qml/qqmlvmemetaobject.cpp:748
#17 0x00007ffff708f631 in QV4::QQmlValueTypeWrapper::write (this=this@entry=0x7fffd8965db8, target=0x1f27e70, propertyIndex=64) at qml/qqmlvaluetypewrapper.cpp:299
#18 0x00007ffff70888ac in QQmlBinding::write (this=this@entry=0x1f28580, core=..., result=..., isUndefined=<optimized out>, flags=...) at qml/qqmlbinding.cpp:259
#19 0x00007ffff70895ea in QQmlBinding::update (this=0x1f28580, flags=...) at qml/qqmlbinding.cpp:191
#20 0x00007ffff7089a3e in QQmlBinding::refresh (this=<optimized out>) at qml/qqmlbinding.cpp:403
#21 0x00007ffff7060b7e in QQmlNotifier::emitNotify (endpoint=<optimized out>, a=a@entry=0x0) at qml/qqmlnotifier.cpp:94
#22 0x00007ffff700c55c in QQmlData::signalEmitted (object=0xacbf40, index=5, a=0x0) at qml/qqmlengine.cpp:773
#23 0x00007ffff6a3d2c0 in QMetaObject::activate (sender=0xacbf40, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3616
#24 0x00007fffd8126af5 in OxideQQuickTouchSelectionController::boundsChanged() () from /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0
#25 0x00007fffd8100384 in OxideQQuickTouchSelectionController::onTouchSelectionChanged(OxideQQuickTouchSelectionController::Status, QRectF const&, bool, bool) ()
   from /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0
#26 0x00007fffd811b373 in oxide::qquick::ContentsView::TouchSelectionChanged(oxide::qt::TouchSelectionControllerActiveStatus, QRectF const&, bool, bool) ()
   from /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0
#27 0x00007fffbeb40a1a in oxide::qt::ContentsView::TouchSelectionChanged () at ../../oxide/qt/core/browser/oxide_qt_contents_view.cc:563
#28 0x00007fffc0f45696 in oxide::WebContentsView::TouchSelectionChanged () at ../../oxide/shared/browser/oxide_web_contents_view.cc:717
#29 0x00007fffc0f50777 in oxide::WebView::CommonInit () at ../../oxide/shared/browser/oxide_web_view.cc:235
#30 0x00007fffc0f5098c in oxide::WebView::WebView () at ../../oxide/shared/browser/oxide_web_view.cc:1012
#31 0x00007fffbeb5f47b in oxide::qt::WebView::WebView () at ../../oxide/qt/core/browser/oxide_qt_web_view.cc:1162
#32 0x00007fffbeb61c26 in oxide::qt::WebViewProxy::create () at ../../oxide/qt/core/glue/oxide_qt_web_view_proxy.cc:48
#33 0x00007fffd8110373 in OxideQQuickWebViewPrivate::completeConstruction() () from /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0
#34 0x00007fffd81117da in OxideQQuickWebView::componentComplete() () from /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0
#35 0x00007ffff7092ee2 in QQmlObjectCreator::finalize (this=0x263b6d0, interrupt=...) at qml/qqmlobjectcreator.cpp:1206
#36 0x00007ffff701f2be in QQmlComponentPrivate::complete (enginePriv=0x7dc760, state=0x9b06d0) at qml/qqmlcomponent.cpp:919
#37 0x00007ffff701f387 in QQmlComponentPrivate::completeCreate (this=0x9b0630) at qml/qqmlcomponent.cpp:955
#38 0x00007ffff7020aa2 in QQmlComponent::createObject (this=<optimized out>, args=0x7fffffff6f30) at qml/qqmlcomponent.cpp:1281
#39 0x00007ffff70e46ec in QQmlComponent::qt_static_metacall (_o=_o@entry=0x99db70, _c=_c@entry=QMetaObject::InvokeMetaMethod, _id=_id@entry=6, _a=_a@entry=0x7fffffff6f60)
    at .moc/moc_qqmlcomponent.cpp:147
#40 0x00007ffff70e48b0 in QQmlComponent::qt_metacall (this=0x99db70, _c=QMetaObject::InvokeMetaMethod, _id=6, _a=0x7fffffff6f60) at .moc/moc_qqmlcomponent.cpp:212
#41 0x00007ffff70579e9 in QQmlObjectOrGadget::metacall (this=this@entry=0x7fffffff6e90, type=type@entry=QMetaObject::InvokeMetaMethod, index=11,
    argv=argv@entry=0x7fffffff6f60) at qml/qqmlpropertycache.cpp:1557
#42 0x00007ffff6fe7e91 in QV4::QObjectMethod::callInternal (this=<optimized out>, callData=<optimized out>) at jsruntime/qv4qobjectwrapper.cpp:1852
#43 0x00007ffff6ffdfea in QV4::Object::call (d=0x7fffd8965d38, this=<optimized out>) at jsruntime/qv4object_p.h:324
#44 QV4::Runtime::callProperty (engine=0x7dd970, nameIndex=<optimized out>, callData=0x7fffd8965d38) at jsruntime/qv4runtime.cpp:1002
#45 0x00007fffe0001dda in ?? ()
#46 0x00000000007dd970 in ?? ()
#47 0x00007fffc81f5748 in ?? ()
#48 0x000000000099b070 in ?? ()
#49 0x00000000ffffffff in ?? ()
#50 0x00000000007d5a30 in ?? ()
#51 0x00007ffff6fe87fe in ReadAccessor::Direct (property=..., n=<optimized out>, output=0x7fffffff70f0, object=0x7dd970) at jsruntime/qv4qobjectwrapper.cpp:129
#52 LoadProperty<ReadAccessor::Direct> (v4=0x7fffffff70d0, object=0x7dd970, property=..., notifier=<optimized out>) at jsruntime/qv4qobjectwrapper.cpp:168
#53 0x86dfb7b5117c2700 in ?? ()
#54 0x000000000099aa40 in ?? ()
#55 0x00000000007dd970 in ?? ()
#56 0x00007fffd8965ce8 in ?? ()
#57 0x00007fffd8965ca8 in ?? ()
#58 0x00007fffd8965ce8 in ?? ()
#59 0x00007fffd8965c80 in ?? ()
#60 0x00007fffd8965378 in ?? ()
#61 0x00007ffff6ffe3f0 in QV4::Object::call (d=0x7fffe01202d0, this=<optimized out>) at jsruntime/qv4object_p.h:324
#62 QV4::Runtime::callElement (engine=0x7fffc80737e0, index=..., callData=0x7fffe01202d0) at jsruntime/qv4runtime.cpp:1030
#63 0x00007fffe000a12e in ?? ()
#64 0x00000000009c3270 in ?? ()
#65 0x00000000007dd970 in ?? ()
#66 0x00007fffd8965bb8 in ?? ()
#67 0x00007fffd8965b60 in ?? ()
#68 0x00007fffd8965b28 in ?? ()
#69 0x00007fffd8965bb0 in ?? ()
#70 0x00007fffd8965378 in ?? ()
#71 0x00007fffd8965378 in ?? ()
#72 0x0000000000000000 in ?? ()

Olivier Tilloy (osomon) wrote :

I’m not seeing the crash with a local build of oxide master, so it seems to be specific to 1.18.

Olivier Tilloy (osomon) on 2016-11-04
description: updated
Olivier Tilloy (osomon) wrote :

Here is what I’m seeing with a local debug build of oxide 1.18:

(gdb) frame 25
#25 0x00007fffd80f847a in OxideQQuickTouchSelectionController::onTouchSelectionChanged (this=0x264fcb0, status=OxideQQuickTouchSelectionController::StatusInactive, bounds=...,
    handle_drag_in_progress=false, insertion_handle_tapped=false) at /build/oxide/releases/1.18/src/oxide/qt/quick/api/oxideqquicktouchselectioncontroller.cc:125
125 Q_EMIT boundsChanged();
(gdb) print bounds
$1 = (const QRectF &) @0x7fffffff5a00: {xp = 0, yp = -nan(0xfffffe0000000), w = 0, h = 0}

Olivier Tilloy (osomon) wrote :

WebView::GetLocationBarContentOffset() returns -nan.

I’m not sure where the root cause of the issue lies (cc::CompositorFrameMetadata::top_controls_height and cc::CompositorFrameMetadata::top_controls_shown_ratio having non-number values), this would require further investigation to determine. The following patch works around the issue:

  float WebView::GetLocationBarContentOffset() const {
    float offset = compositor_frame_metadata().top_controls_height *
                   compositor_frame_metadata().top_controls_shown_ratio;
    if (std::isnan(offset)) {
      return 0.f;
    }
    return offset;
  }

Note that the code for the location bar controller has been significantly reworked in oxide since then, so it’s hard to tell whether the issue (which doesn’t exhibit in master) has been fixed in oxide itself or whether it was a bug in chromium that has been fixed since then.

Changed in oxide:
status: New → Won't Fix
status: Won't Fix → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers