Alt+F4 crashes app where WebView embedded in a Window

Bug #1435465 reported by Atbeyi
26
This bug affects 4 people
Affects Status Importance Assigned to Milestone
qtbase-opensource-src (Ubuntu)
Fix Released
Critical
Unassigned

Bug Description

was just watching something on Youtube Web App created by unity itself. when i pressed alt-f4 Ubuntu said it had an error and if i want to submit it.

that is all folks.

ProblemType: Crash
DistroRelease: Ubuntu 15.04
Package: webapp-container 0.23+15.04.20150320.2-0ubuntu1
ProcVersionSignature: Ubuntu 3.19.0-9.9-generic 3.19.1
Uname: Linux 3.19.0-9-generic x86_64
ApportVersion: 2.16.2-0ubuntu4
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Mar 23 19:56:16 2015
Disassembly: => 0x0: Cannot access memory at address 0x0
ExecutablePath: /usr/bin/webapp-container
InstallationDate: Installed on 2015-03-22 (0 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Alpha amd64 (20150306)
ProcCmdline: webapp-container --app-id=YouTubeyoutubecom --webapp=WW91VHViZQ== --enable-back-forward
SegvAnalysis:
 Segfault happened at: 0x0: Cannot access memory at address 0x0
 PC (0x00000000) not located in a known VMA region (needed executable region)!
SegvReason: executing NULL VMA
Signal: 11
SourcePackage: webbrowser-app
StacktraceTop:
 ?? ()
 ?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/platforminputcontexts/libibusplatforminputcontextplugin.so
 QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
 ?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/platforminputcontexts/libibusplatforminputcontextplugin.so
 ?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/platforminputcontexts/libibusplatforminputcontextplugin.so
Title: webapp-container crashed with SIGSEGV in QMetaObject::activate()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

Revision history for this message
Atbeyi (atbeyi) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 ?? ()
 QIBusPlatformInputContext::updatePreeditText (this=0x7fbde0762090, text=..., cursorPos=0, visible=<optimized out>) at qibusplatforminputcontext.cpp:232
 QMetaObject::activate (sender=0x7fbde0781400, signalOffset=<optimized out>, local_signal_index=local_signal_index@entry=19, argv=argv@entry=0x7ffc1f1f1ce0) at kernel/qobject.cpp:3716
 QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7fbdd008cd00 <QIBusInputContextProxy::staticMetaObject>, local_signal_index=local_signal_index@entry=19, argv=argv@entry=0x7ffc1f1f1ce0) at kernel/qobject.cpp:3582
 QIBusInputContextProxy::UpdatePreeditText (this=<optimized out>, _t1=..., _t2=0, _t3=false) at .moc/moc_qibusinputcontextproxy.cpp:613

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in webbrowser-app (Ubuntu):
importance: Undecided → Medium
summary: - webapp-container crashed with SIGSEGV in QMetaObject::activate()
+ webapp-container crashed with SIGSEGV in
+ QIBusPlatformInputContext::updatePreeditText()
tags: removed: need-amd64-retrace
Revision history for this message
Launchpad Janitor (janitor) wrote : Re: webapp-container crashed with SIGSEGV in QIBusPlatformInputContext::updatePreeditText()

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in webbrowser-app (Ubuntu):
status: New → Confirmed
Revision history for this message
Olivier Tilloy (osomon) wrote : Re: Alt+F4 crashes app

I can reliably reproduce the crash on my desktop running xenial. It affects both webbrowser-app and webapp-container. I’m getting a similar backtrace when pressing Alt+F4 while browsing youtube.com.
I’m getting a different backtrace when browsing other sites:

(gdb) bt
#0 0x00007ffff6500dc2 in typeinfo name for QSocketNotifierPrivate () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
Backtrace stopped: Cannot access memory at address 0x0

In all cases, Alt+F4 crashes the app.

summary: - webapp-container crashed with SIGSEGV in
- QIBusPlatformInputContext::updatePreeditText()
+ Alt+F4 crashes app
Changed in webbrowser-app (Ubuntu):
importance: Medium → High
Revision history for this message
Olivier Tilloy (osomon) wrote :

Could be related to bug #1448079.

Olivier Tilloy (osomon)
information type: Private → Public
Olivier Tilloy (osomon)
Changed in webbrowser-app (Ubuntu):
assignee: nobody → Andrew Hayzen (ahayzen)
Revision history for this message
Olivier Tilloy (osomon) wrote :

Crash is still happening even with the latest changes to the shutdown sequence in oxide trunk.

I’ve observed that closing a window by sending it a _NET_CLOSE_WINDOW message (using e.g. wmctrl -c) doesn’t trigger the crash, so it’s really only the Alt+F4 keyboard shortcut that causes the issue.

Revision history for this message
Olivier Tilloy (osomon) wrote :

I can reliably reproduce the crash with the following minimal QML scene (run in qmlscene):

import QtQuick 2.4
import QtQuick.Window 2.2
import com.canonical.Oxide 1.15
Window {
  width: 400
  height: 300
  WebView {
    anchors.fill: parent
    url: "http://example.org"
  }
}

summary: - Alt+F4 crashes app
+ Alt+F4 crashes app where WebView embedded in a Window
Revision history for this message
Olivier Tilloy (osomon) wrote :

The difference between having the root item of the scene being a plain Item or a Window is that I’m seeing the destructor for BrowserThreadQEventDispatcher being called (Item) or not (Window).

When the root item of the scene is not a Window, qmlscene wraps the scene in a QQuickView, which inherits from QQuickWindow.

Revision history for this message
Olivier Tilloy (osomon) wrote :

ShutdownChromium() is not being called when the root item of the scene is a QQuickWindow.

Revision history for this message
Olivier Tilloy (osomon) wrote :

When the app under test has multiple top-level windows (each embedding webviews), closing only one of them with Alt+F4 also results in a crash, although clearly in that case the application is not being torn down (and chromium is not being shut down).

In that case, the crash looks different (although I’m still not getting a proper backtrace):

Thread 1 "webbrowser-app" received signal SIGSEGV, Segmentation fault.
0x00007ffff6496d3f in qt_meta_data_QSingleShotTimer () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5

Revision history for this message
Chris Coulson (chrisccoulson) wrote :
Download full text (13.5 KiB)

Running it in valgrind gives a clue:

==19941== Invalid read of size 4
==19941== at 0x6604DA4: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.5.1)
==19941== by 0x1877174F: ???
==19941== by 0xFFFFFFFFFFFFFFFD: ???
==19941== by 0x2483D3FE: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x27C117AB: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x27C36ADC: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x27C3DDD3: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x27C3E1A8: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x24861F42: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x24861FF8: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x2414E312: QScopedPointerDeleter<oxide::qt::WebViewProxy>::cleanup(oxide::qt::WebViewProxy*) (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x2414D996: QScopedPointer<oxide::qt::WebViewProxy, QScopedPointerDeleter<oxide::qt::WebViewProxy> >::~QScopedPointer() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x241467FB: OxideQQuickWebViewPrivate::~OxideQQuickWebViewPrivate() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x24146847: OxideQQuickWebViewPrivate::~OxideQQuickWebViewPrivate() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x2414E4D6: QScopedPointerDeleter<OxideQQuickWebViewPrivate>::cleanup(OxideQQuickWebViewPrivate*) (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x2414DED6: QScopedPointer<OxideQQuickWebViewPrivate, QScopedPointerDeleter<OxideQQuickWebViewPrivate> >::~QScopedPointer() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x24147E1C: OxideQQuickWebView::~OxideQQuickWebView() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x240855BD: QQmlPrivate::QQmlElement<OxideQQuickWebView>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/qt5/qml/com/canonical/Oxide/libqmloxideplugin.so)
==19941== by 0x240855F3: QQmlPrivate::QQmlElement<OxideQQuickWebView>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/qt5/qml/com/canonical/Oxide/libqmloxideplugin.so)
==19941== by 0x64BE52A: QObjectPrivate::deleteChildren() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.5.1)
==19941== by 0x64C7D9F: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.5.1)
==19941== by 0x5DBD028: QWindow::~QWindow() (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.5.1)
==19941== by 0x4FD26E8: QQuickWindow::~QQuickWindow() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.5.1)
==19941== by 0x50AA74C: QQmlPrivate::QQmlElement<QQuickWindowQmlImpl>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.5.1)
==19941== by 0x405115: main (in /usr/lib/x86_64-linux-gnu/qt5/bin/qmlscene)
==19941== Address 0x151bcd9e is 18 bytes before a block of size 664 alloc'd
==19941== at 0x4C2E0EF: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19941== by 0x50A96E9: QQuickWindowQmlImpl::QQuickWindowQmlImpl(QWindow*) (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.5.1)
...

no longer affects: oxide
no longer affects: webbrowser-app (Ubuntu)
Revision history for this message
Olivier Tilloy (osomon) wrote :
Revision history for this message
Olivier Tilloy (osomon) wrote :

I can confirm that https://codereview.qt-project.org/#/c/108517/ fixes the crash.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in qtbase-opensource-src (Ubuntu):
status: New → Confirmed
Revision history for this message
Timo Jyrinki (timo-jyrinki) wrote :

The full story is that after the commit it was reverted in 5.6 https://codereview.qt-project.org/#/c/147886/ with a comment "It's too risky for 5.6, we should let it cook in dev for a while
and backport when ready.", but then also that revert got merged to dev so as far as I can see upstream does not have any fix for the bug :(

I asked in the bug report two days ago whether there's going to be some activity on it, and then in addition to dev it'd be nice to have some non-risky 5.6 variant of it.

Olivier Tilloy (osomon)
Changed in qtbase-opensource-src (Ubuntu):
importance: Undecided → Critical
Revision history for this message
Simon Quigley (tsimonq2) wrote :

Seems like this is fixed now.

Changed in qtbase-opensource-src (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.