Ubuntu
qtbase-opensource-src package

Alt+F4 crashes app where WebView embedded in a Window

Bug #1435465 reported by Atbeyi on 2015-03-23

This bug affects 4 people

Affects		Status	Importance	Assigned to	Milestone
	qtbase-opensource-src (Ubuntu)	Fix Released	Critical	Unassigned

Bug Description

was just watching something on Youtube Web App created by unity itself. when i pressed alt-f4 Ubuntu said it had an error and if i want to submit it.

that is all folks.

ProblemType: Crash
DistroRelease: Ubuntu 15.04
Package: webapp-container 0.23+15.04.20150320.2-0ubuntu1
ProcVersionSignature: Ubuntu 3.19.0-9.9-generic 3.19.1
Uname: Linux 3.19.0-9-generic x86_64
ApportVersion: 2.16.2-0ubuntu4
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Mar 23 19:56:16 2015
Disassembly: => 0x0: Cannot access memory at address 0x0
ExecutablePath: /usr/bin/webapp-container
InstallationDate: Installed on 2015-03-22 (0 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Alpha amd64 (20150306)
ProcCmdline: webapp-container --app-id=YouTubeyoutubecom --webapp=WW91VHViZQ== --enable-back-forward
SegvAnalysis:
Segfault happened at: 0x0: Cannot access memory at address 0x0
PC (0x00000000) not located in a known VMA region (needed executable region)!
SegvReason: executing NULL VMA
Signal: 11
SourcePackage: webbrowser-app
StacktraceTop:
?? ()
?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/platforminputcontexts/libibusplatforminputcontextplugin.so
QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/platforminputcontexts/libibusplatforminputcontextplugin.so
?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/platforminputcontexts/libibusplatforminputcontextplugin.so
Title: webapp-container crashed with SIGSEGV in QMetaObject::activate()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

Tags:

Revision history for this message

Atbeyi (atbeyi) wrote on 2015-03-23:

Dependencies.txt Edit (9.3 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (305 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (125.7 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (845 bytes, text/plain; charset="utf-8")
Registers.txt Edit (751 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (3.3 KiB, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (49.0 KiB, text/plain; charset="utf-8")

Revision history for this message

Apport retracing service (apport) wrote on 2015-03-26:

StacktraceTop:
?? ()
QIBusPlatformInputContext::updatePreeditText (this=0x7fbde0762090, text=..., cursorPos=0, visible=<optimized out>) at qibusplatforminputcontext.cpp:232
QMetaObject::activate (sender=0x7fbde0781400, signalOffset=<optimized out>, local_signal_index=local_signal_index@entry=19, argv=argv@entry=0x7ffc1f1f1ce0) at kernel/qobject.cpp:3716
QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7fbdd008cd00 <QIBusInputContextProxy::staticMetaObject>, local_signal_index=local_signal_index@entry=19, argv=argv@entry=0x7ffc1f1f1ce0) at kernel/qobject.cpp:3582
QIBusInputContextProxy::UpdatePreeditText (this=<optimized out>, _t1=..., _t2=0, _t3=false) at .moc/moc_qibusinputcontextproxy.cpp:613

Revision history for this message

Apport retracing service (apport) wrote on 2015-03-26: Stacktrace.txt

Stacktrace.txt Edit (16.6 KiB, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2015-03-26: StacktraceSource.txt

StacktraceSource.txt Edit (6.5 KiB, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2015-03-26: ThreadStacktrace.txt

ThreadStacktrace.txt Edit (116.0 KiB, text/plain)

Changed in webbrowser-app (Ubuntu):
importance:	Undecided → Medium
summary:	- webapp-container crashed with SIGSEGV in QMetaObject::activate() + webapp-container crashed with SIGSEGV in + QIBusPlatformInputContext::updatePreeditText()
tags:	removed: need-amd64-retrace

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-03-26: Re: webapp-container crashed with SIGSEGV in QIBusPlatformInputContext::updatePreeditText()

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in webbrowser-app (Ubuntu):
status:	New → Confirmed

Revision history for this message

Olivier Tilloy (osomon) wrote on 2016-06-02: Re: Alt+F4 crashes app

I can reliably reproduce the crash on my desktop running xenial. It affects both webbrowser-app and webapp-container. I’m getting a similar backtrace when pressing Alt+F4 while browsing youtube.com.
I’m getting a different backtrace when browsing other sites:

(gdb) bt
#0 0x00007ffff6500dc2 in typeinfo name for QSocketNotifierPrivate () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
Backtrace stopped: Cannot access memory at address 0x0

In all cases, Alt+F4 crashes the app.

summary:	- webapp-container crashed with SIGSEGV in - QIBusPlatformInputContext::updatePreeditText() + Alt+F4 crashes app
Changed in webbrowser-app (Ubuntu):
importance:	Medium → High

Revision history for this message

Olivier Tilloy (osomon) wrote on 2016-06-02:

Could be related to bug #1448079.

Olivier Tilloy (osomon) on 2016-09-14

information type:

Private → Public

Olivier Tilloy (osomon) on 2016-09-14

Changed in webbrowser-app (Ubuntu):
assignee:	nobody → Andrew Hayzen (ahayzen)

Revision history for this message

Olivier Tilloy (osomon) wrote on 2016-09-21:

Crash is still happening even with the latest changes to the shutdown sequence in oxide trunk.

I’ve observed that closing a window by sending it a _NET_CLOSE_WINDOW message (using e.g. wmctrl -c) doesn’t trigger the crash, so it’s really only the Alt+F4 keyboard shortcut that causes the issue.

Revision history for this message

Olivier Tilloy (osomon) wrote on 2016-09-21:

#10

I can reliably reproduce the crash with the following minimal QML scene (run in qmlscene):

import QtQuick 2.4
import QtQuick.Window 2.2
import com.canonical.Oxide 1.15
Window {
  width: 400
  height: 300
  WebView {
    anchors.fill: parent
    url: "http://example.org"
  }
}

summary:

- Alt+F4 crashes app
+ Alt+F4 crashes app where WebView embedded in a Window

Revision history for this message

Olivier Tilloy (osomon) wrote on 2016-09-30:

#11

The difference between having the root item of the scene being a plain Item or a Window is that I’m seeing the destructor for BrowserThreadQEventDispatcher being called (Item) or not (Window).

When the root item of the scene is not a Window, qmlscene wraps the scene in a QQuickView, which inherits from QQuickWindow.

Revision history for this message

Olivier Tilloy (osomon) wrote on 2016-09-30:

#12

ShutdownChromium() is not being called when the root item of the scene is a QQuickWindow.

Revision history for this message

Olivier Tilloy (osomon) wrote on 2016-09-30:

#13

When the app under test has multiple top-level windows (each embedding webviews), closing only one of them with Alt+F4 also results in a crash, although clearly in that case the application is not being torn down (and chromium is not being shut down).

In that case, the crash looks different (although I’m still not getting a proper backtrace):

Thread 1 "webbrowser-app" received signal SIGSEGV, Segmentation fault.
0x00007ffff6496d3f in qt_meta_data_QSingleShotTimer () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2016-09-30:

#14

Download full text (13.5 KiB)

Running it in valgrind gives a clue:

==19941== Invalid read of size 4
==19941== at 0x6604DA4: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.5.1)
==19941== by 0x1877174F: ???
==19941== by 0xFFFFFFFFFFFFFFFD: ???
==19941== by 0x2483D3FE: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x27C117AB: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x27C36ADC: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x27C3DDD3: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x27C3E1A8: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x24861F42: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x24861FF8: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x2414E312: QScopedPointerDeleter<oxide::qt::WebViewProxy>::cleanup(oxide::qt::WebViewProxy*) (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x2414D996: QScopedPointer<oxide::qt::WebViewProxy, QScopedPointerDeleter<oxide::qt::WebViewProxy> >::~QScopedPointer() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x241467FB: OxideQQuickWebViewPrivate::~OxideQQuickWebViewPrivate() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x24146847: OxideQQuickWebViewPrivate::~OxideQQuickWebViewPrivate() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x2414E4D6: QScopedPointerDeleter<OxideQQuickWebViewPrivate>::cleanup(OxideQQuickWebViewPrivate*) (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x2414DED6: QScopedPointer<OxideQQuickWebViewPrivate, QScopedPointerDeleter<OxideQQuickWebViewPrivate> >::~QScopedPointer() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x24147E1C: OxideQQuickWebView::~OxideQQuickWebView() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x240855BD: QQmlPrivate::QQmlElement<OxideQQuickWebView>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/qt5/qml/com/canonical/Oxide/libqmloxideplugin.so)
==19941== by 0x240855F3: QQmlPrivate::QQmlElement<OxideQQuickWebView>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/qt5/qml/com/canonical/Oxide/libqmloxideplugin.so)
==19941== by 0x64BE52A: QObjectPrivate::deleteChildren() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.5.1)
==19941== by 0x64C7D9F: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.5.1)
==19941== by 0x5DBD028: QWindow::~QWindow() (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.5.1)
==19941== by 0x4FD26E8: QQuickWindow::~QQuickWindow() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.5.1)
==19941== by 0x50AA74C: QQmlPrivate::QQmlElement<QQuickWindowQmlImpl>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.5.1)
==19941== by 0x405115: main (in /usr/lib/x86_64-linux-gnu/qt5/bin/qmlscene)
==19941== Address 0x151bcd9e is 18 bytes before a block of size 664 alloc'd
==19941== at 0x4C2E0EF: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19941== by 0x50A96E9: QQuickWindowQmlImpl::QQuickWindowQmlImpl(QWindow*) (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.5.1)
...

Running it in valgrind gives a clue:

==19941== Invalid read of size 4
==19941==    at 0x6604DA4: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.5.1)
==19941==    by 0x1877174F: ???
==19941==    by 0xFFFFFFFFFFFFFFFD: ???
==19941==    by 0x2483D3FE: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941==    by 0x27C117AB: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941==    by 0x27C36ADC: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941==    by 0x27C3DDD3: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941==    by 0x27C3E1A8: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941==    by 0x24861F42: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941==    by 0x24861FF8: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941==    by 0x2414E312: QScopedPointerDeleter<oxide::qt::WebViewProxy>::cleanup(oxide::qt::WebViewProxy*) (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941==    by 0x2414D996: QScopedPointer<oxide::qt::WebViewProxy, QScopedPointerDeleter<oxide::qt::WebViewProxy> >::~QScopedPointer() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941==    by 0x241467FB: OxideQQuickWebViewPrivate::~OxideQQuickWebViewPrivate() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941==    by 0x24146847: OxideQQuickWebViewPrivate::~OxideQQuickWebViewPrivate() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941==    by 0x2414E4D6: QScopedPointerDeleter<OxideQQuickWebViewPrivate>::cleanup(OxideQQuickWebViewPrivate*) (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941==    by 0x2414DED6: QScopedPointer<OxideQQuickWebViewPrivate, QScopedPointerDeleter<OxideQQuickWebViewPrivate> >::~QScopedPointer() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941==    by 0x24147E1C: OxideQQuickWebView::~OxideQQuickWebView() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941==    by 0x240855BD: QQmlPrivate::QQmlElement<OxideQQuickWebView>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/qt5/qml/com/canonical/Oxide/libqmloxideplugin.so)
==19941==    by 0x240855F3: QQmlPrivate::QQmlElement<OxideQQuickWebView>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/qt5/qml/com/canonical/Oxide/libqmloxideplugin.so)
==19941==    by 0x64BE52A: QObjectPrivate::deleteChildren() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.5.1)
==19941==    by 0x64C7D9F: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.5.1)
==19941==    by 0x5DBD028: QWindow::~QWindow() (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.5.1)
==19941==    by 0x4FD26E8: QQuickWindow::~QQuickWindow() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.5.1)
==19941==    by 0x50AA74C: QQmlPrivate::QQmlElement<QQuickWindowQmlImpl>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.5.1)
==19941==    by 0x405115: main (in /usr/lib/x86_64-linux-gnu/qt5/bin/qmlscene)
==19941==  Address 0x151bcd9e is 18 bytes before a block of size 664 alloc'd
==19941==    at 0x4C2E0EF: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19941==    by 0x50A96E9: QQuickWindowQmlImpl::QQuickWindowQmlImpl(QWindow*) (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.5.1)
==19941==    by 0x50AA78F: void QQmlPrivate::createInto<QQuickWindowQmlImpl>(void*) (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.5.1)
==19941==    by 0x547B71A: QQmlType::create() const (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.5.1)
==19941==    by 0x54DCE23: QQmlObjectCreator::createInstance(int, QObject*, bool) (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.5.1)
==19941==    by 0x54DD8CE: QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*) (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.5.1)
==19941==    by 0x5465B04: QQmlComponentPrivate::beginCreate(QQmlContextData*) (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.5.1)
==19941==    by 0x546378E: QQmlComponent::create(QQmlContext*) (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.5.1)
==19941==    by 0x404F0F: main (in /usr/lib/x86_64-linux-gnu/qt5/bin/qmlscene)

So we're accessing the window after it's been deleted.

Some stepping through in gdb shows that this access occurs here:

oxide::qt::InputMethodContext::FocusedNodeChanged (this=0xb426d0) at ../../oxide/qt/core/browser/input/oxide_qt_input_method_context.cc:236
236           QGuiApplication::focusWindow()->focusObject()) {
(gdb) bt
#0  0x00007fffb699d3fe in oxide::qt::InputMethodContext::FocusedNodeChanged() (this=0xb426d0) at ../../oxide/qt/core/browser/input/oxide_qt_input_method_context.cc:236
#1  0x00007fffb8edf9fc in oxide::ImeBridgeImpl::SetContext(oxide::InputMethodContext*) (this=0xaea948, context=0x0) at ../../oxide/shared/browser/input/oxide_ime_bridge_impl.cc:109
#2  0x00007fffb8f04d4d in oxide::WebContentsView::SetClient(oxide::WebContentsViewClient*) (this=0xcbe100, client=<optimised out>) at ../../oxide/shared/browser/oxide_web_contents_view.cc:786
#3  0x00007fffb8f09790 in oxide::WebView::~WebView() (this=0xb62660, __in_chrg=<optimised out>) at ../../oxide/shared/browser/oxide_web_view.cc:984
#4  0x00007fffb8f098f9 in oxide::WebView::~WebView() (this=0xb62660, __in_chrg=<optimised out>) at ../../oxide/shared/browser/oxide_web_view.cc:998
#5  0x00007fffb69c126e in oxide::qt::WebView::~WebView() (this=<optimised out>, __ptr=<optimised out>) at /usr/include/c++/5/bits/unique_ptr.h:76
#6  0x00007fffb69c126e in oxide::qt::WebView::~WebView() (this=0xb5c5a8, __in_chrg=<optimised out>) at /usr/include/c++/5/bits/unique_ptr.h:236
#7  0x00007fffb69c126e in oxide::qt::WebView::~WebView() (this=0xb5c540, __in_chrg=<optimised out>) at ../../oxide/qt/core/browser/oxide_qt_web_view.cc:1175
#8  0x00007fffb69c1359 in oxide::qt::WebView::~WebView() (this=0xb5c540, __in_chrg=<optimised out>) at ../../oxide/qt/core/browser/oxide_qt_web_view.cc:1184
#9  0x00007fffcc41a50e in OxideQQuickWebViewPrivate::~OxideQQuickWebViewPrivate() (pointer=<optimised out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qscopedpointer.h:54
#10 0x00007fffcc41a50e in OxideQQuickWebViewPrivate::~OxideQQuickWebViewPrivate() (this=0xa880a8, __in_chrg=<optimised out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qscopedpointer.h:101
#11 0x00007fffcc41a50e in OxideQQuickWebViewPrivate::~OxideQQuickWebViewPrivate() (this=0xa88090, __in_chrg=<optimised out>) at /home/chr1s/src/oxide/master/src/oxide/qt/quick/api/oxideqquickwebview.cc:745
#12 0x00007fffcc41a589 in OxideQQuickWebViewPrivate::~OxideQQuickWebViewPrivate() (this=0xa88090, __in_chrg=<optimised out>) at /home/chr1s/src/oxide/master/src/oxide/qt/quick/api/oxideqquickwebview.cc:745
#13 0x00007fffcc41585a in OxideQQuickWebView::~OxideQQuickWebView() (pointer=<optimised out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qscopedpointer.h:54
#14 0x00007fffcc41585a in OxideQQuickWebView::~OxideQQuickWebView() (this=0xa88080, __in_chrg=<optimised out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qscopedpointer.h:101
#15 0x00007fffcc41585a in OxideQQuickWebView::~OxideQQuickWebView() (this=0xa88060, __in_chrg=<optimised out>) at /home/chr1s/src/oxide/master/src/oxide/qt/quick/api/oxideqquickwebview.cc:1389
#16 0x00007fffcc45b509 in QQmlPrivate::QQmlElement<OxideQQuickWebView>::~QQmlElement() (this=0xa88060, __in_chrg=<optimised out>) at /usr/include/x86_64-linux-gnu/qt5/QtQml/qqmlprivate.h:98
#17 0x00007fffcc45b509 in QQmlPrivate::QQmlElement<OxideQQuickWebView>::~QQmlElement() (this=0xa88060, __in_chrg=<optimised out>) at /usr/include/x86_64-linux-gnu/qt5/QtQml/qqmlprivate.h:98
#18 0x00007ffff67e352b in QObjectPrivate::deleteChildren() (this=this@entry=0xa8a6e0) at kernel/qobject.cpp:1946
#19 0x00007ffff67ecda0 in QObject::~QObject() (this=<optimised out>, __in_chrg=<optimised out>) at kernel/qobject.cpp:1024
#20 0x00007ffff6b00029 in QWindow::~QWindow() (this=0xa06340, __in_chrg=<optimised out>) at kernel/qwindow.cpp:202
#21 0x00007ffff7b9f6e9 in QQuickWindow::~QQuickWindow() (this=0xa06340, __in_chrg=<optimised out>) at items/qquickwindow.cpp:1111
#22 0x00007ffff7c7774d in QQmlPrivate::QQmlElement<QQuickWindowQmlImpl>::~QQmlElement() (this=0xa06340, __in_chrg=<optimised out>) at items/qquickwindowmodule_p.h:46
#23 0x00007ffff7c7774d in QQmlPrivate::QQmlElement<QQuickWindowQmlImpl>::~QQmlElement() (this=0xa06340, __in_chrg=<optimised out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:98
#24 0x00007ffff7c7774d in QQmlPrivate::QQmlElement<QQuickWindowQmlImpl>::~QQmlElement() (this=0xa06340, __in_chrg=<optimised out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:98
#25 0x0000000000405116 in main(int, char**) (pointer=0xa06340) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qscopedpointer.h:54
#26 0x0000000000405116 in main(int, char**) (this=<synthetic pointer>, __in_chrg=<optimised out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qscopedpointer.h:101
#27 0x0000000000405116 in main(int, char**) (argc=2, argv=<optimised out>) at main.cpp:550

So, QGuiApplication::focusWindow() is returning an invalid pointer.

The focus window should be cleaned up in QWindow::destroy(). This initially gets called here:

#0  0x00007ffff6affd30 in QWindow::destroy() (this=0xa04c90) at kernel/qwindow.cpp:1601
#1  0x00007ffff6b013a8 in QWindow::event(QEvent*) (this=this@entry=0xa04c90, ev=ev@entry=0x7fffffffd1a0) at kernel/qwindow.cpp:2030
#2  0x00007ffff7ba8871 in QQuickWindow::event(QEvent*) (this=0xa04c90, e=0x7fffffffd1a0) at items/qquickwindow.cpp:1413
#3  0x00007ffff70a905c in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=this@entry=0x42bb20, receiver=receiver@entry=0xa04c90, e=e@entry=0x7fffffffd1a0) at kernel/qapplication.cpp:3716
#4  0x00007ffff70ae516 in QApplication::notify(QObject*, QEvent*) (this=0x7fffffffd630, receiver=0xa04c90, e=0x7fffffffd1a0) at kernel/qapplication.cpp:3499
#5  0x00007ffff67b662b in QCoreApplication::notifyInternal(QObject*, QEvent*) (this=0x7fffffffd630, receiver=0xa04c90, event=event@entry=0x7fffffffd1a0) at kernel/qcoreapplication.cpp:965
#6  0x00007ffff6af56be in QGuiApplicationPrivate::processCloseEvent(QWindowSystemInterfacePrivate::CloseEvent*) (event=0x7fffffffd1a0, receiver=<optimised out>)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:227
#7  0x00007ffff6af56be in QGuiApplicationPrivate::processCloseEvent(QWindowSystemInterfacePrivate::CloseEvent*) (e=0xcb1920) at kernel/qguiapplication.cpp:2114
#8  0x00007ffff6afa215 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) (e=e@entry=0xcb1920) at kernel/qguiapplication.cpp:1635
#9  0x00007ffff6addf38 in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) (flags=...) at kernel/qwindowsysteminterface.cpp:625
#10 0x00007fffefd99070 in userEventSourceDispatch(GSource*, GSourceFunc, gpointer) (source=<optimised out>) at eventdispatchers/qeventdispatcher_glib.cpp:70
#11 0x00007ffff51941a7 in g_main_context_dispatch (context=0x7fffe40016f0) at /build/glib2.0-7IO_Yw/glib2.0-2.48.1/./glib/gmain.c:3154
#12 0x00007ffff51941a7 in g_main_context_dispatch (context=context@entry=0x7fffe40016f0) at /build/glib2.0-7IO_Yw/glib2.0-2.48.1/./glib/gmain.c:3769
#13 0x00007ffff5194400 in g_main_context_iterate (context=context@entry=0x7fffe40016f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimised out>)
    at /build/glib2.0-7IO_Yw/glib2.0-2.48.1/./glib/gmain.c:3840
#14 0x00007ffff51944ac in g_main_context_iteration (context=0x7fffe40016f0, may_block=may_block@entry=1) at /build/glib2.0-7IO_Yw/glib2.0-2.48.1/./glib/gmain.c:3901
#15 0x00007ffff680ca7f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x510970, flags=...) at kernel/qeventdispatcher_glib.cpp:418
#16 0x00007ffff67b3dea in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7fffffffd440, flags=..., flags@entry=...) at kernel/qeventloop.cpp:204
#17 0x00007ffff67bbe8c in QCoreApplication::exec() () at kernel/qcoreapplication.cpp:1229
#18 0x00007ffff6aefc3c in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1542
#19 0x00007ffff70a5495 in QApplication::exec() () at kernel/qapplication.cpp:2976
#20 0x00000000004050da in main(int, char**) (argc=2, argv=<optimised out>) at main.cpp:598

But, the focus window is currently null:

(gdb) p QGuiApplicationPrivate::focus_window
$1 = (QWindow *) 0x0

However, when the destructor for QWindow runs here:

#0  0x00007ffff7ac0cc0 in QWindow::~QWindow()@plt () at /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5
#1  0x00007ffff7b9f6e9 in QQuickWindow::~QQuickWindow() (this=0xa04c90, __in_chrg=<optimised out>) at items/qquickwindow.cpp:1111
#2  0x00007ffff7c7774d in QQmlPrivate::QQmlElement<QQuickWindowQmlImpl>::~QQmlElement() (this=0xa04c90, __in_chrg=<optimised out>) at items/qquickwindowmodule_p.h:46
#3  0x00007ffff7c7774d in QQmlPrivate::QQmlElement<QQuickWindowQmlImpl>::~QQmlElement() (this=0xa04c90, __in_chrg=<optimised out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:98
#4  0x00007ffff7c7774d in QQmlPrivate::QQmlElement<QQuickWindowQmlImpl>::~QQmlElement() (this=0xa04c90, __in_chrg=<optimised out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:98
#5  0x0000000000405116 in main(int, char**) (pointer=0xa04c90) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qscopedpointer.h:54
#6  0x0000000000405116 in main(int, char**) (this=<synthetic pointer>, __in_chrg=<optimised out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qscopedpointer.h:101
#7  0x0000000000405116 in main(int, char**) (argc=2, argv=<optimised out>) at main.cpp:550

... the focus window has been set...

(gdb) p QGuiApplicationPrivate::focus_window
$2 = (QWindow *) 0xa04c90

QWindow::destroy is called a second time in its destructor, but because it was called earlier it exits early without clearing QGuiApplicationPrivate::focus_window, thus leaving it dangling.

This is a Qt bug

no longer affects:	oxide
no longer affects:	webbrowser-app (Ubuntu)

Revision history for this message

Olivier Tilloy (osomon) wrote on 2016-09-30:

#15

Might be https://bugreports.qt.io/browse/QTBUG-46414.

Revision history for this message

Olivier Tilloy (osomon) wrote on 2016-10-04:

#16

I can confirm that https://codereview.qt-project.org/#/c/108517/ fixes the crash.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-10-04:

#17

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in qtbase-opensource-src (Ubuntu):
status:	New → Confirmed

Revision history for this message

Timo Jyrinki (timo-jyrinki) wrote on 2016-10-05:

#18

The full story is that after the commit it was reverted in 5.6 https://codereview.qt-project.org/#/c/147886/ with a comment "It's too risky for 5.6, we should let it cook in dev for a while
and backport when ready.", but then also that revert got merged to dev so as far as I can see upstream does not have any fix for the bug :(

I asked in the bug report two days ago whether there's going to be some activity on it, and then in addition to dev it'd be nice to have some non-risky 5.6 variant of it.

Olivier Tilloy (osomon) on 2016-10-05

Changed in qtbase-opensource-src (Ubuntu):
importance:	Undecided → Critical

Revision history for this message

Simon Quigley (tsimonq2) wrote on 2018-03-31:

#19

Seems like this is fixed now.

Changed in qtbase-opensource-src (Ubuntu):
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1629214

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuqtbase-opensource-src package

Alt+F4 crashes app where WebView embedded in a Window

Bug Description

Duplicates of this bug

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
qtbase-opensource-src package