SEGFAULT in DatePicker

Fails with current staging, and my system UITK which is Installed: 1.3.1872+16.04.20160330.2-0ubuntu1

Status changed to 'Confirmed' because the bug affects multiple users.

Removing some tests from tst_datepicker.qml can get rid of the segfault. But it seems like random which tests need to be removed. Even removing a single totally unrelated line of code can cause the segfault to appear/disappear.

So, with this tst_datepicker.qml http://paste.ubuntu.com/15684437/ I get these results:

tim@tim-mbp:~/dev/ubuntu-ui-toolkit/m/datepicker-segfault/tests/unit_x11/tst_components$ ../../unit/runtest.sh tst_components tst_datepicker.qml
Executing dbus-test-runner --task gdb -p --quiet -n tst_datepicker.qml -m 300 -p --batch -p -ex -p 'set print thread-events off' -p -ex -p run -p -ex -p bt -p --return-child-result -p --args -p /home/tim/dev/ubuntu-ui-toolkit/m/datepicker-segfault/tests/unit_x11/tst_components/tst_components -p -input -p tst_datepicker.qml -p -maxwarnings -p 100 -p -o -p /home/tim/dev/ubuntu-ui-toolkit/m/datepicker-segfault/tests/test_tst_datepicker.qml.xml,xunitxml -p -o -p -,txt
Working directory: /home/tim/dev/ubuntu-ui-toolkit/m/datepicker-segfault/tests/unit_x11/tst_components
DBus daemon: unix:abstract=/tmp/dbus-yBhHzh27Dd,guid=4b8c2f760af281cfdce396a7570780bd
tst_datepicker.qml: Started with PID: 28887
Undefined command: "". Try "help".
tst_datepicker.qml: [Thread debugging using libthread_db enabled]
tst_datepicker.qml: Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
tst_datepicker.qml: [New Thread 0x7fffeb5f7700 (LWP 28893)]
tst_datepicker.qml: [New Thread 0x7fffe136d700 (LWP 28894)]
tst_datepicker.qml: [New Thread 0x7fffe0b6c700 (LWP 28895)]
tst_datepicker.qml: [New Thread 0x7fffdbfff700 (LWP 28896)]
tst_datepicker.qml: [New Thread 0x7fffda792700 (LWP 28898)]
tst_datepicker.qml: ********* Start testing of components *********
tst_datepicker.qml: Config: Using QtTest library 5.5.1, Qt 5.5.1 (x86_64-little_endian-lp64 shared (dynamic) release build; by GCC 5.3.1 20160225)
tst_datepicker.qml: PASS : components::DatePickerAPI::initTestCase()
tst_datepicker.qml: QWARN : components::DatePickerAPI::test_0_mode() file:///home/tim/dev/ubuntu-ui-toolkit/m/datepicker-segfault/tests/unit_x11/tst_components/tst_datepicker.qml:30:9: QML DatePicker: Theme.createStyleComponent() is deprecated. Use ThemeSettings instead.
tst_datepicker.qml:
tst_datepicker.qml: Thread 1 "tst_components" received signal SIGSEGV, Segmentation fault.
tst_datepicker.qml: 0x00007ffff7b7c814 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
tst_datepicker.qml: #0 0x00007ffff7b7c814 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
tst_datepicker.qml: #1 0x00007ffff7b5ca49 in QV4::MemoryManager::mark() () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
tst_datepicker.qml: #2 0x00007ffff7b5d46b in QV4::MemoryManager::runGC() () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
tst_datepicker.qml: #3 0x00007ffff7b5e5f8 in QV4::MemoryManager::allocData(unsigned long, unsigned long) () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
tst_datepicker.qml: #4 0x00007ffff7b4452a in QV4::ExecutionEngine::newString(QString const&) () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
tst_datepicker.qml: #5 0x00007ffff7b7d8d4 in QV4::Heap::FunctionObject::FunctionObject(QV4::ExecutionContext*, QString const&, boo...

I get segfault with this:

import QtQuick 2.0
import QtTest 1.0
import Ubuntu.Test 1.2
import Ubuntu.Components 1.1
import Ubuntu.Components.Pickers 1.0

but the segfault is gone with:

import QtQuick 2.0
import QtTest 1.0
import Ubuntu.Test 1.3
import Ubuntu.Components 1.1
import Ubuntu.Components.Pickers 1.0

tst_datepicker13.qml updates all the import versions (including Ubuntu.Test), so that one does not crash.

The segfault can occur in different places (after commenting out crashing tests), but always seem to happen after a PickerItemChanged signal.

For me the segfault moves to a later test if I do the changes in #4.

I dunno how you identified the crash to happen at pickerItemChanged signal. I refactored the code to have one single pickerItem on the Picker level. So no pickerItemChange should happen. The crash happens at the test loading phase, when Loader loads the text component. I've excluded the sensing area logic from AbstractButton, which previously caused problems, but we still have crashes.

Oh, and Tim, there is no Ubuntu.Tests 1.2 in the system, only 1.0 or 1.3.

Actually 1.2 has a QML component, so my sensing area exclusion doesn't have any effect on 1.2.

Yes, Ubuntu.Test 1.2 is the same as 1.0.

I identified the pickerItemChanged like this:

tim@tim-mbp:~/dev/ubuntu-ui-toolkit/m/datepicker-segfault/tests/unit_x11/tst_components$ qmltestrunner -v2 -vs -import ../../../qml/ -input tst_datepicker.qml > log.txt
Segmentation fault (core dumped)

tim@tim-mbp:~/dev/ubuntu-ui-toolkit/m/datepicker-segfault/tests/unit_x11/tst_components$ tail log.txt
INFO : qmltestrunner::DatePickerAPI::test_1_changeMinimumInvalid() Signal: QQuickRectangle(2b17180) enabledChanged ()
INFO : qmltestrunner::DatePickerAPI::test_1_changeMinimumInvalid() Signal: QQuickRectangle(2b17180) parentChanged ((QQuickItem*)242e340)
INFO : qmltestrunner::DatePickerAPI::test_1_changeMinimumInvalid() Signal: Picker_QMLTYPE_21_QML_30(PickerRow_YearPicker 242e340) visibleChildrenChanged ()
INFO : qmltestrunner::DatePickerAPI::test_1_changeMinimumInvalid() Signal: QQuickRectangle(2b17180) zChanged ()
INFO : qmltestrunner::DatePickerAPI::test_1_changeMinimumInvalid() Signal: QQuickAnchors(245c050) fillChanged ()
INFO : qmltestrunner::DatePickerAPI::test_1_changeMinimumInvalid() Signal: QQuickRectangle(2b17180) colorChanged ()
INFO : qmltestrunner::DatePickerAPI::test_1_changeMinimumInvalid() Signal: QQuickRectangle(2b17180) heightChanged ()
INFO : qmltestrunner::DatePickerAPI::test_1_changeMinimumInvalid() Signal: QQmlContext(23a6ec0) ()
INFO : qmltestrunner::DatePickerAPI::test_1_changeMinimumInvalid() Signal: Picker_QMLTYPE_21_QML_30(PickerRow_YearPicker 242e340) styleInstanceChanged ()
INFO : qmltestrunner::DatePickerAPI::test_1_changeMinimumInvalid() Signal: YearModel_QMLTYPE_17_QML_33(2ae9e60) pickerItemChanged ()

by changing the code and commenting out tests, I could make it segfault on different places, but the last thing the logs always showed was pickerItemChanged.

The location of the segfault depends on the value of GRID_UNIT_PX. See http://pastebin.ubuntu.com/15755867/

I get no more segfaults when I comment out the UbuntuShape in DatePickerStyle 1.2, see http://paste.ubuntu.com/15756150/

I disabled the test for now in this MR https://code.launchpad.net/~tpeeters/ubuntu-ui-toolkit/datepicker-segfault/+merge/291524

The bug may only be present in 1.2 of the components or Ubuntu.Tests or theming. I could not reproduce it in 1.3.

The stacktrace http://pastebin.ubuntu.com/15761131/ does not make me wiser.

with aggressive garbage collection the bug gets exposed in tst_datepicker13.qml as well:

tim@tim-mbp:~/dev/ubuntu-ui-toolkit/m/datepicker-segfault/tests/unit_x11/tst_components$ export QV4_MM_AGGRESSIVE_GC=1
tim@tim-mbp:~/dev/ubuntu-ui-toolkit/m/datepicker-segfault/tests/unit_x11/tst_components$ qmltestrunner -import ../../../qml/ -input tst_datepicker13.qml
********* Start testing of qmltestrunner *********
Config: Using QtTest library 5.5.1, Qt 5.5.1 (x86_64-little_endian-lp64 shared (dynamic) release build; by GCC 5.3.1 20160330)
Segmentation fault (core dumped)

tst_adaptivepagelayout.qml can crash as well, see http://pastebin.ubuntu.com/15767687/

This bug was fixed in the package ubuntu-ui-toolkit 1.3.1938+15.04.20160412 in https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/stable-phone-overlay

---------------

ubuntu-ui-toolkit (1.3.1938+15.04.20160412) vivid; urgency=medium

  [ Tim Peeters ]
  * Hide the PageStack back button when depth == 1. Fixes LP: #1565811
  * Add header subtitle. Fixes LP: #1399289
  * Reveal the header in gallery when changing the layout to two columns.
    Fixes LP: #1556860
  * Set correct colors for disabled actions in the header.
    Fixes LP: #1393485
  * Disable tst_datepicker.qml to unblock the staging.Fixes LP: #1567840
  * Prevent invisible header from setting the flickable topMargin.
    Fixes LP: #1560419, LP: #1560458, LP: #1566231.

  [ Zsombor Egri ]
  * Move MouseTouchAdaptor into UbuntuToolkit library. Fix adaptor code for
    Xenial. Fixes LP: #1561436

  [ Christian Dywan ]
  * Don't use a separate argument to distinguish touch events. If it's touch,
    it has our overloaded methods. Fixes LP: #1530802
  * Use export_qml_dir.sh in qmlapicheck and runtest Also add Usage to runtest.
    Fixes LP: #1567286.
  * Summary style error results with sections. Fixes LP: #1568804

  [ Andrea Bernabei ]
  * Mouse filter: check if mouse is inside the area on mouse moves and
    setHovered accordingly. Fixes LP: #1566378.

  [ Timo Jyrinki ]
  * Add latest changes for GLES.
  * Add back Provides: qtdeclarative5-ubuntu-ui-toolkit-plugin to resolve
    upgrade issue. Fixes LP: #1568817
  * Fix wrapper script auto-generated by Qt that incorrectly tries to execute
    itself. Fixes LP: #1560000
  * bileto_convert_to_gles: sort and add
    qml-module-ubuntu-performancemetrics-gles.install. Fixes LP: #1569217

  * Add additional Breaks as requested by archive admin.
  * Add latest changes for GLES.

  [ Zolán Balogh ]
  * Fix the UITK test plan script.

  [ CI Train Bot ]
  * Resync trunk. added: examples/ubuntu-ui-toolkit-gallery/po/nb.po

  [ Robert Park ]
  * Inline GLES packaging. added: debian/bileto_convert_to_gles
    debian/control.gles debian/rules.gles

 -- Zoltan Balogh <email address hidden> Tue, 12 Apr 2016 11:12:44 +0000

This bug was fixed in the package ubuntu-ui-toolkit - 1.3.1984+16.10.20160527.2

---------------
ubuntu-ui-toolkit (1.3.1984+16.10.20160527.2) yakkety; urgency=medium

  [ Christian Dywan ]
  * Slimmer frame for TextFields: 0.5dp. Fixes LP: #1578190.

  [ Albert Astals Cid ]
  * Add override
    The override specifier (since C++11) specifies that a virtual function
    overrides another virtual function. In a member function declaration or
    definition, override ensures that the function is virtual and is overriding
    a virtual function from the base class.

  [ Tim Peeters ]
  * Fix reference error in PullToRefreshStyle. Fixes LP: #1582843
  * Mark Tab, Tabs, TabBar, PageHeadConfiguration, PageHeadSections,
    PageHeadState, ToolbarButton, ToolbarItems as deprecated in the
    documentation. Fixes LP: #1566735, LP: #1566741.

  [ CI Train Bot ]
  * Resync trunk.

 -- Zoltan Balogh <email address hidden> Fri, 27 May 2016 07:08:44 +0000