unity8 crashes on boot

Bug #1473471 reported by Jean-Baptiste Lallement on 2015-07-10
24
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Canonical System Image
High
kevin gunn
unity8 (Ubuntu)
High
Albert Astals Cid

Bug Description

On rc-proposed/bq-aquaris.en/krillin #64 and rc-proposed/meizu.en/arale #56 unity8 often crashes on boot, introducing a long delay while apport is doing its work.

The process respawns and there doesn't seem to be any impact after boot.

Report on errors.u.c: https://errors.ubuntu.com/oops/34eea84c-270c-11e5-a0a8-fa163e5bb1a2

Most of the time maliit-server also crashes. I reported bug 1473469

How to reproduce the crash:
 * Make sure your /var/crash in the phone is empty
 * run in the desktop
   while [ true ]; do echo "Checking if there is crash files"; output=`adb shell ls /var/crash`; if [ "x$output" != "x" ]; then break; fi; echo "No crash files, Rebooting"; adb reboot; echo "Sleeping for 100 seconds"; echo ""; sleep 100; done

Will stop because crash files have been generated in about 5 iterations

Related branches

Jean-Baptiste Lallement (jibel) wrote :
Changed in unity8 (Ubuntu):
importance: Undecided → High
status: New → Confirmed
assignee: nobody → Albert Astals Cid (aacid)
description: updated
Albert Astals Cid (aacid) wrote :

#0 QV4::QObjectWrapper::getProperty (object=object@entry=0x55ade8, ctx=0xbe98e6d8, property=0x0, captureRequired=<optimized out>) at jsruntime/qv4qobjectwrapper.cpp:331
#1 0xb6b7cfa4 in QV4::QObjectWrapper::getProperty (object=object@entry=0x55ade8, ctx=<optimized out>, propertyIndex=<optimized out>, captureRequired=<optimized out>) at jsruntime/qv4qobjectwrapper.cpp:634
#2 0xb6b897d6 in QV4::Runtime::getQmlQObjectProperty (ctx=<optimized out>, object=..., propertyIndex=<optimized out>, captureRequired=<optimized out>) at jsruntime/qv4runtime.cpp:1310
#3 0xa7f5b338 in ?? ()

description: updated
description: updated
description: updated
Albert Astals Cid (aacid) wrote :

Very interestingly the crash is deep down in the qml engine where we are accessing a property index of an object and said property index doesn't exist.

This crash is has a very similar backtrace to crashes we had when the QML cache was stale, the problem here is that clearing the cache still makes it crash for future runs, so it's not because the cache is stale.

More interestingly if i disable the QML cache (you can do that by prepending # to all the lines of
/etc/profile.d/qml_qv4_jit_cache.sh ) i can run the loop above over 70 times without it crashing.

So maybe it's that our code for the QML cache has a bug?

Changed in canonical-devices-system-image:
assignee: nobody → kevin gunn (kgunn72)
importance: Undecided → High
milestone: none → ww34-2015
status: New → Confirmed
Albert Astals Cid (aacid) wrote :

With image 68 from ubuntu-touch/rc-proposed/bq-aquaris.en + Krillin i have been able to reboot 30 times without any crash.

Can anyone reproduce the crash with that image or newer? Maybe it somehow went away?

Changed in unity8 (Ubuntu):
status: Confirmed → Incomplete
kevin gunn (kgunn72) on 2015-07-21
Changed in canonical-devices-system-image:
status: Confirmed → Incomplete
Jean-Baptiste Lallement (jibel) wrote :

The problem reappeared on rc-proposed/meizu.en/arale #68. I happened twice on 2 boots.

Changed in unity8 (Ubuntu):
status: Incomplete → Confirmed
Changed in canonical-devices-system-image:
status: Incomplete → Confirmed
kevin gunn (kgunn72) wrote :

Just had this happen while testing image #200 rc-proposed on mako
granted i was testing a silo for mir0.14 release
see crash file attached

kevin gunn (kgunn72) wrote :
Gerry Boland (gerboland) wrote :

Same output as Albert printed from that crash file. Hard to figure out why without having it happen reliably :(

description: updated
Albert Astals Cid (aacid) wrote :

So after three days of debugging I've been able to figure out why it is crashing, why it's random and i can provide a quick workaround in unity8 code.

## Why is it crashing? ##

The problem exists because we use the QML cache and because Qt has this bug https://bugreports.qt.io/browse/QTBUG-47709

The bug in Qt means that if for types with extended properties (Image and "source" in our case coming from the SDK) an Item is created before the type is extended, all subsquent items of the same type won't see the extended property either.

Since we're using the QML cache this means that the code loaded from the cache expects the extended property to be there, so when it access such property, it will crash.

## Why is it random? ##

It's random because the QML file loading is not always done in the *exact* same order, and thus in some cases the first Image is created in a file that imports Ubuntu.Components and in some cases the first image is created in a file that does not.

## How to workaround it? ##

A quick workaround is making sure Ubuntu.Components is imported in the first file that is imported, in unity8's case UnityInputInfo.qml that is a singleton imported from the root file (OrientedShell.qml)

Changed in unity8 (Ubuntu):
status: Confirmed → In Progress
Albert Astals Cid (aacid) wrote :

We have now commited the workaround.

Changed in unity8 (Ubuntu):
status: In Progress → Fix Released
kevin gunn (kgunn72) on 2015-08-19
Changed in canonical-devices-system-image:
status: Confirmed → Fix Committed
Changed in canonical-devices-system-image:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers