ubuntu-sdk-bugs team mailing list archive
-
ubuntu-sdk-bugs team
-
Mailing list archive
-
Message #07266
[Bug 1435465] Re: Alt+F4 crashes app where WebView embedded in a Window
Running it in valgrind gives a clue:
==19941== Invalid read of size 4
==19941== at 0x6604DA4: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.5.1)
==19941== by 0x1877174F: ???
==19941== by 0xFFFFFFFFFFFFFFFD: ???
==19941== by 0x2483D3FE: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x27C117AB: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x27C36ADC: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x27C3DDD3: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x27C3E1A8: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x24861F42: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x24861FF8: ??? (in /usr/lib/x86_64-linux-gnu/libOxideQtCore.so.0)
==19941== by 0x2414E312: QScopedPointerDeleter<oxide::qt::WebViewProxy>::cleanup(oxide::qt::WebViewProxy*) (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x2414D996: QScopedPointer<oxide::qt::WebViewProxy, QScopedPointerDeleter<oxide::qt::WebViewProxy> >::~QScopedPointer() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x241467FB: OxideQQuickWebViewPrivate::~OxideQQuickWebViewPrivate() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x24146847: OxideQQuickWebViewPrivate::~OxideQQuickWebViewPrivate() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x2414E4D6: QScopedPointerDeleter<OxideQQuickWebViewPrivate>::cleanup(OxideQQuickWebViewPrivate*) (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x2414DED6: QScopedPointer<OxideQQuickWebViewPrivate, QScopedPointerDeleter<OxideQQuickWebViewPrivate> >::~QScopedPointer() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x24147E1C: OxideQQuickWebView::~OxideQQuickWebView() (in /usr/lib/x86_64-linux-gnu/libOxideQtQuick.so.0)
==19941== by 0x240855BD: QQmlPrivate::QQmlElement<OxideQQuickWebView>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/qt5/qml/com/canonical/Oxide/libqmloxideplugin.so)
==19941== by 0x240855F3: QQmlPrivate::QQmlElement<OxideQQuickWebView>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/qt5/qml/com/canonical/Oxide/libqmloxideplugin.so)
==19941== by 0x64BE52A: QObjectPrivate::deleteChildren() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.5.1)
==19941== by 0x64C7D9F: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.5.1)
==19941== by 0x5DBD028: QWindow::~QWindow() (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.5.1)
==19941== by 0x4FD26E8: QQuickWindow::~QQuickWindow() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.5.1)
==19941== by 0x50AA74C: QQmlPrivate::QQmlElement<QQuickWindowQmlImpl>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.5.1)
==19941== by 0x405115: main (in /usr/lib/x86_64-linux-gnu/qt5/bin/qmlscene)
==19941== Address 0x151bcd9e is 18 bytes before a block of size 664 alloc'd
==19941== at 0x4C2E0EF: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19941== by 0x50A96E9: QQuickWindowQmlImpl::QQuickWindowQmlImpl(QWindow*) (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.5.1)
==19941== by 0x50AA78F: void QQmlPrivate::createInto<QQuickWindowQmlImpl>(void*) (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.5.1)
==19941== by 0x547B71A: QQmlType::create() const (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.5.1)
==19941== by 0x54DCE23: QQmlObjectCreator::createInstance(int, QObject*, bool) (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.5.1)
==19941== by 0x54DD8CE: QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*) (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.5.1)
==19941== by 0x5465B04: QQmlComponentPrivate::beginCreate(QQmlContextData*) (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.5.1)
==19941== by 0x546378E: QQmlComponent::create(QQmlContext*) (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.5.1)
==19941== by 0x404F0F: main (in /usr/lib/x86_64-linux-gnu/qt5/bin/qmlscene)
So we're accessing the window after it's been deleted.
Some stepping through in gdb shows that this access occurs here:
oxide::qt::InputMethodContext::FocusedNodeChanged (this=0xb426d0) at ../../oxide/qt/core/browser/input/oxide_qt_input_method_context.cc:236
236 QGuiApplication::focusWindow()->focusObject()) {
(gdb) bt
#0 0x00007fffb699d3fe in oxide::qt::InputMethodContext::FocusedNodeChanged() (this=0xb426d0) at ../../oxide/qt/core/browser/input/oxide_qt_input_method_context.cc:236
#1 0x00007fffb8edf9fc in oxide::ImeBridgeImpl::SetContext(oxide::InputMethodContext*) (this=0xaea948, context=0x0) at ../../oxide/shared/browser/input/oxide_ime_bridge_impl.cc:109
#2 0x00007fffb8f04d4d in oxide::WebContentsView::SetClient(oxide::WebContentsViewClient*) (this=0xcbe100, client=<optimised out>) at ../../oxide/shared/browser/oxide_web_contents_view.cc:786
#3 0x00007fffb8f09790 in oxide::WebView::~WebView() (this=0xb62660, __in_chrg=<optimised out>) at ../../oxide/shared/browser/oxide_web_view.cc:984
#4 0x00007fffb8f098f9 in oxide::WebView::~WebView() (this=0xb62660, __in_chrg=<optimised out>) at ../../oxide/shared/browser/oxide_web_view.cc:998
#5 0x00007fffb69c126e in oxide::qt::WebView::~WebView() (this=<optimised out>, __ptr=<optimised out>) at /usr/include/c++/5/bits/unique_ptr.h:76
#6 0x00007fffb69c126e in oxide::qt::WebView::~WebView() (this=0xb5c5a8, __in_chrg=<optimised out>) at /usr/include/c++/5/bits/unique_ptr.h:236
#7 0x00007fffb69c126e in oxide::qt::WebView::~WebView() (this=0xb5c540, __in_chrg=<optimised out>) at ../../oxide/qt/core/browser/oxide_qt_web_view.cc:1175
#8 0x00007fffb69c1359 in oxide::qt::WebView::~WebView() (this=0xb5c540, __in_chrg=<optimised out>) at ../../oxide/qt/core/browser/oxide_qt_web_view.cc:1184
#9 0x00007fffcc41a50e in OxideQQuickWebViewPrivate::~OxideQQuickWebViewPrivate() (pointer=<optimised out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qscopedpointer.h:54
#10 0x00007fffcc41a50e in OxideQQuickWebViewPrivate::~OxideQQuickWebViewPrivate() (this=0xa880a8, __in_chrg=<optimised out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qscopedpointer.h:101
#11 0x00007fffcc41a50e in OxideQQuickWebViewPrivate::~OxideQQuickWebViewPrivate() (this=0xa88090, __in_chrg=<optimised out>) at /home/chr1s/src/oxide/master/src/oxide/qt/quick/api/oxideqquickwebview.cc:745
#12 0x00007fffcc41a589 in OxideQQuickWebViewPrivate::~OxideQQuickWebViewPrivate() (this=0xa88090, __in_chrg=<optimised out>) at /home/chr1s/src/oxide/master/src/oxide/qt/quick/api/oxideqquickwebview.cc:745
#13 0x00007fffcc41585a in OxideQQuickWebView::~OxideQQuickWebView() (pointer=<optimised out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qscopedpointer.h:54
#14 0x00007fffcc41585a in OxideQQuickWebView::~OxideQQuickWebView() (this=0xa88080, __in_chrg=<optimised out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qscopedpointer.h:101
#15 0x00007fffcc41585a in OxideQQuickWebView::~OxideQQuickWebView() (this=0xa88060, __in_chrg=<optimised out>) at /home/chr1s/src/oxide/master/src/oxide/qt/quick/api/oxideqquickwebview.cc:1389
#16 0x00007fffcc45b509 in QQmlPrivate::QQmlElement<OxideQQuickWebView>::~QQmlElement() (this=0xa88060, __in_chrg=<optimised out>) at /usr/include/x86_64-linux-gnu/qt5/QtQml/qqmlprivate.h:98
#17 0x00007fffcc45b509 in QQmlPrivate::QQmlElement<OxideQQuickWebView>::~QQmlElement() (this=0xa88060, __in_chrg=<optimised out>) at /usr/include/x86_64-linux-gnu/qt5/QtQml/qqmlprivate.h:98
#18 0x00007ffff67e352b in QObjectPrivate::deleteChildren() (this=this@entry=0xa8a6e0) at kernel/qobject.cpp:1946
#19 0x00007ffff67ecda0 in QObject::~QObject() (this=<optimised out>, __in_chrg=<optimised out>) at kernel/qobject.cpp:1024
#20 0x00007ffff6b00029 in QWindow::~QWindow() (this=0xa06340, __in_chrg=<optimised out>) at kernel/qwindow.cpp:202
#21 0x00007ffff7b9f6e9 in QQuickWindow::~QQuickWindow() (this=0xa06340, __in_chrg=<optimised out>) at items/qquickwindow.cpp:1111
#22 0x00007ffff7c7774d in QQmlPrivate::QQmlElement<QQuickWindowQmlImpl>::~QQmlElement() (this=0xa06340, __in_chrg=<optimised out>) at items/qquickwindowmodule_p.h:46
#23 0x00007ffff7c7774d in QQmlPrivate::QQmlElement<QQuickWindowQmlImpl>::~QQmlElement() (this=0xa06340, __in_chrg=<optimised out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:98
#24 0x00007ffff7c7774d in QQmlPrivate::QQmlElement<QQuickWindowQmlImpl>::~QQmlElement() (this=0xa06340, __in_chrg=<optimised out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:98
#25 0x0000000000405116 in main(int, char**) (pointer=0xa06340) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qscopedpointer.h:54
#26 0x0000000000405116 in main(int, char**) (this=<synthetic pointer>, __in_chrg=<optimised out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qscopedpointer.h:101
#27 0x0000000000405116 in main(int, char**) (argc=2, argv=<optimised out>) at main.cpp:550
So, QGuiApplication::focusWindow() is returning an invalid pointer.
The focus window should be cleaned up in QWindow::destroy(). This
initially gets called here:
#0 0x00007ffff6affd30 in QWindow::destroy() (this=0xa04c90) at kernel/qwindow.cpp:1601
#1 0x00007ffff6b013a8 in QWindow::event(QEvent*) (this=this@entry=0xa04c90, ev=ev@entry=0x7fffffffd1a0) at kernel/qwindow.cpp:2030
#2 0x00007ffff7ba8871 in QQuickWindow::event(QEvent*) (this=0xa04c90, e=0x7fffffffd1a0) at items/qquickwindow.cpp:1413
#3 0x00007ffff70a905c in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=this@entry=0x42bb20, receiver=receiver@entry=0xa04c90, e=e@entry=0x7fffffffd1a0) at kernel/qapplication.cpp:3716
#4 0x00007ffff70ae516 in QApplication::notify(QObject*, QEvent*) (this=0x7fffffffd630, receiver=0xa04c90, e=0x7fffffffd1a0) at kernel/qapplication.cpp:3499
#5 0x00007ffff67b662b in QCoreApplication::notifyInternal(QObject*, QEvent*) (this=0x7fffffffd630, receiver=0xa04c90, event=event@entry=0x7fffffffd1a0) at kernel/qcoreapplication.cpp:965
#6 0x00007ffff6af56be in QGuiApplicationPrivate::processCloseEvent(QWindowSystemInterfacePrivate::CloseEvent*) (event=0x7fffffffd1a0, receiver=<optimised out>)
at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:227
#7 0x00007ffff6af56be in QGuiApplicationPrivate::processCloseEvent(QWindowSystemInterfacePrivate::CloseEvent*) (e=0xcb1920) at kernel/qguiapplication.cpp:2114
#8 0x00007ffff6afa215 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) (e=e@entry=0xcb1920) at kernel/qguiapplication.cpp:1635
#9 0x00007ffff6addf38 in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) (flags=...) at kernel/qwindowsysteminterface.cpp:625
#10 0x00007fffefd99070 in userEventSourceDispatch(GSource*, GSourceFunc, gpointer) (source=<optimised out>) at eventdispatchers/qeventdispatcher_glib.cpp:70
#11 0x00007ffff51941a7 in g_main_context_dispatch (context=0x7fffe40016f0) at /build/glib2.0-7IO_Yw/glib2.0-2.48.1/./glib/gmain.c:3154
#12 0x00007ffff51941a7 in g_main_context_dispatch (context=context@entry=0x7fffe40016f0) at /build/glib2.0-7IO_Yw/glib2.0-2.48.1/./glib/gmain.c:3769
#13 0x00007ffff5194400 in g_main_context_iterate (context=context@entry=0x7fffe40016f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimised out>)
at /build/glib2.0-7IO_Yw/glib2.0-2.48.1/./glib/gmain.c:3840
#14 0x00007ffff51944ac in g_main_context_iteration (context=0x7fffe40016f0, may_block=may_block@entry=1) at /build/glib2.0-7IO_Yw/glib2.0-2.48.1/./glib/gmain.c:3901
#15 0x00007ffff680ca7f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x510970, flags=...) at kernel/qeventdispatcher_glib.cpp:418
#16 0x00007ffff67b3dea in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7fffffffd440, flags=..., flags@entry=...) at kernel/qeventloop.cpp:204
#17 0x00007ffff67bbe8c in QCoreApplication::exec() () at kernel/qcoreapplication.cpp:1229
#18 0x00007ffff6aefc3c in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1542
#19 0x00007ffff70a5495 in QApplication::exec() () at kernel/qapplication.cpp:2976
#20 0x00000000004050da in main(int, char**) (argc=2, argv=<optimised out>) at main.cpp:598
But, the focus window is currently null:
(gdb) p QGuiApplicationPrivate::focus_window
$1 = (QWindow *) 0x0
However, when the destructor for QWindow runs here:
#0 0x00007ffff7ac0cc0 in QWindow::~QWindow()@plt () at /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5
#1 0x00007ffff7b9f6e9 in QQuickWindow::~QQuickWindow() (this=0xa04c90, __in_chrg=<optimised out>) at items/qquickwindow.cpp:1111
#2 0x00007ffff7c7774d in QQmlPrivate::QQmlElement<QQuickWindowQmlImpl>::~QQmlElement() (this=0xa04c90, __in_chrg=<optimised out>) at items/qquickwindowmodule_p.h:46
#3 0x00007ffff7c7774d in QQmlPrivate::QQmlElement<QQuickWindowQmlImpl>::~QQmlElement() (this=0xa04c90, __in_chrg=<optimised out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:98
#4 0x00007ffff7c7774d in QQmlPrivate::QQmlElement<QQuickWindowQmlImpl>::~QQmlElement() (this=0xa04c90, __in_chrg=<optimised out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:98
#5 0x0000000000405116 in main(int, char**) (pointer=0xa04c90) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qscopedpointer.h:54
#6 0x0000000000405116 in main(int, char**) (this=<synthetic pointer>, __in_chrg=<optimised out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qscopedpointer.h:101
#7 0x0000000000405116 in main(int, char**) (argc=2, argv=<optimised out>) at main.cpp:550
... the focus window has been set...
(gdb) p QGuiApplicationPrivate::focus_window
$2 = (QWindow *) 0xa04c90
QWindow::destroy is called a second time in its destructor, but because
it was called earlier it exits early without clearing
QGuiApplicationPrivate::focus_window, thus leaving it dangling.
This is a Qt bug
** Also affects: qtbase-opensource-src (Ubuntu)
Importance: Undecided
Status: New
** No longer affects: oxide
** No longer affects: webbrowser-app (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
SDK bug tracking, which is subscribed to qtbase-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/1435465
Title:
Alt+F4 crashes app where WebView embedded in a Window
Status in qtbase-opensource-src package in Ubuntu:
New
Bug description:
was just watching something on Youtube Web App created by unity
itself. when i pressed alt-f4 Ubuntu said it had an error and if i
want to submit it.
that is all folks.
ProblemType: Crash
DistroRelease: Ubuntu 15.04
Package: webapp-container 0.23+15.04.20150320.2-0ubuntu1
ProcVersionSignature: Ubuntu 3.19.0-9.9-generic 3.19.1
Uname: Linux 3.19.0-9-generic x86_64
ApportVersion: 2.16.2-0ubuntu4
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Mar 23 19:56:16 2015
Disassembly: => 0x0: Cannot access memory at address 0x0
ExecutablePath: /usr/bin/webapp-container
InstallationDate: Installed on 2015-03-22 (0 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Alpha amd64 (20150306)
ProcCmdline: webapp-container --app-id=YouTubeyoutubecom --webapp=WW91VHViZQ== --enable-back-forward
SegvAnalysis:
Segfault happened at: 0x0: Cannot access memory at address 0x0
PC (0x00000000) not located in a known VMA region (needed executable region)!
SegvReason: executing NULL VMA
Signal: 11
SourcePackage: webbrowser-app
StacktraceTop:
?? ()
?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/platforminputcontexts/libibusplatforminputcontextplugin.so
QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/platforminputcontexts/libibusplatforminputcontextplugin.so
?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/platforminputcontexts/libibusplatforminputcontextplugin.so
Title: webapp-container crashed with SIGSEGV in QMetaObject::activate()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1435465/+subscriptions
