unity-2d

[launcher] crash when removing favorites or closing applications

Bug #719507 reported by Ugo Riboni
120
This bug affects 22 people
Affects Status Importance Assigned to Milestone
unity-2d
Fix Released
Critical
Ugo Riboni
unity-2d 3.8 "beta"

Bug Description

When removing several favorites one after the other from the launcher, we randomly get a crash with the following (not very useful) backtrace:

0 ?? 0 0xe32720
1 ?? /usr/lib/libQtDeclarative.so.4 0 0x7ffff7aae564
2 ?? /usr/lib/libQtDeclarative.so.4 0 0x7ffff7ab2d01
3 ?? /usr/lib/libQtDeclarative.so.4 0 0x7ffff7ab2eeb
4 ?? /usr/lib/libQtScript.so.4 0 0x7ffff4e5f78e
5 ?? /usr/lib/libQtScript.so.4 0 0x7ffff4cefb5e
6 ?? /usr/lib/libQtScript.so.4 0 0x7ffff4d290cf
7 ?? 0 0x7fffdc026c0f
8 ?? 0

The crash happens during the animation that makes the icon disappear, more or less halfway through.
I reproduced it a number of times but I don't know exactly what is triggering it.
I am running the new layout of the launcher, I don't know if this happens also with the old one.
More investigation needed.

Related branches

lp://qastaging/~uriboni/unity-2d/launcher-fix-crash-on-remove-items
Florian Boucault: Pending requested
Diff: 31 lines (+10/-0)
2 files modified
launcher/LauncherItem.qml (+1/-0)
launcher/LauncherList.qml (+9/-0)
lp://qastaging/ubuntu/natty/unity-2d
Ugo Riboni (uriboni)
Changed in unity-2d:
assignee: nobody → Ugo Riboni (uriboni)
Revision history for this message
Florian Boucault (fboucault) wrote :

I cannot reproduce it with latest trunk.

Changed in unity-2d:
importance: Undecided → Critical
milestone: none → 3.8
Ugo Riboni (uriboni)
Changed in unity-2d:
status: New → In Progress
Revision history for this message
Ugo Riboni (uriboni) wrote :

I don't have any 100% sure way to reproduce it, but essentially for me it still happens pretty reliably every 3 or 4 applications i remove from the launcher in sequence (either by removing the favorites or just quitting the app from the context menu).
It seems to happen much more if you have many applications in launcher and you start removing from near the bottom, but it happened also starting from the top.

Here's a slightly more useful backtrace:

0 main_arena /lib/libc.so.6 0 0x7ffff4bc5678
1 cache qdeclarativeengine_p.h 341 0x7ffff7aad620
2 QDeclarativePropertyCache::property qdeclarativepropertycache.cpp 402 0x7ffff7aad620
3 QDeclarativeObjectScriptClass::queryProperty qdeclarativeobjectscriptclass.cpp 167 0x7ffff7ab1d51
4 QDeclarativeObjectScriptClass::queryProperty qdeclarativeobjectscriptclass.cpp 147 0x7ffff7ab1f3b
5 QScript::DeclarativeObjectDelegate::getOwnPropertySlot qscriptdeclarativeobject.cpp 74 0x7ffff457c78e
6 fastGetOwnPropertySlot JSObject.h 382 0x7ffff440cb5e
7 QTJSC::JSValue::get JSObject.h 618 0x7ffff440cb5e
8 QTJSC::cti_op_get_by_id_generic JITStubs.cpp 1228 0x7ffff44460cf
9 ?? 0 0x7fffcfc693e3
10 ?? 0

Please note that I also get sometimes the same stack trace as Bug 725103 while removing favorites or closing applications from the launcher (which is a different stack trace).

Since it seems to be related to animations, I tried removing the ListView.onRemoved animation and I can't reproduce the bug anymore even after removing dozens of applications, so I'm pretty sure they are somehow linked.

I'm unsure about how to proceed, any advice would be welcome at this point.

Revision history for this message
Olivier Tilloy (osomon) wrote :

Just thinking out loud here: could it be linked to the fact that we request a delay in the removal, and somehow it is still removed too early?

in launcher/LauncherList.qml:

ListView.onRemove: SequentialAnimation {
    PropertyAction { target: launcherItem; property: "ListView.delayRemove"; value: true }
    […]
    PropertyAction { target: launcherItem; property: "ListView.delayRemove"; value: false }
}

Revision history for this message
Ugo Riboni (uriboni) wrote :

I doubt that, since ListView.delayRemove is designed to be used exactly that way.
I think our usage is lifted pretty much straight from the docs, actually, or from QT's own example code.

Revision history for this message
Ugo Riboni (uriboni) wrote :

Florian, attached you can find the full backtrace as you requested.

Ugo Riboni (uriboni)
summary: - [launcher] crash when removing favorites
+ [launcher] crash when removing favorites or closing applications
Revision history for this message
Ugo Riboni (uriboni) wrote :

To reproduce the crash everytime, you can raise the duration of the animation that makes a launcher item disappear and then move the mouse over entering and exiting the item that is going away (or just don't touch the duration and be very rather quick).

The crash itself is caused by what seems like a bug in QT itself.
Basically accessing some properties of a model item from a delegate that's being kept alive with ListView.delayRemove causes a SEGV in QT itself.
I couldn't find any related bug in the QT bugtracker, but I may later try to make a minimal test case to see if it can be reproduced and submit it.

A fix to the launcher have beens submitted for review in the meantime.

Florian Boucault (fboucault)
Changed in unity-2d:
status: In Progress → Fix Committed
Florian Boucault (fboucault)
Changed in unity-2d:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.