Double-Free Corruption Crash from eglQueryString when starting Wayland Client

On my iMX.6 Dualcore device, I can see the following GPU driver related crash completely reproducible at every application's start. My setting is a QtWaylandCompositor based compositor (though that should not make a big difference to Weston) and a simple application that runs as a Wayland client. My BSP contains the 5.0.11 p4.5 release.

~# gdb --args sandbox -platform wayland
GNU gdb (GDB) 7.9.1
Reading symbols from sandbox...(no debugging symbols found)...done.
(gdb) r
Starting program: /usr/bin/sandbox -platform wayland
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/".
qml: surface appeared: 15
Using Wayland-EGL
*** Error in `/usr/bin/sandbox': double free or corruption (top): 0x001819e8 ***
[New Thread 0x6e1ff450 (LWP 1068)]
[New Thread 0x6e9ff450 (LWP 1067)]
[New Thread 0x6f1ff450 (LWP 1066)]
[New Thread 0x6f9ff450 (LWP 1065)]
[New Thread 0x701ff450 (LWP 1064)]
[New Thread 0x709ff450 (LWP 1063)]
[New Thread 0x711ff450 (LWP 1062)]
[New Thread 0x719ff450 (LWP 1061)]
[New Thread 0x721ff450 (LWP 1060)]
[New Thread 0x72d1b450 (LWP 1059)]
[New Thread 0x7351b450 (LWP 1058)]

Program received signal SIGABRT, Aborted.
0x763d5880 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
55        return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt
#0  0x763d5880 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
#1  0x763d9364 in __GI_abort () at abort.c:89
#2  0x7640c6d0 in __libc_message (do_abort=do_abort@entry=2, fmt=0x764c53fc "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3  0x76417098 in malloc_printerr (action=<optimized out>, str=0x764c555c "double free or corruption (top)", ptr=<optimized out>, ar_ptr=<optimized out>) at malloc.c:5000
#4  0x76417a24 in _int_free (av=0x764e27a8 <main_arena>, p=<optimized out>, have_lock=<optimized out>) at malloc.c:3861
#5  0x7523415c in gcoOS_FreeMemory (Os=<optimized out>, Memory=<optimized out>) at gc_hal_user_os.c:2032
#6  0x752341d0 in gcoOS_Free (Os=<optimized out>, Memory=<optimized out>) at gc_hal_user_os.c:1829
#7  0x75227e00 in gcoVGHARDWARE_CloseContext (Hardware=0x180d0c) at gc_hal_user_hardware_context_vg.c:694
#8  0x75228d34 in gcoVGHARDWARE_Construct (Hal=<optimized out>, Hardware=0x8c91c) at gc_hal_user_hardware_vg.c:6211
#9  0x7522a338 in gcoVGHARDWARE_QueryChipIdentity (Hardware=Hardware@entry=0x0, ChipModel=0x7efff6d4, ChipModel@entry=0x7efff6cc, ChipRevision=ChipRevision@entry=0x0, ChipFeatures=ChipFeatures@entry=0x0,
    ChipMinorFeatures=ChipMinorFeatures@entry=0x0, ChipMinorFeatures2=ChipMinorFeatures2@entry=0x0) at gc_hal_user_hardware_vg.c:6321
#10 0x7518891c in gcoHAL_QueryChipLimits (Hal=Hal@entry=0x0, Chip=Chip@entry=2, Mask=Mask@entry=7, Limits=Limits@entry=0x8d520) at gc_hal_user_query.c:1133
#11 0x751697b0 in veglGetThreadData () at gc_egl.c:281
#12 0x7515ff14 in eglQueryString (Dpy=0x0, name=12373) at gc_egl_init.c:1553
#13 0x72518b54 in ?? () from /usr/lib/qt5/plugins/wayland-graphics-integration-client/
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

I would be happy for any hints if that issue might be fixed in more recent releases or if this is an open issue.



1 Reply

Hi Andreas,

There is a bug for p4.5 that Wayland and EglQuery does not free window memory until the application exits, apparently this is the main reason of your issue, So i recommend to migrate to p7.1  or better latest bsp with 5.0.11p8.6v. 

hope this helps

