AnsweredAssumed Answered

Double-Free Corruption Crash from eglQueryString when starting Wayland Client

Question asked by Andreas Cord-Landwehr on Jan 31, 2017
Latest reply on Jan 31, 2017 by Bio_TICFSL

On my iMX.6 Dualcore device, I can see the following GPU driver related crash completely reproducible at every application's start. My setting is a QtWaylandCompositor based compositor (though that should not make a big difference to Weston) and a simple application that runs as a Wayland client. My BSP contains the 5.0.11 p4.5 release.

 

~# gdb --args sandbox -platform wayland
GNU gdb (GDB) 7.9.1
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-mel-linux-gnueabi".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from sandbox...(no debugging symbols found)...done.
(gdb) r
Starting program: /usr/bin/sandbox -platform wayland
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
qml: surface appeared: 15
Using Wayland-EGL
*** Error in `/usr/bin/sandbox': double free or corruption (top): 0x001819e8 ***
[New Thread 0x6e1ff450 (LWP 1068)]
[New Thread 0x6e9ff450 (LWP 1067)]
[New Thread 0x6f1ff450 (LWP 1066)]
[New Thread 0x6f9ff450 (LWP 1065)]
[New Thread 0x701ff450 (LWP 1064)]
[New Thread 0x709ff450 (LWP 1063)]
[New Thread 0x711ff450 (LWP 1062)]
[New Thread 0x719ff450 (LWP 1061)]
[New Thread 0x721ff450 (LWP 1060)]
[New Thread 0x72d1b450 (LWP 1059)]
[New Thread 0x7351b450 (LWP 1058)]

 

Program received signal SIGABRT, Aborted.
0x763d5880 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
55        return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt
#0  0x763d5880 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
#1  0x763d9364 in __GI_abort () at abort.c:89
#2  0x7640c6d0 in __libc_message (do_abort=do_abort@entry=2, fmt=0x764c53fc "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3  0x76417098 in malloc_printerr (action=<optimized out>, str=0x764c555c "double free or corruption (top)", ptr=<optimized out>, ar_ptr=<optimized out>) at malloc.c:5000
#4  0x76417a24 in _int_free (av=0x764e27a8 <main_arena>, p=<optimized out>, have_lock=<optimized out>) at malloc.c:3861
#5  0x7523415c in gcoOS_FreeMemory (Os=<optimized out>, Memory=<optimized out>) at gc_hal_user_os.c:2032
#6  0x752341d0 in gcoOS_Free (Os=<optimized out>, Memory=<optimized out>) at gc_hal_user_os.c:1829
#7  0x75227e00 in gcoVGHARDWARE_CloseContext (Hardware=0x180d0c) at gc_hal_user_hardware_context_vg.c:694
#8  0x75228d34 in gcoVGHARDWARE_Construct (Hal=<optimized out>, Hardware=0x8c91c) at gc_hal_user_hardware_vg.c:6211
#9  0x7522a338 in gcoVGHARDWARE_QueryChipIdentity (Hardware=Hardware@entry=0x0, ChipModel=0x7efff6d4, ChipModel@entry=0x7efff6cc, ChipRevision=ChipRevision@entry=0x0, ChipFeatures=ChipFeatures@entry=0x0,
    ChipMinorFeatures=ChipMinorFeatures@entry=0x0, ChipMinorFeatures2=ChipMinorFeatures2@entry=0x0) at gc_hal_user_hardware_vg.c:6321
#10 0x7518891c in gcoHAL_QueryChipLimits (Hal=Hal@entry=0x0, Chip=Chip@entry=2, Mask=Mask@entry=7, Limits=Limits@entry=0x8d520) at gc_hal_user_query.c:1133
#11 0x751697b0 in veglGetThreadData () at gc_egl.c:281
#12 0x7515ff14 in eglQueryString (Dpy=0x0, name=12373) at gc_egl_init.c:1553
#13 0x72518b54 in ?? () from /usr/lib/qt5/plugins/wayland-graphics-integration-client/libwayland-egl.so
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

 

I would be happy for any hints if that issue might be fixed in more recent releases or if this is an open issue.

 

Cheers,

Andreas

Outcomes