Ubuntu
unity8 package

unity8 crashed with SIGABRT on Qt 5.3

Bug #1328485 reported by Timo Jyrinki
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
unity8 (Ubuntu)
Fix Released
High
Albert Astals Cid

Bug Description

This was tried to be retraced with lp:daisy added with the landing-005 PPA sources but it wasn't very successful.

The easiest way to get Unity8 to crash with Qt 5.3 seems to be rapidly swiping up and down in the apps scope.

--
Refer to constantly updated info on the front page of https://launchpad.net/~canonical-qt5-edgers/+archive/qt5-beta2 regarding where/how to get Qt 5.3. Note that the PPA to actually use is a landing silo instead.

ProblemType: Crash
DistroRelease: Ubuntu 14.10
Package: unity8 7.88+14.10.20140607-0ubuntu1 [origin: LP-PPA-ci-train-ppa-service-landing-005]
Uname: Linux 3.4.0-5-mako armv7l
ApportVersion: 2.14.3-0ubuntu1
Architecture: armhf
CurrentDesktop: Unity
Date: Tue Jun 10 06:26:08 2014
Disassembly: => 0xb63198e6: Cannot access memory at address 0xb63198e6
ExecutablePath: /usr/bin/unity8
ExecutableTimestamp: 1402140695
InstallationDate: Installed on 2014-06-09 (1 days ago)
InstallationMedia: Ubuntu Utopic Unicorn (development branch) - armhf (20140609)
ProcCmdline: unity8
ProcCwd: /home/phablet
Signal: 6
SourcePackage: unity8
Stacktrace:
 #0 0xb63198e6 in ?? ()
 No symbol table info available.
 #1 0xb63280fe in ?? ()
 No symbol table info available.
 Backtrace stopped: previous frame identical to this frame (corrupt stack?)
StacktraceSource:
 #0 0xb63198e6 in ?? ()
 #1 0xb63280fe in ?? ()
StacktraceTop:
 ?? ()
 ?? ()
Title: unity8 crashed with SIGABRT
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm autopilot cdrom dialout dip nopasswdlogin plugdev sudo tty video

See original description
Revision history for this message
Timo Jyrinki (timo-jyrinki) wrote :
Revision history for this message
Michał Sawicz (saviq) wrote :

Hmm weird, no crash reason in the log :/

Revision history for this message
Timo Jyrinki (timo-jyrinki) wrote :

It might be because I viewed the .crash with apport-cli only later and the file is collected only at that point?

The attached log is a fresh one after crash.

Revision history for this message
Michał Sawicz (saviq) wrote : Re: [Bug 1328485] Re: unity8 crashed with SIGABRT on Qt 5.3

On 10.06.2014 17:45, Timo Jyrinki wrote:
> It might be because I viewed the .crash with apport-cli only later and
> the file is collected only at that point?
>
> The attached log is a fresh one after crash.

Nope, still no reason :|

We'll have to investigate live, but at least it's reproducible.

Revision history for this message
Timo Jyrinki (timo-jyrinki) wrote :

As mentioned in the instructions, there's a possibility of trying out a recent 5.3.1 snapshot of qtdeclarative together with the rest of the Qt 5.3.0, to find out whether some particular problem is an upstream one fixed in the upcoming point release.

From quick testing, it does not seem that the 5.3.1 snapshot would help with this bug (still crashes).

description: updated
Pat McGowan (pat-mcgowan)
Changed in unity8 (Ubuntu):
importance: Undecided → High
assignee: nobody → Michał Sawicz (saviq)
Revision history for this message
Timo Jyrinki (timo-jyrinki) wrote :

My first try with apport-unpack + gdb after another crash:

--
#0 __libc_do_syscall () at ../ports/sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:44
#1 0xb62f00fe in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#2 0xb62f2956 in __GI_abort () at abort.c:89
#3 0xb6316de0 in __libc_message (do_abort=<optimized out>, fmt=0xb63982b8 "*** Error in `%s': %s: 0x%s ***\n")
    at ../sysdeps/posix/libc_fatal.c:175
#4 0xb631d98e in malloc_printerr (action=1, str=0xb63984bc "free(): invalid pointer", ptr=<optimized out>) at malloc.c:4996
#5 0xb631e3b4 in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840
#6 0xb666b242 in QObjectPrivate::Connection::~Connection (this=0xa12c3fa0, __in_chrg=<optimized out>) at kernel/qobject.cpp:1041
#7 0xb6670e80 in deref (this=<optimized out>) at kernel/qobject_p.h:157
#8 QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>) at kernel/qobject.cpp:964
#9 0xb6168c64 in QHttpThreadDelegate::~QHttpThreadDelegate (this=0x97f9b688, __in_chrg=<optimized out>)
    at access/qhttpthreaddelegate.cpp:223
#10 0xb6168d5c in QHttpThreadDelegate::~QHttpThreadDelegate (this=0x97f9b688, __in_chrg=<optimized out>)
    at access/qhttpthreaddelegate.cpp:223
#11 0xb666d046 in QObject::event (this=0x97f9b688, e=<optimized out>) at kernel/qobject.cpp:1232
#12 0xb664cf92 in QCoreApplication::notify (this=<optimized out>, receiver=<optimized out>, event=<optimized out>)
    at kernel/qcoreapplication.cpp:997
#13 0xb664cd88 in QCoreApplication::notifyInternal (this=0xae900d28, receiver=receiver@entry=0x97f9b688, event=event@entry=
    0xab457320) at kernel/qcoreapplication.cpp:935
#14 0xb664e8ae in sendEvent (event=0xab457320, receiver=0x97f9b688) at kernel/qcoreapplication.h:237
#15 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0xa12104b0)
    at kernel/qcoreapplication.cpp:1539
#16 0xb664ec46 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0)
    at kernel/qcoreapplication.cpp:1397
#17 0xb6686ea8 in postEventSourceDispatch (s=0xab401610) at kernel/qeventdispatcher_glib.cpp:279
#18 0xb5df439a in g_main_context_dispatch () from /lib/arm-linux-gnueabihf/libglib-2.0.so.0
#19 0xb5df4522 in ?? () from /lib/arm-linux-gnueabihf/libglib-2.0.so.0

.crash file at http://people.canonical.com/~tjyrinki/qt53/crashes/_usr_bin_unity8.32011.crash

Michał Sawicz (saviq)
Changed in unity8 (Ubuntu):
status: New → In Progress
Revision history for this message
Albert Astals Cid (aacid) wrote :

A different BT i've had when swiping up down randomly in the apps scope

#0 __libc_do_syscall () at ../ports/sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:44
#1 0xb62820fe in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#2 0xb6284956 in __GI_abort () at abort.c:89
#3 0xb62a8de0 in __libc_message (do_abort=<optimized out>, fmt=0xb632a2b8 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#4 0xb62af98e in malloc_printerr (action=1, str=0xb632a498 "free(): invalid next size (fast)", ptr=<optimized out>) at malloc.c:4996
#5 0xb62b03b4 in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840
#6 0xb6b11066 in QV4::String::destroy(QV4::Managed*) () from /usr/lib/arm-linux-gnueabihf/libQt5Qml.so.5
#7 0xb6ac2ebe in QV4::MemoryManager::sweep(char*, unsigned int, unsigned int) () from /usr/lib/arm-linux-gnueabihf/libQt5Qml.so.5
#8 0xb6ac32f4 in QV4::MemoryManager::sweep(bool) () from /usr/lib/arm-linux-gnueabihf/libQt5Qml.so.5
#9 0xb6ac3e40 in QV4::MemoryManager::runGC() () from /usr/lib/arm-linux-gnueabihf/libQt5Qml.so.5
#10 0xb6ac435e in QV4::MemoryManager::alloc(unsigned int) () from /usr/lib/arm-linux-gnueabihf/libQt5Qml.so.5
#11 0xb6b7bf66 in ?? () from /usr/lib/arm-linux-gnueabihf/libQt5Qml.so.5

Changed in unity8 (Ubuntu):
assignee: Michał Sawicz (saviq) → Albert Astals Cid (aacid)
Revision history for this message
Albert Astals Cid (aacid) wrote :
Download full text (5.7 KiB)

Another one again different :/

#0 0xb63882a2 in _int_free (av=0xae900010, p=<optimized out>, have_lock=0) at malloc.c:3996
#1 0xb6c0b0be in QQmlIncubator::~QQmlIncubator (this=0x8dd1efd8, __in_chrg=<optimized out>) at qml/qqmlincubator.cpp:525
#2 0xb69c195a in ~QQuickLoaderIncubator (this=0x8dd1efd8, __in_chrg=<optimized out>) at items/qquickloader_p_p.h:67
#3 QQuickLoaderIncubator::~QQuickLoaderIncubator (this=0x8dd1efd8, __in_chrg=<optimized out>) at items/qquickloader_p_p.h:67
#4 0xb69c0346 in QQuickLoaderPrivate::~QQuickLoaderPrivate (this=0x9a6ef478, __in_chrg=<optimized out>) at items/qquickloader.cpp:66
#5 0xb69c03a4 in QQuickLoaderPrivate::~QQuickLoaderPrivate (this=0x9a6ef478, __in_chrg=<optimized out>) at items/qquickloader.cpp:68
#6 0xb66dafee in cleanup (pointer=<optimized out>) at ../../include/QtCore/../../src/corelib/tools/qscopedpointer.h:62
#7 ~QScopedPointer (this=0xa09cc5f4, __in_chrg=<optimized out>) at ../../include/QtCore/../../src/corelib/tools/qscopedpointer.h:109
#8 QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>) at kernel/qobject.cpp:1034
#9 0xb69594d4 in QQuickItem::~QQuickItem (this=0xa09cc5f0, __in_chrg=<optimized out>) at items/qquickitem.cpp:2118
#10 0xb69c0432 in ~QQuickImplicitSizeItem (this=0xa09cc5f0, __in_chrg=<optimized out>) at items/qquickimplicitsizeitem_p.h:51
#11 QQuickLoader::~QQuickLoader (this=0xa09cc5f0, __in_chrg=<optimized out>) at items/qquickloader.cpp:311
#12 0xb69670bc in ~QQmlElement (this=0xa09cc5f0, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:106
#13 QQmlPrivate::QQmlElement<QQuickLoader>::~QQmlElement (this=0xa09cc5f0, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:106
#14 0xb66d56f2 in QObjectPrivate::deleteChildren (this=this@entry=0x90988cb0) at kernel/qobject.cpp:1935
#15 0xb66dafce in QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>) at kernel/qobject.cpp:1028
#16 0xb69594d4 in QQuickItem::~QQuickItem (this=0x9645ade8, __in_chrg=<optimized out>) at items/qquickitem.cpp:2118
#17 0xb69667f4 in ~QQmlElement (this=0x9645ade8, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:106
#18 QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement (this=0x9645ade8, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:106
#19 0xb66d56f2 in QObjectPrivate::deleteChildren (this=this@entry=0x9a6d06c0) at kernel/qobject.cpp:1935
#20 0xb66dafce in QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>) at kernel/qobject.cpp:1028
#21 0xb69594d4 in QQuickItem::~QQuickItem (this=0x8dd18f08, __in_chrg=<optimized out>) at items/qquickitem.cpp:2118
#22 0xb6964902 in QQuickFocusScope::~QQuickFocusScope (this=0x8dd18f08, __in_chrg=<optimized out>) at items/qquickfocusscope.cpp:69
#23 0xb6967280 in ~QQmlElement (this=0x8dd18f08, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:106
#24 QQmlPrivate::QQmlElement<QQuickFocusScope>::~QQmlElement (this=0x8dd18f08, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:106
#25 0xb66d56f2 in QObjectPrivate::deleteChildren (...

Read more...

Revision history for this message
Albert Astals Cid (aacid) wrote :
Download full text (4.8 KiB)

And even another different backtrace

#0 __libc_do_syscall () at ../ports/sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:44
#1 0xb628a0fe in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#2 0xb628c956 in __GI_abort () at abort.c:89
#3 0xb62b710e in __malloc_assert (assertion=0x0, file=<optimized out>, line=line@entry=3695, function=<optimized out>) at malloc.c:293
#4 0xb62b98de in _int_malloc (av=av@entry=0xaf000010, bytes=bytes@entry=16) at malloc.c:3695
#5 0xb62ba808 in __GI___libc_malloc (bytes=16) at malloc.c:2891
#6 0xb64c4542 in QHashData::allocateNode (this=<optimized out>, nodeAlign=nodeAlign@entry=4) at tools/qhash.cpp:402
#7 0xb6a29fb6 in createNode (anextNode=<optimized out>, avalue=@0xaf0a5798: 258, akey=..., ah=3931209361, this=<optimized out>) at /usr/include/arm-linux-gnueabihf/qt5/QtCore/qhash.h:577
#8 insert (avalue=@0xaf0a5798: 258, akey=..., this=<optimized out>) at /usr/include/arm-linux-gnueabihf/qt5/QtCore/qhash.h:793
#9 initializeMetaType (engine=0xaf01dba8, model=..., this=0xa08ebc98) at util/qqmladaptormodel.cpp:536
#10 VDMAbstractItemModelDataType::createItem (this=0xa08ebc98, model=..., metaType=0x9a411350, engine=0xaf01dba8, index=0) at util/qqmladaptormodel.cpp:522
#11 0xb6bb7e8a in createItem (index=<optimized out>, engine=<optimized out>, metaType=<optimized out>, this=0x97d87d90) at ../../include/QtQml/5.3.0/QtQml/private/../../../../../src/qml/util/qqmladaptormodel_p.h:117
#12 QQmlDelegateModelPrivate::object (this=this@entry=0x97d87d40, group=QQmlListCompositor::Default, index=index@entry=0, asynchronous=asynchronous@entry=false) at types/qqmldelegatemodel.cpp:915
#13 0xb6bb888a in QQmlDelegateModel::object (this=<optimized out>, index=0, asynchronous=<optimized out>) at types/qqmldelegatemodel.cpp:1002
#14 0xb68df3fa in QQuickRepeaterPrivate::createItems (this=0x97d938b8) at items/qquickrepeater.cpp:395
#15 0xb68df75e in QQuickRepeater::regenerate (this=this@entry=0xa5bdb340) at items/qquickrepeater.cpp:384
#16 0xb68df9c6 in QQuickRepeater::setModel (this=this@entry=0xa5bdb340, model=...) at items/qquickrepeater.cpp:235
#17 0xb694f522 in QQuickRepeater::qt_metacall (this=0xa5bdb340, _c=QMetaObject::WriteProperty, _id=0, _a=0xb09c1dd0) at .moc/moc_qquickrepeater_p.cpp:247
#18 0xb6b25d80 in QQmlVMEMetaObject::metaCall (this=<optimized out>, c=<optimized out>, _id=<optimized out>, a=<optimized out>) at qml/qqmlvmemetaobject.cpp:906
#19 0xb6b25c9e in QQmlVMEMetaObject::metaCall (this=0xa5b9d738, c=<optimized out>, _id=49, a=<optimized out>) at qml/qqmlvmemetaobject.cpp:978
#20 0xb65ec388 in QMetaObject::metacall (object=<optimized out>, cl=<optimized out>, idx=49, argv=0xb09c1dd0) at kernel/qmetaobject.cpp:306
#21 0xb6b36982 in QQmlPropertyPrivate::write (object=object@entry=0xa7324968, property=..., value=..., context=context@entry=0x9a84d4e8, flags=flags@entry=...) at qml/qqmlproperty.cpp:1322
#22 0xb6b37052 in QQmlPropertyPrivate::writeValueProperty (object=object@entry=0xa7324968, core=..., value=..., context=context@entry=0x9a84d4e8, flags=flags@entry=...) at qml/qqmlproperty.cpp:1246
#23 0xb6b373c8 in QQmlPropertyPrivate::writeBinding (object=0xa7324968, core=..., cont...

Read more...

Revision history for this message
Albert Astals Cid (aacid) wrote :
Download full text (8.3 KiB)

Got something in valgrind when running on the desktop

==15748== at 0x57A02DB: QQmlComponentAttached::~QQmlComponentAttached() (qqmlcomponent.cpp:985)
==15748== by 0x57A0318: QQmlComponentAttached::~QQmlComponentAttached() (qqmlcomponent.cpp:989)
==15748== by 0x668736B: QObjectPrivate::deleteChildren() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==15748== by 0x66900EB: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==15748== by 0x5D1D4B5: QQuickItem::~QQuickItem() (qquickitem.cpp:2064)
==15748== by 0x5D33AE5: QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (qqmlprivate.h:106)
==15748== by 0x668736B: QObjectPrivate::deleteChildren() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==15748== by 0x66900EB: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==15748== by 0x5D1D4B5: QQuickItem::~QQuickItem() (qquickitem.cpp:2064)
==15748== by 0x5D34655: QQmlPrivate::QQmlElement<QQuickLoader>::~QQmlElement() (qqmlprivate.h:106)
==15748== by 0x668736B: QObjectPrivate::deleteChildren() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==15748== by 0x66900EB: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==15748== by 0x5D1D4B5: QQuickItem::~QQuickItem() (qquickitem.cpp:2064)
==15748== by 0x5D33AE5: QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (qqmlprivate.h:106)
==15748== by 0x668736B: QObjectPrivate::deleteChildren() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==15748== by 0x66900EB: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==15748== by 0x5D1D4B5: QQuickItem::~QQuickItem() (qquickitem.cpp:2064)
==15748== by 0x5D348A5: QQmlPrivate::QQmlElement<QQuickFocusScope>::~QQmlElement() (qqmlprivate.h:106)
==15748== by 0x668736B: QObjectPrivate::deleteChildren() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==15748== by 0x66900EB: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==15748== by 0x5D1D4B5: QQuickItem::~QQuickItem() (qquickitem.cpp:2064)
==15748== by 0x5D34655: QQmlPrivate::QQmlElement<QQuickLoader>::~QQmlElement() (qqmlprivate.h:106)
==15748== by 0x668736B: QObjectPrivate::deleteChildren() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==15748== by 0x66900EB: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==15748== by 0x5D1D4B5: QQuickItem::~QQuickItem() (qquickitem.cpp:2064)
==15748== by 0x5D33AE5: QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (qqmlprivate.h:106)
==15748== by 0x6689607: QObject::event(QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==15748== by 0x5D1B012: QQuickItem::event(QEvent*) (qquickitem.cpp:7114)
==15748== by 0x6659CDC: QCoreApplication::notify(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==15748== by 0x66599D4: QCoreApplication::notifyInternal(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==15748== by 0x665B826: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==15748== by 0x66B1242: ??? (in /usr/lib/x86_64-lin...

Read more...

Revision history for this message
Albert Astals Cid (aacid) wrote :

https://codereview.qt-project.org/#/c/87633/ should fix it. I have not been able to make it crash after adding this to my self compiled Qt.

Timo is adding that to the ppa so we can all verify if it fixes the crash or not.

Revision history for this message
Timo Jyrinki (timo-jyrinki) wrote :

Fix available now at the landing-005 PPA. I'm not able to crash it anymore (although it was sometimes hard earlier too).

Note for testing: gcc-4.9 is broken at the moment in the archives, maybe the easiest way to test now is dist-upgrade as usual to the PPA but unpack + dpkg -i *.deb the following tarball on the device after dist-upgrade: http://people.canonical.com/~tjyrinki/gcc/fix_gcc.tar - then reboot as usual.

Revision history for this message
Timo Jyrinki (timo-jyrinki) wrote :

I'm not able to crash Unity 8 anymore, so I'd say this is Fix Committed (until the fix is released from landing-005 to archives)!

Changed in unity8 (Ubuntu):
status: In Progress → Fix Committed
Albert Astals Cid (aacid)
Changed in unity8 (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.