Ubuntu
qtdeclarative-opensource-src package

qmlscene crashed with SIGSEGV in _M_release() on quit

Bug #1342694 reported by Michał Sawicz
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mir
Fix Released
High
Alan Griffiths
Mir 0.6.0
0.5
Won't Fix
High
Alan Griffiths
mir (Ubuntu)
Fix Released
High
Unassigned
qtdeclarative-opensource-src (Ubuntu)
Invalid
Medium
Unassigned

Bug Description

Given the app:

import Ubuntu.Components 1.1

MainView {
  applicationName: "blah"

  Button {
    anchors.centerIn: parent
    text: "Quit"
    onClicked: Qt.quit()
  }
}

And launching it with:
$ qmlscene test.qml --desktop_file_hint=/usr/share/applications/webbrowser-app.desktop

on the phone (sorry for the webbrowser part, bug #1325984).

On pressing "Quit", the app segfaults.

ProblemType: Crash
DistroRelease: Ubuntu 14.10
Package: qmlscene 5.3.0-3ubuntu7
Uname: Linux 3.4.0-5-mako armv7l
ApportVersion: 2.14.4-0ubuntu2
Architecture: armhf
Date: Wed Jul 16 12:22:05 2014
ExecutablePath: /usr/lib/arm-linux-gnueabihf/qt5/bin/qmlscene
ExecutableTimestamp: 1404724229
InstallationDate: Installed on 2014-07-15 (0 days ago)
InstallationMedia: Ubuntu Utopic Unicorn (development branch) - armhf (20140715-115453)
ProcCmdline: /usr/lib/arm-linux-gnueabihf/qt5/bin/qmlscene test.qml --desktop_file_hint=/usr/share/applications/webbrowser-app.desktop
ProcCwd: /home/phablet
Signal: 11
SourcePackage: qtdeclarative-opensource-src
StacktraceTop:
 MirConnection::~MirConnection() () from /usr/lib/arm-linux-gnueabihf/libmirclient.so.8
 MirConnection::~MirConnection() () from /usr/lib/arm-linux-gnueabihf/libmirclient.so.8
 mir_connection_release () from /usr/lib/arm-linux-gnueabihf/libmirclient.so.8
 ?? () from /usr/lib/arm-linux-gnueabihf/libubuntu_application_api_touch_mirclient.so.2.1.0
Title: qmlscene crashed with SIGSEGV in MirConnection::~MirConnection()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm autopilot cdrom dialout dip nopasswdlogin plugdev sudo tty video

Related branches

lp:~mir-team/mir/enable-late-release
Alexandros Frantzis (community): Approve
PS Jenkins bot (community): Approve (continuous-integration)
Robert Carr (community): Approve
Diff: 380 lines (+219/-22)
8 files modified
examples/CMakeLists.txt (+3/-0)
examples/release_at_exit.c (+109/-0)
src/client/android/android_native_display_container.cpp (+24/-2)
src/client/connection_configuration.h (+3/-1)
src/client/default_connection_configuration.cpp (+1/-3)
src/client/mesa/mesa_native_display_container.cpp (+21/-3)
src/client/mir_connection.cpp (+52/-13)
src/client/mir_connection.h (+6/-0)
lp:~mir-team/mir/enable-late-release-0.5-backport
Rejected for merging into lp:mir/0.5
PS Jenkins bot (community): Needs Fixing (continuous-integration)
Mir development team: Pending requested
Diff: 269 lines (+105/-37)
7 files modified
examples/basic.c (+15/-7)
src/client/android/android_native_display_container.cpp (+23/-4)
src/client/connection_configuration.h (+3/-1)
src/client/default_connection_configuration.cpp (+1/-6)
src/client/mesa/mesa_native_display_container.cpp (+21/-6)
src/client/mir_connection.cpp (+38/-13)
src/client/mir_connection.h (+4/-0)
lp:ubuntu/utopic-proposed/mir
Revision history for this message
Michał Sawicz (saviq) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 _M_release (this=0xb2c00730) at /usr/include/c++/4.8/bits/shared_ptr_base.h:144
 ~__shared_count (this=0x1b0a150, __in_chrg=<optimized out>) at /usr/include/c++/4.8/bits/shared_ptr_base.h:546
 ~__shared_ptr (this=0x1b0a14c, __in_chrg=<optimized out>) at /usr/include/c++/4.8/bits/shared_ptr_base.h:781
 ~shared_ptr (this=0x1b0a14c, __in_chrg=<optimized out>) at /usr/include/c++/4.8/bits/shared_ptr.h:93
 MirConnection::~MirConnection (this=0x1b0a040, __in_chrg=<optimized out>) at /build/buildd/mir-0.4.1+14.10.20140714/src/client/mir_connection.cpp:96

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in qtdeclarative-opensource-src (Ubuntu):
importance: Undecided → Medium
summary: - qmlscene crashed with SIGSEGV in MirConnection::~MirConnection()
+ qmlscene crashed with SIGSEGV in _M_release()
tags: removed: need-armhf-retrace
Michał Sawicz (saviq)
information type: Private → Public
summary: - qmlscene crashed with SIGSEGV in _M_release()
+ qmlscene crashed with SIGSEGV in _M_release() on quit
Changed in qtdeclarative-opensource-src (Ubuntu):
status: New → Invalid
Revision history for this message
Alan Griffiths (alan-griffiths) wrote :

The problem is a cleardown sequence difficulty.

mirclient had some non-trivial static duration data that was accessed when connection_release was called.

This is fine for all the tests and examples in Mir. But platform-api delays calling connection_release until later with the result that access to dead objects was possible.

The linked branch changes one of the mir examples to do a similar thing and updates the client library to explicitly manage the lifetime of the required data.

Changed in mir (Ubuntu):
status: New → In Progress
assignee: nobody → Alan Griffiths (alan-griffiths)
Daniel van Vugt (vanvugt)
tags: added: rtm14
Changed in mir:
status: New → In Progress
assignee: nobody → Alan Griffiths (alan-griffiths)
Changed in mir (Ubuntu):
assignee: Alan Griffiths (alan-griffiths) → nobody
status: In Progress → Triaged
Changed in mir:
milestone: none → 0.6.0
importance: Undecided → High
Changed in mir (Ubuntu):
importance: Undecided → High
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

Fix committed into lp:mir/devel at revision None, scheduled for release in mir, milestone Unknown

Changed in mir:
status: In Progress → Fix Committed
Leo Arias (elopio)
tags: added: qa-daily-testing
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.7 KiB)

This bug was fixed in the package mir - 0.6.0+14.10.20140811-0ubuntu1

---------------
mir (0.6.0+14.10.20140811-0ubuntu1) utopic; urgency=medium

  [ Cemil Azizoglu ]
  * New upstream release 0.6.0 (https://launchpad.net/mir/+milestone/0.6.0)
    - mirclient ABI unchanged at 8. Clients do not need rebuilding.
    - mirserver ABI bumped to 24. Servers need rebuilding, but probably don't
      need modification:
      . Host lifecycle event listener for nested servers introduced.
      . Add query function to BasicSurface.
      . The (deprecated) function the_ipc_factory() is now removed.
      . Removed legacy support for overriding the focus controller or the
        frontend shell.
      . Added support for a common type for managing fd's.
      . Moved testdraw library to examples directory.
      . Added support for droping stale frames when a surface becomes exposed.
    - Enhancements:
      . Split underlying data transport out of MirSocketRpcChannel.
      . Introduced two new client-side functions : mir_surface_get_focus and
        mir_surface_get_visibility.
      . Added symbolic names for cursors.
      . Made "shared" code a true shared library.
      . Provide linker scripts to control symbols exported by [mesa|android]
        libmirclientplatform.
      . Correct xcursor loader test to fail properly instead of segfaulting.
      . Make mir::Fd type copy constructible.
      . Miscellaneous packaging related enhancements.
      . Miscellaneous build related enhancements.
      . Added automated test cases for detecting ABI breakage.
      . examples/fingerpaint: Enable frame dropping so it's faster and more
        responsive.
      . mirprotobuf folded into new libmircommon.
      . Don't propagate exceptions to graphics driver code.
      . Dropped unused/minimally used dependencies : boost-filesystem,
        boost-thread, boost-chrono, boost-regex.
      . platform: provide support for customizing Mir's behavior when a
        fatal_error occurs.
      . Expose an interface for touch visualization.
    - Bugs fixed:
      . Mir servers crash with SIGABRT - assertion failed at
        buffer_queue.cpp:136 - "!pending_client_notifications.empty()"
        (LP: #1335481)
      . [regression][hammerhead] Mir fails to start on Nexus 5 & 10 as it
        fails to turn vsync signal on (LP: #1345533)
      . [qtcomp] Random crash in Mir input when running AP tests: [terminate
        called after throwing an instance of '...' what(): assign: File exists]
        when constructing a mir::AsioMainLoop::FDHandler (LP: #1346952)
      . CI builds fail when trying to install libmircommon-dev (LP: #1348518)
      . [regression] Mir 0.6 GL clients crash immediately on startup (Mesa is
        trying to use X11 instead of Mir) (LP: #1350163)
      . qmlscene crashed with SIGSEGV in _M_release() on quit (LP: #1342694)
      . Clients cannot create surfaces when the screen is off (LP: #1344024)
      . The packaging of headers and libraries is confused (LP: #1347522)
      . [regression] Intermittent CI failure in
        ClientLibrary.receives_surface_dpi_value (LP: #1348095)
      . Installing mir-demos also unexpectedly installs *-dev p...

Read more...

Changed in mir (Ubuntu):
status: Triaged → Fix Released
Daniel van Vugt (vanvugt)
Changed in mir:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.