-
Bug
-
Resolution: Fixed
-
Critical
-
Flounder
On rcar-m3, agl-demo-platform configured with agl-demo and agl-devel, HomeScreen frequently crushes at booting by abort() of double free.
On upsquared with FF.rc6, this can be observed for every boot.
This is triggered by unexpected deferred delete in Qt.
Here is backtrace of HomeScreen:
#0 __GI_raise (sig=sig@entry=6) at /usr/src/debug/glibc/2.26-r0/git/sysdeps/unix/sysv/linux/raise.c:51 #1 0x0000ffff8f5a1b8c in __GI_abort () at /usr/src/debug/glibc/2.26-r0/git/stdlib/abort.c:90 #2 0x0000ffff8f5da038 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0xffff8f6951d0 "%s\n") at /usr/src/debug/glibc/2.26-r0/git/sysdeps/posix/libc_fatal.c:181 #3 0x0000ffff8f5e024c in malloc_printerr (str=str@entry=0xffff8f690eb8 "double free or corruption (out)") at /usr/src/debug/glibc/2.26-r0/git/malloc/malloc.c:5368 #4 0x0000ffff8f5e1f78 in _int_free (av=0xffff8f6baa50 <main_arena>, p=0xaaaabb56dfb0, have_lock=<optimized out>) at /usr/src/debug/glibc/2.26-r0/git/malloc/malloc.c:4285 #5 0x0000ffff8fb59a9c in QObject::event (this=<optimized out>, e=<optimized out>) at /usr/src/debug/qtbase/5.9.6+gitAUTOINC+9c50112304-r0/git/src/corelib/kernel/qobject.cpp:1238 #6 0x0000ffff8fb286c0 in doNotify (event=<optimized out>, receiver=<optimized out>) at /usr/src/debug/qtbase/5.9.6+gitAUTOINC+9c50112304-r0/git/src/corelib/kernel/qcoreapplication.cpp:1099 #7 QCoreApplication::notify (this=<optimized out>, receiver=<optimized out>, event=<optimized out>) at /usr/src/debug/qtbase/5.9.6+gitAUTOINC+9c50112304-r0/git/src/corelib/kernel/qcoreapplication.cpp:1085 #8 0x0000ffff8fb28834 in QCoreApplication::notifyInternal2 (receiver=receiver@entry=0xaaaabb56dfc0, event=event@entry=0xaaaabb4f0ab0) at /usr/src/debug/qtbase/5.9.6+gitAUTOINC+9c50112304-r0/git/src/corelib/kernel/qcoreapplication.cpp:1024 #9 0x0000ffff8fb2b228 in QCoreApplication::sendEvent (event=0xaaaabb4f0ab0, receiver=0xaaaabb56dfc0) at /usr/src/debug/qtbase/5.9.6+gitAUTOINC+9c50112304-r0/git/src/corelib/kernel/qcoreapplication.h:233 #10 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0xaaaabb491d30) at /usr/src/debug/qtbase/5.9.6+gitAUTOINC+9c50112304-r0/git/src/corelib/kernel/qcoreapplication.cpp:1699 #11 0x0000ffff8fb82188 in QEventDispatcherUNIX::processEvents (this=0xaaaabb4eecc0, flags=...) at /usr/src/debug/qtbase/5.9.6+gitAUTOINC+9c50112304-r0/git/src/corelib/kernel/qeventdispatcher_unix.cpp:466 #12 0x0000ffff8cba8e64 in QUnixEventDispatcherQPA::processEvents (this=<optimized out>, flags=...) at /usr/src/debug/qtbase/5.9.6+gitAUTOINC+9c50112304-r0/git/src/platformsupport/eventdispatchers/qunixeventdispatcher.cpp:68 #13 0x0000ffff8fb262dc in QEventLoop::exec (this=this@entry=0xffffdd9de0e0, flags=flags@entry=...) at /usr/src/debug/qtbase/5.9.6+gitAUTOINC+9c50112304-r0/git/src/corelib/kernel/qeventloop.cpp:212 #14 0x0000ffff8fb2f9c4 in QCoreApplication::exec () at /usr/src/debug/qtbase/5.9.6+gitAUTOINC+9c50112304-r0/git/src/corelib/kernel/qcoreapplication.cpp:1297 #15 0x0000aaaaaea619c4 in main (argc=<optimized out>, argv=<optimized out>) at /work/agl/src/repos/apps/homescreen/homescreen/src/main.cpp:152
QEvent::DeferredDelete dispatched
#10 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0xaaaabb491d30) at /usr/src/debug/qtbase/5.9.6+gitAUTOINC+9c50112304-r0/git/src/corelib/kernel/qcoreapplication.cpp:1699 1699 QCoreApplication::sendEvent(r, e); (gdb) list 1694 MutexUnlocker unlocker(locker); 1695 1696 QScopedPointer<QEvent> event_deleter(e); // will delete the event (with the mutex unlocked) 1697 1698 // after all that work, it's time to deliver the event. 1699 QCoreApplication::sendEvent(r, e); 1700 1701 // careful when adding anything below this point - the 1702 // sendEvent() call might invalidate any invariants this 1703 // function depends on.