Mir

Segfault when closing apps that link against ubuntu_application_api_mirclient

Bug #1238312 reported by Ricardo Salveti on 2013-10-10
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mir
Fix Released
Critical
Thomas Voß
mir (Ubuntu)
Critical
Thomas Voß

Bug Description

Latest -touch image, mako or maguro:

"""
#include <stdlib.h>
#include <stdio.h>

#include <ubuntu/application/ui/window.h>
#include <ubuntu/application/ui/options.h>
#include <ubuntu/application/ui/display.h>
#include <ubuntu/application/ui/session.h>

void foobar()
{
 ua_ui_session_properties_new ();
}

int main(int argc, char **argv)
{
 printf("Testing\n");

 return 0;
}
"""
phablet@ubuntu-phablet:/tmp/test$ gcc test.c -o test -lubuntu_application_api_mirclient
phablet@ubuntu-phablet:/tmp/test$ ./test
Testing
--> Seg fault

BT:
Program terminated with signal 11, Segmentation fault.
#0 memset () at ../ports/sysdeps/arm/memset.S:30
30 ../ports/sysdeps/arm/memset.S: No such file or directory.
(gdb) bt full
#0 memset () at ../ports/sysdeps/arm/memset.S:30
No locals.
#1 0x408311c6 in std::_Hashtable<MirConnection*, MirConnection*, std::allocator<MirConnection*>, std::__detail::_Identity, std::equal_to<MirConnection*>, std::hash<MirConnection*>, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false, true, true> >::clear() () from /usr/lib/arm-linux-gnueabihf/libmirclient.so.3
No symbol table info available.
#2 0x408311d8 in std::unordered_set<MirConnection*, std::hash<MirConnection*>, std::equal_to<MirConnection*>, std::allocator<MirConnection*> >::~unordered_set() () from /usr/lib/arm-linux-gnueabihf/libmirclient.so.3
No symbol table info available.
#3 0x40686d6c in __run_exit_handlers (status=0, listp=0x4073d4a4 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true) at exit.c:77
        atfct = <optimized out>
        onfct = <optimized out>
        cxafct = <optimized out>
        f = 0x1abdb48
#4 0x40686dc8 in __GI_exit (status=<optimized out>) at exit.c:99
No locals.
#5 0x40675456 in __libc_start_main (main=0x9551 <main>, argc=3, ubp_av=0xbeddb304, init=<optimized out>, fini=0xa019 <__libc_csu_fini+1>, rtld_fini=0x400f4291 <_dl_fini>, stack_end=0xbeddb304) at libc-start.c:294
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 0, 1081331712, 0, 0, 0, 1074823168, 0, -1092767304, 1080513575, 0 <repeats 18 times>, -1092766956, 2, -1, 1080767269, 1080466872, 1075567496, 1075892224, 1077111573, -1092766972, -1092766956, 1081332940, 1075893820,
                8, 1077279239, 1081332940, 1075681677, 1077318148, 1, 1077345536, 1085576176, 1087090688, 0, 77852, 1087091904, 0, 1074823168, 0, 1074739149, 1085576176, 1, 1, 0, 4, 1080466872, 1, 0}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0,
              0x400f7e10 <_dl_runtime_resolve+24>}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
#6 0x00009ed2 in _start ()
Cannot access memory at address 0xa7a5

Related branches

Ricardo Salveti (rsalveti) wrote :

This is currently blocking the gst-plugins-bad integration as when unloading the androidmedia element, it crashes.

Changed in mir:
importance: Undecided → Critical
status: New → Confirmed
Ricardo Mendoza (ricmm) wrote :

When using a cross-built Mir, the program exits normally. It seems like its only exhibited when built with a native toolchain.

For testing, cross-built binaries can be found in:
http://people.canonical.com/~ricmm/mir-fixed/

Changed in mir (Ubuntu):
status: New → Confirmed
importance: Undecided → Critical
Ricardo Salveti (rsalveti) wrote :

Can confirm it works fine for cross-built based binaries.

Cross built it following http://unity.ubuntu.com/mir/building_source_for_android.html, then running cross-compile-chroot.sh from mir's source package.

Changed in mir:
assignee: nobody → Ricardo Mendoza (ricmm)
status: Confirmed → In Progress
milestone: none → phone-v1-freeze
Ricardo Salveti (rsalveti) wrote :

So it seems that this is related with the optimization flag used. Worked with the cross-compiled binaries as it was using the 'debug' build by default, not O2.

Tested a rebuild, and worked fine with O0, but failed with O1 and O2.

Daniel van Vugt (vanvugt) wrote :

It could still be a subtle memory error that's only tripped in optimized builds. Meaning there's potentially still a root cause in our code. Blaming the compiler is almost always wrong.

Changed in mir:
assignee: Ricardo Mendoza (ricmm) → Thomas Voß (thomas-voss)
PS Jenkins bot (ps-jenkins) wrote :

Fix committed into lp:~mir-team/mir/development-branch at revision None, scheduled for release in mir, milestone Unknown

Changed in mir:
status: In Progress → Fix Committed
Daniel van Vugt (vanvugt) wrote :

Fix committed to lp:mir at revision 1097

Changed in mir (Ubuntu):
status: Confirmed → Fix Committed
assignee: nobody → Thomas Voß (thomas-voss)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mir - 0.0.14+13.10.20131011-0ubuntu1

---------------
mir (0.0.14+13.10.20131011-0ubuntu1) saucy; urgency=low

  [ thomas-voss ]
  * Clean up duplicate instances of the valid connections set. Remove
    the static instances from the header file. (LP: #1238312) Requested
    to be merged directly to lp:mir by didrocks, tvoss. (LP: #1238312)

  [ Ubuntu daily release ]
  * Automatic snapshot from revision 1097
 -- Ubuntu daily release <email address hidden> Fri, 11 Oct 2013 06:59:30 +0000

Changed in mir (Ubuntu):
status: Fix Committed → Fix Released
Daniel van Vugt (vanvugt) wrote :

That's confusing. The LP history seems to suggest this fix missed 0.0.14+13.10.20131011-0ubuntu1 and will be in the following release.

Changed in mir:
milestone: phone-v1-freeze → 0.0.15
Changed in mir:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers