Bug 106310

Summary: crash backtrace
Product: Wayland Reporter: Dilian <dpa-bugs>
Component: westonAssignee: Wayland bug list <wayland-bugs>
Status: RESOLVED MOVED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Dilian 2018-04-29 16:01:31 UTC
Weston 4.0 crashed with this backtrace:   I use wayland-1.15.0 and wayland-protocols-1.13:

#0  0x00007fc64ce3f60a in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
        set = 
            {__val = {81926, 0, 140489700286272, 140489556020087, 140489700291456, 140489700504292, 64, 0, 2, 140489700284736, 1, 140489557871911, 140489700130880, 140489700130880, 21454416, 59648}}
        pid = <optimized out>
        tid = <optimized out>
#1  0x00007fc64ce406e1 in __GI_abort () at abort.c:79
        save_stage = 1
        act = 
          {__sigaction_handler = {sa_handler = 0x30, sa_sigaction = 0x30}, sa_mask = {__val = {19337240, 80, 20, 18446744073709551152, 140489693846227, 206158430211, 1315717493, 140489695969600, 140489693846496, 140489695972304, 140489693846227, 27036704, 1315717491, 140489695969624, 140732477818496, 140732477818784}}, sa_flags = -715569536, sa_restorer = 0x1000}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x00007fc64ce809a7 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fc64cf83458 "%s\n")
    at ../sysdeps/posix/libc_fatal.c:181
        ap = {{gp_offset = 24, fp_offset = 0, overflow_arg_area = 0x7ffed55947b0, reg_save_area = 0x7ffed5594740}}
        fd = <optimized out>
        list = <optimized out>
        nlist = <optimized out>
        cp = <optimized out>
        written = <optimized out>
#3  0x00007fc64ce86d7a in malloc_printerr (str=str@entry=0x7fc64cf815d6 "corrupted double-linked list")
    at malloc.c:5350
#4  0x00007fc64ce8a256 in _int_malloc (av=av@entry=0x7fc64d1b8c40 <main_arena>, bytes=bytes@entry=744)
    at malloc.c:3926
        p = 0x7fc64ce3f60a <__GI_raise+202>
        iters = <optimized out>
        nb = 752
        idx = <optimized out>
        bin = <optimized out>
        victim = <optimized out>
        size = <optimized out>
        victim_index = <optimized out>
        remainder = <optimized out>
        remainder_size = <optimized out>
        block = <optimized out>
        bit = <optimized out>
        map = <optimized out>
        fwd = <optimized out>
        bck = <optimized out>
        tcache_unsorted_count = <optimized out>
        tcache_nb = 752
        tc_idx = 45
        return_cached = <optimized out>
        __PRETTY_FUNCTION__ = "_int_malloc"
#5  0x00007fc64ce8c1e1 in __libc_calloc (n=n@entry=1, elem_size=elem_size@entry=744) at malloc.c:3436
        av = <optimized out>
        oldtop = 0x1aa5200
        p = <optimized out>
        bytes = 744
        sz = 744
        csz = <optimized out>
        oldtopsize = 1064448
        mem = <optimized out>
        clearsize = <optimized out>
        nclears = <optimized out>
        d = <optimized out>
        hook = <optimized out>
        __PRETTY_FUNCTION__ = "__libc_calloc"
#6  0x00007fc64e6d4c98 in zalloc (size=744) at ./shared/zalloc.h:38
#7  0x00007fc64e6d4c98 in weston_surface_create (compositor=compositor@entry=0x1281160) at libweston/compositor.c:459
#8  0x00007fc64e6d8704 in compositor_create_surface (client=0x1943f40, resource=0x1483580, id=12)
    at libweston/compositor.c:3262
        ec = 0x1281160
        surface = <optimized out>
#9  0x00007fc64e2b060e in ffi_call_unix64 () at /usr/local/lib/../lib/libffi.so.6
#10 0x00007fc64e2af8d9 in ffi_call () at /usr/local/lib/../lib/libffi.so.6
#11 0x00007fc64e4bed0c in wl_closure_invoke (closure=0x19c2b50, flags=<optimized out>, target=<optimized out>, opcode=0, data=<optimized out>) at src/connection.c:996
        cif = 
          {abi = FFI_UNIX64, nargs = 3, arg_types = 0x7ffed5594a50, rtype = 0x7fc64e2b0a00 <ffi_type_void>, bytes = 0, flags = 0}
        ffi_types = 
          {0x7fc64e2b08e0 <ffi_type_pointer>, 0x7fc64e2b08e0 <ffi_type_pointer>, 0x7fc64e2b0960 <ffi_type_uint32>, 0x7fc64e2b08e0 <ffi_type_pointer>, 0x7fc64e2b0960 <ffi_type_uint32>, 0x7fc64e2b0960 <ffi_type_uint32>, 0x90, 0x50, 0x19944c0, 0x80, 0x19944b0, 0x7fc64e4c0990, 0x90, 0x7fc64ce8bced <__GI___libc_realloc+205>, 0x1c0, 0x7fc64d1b8c40 <main_arena>, 0x19c2e88, 0x80, 0x1943f70, 0x8, 0x7fc64e4c0990, 0x7fc64e4bdad3 <wl_closure_clear_fds+51>}
        ffi_args = 
          {0x7ffed5594a20, 0x7ffed5594a28, 0x19c2b68, 0xc, 0x19c2b70, 0x7fc64e4bf9ef <wl_map_reserve_new+95>, 0xc, 0x7fc64e4c0e18, 0x7ffed5594ba8, 0x7fc64e4be731 <wl_connection_demarshal+449>, 0x19c2c2c, 0x19c2e70, 0x19c2c20, 0x19c2c2c, 0x19c2b50, 0x7fc64e4bea20 <wl_closure_lookup_objects+160>, 0x7ffed5594ba0, 0x7fc64e4b9e53 <log_closure+51>, 0x19c2b50, 0x7fc64e6c4b60 <wl_compositor_requests>, 0x4a, 0x148356e}
        implementation = <optimized out>
#12 0x00007fc64e4bb69f in wl_client_connection_data (fd=<optimized out>, mask=<optimized out>, data=0x1943f40)
    at src/wayland-server.c:420
        client = 0x1943f40
        connection = <optimized out>
        resource = 0x1483580
        object = 0x1483580
        closure = 0x19c2b50
        message = 0x7fc64e6c4b60 <wl_compositor_requests>
        p = {4, 786432}
        resource_flags = <optimized out>
        opcode = 0
        size = <optimized out>
        since = <optimized out>
        len = <optimized out>
#13 0x00007fc64e4bcf72 in wl_event_loop_dispatch (loop=0x1278ee0, timeout=timeout@entry=-1) at src/event-loop.c:641
        ep = 
              {{events = 1, data = {ptr = 0x19b0720, fd = 26937120, u32 = 26937120, u64 = 26937120}}, {events = 1, data = {ptr = 0x1427b40, fd = 21134144, u32 = 21134144, u64 = 21134144}}, {events = 1, data = {ptr = 0x1427b40, fd = 21134144, u32 = 21134144, u64 = 21134144}}, {events = 1, data = {ptr = 0x1929a60, fd = 26384992, u32 = 26384992, u64 = 26384992}}, {events = 300, data = {ptr = 0x19489a000000000, fd = 0, u32 = 0, u64 = 113867210878877696}}, {events = 0, data = {ptr = 0x7ffed5594d10, fd = -715567856, u32 = 3579399440, u64 = 140732477820176}}, {events = 26524088, data = {ptr = 0x19499a800000000, fd = 0, u32 = 0, u64 = 113884837424660480}}, {events = 0, data = {ptr = 0x7fc64e4bd4d5 <wl_connection_flush+309>, fd = 1313592533, u32 = 1313592533, u64 = 140489693844693}}, {events = 808, data = {ptr = 0xd5594d6000000000, fd = 0, u32 = 0, u64 = 15373403877718097920}}, {events = 32766, data = {ptr = 0x7ffed5594d50, fd = -715567792, u32 = 3579399504, u64 = 140732477820240}}, {events = 21125136, data = {ptr = 0x19c3e7800000000, fd = 0, u32 = 0, u64 = 116036375521787904}}, {events = 0, data = {ptr = 0x328, fd = 808, u32 = 808, u64 = 808}}, {events = 26515880, data = {ptr = 0x400000000, fd = 0, u32 = 0, u64 = 17179869184}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 0, data = {ptr = 0xd5594cf000007fc6, fd = 32710, u32 = 32710, u64 = 15373403396681793478}}, {events = 32766, data = {ptr = 0x1, fd = 1, u32 = 1, u64 = 1}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 21045872, data = {ptr = 0x1400000000, fd = 0, u32 = 0, u64 = 85899345920}}, {events = 0, data = {ptr = 0x100000001, fd = 1, u32 = 1, u64 = 4294967297}}, {events = 82, data = {ptr = 0x128116000000000, fd = 0, u32 = 0, u64 = 83335697120886784}}, {events = 0, data = {ptr = 0x7ffed55953b8, fd = -715566152, u32 = 3579401144, u64 = 140732477821880}}, {events = 1313583952, data = {ptr = 0x4e4bb2e000007fc6, fd = 32710, u32 = 32710, u64 = 5641799633354129350}}, {events = 32710, data = {ptr = 0x14272a0, fd = 21131936, u32 = 21131936, u64 = 21131936}}, {events = 18, data = {ptr = 0x127b94800000000, fd = 0, u32 = 0, u64 = 83238837018427392}}, {events = 0, data = {ptr = 0x7ffed5594ee0, fd = -715567392, u32 = 3579399904, u64 = 140732477820640}}, {events = 19403104, data = {ptr = 0xd55953b800000000, fd = 0, u32 = 0, u64 = 15373410852744986624}}, {events = 32766, data = {ptr = 0x7fc64e4bd629 <wl_connection_destroy+57>, fd = 1313592873, u32 = 1313592873, u64 = 140489693845033}}, {events = 3579401144, data = {ptr = 0x19a0ed000007ffe, fd = 32766, u32 = 32766, u64 = 115421026967388158}}, {events = 0, data = {ptr = 0x19a0f00, fd = 26873600, u32 = 26873600, u64 = 26873600}}, {events = 26492736, data = {ptr = 0x127b92800000000, fd = 0, u32 = 0, u64 = 83238699579473920}}, {events = 0, data = {ptr = 0x127b948, fd = 19380552, u32 = 19380552, u64 = 19380552}}}
        source = <optimized out>
        i = <optimized out>
        count = <optimized out>
#14 0x00007fc64e4bb86a in wl_display_run (display=display@entry=0x127b900) at src/wayland-server.c:1260
#15 0x000000000040558a in main (argc=<optimized out>, argv=0x7ffed55953b8) at compositor/main.c:1868
        ret = 1
        display = 0x127b900
        ec = 0x1281160
        signals = {0x127b7b0, 0x1279e30, 0x12770d0, 0x12771c0}
        loop = <optimized out>
        i = 1
        fd = <optimized out>
        backend = 0x1281140 "drm-backend.so"
        shell = 0x14746f0 "desktop-shell.so"
        xwayland = 0
        modules = 0x1482370 "systemd-notify.so"
        option_modules = 0x0
        log = 0x0
        server_socket = <optimized out>
        idle_time = 300
        help = 0
        socket_name = 0x0
        version = 0
        noconfig = 0
        numlock_on = 0
        config_file = 0x0
        config = <optimized out>
        section = <optimized out>
        primary_client = <optimized out>
        primary_client_destroyed = {link = {prev = 0x0, next = 0x1}, notify = 0x1281800}
        seat = <optimized out>
        user_data = 
          {config = 0x12822b0, parsed_options = 0x0, pending_output_listener = {link = {prev = 0x1281228, next = 0x1281228}, notify = 0x406690 <drm_backend_output_configure>}, drm_use_current_mode = false}
        require_input = 1
        wait_for_debugger = 0
        core_options = 
            {{type = WESTON_OPTION_STRING, name = 0x409ca0 "backend", short_name = 66 'B', data = 0x7ffed5594eb0}, {type = WESTON_OPTION_STRING, name = 0x409ca8 "shell", short_name = 0 '\000', data = 0x7ffed5594eb8}, {type = WESTON_OPTION_STRING, name = 0x409ea4 "socket", short_name = 83 'S', data = 0x7ffed5594ed8}, {type = WESTON_OPTION_INTEGER, name = 0x409cae "idle-time", short_name = 105 'i', data = 0x7ffed5594e88}, {type = WESTON_OPTION_BOOLEAN, name = 0x409cb8 "xwayland", short_name = 0 '\000', data = 0x7ffed5594e84}, {type = WESTON_OPTION_STRING, name = 0x409cc1 "modules", short_name = 0 '\000', data = 0x7ffed5594ec8}, {type = WESTON_OPTION_STRING, name = 0x409cc9 "log", short_name = 0 '\000', data = 0x7ffed5594ed0}, {type = WESTON_OPTION_BOOLEAN, name = 0x409ccd "help", short_name = 104 'h', data = 0x7ffed5594e8c}, {type = WESTON_OPTION_BOOLEAN, name = 0x409cd2 "version", short_name = 0 '\000', data = 0x7ffed5594e90}, {type = WESTON_OPTION_BOOLEAN, name = 0x409cda "no-config", short_name = 0 '\000', data = 0x7ffed5594e94}, {type = WESTON_OPTION_STRING, name = 0x409cdd "config", short_name = 99 'c', data = 0x7ffed5594ee0}, {type = WESTON_OPTION_BOOLEAN, name = 0x409ce4 "wait-for-debugger", short_name = 0 '\000', data = 0x7ffed5594e9c}}


  Id   Target Id         Frame 
* 1    Thread 0x7fc64eae7900 (LWP 1216) __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
Comment 1 Daniel Stone 2018-06-04 06:48:50 UTC
There is memory corruption happening somewhere. Which driver are you using, and can you please run under Valgrind?
Comment 2 GitLab Migration User 2018-06-08 23:56:11 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/wayland/weston/issues/106.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.