Bug 66132

Summary: double free or corruption
Product: Wayland Reporter: U. Artie Eoff <ullysses.a.eoff>
Component: westonAssignee: Wayland bug list <wayland-bugs>
Status: VERIFIED FIXED QA Contact:
Severity: critical    
Priority: medium CC: jason
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: gdb backtrace

Description U. Artie Eoff 2013-06-24 19:09:00 UTC 
Weston's subsurface-test causes Weston to core dump with a "double free or corruption" and the subsurface-test process is left churning at 100% CPU.

*** glibc detected *** /home/uartie/Work/intel/wayland/build/weston/tests/../src/weston: double free or corruption (fasttop): 0x0000000001ee1740 ***
======= Backtrace: =========
/lib64/libc.so.6[0x376327c00e]
/home/uartie/Work/intel/wayland/install/lib/libwayland-server.so.0(wl_resource_destroy+0x7e)[0x7ff50e9e7f0c]
/home/uartie/Work/intel/wayland/build/weston/tests/../src/weston[0x40eb41]
/lib64/libffi.so.5(ffi_call_unix64+0x4c)[0x3765e05e90]
/lib64/libffi.so.5(ffi_call+0x1e0)[0x3765e058a0]
/home/uartie/Work/intel/wayland/install/lib/libwayland-server.so.0(+0x1037c)[0x7ff50e9f137c]
/home/uartie/Work/intel/wayland/install/lib/libwayland-server.so.0(+0x689a)[0x7ff50e9e789a]
/home/uartie/Work/intel/wayland/install/lib/libwayland-server.so.0(+0x95e6)[0x7ff50e9ea5e6]
/home/uartie/Work/intel/wayland/install/lib/libwayland-server.so.0(wl_event_loop_dispatch+0xcc)[0x7ff50e9eb264]
/home/uartie/Work/intel/wayland/install/lib/libwayland-server.so.0(wl_display_run+0x66)[0x7ff50e9e8e62]
/home/uartie/Work/intel/wayland/build/weston/tests/../src/weston[0x4119a7]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x3763221735]
/home/uartie/Work/intel/wayland/build/weston/tests/../src/weston[0x407eb9]

This starting happening somewhere within the following commit window 'git whatchanged a58290b38..8a4a9eb'
Comment 1 U. Artie Eoff 2013-06-24 19:27:58 UTC 
This started with the following Wayland commit:

96afa34: http://cgit.freedesktop.org/wayland/wayland/commit/?id=96afa347762bd9796288e8052ccc42989a68386d
Comment 2 U. Artie Eoff 2013-06-25 15:37:58 UTC 
In weston source directory, run:

TESTS=subsurface-test make check
Comment 3 U. Artie Eoff 2013-06-25 15:45:43 UTC 
(In reply to comment #2)
> In weston source directory, run:
> 
> TESTS=subsurface-test make check

Ugh... 

In weston tests directory, run

$ make check TESTS=subsurface-test
Comment 4 U. Artie Eoff 2013-06-25 15:52:18 UTC 
Created attachment 81415 [details]
gdb backtrace
Comment 5 U. Artie Eoff 2013-06-25 16:35:12 UTC 
jekstrand identified the culprit:

http://cgit.freedesktop.org/wayland/weston/tree/src/compositor.c#n2210

...commenting out that line fixes the core dump.

Other suspects that might result in double-free's are at:

./src/shell.c:1009:	free(resource);
./src/shell.c:3617:	free(resource);
./src/shell.c:3696:	free(resource);
./src/shell.c:3919:	free(resource);
./src/text-backend.c:537:	free(resource);
./src/text-backend.c:750:	free(resource);
./src/compositor.c:2210:	free(resource);
./src/compositor.c:2517:	free(resource);
./src/input.c:43:	free(resource);
./src/data-device.c:558:	free(resource);

However, I ran a few tests to hit "some" of those code paths and found no indication of issue.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.