Bug 66132 - double free or corruption
Summary: double free or corruption
Status: VERIFIED FIXED
Alias: None
Product: Wayland
Classification: Unclassified
Component: weston (show other bugs)
Version: unspecified
Hardware: Other All
: medium critical
Assignee: Wayland bug list
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-06-24 19:09 UTC by U. Artie Eoff
Modified: 2013-06-25 20:25 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
gdb backtrace (21.73 KB, text/plain)
2013-06-25 15:52 UTC, U. Artie Eoff 		Details
View All

Description U. Artie Eoff 2013-06-24 19:09:00 UTC 
Weston's subsurface-test causes Weston to core dump with a "double free or corruption" and the subsurface-test process is left churning at 100% CPU.

*** glibc detected *** /home/uartie/Work/intel/wayland/build/weston/tests/../src/weston: double free or corruption (fasttop): 0x0000000001ee1740 ***
======= Backtrace: =========
/lib64/libc.so.6[0x376327c00e]
/home/uartie/Work/intel/wayland/install/lib/libwayland-server.so.0(wl_resource_destroy+0x7e)[0x7ff50e9e7f0c]
/home/uartie/Work/intel/wayland/build/weston/tests/../src/weston[0x40eb41]
/lib64/libffi.so.5(ffi_call_unix64+0x4c)[0x3765e05e90]
/lib64/libffi.so.5(ffi_call+0x1e0)[0x3765e058a0]
/home/uartie/Work/intel/wayland/install/lib/libwayland-server.so.0(+0x1037c)[0x7ff50e9f137c]
/home/uartie/Work/intel/wayland/install/lib/libwayland-server.so.0(+0x689a)[0x7ff50e9e789a]
/home/uartie/Work/intel/wayland/install/lib/libwayland-server.so.0(+0x95e6)[0x7ff50e9ea5e6]
/home/uartie/Work/intel/wayland/install/lib/libwayland-server.so.0(wl_event_loop_dispatch+0xcc)[0x7ff50e9eb264]
/home/uartie/Work/intel/wayland/install/lib/libwayland-server.so.0(wl_display_run+0x66)[0x7ff50e9e8e62]
/home/uartie/Work/intel/wayland/build/weston/tests/../src/weston[0x4119a7]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x3763221735]
/home/uartie/Work/intel/wayland/build/weston/tests/../src/weston[0x407eb9]

This starting happening somewhere within the following commit window 'git whatchanged a58290b38..8a4a9eb'
Comment 1 U. Artie Eoff 2013-06-24 19:27:58 UTC 
This started with the following Wayland commit:

96afa34: http://cgit.freedesktop.org/wayland/wayland/commit/?id=96afa347762bd9796288e8052ccc42989a68386d
Comment 2 U. Artie Eoff 2013-06-25 15:37:58 UTC 
In weston source directory, run:

TESTS=subsurface-test make check
Comment 3 U. Artie Eoff 2013-06-25 15:45:43 UTC 
(In reply to comment #2)
> In weston source directory, run:
> 
> TESTS=subsurface-test make check

Ugh... 

In weston tests directory, run

$ make check TESTS=subsurface-test
Comment 4 U. Artie Eoff 2013-06-25 15:52:18 UTC 
Created attachment 81415 [details]
gdb backtrace
Comment 5 U. Artie Eoff 2013-06-25 16:35:12 UTC 
jekstrand identified the culprit:

http://cgit.freedesktop.org/wayland/weston/tree/src/compositor.c#n2210

...commenting out that line fixes the core dump.

Other suspects that might result in double-free's are at:

./src/shell.c:1009:	free(resource);
./src/shell.c:3617:	free(resource);
./src/shell.c:3696:	free(resource);
./src/shell.c:3919:	free(resource);
./src/text-backend.c:537:	free(resource);
./src/text-backend.c:750:	free(resource);
./src/compositor.c:2210:	free(resource);
./src/compositor.c:2517:	free(resource);
./src/input.c:43:	free(resource);
./src/data-device.c:558:	free(resource);

However, I ran a few tests to hit "some" of those code paths and found no indication of issue.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.