Discussion:
[Wayland-bugs] [Bug 106516] weston: /shared/zalloc.h : malloc fails
b***@freedesktop.org
2018-05-14 16:27:41 UTC
Permalink
https://bugs.freedesktop.org/show_bug.cgi?id=106516

Bug ID: 106516
Summary: weston: /shared/zalloc.h : malloc fails
Product: Wayland
Version: 1.5.0
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: medium
Component: weston
Assignee: wayland-***@lists.freedesktop.org
Reporter: dpa-***@aegee.org

Weston crashed with this backtrace, I have no idea how the double-link list was
corrupted.

#0 0x00007fe51a5a460a in __GI_raise (sig=***@entry=6) at
../sysdeps/unix/sysv/linux/raise.c:51
set =
{__val = {81926, 0, 42761744, 140621707042816, 0, 140621851985594,
64, 0, 2, 140621996603712, 1, 140621853977895, 140621996449856,
140621996449856, 1, 0}}
pid = <optimized out>
tid = <optimized out>
#1 0x00007fe51a5a56e1 in __GI_abort () at abort.c:79
save_stage = 1
act =
{__sigaction_handler = {sa_handler = 0x10, sa_sigaction = 0x10},
sa_mask = {__val = {140621966368491, 16, 20, 0, 140621989948115,
140729993711136, 467833205, 140621992071488, 140621989948384, 140729993711632,
140621989948115, 42973552, 467833203, 140621992071512, 140729993710816,
140729993711104}}, sa_flags = 1095290080, sa_restorer = 0x1000}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007fe51a5e59a7 in __libc_message (action=***@entry=do_abort,
fmt=***@entry=0x7fe51a6e8458 "%s\n")
at ../sysdeps/posix/libc_fatal.c:181
ap = {{gp_offset = 24, fp_offset = 0, overflow_arg_area =
0x7ffe4148ce10, reg_save_area = 0x7ffe4148cda0}}
fd = <optimized out>
list = <optimized out>
nlist = <optimized out>
cp = <optimized out>
written = <optimized out>
#3 0x00007fe51a5ebd7a in malloc_printerr (str=***@entry=0x7fe51a6ea468
"malloc(): smallbin double linked list corrupted") at malloc.c:5350
#4 0x00007fe51a5ef0cc in _int_malloc (av=***@entry=0x7fe51a91dc40 <main_arena>,
bytes=***@entry=744)
at malloc.c:3648
tc_idx = <optimized out>
p = <optimized out>
nb = 752
idx = 47
bin = 0x7fe51a91df80 <main_arena+832>
victim = <optimized out>
size = <optimized out>
victim_index = <optimized out>
remainder = <optimized out>
remainder_size = <optimized out>
block = <optimized out>
bit = <optimized out>
map = <optimized out>
fwd = <optimized out>
bck = <optimized out>
tcache_unsorted_count = <optimized out>
tcache_nb = <optimized out>
tc_idx = <optimized out>
return_cached = <optimized out>
__PRETTY_FUNCTION__ = "_int_malloc"
#5 0x00007fe51a5f11e1 in __libc_calloc (n=***@entry=1,
elem_size=***@entry=744) at malloc.c:3436
av = <optimized out>
oldtop = 0x297e9d0
p = <optimized out>
bytes = 744
sz = 744
csz = <optimized out>
oldtopsize = 558640
mem = <optimized out>
clearsize = <optimized out>
nclears = <optimized out>
d = <optimized out>
hook = <optimized out>
__PRETTY_FUNCTION__ = "__libc_calloc"
#6 0x00007fe51be39198 in zalloc (size=744) at ./shared/zalloc.h:38
#7 0x00007fe51be39198 in weston_surface_create
(compositor=***@entry=0x21d81d0) at libweston/compositor.c:459
#8 0x00007fe51be3cc04 in compositor_create_surface (client=0x237e3b0,
resource=0x28a53b0, id=12)
at libweston/compositor.c:3262
ec = 0x21d81d0
surface = <optimized out>
#9 0x00007fe51ba1560e in ffi_call_unix64 () at
/usr/local/lib/../lib/libffi.so.6
#10 0x00007fe51ba148d9 in ffi_call () at /usr/local/lib/../lib/libffi.so.6
#11 0x00007fe51bc23d0c in wl_closure_invoke (closure=0x2916dc0,
flags=<optimized out>, target=<optimized out>, opcode=0, data=<optimized out>)
at src/connection.c:996
cif =
{abi = FFI_UNIX64, nargs = 3, arg_types = 0x7ffe4148d0b0, rtype =
0x7fe51ba15a00 <ffi_type_void>, bytes = 0, flags = 0}
ffi_types =
{0x7fe51ba158e0 <ffi_type_pointer>, 0x7fe51ba158e0
<ffi_type_pointer>, 0x7fe51ba15960 <ffi_type_uint32>, 0x7fe51ba158e0
<ffi_type_pointer>, 0x7fe51ba15960 <ffi_type_uint32>, 0x7fe51ba15960
<ffi_type_uint32>, 0x90, 0x50, 0x234ceb0, 0x80, 0x234cea0, 0x7fe51bc25990,
0x90, 0x7fe51a5f0ced <__GI___libc_realloc+205>, 0x198, 0x7fe51a91dc40
<main_arena>, 0x23422e8, 0x80, 0x237e3e0, 0x8, 0x7fe51bc25990, 0x7fe51bc22ad3
<wl_closure_clear_fds+51>}
ffi_args =
{0x7ffe4148d080, 0x7ffe4148d088, 0x2916dd8, 0xc, 0x2916de0,
0x7fe51bc249ef <wl_map_reserve_new+95>, 0xc, 0x7fe51bc25e18, 0x7ffe4148d208,
0x7fe51bc23731 <wl_connection_demarshal+449>, 0x2916e9c, 0x23422d0, 0x2916e90,
0x2916e9c, 0x2916dc0, 0x7fe51bc23a20 <wl_closure_lookup_objects+160>,
0x7ffe4148d200, 0x7fe51bc1ee53 <log_closure+51>, 0x2916dc0, 0x7fe51be29b60
<wl_compositor_requests>, 0x52, 0x28a536e}
implementation = <optimized out>
#12 0x00007fe51bc2069f in wl_client_connection_data (fd=<optimized out>,
mask=<optimized out>, data=0x237e3b0)
at src/wayland-server.c:420
client = 0x237e3b0
connection = <optimized out>
resource = 0x28a53b0
object = 0x28a53b0
closure = 0x2916dc0
message = 0x7fe51be29b60 <wl_compositor_requests>
p = {4, 786432}
resource_flags = <optimized out>
opcode = 0
size = <optimized out>
since = <optimized out>
len = <optimized out>
#13 0x00007fe51bc21f72 in wl_event_loop_dispatch (loop=0x21cfee0,
timeout=***@entry=-1) at src/event-loop.c:641
ep =
{{events = 1, data = {ptr = 0x28d34d0, fd = 42808528, u32 =
42808528, u64 = 42808528}}, {events = 1, data = {ptr = 0x21d8810, fd =
35489808, u32 = 35489808, u64 = 35489808}}, {events = 1, data = {ptr =
0x21d8810, fd = 35489808, u32 = 35489808, u64 = 35489808}}, {events = 1, data =
{ptr = 0x28957b0, fd = 42555312, u32 = 42555312, u64 = 42555312}}, {events =
32, data = {ptr = 0x237128000000000, fd = 0, u32 = 0, u64 =
159616652760055808}}, {events = 0, data = {ptr = 0x7ffe4148d370, fd =
1095291760, u32 = 1095291760, u64 = 140729993712496}}, {events = 37175960, data
= {ptr = 0x237228800000000, fd = 0, u32 = 0, u64 = 159634279305838592}},
{events = 0, data = {ptr = 0x7fe51bc224d5 <wl_connection_flush+309>, fd =
465708245, u32 = 465708245, u64 = 140621989946581}}, {events = 32, data = {ptr
= 0x4148d3c000000000, fd = 0, u32 = 0, u64 = 4704242632375664640}}, {events =
32766, data = {ptr = 0x7ffe4148d3b0, fd = 1095291824, u32 = 1095291824, u64 =
140729993712560}}, {events = 1, data = {ptr = 0x28a79a4002b4f0c, fd = 2838284,
u32 = 2838284, u64 = 183092480146362124}}, {events = 0, data = {ptr = 0x20, fd
= 32, u32 = 32, u64 = 32}}, {events = 37086920, data = {ptr = 0x1c00000000, fd
= 0, u32 = 0, u64 = 120259084288}}, {events = 0, data = {ptr = 0x0, fd = 0, u32
= 0, u64 = 0}}, {events = 0, data = {ptr = 0x4148d350023a9be0, fd = 37395424,
u32 = 37395424, u64 = 4704242151376722912}}, {events = 32766, data = {ptr =
0x1, fd = 1, u32 = 1, u64 = 1}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 =
0, u64 = 0}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}},
{events = 0, data = {ptr = 0x1400000000, fd = 0, u32 = 0, u64 = 85899345920}},
{events = 0, data = {ptr = 0x100000001, fd = 1, u32 = 1, u64 = 4294967297}},
{events = 24, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 0, data
= {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 0, data = {ptr = 0x0, fd =
0, u32 = 0, u64 = 0}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 =
0}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 0,
data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 0, data = {ptr = 0x0,
fd = 0, u32 = 0, u64 = 0}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0,
u64 = 0}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events
= 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 42570080, data =
{ptr = 0x28cd3d000000000, fd = 0, u32 = 0, u64 = 183754575122006016}}, {events
= 0, data = {ptr = 0x21d2948, fd = 35465544, u32 = 35465544, u64 = 35465544}}}
source = <optimized out>
i = <optimized out>
count = <optimized out>
#14 0x00007fe51bc2086a in wl_display_run (display=***@entry=0x21d2900) at
src/wayland-server.c:1260
#15 0x00000000004050ca in main (argc=<optimized out>, argv=0x7ffe4148da18) at
compositor/main.c:1868
ret = 1
display = 0x21d2900
ec = 0x21d81d0
signals = {0x21d27b0, 0x21d0e30, 0x21ce0d0, 0x21ce1c0}
loop = <optimized out>
i = 1
fd = <optimized out>
backend = 0x21d81b0 "drm-backend.so"
shell = 0x23caed0 "desktop-shell.so"
xwayland = 0
modules = 0x23d8990 "systemd-notify.so"
option_modules = 0x0
log = 0x0
server_socket = <optimized out>
idle_time = 300
help = 0
socket_name = 0x0
version = 0
noconfig = 0
numlock_on = 0
config_file = 0x0
config = <optimized out>
section = <optimized out>
primary_client = <optimized out>
primary_client_destroyed = {link = {prev = 0x0, next = 0x1}, notify =
0x21d8800}
seat = <optimized out>
user_data =
{config = 0x21d8cf0, parsed_options = 0x0, pending_output_listener =
{link = {prev = 0x21d8298, next = 0x21d8298}, notify = 0x4061d0
<drm_backend_output_configure>}, drm_use_current_mode = false}
require_input = 1
wait_for_debugger = 0
core_options =
{{type = WESTON_OPTION_STRING, name = 0x4097e0 "backend",
short_name = 66 'B', data = 0x7ffe4148d510}, {type = WESTON_OPTION_STRING, name
= 0x4097e8 "shell", short_name = 0 '\000', data = 0x7ffe4148d518}, {type =
WESTON_OPTION_STRING, name = 0x4099e4 "socket", short_name = 83 'S', data =
0x7ffe4148d538}, {type = WESTON_OPTION_INTEGER, name = 0x4097ee "idle-time",
short_name = 105 'i', data = 0x7ffe4148d4e8}, {type = WESTON_OPTION_BOOLEAN,
name = 0x4097f8 "xwayland", short_name = 0 '\000', data = 0x7ffe4148d4e4},
{type = WESTON_OPTION_STRING, name = 0x409801 "modules", short_name = 0 '\000',
data = 0x7ffe4148d528}, {type = WESTON_OPTION_STRING, name = 0x409809 "log",
short_name = 0 '\000', data = 0x7ffe4148d530}, {type = WESTON_OPTION_BOOLEAN,
name = 0x40980d "help", short_name = 104 'h', data = 0x7ffe4148d4ec}, {type =
WESTON_OPTION_BOOLEAN, name = 0x409812 "version", short_name = 0 '\000', data =
0x7ffe4148d4f0}, {type = WESTON_OPTION_BOOLEAN, name = 0x40981a "no-config",
short_name = 0 '\000', data = 0x7ffe4148d4f4}, {type = WESTON_OPTION_STRING,
name = 0x40981d "config", short_name = 99 'c', data = 0x7ffe4148d540}, {type =
WESTON_OPTION_BOOLEAN, name = 0x409824 "wait-for-debugger", short_name = 0
'\000', data = 0x7ffe4148d4fc}}
--
You are receiving this mail because:
You are the assignee for the bug.
b***@freedesktop.org
2018-06-08 23:56:22 UTC
Permalink
https://bugs.freedesktop.org/show_bug.cgi?id=106516

GitLab Migration User <gitlab-***@fdo.invalid> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |MOVED

--- Comment #1 from GitLab Migration User <gitlab-***@fdo.invalid> ---
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been
closed from further activity.

You can subscribe and participate further through the new bug through this link
to our GitLab instance:
https://gitlab.freedesktop.org/wayland/weston/issues/110.
--
You are receiving this mail because:
You are the assignee for the bug.
Loading...