https://bugs.freedesktop.org/show_bug.cgi?id=106516
Bug ID: 106516
Summary: weston: /shared/zalloc.h : malloc fails
Product: Wayland
Version: 1.5.0
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: medium
Component: weston
Assignee: wayland-bugs@lists.freedesktop.org
Reporter: dpa-b...@aegee.org
Weston crashed with this backtrace, I have no idea how the double-link list was
corrupted.
#0 0x00007fe51a5a460a in __GI_raise (sig=sig@entry=6) at
../sysdeps/unix/sysv/linux/raise.c:51
set =
{__val = {81926, 0, 42761744, 140621707042816, 0, 140621851985594,
64, 0, 2, 140621996603712, 1, 140621853977895, 140621996449856,
140621996449856, 1, 0}}
pid = <optimized out>
tid = <optimized out>
#1 0x00007fe51a5a56e1 in __GI_abort () at abort.c:79
save_stage = 1
act =
{__sigaction_handler = {sa_handler = 0x10, sa_sigaction = 0x10},
sa_mask = {__val = {140621966368491, 16, 20, 0, 140621989948115,
140729993711136, 467833205, 140621992071488, 140621989948384, 140729993711632,
140621989948115, 42973552, 467833203, 140621992071512, 140729993710816,
140729993711104}}, sa_flags = 1095290080, sa_restorer = 0x1000}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007fe51a5e59a7 in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x7fe51a6e8458 "%s\n")
at ../sysdeps/posix/libc_fatal.c:181
ap = {{gp_offset = 24, fp_offset = 0, overflow_arg_area =
0x7ffe4148ce10, reg_save_area = 0x7ffe4148cda0}}
fd = <optimized out>
list = <optimized out>
nlist = <optimized out>
cp = <optimized out>
written = <optimized out>
#3 0x00007fe51a5ebd7a in malloc_printerr (str=str@entry=0x7fe51a6ea468
"malloc(): smallbin double linked list corrupted") at malloc.c:5350
#4 0x00007fe51a5ef0cc in _int_malloc (av=av@entry=0x7fe51a91dc40 <main_arena>,
bytes=bytes@entry=744)
at malloc.c:3648
tc_idx = <optimized out>
p = <optimized out>
nb = 752
idx = 47
bin = 0x7fe51a91df80 <main_arena+832>
victim = <optimized out>
size = <optimized out>
victim_index = <optimized out>
remainder = <optimized out>
remainder_size = <optimized out>
block = <optimized out>
bit = <optimized out>
map = <optimized out>
fwd = <optimized out>
bck = <optimized out>
tcache_unsorted_count = <optimized out>
tcache_nb = <optimized out>
tc_idx = <optimized out>
return_cached = <optimized out>
__PRETTY_FUNCTION__ = "_int_malloc"
#5 0x00007fe51a5f11e1 in __libc_calloc (n=n@entry=1,
elem_size=elem_size@entry=744) at malloc.c:3436
av = <optimized out>
oldtop = 0x297e9d0
p = <optimized out>
bytes = 744
sz = 744
csz = <optimized out>
oldtopsize = 558640
mem = <optimized out>
clearsize = <optimized out>
nclears = <optimized out>
d = <optimized out>
hook = <optimized out>
__PRETTY_FUNCTION__ = "__libc_calloc"
#6 0x00007fe51be39198 in zalloc (size=744) at ./shared/zalloc.h:38
#7 0x00007fe51be39198 in weston_surface_create
(compositor=compositor@entry=0x21d81d0) at libweston/compositor.c:459
#8 0x00007fe51be3cc04 in compositor_create_surface (client=0x237e3b0,
resource=0x28a53b0, id=12)
at libweston/compositor.c:3262
ec = 0x21d81d0
surface = <optimized out>
#9 0x00007fe51ba1560e in ffi_call_unix64 () at
/usr/local/lib/../lib/libffi.so.6
#10 0x00007fe51ba148d9 in ffi_call () at /usr/local/lib/../lib/libffi.so.6
#11 0x00007fe51bc23d0c in wl_closure_invoke (closure=0x2916dc0,
flags=<optimized out>, target=<optimized out>, opcode=0, data=<optimized out>)
at src/connection.c:996
cif =
{abi = FFI_UNIX64, nargs = 3, arg_types = 0x7ffe4148d0b0, rtype =
0x7fe51ba15a00 <ffi_type_void>, bytes = 0, flags = 0}
ffi_types =
{0x7fe51ba158e0 <ffi_type_pointer>, 0x7fe51ba158e0
<ffi_type_pointer>, 0x7fe51ba15960 <ffi_type_uint32>, 0x7fe51ba158e0
<ffi_type_pointer>, 0x7fe51ba15960 <ffi_type_uint32>, 0x7fe51ba15960
<ffi_type_uint32>, 0x90, 0x50, 0x234ceb0, 0x80, 0x234cea0, 0x7fe51bc25990,
0x90, 0x7fe51a5f0ced <__GI___libc_realloc+205>, 0x198, 0x7fe51a91dc40
<main_arena>, 0x23422e8, 0x80, 0x237e3e0, 0x8, 0x7fe51bc25990, 0x7fe51bc22ad3
<wl_closure_clear_fds+51>}
ffi_args =
{0x7ffe4148d080, 0x7ffe4148d088, 0x2916dd8, 0xc, 0x2916de0,
0x7fe51bc249ef <wl_map_reserve_new+95>, 0xc, 0x7fe51bc25e18, 0x7ffe4148d208,
0x7fe51bc23731 <wl_connection_demarshal+449>, 0x2916e9c, 0x23422d0, 0x2916e90,
0x2916e9c, 0x2916dc0, 0x7fe51bc23a20 <wl_closure_lookup_objects+160>,
0x7ffe4148d200, 0x7fe51bc1ee53 <log_closure+51>, 0x2916dc0, 0x7fe51be29b60
<wl_compositor_requests>, 0x52, 0x28a536e}
implementation = <optimized out>
#12 0x00007fe51bc2069f in wl_client_connection_data (fd=<optimized out>,
mask=<optimized out>, data=0x237e3b0)
at src/wayland-server.c:420
client = 0x237e3b0
connection = <optimized out>
resource = 0x28a53b0
object = 0x28a53b0
closure = 0x2916dc0
message = 0x7fe51be29b60 <wl_compositor_requests>
p = {4, 786432}
resource_flags = <optimized out>
opcode = 0
size = <optimized out>
since = <optimized out>
len = <optimized out>
#13 0x00007fe51bc21f72 in wl_event_loop_dispatch (loop=0x21cfee0,
timeout=timeout@entry=-1) at src/event-loop.c:641
ep =
{{events = 1, data = {ptr = 0x28d34d0, fd = 42808528, u32 =
42808528, u64 = 42808528}}, {events = 1, data = {ptr = 0x21d8810, fd =
35489808, u32 = 35489808, u64 = 35489808}}, {events = 1, data = {ptr =
0x21d8810, fd = 35489808, u32 = 35489808, u64 = 35489808}}, {events = 1, data =
{ptr = 0x28957b0, fd = 42555312, u32 = 42555312, u64 = 42555312}}, {events =
32, data = {ptr = 0x237128000000000, fd = 0, u32 = 0, u64 =
159616652760055808}}, {events = 0, data = {ptr = 0x7ffe4148d370, fd =
1095291760, u32 = 1095291760, u64 = 140729993712496}}, {events = 37175960, data
= {ptr = 0x237228800000000, fd = 0, u32 = 0, u64 = 159634279305838592}},
{events = 0, data = {ptr = 0x7fe51bc224d5 <wl_connection_flush+309>, fd =
465708245, u32 = 465708245, u64 = 140621989946581}}, {events = 32, data = {ptr
= 0x4148d3c000000000, fd = 0, u32 = 0, u64 = 4704242632375664640}}, {events =
32766, data = {ptr = 0x7ffe4148d3b0, fd = 1095291824, u32 = 1095291824, u64 =
140729993712560}}, {events = 1, data = {ptr = 0x28a79a4002b4f0c, fd = 2838284,
u32 = 2838284, u64 = 183092480146362124}}, {events = 0, data = {ptr = 0x20, fd
= 32, u32 = 32, u64 = 32}}, {events = 37086920, data = {ptr = 0x1c00000000, fd
= 0, u32 = 0, u64 = 120259084288}}, {events = 0, data = {ptr = 0x0, fd = 0, u32
= 0, u64 = 0}}, {events = 0, data = {ptr = 0x4148d350023a9be0, fd = 37395424,
u32 = 37395424, u64 = 4704242151376722912}}, {events = 32766, data = {ptr =
0x1, fd = 1, u32 = 1, u64 = 1}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 =
0, u64 = 0}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}},
{events = 0, data = {ptr = 0x1400000000, fd = 0, u32 = 0, u64 = 85899345920}},
{events = 0, data = {ptr = 0x100000001, fd = 1, u32 = 1, u64 = 4294967297}},
{events = 24, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 0, data
= {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 0, data = {ptr = 0x0, fd =
0, u32 = 0, u64 = 0}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 =
0}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 0,
data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 0, data = {ptr = 0x0,
fd = 0, u32 = 0, u64 = 0}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0,
u64 = 0}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events
= 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 42570080, data =
{ptr = 0x28cd3d000000000, fd = 0, u32 = 0, u64 = 183754575122006016}}, {events
= 0, data = {ptr = 0x21d2948, fd = 35465544, u32 = 35465544, u64 = 35465544}}}
source = <optimized out>
i = <optimized out>
count = <optimized out>
#14 0x00007fe51bc2086a in wl_display_run (display=display@entry=0x21d2900) at
src/wayland-server.c:1260
#15 0x00000000004050ca in main (argc=<optimized out>, argv=0x7ffe4148da18) at
compositor/main.c:1868
ret = 1
display = 0x21d2900
ec = 0x21d81d0
signals = {0x21d27b0, 0x21d0e30, 0x21ce0d0, 0x21ce1c0}
loop = <optimized out>
i = 1
fd = <optimized out>
backend = 0x21d81b0 "drm-backend.so"
shell = 0x23caed0 "desktop-shell.so"
xwayland = 0
modules = 0x23d8990 "systemd-notify.so"
option_modules = 0x0
log = 0x0
server_socket = <optimized out>
idle_time = 300
help = 0
socket_name = 0x0
version = 0
noconfig = 0
numlock_on = 0
config_file = 0x0
config = <optimized out>
section = <optimized out>
primary_client = <optimized out>
primary_client_destroyed = {link = {prev = 0x0, next = 0x1}, notify =
0x21d8800}
seat = <optimized out>
user_data =
{config = 0x21d8cf0, parsed_options = 0x0, pending_output_listener =
{link = {prev = 0x21d8298, next = 0x21d8298}, notify = 0x4061d0
<drm_backend_output_configure>}, drm_use_current_mode = false}
require_input = 1
wait_for_debugger = 0
core_options =
{{type = WESTON_OPTION_STRING, name = 0x4097e0 "backend",
short_name = 66 'B', data = 0x7ffe4148d510}, {type = WESTON_OPTION_STRING, name
= 0x4097e8 "shell", short_name = 0 '\000', data = 0x7ffe4148d518}, {type =
WESTON_OPTION_STRING, name = 0x4099e4 "socket", short_name = 83 'S', data =
0x7ffe4148d538}, {type = WESTON_OPTION_INTEGER, name = 0x4097ee "idle-time",
short_name = 105 'i', data = 0x7ffe4148d4e8}, {type = WESTON_OPTION_BOOLEAN,
name = 0x4097f8 "xwayland", short_name = 0 '\000', data = 0x7ffe4148d4e4},
{type = WESTON_OPTION_STRING, name = 0x409801 "modules", short_name = 0 '\000',
data = 0x7ffe4148d528}, {type = WESTON_OPTION_STRING, name = 0x409809 "log",
short_name = 0 '\000', data = 0x7ffe4148d530}, {type = WESTON_OPTION_BOOLEAN,
name = 0x40980d "help", short_name = 104 'h', data = 0x7ffe4148d4ec}, {type =
WESTON_OPTION_BOOLEAN, name = 0x409812 "version", short_name = 0 '\000', data =
0x7ffe4148d4f0}, {type = WESTON_OPTION_BOOLEAN, name = 0x40981a "no-config",
short_name = 0 '\000', data = 0x7ffe4148d4f4}, {type = WESTON_OPTION_STRING,
name = 0x40981d "config", short_name = 99 'c', data = 0x7ffe4148d540}, {type =
WESTON_OPTION_BOOLEAN, name = 0x409824 "wait-for-debugger", short_name = 0
'\000', data = 0x7ffe4148d4fc}}
--
You are receiving this mail because:
You are the assignee for the bug._______________________________________________
wayland-bugs mailing list
wayland-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/wayland-bugs
