Re: Compositor crashes when switching tty
On Fri, 31 May 2019 04:39:44 +0100 adlo wrote: > On Fri, 2019-05-31 at 01:22 +0100, adlo wrote: > > On Thu, 2019-05-30 at 13:39 +0300, Pekka Paalanen wrote: > > > > > > Hi, > > > > > > as always, look at the very first problem reported. Other problems > > > may be fallout from the first one, so fix the first one, and > > > repeat. > > > > > > It is quite easy to corrupt a list based on struct wl_list, which > > > will then result in more errors all over the place. > > > > > > > The first problem is this: > > > > ==13998== Invalid write of size 8 > > ==13998==at 0x4884ADB: wl_list_remove (in /usr/lib64/libwayland- > > server.so.0.1.0) > > ==13998==by 0x48A2585: weston_view_set_output (in > > /usr/lib64/libweston-6.so.0.0.0) > > ==13998==by 0x48A41AD: weston_view_unmap (in > > /usr/lib64/libweston- > > 6.so.0.0.0) > > ==13998==by 0x48A5587: weston_view_destroy (in > > /usr/lib64/libweston-6.so.0.0.0) > > ==13998==by 0x48A5664: weston_surface_destroy (in > > /usr/lib64/libweston-6.so.0.0.0) > > ==13998==by 0x4880927: ??? (in /usr/lib64/libwayland- > > server.so.0.1.0) > > ==13998==by 0x4884A7F: ??? (in /usr/lib64/libwayland- > > server.so.0.1.0) > > ==13998==by 0x4884FC3: ??? (in /usr/lib64/libwayland- > > server.so.0.1.0) > > ==13998==by 0x4880AA1: wl_client_destroy (in > > /usr/lib64/libwayland- > > server.so.0.1.0) > > ==13998==by 0x4880EDD: wl_display_flush_clients (in > > /usr/lib64/libwayland-server.so.0.1.0) > > ==13998==by 0x4880F17: wl_display_run (in /usr/lib64/libwayland- > > server.so.0.1.0) > > ==13998==by 0x403A57: main (main-wayland.c:625) > > ==13998== Address 0x9fcda10 is 96 bytes inside a block of size 120 > > free'd > > ==13998==at 0x4839A0C: free (vg_replace_malloc.c:540) > > ==13998==by 0x48DD073: ??? (in /usr/lib64/libweston-desktop- > > 6.so.0.0.0) > > ==13998==by 0x48D8E53: ??? (in /usr/lib64/libweston-desktop- > > 6.so.0.0.0) > > ==13998==by 0x4880927: ??? (in /usr/lib64/libwayland- > > server.so.0.1.0) > > ==13998==by 0x4880993: wl_resource_destroy (in > > /usr/lib64/libwayland-server.so.0.1.0) > > ==13998==by 0x5984B27: ffi_call_unix64 (in > > /usr/lib64/libffi.so.6.0.2) > > ==13998==by 0x5984338: ffi_call (in /usr/lib64/libffi.so.6.0.2) > > ==13998==by 0x48841B6: ??? (in /usr/lib64/libwayland- > > server.so.0.1.0) > > ==13998==by 0x4880D31: ??? (in /usr/lib64/libwayland- > > server.so.0.1.0) > > ==13998==by 0x4882369: wl_event_loop_dispatch (in > > /usr/lib64/libwayland-server.so.0.1.0) > > ==13998==by 0x4880F24: wl_display_run (in /usr/lib64/libwayland- > > server.so.0.1.0) > > ==13998==by 0x403A57: main (main-wayland.c:625) > > > > However, this doesn't seem to call back into my compositor's code at > > any point. I see a call to weston_surface_destroy (), which suggests > > a > > surface was destroyed. However, if a surface was destroyed, I would > > expect to see a call to surface_removed () in src/shell.c. How do I > > interpret this? > > > > How do I debug something that isn't even part of my code? It goes > straight from main to wl_display_run to library code without calling > any of my callbacks. Hi, what likely happens here is that the first Valgrind error already is just a fallout from an earlier bug. You corrupt a list, free memory, continue happily, then something else tries to use the list and hits memory access errors. This is how you get errors in code that is nowhere near the code you wrote. You also do not see it in a stack trace, because the bug happens in one call from the main event loop, and causes problems in another call from the main event loop. Often the Valgrind error report can point you to which list is corrupted. Then you will have to debug the use of that list the hard way: gdb, add printf's, whatever lets you make sense of it, to see what list operation is illegal but does not indicate any problems right on the spot. Some usual mistakes with wl_list are: - wl_list_insert() of a 'link' that is already in some list - forgetting to wl_list_remove() before freeing the item's memory - removing an item from a list you are iterating through (this has several sub-cases though, one that is safe) - trying to use wl_list_empty() to figure out if wl_list_remove() is safe There is no function that would always be able to tell you if a 'struct wl_list' variable is initialized or not. You have to design your code such that you know: either by guaranteed by the code, determined from another variable, or making sure your variable is always initialized so that wl_list_remove() is always safe. Of course, all this is assuming it is the usual kind of list corruption. It could as well be just some bit of code overwriting arbitrary memory due to a bug. That is much harder to track down, but also less common. Thanks, pq pgpGNBjtZkNZg.pgp Description: OpenPGP digital signature ___ wayland-devel mailing
Re: Compositor crashes when switching tty
On Fri, 2019-05-31 at 01:22 +0100, adlo wrote: > On Thu, 2019-05-30 at 13:39 +0300, Pekka Paalanen wrote: > > > > Hi, > > > > as always, look at the very first problem reported. Other problems > > may be fallout from the first one, so fix the first one, and > > repeat. > > > > It is quite easy to corrupt a list based on struct wl_list, which > > will then result in more errors all over the place. > > > > The first problem is this: > > ==13998== Invalid write of size 8 > ==13998==at 0x4884ADB: wl_list_remove (in /usr/lib64/libwayland- > server.so.0.1.0) > ==13998==by 0x48A2585: weston_view_set_output (in > /usr/lib64/libweston-6.so.0.0.0) > ==13998==by 0x48A41AD: weston_view_unmap (in > /usr/lib64/libweston- > 6.so.0.0.0) > ==13998==by 0x48A5587: weston_view_destroy (in > /usr/lib64/libweston-6.so.0.0.0) > ==13998==by 0x48A5664: weston_surface_destroy (in > /usr/lib64/libweston-6.so.0.0.0) > ==13998==by 0x4880927: ??? (in /usr/lib64/libwayland- > server.so.0.1.0) > ==13998==by 0x4884A7F: ??? (in /usr/lib64/libwayland- > server.so.0.1.0) > ==13998==by 0x4884FC3: ??? (in /usr/lib64/libwayland- > server.so.0.1.0) > ==13998==by 0x4880AA1: wl_client_destroy (in > /usr/lib64/libwayland- > server.so.0.1.0) > ==13998==by 0x4880EDD: wl_display_flush_clients (in > /usr/lib64/libwayland-server.so.0.1.0) > ==13998==by 0x4880F17: wl_display_run (in /usr/lib64/libwayland- > server.so.0.1.0) > ==13998==by 0x403A57: main (main-wayland.c:625) > ==13998== Address 0x9fcda10 is 96 bytes inside a block of size 120 > free'd > ==13998==at 0x4839A0C: free (vg_replace_malloc.c:540) > ==13998==by 0x48DD073: ??? (in /usr/lib64/libweston-desktop- > 6.so.0.0.0) > ==13998==by 0x48D8E53: ??? (in /usr/lib64/libweston-desktop- > 6.so.0.0.0) > ==13998==by 0x4880927: ??? (in /usr/lib64/libwayland- > server.so.0.1.0) > ==13998==by 0x4880993: wl_resource_destroy (in > /usr/lib64/libwayland-server.so.0.1.0) > ==13998==by 0x5984B27: ffi_call_unix64 (in > /usr/lib64/libffi.so.6.0.2) > ==13998==by 0x5984338: ffi_call (in /usr/lib64/libffi.so.6.0.2) > ==13998==by 0x48841B6: ??? (in /usr/lib64/libwayland- > server.so.0.1.0) > ==13998==by 0x4880D31: ??? (in /usr/lib64/libwayland- > server.so.0.1.0) > ==13998==by 0x4882369: wl_event_loop_dispatch (in > /usr/lib64/libwayland-server.so.0.1.0) > ==13998==by 0x4880F24: wl_display_run (in /usr/lib64/libwayland- > server.so.0.1.0) > ==13998==by 0x403A57: main (main-wayland.c:625) > > However, this doesn't seem to call back into my compositor's code at > any point. I see a call to weston_surface_destroy (), which suggests > a > surface was destroyed. However, if a surface was destroyed, I would > expect to see a call to surface_removed () in src/shell.c. How do I > interpret this? > How do I debug something that isn't even part of my code? It goes straight from main to wl_display_run to library code without calling any of my callbacks. Regards adlo ___ wayland-devel mailing list wayland-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/wayland-devel
Re: Compositor crashes when switching tty
On Thu, 2019-05-30 at 13:39 +0300, Pekka Paalanen wrote:
> On Thu, 30 May 2019 00:50:32 +0100
> adlo wrote:
>
> > Also, there are lots of "Invalid writes of size 8", but a lot of
> > them
> > don't seem to originate from functions in my program, but from the
> > Wayland libraries themselves. What is going on there?
>
> Hi,
>
> as always, look at the very first problem reported. Other problems
> may be fallout from the first one, so fix the first one, and repeat.
>
> It is quite easy to corrupt a list based on struct wl_list, which
> will then result in more errors all over the place.
>
The first problem is this:
==13998== Invalid write of size 8
==13998==at 0x4884ADB: wl_list_remove (in /usr/lib64/libwayland-
server.so.0.1.0)
==13998==by 0x48A2585: weston_view_set_output (in
/usr/lib64/libweston-6.so.0.0.0)
==13998==by 0x48A41AD: weston_view_unmap (in /usr/lib64/libweston-
6.so.0.0.0)
==13998==by 0x48A5587: weston_view_destroy (in
/usr/lib64/libweston-6.so.0.0.0)
==13998==by 0x48A5664: weston_surface_destroy (in
/usr/lib64/libweston-6.so.0.0.0)
==13998==by 0x4880927: ??? (in /usr/lib64/libwayland-
server.so.0.1.0)
==13998==by 0x4884A7F: ??? (in /usr/lib64/libwayland-
server.so.0.1.0)
==13998==by 0x4884FC3: ??? (in /usr/lib64/libwayland-
server.so.0.1.0)
==13998==by 0x4880AA1: wl_client_destroy (in /usr/lib64/libwayland-
server.so.0.1.0)
==13998==by 0x4880EDD: wl_display_flush_clients (in
/usr/lib64/libwayland-server.so.0.1.0)
==13998==by 0x4880F17: wl_display_run (in /usr/lib64/libwayland-
server.so.0.1.0)
==13998==by 0x403A57: main (main-wayland.c:625)
==13998== Address 0x9fcda10 is 96 bytes inside a block of size 120
free'd
==13998==at 0x4839A0C: free (vg_replace_malloc.c:540)
==13998==by 0x48DD073: ??? (in /usr/lib64/libweston-desktop-
6.so.0.0.0)
==13998==by 0x48D8E53: ??? (in /usr/lib64/libweston-desktop-
6.so.0.0.0)
==13998==by 0x4880927: ??? (in /usr/lib64/libwayland-
server.so.0.1.0)
==13998==by 0x4880993: wl_resource_destroy (in
/usr/lib64/libwayland-server.so.0.1.0)
==13998==by 0x5984B27: ffi_call_unix64 (in
/usr/lib64/libffi.so.6.0.2)
==13998==by 0x5984338: ffi_call (in /usr/lib64/libffi.so.6.0.2)
==13998==by 0x48841B6: ??? (in /usr/lib64/libwayland-
server.so.0.1.0)
==13998==by 0x4880D31: ??? (in /usr/lib64/libwayland-
server.so.0.1.0)
==13998==by 0x4882369: wl_event_loop_dispatch (in
/usr/lib64/libwayland-server.so.0.1.0)
==13998==by 0x4880F24: wl_display_run (in /usr/lib64/libwayland-
server.so.0.1.0)
==13998==by 0x403A57: main (main-wayland.c:625)
However, this doesn't seem to call back into my compositor's code at
any point. I see a call to weston_surface_destroy (), which suggests a
surface was destroyed. However, if a surface was destroyed, I would
expect to see a call to surface_removed () in src/shell.c. How do I
interpret this?
Trying a different tack, it seems that the errors disappear if I remove
the call to free () in surface_removed ():
void surface_removed (struct weston_desktop_surface *desktop_surface,
void *user_data)
{
DisplayInfo *server = user_data;
CWindowWayland *self = weston_desktop_surface_get_user_data
(desktop_surface);
if (!self)
return;
wl_signal_emit (>destroy_signal, self);
weston_desktop_surface_unlink_view (self->view);
weston_view_destroy (self->view);
weston_desktop_surface_set_user_data (desktop_surface, NULL);
free (self); //errors go away if I remove this
}
How can I fix this?
Regards
adlo
___
wayland-devel mailing list
wayland-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/wayland-devel
Re: Compositor crashes when switching tty
On Thu, 30 May 2019 00:50:32 +0100 adlo wrote: > On Wed, 2019-05-29 at 08:19 -0500, Matteo Valdina wrote: > > Re-iterate the process.Run valgrind, read the log, search for bugs. > > Until valgrind run smoothly. > Also, there are lots of "Invalid writes of size 8", but a lot of them > don't seem to originate from functions in my program, but from the > Wayland libraries themselves. What is going on there? Hi, as always, look at the very first problem reported. Other problems may be fallout from the first one, so fix the first one, and repeat. It is quite easy to corrupt a list based on struct wl_list, which will then result in more errors all over the place. Thanks, pq pgpophfSE14Kp.pgp Description: OpenPGP digital signature ___ wayland-devel mailing list wayland-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/wayland-devel
Re: Compositor crashes when switching tty
On Wed, 2019-05-29 at 08:19 -0500, Matteo Valdina wrote: > Re-iterate the process.Run valgrind, read the log, search for bugs. > Until valgrind run smoothly. > > Best > > On Wed, May 29, 2019, 02:32 adlo wrote: > > On 29 May 2019, at 03:53, Matteo Valdina > > wrote: > > > > > As valgrind pointing out at shell.c line 982 > > > > > > > > > > > > > > > shell = zalloc (sizeof (shell)); > > > > > > Here you are allocating the pointer size not the structure size. > > > You probably want type Shell. > > > > > > > This reduces the amount of crashing, but does not completely > > eliminate it. My compositor still coredumps when switching vt > > multiple times, especially when also opening and closing windows on > > my compositor. > > Here is the valgrind output: ==13998== Memcheck, a memory error detector ==13998== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==13998== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==13998== Command: src/xfway ==13998== Parent PID: 11262 ==13998== ==13998== Warning: noted but unhandled ioctl 0x6458 with no size/direction hints. ==13998==This could cause spurious value errors to appear. ==13998==See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper. ==13998== Invalid write of size 8 ==13998==at 0x4884ADB: wl_list_remove (in /usr/lib64/libwayland- server.so.0.1.0) ==13998==by 0x48A2585: weston_view_set_output (in /usr/lib64/libweston-6.so.0.0.0) ==13998==by 0x48A41AD: weston_view_unmap (in /usr/lib64/libweston- 6.so.0.0.0) ==13998==by 0x48A5587: weston_view_destroy (in /usr/lib64/libweston-6.so.0.0.0) ==13998==by 0x48A5664: weston_surface_destroy (in /usr/lib64/libweston-6.so.0.0.0) ==13998==by 0x4880927: ??? (in /usr/lib64/libwayland- server.so.0.1.0) ==13998==by 0x4884A7F: ??? (in /usr/lib64/libwayland- server.so.0.1.0) ==13998==by 0x4884FC3: ??? (in /usr/lib64/libwayland- server.so.0.1.0) ==13998==by 0x4880AA1: wl_client_destroy (in /usr/lib64/libwayland- server.so.0.1.0) ==13998==by 0x4880EDD: wl_display_flush_clients (in /usr/lib64/libwayland-server.so.0.1.0) ==13998==by 0x4880F17: wl_display_run (in /usr/lib64/libwayland- server.so.0.1.0) ==13998==by 0x403A57: main (main-wayland.c:625) ==13998== Address 0x9fcda10 is 96 bytes inside a block of size 120 free'd ==13998==at 0x4839A0C: free (vg_replace_malloc.c:540) ==13998==by 0x48DD073: ??? (in /usr/lib64/libweston-desktop- 6.so.0.0.0) ==13998==by 0x48D8E53: ??? (in /usr/lib64/libweston-desktop- 6.so.0.0.0) ==13998==by 0x4880927: ??? (in /usr/lib64/libwayland- server.so.0.1.0) ==13998==by 0x4880993: wl_resource_destroy (in /usr/lib64/libwayland-server.so.0.1.0) ==13998==by 0x5984B27: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2) ==13998==by 0x5984338: ffi_call (in /usr/lib64/libffi.so.6.0.2) ==13998==by 0x48841B6: ??? (in /usr/lib64/libwayland- server.so.0.1.0) ==13998==by 0x4880D31: ??? (in /usr/lib64/libwayland- server.so.0.1.0) ==13998==by 0x4882369: wl_event_loop_dispatch (in /usr/lib64/libwayland-server.so.0.1.0) ==13998==by 0x4880F24: wl_display_run (in /usr/lib64/libwayland- server.so.0.1.0) ==13998==by 0x403A57: main (main-wayland.c:625) ==13998== Block was alloc'd at ==13998==at 0x483AB1A: calloc (vg_replace_malloc.c:762) ==13998==by 0x40447E: surface_added (shell.c:255) ==13998==by 0x48D81EB: ??? (in /usr/lib64/libweston-desktop- 6.so.0.0.0) ==13998==by 0x48DCBF0: ??? (in /usr/lib64/libweston-desktop- 6.so.0.0.0) ==13998==by 0x48DCDCE: ??? (in /usr/lib64/libweston-desktop- 6.so.0.0.0) ==13998==by 0x5984B27: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2) ==13998==by 0x5984338: ffi_call (in /usr/lib64/libffi.so.6.0.2) ==13998==by 0x48841B6: ??? (in /usr/lib64/libwayland- server.so.0.1.0) ==13998==by 0x4880D31: ??? (in /usr/lib64/libwayland- server.so.0.1.0) ==13998==by 0x4882369: wl_event_loop_dispatch (in /usr/lib64/libwayland-server.so.0.1.0) ==13998==by 0x4880F24: wl_display_run (in /usr/lib64/libwayland- server.so.0.1.0) ==13998==by 0x403A57: main (main-wayland.c:625) ==13998== ==13998== Invalid read of size 8 ==13998==at 0x4884AB4: wl_list_insert (in /usr/lib64/libwayland- server.so.0.1.0) ==13998==by 0x485F6AF: ??? (in /usr/lib64/libweston-6/drm- backend.so) ==13998==by 0x485E61C: ??? (in /usr/lib64/libweston-6/drm- backend.so) ==13998==by 0x485E77B: ??? (in /usr/lib64/libweston-6/drm- backend.so) ==13998==by 0x4863A45: ??? (in /usr/lib64/libweston-6/drm- backend.so) ==13998==by 0x636D6BC: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.19.10) ==13998==by 0x486291B: ??? (in /usr/lib64/libweston-6/drm- backend.so) ==13998==by 0x48823E8: wl_event_loop_dispatch (in /usr/lib64/libwayland-server.so.0.1.0) ==13998==by 0x4880F24: wl_display_run (in /usr/lib64/libwayland- server.so.0.1.0) ==13998==by 0x403A57: main
Re: Compositor crashes when switching tty
Re-iterate the process. Run valgrind, read the log, search for bugs. Until valgrind run smoothly. Best On Wed, May 29, 2019, 02:32 adlo wrote: > On 29 May 2019, at 03:53, Matteo Valdina wrote: > > As valgrind pointing out at shell.c line 982 > > shell = zalloc (sizeof (shell)); > > Here you are allocating the pointer size not the structure size. You > probably want type Shell. > > > This reduces the amount of crashing, but does not completely eliminate it. > My compositor still coredumps when switching vt multiple times, especially > when also opening and closing windows on my compositor. > > What else might I need to do? > > Is this code enough to open a basic display on the DRM backend? > > > https://github.com/adlocode/xfway/blob/9a676ddd9eecc7f8e23915d5c79f57c6368d6fc7/src/main-wayland.c#L276 > > Regards > > adlo > ___ wayland-devel mailing list wayland-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/wayland-devel
Re: Compositor crashes when switching tty
> On 29 May 2019, at 03:53, Matteo Valdina wrote: > > > As valgrind pointing out at shell.c line 982 > > shell = zalloc (sizeof (shell)); > > Here you are allocating the pointer size not the structure size. You probably > want type Shell. > This reduces the amount of crashing, but does not completely eliminate it. My compositor still coredumps when switching vt multiple times, especially when also opening and closing windows on my compositor. What else might I need to do? Is this code enough to open a basic display on the DRM backend? https://github.com/adlocode/xfway/blob/9a676ddd9eecc7f8e23915d5c79f57c6368d6fc7/src/main-wayland.c#L276 Regards adlo___ wayland-devel mailing list wayland-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/wayland-devel
Re: Compositor crashes when switching tty
As valgrind pointing out at shell.c line 982 shell = zalloc (sizeof (shell)); Here you are allocating the pointer size not the structure size. You probably want type Shell. Best Matteo On Tue, May 28, 2019 at 9:36 PM adlo wrote: > On Tue, 2019-05-28 at 13:38 -0400, Adam Jackson wrote: > > On Tue, 2019-05-28 at 08:26 +0100, adlo wrote: > > > When switching tty, my compositor crashes with error messages such > > > as > > > > > > free (): invalid size Aborted (core dumped) > > > or > > > malloc (): invalid chunk size > > > > This means something is corrupting the malloc arena metadata. Run > > your > > compositor under valgrind and fix what it complains about. > > > > Here is the valgrind output: > > ==15641== Memcheck, a memory error detector > ==15641== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et > al. > ==15641== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright > info > ==15641== Command: src/xfway > ==15641== Parent PID: 7074 > ==15641== > ==15641== Invalid write of size 8 > ==15641==at 0x404604: launch_desktop_shell_process (shell.c:961) > ==15641==by 0x48822D2: wl_event_loop_dispatch_idle (in > /usr/lib64/libwayland-server.so.0.1.0) > ==15641==by 0x4882327: wl_event_loop_dispatch (in > /usr/lib64/libwayland-server.so.0.1.0) > ==15641==by 0x4880F24: wl_display_run (in /usr/lib64/libwayland- > server.so.0.1.0) > ==15641==by 0x403A47: main (main-wayland.c:626) > ==15641== Address 0x8f21c58 is 0 bytes after a block of size 8 alloc'd > ==15641==at 0x483AB1A: calloc (vg_replace_malloc.c:762) > ==15641==by 0x4052C2: zalloc (zalloc.h:38) > ==15641==by 0x4052C2: xfway_server_shell_init (shell.c:982) > ==15641==by 0x403A37: main (main-wayland.c:623) > ==15641== > ==15641== Invalid write of size 8 > ==15641==at 0x40460D: launch_desktop_shell_process (shell.c:968) > ==15641==by 0x48822D2: wl_event_loop_dispatch_idle (in > /usr/lib64/libwayland-server.so.0.1.0) > ==15641==by 0x4882327: wl_event_loop_dispatch (in > /usr/lib64/libwayland-server.so.0.1.0) > ==15641==by 0x4880F24: wl_display_run (in /usr/lib64/libwayland- > server.so.0.1.0) > ==15641==by 0x403A47: main (main-wayland.c:626) > ==15641== Address 0x8f21c78 is 24 bytes after a block of size 16 in > arena "client" > ==15641== > ==15641== Invalid write of size 8 > ==15641==at 0x4884AB8: wl_list_insert (in /usr/lib64/libwayland- > server.so.0.1.0) > ==15641==by 0x48822D2: wl_event_loop_dispatch_idle (in > /usr/lib64/libwayland-server.so.0.1.0) > ==15641==by 0x4882327: wl_event_loop_dispatch (in > /usr/lib64/libwayland-server.so.0.1.0) > ==15641==by 0x4880F24: wl_display_run (in /usr/lib64/libwayland- > server.so.0.1.0) > ==15641==by 0x403A47: main (main-wayland.c:626) > ==15641== Address 0x8f21c68 is 16 bytes after a block of size 8 > alloc'd > ==15641==at 0x483AB1A: calloc (vg_replace_malloc.c:762) > ==15641==by 0x4052C2: zalloc (zalloc.h:38) > ==15641==by 0x4052C2: xfway_server_shell_init (shell.c:982) > ==15641==by 0x403A37: main (main-wayland.c:623) > ==15641== > > valgrind: m_mallocfree.c:305 (get_bszB_as_is): Assertion 'bszB_lo == > bszB_hi' failed. > valgrind: Heap block lo/hi size mismatch: lo = 80, hi = 4211536. > This is probably caused by your program erroneously writing past the > end of a heap block and corrupting heap metadata. If you fix any > invalid writes reported by Memcheck, this assertion failure will > probably go away. Please try that before reporting this as a bug. > > > host stacktrace: > ==15641==at 0x58046F6A: ??? (in /usr/libexec/valgrind/memcheck- > amd64-linux) > ==15641==by 0x58047097: ??? (in /usr/libexec/valgrind/memcheck- > amd64-linux) > ==15641==by 0x5804723B: ??? (in /usr/libexec/valgrind/memcheck- > amd64-linux) > ==15641==by 0x580513A3: ??? (in /usr/libexec/valgrind/memcheck- > amd64-linux) > ==15641==by 0x5803DD8A: ??? (in /usr/libexec/valgrind/memcheck- > amd64-linux) > ==15641==by 0x5803CC8F: ??? (in /usr/libexec/valgrind/memcheck- > amd64-linux) > ==15641==by 0x58041E04: ??? (in /usr/libexec/valgrind/memcheck- > amd64-linux) > ==15641==by 0x5803C0C8: ??? (in /usr/libexec/valgrind/memcheck- > amd64-linux) > ==15641==by 0x1002D09984: ??? > ==15641==by 0x1002BA5F2F: ??? > ==15641==by 0x1002BA5F17: ??? > ==15641==by 0x1002BA5F2F: ??? > ==15641==by 0x1002BA5F3F: ??? > > sched status: > running_tid=1 > > Thread 1: status = VgTs_Runnable (lwpid 15641) > ==15641==at 0x4884ABB: wl_list_insert (in /usr/lib64/libwayland- > server.so.0.1.0) > ==15641==by 0x48822D2: wl_event_loop_dispatch_idle (in > /usr/lib64/libwayland-server.so.0.1.0) > ==15641==by 0x4882327: wl_event_loop_dispatch (in > /usr/lib64/libwayland-server.so.0.1.0) > ==15641==by 0x4880F24: wl_display_run (in /usr/lib64/libwayland- > server.so.0.1.0) > ==15641==by 0x403A47: main (main-wayland.c:626) > client stack range: [0x1FFEFF5000 0x1FFF000FFF] client SP:
Re: Compositor crashes when switching tty
On Tue, 2019-05-28 at 13:38 -0400, Adam Jackson wrote: > On Tue, 2019-05-28 at 08:26 +0100, adlo wrote: > > When switching tty, my compositor crashes with error messages such > > as > > > > free (): invalid size Aborted (core dumped) > > or > > malloc (): invalid chunk size > > This means something is corrupting the malloc arena metadata. Run > your > compositor under valgrind and fix what it complains about. > Here is the valgrind output: ==15641== Memcheck, a memory error detector ==15641== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==15641== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==15641== Command: src/xfway ==15641== Parent PID: 7074 ==15641== ==15641== Invalid write of size 8 ==15641==at 0x404604: launch_desktop_shell_process (shell.c:961) ==15641==by 0x48822D2: wl_event_loop_dispatch_idle (in /usr/lib64/libwayland-server.so.0.1.0) ==15641==by 0x4882327: wl_event_loop_dispatch (in /usr/lib64/libwayland-server.so.0.1.0) ==15641==by 0x4880F24: wl_display_run (in /usr/lib64/libwayland- server.so.0.1.0) ==15641==by 0x403A47: main (main-wayland.c:626) ==15641== Address 0x8f21c58 is 0 bytes after a block of size 8 alloc'd ==15641==at 0x483AB1A: calloc (vg_replace_malloc.c:762) ==15641==by 0x4052C2: zalloc (zalloc.h:38) ==15641==by 0x4052C2: xfway_server_shell_init (shell.c:982) ==15641==by 0x403A37: main (main-wayland.c:623) ==15641== ==15641== Invalid write of size 8 ==15641==at 0x40460D: launch_desktop_shell_process (shell.c:968) ==15641==by 0x48822D2: wl_event_loop_dispatch_idle (in /usr/lib64/libwayland-server.so.0.1.0) ==15641==by 0x4882327: wl_event_loop_dispatch (in /usr/lib64/libwayland-server.so.0.1.0) ==15641==by 0x4880F24: wl_display_run (in /usr/lib64/libwayland- server.so.0.1.0) ==15641==by 0x403A47: main (main-wayland.c:626) ==15641== Address 0x8f21c78 is 24 bytes after a block of size 16 in arena "client" ==15641== ==15641== Invalid write of size 8 ==15641==at 0x4884AB8: wl_list_insert (in /usr/lib64/libwayland- server.so.0.1.0) ==15641==by 0x48822D2: wl_event_loop_dispatch_idle (in /usr/lib64/libwayland-server.so.0.1.0) ==15641==by 0x4882327: wl_event_loop_dispatch (in /usr/lib64/libwayland-server.so.0.1.0) ==15641==by 0x4880F24: wl_display_run (in /usr/lib64/libwayland- server.so.0.1.0) ==15641==by 0x403A47: main (main-wayland.c:626) ==15641== Address 0x8f21c68 is 16 bytes after a block of size 8 alloc'd ==15641==at 0x483AB1A: calloc (vg_replace_malloc.c:762) ==15641==by 0x4052C2: zalloc (zalloc.h:38) ==15641==by 0x4052C2: xfway_server_shell_init (shell.c:982) ==15641==by 0x403A37: main (main-wayland.c:623) ==15641== valgrind: m_mallocfree.c:305 (get_bszB_as_is): Assertion 'bszB_lo == bszB_hi' failed. valgrind: Heap block lo/hi size mismatch: lo = 80, hi = 4211536. This is probably caused by your program erroneously writing past the end of a heap block and corrupting heap metadata. If you fix any invalid writes reported by Memcheck, this assertion failure will probably go away. Please try that before reporting this as a bug. host stacktrace: ==15641==at 0x58046F6A: ??? (in /usr/libexec/valgrind/memcheck- amd64-linux) ==15641==by 0x58047097: ??? (in /usr/libexec/valgrind/memcheck- amd64-linux) ==15641==by 0x5804723B: ??? (in /usr/libexec/valgrind/memcheck- amd64-linux) ==15641==by 0x580513A3: ??? (in /usr/libexec/valgrind/memcheck- amd64-linux) ==15641==by 0x5803DD8A: ??? (in /usr/libexec/valgrind/memcheck- amd64-linux) ==15641==by 0x5803CC8F: ??? (in /usr/libexec/valgrind/memcheck- amd64-linux) ==15641==by 0x58041E04: ??? (in /usr/libexec/valgrind/memcheck- amd64-linux) ==15641==by 0x5803C0C8: ??? (in /usr/libexec/valgrind/memcheck- amd64-linux) ==15641==by 0x1002D09984: ??? ==15641==by 0x1002BA5F2F: ??? ==15641==by 0x1002BA5F17: ??? ==15641==by 0x1002BA5F2F: ??? ==15641==by 0x1002BA5F3F: ??? sched status: running_tid=1 Thread 1: status = VgTs_Runnable (lwpid 15641) ==15641==at 0x4884ABB: wl_list_insert (in /usr/lib64/libwayland- server.so.0.1.0) ==15641==by 0x48822D2: wl_event_loop_dispatch_idle (in /usr/lib64/libwayland-server.so.0.1.0) ==15641==by 0x4882327: wl_event_loop_dispatch (in /usr/lib64/libwayland-server.so.0.1.0) ==15641==by 0x4880F24: wl_display_run (in /usr/lib64/libwayland- server.so.0.1.0) ==15641==by 0x403A47: main (main-wayland.c:626) client stack range: [0x1FFEFF5000 0x1FFF000FFF] client SP: 0x1FFEFFF6C8 valgrind stack range: [0x1002AA6000 0x1002BA5FFF] top usage: 8360 of 1048576 Thread 2: status = VgTs_WaitSys syscall 202 (lwpid 15659) ==15641==at 0x57A54E5: pthread_cond_wait@@GLIBC_2.3.2 (in /usr/lib64/libpthread-2.29.so) ==15641==by 0x6ECC5DA: ??? (in /usr/lib64/dri/i965_dri.so) ==15641==by 0x6ECC31A: ??? (in /usr/lib64/dri/i965_dri.so) ==15641==by 0x579F5A1: start_thread (in /usr/lib64/libpthread- 2.29.so) ==15641==
Re: Compositor crashes when switching tty
On Tue, 2019-05-28 at 08:26 +0100, adlo wrote: > When switching tty, my compositor crashes with error messages such as > > free (): invalid size Aborted (core dumped) > or > malloc (): invalid chunk size This means something is corrupting the malloc arena metadata. Run your compositor under valgrind and fix what it complains about. - ajax ___ wayland-devel mailing list wayland-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/wayland-devel
Compositor crashes when switching tty
When switching tty, my compositor crashes with error messages such as free (): invalid size Aborted (core dumped) or malloc (): invalid chunk size when running on the DRM backend. Here is my code: https://github.com/adlocode/xfway/blob/master/src/main-wayland.c https://github.com/adlocode/xfway/blob/master/src/main-wayland.c#L276 Interestingly, this issue first seemed to present itself in the last few commits when I added my desktop shell client, but as I think this still happens when removing this code, somehow I'm not sure that that actually caused it: https://github.com/adlocode/xfway/blob/master/src/shell.c#L989 How can I resolve this issue? Regards adlo___ wayland-devel mailing list wayland-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/wayland-devel
